PayPal payment with encryption

Posted February 22nd, 2009 by Juozas

Recently phpfour.com posted very interesting library for payment gateways. In my situation, PayPal is only used to pay for orders – cart and order setup is done in our shop, so I do not want to have additional problems with users changing orders numbers, amount to be paid, etc. Today I’m going to show how to encrypt PayPal transactions.

I chose to use Encrypted Website Payment, which allows you to encrypt all form fields and send them as one encrypted parameter. Only PayPal knows how to decrypt it, because it uses public key encryption technology (you need to upload your certificate in PayPal account).

My recommended PHP library for creating such buttons is written by Ivor Durham and is available on-line here. It’s not as flexible as phpfour.com one and is probably old, but it does what it needs to do. I have been using it for over a year now and haven’t had any problems (some hundreds payments).

To create encrypted button you need to write something like this:

$paypal = new PayPalEWP();
 
$paypal->setTempFileDirectory('/tmp');
// Certificate and private key
$paypal->setCertificate('mycompany_cert.pem', 'mycompany_key.pem');
// Uploaded certificate id
$paypal->setCertificateID('ABCDEFGHIJKL');
// PayPal certificate
$paypal->setPayPalCertificate('paypal_cert_sandbox.pem');
 
$parameters = array("cmd" => "_xclick",
      "business" => "sales@mycompany.com",
      "item_name" => "Order #ID",
      "amount" => "12.95",
      "no_shipping" => "1",
      "return" => "http://mycompany.com/paypal_ok.php",
      "cancel_return" => "http://mycompany.com/paypal_cancel.php",
      "no_note" => "1",
      "currency_code" => "USD",
      "bn" => "PP-BuyNowBF"
);
 
$encryptedButton = $paypal->encryptButton($parameters);
 
echo <<<END_HTML
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr"
method="post">
 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="image"
src="https://www.sandbox.paypal.com/en_US/i/btn/x-click-but23.gif"
border="0" name="submit" alt="Make payments with PayPal">
<input type="hidden" name="encrypted" value="
-----BEGIN PKCS7-----
{$encryptedButton}
-----END PKCS7-----
">
</form>
END_HTML;

I have customized it a little bit to be modular (I use over 5 different payment gateways), but main concepts left the same. If you just starting PayPal integration, I recommend rewriting it to be more object-oriented and maybe integrating payments validation (which works the same as normal payments).

PayPal has sandbox mode and big manuals library – testing PayPal gateway is very easy and shouldn’t be a problem. I definitely recommend creating sandbox users (merchant and buyer) and playing with virtual money – it not only allows you to test gateway’s functionality, but feels very good to have unlimited amount of money.

To finish with, I recommend using encrypted PayPal buttons – additional security is not bad. How do you handle payments?



Tagged and categorized as: PHP, Websites , , , , , , , , , , Comments (4) | TrackBack URI

Trackbacks/Pingbacks

  1. PayPal payment with encryption | Juozas devBlog
  2. Juozas Kaziukenas’ Blog: PayPal payment with encryption | How2Pc

Comments (2)

  1. ozzysong
    September 25th, 2009 - 9:55 am

    Nice info, I tried and Paypal always tells me “Can’t find the sellers mail in the binary file”

    Any ideas?

  2. Phil
    January 13th, 2010 - 9:42 am

    Hi this script is great it works. do you have any idea how to ingrate this to Codeigniter framework? ive been trying this and it doesn’t work

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="">