I am creating a website, where I will sell computer and calculator programs. When the "buy" button is pressed. I would like the user to be directed to Paypal (whether they stay on the website or not). After they pay, the user would be brought back to my website, and the program would automatically download.
How can i do this to ensure:
The user correctly pays for the program through Paypal
The correct program that they paid for downloads after
There is no direct link to the program so that the user could then download it many times without paying.
Thank you very much in advance!
Paypal PDT (redirecting after payment) and IPN (behind the scenes) is exactly what you are after.
Check this:
https://www.paypal.com/cgi-bin/webscr?cmd=p/xcl/rec/pdt-intro-outside
Here is sample code for the script to get you started instantly:
https://www.paypal.com/us/cgi-bin/?cmd=p/xcl/rec/pdt-code-outside
Some additional Tips for security:
Verify amount, currency and product-id with your database's data to make the download available. Open a paypal sandbox account.
To don't reveal the download location:
Use the order-id verified by pdt as a unique download-identifier. You have to use a script like this: redirect the user in the pdt-script here or include it in pdt if payment verrified:
<?
$orderid = $_GET['orderid'];
$productid = $_GET['productid'];
$time = $_GET['time_from_paypal']; // when the purchase was made
$fn = "files/".$productid.".mp3";
($time =here your conditional)?$do==true:$do==false;
if ($do==true){
header('Content-Disposition: attachment; filename=' . basename($fn));
readfile($fn);
} else {.....
?>
the part "here your conditional" can be anything. you could restrict them to download within the following x seconds after the payment was made. usually the processing from paypal takes a maximum of 20 seconds. so if you want the download to be made only once check if the payment_time and the actual time divergent less than 30 seconds. because of the redirect the user gets the download instantly after payment is veriffied.
wrote but not tested
Related
When we make a stripe checkout session we include a success url:
session = await this.stripe.checkout.sessions.create({
payment_method_types: ['card'],
line_items: lineItems,
payment_intent_data: {
transfer_data: {
amount: 9999999,
destination: someaccountId,
},
},
success_url: `http://localhost:4000/api/checkout/success?true&session_id={CHECKOUT_SESSION_ID}&alias_id=${aliasId}`,
cancel_url: `http://localhost:4000/api/checkout/canceled?session_id={CHECKOUT_SESSION_ID}`,
});
The success URL is where stripe sends the user after a successful payment. It's a GET request since stripe is redirecting the user. Many apps using stripe will need to take actions after a successful checkout- sending an email receipt, notifications, sending paid content, updating the order in the database etc. But it's suggested not to do these actions in GET requests because GET requests are supposed to be idempotent and safe.
For example an unsubscribe link in an email should not unsubscribe a user but instead the "proper approach for unsubscribe links is to lead to a page where the user can click a button to unsubscribe (where the button click triggers a POST request)."src This is because "Many, many, many tools, utilities, web crawlers and other thingamajiggies assume that GET will never be a destructive action (rightly so, since it's specified this way). If you now break your application by breaking that specification, you'll get to keep both parts of your application." src
So I was wondering what is the proper way to handle the stripe success url? If we follow the suggested advice above, then the success url would link to a page where the user clicks a button that updates the order, emails a receipt, etc. But then we are relying on customer to finish the order that has already been paid for. If they don't press that button then important actions aren't completed. What is the proper way to do this? Or does the suggestion to not change the database on a GET request not apply for some reason to these type of actions?
Make the part of that page that handles the Checkout Session code idempotent - i.e. have it check first to see if its steps have already been processed (and in that case skip), or else make it so whatever processing it does could be repeated multiple times without having any additional effect after the first time it runs.
For "tools, utilities, web crawlers and other thingamajiggies" to hit your URL with a valid Checkout Session ID would be pretty close to impossible, so whatever code you use to handle a 'bad session ID' would handle that just fine.
You should also have a webhook for this - which would get a POST request. https://stripe.com/docs/payments/checkout/fulfill-orders#handle-the---event
If you are using a stripe template then you need to follow this step
Stripe Pricing Table -> edit -> Click on Don't show confirmation page -> add your web url (https://test.com/success?session_id={CHECKOUT_SESSION_ID}.
Stripe will update the checkout session-id for you
I have a login form created in Wordpress using Contact form 7. I'm tryig to pass parameters from this form to an external server. But it is not happening.
I am a designer, and not much of a programmer. I understand code(sometimes) but can not write it from the scratch.
I have designed a website for a client. This client has a "Flying Returns" like logistic membership system in which members get lots of perks in shipping etc. This system is on their own server. They want the users to log in to that system from this website.
So I have created a login form using Contact Form 7. I have set skip_mail: on; I have tried a few plugins login, but either they dont log into different servers or are expensive, or does not yield correct URL and hence does not log into the system. Therefore I have finally decided to make it happen using code.
Their programmer has given me following JS code that will take the parameters from this form and pass on to their system. IF the parameters are correct, then the user is logged into the system and taken to the member's dashboard page on their server (not my website/server), else it returns an error message, {"error":"Login Data Incorrect.."}
I have tried to put this code with in the contact form. Here is the code (i've hidden the actual IP address, sorry):
<script>
document.addEventListener( 'wpcf7submit', function( event ) {
alert( "Fire!" );
document.location.href="http://49.XXX.XXX.202:XXXX/glslink/servlet/GPLogin?password="+$('#password').val()+"&emailid="+$('#emailid').val();
}, false );
</script>
If I remove the document.location line, it shows the alert. But the above, in its entirety does nothing. If I use the URL, replace variables with actual values and paste it browser, it logs me into the system without a hitch.
