加密动态“添加到购物车”的问题带有 php 的 paypal 按钮

发布于 2024-11-08 21:59:21 字数 5572 浏览 0 评论 0原文

我在 php 中构建了一个集成 paypal 和 wordpress 的简单支付系统基本上，我构建了一个列表，其中每个列表项从 wordress 中的特定页面（每个产品的页面）检索元数据，并使用此数据动态构建“添加到购物车”贝宝按钮。这很好用！但.. 然后出于显而易见的原因，我尝试加密“添加到购物车”按钮。我发现一个 php 程序应该可以做到这一点（从我在不同的互联网论坛中看到的情况来看 - 大多数时候都兑现了这一承诺），并且我认为我遵循了带有证书的所有 paypal 说明（私人、公共、paypal 等） ..）

虽然我没有从 html 页面收到任何错误 - 当我按下“添加到购物车”按钮时，我收到一个 paypal 错误：“我们检测到此购物车有问题。如果问题仍然存在，请联系商家”。但我不知道为什么以及我做错了什么。

我有一个 paypal 商家帐户。

为了消除不必要的混乱和噪音，我构建了一个包含静态数据的测试页面，以检查按钮是否正常工作，这里是：很高兴获得任何帮助

基本测试页面：

<?php
include_once "testfunctions.php";
//inserting some test data
$themetacost='100';
$themetaname="testbook";
$themetashipping='20';
//building the paypal button
$line='';
$line.='<form target="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank" id="payform" >
            <input type="hidden" name="cmd" value="_cart">
                        <input type="hidden" name="encrypted" value="';
$line.= buildbutton($themetacost,$themetaname,$themetashipping);
$line.='">';
$line.='<input type="image" src="https://www.paypalobjects.com/WEBSCR-640-20110429-1/he_IL/i/btn/btn_cart_SM.gif" border="0" name="submit" alt="PayPal - הדרך הקלה והבטוחה לשלם באופן מקוון!">
                <img alt="" border="0" src="https://www.paypalobjects.com/WEBSCR-640-20110429-1/he_IL/i/scr/pixel.gif" width="1" height="1">
                </form><br/>';
echo $line;

?>

php buildbutton 和加密功能：

<?php
function buildbutton($amount,$bname,$shipping) {
//Sample PayPal Button Encryption: Copyright 2006-2010 StellarWebSolutions.com
//Not for resale  - license agreement at
//http://www.stellarwebsolutions.com/en/eula.php
//Updated: 2010 02 01



$form = array('cmd' => '_cart',
        'business' => '[email protected]', // changed from the original
        'cert_id' => 'XXXXXXXXXXX',// changed from the original
    'shipping' => $shipping,
        //'invoice' => '', //check what this is
        'currency_code' => 'ILS',
        //'no_shipping' => '0', //refers to shipping address
        'add'=>'1',
    'item_name' => $bname,
    'amount' => $amount
    );


    $encrypted = paypal_encrypt($form); 

return $encrypted;
}
function paypal_encrypt($hash)
{
    //Sample PayPal Button Encryption: Copyright 2006-2010 StellarWebSolutions.com
    //Not for resale - license agreement at
    //http://www.stellarwebsolutions.com/en/eula.php
    # private key file to use //

$MY_KEY_FILE = "/home/paypal/my-prvkey.pem";
# public certificate file to use
$MY_CERT_FILE = "/home/paypal/my-prvkey.pem";// 

# Paypal's public certificate
$PAYPAL_CERT_FILE = "/home/paypal/paypal_cert.pem";

# path to the openssl binary
$OPENSSL = "/usr/bin/openssl";

    if (!file_exists($MY_KEY_FILE)) {
        echo "ERROR: MY_KEY_FILE $MY_KEY_FILE not found\n";
    }
    if (!file_exists($MY_CERT_FILE)) {
        echo "ERROR: MY_CERT_FILE $MY_CERT_FILE not found\n";
    }
    if (!file_exists($PAYPAL_CERT_FILE)) {
        echo "ERROR: PAYPAL_CERT_FILE $PAYPAL_CERT_FILE not found\n";
    }
        if (!file_exists($OPENSSL)){
                echo "error with openssl $OPENSSL not found \n";
        }


    //Assign Build Notation for PayPal Support
    //$hash['bn']= 'StellarWebSolutions.PHP_EWP2'; //this is not needed cause i dont have a ewp

    $data = "";
    foreach ($hash as $key => $value) {
        if ($value != "") {
            //echo "Adding to blob: $key=$value\n";
            $data .= "$key=$value\n";
        }
    }

