Pages

Saturday, December 7, 2013

PayPal Gateway Guide

AKING THE BUTTON!

Firstly we have to make the paypal button.


PHP Code:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<
input type=hidden name=cmd value=_xclick>
<
input type="hidden" name="business" value="YOUR-PAYPAL">
<
input type="hidden" name="item_name" value="SITE-NAME">
<
input type="hidden" name="amount" value="DONATE-PRICE">
<
input type="hidden" name="no_shipping" value="1">
<
input type="hidden" name="return" value="http://www.YOURSITE.com/donate_done.php">
<
input type="hidden" name="cancel_return" value="http://www.YOURSITE.com/donate_cancel.php">
<
input type="hidden" name="notify_url" value="http://www.YOURSITE.com/donate_paypal.php">
<
input type="hidden" name="currency_code" value="CURRENCY">
<
input type="hidden" name="item_number" value="USER-ID">
<
input type="hidden" name="tax" value="0">
<
input type="image" src="http://www.YOURSITE.com/images/paypal.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</
form
With this you have made a Paypal Button including most of the imformations.

Here is some explaination of all the codes here:
1.-
PHP Code:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post"
This is the location which the button goes to. It is set to paypal's payment page. This page will take all the informations below to make your payment. If you want to test the payment without paying anything, change this to the following:
PHP Code:
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post"
And then go read the "Testing Gateway".

2.-
PHP Code:
<input type="hidden" name="business" value="YOUR-PAYPAL"
This is where Paypal reads your Paypal mail. You have to replace "YOUR-PAYPAL" with your Paypal Email.

3.-
PHP Code:
<input type="hidden" name="item_name" value="SITE-NAME"
This is where Paypal read you name for the payment. For this you can use your own name or website name. Also you could use this for telling what product the user is paying for. Replace the "SITE-NAME" with your site name, you name or the product name.

4.-
PHP Code:
<input type="hidden" name="amount" value="DONATE-PRICE"
This is the price to donate. You have to replace the "DONATE-PRICE" with the price you want the users to donate.

5.-
PHP Code:
<input type="hidden" name="no_shipping" value="1"
If you want to include shipping payment for your products, you can change value="1" to value="0".

6.-
PHP Code:
<input type="hidden" name="return" value="http://www.YOURSITE.com/donate_done.php"
This code tells Paypal where to send the user to after the payment. This is often used for a "Thank you"-page. Simply change "YOURSITE.com" to your website. And make a page called donate_done.php and place it at your domain root. There you can simply say thank you.

7.-
PHP Code:
<input type="hidden" name="cancel_return" value="http://www.YOURSITE.com/donate_cancel.php"
This is the code which tells Paypal where you want them to send your users to if they cancel the payment for any reason. Simply change "YOURSITE.com" to you domain. And then make a page called donate_cancel.php and place it at your domain root. There you can simply tell the users that you are sorry that they canceled it. You can also give the users a special offer to make them donate anyways. Like 20% OFF! or something.

8.-
PHP Code:
<input type="hidden" name="notify_url" value="http://www.YOURSITE.com/donate_paypal.php"
This is the place where you have to place your commands. Like if you want to give your users a special reward or a amount of gold or something. Then place the query here. We will learn to make this secure later as it is very important that this is secure cause else it would be easy to hack it to get it for free! You can also read the "Usecure Form" to see how unsecure it is. But right now simply change "YOURSITE.com" to your domain name. Later we will make the donate_paypal.php so don't think about this right now.

9.-
PHP Code:
<input type="hidden" name="currency_code" value="CURRENCY"
This is used for the currency. Replace the "CURRENCY" with the currency you want the donation to be done in. To use USD simply change "CURRENCY" with "USD".

10.-
PHP Code:
<input type="hidden" name="item_number" value="USER-ID"
This is used to check which user is donating. Here you have to replace "USER-ID" with a code which find the user-id. Example in MyBB this code would look like this: "<?php echo $mybb->user['uid']; ?>", this code simply goes to the database and find the UID of the user which currently see the page. You could also replace this with a shown input field, which users can write their own ID or a friends ID if their want to give them the reward for the donation instead.

11.-
PHP Code:
<input type="hidden" name="tax" value="0"
This tells paypal if the user have to pay a tax. If you want to put a tax on the users payment then simply replace the value="0" with the amount of tax you want users to pay.

12.-
PHP Code:
<input type="image" src="http://www.YOURSITE.com/images/paypal.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!"
This is simply the paypal-button image. Simply change "YOURSITE.com" with you domain name. And then place a image called paypal.gif inside the "images"-folder.

Now you have made you own paypal button with your value.

MAKING THE SECURE FORM!

Now we are starting to making the donate_payment.php page. This is the page which will give your users the reward for the donation.

