Having a small problem, I am building a shopping cart and need to some-how dynamically POST to PayPal on the server side. The main reason being I am sick of SPAMMERS harvesting my PayPal email and also do not want the IPN url displayed in any HTML output.
Can't use the IPN URL in my PayPal account as I have numerous sites that all use different IPN scripts.
I can do this via fsockopen, the problem is that the payment page for PayPal is displayed on my server when echoing the output from fgets. I need the script to be able to re-direct the client to PayPal's page:
Here is what I have:
$post_vars = "The data to be posted..........";
$headers .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$headers .= "Content-Type: application/x-www-form-urlencoded\r\n";
$headers .= "Content-Length: " . strlen($post_vars) . "\r\n";
$headers .= "Connection: close\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
echo("ERROR: " . $errstr);
fputs ($fp, $headers . $post_vars);
$lines .= fgets($fp, 1024);
Instead of echoing $lines, I some-how need to redirect the client to https://www.paypal.com/cgi-bin/webscr so that it shows the PayPal URL in their address bar, not my checkout script on my server.
Yes I know about the encryption option in PayPal, however, as I am using a shopping cart, the form variables are changed dependant on the client's request (i.e. one client may want to buy 2 books and a magazine, another customer may want to buy 10 books, 5 DVDs and 3 music CDs).
It is a little difficult to configure an encrypted link for every option that a customer may require.
Also from what I see in PayPal, there does not seem to be an option to encrypt the "sensitive data" and leave the data that needs be changed as per the client's request (item_name, item_numer, quantity, cost, etc.. etc...).