1.注册开发者账号,注册完登陆,然后新建一个Business账号和一个Personal账号,然后选择一个账号登陆,可以看到一些明细之类的东东,
2.几个地址
a.return ---就是付款完成之后返回的页面
b.notify_url ---付完款之后PayPal通知你的页面,这个页面会处理逻辑(包括接受IPN信息,验证, 判断是否付款完成以及你付款完成之后的后续逻辑处理)
c.cancel_return ----就是在跳到付款页面直接取消回到的页面
3.你的页面上生成一个form表单,然后把你的需要支付的信息放到表单的hidden里面,例如:
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="business email"> <!--接受付款的账号 > <input type="hidden" name="item_name" value="cash"> <input type="hidden" name="amount" value="0.5"> <input type="hidden" name="currency_code" value="HKD"> <input type="hidden" name="return" value="http://xxx/paypal_return.php"> <input type="hidden" name="invoice" value="82"> <input type="hidden" name="charset" value="utf-8"> <input type="hidden" name="no_shipping" value="1"> <input type="hidden" name="no_note" value=""> <input type="hidden" name="notify_url" value="http://xxx/paypal_notify.php"> <input type="hidden" name="rm" value="82"> <input type="hidden" name="cancel_return"value="http://xxx/paypal_cancel.php"> <input type="submit" value="submit"> </form>
4.最重要的paypal.notify.php页面
a.接受Paypal post给你的数据,完全按照收到表单变量时的原样发送所有收到的表单变量。您还需要将一个值为“_notify-validate”的名为“cmd”变量(例如,cmd=_notify-validate)附加到 POST 字符串。
b.然后把post过来的数据加上标签和修改的cmd请求PayPal页面
c.PayPal将回复该 POST,并在回复的正文中包含一个单词“VERIFIED”或“INVALID”。当您收到 VERIFIED 回复时, 在实施订单之前执行若干检查:
@确认“payment_status”为“Completed”,因为系统也会为其他结果(如“Pending”或“Failed”)发送 IPN。
@检查“txn_id”是否未重复,以防止欺诈者重复使用旧的已完成的交易。
@验证“receiver_email”是已在您的PayPal账户中注册的电子邮件地址,以防止将付款发送到欺诈者的账户 。
@检查其他交易详情(如物品号和价格),以确认价格未改变完成了以上检查后,您可以使用 IPN 数据更新您的DB,并 处理购物。
@如果收到“无效”通知,则应将其视为可疑通知,并应对其进行调查。
d.最后正式部署的时候需要去掉sandbox
<?php //reading raw POST data from input stream. reading pot data from $_POST may cause serialization issues since POST data may contain arrays $raw_post_data = file_get_contents('php://input'); $raw_post_array = explode('&', $raw_post_data); $myPost = array(); foreach ($raw_post_array as $keyval) { $keyval = explode ('=', $keyval); if (count($keyval) == 2) $myPost[$keyval[0]] = urldecode($keyval[1]); } // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; if(function_exists('get_magic_quotes_gpc')) { $get_magic_quotes_exits = true; } foreach ($myPost as $key => $value) { if($get_magic_quotes_exits == true && get_magic_quotes_gpc() == 1) { $value = urlencode(stripslashes($value)); } else { $value = urlencode($value); } $req .= "&$key=$value"; } $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://www.sandbox.paypal.com/cgi-bin/webscr'); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_POSTFIELDS, $req); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Host: www.paypal.com')); // In wamp like environment where the root authority certificate doesn't comes in the bundle, you need // to download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path // of the certificate as shown below. // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem'); $res = curl_exec($ch); curl_close($ch); /* file_put_contents(dirname(__FILE__) . '/payresp/rc_req.txt', print_r($req, true)); file_put_contents(dirname(__FILE__) . '/payresp/rc_resp.txt', print_r($res, true)); file_put_contents(dirname(__FILE__) . '/payresp/rc_post.txt', print_r($_POST, true)); */ // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; if (strcmp ($res, "VERIFIED") == 0) { // check the payment_status is Completed // check that txn_id has not been previously processed // check that receiver_email is your Primary PayPal email // check that payment_amount/payment_currency are correct // process payment } else if (strcmp ($res, "INVALID") == 0) { // log for manual investigation } ?>