    $openssl_cmd = "($OPENSSL smime -sign -signer $MY_CERT_FILE -inkey $MY_KEY_FILE " .
                        "-outform der -nodetach -binary <<_EOF_\n$data\n_EOF_\n) | " .
                        "$OPENSSL smime -encrypt -des3 -binary -outform pem $PAYPAL_CERT_FILE";

    exec($openssl_cmd, $output, $error);

    if (!$error) {
        return implode("\n",$output);
    } else {
        return "ERROR: encryption failed";
    }
}

?>

我尝试更改变量到数字来检查问题是否存在但没有帮助。

这就是加密的测试页面源代码的样子：

action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank" id="payform" >

            <input type="hidden" name="cmd" value="_cart">

                        <input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----
MIIBdwYJKoZIhvcNAQcDoIIBaDCCAWQCAQAxggEwMIIBLAIBADCBlDCBjjELMAkG
A1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
EgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UE
AxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJ
KoZIhvcNAQEBBQAEgYAiFKR0WuQJcr6cQZvDCptQeDNyfipH9pDy1Q58C+ITCZWY
XRkkUOvvL3jniO1GUxsY2JleGAdZWSV1qgnO3uNjj0V3Z0AxbrAiuA0lLd8pscBT
MM+9+1RwjTOUVtOi3PASy1TC4hk6Wq01KUk1DCpbqMtqBZ6sWb5jHRxWqbL08zAr
BgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECClgCVLJPeXAgAgr8wXDhqI+og==
-----END PKCS7-----"><input type="image" src="https://www.paypalobjects.com/WEBSCR-640-20110429-1/he_IL/i/btn/btn_cart_SM.gif" border="0" name="submit" alt="PayPal - äãøê ä÷ìä åäáèåçä ìùìí áàåôï î÷ååï!">

                <img alt="" border="0" src="https://www.paypalobjects.com/WEBSCR-640-20110429-1/he_IL/i/scr/pixel.gif" width="1" height="1">

                </form><br/>

编辑：将 html 表单（不是！php 加密函数）从“_cart”更改为“_s-xclick”后，我收到不同的错误：

企业的电子邮件地址不存在于加密的 blob 中。请联系您的商家。

根据各种贝宝论坛的更多建议，我还尝试更新证书和密钥（所有三个..）。根本没有帮助！

原文

I Built a simple payment system integrating paypal with wordpress in php
basically I build a list where each list item retrieves metadata from a specific page in wordress (a page for every product) and with this data build dynamically an "add to cart" paypal button. this worked fine! but..
Then I tried to encrypt the "add to cart" button for obvious reasons. I found a php program thats supposed to do that (and from what I see in different internet forums - most of the time delivers to this promise) , and I think I followed all of paypal instructions with the certificate (private, public, paypals etc..)

While I don't get any error from the html page - when I push the add to cart button I get a paypal error: "We have detected a problem with this shopping cart. If the problem persists, please contact the merchant." but I don't have any details why and what I'm doing wrong..

I have a merchant account with paypal.

In order to remove unnecessary clutter and noise I built a test page with static data to check if the button works right and here it is: glad for any help

the basic test page:

<?php
include_once "testfunctions.php";
//inserting some test data
$themetacost='100';
$themetaname="testbook";
$themetashipping='20';
//building the paypal button
$line='';
$line.='<form target="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank" id="payform" >
            <input type="hidden" name="cmd" value="_cart">
                        <input type="hidden" name="encrypted" value="';
$line.= buildbutton($themetacost,$themetaname,$themetashipping);
$line.='">';
$line.='<input type="image" src="https://www.paypalobjects.com/WEBSCR-640-20110429-1/he_IL/i/btn/btn_cart_SM.gif" border="0" name="submit" alt="PayPal - הדרך הקלה והבטוחה לשלם באופן מקוון!">
                <img alt="" border="0" src="https://www.paypalobjects.com/WEBSCR-640-20110429-1/he_IL/i/scr/pixel.gif" width="1" height="1">
                </form><br/>';
echo $line;

?>

the php buildbutton and encrypting functions:

<?php
function buildbutton($amount,$bname,$shipping) {
//Sample PayPal Button Encryption: Copyright 2006-2010 StellarWebSolutions.com
//Not for resale  - license agreement at
//http://www.stellarwebsolutions.com/en/eula.php
//Updated: 2010 02 01



$form = array('cmd' => '_cart',
        'business' => '[email protected]', // changed from the original
        'cert_id' => 'XXXXXXXXXXX',// changed from the original
    'shipping' => $shipping,
        //'invoice' => '', //check what this is
        'currency_code' => 'ILS',
        //'no_shipping' => '0', //refers to shipping address
        'add'=>'1',
    'item_name' => $bname,
    'amount' => $amount
    );


