I wrote a quick tutorial on how you can easily integrate a PayPal cart with GetSimple using the plugins DynPages and I18N Custom Fields (both by mvlcek).
I was working on an e-commerce site, and although I decided to use OpenCart for the website, I was able to figure out this easy integration method (after the fact).
This works great if you are trying to build a website where you may be selling a few products. Of course this is no e-commerce solution! yet it's a simple integration that beats having to go to PayPal.com and creating a button every single time.
Note: Tutorial Document is in PDF format.
Let me know what you guys think. I tried to make it as simple as possible.
In the moment I have no need for a shop so I cannot judge the quality
but if others confirm the quality and functionality of your tutorial, I would suggest that you add it to the wiki.
If you find no category there, we can create a topic
Connie Wrote:In the moment I have no need for a shop so I cannot judge the quality
but if others confirm the quality and functionality of your tutorial, I would suggest that you add it to the wiki.
If you find no category there, we can create a topic
I think it's a starting block. I think if someone knows how to and takes the time, they could probably develop a PayPal plugin for GetSimple. I only covered one of the many PayPal features so there is till a lot of room for building on... but I hope others do.
Oleg06 Wrote:PayPal has finally started to work with Russia, the topic may be relevant for Russian users
Oleg what is the most commonly used payment method in Russia? I have only worked with PayPal so its the only thing I thought to use.
How common is Alert Pay in Russia? I myself have not used AlertPay but am considering it not only for my website but also for e-commerce (opencart/prestashop) for my clients.
Is there any method of adding more than one product before being directed to Paypal's site for checkout?
I have about 15 products across 5 categories that need to be added and I would preferably like to use one page to display all of them or give each category its own page. How do I do it?
jyoz22 Wrote:I have uploaded it to the orignal post here on the forum.
Thanks for that.
Does anyone have any educated thoughts on the real-world risks of using unencrypted form details for Paypal buttons? I know that Paypal advises against it (and prohibits it, if you're a big enough merchant).
andyash Wrote:My custom fields are not visible on the page.
Is there any method of adding more than one product before being directed to Paypal's site for checkout?
I have about 15 products across 5 categories that need to be added and I would preferably like to use one page to display all of them or give each category its own page. How do I do it?
Which version of GS are you using? I tested this on out 3.0. Make sure you have installed all the required plugins. Go to the Plugins tab and make sure that I18N Custom Fields is listed, and "activated."
Is your website currently on the internet? So that I can better understand your problem. Thanks.
EDIT:
Yes, the tutorial is for using PayPal's own shopping cart. The person will add items to the cart. They can add more items and/or checkout.
jyoz22 Wrote:I have uploaded it to the orignal post here on the forum.
Thanks for that.
Does anyone have any educated thoughts on the real-world risks of using unencrypted form details for Paypal buttons? I know that Paypal advises against it (and prohibits it, if you're a big enough merchant).
I'm not sure I understand what you are asking. Everything in the tutorial conforms to PayPal's requirements. It's simply a shortcut. Instead of having to create product buttons for each item individually, you are having GS copy and paste the stuff that remains the same, and modifying the data that is not. Regardless, the output is the same from that which PayPal themselves would give you to use.
PayPal buttons (which are actually form submit buttons) post data to PayPal's encrypted website.
The tutorial I provided simply shows you how to use the Custom Fields plugin as a short code, as opposed to having to add a PayPal button individually for each item and inserting it using the "SOURCE" portion of the HTML Editor.
The cart or purchase information is all conducted on a separate window located directly on PayPal's servers. You would actually be using PayPal's own shopping cart.
All information is encrypted, and nothing actually takes place on your website directly, it takes place on PayPal's cart.
Again, everything is in fact encrypted, and meets PayPal's guidelines and criteria. You can read all the information on how to create PayPal add to cart buttons on PayPal's Developer Central here:
2012-04-16, 02:57:27 (This post was last modified: 2012-04-16, 03:24:06 by dasganze.)
jyoz22 Wrote:I'm not sure I understand what you are asking. Everything in the tutorial conforms to PayPal's requirements.
Yes, I understand that your method dynamically produces the PayPal form, which is indeed one of the methods outlined by PayPal.
The problem (if it is a problem – hence my question) is that all the form data is in the page source code, including the PayPal account holder's email address and the price. PayPal mentions this in the Integration Guide:
Quote:Unprotected and non-encrypted buttons that are not saved in your PayPal account are in plain text in the source view of your webpages. The HTML button code for your payment buttons can be viewed by anyone. A malicious third party could copy a page, change button HTML variables such as price, and make fraudulent payments.
IMPORTANT: Merchants with significant payment volume are required to take precautions on securing PayPal Payment Standard buttons.
