Paypal付款不使用隐藏字段

时间:2013-03-26 07:02:02

标签: php paypal

我是第一次实施paypal支付集成。我正在使用隐藏字段向paypal发送参数。我对这种方法感到很不舒服,因为用户可以很容易地改变这些信息。

还有其他替代方法将数据发送到PayPal吗?

2 个答案:

答案 0 :(得分:1)

以某种方式或其他方式,您必须使用该表单提交到paypal网址。但是有很多方法可以发挥智能。我创建了这个不是最好的类,但仍足以使用户远离编辑字段。

<强>类

<?php
/* 
///// ------------ Author :- Aman Virk 
//// ------------- Created On :- 2012-02-17
//// ------------- Licensed Under - Open Source
//// ------------- Author URI :- http://www.thetutlage.com

 */


 class paypal_class {

  var $last_error;                 // holds the last error encountered

  var $ipn_log;                    // bool: log IPN results to text file?

  var $ipn_log_file;               // filename of the IPN log
var $ipn_response;               // holds the IPN response from paypal   
var $ipn_data = array();         // array contains the POST values for IPN

  var $fields = array();           // array holds the fields to submit to paypal


 function paypal_class() {

  // initialization constructor.  Called when class is created.

  $this->paypal_url = 'https://www.paypal.com/cgi-bin/webscr';

  $this->last_error = '';

  $this->ipn_log_file = '.ipn_results.log';
  $this->ipn_log = true; 
  $this->ipn_response = '';

  // populate $fields array with a few default values.  See the paypal
  // documentation for a list of fields and their data types. These defaul
  // values can be overwritten by the calling script.

  $this->add_field('rm','2');           // Return method = POST
  $this->add_field('cmd','_xclick'); 

 }

   function add_field($field, $value) {

  // adds a key=>value pair to the fields array, which is what will be 
  // sent to paypal as POST variables.  If the value is already in the 
  // array, it will be overwritten.

  $this->fields["$field"] = $value;
 }

  function submit_paypal_post() {

  // this function actually generates an entire HTML page consisting of
  // a form with hidden elements which is submitted to paypal via the 
  // BODY element's onLoad attribute.  We do this so that you can validate
  // any POST vars from you custom form before submitting to paypal.  So 
  // basically, you'll have your own form which is submitted to your script
  // to validate the data, which in turn calls this function to create
  // another hidden form and submit to paypal.

  // The user will briefly see a message on the screen that reads:
  // "Please wait, your order is being processed..." and then immediately
  // is redirected to paypal.

 $paypal_submit_output = "<html>\n";
  $paypal_submit_output .= "<head><title>Processing Payment...</title></head>\n";
 $paypal_submit_output .= "<body onLoad=\"document.forms['paypal_form'].submit();\">\n";
     $paypal_submit_output .= '<center> <img src="images/ajax-loader.gif" /> <h4> Please wait we are processing your transaction </h4>
                    <h5> Do not refresh or press back button </h5> <center> ';
  $paypal_submit_output .= "<form method=\"post\" name=\"paypal_form\" ";
  $paypal_submit_output .= "action=\"".$this->paypal_url."\">\n";

  foreach ($this->fields as $name => $value) {
     $paypal_submit_output .= "<input type=\"hidden\" name=\"$name\" value=\"$value\"/>\n";
  }
  $paypal_submit_output .= "<center><input type=\"submit\" value=\"Click Here\"></center>\n<br />";

  $paypal_submit_output .= "</form>\n";
 $paypal_submit_output .= "</body></html>\n";
  return $paypal_submit_output;
 }

  function validate_ipn() {

  // parse the paypal URL
  $url_parsed=parse_url($this->paypal_url);

  // generate the post string from the _POST vars aswell as load the
  // _POST vars into an arry so we can play with them from the calling
  // script.
  $post_string = '';    
  foreach ($_POST as $field=>$value) { 
     $this->ipn_data["$field"] = $value;
     $post_string .= $field.'='.urlencode(stripslashes($value)).'&'; 
  }
  $post_string.="cmd=_notify-validate"; // append ipn command

  // open the connection to paypal
  $fp = fsockopen($url_parsed[host],"80",$err_num,$err_str,30);
  if(!$fp) {

     // could not open the connection.  If loggin is on, the error message
     // will be in the log.
     $this->last_error = "fsockopen error no. $errnum: $errstr";
     $this->log_ipn_results(false);       
     return false;

