PayPal 0.2 Snippet

Just used this snippet - http://modxcms.com/extras/package/334

Works a dream, allows a custom catalog to use PayPal UK Standard payment gateway to operate as the transaction / payment gateway! I want to make sure its 100% safe and set up OK - has anyone use it before?


Cheers

dubbs

Could anyone add in a Shipping value to this snippet to allow passing of TV Shipping values as well? The current version does not include this - but PayPal does as the gateway.



Cheers

P.S. Have added this shipping in now...

One other thing - This is not a very secure transaction as it can be spoofed by using firebug and changing the hidden field values. Can anyone think of a way to make this secure so spoofing would not be possible?

Paypal suggests a number of things you can try.

I always set transactions to ’deferred’ (also called pre-authorisation by some gateways) so that you have a chance to check that the price charged to the card is the price for the order.

Quote from: therebechips at Dec 01, 2009, 06:46 PM

Paypal suggests a number of things you can try.

Thanks - yeh I have used the encrypted button for adding to cart - annoying thing is, that doing it this way you need a unique buy not button generated for each product in your shop!!!

I always set transactions to ’deferred’ (also called pre-authorisation by some gateways) so that you have a chance to check that the price charged to the card is the price for the order.

How do you do this using PayPal Standard?



Cheers

dubbs

I don’t use any snippets for Tiny sites with Paypal Standard. I typically use Ditto in Evo, the old school Paypal HTML forms in a template chunk and some TVs for price (amount), item name and etc.

Thanks SmashingRed - I am using the standard Web form to do this already - its this that is the insecure feature of how PayPal transactions work in this way - Have a look at this page for an example - http://www.jonwallacedesign.biz/Yellow-Hat.html

This is the version using the ’secure’ functions from PayPal - http://www.jonwallacedesign.biz/45.html

Using the ’secure’ version is fine if you have a small number of items in your shop and dont have a CMS which enables the shop owner to update their site and add items... To add a new item using the ’secure’ paypal button the shop owner would have to add a new item in MODx and then go into PayPal create a new secure button with all the correct data, and then copy and paste the HTML form code back into the MODx article for the new shop item.... An awful workflow!

Anyone know of a better way to do this? i.e. make PayPal Standard transaction secure, but all for all management of the payment info on MODx rather than PayPal?

You can use PayPal’s Instant Payment Notification IPN system to check that the amount charged is the same as your order. To use this you would need to set up a page which handles notifications from PayPal after a transaction is processed - this could just be a snippet running within a blank template - this would look at the POSTed values for a given order and mark it as correct (or not) in your database (assuming you have an ’orders’ table of course ).

Most other gateways use a shared key combined with a salt (usually the order details) to generate a hash signature for each transaction; this can be generated at the start and verified at the end of the transaction with the opportunity to void if the signatures are not matched. The fact that PayPal don’t offer this in the standard version is one reason I prefer to use a real merchant account and separate gateway (the other being that PayPal are expensive). If you’re in the UK I can recommend Sage Pay Go with Server integration; they provide a PCI compliant checkout within an iframe using ’low profile’ payment forms that you can completely customise - the customer doesn’t appear to leave your site - for around 30% cheaper than PayPal Webpayments Standard.

PayPal ’deferred’ payments for Web Payments Standard:
https://cms.paypal.com/us/cgi-bin/?&cmd=_render-content&content_ID=developer/e_howto_html_authcapture

I would like use the snippet to display a donate button. It should allow for any donation amount. The default settings only allow for a set amount. Is there a way to set it to an ’open’ amount that would allow the user to enter their donation?

I don’t really care too much about the "secure" form for paypal. I don’t think it will matter too much for a small shop whether you are using the secure button. The workflow <i>is</i> aweful.

With regard to donations. If you are using the snippet (which I have never used, ever) you’ll need to modify it to output a field for the donation amount change the form type to donation. There are other fields you should set as hidden fields.

As I mentioned before there is a form for donations on the main modxcms.com site here: http://modxcms.com/download/downloading.html?file=398 that has a donation form on it. (Go ahead and donate while you are there if you want )

You can see all you need to change is the email address and the account id. everything else stays the same.

Paypal is not meant to be hard or require any more than copy and paste. In most cases I stick the paypal code in a chunk. Use a TV for the price, item name and description and everything else just works.

BTW for the secure code you can also just put the URL in a Chunk and the button ID into a TV and swap that out but it means that you will have to login to paypal, create the custom button and then get the button ID. That is a pain and a waste of time. If you are doing a lot of business you are always better off with another cart/gateway like FoxyCart and Authorize.net or some such (not endorsing other than haveing experience with).