1.-
First we have to include the database page which include the database informations, do that by starting with the following:
PHP Code:
<?php require("database.php");
OBS: For sites like MyBB you have to make the start be the following:
PHP Code:
<?php
define
("IN_MYBB"1);
require(
"global.php");
2.-
Here we have to place a code by Paypal which will read if the payment is validate, canceled, successfull, and all the other validate status the payment can have.
PHP Code:
// read the post from PayPal system and add 'cmd' $req 'cmd=_notify-validate';

foreach (
$_POST as $key => $value) {
    
$value urlencode(stripslashes($value));
    
$req .= "&$key=$value";
}
// post back to PayPal system to validate $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " strlen($req) . "\r\n\r\n"; $fp fsockopen('paypal.com'443$errno$errstr30); 
3.-
Here we have to set the variables from Paypal to your site.
PHP Code:
// assign posted variables to local variables $item_name $_POST['item_name']; $item_number $_POST['item_number']; $payment_status $_POST['payment_status']; $payment_amount $_POST['mc_gross']; $payment_currency $_POST['mc_currency']; $txn_id $_POST['txn_id']; $receiver_email $_POST['receiver_email']; $payer_email $_POST['payer_email']; 
4.-
Now we have to check if the payment was successfull.
PHP Code:
if (!$fp) {

} else {
    
fputs ($fp$header $req);
    while (!
feof($fp)) {
        
$res fgets ($fp1024);
        
//check if payment is completed
        
if($payment_status == "Completed"){ 
5.-
Now for the sucurity we have to check if the donation was sent to your paypal mail and not to another paypal mail.
PHP Code:
            //check if receiver email is correct
            
if(strtolower($receiver_email) == strtolower(YOUR-PAYPAL)){ 
Simply replace "YOUR-PAYPAL" with your paypal mail.

6.-
Now for a more secure form, we have to check the amount of money which was sent to you.
PHP Code:
                //check payment amount
                
if($payment_amount == PRICE){ 
Change "PRICE" with the price the user should donate.
If you add more amounts of donation options you have to make multible of this form.

7.-
Even more secure is needed. Now we have to check if the currency is right.
PHP Code:
                    //check payment currency
                    
if(strtolower($payment_currency) == strtolower(CURRENCY)){ 
Change "CURRENCY" with the currency. Such as "USD".

8.-
Now we have to run the query. (The command you want to run when payment is done.)
PHP Code:
                        //Run query..
                        //HERE YOU HAVE TO PLACE THE QUERY YOU WANT TO RUN 
There you can run a query to give your user the reward. Like a query which change the users group to VIP. Or a query which gives the users amount of gold, points or anything else.

9.-
Now we have to put in this last things. Like ending all the "if" commands.
PHP Code:
                    }
                }
            }
        } 
10.-
Command if payment didn't success.
PHP Code:
        else if (strcmp ($res"INVALID") == 0) {
            
// log for manual investigation
        
You can put anything inside here, like a query which add the payment to the logs, this will put in all the un-successfull payments. You can use the following commands to include the payment informations. This can be usefull for checking if the user tried to hack the system.
Quote:
$item_name = This will show the SITE-NAME.
$item_number = This will show the user ID.
$payment_status = This will show the payment status.
$payment_amount = This will show the amount donated.
$payment_currency = This will show the currency
$receiver_email = This will show which paypal mail received the money.
$payer_email = This will show which paypal mail was paying.
11.- End the last "if" commands.
PHP Code:
    }
    
fclose ($fp);
}
?> 
Now we made the secure form.

UN-SECURE FORM!

Now I will explain how important it is to have the form secure. As it is so god damn easy to change the values for the Paypal Button.

If you are using Firefox you can use Firebug to do this.
If you use Google Chrome it is allready included.

Simply go to the page which includes your Paypal Button. Then right click on the Paypal Button and choose "Show Details about Element", or something like that.

The the source of the Paypal Button will be shown. That is the code from the first step of this tutorial.
Then the user will be able to change things as price, paypal to pay to, notify url and such things.

They would be able to change the price to something low, there for we have the form to check for the price.
Also they can change the currency to something which the price is not that much, there for we have the form to check the currency.
They are also able to change the paypal which get the money, there for we check for the paypal.
They can also change the tax and shipping, but that would be a stupid idea.
They can also change the form to be using the Paypal Sandbox, which means that their do not really pay, but this can not be used. As they will not be able to make a paypal mail like your in the paypal sandbox.

That was a fast explain why we need the secure form.

TESTING THE GATEWAY!

Now we need to test the Paypal Gateway. This can be done without making any purcases and such.
First you will need to signup for Paypal Developer.

1.- Go to developer.paypal.com and signup. Do not use your paypal email. It is not recommended.

2.- Then go check you mail to activate your Developer account.

3.- Then go make 2 paypal account from the developer tools.

3.1.- Make a Seller account.

3.2.- And make a Buyer account with some money on it.

4.- Now go change the Paypal Button from the first step.

4.1.- Change the form to stat with this:
PHP Code:
<form action="https://www.developer.paypal.com/cgi-bin/webscr" method="post"
Instead of this:
PHP Code:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post"
4.2.- Now change your paypal email to the Seller email you got after making the Seller account. (NOTE: The mail is not the one you choosen, it will be shown after making the account.)

4.3.- You will also need to make those changes in the secure form.

5.- Now you are ready to test it. Save the page and go to the page.

6.- Click the Paypal Button, and login with the Buyer paypal account you made before. (NOTE: The mail is not the one you choosen, it will be shown after making the account.)

7.- When the payment is done, login to developer.paypal.com and then check if the Seller account got the money.

8.- Then check if the user from your site got the right reward. If not, you made something wrong in the query. Or you made something wrong somewhere else.

1 comment:


  1. This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:

    -Phone hacks (remotely)
    -Credit repair
    -Bitcoin recovery (any cryptocurrency)
    -Make money from home (USA only)
    -Social media hacks
    -Website hacks
    -Erase criminal records (USA & Canada only)
    -Grade change

    Email: cybergoldenhacker at gmail dot com

    ReplyDelete