Paypal Payflow pro library

I built an e-commerce site in CodeIgniter, also doing seamless Paypal integration.

There didn't seem to be any suuuuuper-pretty object-oriented wrappers out there when I did my hunting, but I did notice some good attempts.

My solution ended up being a bit bland. I downloaded the PHP API from here:https://cms.paypal.com/cms_content/US/en_US/files/developer/PP_PHP_NVP_Samples.zip

I saved the CallerService.php file as application/helpers/paypal_helper.php and added it to application/config/autoload.php to pull it into the app.

Now, CallerService.php requires constants.php, so you either need to copy and paste it in, or include the constants.php file in your helpers directory. I just copied and pasted. Then, be sure to configure all the constants for your account.

Once that's set up, my code just looked like this:

  $nvp_query_string = '&PAYMENTACTION=Sale'                . '&AMT='.urlencode($order->total)                . '&CREDITCARDTYPE='.urlencode($this->input->post('credit_card_type'))                . '&ACCT='.urlencode($this->input->post('acct'))                . '&EXPDATE='.urlencode(str_pad($this->input->post('exp_date_month'), 2, '0', STR_PAD_LEFT).'20'.$this->input->post('exp_date_year'))                . '&CVV2='.urlencode($this->input->post('cvv2_number'))                . '&FIRSTNAME='.urlencode($first_name)                . '&LASTNAME='.urlencode($last_name)                . '&STREET='.urlencode($order->billing_address_1)                . '&CITY='.urlencode($order->billing_city)                . '&STATE='.urlencode($order->billing_state)                . '&ZIP='.urlencode($order->billing_zip)                . '&COUNTRYCODE=US&CURRENCYCODE=USD';  $response = hash_call('doDirectPayment', $nvp_query_string);  if (strpos(strtoupper($response['ACK']), 'SUCCESS') !== false) {    // Product purchase was successful.  }  else {    // Product purchase was unsuccessful.    // The Paypal response will be in $response['ACK'].    // The Paypal error message to show the customer will be in $response['L_LONGMESSAGE0'].  }

It's not too elegant, but it definitely works well.

Also, you DEFINITELY need an SSL certificate. These can be purchased for $30 or so for a single domain. They are a little difficult to set up at first, but you can't skip this step. SSL protects transmission between the customer's computer and your server, so their CC info can't be read as it passes through all the servers and routers (or sniffed out through wifi) along the way. So, just make sure that, on the form you use to take CC info, the form submits to https:// and not an unsecured http://.

I'm pretty sure that no matter what if your website is taking sensitive data (i.e. credit card number), then you need an ssl certificate. Unless they are on someone else's server (paypal.com), you need to take care of that. And, like you said, you don't want to send them to paypal.com, so yeah, you'll need one.

Also, if you already have express checkout integrated, you should be using an ssl certificate for that anyway, right?