PHP 5 e-commerce Development- P52 pps

'.sandbox' : ''; $this->registry->getObject'template'->getPage-> addTag'payment.test', $test ; } Of course, we need a template to display the payment button, where these variables and

Trang 1

$test = ( $this->registry->getSetting('payment.testmode') ==

'ACTIVE' ) ? '.sandbox' : '';

$this->registry->getObject('template')->getPage()->

addTag('payment.test', $test );

}

Of course, we need a template to display the payment button, where these variables

and variables set by the payment system are inserted.

<h1>Pay for your order</h1>

The payment button image is actually a submit button, and so to submit,

it needs to be within a form, with an action of the PayPal processing URL The

payment.testmode tag is populated with sandbox if we are running in test mode.

<form

action="https://www{payment.testmode}.paypal.com/cgi-bin/webscr"

method="post">

The custom form field is where we store our order ID number—when PayPal notifies

us of payment, we need this to process the payment.

PayPal needs to know our e-mail address, so it knows who to send the payment to!

<input type="hidden" name="business"

value="{payment.paypal.email}">

We also supply a name for the item and an item number.

<input type="hidden" name="item_number"

value="{siteshortname}-{reference}">

We supply the cost, so PayPal knows how much to charge the customer, and in

which currency.

<input type="hidden" name="currency_code"

value="{payment.currency}">

Trang 2

Next we have our notification URL, which is where PayPal sends payment

notification, the return URL where the customer is returned to once payment is

made, and the cancel URL where the customer is returned to if they cancel payment.

<input type="hidden" name="notify_url"

value="{siteurl}payment/process-payment/{reference}">

<input type="hidden" name="return"

value="{siteurl}payment/payment-received">

<input type="hidden" name="cancel_return"

value="{siteurl}payment/payment-cancelled">

Finally, we have the PayPal payment image button.

<input type="image"

class="paypal-button"

src="https://www.paypal.com/en_US/i/btn/x-click-but6.gif"

border="0" name="submit"

alt="Make payments with PayPal - it's fast, free and secure!" >

<img alt="" border="0"

src="https://www{paymen.testmode}.paypal.com

/en_GB/i/scr/pixel.gif"

width="1" height="1">

</form>

Processing payment to update the order

Although the customer is sent back to a "thanks" or a "cancelled" page when the

payment is sent, PayPal sends some POST data to a special callback page We can

develop this page to process the data, verify the transaction is valid, and mark an

order as "paid".

First we take POST data, which PayPal has sent to us, and use it to structure our

callback request, which we will use to verify the transaction is genuine (and not

just someone with a specially formatted script to send these requests to us).

$postback = '';

foreach ( $_POST as $key => $value )

{

$postback = $key '=' urlencode( stripslashes( $value )) '&';

}

$postback ='cmd=_notify-validate';

$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";

$header = "Content-Type: application/x-www-form-urlencoded\r\n";

$header = "Content-Length: " strlen( $postback ) "\r\n\r\n";

Trang 3

Next we must check if our store is in test payment mode; if it is, we send our callback

request to the PayPal sandbox, otherwise we use the live PayPal site.

// live payment or test payment?

if( $this->registry->getSetting('payment.testmode') != 'ACTIVE' )

{

$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);

}

else

{

$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno,

$errstr, 30);

}

if (!$fp)

{

// debug point

}

else

{

$request = $header $postback;

fputs( $fp, $request );

while ( ! feof( $fp ) )

{

$response = fgets ( $fp, 1024 );

We check that PayPal's response to our callback is that the transaction is verified.

if (strcmp( $respose, "VERIFIED" ) == 0 )

{

// transaction is verified!

We then check that there is a relevant order in our orders table, based off the custom

POST value This POST value is the same as the custom field we provided in our

PayPal payment button, before the customer made payment.

$order = intval( $_POST['custom'] );

$sql = "SELECT FORMAT( ( o.products_cost + o.shipping_cost ),

2 ) AS order_cost, u.email AS customer_email

FROM orders o, users u

WHERE u.ID=o.user_id AND o.ID={$order} LIMIT 1";

$this->registry->getObject('db')->executeQuery( $sql );

if( $this->registry->getObject('db')->numRows() == 1 )

{

// we have an order in our database

$orderData = $this->registry->getObject('db')->getRows();

Trang 4

If the order exists, we must then check that the cost of the order matches the amount

being sent and that the payment has actually been sent to us, and not sent to pay

someone else, yet sending notification to our processing script We must also check

that the currency of the payment is the one we wish to accept—otherwise, someone

may send us the correct value of payment, in a currency with a lower value.

$currency = $_POST['mc_currency'];

$total = $_POST['mc_gross'];

$email = $_POST['receiver_email'];

if( $orderData['order_cost'] == $total &&

$currency == $this->registry->

getSetting('payment.currency') &&

$email == $this->registry->

getSetting('payment.paypal.email') )

{

if( $status == 'Completed' )

{

// We then update the order in the database, and can

// then e-mail the customer and the administrator to

// inform them of this

// update the order

$changes = array( 'status' => 2 );

$this->registry->getObject('db')->

updateRecords('orders', $changes, 'ID=' $order );

// email the customer

// email the administrator

}

elseif( $status == 'Reversed' )

{

// charge back

// update the order

// e-mail the customer

// e-mail the administrator

}

elseif( $status == 'Refunded' )

{

// we refunded the payment

// update the order

// email the customer

// email the administrator

}

else

{

Trang 5

//

}

else

{

// amount incorrect or wasn't sent to us

}

else

{

// error

}

fclose ($fp);

}

exit();

Direct with a credit/debit card

Sometimes a store may not want to use an off-site payment gateway; many

high-profile stores such as Amazon, Play.com, most supermarkets, and high street

stores, process payments directly on their websites This generally works in one

of two ways:

Payment details are passed behind the scenes to a gateway to verify them

The site then stores the details until the order is processed, at which point it

charges the card and dispatches the order.

Payment details are passed, behind the scenes, directly to the payment

gateway and are never stored on the website itself This method either

returns a response to indicate if the transaction was accepted or not (and if

not, why not), or returning a secure token This token can then be used by the

store to charge the card at a later stage (also for recurrent billing), by simply

passing details of the charge and the secure token to the gateway, which can

then process the transaction.

Storing card details

Storing card details on our own server offers a range of flexibility As we would

be keeping a copy of the card details, we can charge the card when we require it

(for example, recurring billing, charging only when we are ready to dispatch,

service-based payments—we can charge the card to settle their account, and so on)

If the gateway we use changes its pricing structure, or is unavailable, we have the

details; so we can use another gateway, or process the payment when the gateway

is back online.

•

Định dạng
Số trang	5
Dung lượng	249,93 KB