Forums

Using PayPal's PayFlow gateway

dryke_chris 16 Jun, 2014
I am trying to integrate PayPal into my event registration form and the client uses the PayFlow Pro service. I see in the form "Setup" tab that my options are:

[list][*]PayPal Data Processor
[*]PayPal Listener
[*]PayPal Pro - Trial
[*]PayPal Redirect - Trial[/list]

I have previously never heard of PayPal's PayFlow Pro gateway so I feel a little thrown off here on how to handle this. I would prefer to handle the transaction without having to view PayPal's system and not to redirect to PayPal.

What does the word "Trial" refer to? Do I need to purchase PayPal actions Ultimate?
GreyHead 16 Jun, 2014
Hi dryke_chris,

I'm not familiar with PayPal PayFlow either and my guess is that the ChronoForms actions may not be useful here. More likely the interface will need to be custom coded to work with the PayPal API ( I found the docs here I think).

You can experiment with the ChronoForms actions - the free' Trial' versions all work normally except that they randomise the amount. But this should still be enough to check them out with a PayPal Sandbox developer account. If you decide that they are useful then, yes you'd need to buy the non-Trial version.

Bob
dryke_chris 19 Jun, 2014
So here's a way to send variables to PayPal through HTTPS instead of using an API (there's no PayFlow API for PHP):
https://ppmts.custhelp.com/app/answers/detail/a_id/618

When I tested it, here's what it returns successful:

HTTP/1.1 200 OK Connection: close Server: VPS-3.033.00 X-VPS-Request-ID: 20140619132842 Date: Thu, 19 Jun 2014 20:28:43 GMT Content-type: text/namevalue Content-length: 98 RESULT=0&PNREF=A71E6C7596B6&RESPMSG=Approved&AUTHCODE=010101&AVSADDR=Y&AVSZIP=Y&CVV2MATCH=Y&IAVS=N



So I know I can pass variables from the ChronoForm to some PHP code to create my string of variables to send through PayFlow using the $form->data array. But how am I supposed to use ChronoForms to interact with what I get returned from PHP/CURL?
GreyHead 20 Jun, 2014
Hi dryke_chris,

In CFv5 the cURL action loads the response into $form->data['curl'] so you can use a Custom Code (or better Event Switcher) action after the cURL action to check the response and respond to it.

The code would be something like this (this is a very simplistic version!):
<?php
if ( !isset($form->data['curl']) || !$form->data['curl'] ) {
  // there is no response . . . do something
  return;
}
$response = explode('&', $form->data['curl']);
if ( $response['RESPMSG'] == 'Approved' ) {
  // payment was approved . . . do something
} else {
  // payment was not approved . . . do something
}  
?>

Bob
dryke_chris 20 Jun, 2014
Oh my God, this sounds awesome. Before researching this stuff, I had never had to use CURL before and I did not even realize there was a CURL utility in ChronoForms.

So here's the code that page from PayPal gives for this:

<?
$submiturl = "https://pilot-payflowpro.paypal.com/transaction:443/";

$plist="USER=****&VENDOR=****&PARTNER=****&PWD=****&TENDER=C&" .
        "TRXTYPE=A&ACCT=5105105105105100&" .
        "EXPDATE=1209&STREET= 123 MainSt.&CVV2=123&AMT=1.00";

$request_id = date('YmdGis');
$user_agent = "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)";

// Here's your custom headers; adjust appropriately for your setup:
$headers[] = "Content-Type: text/namevalue";    // either text/namevalue or text/xml
$headers[] = "X-VPS-Timeout: 30";
$headers[] = "X-VPS-VIT-OS-Name: Linux";        // Name of your Operating System (OS)
$headers[] = "X-VPS-VIT-OS-Version: RHEL 4";    // OS Version
$headers[] = "X-VPS-VIT-Client-Type: PHP/cURL"; // Language you are using
$headers[] = "X-VPS-VIT-Client-Version: 0.01";  // For your info
$headers[] = "X-VPS-VIT-Client-Architecture: x86";  // For your info
$headers[] = "X-VPS-VIT-Integration-Product: MyApplication";  // For your info,  application name
$headers[] = "X-VPS-VIT-Integration-Version: 0.01"; // Application version
$headers[] = "X-VPS-Request-ID: " . $request_id;

$user_agent = "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $submiturl);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt($ch, CURLOPT_HEADER, 1); // tells curl to include headers in response
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // return into a variable
curl_setopt($ch, CURLOPT_TIMEOUT, 45); // times out after 45 secs
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // this line makes it work under https
curl_setopt($ch, CURLOPT_POSTFIELDS, $plist); //adding POST data
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,  2); //verifies ssl certificate
curl_setopt($ch, CURLOPT_FORBID_REUSE, TRUE); //forces closure of connection when done
curl_setopt($ch, CURLOPT_POST, 1); //data sent as POST
  
// $info = curl_getinfo($ch); //grabbing details of curl connection

$result = curl_exec($ch);
$headers = curl_getinfo($ch);
curl_close($ch);
echo $result;
?>


So when I use Curl in my ChronoForm setup, I obviously am going to want to use the target URL provided above (https://pilot-payflowpro.paypal.com/transaction:443/, and the "pilot-" should be removed when the site goes live). I have questions for the other two Curl utility options.

First, do I need headers like the PHP code above from PayPal gives? I do not know what their purpose is and my best guess is that it works with HTTPS (an SSL certificate will apply to my form after I launch the site, right now it does not apply because the certificate does not apply to the test site).

And then the fields map; I'm assuming each of my fields need to be separated with line breaks, so I'll do that. But do each of the values necessarily have to be variables taken from field names? I really do not want to pass some of those variables through hidden fields, like obviously the login information for the PayFlow account. Do I need to run a custom PHP script before I run the Curl utility that just says something like the following?

$form->data['payflow_login_user'] = "my_user_name";
$form->data['payflow_login_vendor'] = "my_vendor_name";
$form->data['payflow_login_partner'] = "my_partner_name";
$form->data['payflow_login_pwd'] = "my_password";


I so much appreciate your help. Your product support has been really fantastic.
GreyHead 21 Jun, 2014
Hi dryke_chris,

I doubt that you need the headers . . . I'd test without to start with and see if you hit any problems.

Yes, you'd need a Custom Code action before the cURL action to set up the 'static' variables* as in your code example (as you say, do not pass these with hidden inputs).

In the Fields map you will need a list of variables, one per line like this:
USER=payflow_login_user
VENDOR=payflow_login_vendor
PARTNER=payflow_login_partner
PWD=payflow_login_pwd
TENDER=tender
TRXTYPE=trxtype
ACCT=account
EXPDATE=exp_date
STREET=street
CVV2=cvv
AMT=amount
where each of the entries after the = sign is from a $form->data variable.

Note: when I've done payment transactions in the past I also assign a random string identifier to the transaction and pass that to PayPal as, for example, the invoice number. I also save the data and the identifier to a database table before sending the info to PayPal. That means that I have an easy way of re-matching any later info from PayPal with the transaction record.

Bob

* I have a custom action for CFv4 that will accept both fixed and dynamic values (and custom CURLOPTs) but I haven't yet tried updating it for CFv5. If I succeed I will post a note here.
This topic is locked and no more replies can be posted.