jonni
04-26-2010, 04:28 PM
I am trying to build an encrytped BuyNow button for paypal using a custom designed shopping cart, first time doing this so need some help with the fundamentals
the info i wan tot pass to paypal is really simple, all postage and tax are already worked out and everything is condensed into one single item with one price so a non-encrypted form would look like this..
<form id="'.$form_id.'" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="upload" value="1">
<input type="hidden" name="business" value="paypal@?????.com">
<input type="hidden" name="item_name_1" value="'.$sc['shopping_carts_ref'].'">
<input type="hidden" name="amount_1" value="'.$sc['shopping_carts_total'].'">
<input type="hidden" name="currency_code" value="EUR">
<input type="submit" value="Buy Now!" id="buynow">
</form>
i've got my openssl cert/key and paypal cert all ready and i've found this code on the forum for encrypting the form data (posted by Kees Monshouwer Internet Diensten http://www.monshouwer.eu/)
function paypal_encrypt($hash) { global $MY_KEY_FILE; global $MY_CERT_FILE; global $PAYPAL_CERT_FILE; global $OPENSSL; if (!file_exists($MY_KEY_FILE)) { return "ERROR: MY_KEY_FILE $MY_KEY_FILE not found\n"; } if (!file_exists($MY_CERT_FILE)) { return "ERROR: MY_CERT_FILE $MY_CERT_FILE not found\n"; } if (!file_exists($PAYPAL_CERT_FILE)) { return "ERROR: PAYPAL_CERT_FILE $PAYPAL_CERT_FILE not found\n"; } if (!file_exists($OPENSSL)) { return "ERROR: OPENSSL $OPENSSL not found\n"; } //Assign Build Notation for PayPal Support $hash['bn']= 'MIND-openssl.PHP_EWP'; $data = ""; foreach ($hash as $key => $value) { if ($value != "") { //echo "Adding to blob: $key=$value\n"; $data .= "$key=$value\n"; } } $openssl_cmd = "($OPENSSL smime -sign -signer $MY_CERT_FILE -inkey $MY_KEY_FILE " . "-outform der -nodetach -binary <<_EOF_\n$data\n_EOF_\n) | " . "$OPENSSL smime -encrypt -des3 -binary -outform pem $PAYPAL_CERT_FILE"; exec($openssl_cmd, $output, $error); if (!$error) { return implode("\n",$output); } else { return "ERROR: NR $error"; } }
so the question is really, how do i put it all together and what should it look like in the end, for example i presume I should pass the input data as an array to paypal_encrypt($hash), hpow many of the fields do i need to pass, do i keep some of them unencrytped, like cmd, and upload for example and what field should the $output be written to?
what should the form look like in the end? e.g. like this maybe?
<form id="'.$form_id.'" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="upload" value="1">
<input type="hidden" name="???????" value="'.$output.'">
<input type="submit" value="Buy Now!" id="buynow">
</form>
any help much appreciated?:yeah:
the info i wan tot pass to paypal is really simple, all postage and tax are already worked out and everything is condensed into one single item with one price so a non-encrypted form would look like this..
<form id="'.$form_id.'" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="upload" value="1">
<input type="hidden" name="business" value="paypal@?????.com">
<input type="hidden" name="item_name_1" value="'.$sc['shopping_carts_ref'].'">
<input type="hidden" name="amount_1" value="'.$sc['shopping_carts_total'].'">
<input type="hidden" name="currency_code" value="EUR">
<input type="submit" value="Buy Now!" id="buynow">
</form>
i've got my openssl cert/key and paypal cert all ready and i've found this code on the forum for encrypting the form data (posted by Kees Monshouwer Internet Diensten http://www.monshouwer.eu/)
function paypal_encrypt($hash) { global $MY_KEY_FILE; global $MY_CERT_FILE; global $PAYPAL_CERT_FILE; global $OPENSSL; if (!file_exists($MY_KEY_FILE)) { return "ERROR: MY_KEY_FILE $MY_KEY_FILE not found\n"; } if (!file_exists($MY_CERT_FILE)) { return "ERROR: MY_CERT_FILE $MY_CERT_FILE not found\n"; } if (!file_exists($PAYPAL_CERT_FILE)) { return "ERROR: PAYPAL_CERT_FILE $PAYPAL_CERT_FILE not found\n"; } if (!file_exists($OPENSSL)) { return "ERROR: OPENSSL $OPENSSL not found\n"; } //Assign Build Notation for PayPal Support $hash['bn']= 'MIND-openssl.PHP_EWP'; $data = ""; foreach ($hash as $key => $value) { if ($value != "") { //echo "Adding to blob: $key=$value\n"; $data .= "$key=$value\n"; } } $openssl_cmd = "($OPENSSL smime -sign -signer $MY_CERT_FILE -inkey $MY_KEY_FILE " . "-outform der -nodetach -binary <<_EOF_\n$data\n_EOF_\n) | " . "$OPENSSL smime -encrypt -des3 -binary -outform pem $PAYPAL_CERT_FILE"; exec($openssl_cmd, $output, $error); if (!$error) { return implode("\n",$output); } else { return "ERROR: NR $error"; } }
so the question is really, how do i put it all together and what should it look like in the end, for example i presume I should pass the input data as an array to paypal_encrypt($hash), hpow many of the fields do i need to pass, do i keep some of them unencrytped, like cmd, and upload for example and what field should the $output be written to?
what should the form look like in the end? e.g. like this maybe?
<form id="'.$form_id.'" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="upload" value="1">
<input type="hidden" name="???????" value="'.$output.'">
<input type="submit" value="Buy Now!" id="buynow">
</form>
any help much appreciated?:yeah: