You can add Paypal button in your website easily.

DO NOT Scroll this page as it is.. Just download the IPN class file and read below. Else it wont looks nice.

I tried my level best to explain important code lines.

You can use that button for getting donation or selling some products. Here is one Paypal IPN class in PHP. It is absolutely easy to setup and use.

Download the compressed file and extract it in your document root.
download and use the Paypal IPN class

And you have to edit some lines in paypal.php
at line 37
switch ($_GET['action']) {

case ‘process’: // Process and order… // There should be no output at this point. To process the POST data,
// the submit_paypal_post() function will output all the HTML tags which
// contains a FORM which is submited instantaneously using the BODY onload
// attribute. In other words, don’t echo or printf anything when you’re
// going to be calling the submit_paypal_post() function.

// This is where you would have your form validation and all that jazz.
// You would take your POST vars and load them into the class like below,
// only using the POST values instead of constant string expressions.

// For example, after ensureing all the POST variables from your custom
// order form are valid, you might have:
//
// $p->add_field(‘first_name’, $_POST['first_name']);
// $p->add_field(‘last_name’, $_POST['last_name']);

$p->add_field(‘business’, ‘YOUR PAYPAL (OR SANDBOX) EMAIL ADDRESS HERE!’);
$p->add_field(‘return’, $this_script.’?action=success’);
$p->add_field(‘cancel_return’, $this_script.’?action=cancel’);
$p->add_field(‘notify_url’, $this_script.’?action=ipn’);
$p->add_field(‘item_name’, ‘Paypal Test Transaction’);
$p->add_field(‘amount’, ’1.99′);

$p->submit_paypal_post(); // submit the fields to paypal
//$p->dump_fields(); // for debugging, output a table of all the fields
break;

case ‘success’: // Order was successful…

// This is where you would probably want to thank the user for their order
// or what have you. The order information at this point is in POST
// variables. However, you don’t want to “process” the order until you
// get validation from the IPN. That’s where you would have the code to
// email an admin, update the database with payment status, activate a
// membership, etc.

echo “<html><head><title>Success</title></head><body><h3>Thank you for your order.</h3>”;
foreach ($_POST as $key => $value) { echo “$key: $value<br>”; }
echo “</body></html>”;

// You could also simply re-direct them to another page, or your own
// order status page which presents the user with the status of their
// order based on a database (which can be modified with the IPN code
// below).

break;

case ‘cancel’: // Order was canceled…

// The order was canceled before being completed.

echo “<html><head><title>Canceled</title></head><body><h3>The order was canceled.</h3>”;
echo “</body></html>”;

break;

case ‘ipn’: // Paypal is calling page for IPN validation…

// It’s important to remember that paypal calling this script. There
// is no output here. This is where you validate the IPN data and if it’s
// valid, update your database to signify that the user has payed. If
// you try and use an echo or printf function here it’s not going to do you
// a bit of good. This is on the “backend”. That is why, by default, the
// class logs all IPN data to a text file.

if ($p->validate_ipn()) {

// Payment has been recieved and IPN is verified. This is where you
// update your database to activate or process the order, or setup
// the database with the user’s order details, email an administrator,
// etc. You can access a slew of information via the ipn_data() array.

// Check the paypal documentation for specifics on what information
// is available in the IPN POST variables. Basically, all the POST vars
// which paypal sends, which we send back for validation, are now stored
// in the ipn_data() array.

// For this example, we’ll just email ourselves ALL the data.
$subject = ‘Instant Payment Notification – Recieved Payment’;
$to = ‘YOUR EMAIL ADDRESS HERE’; // your email
$body = “An instant payment notification was successfully recieved\n”;
$body .= “from “.$p->ipn_data['payer_email'].” on “.date(‘m/d/Y’);
$body .= ” at “.date(‘g:i A’).”\n\nDetails:\n”;

foreach ($p->ipn_data as $key => $value) { $body .= “\n$key: $value”; }
mail($to, $subject, $body);
}
break;
}

Save paypal.php

And use the below code to display paypal button image.

<form action=”paypal.php”>
<input type=”image” src=”https://www.paypal.com/en_US/i/logo/paypal_logo.gif” border=”0″ name=”submit” alt=”Make payments with PayPal – it’s fast, free and secure!”>
</form>
action=”paypal/paypal.php” change it based on your directory structure.

This is not about hacking paypal.com. Paypal knows enough about securing itself. Are you using Paypal IPN script in your websites? Then you have to take care on something.

First of all plan and decide your product delivery strategy.

Product delivery methods

1.Email product after a successful payment

2.Redirect user to product page to download directly

Invalidated data always put you in a hell.

See the below example:

<form action=”https://www.paypal.com/cgi-bin/webscr” method=”post”>
<input type=”hidden” name=”cmd” value=”_xclick”>
<input type=”hidden” name=”business” value=”see the #Hidden Code#below”>
<input type=”hidden” name=”item_name” value=”Your Product”>
<input type=”hidden” name=”item_number” value=”100″>
<input type=”hidden” name=”amount” value=”15.00″>
<input type=”hidden” name=”return”
value=”hxxp://www.yourbusiness.com/secret-location/product.zip”>
<input type=”image” src=”hxxp://www.paypal.com/images/x-click-butcc.gif”
border=”0″ name=”submit”>
</form>

#Hidden Code #

<!– var prefix = ‘ma’ + ‘il’ + ‘to’; var path = ‘hr’ + ‘ef’ + ‘=’; var addy81733 = ‘you’ + ‘@’ + ‘yourbusiness’ + ‘.’ + ‘com’; document.write( ‘<a ‘ + path + ‘\” + prefix + ‘:’ + addy81733 + ‘\’>’ + addy81733 + ‘</a>’ ); //–>

This is for redirecting user to your exact product page after a successful payment. Don’t do such a worse code ever. Just give some transaction or purchase code to user and ask that code while they trying to download.

Encrypted values

$hash = $paypal_transcation_id.$productno.$user_id;
$purchase_code = md5($hash);

Put this $purchase_code in a `transactions` table for the user and email to them.

Ok now user is trying to download product. What should we check?

Considerations:
1.Ask the purchase code in a <form>
2. Force user to login in your site.
3. Check weather you have any rows in `transactions` table for the user.
4. If yes then fetch row and arrange one checker variable
$checker = $row[‘paypal_transaction’].$row[‘productno’].$user_id;
$user_entered_hash = $_POST[‘purchase_id’];
$our_checker_hash = md5($checker);
If($our_checker_hash == $user_entered_hash)

By this manner you can proceed.
You have to take care on url encode.
Temporary product url generation. It must expire after some hours.
All information should be encoded and highly validated.
Then only you can see profit. So don’t just install/write ipn scripts as it is. Take care on input and url validation always.