Unable to use Paypal API on an SSL website
Your process seems highly convoluted. Let's break this down
// Execute SetExpressCheckOut method to create the payment token and PayerID$paypalResponse = $paypal->post('SetExpressCheckout', $params, $PayPalMode); //Respond according to message we receive from Paypal if(strtoupper($paypalResponse["ACK"]) == "SUCCESS") { // Generat the PayPal payment url with the response Token $paypalurl = 'https://www'.$PayPalMode.'.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token='.$paypalResponse["TOKEN"].''; // Redirect to PayPal payment page header('Location: '.$paypalurl);
So far so good. You do your SEC call, get your token and pass the user on to PayPal. But then this next part is confusing
// Execute DoExpressCheckoutPayment to receive the payment from the user$paypalResponse = $paypal->post('DoExpressCheckoutPayment', $params, $PayPalMode);// Check if the payment was successfulif(strtoupper($paypalResponse["ACK"]) == "SUCCESS") {
This doesn't make any sense. You just bounced the user to PayPal with header
and we're calling this with what appears the be the same data we passed to the SEC call. DoExpressCheckoutPayment
requires you pass back the token and the user just left the site to authorize it. I would expect to see your code look for $_GET['TOKEN']
(meaning the user returned from PayPal) and then build a new request for that. Right now, as your code is written, it's just chaining all 3 calls in one giant chain.
Here's what the process should look like
SetExpressCheckout
- Bounce user to PayPal. Stop processingGetExpressCheckoutDetails
- User has returned from PayPal because we have a TOKEN in the query string. Running this call now lets us make sure the TOKEN is validDoExpressCheckoutPayment
- If the TOKEN is valid, let's complete the sale.
Last but not least, you can't just look for Success. Read the docs on ACK. You can also get SuccessWithWarning. Change your success condition to
if(stripos($paypalResponse["ACK"], "SUCCESS") !== false) {