通过 cURL 提交表单并将浏览器重定向到 PayPal [英] Submit form via cURL and redirect browser to PayPal

问题描述

我正在开发一个网站，客户可以在其中使用多种付款方式，包括 PayPal Payments Standard.由于我正在收集大量有关客户的数据，因此我想在将用户发送到 PayPal 的服务器之前在我的服务器上处理该表单.一种选择是将数据连接成单个字符串，将该字符串分配给 custom 字段，然后在 IPN 响应中对其进行处理，但我发现这是一个非常不雅的解决方案.相反，在收集用户数据后，我尝试使用 cURL 提交标准的 HTML PayPal 表单.如何将用户重定向到 PayPal 以完成结帐流程?

I'm developing a site where customers have several payment options, including PayPal Payments Standard. Since I'm collecting a fair amount of data about the customer, I'd like to process the form on my server before sending the user to PayPal's server. One option is to concatenate the data into a single string, assign the string to the custom field, and then process it in the IPN response, but I find this to be a very inelegant solution. Instead, after collecting the user data, I'm attempting to use cURL to submit a standard HTML PayPal form. How can I redirect the user to PayPal to complete the checkout process?

  // Process PayPal payment
  if ($method == 'PayPal') {

    // Prepare POST data
    $query = array();
    $query['notify_url'] = 'http://example.com/ipn';
    $query['cmd'] = '_cart';
    $query['upload'] = '1';
    $query['business'] = 'email@example.com';
    $query['address_override'] = '1';
    $query['first_name'] = $first_name;
    $query['last_name'] = $last_name;
    $query['email'] = $email;
    $query['address1'] = $ship_to_address;
    $query['city'] = $ship_to_city;
    $query['state'] = $ship_to_state;
    $query['zip'] = $ship_to_zip;
    $query['item_name_'.$i] = $item['description'];
    $query['quantity_'.$i] = $item['quantity'];
    $query['amount_'.$i] = $item['info']['price'];

    // Prepare query string
    $query_string = '';
    foreach ($query as $key=>$value) {
      $query_string .= $key.'='.urlencode($value).'&';
    }
    $query_string = rtrim($query_string, '&');

    // Open connection
    $ch = curl_init();

    //set the url, number of POST vars, POST data
    curl_setopt($ch,CURLOPT_URL, 'https://www.paypal.com/cgi-bin/webscr');
    curl_setopt($ch,CURLOPT_POST, count($query));
    curl_setopt($ch,CURLOPT_POSTFIELDS, $query_string);

    // Execute post
    $result = curl_exec($ch);

    // Close connection
    curl_close($ch);
  }

推荐答案

警告:此答案存在安全缺陷. 通过客户端传递敏感数据(例如商品和价格)允许客户端修改交易.IE.更改项目，或更改价格.请参阅有关如何实施 IPN 的 PayPal 文档.

WARNING: this answer has a security deficit. Passing sensitive data (such as item and price) through the client allows the client to modify the transaction. ie. change the item, or change the price. See the PayPal documentation on how to implement IPN.

您应该使用 php header 函数重定向用户并将变量作为 GET 而不是 POST 发送.

You should redirect the user with the php header function and send the vars as GET not POST.

// Process PayPal payment
if ($method == 'PayPal') {

    // Prepare GET data
    $query = array();
    $query['notify_url'] = 'http://jackeyes.com/ipn';
    $query['cmd'] = '_cart';
    $query['upload'] = '1';
    $query['business'] = 'social@jackeyes.com';
    $query['address_override'] = '1';
    $query['first_name'] = $first_name;
    $query['last_name'] = $last_name;
    $query['email'] = $email;
    $query['address1'] = $ship_to_address;
    $query['city'] = $ship_to_city;
    $query['state'] = $ship_to_state;
    $query['zip'] = $ship_to_zip;
    $query['item_name_'.$i] = $item['description'];
    $query['quantity_'.$i] = $item['quantity'];
    $query['amount_'.$i] = $item['info']['price'];

    // Prepare query string
    $query_string = http_build_query($query);

    header('Location: https://www.paypal.com/cgi-bin/webscr?' . $query_string);
}

这篇关于通过 cURL 提交表单并将浏览器重定向到 PayPal的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！