I'm new to the integration of PayPal in PHP.
I found some tutorial and I followed it. Now, I'm having problems with sandbox:
The email address for the business is not present in the encrypted blob. Please contact your merchant.
I have tried sending e-mail and Merchant ID of my Sandbox account, but no luck.
My code:
define("SANDBOX", 1);
$business_id="paypal@***********";
if(SANDBOX) $business_id="***********";
The data to be encrypted:
$form = array('cmd' => '_s-xclick',
'cert_id' => '*************',
'business' => $business_id,
'custom' => 'test',
//'invoice' => '...',
'currency_code' => 'EUR',
'no_shipping' => '1',
'item_name' => 'TestItem',
'item_number' => '12345',
'amount' => '10'
);
$encrypted = paypal_encrypt($form);
function paypal_encrypt($hash)
{
...trimmed...
$data = "";
foreach ($hash as $key => $value) {
if ($value != "") {
//echo "Adding to blob: $key=$value\n";
$data .= "$key=$value\n";
}
}
$openssl_cmd = "($OPENSSL smime -sign -signer $MY_CERT_FILE -inkey $MY_KEY_FILE " .
"-outform der -nodetach -binary <<_EOF_\n$data\n_EOF_\n) | " .
"$OPENSSL smime -encrypt -des3 -binary -outform pem $PAYPAL_CERT_FILE";
exec($openssl_cmd, $output, $error);
...trimmed...
};
?>
The PayPal form is:
<form action="https://<?php if(SANDBOX) echo "www.sandbox"; else echo "www"; ?>.paypal.com/cgi-bin/webscr" method="post" target=_blank>
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="encrypted" value="<?php echo $encrypted; ?>">
<input type="submit" value="Pay">
</form>
The code is just a sample from the tutorial, I haven't edited it too much.
I found out the encryption is not necessary as long as you are checking the IPN requests.
I implemented the payment form without any kind of encryption and when IPN came, I check it against the database and PayPal.
If everything matches, I update the DB and mark order as paid. If there are differences, I just log everything and email myself about the issue.