PayPal: IPN and PDT working together - Single Item Payment System - NO SHOPPING CART

Question

I use a custom online booking system I made in PHP with a MySQL database . Currently, payments are taken when the client attends their booking face to face in cash and I am now implementing Paypal's IPN and PDT payments setups into the system together for use as a single item payment/"PAY NOW" option system (so no shopping cart) . The price, dates and user information vary only.

After months of research into different debates and security isses, I have come to the conclusion that the best way to use the IPN and PDT systems together is to do it on a first-come-first-serve basis with a script for each. Whether the PDT or the IPN script processes, whichever one is first sends the confirmation email and adds the relevant information to the database. If either the PDT or the IPN processes and finds that the other has already processed, it only updates the database information that is missing as an email will already have been sent by the other script.

The booking system made from scratch has been in use for 2 years without problems but now requires online payments instead.

When a booking is made online, the client enters their details, selects start date, end date, times for their booking and then the information is POSTED (form method POST) to a PHP script. The script verifies, processes and outputs to a confirmation page that the booking was successful as well as emails the client and the admin email address.

THE MYSQL DATABASE IS NOT CURRENTLY USED FOR SAVING BOOKING DETAILS.

I now want to do the payments online with the same structure.

The MySQL database has now been amended and has a new table with all the fields possible back from a call back from either an IPN or PDT reply from Paypal, successful or failed, as well as basic information about a booking.

The problems I have are these:

• The PDT can be faked. How can this be avoided, as if the email from the PDT script is sent, they will have already received confirmation which will cause problems? I could avoid this by only sending emails with the IPN script and telling PDT process to only show the booking information back to the client but state a confirmation email will be sent but sometimes the IPN can take a while and the client needs to be reassured immediately that the booking has been confirmed as the booking could be for a booking within the next 30 minutes.

• I have attempted to create several PDT and IPN scripts based on the examples on the web with Xcommerce Paypal developers website, Paypal, and many others for almost a month and none seem to work correctly. Can anyone please provide a PDT script and a IPN script which both process all variables possible and verify key basic information for the orders such as name, address, zip/post code and price? This would be useful for anyone trying to create a payment process with IPN and PDT for anyone as all anyone would need to do is remove what isn't needed for each script.

Just as a note, each script checks if the other has run by checking a the IPN or the PDT field in an MySQL table has a "1" in it. "0" is the default.

I look forward to peoples replys as I am sure this will help everyone having problems with either systems, no matter how the scripts are used.

Thank you to all in advance.

Please provide a tested MySQL table also, if different from below, for any answers provided to help others reading the answers.

I have created and am using the following table:

CREATE TABLE `bookings` (
`id` int( 11 ) NOT NULL AUTO_INCREMENT ,
`date1` char( 2 ) NOT NULL default '',
`month1` char( 2 ) NOT NULL default '',
`year1` char( 2 ) NOT NULL default '',
`date2` char( 2 ) NOT NULL default '',
`month2` char( 2 ) NOT NULL default '',
`year2` char( 2 ) NOT NULL default '',
`name` text NOT NULL ,
`address` text NOT NULL ,
`zippostcode` text NOT NULL ,
`email` text NOT NULL ,
`price` char( 2 ) NOT NULL default '',
`pdt` varchar( 12 ) NOT NULL default '0',
`ipn` varchar( 12 ) NOT NULL default '0',
`paypalstatus` varchar( 12 ) NOT NULL default '',
`datebooked` varchar( 50 ) NOT NULL default '',
`receiver_email` varchar( 127 ) NOT NULL ,
`payment_status` varchar( 25 ) NOT NULL ,
`pending_reason` varchar( 25 ) NOT NULL ,
`payment_date` varchar( 100 ) NOT NULL ,
`mc_gross` double NOT NULL ,
`mc_fee` double NOT NULL ,
`tax` double NOT NULL ,
`mc_currency` varchar( 10 ) NOT NULL ,
`txn_id` varchar( 25 ) NOT NULL ,
`txn_type` varchar( 25 ) NOT NULL ,
`first_name` varchar( 75 ) NOT NULL ,
`last_name` varchar( 75 ) NOT NULL ,
`address_street` varchar( 200 ) NOT NULL ,
`address_city` varchar( 50 ) NOT NULL ,
`address_state` varchar( 40 ) NOT NULL ,
`address_zip` varchar( 20 ) NOT NULL ,
`address_country` varchar( 64 ) NOT NULL ,
`address_status` varchar( 25 ) NOT NULL ,
`payer_email` varchar( 127 ) NOT NULL ,
`payer_status` varchar( 25 ) NOT NULL ,
`payment_type` varchar( 25 ) NOT NULL ,
`notify_version` varchar( 50 ) NOT NULL ,
`verify_sign` varchar( 255 ) NOT NULL ,
`address_name` varchar( 130 ) NOT NULL ,
`protection_eligibility` varchar( 50 ) NOT NULL ,
`ipn_status` varchar( 25 ) NOT NULL ,
`subscr_id` varchar( 25 ) NOT NULL ,
`reason_code` varchar( 25 ) NOT NULL ,
`contact_phone` varchar( 25 ) NOT NULL ,
`invoice` varchar( 127 ) NOT NULL ,
`for_auction` tinyint( 10 ) NOT NULL ,
`auction_buyer_id` varchar( 75 ) NOT NULL ,
`auction_closing_date` varchar( 100 ) NOT NULL ,
`auction_multi_item` double NOT NULL ,
`address_country_code` varchar( 2 ) NOT NULL ,
`order_id` tinyint( 10 ) NOT NULL ,
`item_name` varchar( 130 ) NOT NULL ,
`item_number` varchar( 130 ) NOT NULL ,
`os0` varchar( 200 ) NOT NULL ,
`on0` varchar( 75 ) NOT NULL ,
`os1` varchar( 200 ) NOT NULL ,
`on1` varchar( 75 ) NOT NULL ,
`quantity` double NOT NULL ,
`custom` varchar( 255 ) NOT NULL ,
`mc_handling` double NOT NULL ,
`mc_shipping` double NOT NULL ,
`creation_timestamp` timestamp NOT NULL ,
PRIMARY KEY ( `id` )
) TYPE = MYISAM AUTO_INCREMENT =1

Answer 1

I found a site. Check out this guy's script:

http://ksquared.de/blog/2011/10/paypal-generic-php-payment-pdtipn-script/