    $encrypted = paypal_encrypt($form); 

return $encrypted;
}
function paypal_encrypt($hash)
{
    //Sample PayPal Button Encryption: Copyright 2006-2010 StellarWebSolutions.com
    //Not for resale - license agreement at
    //http://www.stellarwebsolutions.com/en/eula.php
    # private key file to use //

$MY_KEY_FILE = "/home/paypal/my-prvkey.pem";
# public certificate file to use
$MY_CERT_FILE = "/home/paypal/my-prvkey.pem";// 

# Paypal's public certificate
$PAYPAL_CERT_FILE = "/home/paypal/paypal_cert.pem";

# path to the openssl binary
$OPENSSL = "/usr/bin/openssl";

    if (!file_exists($MY_KEY_FILE)) {
        echo "ERROR: MY_KEY_FILE $MY_KEY_FILE not found\n";
    }
    if (!file_exists($MY_CERT_FILE)) {
        echo "ERROR: MY_CERT_FILE $MY_CERT_FILE not found\n";
    }
    if (!file_exists($PAYPAL_CERT_FILE)) {
        echo "ERROR: PAYPAL_CERT_FILE $PAYPAL_CERT_FILE not found\n";
    }
        if (!file_exists($OPENSSL)){
                echo "error with openssl $OPENSSL not found \n";
        }


    //Assign Build Notation for PayPal Support
    //$hash['bn']= 'StellarWebSolutions.PHP_EWP2'; //this is not needed cause i dont have a ewp

    $data = "";
    foreach ($hash as $key => $value) {
        if ($value != "") {
            //echo "Adding to blob: $key=$value\n";
            $data .= "$key=$value\n";
        }
    }

    $openssl_cmd = "($OPENSSL smime -sign -signer $MY_CERT_FILE -inkey $MY_KEY_FILE " .
                        "-outform der -nodetach -binary <<_EOF_\n$data\n_EOF_\n) | " .
                        "$OPENSSL smime -encrypt -des3 -binary -outform pem $PAYPAL_CERT_FILE";

    exec($openssl_cmd, $output, $error);

    if (!$error) {
        return implode("\n",$output);
    } else {
        return "ERROR: encryption failed";
    }
}

?>

I tried to change the variables to numbers to check if the problem is there that didn't help.

and this is how the encrypted test page source looks like:

action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank" id="payform" >

            <input type="hidden" name="cmd" value="_cart">

                        <input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----
MIIBdwYJKoZIhvcNAQcDoIIBaDCCAWQCAQAxggEwMIIBLAIBADCBlDCBjjELMAkG
A1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
EgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UE
AxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJ
KoZIhvcNAQEBBQAEgYAiFKR0WuQJcr6cQZvDCptQeDNyfipH9pDy1Q58C+ITCZWY
XRkkUOvvL3jniO1GUxsY2JleGAdZWSV1qgnO3uNjj0V3Z0AxbrAiuA0lLd8pscBT
MM+9+1RwjTOUVtOi3PASy1TC4hk6Wq01KUk1DCpbqMtqBZ6sWb5jHRxWqbL08zAr
BgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECClgCVLJPeXAgAgr8wXDhqI+og==
-----END PKCS7-----"><input type="image" src="https://www.paypalobjects.com/WEBSCR-640-20110429-1/he_IL/i/btn/btn_cart_SM.gif" border="0" name="submit" alt="PayPal - äãøê ä÷ìä åäáèåçä ìùìí áàåôï î÷ååï!">

                <img alt="" border="0" src="https://www.paypalobjects.com/WEBSCR-640-20110429-1/he_IL/i/scr/pixel.gif" width="1" height="1">

                </form><br/>

edit:after changing in the html form (not! the php encrypt function) from '_cart' to '_s-xclick' I get a different error:

The email address for the business is not present in the encrypted blob. Please contact your merchant.

following more advice in various paypal forums I also tried to renew the certificates and keys (all three of them..). didn't help at all!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

街角卖回忆 2024-11-15 21:59:21

我将 cmd 更改为 _s-xclick。所有 PayPal 加密支付均使用此命令。

当我尝试时我得到了
“加密的 blob 中不存在该企业的电子邮件地址。请联系您的商家。”错误。您是否尝试过使用“安全商户 ID”而不是电子邮件？它位于帐户的个人资料中。

我个人建议使用按钮管理器 API，而不是加密按钮。
https://merchant.paypal.com/ us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_ButtonMgrAPIIntro
它的主要优点是您可以调用 API 来检索按钮的内容。加密的 blob 无法真正解密以查看电子邮件是否确实存在。

我希望这有帮助。
洛勒福尔德

回复收藏 0 原文