Hi guys!
I was looking for a paypal extension and i found this one, which looks exactly what i was looking for:
http://www.yiiframework.com/extension/paypal
Everything is working fine less one important thing,
There is an action called buy, actionBuy():
public function actionBuy(){
// set
$paymentInfo['Order']['theTotal'] = 15.00;
$paymentInfo['Order']['description'] = "Some payment description here";
$paymentInfo['Order']['quantity'] = '1';
// call paypal
$result = Yii::app()->Paypal->SetExpressCheckout($paymentInfo);
//Detect Errors
if(!Yii::app()->Paypal->isCallSucceeded($result)){
if(Yii::app()->Paypal->apiLive === true){
//Live mode basic error message
$error = 'We were unable to process your request. Please try again later';
}else{
//Sandbox output the actual error message to dive in.
$error = $result['L_LONGMESSAGE0'];
}
echo $error;
Yii::app()->end();
}else {
// send user to paypal
$token = urldecode($result["TOKEN"]);
$payPalURL = Yii::app()->Paypal->paypalUrl.$token;
$this->redirect($payPalURL);
}
}
Like you can see on the top, there is a variable called $paymentInfo[‘Order’][‘theTotal’], which in this case is equal 15.00.
Then it goes to paypal, i can see in the left the price (15.00) and the "description" of the "item", and in the right side i see the inputs to loggin, I login, i click in pay now and when is coming back to my site, it go to the action "confirm", actionConfirm() is
public function actionConfirm()
{
$token = trim($_GET['token']);
$payerId = trim($_GET['PayerID']);
$result = Yii::app()->Paypal->GetExpressCheckoutDetails($token);
$result['PAYERID'] = $payerId;
$result['TOKEN'] = $token;
$result['ORDERTOTAL'] = 0.00;
//Detect errors
if(!Yii::app()->Paypal->isCallSucceeded($result)){
if(Yii::app()->Paypal->apiLive === true){
//Live mode basic error message
$error = 'We were unable to process your request. Please try again later';
}else{
//Sandbox output the actual error message to dive in.
$error = $result['L_LONGMESSAGE0'];
}
echo $error;
Yii::app()->end();
}else{
$paymentResult = Yii::app()->Paypal->DoExpressCheckoutPayment($result);
//Detect errors
if(!Yii::app()->Paypal->isCallSucceeded($paymentResult)){
if(Yii::app()->Paypal->apiLive === true){
//Live mode basic error message
$error = 'We were unable to process your request. Please try again later';
}else{
//Sandbox output the actual error message to dive in.
$error = $paymentResult['L_LONGMESSAGE0'];
}
echo $error;
Yii::app()->end();
}else{
//payment was completed successfully
$this->render('confirm');
}
}
}
Well like you see there is a variable called $result[‘ORDERTOTAL’]which is equal 0.00 and i get a error message telling me that the total amount is zero, so it won’t charge the user who is buying. If i change the value of this variable, everything works fine, and it will charge me the amount of $result[‘ORDERTOTAL’] instead of $paymentInfo[‘Order’][‘theTotal’].
My question is, how can i pass the $paymentInfo[‘Order’][‘theTotal’] value from actionBuy to $result[‘ORDERTOTAL’] on actionConfirm? Keep in mind that it is going to paypal between actionBuy and actionConfirm…
I am worry about the security here, because i don’t want the user been able to catch this variable and change it (changing the money that he will be charge).
I will appreciate any suggestion!
Thanks a lot!
Regards
SOLUTION
Problem solved with session vars.
In actionBuy add this next to $paymentInfo[‘Order’][‘theTotal’] = 0.00
Yii::app()->session['theTotal'] = 0.00
and in actionConfirm change $result[‘ORDERTOTAL’] = 0.00; to
$result['ORDERTOTAL'] = Yii::app()->session['theTotal'];
What i will do is store the order info on the database before send i to paypal, and i will save in a session variable the ID of it (instead the total amount), then in actionConfirm i will take the amount value from the db using the ID saved on the sesion variable.
Hope it helps someone else!