Creating a PHP PayPal Instant Payment Notification Script

This is an important tutorial on the use of PHP in the implementation of PayPal IPN (Instant Payment notification) system on your website. There are many advantages to using this system on your site. If you’re ready to put the power of PayPal to work for you, keep reading.

This article assumes you are implementing the PayPal website payments standard: https://www.paypal.com/cgi-bin/webscr?cmd=_wp-standard-feature-list-outside. If you are implementing common PayPal buttons for selling the products on your website, such as “Buy Now” and “Pay Now,” then you are implementing the website payments standard.

This is a beginner-level tutorial for those websites business owners looking forward to implementing PayPal IPN along with the website payments standard. This is the first part of the tutorial series. It prepares the developer with the tools needed for the IPN implementation, as well as necessary theory, flow and guides for implementation success.

The rest of the tutorial series will focus on secure button creation, IPN database management and the PHP script in detail.

The Basic Requirement: PayPal Sandbox Account

This tutorial assumes you are a website owner with an active and verified PayPal business account. To confirm, log in to your PayPal account. Under your name at the dashboard, you should see information regarding your “Account type” (“Business,” for example) and “status” (such as “verified”).

However, developing and testing your PHP web applications to handle IPN processing is best done in the PayPal Sandbox.

The PayPal Sandbox is a simulation environment for PayPal sellers and buyers. It lets the developer test the PHP script without involving real money. The buyer/seller account information, as well as the money in the PayPal Sandbox, are fictitious.

Once the PayPal IPN PHP application is fully working under the PayPal Sandbox testing platform, it can be migrated very easily to an actual PayPal environment, and should work the same.

To open a PayPal Sandbox account:

  1. Go to https://developer.paypal.com/.

  2. Click “Sign Up Now.”

  3. Follow the registration procedures. You will be asked to confirm your PayPal Sandbox account using the email address you have provided.

  4. Once your account is active, you can log in at https://developer.paypal.com/.

  5. You then need to add a fictitious buyer and seller, which you will use to test your PHP scripts. Click “Preconfigured account” under “Test Accounts.”

Suppose you create a buyer test account. You can configure the following:

  • Country = United States (if you want the test buyer to be located in the US).
  • Account type = “Buyer”
  • Login email = PayPal sandbox will provide one; you do not need to change this.
  • Password = PayPal sandbox will provide a default password (in numbers). You will not need to change it. But keep a copy of it in different location, such as a password management system like KeePass: http://keepass.info/ 
  • Under “Add Credit Card,” you can use “Visa” if you are testing Visa credit cards.
  • You can also put “Yes” under “Add Bank account.”
  • Finally, under “Account balance,” make it big enough to make big purchases (if you are selling expensive products, for example). It should fall between $0 and $9999.

Finally, click the “Create Account” button. It will create an account like the one below:

Take note of the generated login email and the password you have kept earlier. You will be using those to log in to the Sandbox test site.

{mospagebreak title=Adding a Bank and Credit Card}

You will notice that the account was created successfully, although it failed to add a bank and credit card. To correct this issue, click “Enter Sandbox Test site.” Use the login email and password generated earlier.

1. Go to “Profile” -> “Add or Edit Bank account” -> Select “Checking.” PayPal Sandbox will auto-populate the routing and account number fields, except for the “Bank name.”

2. Enter a fictitious bank name, for example “Codex Bank.” Then click “Continue.”

3. You will be asked to confirm deposits. Just enter a small amount, like 0.55 and 0.75, and then click “Submit.”

4. If you see the message “Bank account confirmed,” click “Continue.”

5. Now to add a fictitious credit card. Click “Back to Profile Summary,” and then go to “Profile” -> “Add or Edit Credit Card.”

6. Some fields are populated automatically (like the credit card number and the billing address). Others, such as the expiration date, aren’t. For the “Expiration Date” field, you need to set a valid date which will expire in the future — December 2016, for example. Also, with the “card verification number” field, you might need to change the default 000 to something else, such as 123.

7. Finally, click “Add Card.”

8. Log out of your Test buyer account in Sandbox. When you go back to “Test Account,” you will notice that the personal account is now “Verified” because you have added a bank account and a credit card number.

9. To add a “seller” account type (which you will use to represent yourself as the merchant), click “Preconfigured,” and then, under “Create a Sandbox Test account,” make sure you have selected “Seller” under “Account Type.”

10. Follow the rest of the instructions, which will be very similar to creating a “Buyer” account type. Take note of the generated passwords and email address, because you will be using this to log in to the seller PayPal Sandbox test site.

Finally, you should have at least one test seller (business) and one test buyer (personal) account in your PayPal Sandbox.

To use these accounts when testing an IPN PHP web application in Sandbox mode:

  1. Generate “Buy Now” buttons by logging in to the PayPal Sandbox seller account (by selecting seller account under “Test accounts” and then clicking “Enter Sandbox Test site”).

  2. You can test purchase products in your website using the generated “Buy Now” button using the sandbox buyer account. After you click the “Buy Now” button, you will be diverted to the PayPal Sandbox checkout process (http://www.sandbox.paypal.com/), and then you’ll use the buyer sandbox account to pay for your product purchase.

  3. You can configure your selling preferences (such as IPN settings, etc) in Sandbox by using the test seller account.
     

Integrating PayPal IPN into Your Website Checkout Flow

Suppose you have a website that sells ebooks. You decided to let customers use PayPal to pay you. You can use IPN to validate downloading of ebooks by customers that have completed their payments to you in PayPal.

Details on the PayPal IPN standard can be read here: https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=developer/e_howto_admin_IPNIntro

Below is the typical implementation flowchart showing the integration of PayPal IPN into a website:

As you can see, it all starts when a visitor to your website is shopping for items you are offering for sale. When the visitor wants to buy a certain item, they click on the PayPal Buy Now buttons, which will take the visitor to PayPal for payment.

As usual, using website payments standard allows customers to pay you using a credit card or their remaining PayPal balance.

Running in the transaction’s background simultaneously (indicated by yellow arrows), the PayPal transaction triggers PayPal’s servers to send an IPN message targeted to the IPN PHP script you have added to your PayPal account.

Once your script receives the message from PayPal, it is required to reply, to confirm receipt of IPN communication.

Once your PHP script can provide a reply to PayPal, it will reply with the status of the IPN transaction, which is either VERIFIED or INVALID.

The information posted to your PHP script from PayPal contains a lot of data pertaining to your customer and the transaction. That includes your email address, the payment amount, payment currency, payment status, item number, etc.

Your script should validate all of this information to make sure none of it is spoofed. Once validated, the PHP script will save all of the information to a MySQL database on your website.
 
On the other side of the transaction (from the customer’s end, shown in green arrows), the customer will receive a payment receipt by email from PayPal.

This payment receipt email contains the transaction ID as well as other important details, such as the invoice number. The customer will be diverted to a download page on your website after successful payment, and click the “Click here to download your ebook” button in PayPal.

To make sure only verified and paid customers can download the ebook, the customer will enter the invoice number of the transaction, which will be used by the PHP script to fetch the corresponding IPN information saved in the MySQL database.

If the invoice number, as well as other information, is valid, PHP will stream the ebook to the customer for downloading. The PHP script should then update the customer information in the database, indicating that the transaction is complete and the customer has already downloaded the material. This will prevent duplicate transactions.

[gp-comments width="770" linklove="off" ]

chat