Mike (who tried to help), and anyone else.
Solved the problem. Changes:
Use "cmd=_xclick" in your name value pairs for your text file, which
you will encrypt (not _s-xclick).
But DO use <input type="hidden" name="cmd" value="_s-xclick"> in your
actual form.
That mismatch of information was only found by purchasing an article
written on Nov 8, 2008 by Arman Danesh ($4.00) from Communitymx.com
(located here: http://www.communitymx.com/abstract.cfm?cid=202EF )
I also reissued the private key and cert on my end for good measure
and re-uploaded it to Pay Pal. Downloaded theirs (again), for (again),
good measure. However, I do not believe the certs were the issue. I
reissued them before trying the new code changes. So, I will never know.
Code follows in case someone else wants to use Pay Pal and CF and
dynamically encrypt variable shopping cart and price data on the fly.
(Step omitted - creating a signing key and cert via openssl. Search
google for that, or hit me back when the time arrives that you need to
do it. ) The code is for the Pay Pal issue only and is for a *nix
system with openSSL installed (or windows with openSSL):
<!--- create temp file (empty) --->
<!--- (could use a UUID() here to randomize the file name, but since
it is in a directory not made public, I prefer a clean "makes sense"
approach). --->
<cfset buttonfile = "/websites/tempfiles/
paypal_order_#session.orderID#">
<!--- write temp file with a return after each name value pair --->
<cffile action="write" file="#buttonfile#" output="cert_id=28HGKDTN9SP1F
cmd=_xclick
[email protected]
item_name=My Product or Service
item_number=#session.orderID#
amount=25.00
currency_code=USD
tax=0
no_shipping=1
address1=my street address which matches my private cert
city=my city which matches my private cert
state=my state which matches my private cert
zip=my zip which matches my private cert
country=US
no_note=1
cancel_return=where to take the user if they cancel their payment">
<!--- create signed, binary version of file created above --->
<cfexecute name="/usr/bin/openssl" arguments="smime -sign -in
#buttonfile# -signer /etc/certificates/my-publiccert.pem -inkey /etc/
certificates/my-privatekey.pem -outform der -nodetach -binary -out
#buttonfile#.binary" timeout="3000" variable="encButtonOutput" />
<!--- generate encrypted button --->
<cfexecute name="/usr/bin/openssl" arguments="smime -encrypt -des3 -
binary -in #buttonfile#.binary -outform pem /etc/certificates/
paypal_cert_pem.txt" timeout="3000"
variable="encButton">#encButtonOutput#</cfexecute>
<!--- actual form --->
<div id="paypalform" style="text-align:center;">
<form action="https://www.paypal.com/cgi-bin/webscr"; method="post">
<input type="hidden" name="cmd" value="_s-xclick" />
<input type="hidden" name="encrypted" value="#encButton#" />
<input type="submit" value="Pay $25.00 via PayPal" />
</form>
</div>
<!--- encryption temp file clean up --->
<cffile action="delete" file="#buttonfile#">
<cffile action="delete" file="#buttonfile#.binary">
_____________________
Derrick Peavy
[email protected]
_____________________
On Feb 18, 2009, at 12:13 PM, Mike Staver wrote:
So, you're posting that info back to PayPal - and they have to be
able to
read it to process it, right? Do you set up something with your
account
so they can unencrypt it when it gets posted to their server?
I am trying to integrate PayPal with a CF solution. Pay Pal account
is
a business account, using "Website Payments Standard"
I am not using the PayPal encrypted buttons, but am providing my own
encryption on the fly with OpenSSL and CFEXECUTE due to specific
situation.
I am having one he** of a day trying to make this work. Keep getting
new errors and nothing seems to work. Support from PayPal is
extremely
frustrating.
MY QUESTION IS - Has anyone on the list done this before -
specifically, encrypting your payment buttons on the fly? I have
created the public cert and key and uploaded that to PayPal and
downloaded their cert as well. Code is below, problems are below
that.
Here is the process/code I am using, based upon PayPal's documents
and
other CF examples I could find:
<!--- file name --->
<cfset buttonfile = "/var/tmp/
cc_com_paypal_order_#session.bannerOrderID#">
<!--- create temp file --->
<cffile action="write" file="#buttonfile#"
output="cert_id=DFKJDF97ADFK
cmd=_s-xclick
business=payPalApprovedAccountEmail
item_name=Service Being Sold
item_number=#orderID#
amount=50.00
currency_code=USD
tax=0
no_shipping=1
address1=address as stated in public cert
city=city as stated in public cert
state=state as stated in public cert
zip=zip as stated in public cert
country=US
no_note=1
cancel_return=returnFile.cfm">
<!--- create signed, binary version of file created above --->
<cfexecute name="/usr/bin/openssl" arguments="smime -sign -in
#buttonfile# -signer /etc/certificates/mysite-publiccert.pem -inkey /
etc/certificates/mysite-privatekey.pem -outform der -nodetach -
binary -
out #buttonfile#.binary" timeout="30" variable="encButtonOutput" />
<!--- generate encrypted button from binary --->
<cfexecute name="/usr/bin/openssl" arguments="smime -encrypt -des3 -
binary -in #buttonfile#.binary -outform pem /etc/certificates/
paypal_cert_pem.txt" timeout="30" variable="encButton" />
<!--- actual form --->
<div id="paypalform" style="text-align:center;">
<form action="https://www.paypal.com/cgi-bin/webscr"; method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="encrypted" value="#encButton#">
<input type="submit" value="Pay #dollarFormat(paymentToMake)#
via
PayPal">
</form>
</div>
The problem is that when the transaction is submitted, PayPal gives
different errors, ranging from problems with the email (which PayPal
Customer Service confirmed is correct), to issues with decrypting the
cert. It's nuts. No one error is the same and PayPal will only say
"Gee, we don't know."
_____________________
Derrick Peavy
[email protected]
_____________________
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
