Вы находитесь на странице: 1из 11

Using PayPals Instant Payment Notification with PHP

Step 1 Creating a PayPal Account


For this tutorial you will need a Premier PayPal Account and an online website. Begin by going topaypal.com and click signup at the top of the page.

Click Get Started under the Premier Title; you will be redirected to a signup form. Please fill in all necessary information. When your account has been created, login and move on to step 2.

Step 2 Enable IPN


In this step we are going to enable Instant Payment Notification (IPN), so while logged in, please clickProfile and then choose Instant Payment Notification

Now on the next screen you will see that IPN is set to off; click Edit to change that.

At the start of this tutorial, I mentioned that you would need an online website. Why? Well we are going to ask PayPal to send us data when a payment is complete. PayPal cant reach local hosted websites unless you have all settings configured correctly. (This involves opening ports on your router). So, Ill enter the url to my validation script for example http://www.yourdomain.com/PayPal/ipn.php. PayPal will then post a notification to my server, at the URL Ive specified.

Step 3 Building a Simple HTML Page


Okay, now we need a simple and basic html page where your visitor can buy access to your download area. Im not going to explain all the HTML because i think you should know the basics of HTML before you start with PHP. index.php A simple HTML page with a stylesheet.
view plaincopy to clipboardprint?

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Nettuts.com | Purchase access to download area</title> <link rel="stylesheet" type="text/css" media="All" href="css/style.css" /> </head> <body> <div id="wrap"> <h3>Purchase Access</h3> <p>Please click the button below to receive login details for the download area. <br /> Already have an account? <a href="login.php">Login</a> here.</p> <!-- Paste your PayPal button code here (That you will get in the next step) --> </div> </body> </html>

css/style.css A simple stylesheet for our HTML Page.


view plaincopy to clipboardprint?

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12.

body{ background: #2D2D2D; /* Set Website Background Color */ font: 11px 'Verdana'; /* Set Website Font Size & Font Type */ } #wrap{ margin: 0 auto; /* Center Our Content */ width: 500px; /* Set The Width For Our Content */ background: #FFF; /* Set Content Background Color */ padding: 10px; /* Set Padding For Content */ border: 1px solid #000; /* Add A Border Around The Content */ }

Step 4 Building a PayPal Button


We need to create a purchase button, so please click Merchant Services, and then chooseWebsite Payments Standard

You may choose three types of buttons, Sell single items, Sell multiple items and, Subscription. Now in this tutorial we are going to create a single item. When someone purchases this single item, in this case access to a download area. Once the payment has been validated, an email will be sent with there details.

Lets enter some information for our purchase button; you may leave the rest as it is.

When you have finished filling in each section, generate the code. Copy this code to your clipboard, and then paste it insideindex.php where I added the comment in the html page. Please review step 3, if needed.

This should work perfectly. Users can click the button and complete their purchase.

Step 5 Writing ipn.php


First, create ipn.php so we can start writing. Well use a small snippet that I made from a larger snippet that you can get from Paypals website. Please note that there is no reason to learn this code out of your head! Snippets are handy and save time. I will break it down below.
view plaincopy to clipboardprint?

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39.

<?php mysql_connect("localhost", "user", "password") or die(mysql_error()); mysql_select_db("PayPal") or die(mysql_error()); // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30); if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // PAYMENT VALIDATED & VERIFIED! } else if (strcmp ($res, "INVALID") == 0) { // PAYMENT INVALID & INVESTIGATE MANUALY! } } fclose ($fp); } ?>

Please fill in the correct credentials for your database so we can insert data in the next step. PayPal POSTS data to the url we specified. In this example we only need the email address from the buyer, so that we may send him his login information. This code above will read the data PayPal sends and return the info to PayPal. Ive added two comments where the code should come if its validated. Additionally, Ive also added a comment that specifies what should be done if its not validated.

Step 6 Creating the Database


Now we are going to focus on what should happen if the payment is verified. First, we need to build a MySQL table where we store the users information. Just a simple one with an id, email and password field.

Next, we must enter our table details; we need an ID with a primary key selection and it should auto increment; next an email and password field.

For those of you dont have the time to enter all of this information, below is a small MySQL Dump code to recreate the table. CREATE TABLE `users` ( `id` int(10) NOT NULL auto_increment, `email` varchar(50) NOT NULL, `password` varchar(32) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

Step 7 Account Creation


Open ipn.php again. We are going to write the following code below the // PAYMET VALIDATED line. Our first step is to retrieve the email address of the buyer; PayPal sends all of this info over to ipn.php.
view plaincopy to clipboardprint?

1. 2. 3.

// PAYMENT VALIDATED & VERIFIED! $email = $_POST['payer_email'];

We must create one last variable which is the password that we will generate using php.
view plaincopy to clipboardprint?

1. 2. 3. 4.

// PAYMENT VALIDATED & VERIFIED! $email = $_POST['payer_email']; $password = mt_rand(1000, 9999);

As you can see, we used mt_rand to generate a random password in this case a numeric value between 1000 and 9999. Next, we need to insert this data into our database. To do so, well use the mysql insert query.
view plaincopy to clipboardprint?

1. 2. 3.

// PAYMENT VALIDATED & VERIFIED! $email = $_POST['payer_email'];

4. 5. 6.

$password = mt_rand(1000, 9999); mysql_query("INSERT INTO users (email, password) VALUES('". mysql_escape_string($email) ."', '".md5($password)."' ) ") or die(mys ql_error());

Here we tell our script to insert the email and the password into our database. Ive added a mysql_escape_string to ensure that mysql injection isnt possible. Ive also added the md5 function to our password so that it will be stored as a 32character hash. Now the account is created; lets move on to the next step.

