Подключение моего сайта с Paypal

Я пытаюсь подключить свой веб-сайт к PayPal. Я передал общую сумму, которая установила его в сеансе, и при запуске setexpresscheckout.php я получаю эту ошибку

'SetExpressCheckout API call failed. Detailed Error Message: Security header is not validShort Error Message: Security errorError Code: 10002Error Severity Code: Error'

Как я могу решить эту проблему

Это PayPal Expresscheckout.php

<?php
$order_price='';
if(isset($_POST['order_price'])){
$order_price= $_POST['order_price'];
}
?>
<?php

require_once ("paypalfunctions.php");

// ==================================
// PayPal Express Checkout Module
// ==================================

//'------------------------------------
//' The paymentAmount is the total value of
//' the shopping cart, that was set
//' earlier in a session variable
//' by the shopping cart page
//'------------------------------------
$paymentAmount = $order_price;

//'------------------------------------
//' The currencyCodeType and paymentType
//' are set to the selections made on the Integration Assistant
//'------------------------------------
$currencyCodeType = "USD";
$paymentType = "Sale";

//'------------------------------------
//' The returnURL is the location where buyers return to when a
//' payment has been succesfully authorized.
//'
//' This is set to the value entered on the Integration Assistant
//'------------------------------------
$returnURL = "http://localhost/culdesign.preview/PayOrder.php";

//'------------------------------------
//' The cancelURL is the location buyers are sent to when they hit the
//' cancel button during authorization of payment during the PayPal flow
//'
//' This is set to the value entered on the Integration Assistant
//'------------------------------------
$cancelURL = "http://localhost/culdesign.preview/PlaceAnOrder.php";

//'------------------------------------
//' Calls the SetExpressCheckout API call
//'
//' The CallShortcutExpressCheckout function is defined in the file PayPalFunctions.php,
//' it is included at the top of this file.
//'-------------------------------------------------
$resArray = CallShortcutExpressCheckout ($paymentAmount, $currencyCodeType, $paymentType, $returnURL, $cancelURL);
$ack = strtoupper($resArray["ACK"]);
if($ack=="SUCCESS" || $ack=="SUCCESSWITHWARNING")
{
RedirectToPayPal ( $resArray["TOKEN"] );
}
else
{
//Display a user friendly Error on the page using any of the following error information returned by PayPal
$ErrorCode = urldecode($resArray["L_ERRORCODE0"]);
$ErrorShortMsg = urldecode($resArray["L_SHORTMESSAGE0"]);
$ErrorLongMsg = urldecode($resArray["L_LONGMESSAGE0"]);
$ErrorSeverityCode = urldecode($resArray["L_SEVERITYCODE0"]);

echo "SetExpressCheckout API call failed. ";
echo "Detailed Error Message: " . $ErrorLongMsg;
echo "Short Error Message: " . $ErrorShortMsg;
echo "Error Code: " . $ErrorCode;
echo "Error Severity Code: " . $ErrorSeverityCode;
}
?>

Код ниже является paypalfunction.php

<?php
/********************************************
PayPal API Module

Defines all the global variables and the wrapper functions
********************************************/
$PROXY_HOST = '127.0.0.1';
$PROXY_PORT = '808';

$SandboxFlag = true;

//'------------------------------------
//' PayPal API Credentials
//' Replace <API_USERNAME> with your API Username
//' Replace <API_PASSWORD> with your API Password
//' Replace <API_SIGNATURE> with your Signature
//'------------------------------------
$API_UserName="<ytech008_api1.gmail.com>";
$API_Password="<WV6C69HAB5844H6S>";
$API_Signature="<AAv5.GyV.pgCRwdV-5hnE5G.F8BwAs81G0tx7YR7-B6ao3PiSeCn-kvN>";

// BN Code  is only applicable for partners
$sBNCode = "PP-ECWizard";/*
' Define the PayPal Redirect URLs.
'   This is the URL that the buyer is first sent to do authorize payment with their paypal account
'   change the URL depending if you are testing on the sandbox or the live PayPal site
'
' For the sandbox, the URL is       https://www.sandbox.paypal.com/webscr&cmd=_express-checkout&token=
' For the live site, the URL is        https://www.paypal.com/webscr&cmd=_express-checkout&token=
*/

if ($SandboxFlag == true)
{
$API_Endpoint = "https://api-3t.sandbox.paypal.com/nvp";
$PAYPAL_URL = "https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=";
}
else
{
$API_Endpoint = "https://api-3t.paypal.com/nvp";
$PAYPAL_URL = "https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=";
}

