Is it possible to use PHP for redirecting an encrypted PayPal button code?

6 replies
I'm wanting to make a potential link (mywebsite.com/buy) a workable link using a php redirect to go directly to PayPal to purchase a product. I'm wanting to use the link for a specific autoresponder email.

My problem is the PayPal button is encrypted and I'm not sure sure if I can even pull this off and might just have to end up having it on a webpage as originally thought but I was curious if there was anyway I can take out one click in the buying process.

I really appreciate any advice and help - thank you.
#button #code #encrypted #paypal #php #redirect #redirecting
  • Profile picture of the author rwil02
    Hmm. I think yes.

    Encrypted buttons are usually done using a POST, but PayPal also accepts GET requests for use via email links etc.

    The only issue might be the length of the resulting URL. Most browsers will cope fine with up to 1KB of text in the URL, many with 2 KB, but I'm not sure how big the encrypted URL would be.

    I'll just check my WSO order page ....

    44 lines x 64 characters, almost 3kb.

    Your button might be shorter of course.
    Signature

    Roger Willcocks
    L-Space Design
    Please vote to help me win a 3kW solar array

    {{ DiscussionBoard.errors[97040].message }}
    • Originally Posted by rwil02 View Post

      44 lines x 64 characters, almost 3kb.

      Your button might be shorter of course.
      Actually mine is the same size after looking back at the code...

      Thank you rwil02, I appreciate your help.
      {{ DiscussionBoard.errors[97366].message }}
      • Profile picture of the author rwil02
        Just thought of a solution though.

        Create a page with only the form on it. Let people click through to it from the email.

        Include javascript on the page to automatically click the button on the form.

        Should have the same effect for more than 90% of people.
        Signature

        Roger Willcocks
        L-Space Design
        Please vote to help me win a 3kW solar array

        {{ DiscussionBoard.errors[97421].message }}
        • Profile picture of the author Sten M. Andersen
          I realize this thread is a little old, but I thought I'd contribute the code to do this if anyone else need it...

          I see two solutions. One in the JavaScript solution outlined above (have JavaScript click the button for the user):

          SOLUTON 1: JavaScript

          (This is a hybrid php / JavaScript / HTML solution... just remove the php if you want):

          echo '<form action="https://www.paypal.com/cgi-bin/webscr" method="post" id=paymentform>';
          echo '<input type="hidden" name="cmd" value="_s-xclick">';
          echo '<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but23.gif" border="0" name="submit" alt="Make payments with PayPal - it\'s fast, free and secure!">';
          echo '<input type="hidden" name="encrypted" value="';
          echo $paypal->getButton();
          echo '">';
          echo "</form>\n";
          ?>

          <script language=javascript>
          setTimeout('redir()', 10000);
          function redir(){
          document.getElementById('paymentform').submit();
          }
          </script>

          ---------
          Just make sure the id of the form is the one called by JavaScript, and you'll be sweet.


          SOLUTION 2: Pure php
          <?php
          $data['custom reason'] =

          $data['return'])) $return ="http://yoursite.com/thanks.php";
          $data['cancel_return'])) "http://yoursite.com/cancelled.php";
          $data['notify_url'])) = "http://yoursite.com/ipn_res.php";
          // and so on with any info you want to send to PayPal, anything you would put in the form
          // Then, simply:
          $result = post_it($data, "https://www.paypal.com/cgi-bin/webscr");

          // Now, we've "faked" posting the data to PayPal.
          // We need to analyze the $result and see where to send the user next
          // (that is left as an exercise for the reader ;-)
          ?>


          <?php

          function post_it($datastream, $url) {
          $url = preg_replace("@^http://@i", "", $url);
          $host = substr($url, 0, strpos($url, "/"));
          $uri = strstr($url, "/");
          $reqbody = "";
          foreach($datastream as $key=>$val) {
          if (!($reqbody=='')) $reqbody.= "&";
          $reqbody.= $key."=".urlencode($val);
          }
          $contentlength = strlen($reqbody);
          $reqheader = "POST $uri HTTP/1.1\r\n".
          "Host: $host\n". "User-Agent: PostIt\r\n".
          "Content-Type: application/x-www-form-urlencoded\r\n".
          "Content-Length: $contentlength\r\n\r\n".
          "$reqbody\r\n";
          $socket = fsockopen($host, 80, $errno, $errstr);

          if (!$socket) {
          $result["errno"] = $errno;
          $result["errstr"] = $errstr;
          return $result;
          }

          fputs($socket, $reqheader);

          while (!feof($socket)) {
          $result[] = fgets($socket, 4096);
          }

          fclose($socket);

          return $result;

          }

          ?>
          Signature
          {{ DiscussionBoard.errors[141180].message }}
  • Profile picture of the author e-mail2u
    Yes,

    Since you are redirecting there is no need to use an encrypted link, just use the standard unencrypted link. The redirect protects the Pay Pal link. To add them to a autoresponder list you need to use the add additional options url on payment/cancel. Simple send them to a thank you page where they enter their e-mail address and your autoresponder then can send them the info etc...
    Signature
    Blackhat surveys | geoffreyfoggon | Free link shortening hide those affiliate links....
    {{ DiscussionBoard.errors[143239].message }}
    • Profile picture of the author Sten M. Andersen
      Originally Posted by e-mail2u View Post

      Yes,

      Since you are redirecting there is no need to use an encrypted link, just use the standard unencrypted link.
      I wouldn't necessary follow this advice. True, you need to decide your own level of paranoia. I don't know your list, but it is not hard to "stop" a redirect and see what html code it actually contains. That means your PayPal-button code would be exposed, and with it, the url for your thank-you page. In some scenarios (for example when you use the IPN code to ship a physcial product, or fire off the email with the real download links, that's not a problem. But if the real thank-you page url is in the PayPal-button code, you're at risk.

      Best regards,
      Sten
      Signature
      {{ DiscussionBoard.errors[154321].message }}

Trending Topics