Correcting paypal button code

[durangod]

Hi,   should i correct paypal button html code if its wrong, it works but its wrong.  It uses a table when it should not use a table, it uses / at the end of inputs which i removed because its not needed anymore,
and its just a messy html code.  It also has a border call in an input tag

I thought maybe i might ask here because if there is something i should know, some cucumstance that someone might have run into in doing this, i want to find out before i change it. 

I think a section tag and some label tags for the non hidden fields needs to be done.   Should i change it?

durangodaveswebservices dot com/ddws_pages/index.php

That i believe is the final rendition of the page.  Everything seems to be done unless i missed something or i need to correct the paypal code.

I will add new products as i release them.

[durangod]

Ok i recoded the paypal button

Original

Code: [Select]

<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
          <input type="hidden" name="cmd" value="_s-xclick" />
          <input type="hidden" name="hosted_button_id" value="NUMBER"/>
          <table>
            <tr>
              <td>
                <input type="hidden" name="on0" value="Domain Name (domain.tld)"/>
                Domain Name (domain.tld)
              </td>
            </tr>
            <tr>
              <td>
                <input type="text" name="os0" maxLength="200"/>
              </td>
            </tr>
            <tr>
              <td>
                <input type="hidden" name="on1" value="Your Full Name"/>
                Your Full Name
              </td>
            </tr>
            <tr>
              <td>
                <input type="text" name="os1" maxLength="200"/>
              </td>
            </tr>
          </table>
          <input type="hidden" name="currency_code" value="USD"/>
          <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" title="PayPal - The safer, easier way to pay online!" alt="Buy Now"/>
        </form>   


New - i left the border 0 in the last item image because it dont hurt anything.

Code: [Select]

<section class="ppbutton">
          <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
          <ul>
            <li><input type="hidden" name="cmd" value="_s-xclick"></li>
            <li><input type="hidden" name="hosted_button_id" value="SOMEVALUE"></li> 
            <li>
               <label for "on0">Domain Name (domain.tld)</label>
               <input type="hidden" name="on0" value="Domain Name (domain.tld)" required>
            </li> 
            <li> <input type="text" name="os0" maxLength="200"></li> 
            <li>
             <label for "on1">Your Full Name </label>
             <input type="hidden" name="on1" value="Your Full Name">
            </li> 
            <li><input type="text" name="os1" maxLength="200"></li> 
            <li><input type="hidden" name="currency_code" value="USD"></li> 
            <li>
             <input type="image" id="ppimage" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" title="PayPal - The safer, easier way to pay online!" alt="Buy Now">
            </li>
          </ul>
        </form>   
     </section>

new css

Code: [Select]

section.ppbutton ul li {
    display: block;
    margin-left: 31%;
    list-style: none;
}


#ppimage {
    margin-top: 1em;
}


[Jason Knight]

What makes that a list? You know separate list items theoretically breaks the for/id relationship of labels and inputs, right? That's the same junk as making it a table really. Where's your fieldset? Why are you still using input to do button's job? FORM is section level, so that's a redundancy. You're not (or at least shouldn't be) using frames, so why the target attribute?

And what's with the redundant pointless hidden inputs? (on0, on1)

Code: [Select]

<form action="https://www.paypal.com/cgi-bin/webscr" method="post" class="paypal">
<fieldset>
<label>
Domain Name (domain.tld)<br>
<input type="text" name="os0" maxLength="253" required><br>
</label><label>
Your Full Name<br>
<input type="text" name="os1" maxLength="200" required><br>
</label>
</fieldset>
<footer>
<button
type="image"
src="https://www.paypalobjects.com/en_US/i/btn/btn_buynowCC_LG.gif"
alt="Buy Now"
>
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="SOMEVALUE">
</footer>
</form>

[durangod]

What makes that a list? You know separate list items theoretically breaks the for/id relationship of labels and inputs, right? That's the same junk as making it a table really. Where's your fieldset? Why are you still using input to do button's job? FORM is section level, so that's a redundancy. You're not (or at least shouldn't be) using frames, so why the target attribute?

And what's with the redundant pointless hidden inputs? (on0, on1)

I thought it was a list because it was single items in a vertical layout and was not table type data.  I obviously misunderstood.   No i did not know that it broke the for id relationship, uhggg  something else i have to recode in my bigger projects.... 

I did not want to change their code too much, i just wanted it better than it was but i messed that up too..  I should have used the fieldset i forgot, dang....   

If i was using my own custom button i would have done the button differently but i am using their remote button from paypal server so i just left it as is.

Target top was their deal, i just left it.  I guess maybe its time to look to see what it does, i have never used it.

