If you want an editable dynamic secure paypal buy now button here it is!
Hi!. I have just put this script together while working on another project I got side tracked.
Secure buy now buttons are a must but you cant add dynamic or user input into them so this is how its done.
Price, item name /number would be tampered with to get item at a lower price not that you would not notice and void the order.
But for instant downloads this is more of an issue.
And you dont want to have to login to paypal every time you need a button or want to modify it and I forget which button is which and have notes on each one. A big hassle.
Now I dont use no sql but you can use your sql database too. The script is heavily commented but I will give you a quick run down on how it works.
I set up a text file with product name item number and price with an associative array header/csv style.
The Buy now form has only the item number and if you add any select or text box input
That form posts to order.php where you set all the other static variables in the array.
When the form is posted it pulls the item data from file as an array if found by the item number.
Its then combined with the static variable array.
Filtered for empty array elements.
Then built into a query string and filtered again.
Then the string is added to the pay pal url and redirected to their site.
Thats it!! You can now checkout. All data was posted.
I also added the curl post data to your IPN with fsockopen backup.
You dont even need a form or use the item number. Just a link with an action.
If your page name is the name of the item use the uri.
Example I use this method. Take the uri explode get first part without ext remove / now thats the
seach key or in other cases I make a file that way. Just like for page comments.
When I add a new page the comments include make the comments file when page loads.
No file exists until page access then it takes page name (uri) uses that for file name. File is
displayed by page uri. Dont need no sql baby.
Hope you like it and use it and find it useful!
Want another way to secure your static form input using no file or database? Click here for another secure paypal buy now button system.
1: A dynamic secure paypal buy now button. The cmxads No SQL way!
2: <?php
3: session_start();
4: //generate a random order number
5: //set a session on order page
6: function randomNumber($length) {
7: $result = '';
8: for($i = 0; $i < $length; $i++) {
9: $result .= mt_rand(0, 9);
10: }
11: return $result;
12: }
13: $id=randomNumber('12');
14: //I am adding a letter prefix here
15: $_SESSION['id']="ID$id";
16: ?>
17: Your pre order form
18: All you need is one input it can be anything to target and pull data from file
19: <p><b>Order With PayPal Now Only 12.00!! </b></p>
20: <form name="checkout" action="order" method="post">
21: <input type="hidden" name="item_number" value="b1234">
22: <!--can add a text info box too-->
23: <input type="hidden" name="on0" value="Info">
24: Info:<input type="text" name="os0" value="">
25: <input type="image" src="images/paypal.png" border="0" name="submit" alt="Make payments with PayPal">
26: </form>
27:
28:
29: On order.php
30: <?php
31: session_start();
32: //I clean post and get like this
33: function clean($text)
34: {
35: $text = strip_tags($text);
36: $text = htmlspecialchars($text, ENT_QUOTES);
37: $text = trim($text);
38: return ($text); //output clean text
39: }
40: //initate variables that may not exist before post
41: $on0='',
42: $os0='',
43: $target='';
44: if(isset($_POST['item_number']) && !empty($_POST['item_number'])){
45: //item number is target to search product file below
46: $target=clean($_POST['item_number']);
47: //can add an option field to pre form will be
48: //inserted into array or removed if empty
49: if(!empty($_POST['os0'])){$os0=clean($_POST['os0']);$on0='Info:';}//setting our own on0 field value
50: }else{
51: echo 'error';
52: exit;
53: }
54:
55:
56: ///list static variables
57:
58: //can comment out or leave empty we will filter empty array elements anyway
59:
60: //with these cmd we can also post user name address etc
61: $cmd='_ext-enter';
62: $redirect_cmd='_xclick';
63: ///////////////////////////////
64: $business='me@cmxads.com';
65: $currency_code='USD';
66: $rm='2';//set for your return method
67: $custom=$_SESSION['id'];
68: $no_note='1';
69: $cancel_return='https://www.return.com';
70: $return='https://www.cancel.com';
71: //set first array with static variables and any user input if used(on0)
72: $item= array(
73: 'cmd'=>$cmd,
74: 'business'=>$business,
75: 'rm'=>$rm,
76: 'on0'=>$on0,
77: 'os0'=>$os0,
78: 'custom'=>$custom,
79: 'redirect_cmd'=>$redirect_cmd,
80: 'currency_code'=>$currency_code,
81: 'cancel_return'=>$cancel_return,
82: 'return'=>$return,
83: 'no_note'=>$no_note,);
84:
85: //////////////////////////////////
86: order products are added to a simple delimited text file
87:
88: item_number;item_name;amount
89: b1234;book1;11.00
90: b1244;book2;10.00
91:
92: //////////////////////////////////
93:
94:
95: // following for delimited associative array text file
96: //set your fave delimiter from file
97: $delimiter=';';
98: //file name
99: $file='products.txt';
100: //initiate variables. we dont want no stinking notices!
