The Net Age

Sunday, June 22, 2008

PayPal Express Encrypted Button - simple!

Welcome to PayPal Express Encrypted Button made easy post!

Ok, you want to make a simple encrypted PayPal Button!

This is not easy as there is poor php support by PayPal. Sure there is Stellar Web Solutions Encrypted Button and a bit of information on PayPal's site on Encrypted Buttons which includes either a static button creation or the use of Encrypted Website Payments (EWP) for very advanced users(users of C#, Java and .NET).

Here I will provide a full PHP working example that does not require OpenSSL (e.g,Stellar Web Solution) as a third party package. I have used the code from the Encrypted Website Payments plugin module by Harald Ponce de Leon for OSCommerce.com:

Things you need before hand:

1.Open a Paypal Sandbox account at the Developers Site https://developer.paypal.com/
2.Create Test Certificates (Buy when required!) Info: https://www.paypal.com/IntegrationCenter/ic_button-encryption.html
3.After you upload your Cert and get your Cert ID add it to your PHP page and anything else that is required.
4.Finally make sure your PHP server supports OpenSSL and the OpenSSL functions (e.g., openssl_pkcs7_encrypt())

5.Yes, that is it ! I hope ...good luck!

Download link to PHP file(remove .txt extension) or the partial code bellow (the HTML is missing):

--------------PHP CUT FROM HERE-------------------------------

/*
$Id: payme.php 1000 2008-05-19 18:16:37Z hpdl $
Some code taken from osCommerce, Open Source
E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2008 osCommerce

and
Harald Ponce de Leon

and
Sample PayPal Button Encryption: Copyright 2006,2007 StellarWebSolutions.com
Not for resale - license agreement at
http://www.stellarwebsolutions.com/en/eula.php

Copyright (c) 2008 s1m0n3.org


Released under the GNU General Public License
*/

// private key file to use
$MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PRIVATE_KEY = "prvkey.pem";

// public certificate file to use
$MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PUBLIC_KEY = "pubcert.pem";

// Paypal's public certificate
$MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PAYPAL_KEY = "paypal_cert.pem";

// Your Paypal business email
$MODULE_PAYMENT_PAYPAL_STANDARD_ID='yourPayPalBussEmail@hotmail.com';

// CERT ID FROM PAYPAL. Check Step 2. Uploading Your Public Certificate at
// https://www.paypal.com/IntegrationCenter/ic_button-encryption.html
$MODULE_PAYMENT_PAYPAL_STANDARD_EWP_CERT_ID = 'ZZ1Z1ZZ11ZZZ1ZZZ';

// a temporary folder required to create the encrypted files (check server permissions).
$MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY='tmp';

// edit the array bellow as required. When done move to the HTML area at the bottom.
$form = array('cmd' => '_xclick',
'business' => $MODULE_PAYMENT_PAYPAL_STANDARD_ID,
'cert_id' => $MODULE_PAYMENT_PAYPAL_STANDARD_EWP_CERT_ID,
'lc' => 'GB',
'custom' => 'test',
'invoice' => '',
'currency_code' => 'GBP',
'no_shipping' => '1',
'item_name' => 'Cool USB Mouse',
'item_number' => '1',
'amount' => '10'
);

$encrypted = paypal_encrypt($form);

function paypal_encrypt($hash)
{
global $MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PRIVATE_KEY;
global $MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PUBLIC_KEY;
global $MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PAYPAL_KEY;
global $MODULE_PAYMENT_PAYPAL_STANDARD_ID;
global $MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY;
global $OPENSSL;

if (!file_exists($MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PRIVATE_KEY)) {
echo "ERROR: MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PRIVATE_KEY $MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PRIVATE_KEY not found\n";
}
if (!file_exists($MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PUBLIC_KEY)) {
echo "ERROR: MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PUBLIC_KEY $MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PUBLIC_KEY not found\n";
}
if (!file_exists($MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PAYPAL_KEY)) {
echo "ERROR: MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PAYPAL_KEY $MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PAYPAL_KEY not found\n";
}

$customer_id = 'paypal';
$random_string = rand(100000, 999999) . '-' . $customer_id . '-';


$data = '';
reset($hash);
while (list($key, $value) = each($hash)) {
$data .= $key . '=' . $value . "\n";
}
// echo $data;

$fp = fopen($MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY . '/' . $random_string . 'data.txt', 'w');
fwrite($fp, $data);
fclose($fp);

unset($data);


if (function_exists('openssl_pkcs7_sign') && function_exists('openssl_pkcs7_encrypt')) {
openssl_pkcs7_sign($MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY . '/' . $random_string . 'data.txt', $MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY . '/' . $random_string . 'signed.txt', file_get_contents($MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PUBLIC_KEY), file_get_contents($MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PRIVATE_KEY), array('From' => $MODULE_PAYMENT_PAYPAL_STANDARD_ID), PKCS7_BINARY);

unlink($MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY . '/' . $random_string . 'data.txt');

// remove headers from the signature
$signed = file_get_contents($MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY . '/' . $random_string . 'signed.txt');
$signed = explode("\n\n", $signed);
$signed = base64_decode($signed[1]);

$fp = fopen($MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY . '/' . $random_string . 'signed.txt', 'w');
fwrite($fp, $signed);
fclose($fp);

unset($signed);

openssl_pkcs7_encrypt($MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY . '/' . $random_string . 'signed.txt', $MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY . '/' . $random_string . 'encrypted.txt', file_get_contents($MODULE_PAYMENT_PAYPAL_STANDARD_EWP_PAYPAL_KEY), array('From' => $MODULE_PAYMENT_PAYPAL_STANDARD_ID), PKCS7_BINARY);

unlink($MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY . '/' . $random_string . 'signed.txt');

// remove headers from the encrypted result
$data = file_get_contents($MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY . '/' . $random_string . 'encrypted.txt');
$data = explode("\n\n", $data);
$data = '-----BEGIN PKCS7-----' . "\n" . $data[1] . "\n" . '-----END PKCS7-----';

unlink($MODULE_PAYMENT_PAYPAL_STANDARD_EWP_WORKING_DIRECTORY . '/' . $random_string . 'encrypted.txt');

return $data;
}
return "ERROR";
};

// Edit HTML below here!
?>

THE HTML HAS BEEN REMOVED GET THE TEXT FILE !!
--------------PHP CUT UNTIL HERE-------------------------------

posted by man0war at 21:10

1 Comments:

Post a Comment

<< Home