Dynamic Paypal button encryption

by

What you need to do is fairly complex, first, the intro, paypal encrypted buttons have the following layout:

    <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIIEQYJKo...Encrypted stuff...IF5ioje8JH0LAA+5U7P+tabAMOL37k=-----END PKCS7-----">
<input type="image" src="https://www.paypalobjects.com/es_XC/MX/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal, la forma más segura y rápida de pagar en línea.">
<img alt="" border="0" src="https://www.paypalobjects.com/es_XC/i/scr/pixel.gif" width="1" height="1">
    </form>

The cmd field indicates an encrypted Buy Now button (check the values for the buttons you want to create), and the encrypted field is the actual content of the button in the following layout:

    cert_id=ZQCMJTZS27U4F
    cmd=_xclick
    [email protected]
    item_name=Handheld Computer
    item_number=1234
    custom=sc-id-789
    amount=500.00
    currency_code=USD
    tax=41.25
    shipping=20.00
    no_note=1
    cancel_return=http://www.company.com/cancel.htm

Note, these are in the pair=value format, for a full reference look here: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_Appx_websitestandard_htmlvariables.

Now the theory, to get the encrypted field, well encrypted, you need to sign these values with your certificate (x509 certificate) and you private key, then you need to encrypt this signed message with paypal’s public certificate.

Going to the practice, for doing it you can (need) to use the following two PHP functions (part of the OpenSSL extension): openssl_pkcs7_sign and openssl_pkcs7_encrypt.

I found this last part very tricky to setup, so i recommend you to download the PHP SDK for PayPal avalaible here: https://www.x.com/community/ppx/sdks#WPST and directly here: https://cms.paypal.com/cms_content/US/en_US/files/developer/PP_PHP_WPS_Toolkit.zip, this SDK comes with the class EWPServices who contains the method encryptButton which gives you the encrypted button pretty easy; if you want to look at the bones then look in the PPCrypto class who offers you the signAndEncrypt method which give you only the encrypted string you need for the field and does show you the process of encrypting the button.

By the way, if you don’t know how to get your certificate and your private key (and/or the Paypal’s certificate) look here: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_encryptedwebpayments#id08A3I0N30Y4

More Related Contents:

  1. Paypal Access – SSL certificate: unable to get local issuer certificate
  2. PayPal Smart Subscribe server side
  3. Dynamic PayPal button generation – isn’t it very insecure?
  4. Submit Multiple Forms With One Button
  5. PayPal gateway has rejected request. Security header is not valid (#10002: Security error Magento
  6. Paypal SandBox IPN always returns INVALID
  7. SSL error can not change to TLS
  8. How to send money to paypal using php
  9. PHP DateTime supported formats
  10. Can I call a PHP function in a JavaScript click handler?
  11. How to extract and access data from JSON with PHP?
  12. PHP validation/regex for URL
  13. continue processing php after sending http response
  14. MySQL – This version of MySQL doesn’t yet support ‘LIMIT & IN/ALL/ANY/SOME subquery
  15. how to detect search engine bots with php?
  16. How to write into a file in PHP?
  17. Restructure multidimensional array of column data into multidimensional array of row data [duplicate]
  18. PHP max_input_vars
  19. PHP Get Highest Value from Array
  20. How can I set cron job through PHP script
  21. Why shouldn’t I use PHP’s mail() function?
  22. Find common values in multiple arrays with PHP
  23. Laravel nested relationships
  24. Laravel 5.2 not reading env file
  25. PHP – Check if the page run on Mobile or Desktop browser [duplicate]
  26. str_replace with array
  27. Check if variable starts with ‘http’
  28. php : Capturing the command output
  29. How do I format numbers to have only two decimal places?
  30. How do I check if array contains at least one empty value?

Leave a Comment