Donations / Paypal IPN Integration

Well, after searching and searching for a donation system that works, I've come to the realization that although there are a few good contribution / donation hacks out there, none of them are compatible with Paypal's IPN feature. That being the case I went experimenting, and got the IPN to work properly with VB.

So now I'm dealing with options and features that you all want to see in this type of hack. I am willing to put forth the effort to get this hack to be the best one there is on the market for this. After I get all the coding and stuff done with paypal and the "look & feel" of the hack for the rest of your VB site, I'll work on integrating it with Authorize.net as well. But for now, since the IPN is working, I need your input on what you would like to see included with this hack.

So far, I'm looking at a notification on the memberlist, one in the postbit for members of the top ten donators club, possible rewards for certain levels of donations, the option to show total amount collected, and exactly where the $$$ is going to (this is needed for me personally since my site is not-for-profit, so may be helpful to you as well), with the main donations page showing all the above with an information page for explanations of where the $$$ goes, etc.

The IPN backend is running via Paypal's recommended procedures and should any suspicious activities be seen by either the script or Paypal's server, the script will not add the information into the main database, but into a separate table for further investigation by the admin.

One thing that I am missing that I need help on is verifying Paypal's Verisign Digital Signature, When it comes to that, I'm dumber than Jim Carrey on LSD. If I could get help on that one, we will all be appreciative as this will increase the security of the system.

Please, let me know your ideas for this hack, and I will get them on my "ToDo" list. Please be understanding and patient though, as I am about to have a second child born into the world within the next few weeks, so may drop off working on this one for abit, but I will continue to code for it during my free time.

Until then, Enjoy!

)O( Cloudrunner )O(

[Cloudrunner]

Update:

Okay, working on the main page for this little integration a bit at a time.

I've attached a small initial screen for the page to give a basic idea of where I'm going with this.

Today I finished the dynamic donation buttons, so you can make an unlimited number of different donation level buttons. Later I'll be adding "prizes" per donation level button chosen. There is also a button there to allow your users to choose the amount they wish to contribute to you.

I'll start working on the member's integration portion of this over the next week or so (provided that my wife does not give birth during this time, if that occurs, of course, then it'll be abit longer).

I'm still looking for assistance in the verisign digital check portion of this whole thing. If you have the time and know how this would work, please contact me.

Enjoy!

)O( Cloudrunner )O(

[Cloudrunner]

Button Clicked with a set amount:

[Cloudrunner]

Button clicked without a set amount:

[kaotic]

I might just start drooling over my keyboard if I don't install this soon! Lookin' good!

[noppid]

Maybe this can help...
http://www.perl-studio.com/php/paypal/

[kaotic]

That one looks a bit more complicated than what I would've hoped for. I'll wait for Cloudrunner's version before I try that one.

[noppid]

That was a suggestion for him to see example code on the digital signature, not a suggestion for an alternative.

[Cloudrunner]

Not only that, but the information there is misleading, as one doesn't really need to use an ssl socket to connect to paypal, as there is no financial information (i.e. credit cards, bank accounts, etc) being passed during the IPN exchange. Therefore, since vBulletin uses PHP, using a perl script to integrate would be alot more code involved to get perl to talk to the vb php backend properly.

That, and that script doesn't help me in the versign signature authentication, and that's the #1 thing I'm worried about right now, because I can "spoof" the script with a proxied form using the right variables (i.e. it will accept the variables and such, but when talking to paypal for verification of the data, paypal will always send an INVALID string since it did not initiate the call.) With the verification of paypal's verisign sig, I wouldn't be able to do that.

Thanks for the help though

)O( Cloudrunner )O(

[Cloudrunner]

ah crap!

I just realized that to verify paypal's digital server ID, one MUST be using SSL transport. CRAP!

PHP will not transport via SSL, well let's find another way to verify proper server access....is there a better way than using $_SERVER['HTTP_REFERER']?