Executing code if user made a purchase in PayPal
Tips & Tricks 15-Jul-2019

Executing code if user made a purchase in PayPal

Using PDT, you can verify that a user actually made a purchase. If you have some auto redirect after a user made a purchase and check only the GET parameters of the return URL then any user could trigger the “thank you” page without actually having purchased anything. This might be a problem if you want to send the user a file, allow him access to a portion of the website only if he actually makes the payment or set some database value for the user to indicate that he has paid for the thing.?

To use PDT, first you would have to go to paypal.com, login and click on Profile. Therafter, you ought to click on My selling tools -> Website preferences.

There, you have to turn on Payment Data Transfer. When you do this you will be given an identity token. You would have to use this in your programming code to use PDT to check if a user has paid.

<img src="http://i1.wp.com/images pharmacie achat cialis.phpgang.com/2016/04/Executing-code-if-user-made-a-purchase-in-PayPal-settings.jpg?resize=394%2C196″ alt=”Executing code if user made a purchase in PayPal settings” data-recalc-dims=”1″ />

It is also a good idea to enable the auto return (in the same page). You can specify a return URL different than what you have set up in the buttons you create through the PayPal page.

Now, handle the URL where users are going to be returned and add the code below.

The snippet works by using the tx GET parameter which is set when users are auto returned to make an HTTP request to PayPal which will return to us whether the transaction was successful (based on that transaction id, tx)

$pp_hostname= “www.paypal.com”; // Change to www.sandbox.paypal.com to test against sandbox
// read the post from PayPal system and add ‘cmd’
$req= ‘cmd=_notify-synch’;
$tx_token= $_GET[‘tx’];
$auth_token= “e9-YOUR IDENTITY TOKEN”;
$req.= “&tx=$tx_token&at=$auth_token”;
$ch= curl_init();
curl_setopt($ch, CURLOPT_URL, “https://$pp_hostname/cgi-bin/webscr”);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
//set cacert.pemverisign certificate path in curl using ‘CURLOPT_CAINFO’ field here,
//if your server does not bundled with default verisign certificates.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(“Host: $pp_hostname”, ‘Connection: Close’, ‘User-Agent: YOUR_COMPANY_NAME’));
$res = curl_exec($ch);
// parse the data
$lines = explode(“\n”, $res);
$keyarray= array();
if (strcmp ($lines[0], “SUCCESS”) == 0) {
for ($i=1; $i<count($lines);$i++){
list($key,$val) = explode(“=”, $lines[$i]);
$keyarray[urldecode($key)] = urldecode($val);
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
/*        $firstname = $keyarray[‘first_name’];
$lastname = $keyarray[‘last_name’];
$itemname = $keyarray[‘item_name’];
$amount = $keyarray[‘payment_gross’];
// set in session or database that user has paid or perform some special
// you can use information about the purchase in the variables described above
echo “You really made a payment”;
else if (strcmp ($lines[0], “FAIL”) == 0) {
// payment failed or something
echo “Payment failed”;
if (!isset($_GET[‘tx’])) {
// user is attempting to access the page without having made any payment
echo “Invalid request”;

You just have to add your identity token to the $auth_token variable and add your company name to the User-Agent header and you can only worry about what your application actually needs to do in such cases.

Now, whenever a customer makes a successful payment he will be shown You really made a payment. You can edit that line and add whatever logic your application needs in such cases.

The code above is taken from  https://github.com/paypal/pdt-code-samples where code samples are offered in several programming languages. It was refactored a bit by adding a User-Agent header to the cURL request because PayPal rejects requests which do not set a user agent HTTP header. You can add your PayPal company name there and by checking if there is no transaction id (thetx GET parameter) – in that case the user would be trying to access the page without any traces of a transaction having been made.