cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

Re: Mimicking POST to PayPal

From: Mark E <mark_at_edwards.org>
Date: Sat, 11 Aug 2007 13:19:25 -0600

Adam Burgoyne wrote:

> The only options open to me are to:-
>
> 1) use PayPal's encrypted forms - not practical :-(

You might be able to generate one encrypted form per combo. It's more
work, but it works.

Their button form looks like this:

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="image"
src="https://www.paypal.com/en_US/i/btn/x-click-but23.gif" border="0"
name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
<img alt="" border="0"
src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
<input type="hidden" name="encrypted" value="-----BEGIN
PKCS7-----MIIHRwYJKoZIhvcNAQcEoIIHODCCBzQCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAdFD80WiVDKsGKX7s4HFbMuhBiV3Oe1N/hXQqBgOMm3eCtf5nAHIfB6E5qDQT/2jae3l3byyYSVIf/bFvNK+jHv1T8cw4KeVSWHQbuMA1he/mvbT6FZ32cgbMWzEENX7NkeF6PWHFc46sjg6Z2cTquAZsYraK7eattWSDjkUe1jTELMAkGBSsOAwIaBQAwgcQGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIHFmgYvollXiAgaCq2mYpQnwnziNInauNPDWYuuHNYVV360lfjMZBBuadCBiFINCUQMUi9sH3pKGeqecm2f/4uIAMBmWgLfq0Dm3/6U6LEOGVltOOOD950OnmW5RsX3hFMx9LsKel93HAYOKqRPour5DWk3JdZ6osLFojG1h/xodFcyzDkupbquMbwbjW4VLREzKdSNspFCo6ZsZGWAXN+0L9uuN8OnmDt82HoIIDhzCCA4MwggLsoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMB4XDTA0MDIx
MzEwMTMxNVoXDTM1MDIxMzEwMTMxNVowgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBR07d/ETMS1ycjtkpkvjXZe9k+6CieLuLsPumsJ7QC1odNz3sJiCbs2wC0nLE0uLGaEtXynIgRqIddYCHx88pb5HTXv4SZeuv0Rqq4+axW9PLAAATU8w04qqjaSXgbGLP3NmohqM6bV9kZZwZLR/klDaQGo1u9uDb9lr4Yn+rBQIDAQABo4HuMIHrMB0GA1UdDgQWBBSWn3y7xm8XvVk/UtcKG+wQ1mSUazCBuwYDVR0jBIGzMIGwgBSWn3y7xm8XvVk/UtcKG+wQ1mSUa6GBlKSBkTCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCBXzpWmoBa5e9fo6ujionW1hUhPkOBakTr3YCDjbYfvJEiv/2P+IobhOGJr85+XHhN0v4gUkEDI8r2/rNk1m0GA8HKddvTjyGw/XqXa+LSTlDYkqI8OwR8GEYj4efEtcRpRYBxV8KxAW93YDWzFGvruKnnLbDAF6VR5w/cCMn5hzGCAZowggGWAgEBMIGUMIGOMQswCQYDVQ
QGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwODExMTkwODM2WjAjBgkqhkiG9w0BCQQxFgQUPqxZ9c1D+2YFHP6P9SK+7R8x82YwDQYJKoZIhvcNAQEBBQAEgYAUtfF/Z4WLAMRd+Zr73AcOp+JyeIHf7u3ngAGZRKOuJNTiqo3mVM7nUvyCBT9yOdLzChpoCfmOPNB9z1j9VKyWd6rCAyIZjMhgwSsexYeAOdz/ZSTDJ/h9DYGeqldB+ErIjErRgWvc/WqLRupqP5sCJN+qMCP23e1VEzqAkIOC6A==-----END
PKCS7-----
">
</form>

So basically you can reuse all of that except the 'value' input field.
Generate a button for every combo, clip out the value field and store
it, then generate the right form with encrypted value field on the fly
and let the user click the button.

Or sign up for a regular Pro account and use their IPN interface
instead. That's what I do. There's a PHP API for it:
http://phppaypalpro.sourceforge.net/

Mark
_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2007-08-11