Step 8 Emailing the Login Credentials


We need to write some code that will email the login information to the buyer. To accomplish this, we will use the php mail function.
view plaincopy to clipboardprint?

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23.

// PAYMENT VALIDATED & VERIFIED! $email = $_POST['payer_email']; $password = mt_rand(1000, 9999); mysql_query("INSERT INTO users (email, password) VALUES('". mysql_escape_string($email) ."', '".md5($password)."' ) ") or die(mys ql_error()); $to = $email; $subject = 'Download Area | Login Credentials'; $message = ' Thank you for your purchase Your account information ------------------------Email: '.$email.' Password: '.$password.' ------------------------You can now login at http://yourdomain.com/PayPal/'; $headers = 'From:noreply@yourdomain.com' . "\r\n"; mail($to, $subject, $message, $headers);

Lets break this email function down. We use the variable $email to get the users email address and assign it to the $to variable. The variable $subject is the title/subject that you will see in your email program. After this, we have our message, which will contain a thank you note as well as the account information. The $email and $password variables in the message will change to the correct information once the email has been sent. We also have set a custom header. When the user receives the email, the from address will display as noreply@yourdomain.com.

Step 9 Invalid Payment Email


An invalid payment might occur because of fraud, but also because of a problem with PayPal; so we want to make sure that our customer gets what he paid for. So we are going to send an email to our site administrator, telling him to contact the buyer for more information. Simply copy the email code we used before and then make the changes listed below.
view plaincopy to clipboardprint?

1. 2. 3. 4. 5. 6. 7. 8.

// PAYMENT INVALID & INVESTIGATE MANUALY! $to = 'invalid@yourdomain.com'; $subject = 'Download Area | Invalid Payment'; $message = ' Dear Administrator,

9. 10. 11. 12. 13. 14. 15. 16.

A payment has been made but is flagged as INVALID. Please verify the payment manualy and contact the buyer. Buyer Email: '.$email.' '; $headers = 'From:noreply@yourdomain.com' . "\r\n"; mail($to, $subject, $message, $headers);

This code is nearly the same as above, only we made some changes to the receiver, subject and message.

Step 10 User Login


This is our final step, where we build a simple login form for our buyers. Make a new php file, and name itlogin.php. Well use the same HTML page as used for the index.php, only we will make some adjustments to the content of the page, and of course add a bit of styling to our login form. login.php This is the page where our buyers can login.
view plaincopy to clipboardprint?

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Nettuts.com | Login</title> <link rel="stylesheet" type="text/css" media="All" href="css/style.css" /> </head> <body> <div id="wrap"> <h3>Login</h3> <p>Please enter your login credentials to get access to the download area</p> <form method="post" action="" > <fieldset> <label for="email">Email:</label><input type="text" name="email" value="" /> <label for="password">Password:</label><input type="text" name="password" value="" /> <input type="submit" value="Login" /> </fieldset> </form> </div> </body> </html>

Add to style.css
view plaincopy to clipboardprint?

1. 2. 3. 4. 5. 6. 7. 8. 9. 10.

label{ display: block; /* Make sure the label is on a single line */ margin: 3px; /* Create some distance away from the input fields */ } input{ padding: 3px; /* Give the text some more space */ border: 1px solid gray; /* Add a border around the input fields */ margin: 3px; /* Create some distance away from the labels */ }

Now that weve made our form, we need to check if the login credentials are correct. I made a few changes to login.php so we can get started:
view plaincopy to clipboardprint?

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Nettuts.com | Login</title> <link rel="stylesheet" type="text/css" media="All" href="css/style.css" /> </head> <body> <div id="wrap"> <?php mysql_connect("localhost", "paypalUser", "test123") or die(mysql_error()); mysql_select_db("PayPal") or die(mysql_error()); if(isset($_POST['email']) && isset($_POST['password'])){ // Verify }else{ ?> <h3>Login</h3> <p>Please enter your login credentials to get access to the download area</p> <form method="post" action="" > <fieldset> <label for="email">Email:</label><input type="text" name="email" value="" /> <label for="password">Password:</label><input type="text" name="password" value="" /> <input type="submit" value="Login" /> </fieldset> </form> <?php } ?> </div> </body>

39. </html>

The code above will check if email and password are both posted. If true, we can verify the credentials. If not, we return a error. The next code we are going to write will be placed below // Verify. First we need to turn the post variables into local variables.
view plaincopy to clipboardprint?

1. 2.

$email = mysql_escape_string($_POST['email']); $password = md5($_POST['password']);

Ive added an escape function to prevent mysql injection and have transformed the posted password into a md5 hash. Because we did this in our database, we must also hash the users password to compare the two values correctly. Now its time to verify the data.
view plaincopy to clipboardprint?

1. 2. 3. 4.

$email = mysql_escape_string($_POST['email']); $password = md5($_POST['password']); $gUser = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."' LIMIT 1") or die(mysql_err or()); $verify = mysql_num_rows($gUser);

5. 6. 7. if($verify > 0){ 8. echo '<h3>Login Complete</h3> 9. <p>Click here to download our program</p>'; 10. }else{ 11. echo '<h3>Login Failed</h3> 12. <p>Sorry your login credentials are incorrect.'; 13. }

As you can see, we are running a mysql query, and are selecting all the data from our user table but only the row where the users email address matches the one from the database. mysql_num_rows checks if a match has been found: 1 = true; 0 = false.

Thats All!
And thats the end of this tutorial. I hope you enjoyed it, and feel free to leave a comment with your thoughts. Have any

tips that might help? Subscribe to the NETTUTS RSS Feed for more daily web development tuts and articles.

Вам также может понравиться