is it still possible to use the PayPal HTML form Basics with unencrypted values in hidden fields? I know that people can change easily the value in the form, but can I use it or there is a problem with PayPal? Can PayPal block or limit my account if in my site I use this kind of form to pass the payment value? Thanks
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="business" value="seller#site.com">
<input type="hidden" name="item_name" value="hat">
<input type="hidden" name="item_number" value="123">
<input type="hidden" name="amount" value="15.00">
<input type="hidden" name="first_name" value="John">
<input type="hidden" name="last_name" value="Doe">
<input type="hidden" name="address1" value="9 Elm Street">
<input type="hidden" name="address2" value="Apt 5">
<input type="hidden" name="city" value="Berwyn">
<input type="hidden" name="state" value="PA">
<input type="hidden" name="zip" value="19312">
<input type="hidden" name="night_phone_a" value="610">
<input type="hidden" name="night_phone_b" value="555">
<input type="hidden" name="night_phone_c" value="1234">
<input type="hidden" name="email" value="jdoe#test.com">
<input type="image" name="submit"
src="https://www.paypalobjects.com/en_US/i/btn/btn_buynow_LG.gif"
alt="PayPal - The safer, easier way to pay online">
</form>
For backwards compatibility with old websites, legacy HTML forms like this will still work. They redirect to the PayPal site, and the PayPal site securely collects the payment information.
However, there is absolutely no reason to use an HTML form. The current HTML/JS Checkout integration supports all the same features of the above and more. It presents a modern, in-context experience and does not redirect away from your site.
Related
I am using Joomla for my website which has some items for sale. I have hard coded the paypal buttons and costs for this and it works well:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="paypal">
<input alt="Add this item to your order" name="submit" src="/add-to-order.gif" type="image" />
<input name="add" type="hidden" value="1" />
<input name="cmd" type="hidden" value="_cart" />
<input name="business" type="hidden" value="name#name.co.uk" />
<input name="item_name" type="hidden" value="Item name" />
<input name="amount" type="hidden" value="500.00" />
<input name="no_shipping" type="hidden" value="2" />
<input name="currency_code" type="hidden" value="GBP" />
<input name="bn" type="hidden" value="PP-ShopCartBF" />
</form>
However, I wanted to add shipping values per item. These will be different depending on region of delivery and item. Is this all handled in the back end paypal set up? Or do I need to pass in these values? Any advice would be great thanks as im unsure of how to proceed.
For that PayPal integration, which is very old (about 20 years), the variables available for shipping and everything else are all documented here. The cart upload command specifically is explained here.
A current PayPal Checkout is much different.
I want to create a html paypal form. But how can I make the form with no Billing information input needed? Or what input variable should I add in the form? So The buyer don't need to input Billing information as the image shown below.
If you don't want the buyer to input billing information again in PayPal checkout page, you can pass buyer's billing information form your site to PayPal, as below:
<input type='hidden' name='first_name' value='tet'>
<input type='hidden' name='last_name' value='test'>
<input type="hidden" name="city" value="test">
<input type="hidden" name="state" value="NE">
<input type="hidden" name="zip" value="68114">
<input type="hidden" name="country" value="US">
<input type='hidden' name='address1' value='testtest'>
Then PayPal can fill in these information automatically.
Let's suppose we have an <input> element where the user can enter a number (e.g. 500).
When clicking some button or so, I want the user to be redirected to the PayPal donation page where they can specify the ammount but to have the default value set to the number set in the input (500 in this case).
Does the PayPal url allows such an option (maybe via querystring parameters)?
Yes it is possible. You will need to create an open source Donation Button in order to have your donors add the donation amount from the form you create rather than on the PayPal Hosted page.
You need to add this to your donation button code
<input type="text" name="amount" size=10><br /><br />
Below is the complete Donation Button Sample code.
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_donations">
<!-- Update to Your PayPal Email or Merchant ID -->
<input type="hidden" name="business" value="youremail#email.com">
<input type="hidden" name="lc" value="US">
<!-- Update the Value to the Donation Name -->
<input type="hidden" name="item_name" value="Test Donations"><p>Please Enter an Amount</p>
<!-- The below will allow your customers to enter an amount and this gets passed to PayPal -->
<input type="text" name="amount" size=10><br /><br />
<!-- The rest is the normal PayPal Donation button Info -->
<input type="hidden" name="no_note" value="0">
<input type="hidden" name="cn" value="Add special instructions to the seller:">
<input type="hidden" name="no_shipping" value="2">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="bn" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHosted">
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
Creating Donation Buttons
I'm trying to help someone with a problem, where you can donate for some points, but you the source code will allow you to edit the values of the paypal button.
For instance, i choose 5 points which should cost 5 dollar, but when I edit source code I can see the whole paypal form with values, and edit the values.
So how can I secure the form so that it cannot be edited?
Here's the code:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="at" value="nBWAy2wwJn1O1LdoLcMn8AOdPxBBUxhnZfqFvAlGQq1oDm0czxn5FBcpgIW">
<input type="hidden" name="business" value="admin#worldofthegods.com">
<input type="hidden" name="item_name" value="DP|1|452160">
<input type="hidden" name="amount" value="1">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="return" value="http://www.worldofthegods.com/donate.php?action=done">
<input type="hidden" name="cancel_return" value="http://www.worldofthegods.com/donate.php?action=cancel">
<input type="hidden" name="notify_url" value="http://www.worldofthegods.com/ipn_donator.php">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="tax" value="0">
<input type="image" src="http://worldofthegods.com/images/PaypalButton.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>
In this way, it's impossible. I guess what you want to do, and this is not the correct way you are following.
You need to verify each payment and make sure they are valid and payed in correct amount.
Paypal IPN is the solution and you need some Server-side programming.
Read more:
Paypal API Question - Can I use Return Url to verify payment
How to verify successful payment of paypal
I'd suggest using something like Express Checkout, which allows you to send the transaction details in an API call instead of showing them in HTML code to the buyer.
However, barring that, your next best option is to use Encrypted Website Payments. https://developer.paypal.com/webapps/developer/docs/classic/paypal-payments-standard/integration-guide/encryptedwebpayments/#id08A3I0P017Q
I have a "Pay Now" button from Paypal on my website. However, anyone can easily modify the amount they have to pay.
Here's the code that PayPal generated:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="xxx">
<input type="hidden" name="lc" value="CA">
<input type="hidden" name="amount" value="**1000.00**">
<input type="hidden" name="currency_code" value="CAD">
<input type="hidden" name="button_subtype" value="services">
<input type="hidden" name="no_note" value="0">
<input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHostedGuest">
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
Anyone can change the "1000.00" to "100.00". Is there a way to prevent this or a better way to accept payments?
take a look at Securing Your Website Payments Standard Buttons it outlines some of things you can do to protect yourself from this. One of the things is to create buttons with their online tool, and save them. When a purchase is made, they compare it with the saved button and check to make sure they are the same.