Hi friend as you know PayPal is one of the biggest player for online payment.
Since you implement the paypal integration in your web site as developer or as webmaster etc. How you tackle the security issue when especially you handle the paypal button. Here some idea with sample code can help you.
You can encrypt the paypal button by open ssl certificate with paypal certificate.
1. Step 1: create private key with open ssl from your linux/unix command prompt [make sure your server have open ssl installed]
openssl genrsa -out my-prvkey.pem 1024
2. Step 2: Create public certificate [key + signature]
openssl req -new -key my-prvkey.pem -x509 -days 365 -out my-pubcert.pem
3. Step 3: create paypal certificate to use encrypt the paypal button code
To upload your public certificates to PayPal:
1. Log in to your Business or Premier account.
2. Click the Profile subtab.
3. In the Seller Preferences column, click Encrypted Payment Settings.
4. Click Add.
5. Click Browse, and select your public certificate file.
6. When your public certificate is successfully uploaded, it appears on the next screen under Your Public Certificates.
You use PayPal's public certificate to encrypt your button code. To download PayPal's public certificate:
1. Log in to your Business or Premier account.
2. Click the Profile subtab.
3. In the Seller Preferences column, click Encrypted Payment Settings.
4. Click Download in the PayPal Public Certificate area.
To prevent someone from creating a spoof version of your payment buttons, you can block non-encrypted website payments to your account. Follow the instruction in Blocking Non-encrypted Website Payments.
PHP code for buton encryption
# private key file to use
$MY_KEY_FILE = "secu/my-prvkey.pem";
# public certificate file to use
$MY_CERT_FILE = "secu/my-pubcert.pem";
# Paypal's public certificate
$PAYPAL_CERT_FILE = "secu/paypal_cert.pem";
# path to the openssl binary
$OPENSSL = "/usr/bin/openssl";
// QUUNRT25HWJLY ray user
$form = array('cmd' => '_xclick',
'business' => 'sddhiradsdj_11932536710_biz@master.com',
'cert_id' => 'U7PRFGN9MNWNE64QL',
'lc' => 'IE',
'custom' => 'test',
'invoice' => '',
'currency_code' => 'EUR',
'no_shipping' => '0',
'item_name' => 'Lunch',
'item_number' => session_id(),
'rm' => 2,
// 'notify_url' => 'paypalipn.php',
'amount' => $tot
);
$encrypted = paypal_encrypt($form);
function paypal_encrypt($hash)
{
global $MY_KEY_FILE;
global $MY_CERT_FILE;
global $PAYPAL_CERT_FILE;
global $OPENSSL;
if (!file_exists($MY_KEY_FILE)) {
echo "ERROR: MY_KEY_FILE $MY_KEY_FILE not found\n";
}
if (!file_exists($MY_CERT_FILE)) {
echo "ERROR: MY_CERT_FILE $MY_CERT_FILE not found\n";
}
if (!file_exists($PAYPAL_CERT_FILE)) {
echo "ERROR: PAYPAL_CERT_FILE $PAYPAL_CERT_FILE not found\n";
}
if (!file_exists($OPENSSL)) {
echo "ERROR: OPENSSL $OPENSSL not found\n";
}
//Assign Build Notation for PayPal Support
$hash['bn']= 'StellarWebSolutions.PHP_EWP';
$openssl_cmd = "$OPENSSL smime -sign -signer $MY_CERT_FILE -inkey $MY_KEY_FILE " .
"-outform der -nodetach -binary | $OPENSSL smime -encrypt " .
"-des3 -binary -outform pem $PAYPAL_CERT_FILE";
$descriptors = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
);
$process = proc_open($openssl_cmd, $descriptors, $pipes);
if (is_resource($process)) {
foreach ($hash as $key => $value) {
if ($value != "") {
//echo "Adding to blob: $key=$value\n";
fwrite($pipes[0], "$key=$value\n");
}
}
fflush($pipes[0]);
fclose($pipes[0]);
$output = "";
while (!feof($pipes[1])) {
$output .= fgets($pipes[1]);
}
//echo $output;
fclose($pipes[1]);
$return_value = proc_close($process);
return $output;
}
return "ERROR";
};
References : paypal dot com and stellerweb dot com
Think Different: Your FREE daily tech stories on AI, Data Science, ML, IoT, Cloud, Open Source, Python, Rust, Golang, DevOps, Management & the future of human-machine interaction. All the latest tech, from around the world.
Subscribe to:
Post Comments (Atom)
LLM for Humanoid Robot
Photo by Tara Winstead Let's consider a scenario where we aim to integrate Long-Term Memory (LLM) into a humanoid robot to enhance its...
-
The client want to have a shop where regular customers to be able to see products with their retail price, while Wholesale partners to see t...
-
URL based session management does not only have additional security risks compared to cookie based session management, but it can cause also...
-
I have curated the learning pathway for you to learn Machine Learning and Data Science. You can follow the Google Classroom paths below: E...
-
Widgets and gadgets are small applications that run on your desktop or in your web browser which enable you to keep track of things like the...
-
When developing a Web application, it's standard practice to create a database structure on which server-side code is placed for the lo...
-
IoT (Internet of Things) : IoT refers to the interconnection of everyday objects, devices, and appliances to the internet, allowing them t...
-
Photo by Acharaporn Kamornboonyarush Let's compare MongoDB and InfluxDB by prov...
-
Abstract: A solar tracking system is a device or mechanism designed to orient solar panels, solar collectors, or other solar energy harvest...
-
pic: microsoft Power BI Overview: Power BI is a business analytics tool by Microsoft that allows you to visualize and share insights from ...
-
Photo by Nana Dua Let first recap what is CPU and GPU. Image courtesy: researchgate Central Processing Unit ...
No comments:
Post a Comment