  } else { 

     // Post the data back to paypal
     fputs($fp, "POST $url_parsed[path] HTTP/1.1\r\n"); 
     fputs($fp, "Host: $url_parsed[host]\r\n"); 
     fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n"); 
     fputs($fp, "Content-length: ".strlen($post_string)."\r\n"); 
     fputs($fp, "Connection: close\r\n\r\n"); 
     fputs($fp, $post_string . "\r\n\r\n"); 

     // loop through the response from the server and append to variable
     while(!feof($fp)) { 
        $this->ipn_response .= fgets($fp, 1024); 
     } 

     fclose($fp); // close connection

  }

  if (eregi("VERIFIED",$this->ipn_response)) {

     // Valid IPN transaction.
     $this->log_ipn_results(true);
     return true;       

  } else {

     // Invalid IPN transaction.  Check the log for details.
     $this->last_error = 'IPN Validation Failed.';
     $this->log_ipn_results(false);   
     return false;

  }

 }

  function log_ipn_results($success) {

  if (!$this->ipn_log) return;  // is logging turned off?

  // Timestamp
  $text = '['.date('m/d/Y g:i A').'] - '; 

  // Success or failure being logged?
  if ($success) $text .= "SUCCESS!\n";
  else $text .= 'FAIL: '.$this->last_error."\n";

  // Log the POST variables
  $text .= "IPN POST Vars from Paypal:\n";
  foreach ($this->ipn_data as $key=>$value) {
     $text .= "$key=$value, ";
  }

  // Log the response from the paypal server
  $text .= "\nIPN Response from Paypal Server:\n ".$this->ipn_response;

  // Write to log
  $fp=fopen($this->ipn_log_file,'a');
  fwrite($fp, $text . "\n\n"); 

  fclose($fp);  // close file
 }

  function dump_fields() {

  // Used for debugging, this function will output all the field/value pairs
  // that are currently defined in the instance of the class using the
  // add_field() function.

  echo "<h3>paypal_class->dump_fields() Output:</h3>";
  echo "<table width=\"95%\" border=\"1\" cellpadding=\"2\" cellspacing=\"0\">
        <tr>
           <td bgcolor=\"black\"><b><font color=\"white\">Field Name</font></b></td>
           <td bgcolor=\"black\"><b><font color=\"white\">Value</font></b></td>
        </tr>"; 

  ksort($this->fields);
  foreach ($this->fields as $key => $value) {
     echo "<tr><td>$key</td><td>".urldecode($value)."&nbsp;</td></tr>";
  }

  echo "</table><br>"; 
 }
}         

<强>实施

require_once('paypal.class.php');
    $p = new paypal_class;
    $p->paypal_url = 'https://www.paypal.com/cgi-bin/webscr';
      //    $p->paypal_url = 'https://www.sandbox.paypal.com/cgi-bin/webscr';
    $p->add_field('business',$paypal_id);
    $p->add_field('return',$paypal_success_url);
    $p->add_field('cancel_return',$paypal_cancel_url);
    $p->add_field('notify_url',$paypal_ipn_url);
    $p->add_field('item_name',$payment_for);
    $p->add_field('amount', $amount);
    $p->add_field('custom', $unique_transaction_id);
    $new_form = $p->submit_paypal_post();

答案 1 :(得分:0)

如果你正在做SetExpressCheckout和GetExpressCheckout, 您可以使用自定义字段。我正在使用新的PayPal 在Php中的X.comm SDK Express Checkout,所以我将从中提供我的示例。

在设置请求对象以传递给SetExpressCheckout时, 您可以将参数放在自定义字段中。

$setECReqDetails->Custom = $billingFreq . "SPACE" . $billingPeriod;

从PayPal返回时,您可以获取这些参数 通过调用GetExpressCheckoutDetails来回来 从响应对象的自定义中获取参数 字段。

$getECResponse = $paypalService->GetExpressCheckoutDetails($getExpressCheckoutReq);

$billingInfo = explode("SPACE",$getECResponse->GetExpressCheckoutDetailsResponseDetails->Custom);

$billingFreq = $billingInfo[0]; 
$billingPeriod = $billingInfo[1];

请注意使用&#34; SPACE&#34;这个词。这可能是任何 单词,但它被用作分隔符。这样你就可以通过 通过放置&#34; SPACE&#34;尽可能多的参数之间 他们。

如果您想查看完整代码,可以 从这里下载X.comm SDK,快速结账,Php, https://www.x.com/developers/paypal/documentation-tools/paypal-sdk-index 并转到merchant-sdk-dev-2.2.98 / samples / ExpressCheckout / SetExpressCheckout.php以及GetExpressCheckout.php以查看代码。 他们实际上并没有在样本中使用Custom 代码,但您可以看到添加代码的位置。