I want to create own plugin for payment integration in joomla.
I am using hdfc bank details.
How to create form and call it.
how to handle request and response.
Here is what you need to do:
When the user submits a payment, then you should, in your controller, use curl to submit the payment to the bank.
Once you submit the payment, you have 2 options, depending on how the bank's API works:
You can immediately get the response from the bank when issuing the curl_exec method OR
In the curl call, you will specify which page the bank will post to on success and on failure (typically, it'll be the same page but with a different task), and you also specify the merchant transaction ID. The bank will then load the "response" page on success and will post back its response (you can get the information using $_POST).
Note that in most scenarios, you only need to worry about the first method (getting the response immediately from the bank). The second method is typically used by PayPal and is referred to as IPN (Instant Payment Notification), but it might be the case that your bank uses some kind of IPN to notify you of payment success.
Related
I am looking to use PayPal to accept a payment through my website. I am looking at the Smart Payment button option. If the payment is successful I need to update something in my website DB. How can I determine whether the payment was successful or not? I cant see anything the API docs.
I also need to retain user context with a PHP session ID. How can I pass that to the paypal site and ensure it is returned with the success / fail indicator?
Use Paypal IPN to receive payment notifications. Setup a server endpoint to respond to IPN requests and update your DB etc...
To maintain state, you will need to include a hidden input filed in your Smart Payment Button with a name of custom and a value of your choice (session id).
Setup a IPN endpoint ie: /checkout/ipn, to receive Paypal notifications. Capture the session ID with $_POST['custom'];
I ended up using the Braintree API for this use case. Ther Brantree API returns a unique payment identifier (payment Nonce) which you can then validate by submitting a call back to the Braintree API to ensure the payment was actually received properly.
Scenario
MVC application with custom shopping cart. Shopping cart integrates with a PayPal, passing sale data like client information, product items and prices (for each item and total price) but not credit card or paypal information. This would be set on paypal.
Problem
Paypal describes how to use the cart upload to integrate with custom shopping carts here:
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_cart_upload#id09BLDK0007Q
But there is very little detail on how to do it.
After a while i found an example of how to do the MVC-Paypal interaction (even though is not cart upload but it is a mater of configuration) here:
http://www.arunrana.net/2012/01/paypal-integration-in-mvc3-and-razor.html
The problem in this solution is that it appears to have some security problems. Sensitive data is set to a view and sent to the client in hidden fields and post is set by javascript, making this unacceptable right? Or am i seeing this wrong?
Intended Solution
User sees shopping car and clicks checkout button, causing a post to myserver.com/Controller/Action passing client data like name, address, etc.
The controller action myserver.com/Controller/Action builds a post server side, adding the client post data information more sensitive information like prices and paypal merchant specific information and posts request to paypal OR invoques paypal webservice.
Paypal returns a token, or some other information and myserver.com/Controller/Action redirects client to Paypal to make the payment.
Question
Is my intended solution possible? How can i, in response of a post from the client, make some processing in the controller, post/invoke Paypal with the result of that processing and ultimately pass paypals response to the client for him to interact directly with Paypal?
Otherwise i can't see how it could be "secure".
If not, surely someone have done something similar and can point me into the right direction :-)
I sort of understand what your trying to do here, and I think I can answer that question. Let me know if this doesnt quite make sense...
So your customer hits your resource, mysite.com/Cart/Checkout. The controller instantiates the model and then passes the object into the view, where the view binds values appropriately.
Customer clicks 'Pay with PayPal' and is redirected to mysite.com/Cart/ExpressCheckout. The controller instantiates the model, and the model will handle the SetExpressCheckout call utilizing the cart session data (item, amounts, etc), then the model (or controller, this part is a bit vague) would redirect the customer to pp.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-12345566788
The customer would fill everything out and once done, they would be redirected to mtsite.com/Cart/ConfirmOrder. In this resource, the Model would handle the GetExpressCheckoutDetails call, setting properties for all the data returned, etc. The controller would pass the object into the view and the view would bind appropriately.
Is there a reason why this is insecure? This should be secure and follow all standards of Microsoft MVC3. Except the part where you do the redirect, semantically, I'm unsure whether this would be done in the controller or the model. I think it would be the controller though.
I'm using PayPal IPN Library to process a subscription payment. The Library logs to a database the IPN answer. The return URL is a "processing" page that checks at timed intervals for the "SUCCESS" status at ipn_log table. But I cant identify the current transaction row on this table. How can I confirm the payment has succeded? I can get the POST variables on the return URL, but none of them is registered on the database. Is there a variable that is returned by the IPN and also sent by POST to the return URL? Something like the transaction id? Maybe Im going the wrong way on this and there is another aproach to confirm the payment status.
Got it. The "custom" field added to the button form makes the trick. Saving it to the database is enough to keep track of the process
I'm setting up a website that uses paypal to process payments.
The easiest way to implement the checkout form would be to create an HTML form that submits directly to paypal, sending the order details and redirecting the user to paypal in order to finalize the transaction.
However, there is a security vulnerability with this process. The client could edit the information submitted to paypal, such as changing the price of the checkout to $0.00.
What is an accepted way to handle this type of situation? Is it to submit the form back to my server, then do some processing in PHP, then submit verified data to paypal and redirect the user to paypal? Is this possible?
Thanks!
There are two main ways to handle this issue.
The first is somewhat like what you outline: You send the filled in form to PayPal, and provide a callback-url. When PayPal has processed the payment, they will call your provided url, and you can check whether or not the information given in that call is the same as what you provided. For this to work, you need to store the information in the meantime, like in a database. You will then only give access to the product after the validation has happened.
You can also encrypt the information you send to PayPal, making it practically impossible to alter information in your form.
See https://www.x.com/developers/paypal for details.
i have integrated a 3rd party payment gateway into magento. It handels a successful transaction or a failed transaction perfectly.
But what if when the user is at the payment gateway page and it times out or when at the payment gateway page the user closes the page and returns back to the site later or user simply hits the back button,
how do i cancel the order then?
Should i use some observer to do this?
If so could you suggest to which events do i need to fire the observer?
the issue i am facing is that when a user is redirected to a payment gateway and he/she hits the back button and comes back to the site, the order is still created, which ideally should have been canceled.
Thanks.
Your validation methods should not be session aware and should process any feedback (and validate before you process) in any case. You also need a monitoring service that times out orders without a response after some time if you need them to be disabled in timely fashion.
However if user hits back button there is really nothing you can do as the feedback from payment gateway never gets sent on user action. I know some payment gateways issue automatic post from the server no matter what you have to investigate if this can be also possible with your payment gateway.