They are not specific about 'significant payment volume'.
Using these simple PayPal buttons, nothing is encrypted – the form data is available on the page, and in transmission, in clear text.
The alternatives are to either create the buttons using PayPal's tools (the link that you included in your post) or generate buttons dynamically with encryption. The first is okay for a limited range of products that don't change rapidly. The latter solution requires integrating into the website CMS code. Both of these solutions do indeed encrypt the form data and most of it is contained in a single encrypted blob.
Edit to correct: with a hosted button, just the button ID is passed in the form data. I don't know exactly how the dynamic encrypted buttons are handled (though I'm fairly sure they use an encrypted blob).
I am currently using a long text field in a Special Pages page to store the button code (created on the PayPal site), but the inspiration came from your guide – thanks!
I think I understand you a little bit better now. Yes, the forms are in fact clearly visible in the HTML Source Code. That's why PayPal advises you to review orders before accepting funds (Your PayPal account should be set to Authorization, rather than Sale).
hameau Wrote:The alternatives are to either create the buttons using PayPal's tools (the link that you included in your post) or...
The link I included in my post to create buttons using PayPal produces the same exact output as that which is in the tutorial/guide. PayPal actually gives out the plain HTML code to publish on your site. This information is not encrypted, or encoded -- simply plain HTML.
There is in fact a way of producing buttons that are encoded. However this is not something which can be listed in a tutorial here, as the individual will have to actually "Save" the buttons they create to their PayPal account. (If you see step 8, the html form will not need encoding as the fields for the price, etc., will not be listed (thus they won't be able to be modified).
Unfortunately, the person has to create this themselves in their account.
Either way, the method I employed in the tutorial is the exact method that is given by PayPal's own button generator, as you will see in that link I provided: https://www.paypal.com/us/cgi-bin/webscr..._type=cart
Quote:Unprotected and non-encrypted buttons that are not saved in your PayPal account are in plain text in the source view of your webpages. The HTML button code for your payment buttons can be viewed by anyone. A malicious third party could copy a page, change button HTML variables such as price, and make fraudulent payments.
IMPORTANT: Merchants with significant payment volume are required to take precautions on securing PayPal Payment Standard buttons.
jyoz22 Wrote:Either way, the method I employed in the tutorial is the exact method that is given by PayPal's own button generator ...
Sorry, I didn't mean to sound critical of your tutorial. I agree that you are generating exactly the same code that PayPal would give and that it is perfectly acceptable (given the PP account safeguards that you mention).
What confused me somewhat is that if you go to that PayPal button generator when logged in to a PayPal account (which is what I've always done), then the default is a coded button, stored at PayPal. That's why I have never seen the plain-text version there ...
Anyway, to my original question: provided that the PayPal account holder is diligent in checking orders before accepting the funds, can we presume that any risk is low and controlled? It sounds as if that should be the case. Am I paranoid for no reason? :-o
jyoz22 Wrote:Either way, the method I employed in the tutorial is the exact method that is given by PayPal's own button generator ...
Sorry, I didn't mean to sound critical of your tutorial. I agree that you are generating exactly the same code that PayPal would give and that it is perfectly acceptable (given the PP account safeguards that you mention).
What confused me somewhat is that if you go to that PayPal button generator when logged in to a PayPal account (which is what I've always done), then the default is a coded button, stored at PayPal. That's why I have never seen the plain-text version there ...
Anyway, to my original question: provided that the PayPal account holder is diligent in checking orders before accepting the funds, can we presume that any risk is low and controlled? It sounds as if that should be the case. Am I paranoid for no reason? :-o
No problem. Yes, I used the exact code PayPal provides, when not logged-in; just using the code available in the developer central.
Ummm, to try to answer your question: I would assume that it is very safe, and risk, if any, is very low. I mean if someone sends you money you can always issue a refund. You can also set your account to "Authorization", this means that any money sent to the account is available for you (the PayPal account holder) to "Capture" or Release (reject).
I'm not sure if Authorization mode is available in all countries.
I am new here, but would like to try this, where do I get the .pdf?
(2011-10-29, 19:59:19)jyoz22 Wrote: I wrote a quick tutorial on how you can easily integrate a PayPal cart with GetSimple using the plugins DynPages and I18N Custom Fields (both by mvlcek).
I was working on an e-commerce site, and although I decided to use OpenCart for the website, I was able to figure out this easy integration method (after the fact).
This works great if you are trying to build a website where you may be selling a few products. Of course this is no e-commerce solution! yet it's a simple integration that beats having to go to PayPal.com and creating a button every single time.
Note: Tutorial Document is in PDF format.
Let me know what you guys think. I tried to make it as simple as possible.