Introduction
PayFlowPro Hosted Checkout Page is a payment service from PayPal. This article explains steps to implement this payment service in PHP website.
Background
If you are implementing payment system in your website, it is your responsibility to adhere to PCI compliance standards to protect personal information and implement security safeguards on your website when processing payment card transactions.
PayFlowPro Hosted Checkout Page helps you to meet PCI compliance. It does payment in PayPal page which is outside your website. So you are not needed to collect payment related information like Credit card number, Expiry Date, etc., from customer in your website.
Using the code
Creating PayFlowPro account
Click here to register PayFlowPro account or visit URL https://registration.paypal.com/welcomePage.do
Once account created, you need to configure Hosted Checkout page. Refer the document https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1493&viewlocale=en_US&direct=en, it contains complete information of creating PayFlowPro sandbox account and to configure Hosted Checkout Page.
Payment service in PHP
Following are the steps to do payment using PayFlowPro Hosted Checkout page
- Submit payment information to PayFlowPro and get security key
- Redirect page to Hosted Checkout Page
- Collect payment response from PayFlowPro
Submit payment information to PayFlowPro
Before initiating payment process, we need to submit payment information to PayFlowPro. PayFlowPro provided parameters to pass this values.
Prepare input parameters as array
$parameters = array();
$parameters['AMT'] = '100';
$parameters['CURRENCY'] = 'USD';
$parameters['FIRSTNAME'] = '***';
$parameters['LASTNAME'] = '***';
$parameters['PHONENUM'] = '***';
$parameters['EMAIL'] = '***';
$parameters['STREET'] = '***';
$parameters['STATE'] = '***';
$parameters['CITY'] = '***';
Add PayFlowPro account details
$parameters['USER'] = '***';
$parameters['VENDOR'] = '***';
$parameters['PARTNER'] = '***';
$parameters['PWD'] = '***';
Add unique secure token id
$parameters['SECURETOKENID'] = '***';
$parameters['CREATESECURETOKEN'] = 'Y';
$parameters['TRXTYPE'] = 'S';
Submit input parameters and get SECURETOKEN from PayFlowPro.
Note : If you want to make payment using live account, use URL https://payflowpro.paypal.com instead of https://pilot-payflowpro.paypal.com in below code.
$curl_url = 'https://pilot-payflowpro.paypal.com';
$curl_param = array();
foreach($parameters as $key => $value) {
$curl_param[] = "$key=$value";
}
$curl_params = implode('&',$curl_param);
$options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => false,
CURLOPT_VERBOSE => false,
CURLOPT_SSL_VERIFYHOST => 0,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_POST => 1,
CURLOPT_POSTFIELDS => $curl_params,
);
$ch = curl_init($curl_url);
curl_setopt_array($ch,$options);
$content = curl_exec( $ch );
$response_status = curl_getinfo( $ch );
curl_close ( $ch );
Read secure token from PayFlowPro
if($content != '') {
$response = array();
foreach(explode('&', $content) as $item) {
$key_value = explode('=', $item);
$response[$key_value[0]] = $key_value[1];
}
if(isset($response['RESULT']) && $response['RESULT'] == '0') {
$securetoken = $response['SECURETOKEN'];
$securetokenid = $response['SECURETOKENID'];
}
else {
print_r($content);
}
}
Redirect page to Hosted Checkout Page
Once you get secure token from PayFlowPro, redirect the page to Hosted Checkout Page
Note : If you want to make payment using live account, use URL https://payflowlink.paypal.com instead of https://pilot-payflowlink.paypal.com in below code
if(!empty($securetoken) && !empty($securetokenid)) {
$querystring = array(
'SECURETOKEN' => $securetoken,
'SECURETOKENID' => $securetokenid,
);
header('Location: https://pilot-payflowlink.paypal.com?' . http_build_query($querystring, '', '&'));
exit;
}
User will be redirected to PayFlowPro Hosted Checkout Page (payment page)
Collect payment response from PayFlowPro
After completing payment process PayFlowPro will submit the page back to website. Read responses from $_POST or $_GET variables based on your Hosted Checkout Page settings. In thank you page print PNREF unique id
<?php
if($_POST['RESULT'] == 0) {
print 'Thank you for your payment, please note transaction number ' . $_POST['PNREF'];
}
?>
After completion your code should look like below
File : testpayment.php
<?php
$parameters = array();
$parameters['AMT'] = '100';
$parameters['CURRENCY'] = 'USD';
$parameters['FIRSTNAME'] = '***';
$parameters['LASTNAME'] = '***';
$parameters['PHONENUM'] = '***';
$parameters['EMAIL'] = '***';
$parameters['STREET'] = '***';
$parameters['STATE'] = '***';
$parameters['CITY'] = '***';
$parameters['USER'] = '***';
$parameters['VENDOR'] = '***';
$parameters['PARTNER'] = '***';
$parameters['PWD'] = '***';
$parameters['SECURETOKENID'] = '***';
$parameters['CREATESECURETOKEN'] = 'Y';
$parameters['TRXTYPE'] = 'S';
$curl_url = 'https://pilot-payflowpro.paypal.com';
$curl_param = array();
foreach($parameters as $key => $value) {
$curl_param[] = "$key=$value";
}
$curl_params = implode('&',$curl_param);
$options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => false,
CURLOPT_VERBOSE => false,
CURLOPT_SSL_VERIFYHOST => 0,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_POST => 1,
CURLOPT_POSTFIELDS => $curl_params,
);
$ch = curl_init($curl_url);
curl_setopt_array($ch,$options);
$content = curl_exec( $ch );
$response_status = curl_getinfo( $ch );
curl_close ( $ch );
if($content != '') {
$response = array();
foreach(explode('&', $content) as $item) {
$key_value = explode('=', $item);
$response[$key_value[0]] = $key_value[1];
}
if(isset($response['RESULT']) && $response['RESULT'] == '0') {
$securetoken = $response['SECURETOKEN'];
$securetokenid = $response['SECURETOKENID'];
}
else {
print_r($content);
}
}
if(!empty($securetoken) && !empty($securetokenid)) {
$querystring = array(
'SECURETOKEN' => $securetoken,
'SECURETOKENID' => $securetokenid,
);
header('Location: https://pilot-payflowlink.paypal.com?' . http_build_query($querystring, '', '&'));
exit;
}
?>
File : response.php
<?php
if($_POST['RESULT'] == 0) {
print 'Thank you for your payment, please note transaction number ' . $_POST['PNREF'];
}
?>
Steps to execute
1. Create PayFlowPro account and setup Hosted Checkout Page, remember to configure return URLs as "response.php" (full URL). Only then PayPal will redirect back to our custom page "response.php"
2. Update appropriate values for '***' in file testpayment.php and save the file, remember to use unique value for 'SECURETOKENID', you need to change value of this parameter in every test payments.
3. Browse the file testpayment.php through apache server, it will automatically redirect the page to PayFlowPro Hosted Checkout Page.
4. Enter test credit card numbers and compelte payment process. Page will redirect back to response.php, that will display PNREF number generated in PayPal. You can get test credit card numbers in this page https://www.paypalobjects.com/en_US/vhelp/paypalmanager_help/credit_card_numbers.htm
Reference
https://developer.paypal.com/docs/classic/products/paypal-payments-pro/
https://developer.paypal.com/docs/classic/payflow/gs_ppa_hosted_pages/
https://www.paypalobjects.com/en_US/vhelp/paypalmanager_help/credit_card_numbers.htm