I have tried quite a few different codes which I could find as possible solution on internet, this site including, but to no avail.
Please help me out. I want the email and password to be passed to this external server, if they are correct then the user should log in and see their dashboard there. Else if it gives the above mentioned error message, then I should be able to reset the form and give an error message to the user.
Using WooCommerce and the standard PayPal gateway to accept payments. When testing in Sandbox mode, everything works great. When we test live with a real transaction, payment goes through no problem, but within WooCommerce there is a note as follows:
"Validation error: PayPal currencies do not match (code USD). Order status changed from Processing to On Hold."
We do not have multiple currencies in the shop. Everything is set to USD. PayPal is set to accept payments in different currencies and automatically convert them. We do not have a currency conversion plugin installed. We double checked the API settings (they are correct), we've generated new API keys and tried again, we tried it with and without IPN enabled.
The payment goes through via Paypal, but we still get this error inside the order notes, and the status changes to On-Hold instead of "Processing".
We also cannot process a refund via PayPal from within WooCommerce, we get a "Refund Failed" message. Not sure if this is related, but we would like to figure that out as well.
i found temporary fix for this problem
go to “plugins/woocommerce/includes/gateways/paypal/includes/class-wc-gateway-paypal-ipn-handler.php” and comment two lines (line number : 176 and 177 ) like this
//$this->validate_currency( $order, $posted['mc_currency'] );
//$this->validate_amount( $order, $posted['mc_gross'] );
Source : https://www.kapadiya.net/wordpress/woocommerce-paypal-for-inr/
I'm using the following code
_gaq.push(['_setCustomVar',1,'logged-in','administrator',1],['_trackPageview']);
to track logged-in user levels on my site (running WordPress).
Now my problem is that in the last month I had around 100 new registrations, but Google Analytics only shows me 65 registered users active on my site.
Is this an error in interpreting the results or am I doing something wrong?
PREAMBLE
With Google Analytics(GA), it's impossible to get ALL your hits registred. This is not a GA specific problem. Any analytics tool can be affected.
Imagine for instance, that the user gets its connection broken while registring on your WP site. Chances are that the javascript code won't be executed. The new user will be registred hopefully, but GA won't be notified.
WORKAROUND
This workaround would be to tied the notification of GA with your registration process right on the server side:
Step 1: Register a php function with the user_register hook.
add_action('user_register', 'myplugin_registration_save');
function myplugin_registration_save($user_id) {
// GA will be notified here ...
}
Step 2: Inside this registred function notify GA of the new user registration.
Here comes php-ga. It's a GA client written in PHP. You can implement nearly every parameter and tracking feature of the original GA Javascript client. Call it to track your GA custom vars.
Here is a sample code from the php-ga site:
use UnitedPrototype\GoogleAnalytics;
// Initilize GA Tracker
$tracker = new GoogleAnalytics\Tracker('UA-12345678-9', 'example.com');
// Assemble Visitor information
// (could also get unserialized from database)
$visitor = new GoogleAnalytics\Visitor();
$visitor->setIpAddress($_SERVER['REMOTE_ADDR']);
$visitor->setUserAgent($_SERVER['HTTP_USER_AGENT']);
$visitor->setScreenResolution('1024x768');
// Assemble Session information
// (could also get unserialized from PHP session)
$session = new GoogleAnalytics\Session();
// Assemble Page information
$page = new GoogleAnalytics\Page('/page.html');
$page->setTitle('My Page');
// Track page view
$tracker->trackPageview($page, $session, $visitor);
THERE IS MORE
Even if you implement the workaround, it may not be able to notify GA sucessfully. If GA server experiment some heavy load for instance, your notification may be lost.
I would advice you to use both system notification : GA Javascript client AND GA PHP client.
Assign them two distinct events 'JS-new-user-registred' and 'PHP-new-user-registred'. With two registred events you improve the quality of your analytic data. You improve the new registrations notification rate too.
Always keep in mind that this approach may not be 100% accurate. For example, on the client side the ga.js file may be blocked (firewall etc). At the same time, your PHP client may not be able to notify succesfully GA. It results that the new registration is not tracked.
I've looked over hundreds of answers for similar issues to this but can't find anything that seems to help.
I'm running the latest version of the PHP SDK and a login to facebook button which has a generated link from getLoginUrl().
Running on my development laptop and logged in as the application developer it passes me back to the redirect url (Both the callback url when calling getLoginUrl() and the URL set in my application settings are exactly the same) I then do a getUser call which will function in these circumstances.
If i try the same process using my Iphone on the same network, logged in as the same user on facebook getUser() returns 0.
It also does the same for any other user trying to login with facebook.
Sandbox mode is disabled.
my app domains seem to be set up correctly.
I'm really unsure of what to do next.
Many thanks for your responses guys - Turns out the issue was i was sending the request from one page and redirecting back to another. This seems to upset facebook (I'm guessing it will only re-direct back to the page it was called from).
That solved the problem anyway - but many thanks for your responses.
First make sure you are maintaining sessions in your scripts with:
session_start();
at the top of your php file.
Next use something like this to test if you have a fb user and if not, redirect them to the oauth, which will just renew their token if they've already authorized by it's expired.
require_once('facebook/fb.inc');
session_start();
if (!$fbUser) {
$loginUrl = $facebook->getLoginUrl(
array(
'scope' => 'email,publish_stream,user_location',
'redirect_uri' => 'http://scubadivinglog.org/php/fblink.php'
)
);
echo "<script type='text/javascript'>top.location.href = '$loginUrl';</script>";
exit;
}
Hope this helps. Let us know and if not post the code you are using.