PHP Paypal Validator Script

If you want to validate a Paypal payment process before giving access a client to your product or service you just need tu customize this simple script and you will be safe about fraudulent downloads.

The procedure is very simple.

First you need to create your paypal form in a way that it returns to a script on your site.  For example you could create a file named paypal-validator.php on your root site and create your paypal form this way:

PLAIN TEXT
HTML:
  1. <form action="<a href="https://www.paypal.com/cgi-bin/webscr">https://www.paypal.com/cgi-bin/webscr</a>" method="post" />
  2. <input type="hidden" name="cmd" value="_xclick" />
  3. <input type="hidden" name="business" value="<a href="mailto:billing@mysite.com">billing@mysite.com</a>" />
  4. <input type="hidden" name="item_name" value="My Product" />
  5. <input type="hidden" name="item_number" value="2" />
  6. <input type="hidden" name="amount" value="7.00" />
  7. <input type="hidden" name="no_shipping" value="1" />
  8. <input type="hidden" name="return" value="<a href="http://www.mysite.com/paypal-validator.php">http://www.mysite.com/paypal-validator.php</a>" />
  9. <input type="hidden" name="rm" value="2" />
  10. <input type="hidden" name="no_note" value="1" />
  11. <input type="hidden" name="currency_code" value="USD" />
  12. <input type="hidden" name="lc" value="US" />
  13. <input type="hidden" name="bn" value="PP-BuyNowBF" />
  14. <input type="image" src="<a href="https://www.paypal.com/en_US/i/btn/x-click-but5.gif">https://www.paypal.com/en_US/i/btn/x-click-but5.gif</a>" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!" />
  15. <img alt="" border="0" src="<a href="https://www.paypal.com/en_US/i/scr/pixel.gif">https://www.paypal.com/en_US/i/scr/pixel.gif</a>" width="1" height="1" />
  16. </form>

You can build this form by hand or using the paypal wizard but the important field here is:

PLAIN TEXT
HTML:
  1. <input type="hidden" name="return" value="<a href="http://www.mysite.com/paypal-validator.php">http://www.mysite.com/paypal-validator.php</a>" />

You will specify paypal that you want to return the client no directly to your download page but to your paypal php validator script.

Paypal validator file must contain the following code:

PLAIN TEXT
PHP:
  1. // First we make some simple validation, you can hardening this to your desire level.
  2. if ( !isset($_POST['txn_id']) ) {
  3.     echo 'Direct access to this file is not allowed.';
  4.    
  5.     return;
  6. }
  7.  
  8. // read the post from PayPal system and add 'cmd'
  9. $req = 'cmd=_notify-validate';
  10.  
  11. foreach ( $_POST as $key => $value ) {
  12.     $value = urlencode(stripslashes($value));
  13.     $req .= "&amp;$key=$value";
  14. }
  15.  
  16. // post back to PayPal system to validate
  17. $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
  18. $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
  19. $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
  20.  
  21. $fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
  22.  
  23. // assign posted variables to local variables
  24. $item_name = $_POST['item_name'];
  25. $item_number = $_POST['item_number'];
  26. $payment_status = $_POST['payment_status'];
  27. $payment_amount = $_POST['mc_gross'];
  28. $payment_currency = $_POST['mc_currency'];
  29. $txn_id = $_POST['txn_id'];
  30. $receiver_email = $_POST['receiver_email'];
  31. $payer_email = $_POST['payer_email'];
  32.  
  33. if (!$fp) {
  34.     // HTTP ERROR
  35.     echo 'There was an error connecting back to Paypal please contact us at: <a href="mailto:support@mysite.com">support@mysite.com</a> with your payment details.';
  36.    
  37.     return;
  38. } else {
  39.     fputs ($fp, $header . $req);
  40.     while (!feof($fp)) {
  41.         $res = fgets ($fp, 1024);
  42.         if (strcmp ($res, "VERIFIED") == 0) {
  43.             // check the payment_status is Completed
  44.             // check that txn_id has not been previously processed
  45.             // check that receiver_email is your Primary PayPal email
  46.             // check that payment_amount/payment_currency are correct
  47.             // process payment
  48.  
  49.             // Change here to give the client access to your product or service
  50.             echo 'This is a valid Paypal client';
  51.            
  52.             return;
  53.         }
  54.         else if (strcmp ($res, "INVALID") == 0) {
  55.             // log for manual investigation
  56.             echo 'Restricted Access';
  57.             echo 'If you got this page after a valid purchasing procedure please contact us at: <a href="mailto:support@mysite.com">support@mysite.com</a> with some details of your Paypal receipt.';
  58.            
  59.             return;
  60.         }
  61.     }
  62.     fclose ($fp);
  63. }

Feel free to copy and paste this code and begin testing, if you have any question do not hesitate to leave a comment.

This entry was written by admin, posted on October 3, 2008 at 11:15 am, filed under PHP and tagged , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

4 Comments

  1. Joe
    Posted January 19, 2009 at 7:24 pm | Permalink

    Hi,

    This is just what I’ve looking for.

    I’m pretty new to php. I’m trying to implement this code but I’m having problems, I’m using dreamweaver and have tried pasting the following line:

    <input type=”hidden” name=”return” value=”http://www.mysite.com/paypal-validator.php” />

    …into my paypal button. and have created a php page with the validation script in. When going through paypal it fails to redirect me to the page I’ve specified in the code above (I’ve changed http://www.mysite.com/etc to the relevant page on my site.)
    The validator page seems to be working as I get the “no direct access allowed” message.

    Any ideas… have I missed something?

  2. admin
    Posted January 19, 2009 at 8:06 pm | Permalink

    I would begin by checking if the IPN feature in your Paypal Account is enabled, if, as you said, you get the message it seems as the script is ready to get the redirection.

    This hidden field is important too: < input type="hidden" name="rm" value="2" />

    Let me know what happen.

  3. Joe
    Posted January 20, 2009 at 4:51 pm | Permalink

    Thanks for that, I’m still having some trouble, would you mind if I emailed you my code and info on my paypal settings for you to look at? I’m happy to pay you for your time as this is something I’m sooper keen to know how to do.

    Thanks in advance, and sorry for the hassle.

  4. ravindra
    Posted October 30, 2009 at 5:39 am | Permalink

    i need this Paypal validator in jsp can u give link to take this code

Post a Comment

Your email is never shared. Required fields are marked *

*
*