PayPal IPN and updating database - paypal

I understand how IPN works, and the basic idea of the sending of information, verifying etc. But for the life of me I cannot get it to work!!
This is what I'm trying to do...
A user selects a certain part of a product to purchase, once they click it, they are linked to a paypal button which I've added 2 text fields to. First is there User ID and the second the name of their selected part - both of which the value is added in automatically. That all works fine.
They then press Buy Now and fill out their card details and it is purchased and redirected to a success page.
However, I want it so it updates their profile in my database to show they have purchased that product.
I understand that using PayPal's IPN I can send information to a page on my site to check it, and if the payment is complete then take whatever action needed.
I have tried the scripts from the PayPal site itself and I get no response at all. Can someone give me a really, REALLY simple method of achieving what I'm after? Because every tutorial out there is overly complicated or doesn't work, and the examples don't help me in the slightest and they talk to you as if you should know how it's done already.
I've even read the whole PDF and still I'm clueless about how to get this working. Any help?

This really depends on how you have your users stored in a database.
How are they identified, do they have a username?
Are you saving transactions to a database before you submit the information to PayPal?
Basically, you would want to look at the IPN Variables and see what you could use to associate the data with your databases when the IPN message is received by your script.
Lets say you have the following Databases:
Users: ID, email, etc.. etc..
Transactions: ID, emailofUser, invoiceID, Success/Fail(bool)
You want to store information to the database before you send the data to PayPal - "Hey, this guy was sent to PayPal to purchase this".
Then, IPN comes in when you want to ensure that the item was actually purchased. You don't want to offer someone the benefits of purchasing an item just for being sent to PayPal, you want to make sure they actually completed payment. Going off of the IPN variables, you could easily use the 'invoice' variable (as long as you define it appropriately when you send the data to PayPal).
So lets say you send a buyer to PayPal, he completes checkout, and your script gets an IPN message. You'll want to do something like the following:
Verify the IPN
Check what invoice this is for
mysql_query("SELECT * FROM Transactions WHERE invoiceID=$_POST['invoice']");
See if the transaction is successful or not.
if ($_POST['payment_status'] == 'completed')
{
//update whatever information you need to
}
else
{
//something else happened with this transaction, put a flag on it for review by
//an admin
}
You should check out the links below which describe a little more about managing your orders
Order Management Automation
Order Management Guide

Related

PayPal IPN and AutoReturn

I have an ipn listener that update my transactions (from pending to completed) and my contracts payments from finished to paid. This is perfect! I has also a return page... From PayPal to my site... This page show "thanks" and "button to allow download their last paid online contract" (paid with PayPal). My problem is that.... Ipn listener sometimes comes 3 seconds after my return page is shown to the the user....
In my return page in this case. Has the transaction and contract unpaid... And when ipn listener catch the results... Then this transaction and contract change to paid status. But ipn listener is executed at back-end. In my server. And my return page was shown 3 o 2 seconds before to my user. What can I do?
Should I add a timer (a delay) in my return page waiting until ipn updates my transaction and contract status? And then, show to the user a button "you can download your last paid contract!". Or better I should forget this step. And in my return page always without wait show to user "thanks for your payment". "you can download your last paid contract!"
You should not regard or show the transaction as complete, or allow any further business action to occur, until you have actually received the money, and only the IPN tells you that.
You need to adjust what you show on your return page accordingly.
All you should really do here is thank the customer for his business and tell him that the download or the delivery or whatever it is will become available immediately PayPal has notified you of the actual transfer.
And note that it can take a lot longer than three seconds. If they chose to fund the payment from their bank account, it can take 3-5 days: and there is always the possibility of that process failing altogether due to insufficient funds.
So don't be too optimistic in designing your return page. The deal isn't done until the money is in the bank.
This page show "thanks"
Good.
and "button to allow download their last paid online contract"
Bad. That should be somewhere in 'My Account'.
I also have my return page wait for the IPN notification to come into my server, and you can definitely make that work if you do it right.
Initially, the return page polls on a field in my back-end database that the IPN handler updates. Then, when the return page sees that field update, the customer gets his 'here are the items you paid for' button.
I also have a one minute timeout on this process. When that expires (although I can't remember the last time that actually happened), I display a catch-all error message ('There was a problem processing your transaction') and invite the customer to contact me for help.
I also tell them that their license key (which is what they are buying, in my case) might be on its way by email, since, usually, it is. IPN notifications can sometimes take a little while to arrive for some reason but my IPN handler sends out a confirmation email as a backup so they will get that in due course. That usually sorts things out, I rarely need to get directly involved.
If PayPal puts the transaction on hold, it doesn't seem to ever forward the customer to the return page (I have certainly never seen that happen). Instead, I assume it lets the customer know that he must wait for the funds to clear and leaves it at that.
An IPN notification does get sent however when the transaction eventually clears, and then you can have your handler send that email.
Lest this sounds like a lot of work, you should be sending an email from your IPN handler anyway since customers like to have a record of their purchases. Once you put that mechanism in place, the rest is easy.
Note: Watch out for IPN transactions flagged as 'echeque'. The funds haven't cleared yet, you will get another notification when they do. Then you can send them their contract by email. If memory serves,this does forward them to your return page so you have to handle that by letting them know that they must wait. In practise, this doesn't seem to happen very often.
Suggestion: have your scripts send you an email when something unexpected happens. This has saved my bacon more than once when PayPal have changed the names of the fields passed to the IPN handler for no obvious reason.
Summary: This is a practical, experience-based write-up of the way my website works, and it works well. I hope readers of this post find it helpful, despite the mysterious downvotes.

Paypal Cancelation - Recurring Payment

I have googled this for a while and I don't think I was able to get a clear cut answer.
We have an application that displays a Subscribe button. Once clicked, It takes the user to the Paypal website where s/he can complete the txn.
Later on, Paypal sends an IPN to our site indicating whether payment was successful. This integration is done by setting hidden html variables.
Now, there is a need to allow the user to cancel their subscription. So far, most of my readings indicate that the user must login to paypal and manage his/her subscription there.
In addition to that, I was able to find some other people mentioning that It would work with using CreateRecurringPaymentsProfile.
The problem is that the later requires ProfileId which is returned thru CreateRecurringPaymentsProfile. it looks like there is a gap. I would appreciate if somebody can pinpoint to the right direction.
Thanks,

Update Paypal IPN message details

Is there a way to update the variable data that was sent to paypal?
Given this scenario, a customer purchases an item with code A, then code B is introduced that now logs users id and other information. But all customers who purchased using code A will not be correctly identified by code B.
I can see the IPN message detail in the IPN history, but I just wished I could type into that box and manually update/correct a few of the variables.
Is there a way to do this, or a way around this?
You can update the customer's recurring payment profile using another API. I don't know what the point of amending, at PayPal, an IPN message that has already been sent to you is, but you can't do it, and you don't want to do it. You would be lying to yoursef about what they have sent you, and perpetrating a fraud against PayPal as well. All you have to do is adjust what happened at your end.

How can I(or Paypal) validate post data that is sent to Paypal from a button on my site?

I'm using paypal website standard and passing my order id that is generated on my site via item_number field. I was wondering, how does paypal know that the content in the form has not been altered by user? For example, someone could just change the amount of $10 to $5 and paypal would not not have any way of knowing. I've doe this before with other payment processor, and they make me send them md5 hash of amount and some other data + secret key, but I am not sure if paypal has this?
Based on this article, I believe it depends on whether or not you are using "Payment Data Transfer". If you're just using a button, then you'll need to manually verify the payment amount before shipping. If you're using PDT, you should be able to verify the payment_gross amount sent back in the response from PayPal.
Your right -- in general you can't keep someone from altering your data. If you must use PayPal (yeah, I know, no monthly fee) so far as I know you have three options:
Let PayPal host your button data. But this gives you little control over the process.
Manually verify each transaction, checking price etc before shipping item.
Using their API to receive completed transaction to automatically check data.
Another thing to watch out for is calculation of sales tax. PayPal's approach was too simplistic for our needs, which forced me to take control of the checkout process.
See this link.
you should try to implement it using ipn, pdt is prone to not passing the variables from paypal to your website if the user does not press the "go to store" button. as what others had answered hosting your button would make it secure at the cost of flexibility. Here is a link on the variables that could be altered on hosted buttons https://www.x.com/people/PP_MTS_Haack/blog/2009/11/11/override-variables-for-hosted-and-encrypted-buttons , as you would look into the variables, you cant really change the important ones.

Which PAYPAL method to use?

I am working an e-commerce site which will allow pdfs to be downloaded once payment is done.
So, user will put them in a cart, click buy using paypal and from there will come back to see download link on a success page.
I have implemented PDT.
Not sure which is the best option ?
Please help. I want to take care of any connection lost scenario too, like user completes payment at PAYPAL and while returning back to our site's success page, connection is lost and for some n days, user couldnt access internet as well.
I would just use the IPN.
Keep a record in your database that has all of the order items.
e.g. Order and Order Items (in 2 tables)
Then send that primary key across as the "custom" variable.
Then your ipn handler page will validate the payment and then email the customer their digital goods.