101: $result='';
102: $lines='';
103: if(file_exists($file)){ //better exist!
104: //product file is not large file is fine to use
105: //otherwise we would use fopen
106: $lines = file($file);
107: if ($lines){
108: //one way to create an associative array from text file with csv type header row
109: //in this case we get first row explode our field names make array and trim
110: $fields = explode($delimiter,trim($lines[0]));
111: //print_r($fields);
112: //now unset the first line or line[0] with fields
113: unset($lines[0]);
114: // print_r($lines);
115: //make sure we have lines!
116: if(count($lines)>1){
117: //get each line
118: foreach($lines as $line){
119: //explode line into array and trim
120: $line = explode($delimiter,trim($line));
121: //check if target key exists
122: if(in_array($target,$line)){
123: //check field count matches value count
124: if (sizeof($line)==sizeof($fields)){
125: //combine fields and values into associative array
126: $result = array_combine($fields,$line);
127: }}}}}}
128:
129:
130: if(!$result){
131: //if item data was not found means item number was tampered with or dont exist
132: //dont have duplicate data in file
133: echo 'Data error';
134: exit;
135: }else{
136: //merge row array with item array above
137: $result = array_merge($result, $item);
138: //remove empty elements except 0
139: //this works in one shot but throws notice
140: //$result = array_diff($result, array( '' ) );
141: //so we do it this way
142: $result = array_filter($result);
143: $result=array_slice($result, 0 );
144: }
145:
146: //add ? for adding query string to url
147: $final='?';
148: //build get query string when then we redirect to PP
149: $final .= http_build_query($result);
150: //must remove this from query string or wont work
151: $final=str_replace(array('%5D','0%5B'),'', $final);
152:
153:
154: //now just send data via get to paypal with redirect to the checkoutpage
155: header('location:https://www.paypal.com/cgi-bin/webscr'.$final);
156: exit();
157: //thats it!!!!!! You are now on paypal checkout page
158:
159: //Want to post to your IPN??//////////////////////////////////////
160: //do it like this
161:
162: //use curl to post the data to pay pal
163: function curl_post($data)
164: {
165: $c = curl_init('https://www.paypal.com/cgi-bin/webscr');
166: curl_setopt($c, CURLOPT_POST,1);
167: curl_setopt($c, CURLOPT_POSTFIELDS, $data);
168: curl_setopt($c, CURLOPT_SSL_VERIFYPEER,FALSE);
169: curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
170: $status = curl_exec($c);
171: curl_close($c);
172: return $status;
173: }
174:
175:
176: //check if curl exec is enabled on your server
177: if(function_exists('curl_exec')){
178: $status = curl_post($final);
179: }else{
180: //use fsockopen as a backup.
181: //all host have this enabled need to use smtp email
182: //if url fopen is enabled on your shared server you are lucky use that
183: $fp = fsockopen("ssl://www.paypal.com/cgi-bin/webscr", 443, $errno, $errstr, 15);
184: if (!$fp) {
185: $_return = ' error: ' . $errno . ' ' . $errstr;
186: die($_return);
187: } else {
188:
189: $http = "POST /index.php HTTP/1.1\r\n";
190: $http .= "Host: " . $_SERVER['HTTP_HOST'] . "\r\n";
191: $http .= "User-Agent: " . $_SERVER['HTTP_USER_AGENT'] . "\r\n";
192: $http .= "Content-Type: application/x-www-form-urlencoded\r\n";
193: $http .= "Content-length: " . strlen($final) . "\r\n";
194: $http .= "Connection: close\r\n\r\n";
195: $http .= $http_data . "\r\n\r\n";
196:
197: fwrite($fp, $http);
198:
199: while (!feof($fp)) {
200: $_return .= fgets($fp, 4096);
201: }
202: fclose($fp);
203: // echo $_return;
204: }
205: }
206: exit;
207: ?>
