Paypal Payflow pro library

Question

I already have an express checkout integrated with my Codeigniter application. Now I want to integrate seamless paypal where I collect the CC information and pass it to Paypal (via backend) and once everything is approved, my application shows that to the user. All this with out ever going to Paypal's website.

I know that Paypal gives a bunch of sample code but they have so many different products that advertise to do the same thing.

Is there any wrapper library in PHP that I can use for handling all this?

What sort of design decision is involved in migrating to such system? Would I need SSL certificates for this?

Answer 1

I built an e-commerce site in CodeIgniter, also doing seamless Paypal integration.

There didn't seem to be any suuuuuper-pretty object-oriented wrappers out there when I did my hunting, but I did notice some good attempts.

My solution ended up being a bit bland. I downloaded the PHP API from here: https://cms.paypal.com/cms_content/US/en_US/files/developer/PP_PHP_NVP_Samples.zip

I saved the CallerService.php file as application/helpers/paypal_helper.php and added it to application/config/autoload.php to pull it into the app.

Now, CallerService.php requires constants.php, so you either need to copy and paste it in, or include the constants.php file in your helpers directory. I just copied and pasted. Then, be sure to configure all the constants for your account.

Once that's set up, my code just looked like this:

  $nvp_query_string = '&PAYMENTACTION=Sale'
                . '&AMT='.urlencode($order->total)
                . '&CREDITCARDTYPE='.urlencode($this->input->post('credit_card_type'))
                . '&ACCT='.urlencode($this->input->post('acct'))
                . '&EXPDATE='.urlencode(str_pad($this->input->post('exp_date_month'), 2, '0', STR_PAD_LEFT).'20'.$this->input->post('exp_date_year'))
                . '&CVV2='.urlencode($this->input->post('cvv2_number'))
                . '&FIRSTNAME='.urlencode($first_name)
                . '&LASTNAME='.urlencode($last_name)
                . '&STREET='.urlencode($order->billing_address_1)
                . '&CITY='.urlencode($order->billing_city)
                . '&STATE='.urlencode($order->billing_state)
                . '&ZIP='.urlencode($order->billing_zip)
                . '&COUNTRYCODE=US&CURRENCYCODE=USD';

  $response = hash_call('doDirectPayment', $nvp_query_string);
  if (strpos(strtoupper($response['ACK']), 'SUCCESS') !== false) {
    // Product purchase was successful.
  }
  else {
    // Product purchase was unsuccessful.
    // The Paypal response will be in $response['ACK'].
    // The Paypal error message to show the customer will be in $response['L_LONGMESSAGE0'].
  }

It's not too elegant, but it definitely works well.

Also, you DEFINITELY need an SSL certificate. These can be purchased for $30 or so for a single domain. They are a little difficult to set up at first, but you can't skip this step. SSL protects transmission between the customer's computer and your server, so their CC info can't be read as it passes through all the servers and routers (or sniffed out through wifi) along the way. So, just make sure that, on the form you use to take CC info, the form submits to https:// and not an unsecured http://.

Answer 2

I'm pretty sure that no matter what if your website is taking sensitive data (i.e. credit card number), then you need an ssl certificate. Unless they are on someone else's server (paypal.com), you need to take care of that. And, like you said, you don't want to send them to paypal.com, so yeah, you'll need one.

Also, if you already have express checkout integrated, you should be using an ssl certificate for that anyway, right?