2
votes

I am wonder whether it is achievable:

I want to accept user's credit card payment on my own website. Assume I have a form of capturing credit card info and ideally, I would like to post all the info in client side(not through server at all) to Paypal to process and let Paypal deals with the payment and redirect back to my website.

Due to the PCI compliance, all credit card info will never get through my server. The only thing I can get from paypal is the success or failure of payment and some non-sensitive info needed to complete the transaction in the website.

I found Payflow pro could be a solution, but I dont know how to build the nvp request and redirect to Paypal. Using the SDK in the server-side is easy, but I can't use it unfortunately.

Can anyone help me through this?

Thanks in advance, LD

2

2 Answers

0
votes

Have a look at DoDirectPayment API.

This should help you.

0
votes

I am using this code.

$infos = array(
            'METHOD' => 'DoDirectPayment', 
            'USER' => $paypal_pros_username, 
            'PWD' => $paypal_pros_password, 
            'SIGNATURE' => $paypal_pros_signature, 
            'VERSION' => urlencode('115'), 
            'PAYMENTACTION' => $_POST['paypal_pros_transaction_type'],
            'IPADDRESS' => $_SERVER['REMOTE_ADDR'],
            'CREDITCARDTYPE' => $_POST['creditCardType'], 
            'ACCT' => $_POST['creditCardNumber'],
            'EXPDATE' => $_POST['expDateMonth'].$_POST['expDateYear'],
            'CVV2' => $_POST['cvv2Number'], 
            //'EMAIL' => $_POST['email'], 
            'FIRSTNAME' => $_POST['firstName'], 
            'LASTNAME' => $_POST['lastName'], 
            'STREET' => $_POST['address1'], 
            'CITY' => $_POST['city'], 
            'STATE' => $_POST['state'],                     
            'ZIP' => $_POST['zip'], 
            'COUNTRYCODE' => $_POST['country'], 
            'AMT' => $_POST['amount'], 
            'CURRENCYCODE' => $_POST['PayPal_pros_curency'], 
            'DESC' => $_POST['paypal_pro_desc'], 
            'NOTIFYURL' => 'https://website.com/ipn.php'
            );

// Loop through $infos array to generate the NVP string.
$nvp_string = '';
foreach($infos as $var=>$val)
{
    $nvp_string .= '&'.$var.'='.urlencode($val);    
}

// Send NVP string to PayPal and store response
// Set the curl parameters.
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $strPurchaseURL);
    curl_setopt($ch, CURLOPT_VERBOSE, 1);
    // Turn off the server and peer verification (TrustManager Concept).
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_POST, 1);
    // Set the request as a POST FIELD for curl.
    curl_setopt($ch, CURLOPT_POSTFIELDS, $nvp_string);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);


// Get response from the server.
$result = curl_exec($ch);

// Parse the API response
parse_str($result, $output);

    if(array_key_exists('ACK', $output)){

print_r($output);

            if($output['ACK']=="Success"){
                //Success Email or save data in database etc...

                }
            elseif($output['ACK']=="Failure"){
                //Failure Email or send any error etc...

                }
            else {
                echo 'There is any error! Please go back and try again.';
                }   
        }
    else {
        echo 'There is any error! Please go back and try again.';
        }