On0  and on1  are their variables, i cant change those.  That is what they use, same with os1.  So that tells me it does not look like you have ever done a paypal IPN process. That is the Instant Payment Notification.
If you have never worked directly with paypal then if you ever get the chance just hold on for 2003 to fly back on your screen like they never left the era.

The IPN is designed to give the website that sends the data a way to capture the sale so the website can record the completed sale.   So what happens is that there is an IPN file that sits on the website domain, that file url is listed in the form as an input so that paypal can take that variable and use it during the process. 

So the website makes a sale, there is a record of the sale created on the website database side but it has limited information.   Then the data is sent off to paypal and paypal takes the form data and does the sale.

Once the sale is completed it sends an IPN record back to the website 1x and 1x only, if the website cannot receive that data then thats it, there is no other chance to get the data again for the sale. 

Once the website gets the data then it processes that record, matching it up with the original record in the database but now it has all the sale data.  Now the website can send an email or display to the customer telling them thank you for the sale and confirming their order with the new information in the companies database.
 
They use wierd variables and its a outdated backwards mess.   As a matter of fact when i first started dealing with them and the IPN (around 2008) they had no variable for something custom, like a custom field we could use to send some data that we could use to help us with our order process.   They told me that they did not incorporate it into their process and now it was too late.  So i had to use i think it was t-shirt size variable to send my custom field. 

Due to pressure from developers they finally added some custom input hidden fields.  But that is what those are, field variable names that paypal uses to process the sale.   I dont use IPN for this site, i dont need to because as long as the customer gets a thank you page then i can just have them contact me with their transaction number and i can give them their product that way. 

However i did use it for my products page years ago which did auto downloads.  So using the IPN i would automatically download the product they purchased and give them 10 days to do so before it was removed or permission changed on the download file. 

So that is why, those are  paypal...      There is a paypal page with a list of their variables.  The huge issue with their IPN process is that if someone cancels and the form does not have a input  field with the cancel variable, then the website ends up with a butt load of orphaned half completed  sales that will never be completed or removed because the cancel variable is in the IPN data that is returned and if its not there then the website cannot have a process to remove the canceled sale record from their DB.    Its a messed up system at best.

Thanks DS 

[durangod]

I dug this up from the dusty box in the garage lol  here is a really old code for the IPN file, im sure it has changed alittle by now but i would not be surprised if it has not.  This file is not provided by paypal, we have to write our own and this worked way back in the day. 

as you can see with this code

Code: [Select]

$custom = $_POST['option_name1'];
that i had to use a oddball field in order to use my custom field.  My custom field on this one was the record number of the pre sale data, that way i could go right to the record and update it.   Im sure not all of this code is perfect but at the time it was working and i did not know any better.

You can name the file anything you want but you have to tell paypal what the file location is in the form input, i dont remember the var name you use for the ipn input url value.

Code: [Select]

      // STEP 1: Read POST data       
        // reading posted data from directly from $_POST causes serialization
        // issues with array data in POST
        // reading raw POST data from input stream instead.

        $raw_post_data = file_get_contents('php://input');
        $raw_post_array = explode('&', $raw_post_data);

       

        foreach ($raw_post_array as $keyval)
        {
            $keyval = explode('=', $keyval);
           
            if (count($keyval) == 2)
            {
                $myPost[$keyval[0]] = urldecode($keyval[1]);
            }

        }//close foreach

       
        //read the post from PayPal system and add 'cmd'

        $req = 'cmd=_notify-validate';
       

         foreach ($myPost as $key => $value)
         {

           $value = urlencode($value);

           $req .= "&$key=$value";

         }//close foreach




        if(DEBUGTHIS == true || DEBUGTHIS == 1)
    {

          if(!empty($req))
          {
   
       error_log(date('[Y-m-d H:i e] '). "Req is loaded and ready - going to next step:  ". PHP_EOL, 3, LOG_FILE);

           }else{
 
                 error_log(date('[Y-m-d H:i e] '). "Req FAILED and is NOT loaded - something went wrong:  ". PHP_EOL, 3, LOG_FILE);

                 }//close else               

     }//close if
   

   

       
        // STEP 2: Post IPN data back to paypal to validate
        //without this step anyone can fake ipn
       
        // change to [...]sandbox.paypal[...] when using sandbox to test
        //original is paypay.com
       
        $ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
        curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
        curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);



        if(DEBUGTHIS == true || DEBUGTHIS == 1)
        {

      curl_setopt($ch, CURLOPT_HEADER, 1);
      curl_setopt($ch, CURLINFO_HEADER_OUT, 1);

          error_log(date('[Y-m-d H:i e] '). "Turned on curl headers and output:  ". PHP_EOL, 3, LOG_FILE);

        }//close if



         // Set TCP timeout to 30 seconds
         curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);           
         curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));



       
        // In wamp like environments that do not come bundled with root authority certificates,
        // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
        // of the certificate as shown below.
        // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');


         $res = curl_exec($ch);             


         if(DEBUGTHIS == true || DEBUGTHIS == 1)
     {

      error_log(date('[Y-m-d H:i e] '). "Here is the output from curl execute from paypal: ". $res . PHP_EOL, 3, LOG_FILE);

     }//close if



         if (!$res)
         {
           
            // error_log("Got " . curl_error($ch) . " when processing IPN data");

             if(DEBUGTHIS == true || DEBUGTHIS == 1)
     {

      error_log(date('[Y-m-d H:i e] '). "Cant connect to PayPal to validate IPN message: ". curl_error($ch) . PHP_EOL, 3, LOG_FILE);

     }//close if

         curl_close($ch);
         exit;

       }//close if res

     
       curl_close($ch);


               
       // STEP 3: Inspect IPN validation result and act accordingly

       $checkForVerified = strpos($res, "VERIFIED");
                       
       if(!$checkForVerified === false )
       {


           if(DEBUGTHIS == true || DEBUGTHIS == 1 )
       {

            error_log(date('[Y-m-d H:i e] '). "Verified - found word VERIFIED at pos:  ". $checkForVerified . PHP_EOL, 3, LOG_FILE);

            }//close if


           
            // SOME ITEMS YOU MIGHT CHECK
            // check whether the payment_status is Completed  DONE
            // check that txn_id has not been previously processed DONE
            // check that receiver_email is your Primary PayPal email
            // check that payment_amount/payment_currency are correct
            // process payment  DONE
           
            // assign posted variables to local variables

            //EVERYTHING IS CLEANED ON THE FUNCTION SIDE AFTER THE HANDOVER
           
            //gross sale
            if ($_POST['mc_gross'] != NULL)
            {

             $sum = $_POST['mc_gross'];

            }else{

                 $sum = $_POST['mc_gross1'];

                 }//close else


             // transaction id         
             $tid = $_POST['txn_id'];

             //tax
             $tax = $_POST['tax'];

             //fee
             $fee = $_POST['mc_fee'];
             
             //shipping
             $shipping = $_POST['mc_shipping'];

             //payment status
             $payment_status = $_POST['payment_status'];


             //currency - see note above
             $pay_currency = $_POST['mc_currency'];


            //custom can be returned in either var name           

            if($_POST['custom'] != NULL)
            {

             $custom = $_POST['custom'];

            }else{

                 $custom = $_POST['option_name1'];

                }//close else

            //country
            $scountry = $_POST['address_country'];

            //log
            $pay_notify_log = var_export($_POST, true);

            //time
            $time = time();

           
            // Insert actions here       
 
           
            if ($payment_status == "Completed" || $payment_status == "completed")
            { 


              if(DEBUGTHIS == true || DEBUGTHIS == 1)
            {

                  error_log(date('[Y-m-d H:i e] '). "Verified COMPLETED - payment status value is: ". $payment_status . PHP_EOL, 3, LOG_FILE);

                }//close if             
                     
               
                  //ready for db update
                  $updatepayment = updateThePaymentArchive($tid,$payment_status,$time,$scountry,$sum,$pay_notify_log,$custom);
     

            }else{

                 
                   if(DEBUGTHIS == true || DEBUGTHIS == 1)
               {
                    error_log(date('[Y-m-d H:i e] '). "NOT Completed - payment status is: ". $payment_status . PHP_EOL, 3, LOG_FILE);
                   }


                   // Exit since payment status is not Completed

                   exit;

                }//close if else completed
           
       
     
        }elseif(!strpos($res, "INVALID") === false)
           {

                if(DEBUGTHIS == true || DEBUGTHIS == 1)
            {
                  error_log(date('[Y-m-d H:i e] '). "res NOT Verified - Value is INVALID - res: ". $checkForVerified . "/". $res . PHP_EOL, 3, LOG_FILE);
                }

           
          }else{


                if(DEBUGTHIS == true || DEBUGTHIS == 1)
            {
                  error_log(date('[Y-m-d H:i e] '). "res is NOT Verified and is not INVALID: ". $checkForVerified . "/" . $res . PHP_EOL, 3, LOG_FILE);
                }


               }//close else if VERIFIED OR INVALID res


         
             if( DEBUGTHIS == true || DEBUGTHIS == 1 && empty($payment_status) )
         {

           error_log(date('[Y-m-d H:i e] '). "Ended Process - Verified and Payment process skipped no data to check: ". PHP_EOL, 3, LOG_FILE);

          }//close if
       

       die('OK');