$USE_PROXY = false;
$version="93";

if (session_id() == "")
session_start();

/* An express checkout transaction starts with a token, that
identifies to PayPal your transaction
In this example, when the script sees a token, the script
knows that the buyer has already authorized payment through
paypal.  If no token was found, the action is to send the buyer
to PayPal to first authorize payment
*/

/*
'-------------------------------------------------------------------------------------------------------------------------------------------
' Purpose:  Prepares the parameters for the SetExpressCheckout API Call.
' Inputs:
'       paymentAmount:      Total value of the shopping cart
'       currencyCodeType:   Currency code value the PayPal API
'       paymentType:        paymentType has to be one of the following values: Sale or Order or Authorization
'       returnURL:          the page where buyers return to after they are done with the payment review on PayPal
'       cancelURL:          the page where buyers return to when they cancel the payment review on PayPal
'--------------------------------------------------------------------------------------------------------------------------------------------
*/
function CallShortcutExpressCheckout( $paymentAmount, $currencyCodeType, $paymentType, $returnURL, $cancelURL)
{
//------------------------------------------------------------------------------------------------------------------------------------
// Construct the parameter string that describes the SetExpressCheckout API call in the shortcut implementation

$nvpstr="&PAYMENTREQUEST_0_AMT=". $paymentAmount;
$nvpstr = $nvpstr . "&PAYMENTREQUEST_0_PAYMENTACTION=" . $paymentType;
$nvpstr = $nvpstr . "&RETURNURL=" . $returnURL;
$nvpstr = $nvpstr . "&CANCELURL=" . $cancelURL;
$nvpstr = $nvpstr . "&PAYMENTREQUEST_0_CURRENCYCODE=" . $currencyCodeType;

$_SESSION["currencyCodeType"] = $currencyCodeType;
$_SESSION["PaymentType"] = $paymentType;

//'---------------------------------------------------------------------------------------------------------------
//' Make the API call to PayPal
//' If the API call succeded, then redirect the buyer to PayPal to begin to authorize payment.
//' If an error occured, show the resulting errors
//'---------------------------------------------------------------------------------------------------------------
$resArray=hash_call("SetExpressCheckout", $nvpstr);
$ack = strtoupper($resArray["ACK"]);
if($ack=="SUCCESS" || $ack=="SUCCESSWITHWARNING")
{
$token = urldecode($resArray["TOKEN"]);
$_SESSION['TOKEN']=$token;
}

return $resArray;
}

/*
'-------------------------------------------------------------------------------------------------------------------------------------------
' Purpose:  Prepares the parameters for the SetExpressCheckout API Call.
' Inputs:
'       paymentAmount:      Total value of the shopping cart
'       currencyCodeType:   Currency code value the PayPal API
'       paymentType:        paymentType has to be one of the following values: Sale or Order or Authorization
'       returnURL:          the page where buyers return to after they are done with the payment review on PayPal
'       cancelURL:          the page where buyers return to when they cancel the payment review on PayPal
'       shipToName:     the Ship to name entered on the merchant's site
'       shipToStreet:       the Ship to Street entered on the merchant's site
'       shipToCity:         the Ship to City entered on the merchant's site
'       shipToState:        the Ship to State entered on the merchant's site
'       shipToCountryCode:  the Code for Ship to Country entered on the merchant's site
'       shipToZip:          the Ship to ZipCode entered on the merchant's site
'       shipToStreet2:      the Ship to Street2 entered on the merchant's site
'       phoneNum:           the phoneNum  entered on the merchant's site
'--------------------------------------------------------------------------------------------------------------------------------------------
*/
function CallMarkExpressCheckout( $paymentAmount, $currencyCodeType, $paymentType, $returnURL,
$cancelURL, $shipToName, $shipToStreet, $shipToCity, $shipToState,
$shipToCountryCode, $shipToZip, $shipToStreet2, $phoneNum
)
{
//------------------------------------------------------------------------------------------------------------------------------------
// Construct the parameter string that describes the SetExpressCheckout API call in the shortcut implementation

$nvpstr="&PAYMENTREQUEST_0_AMT=". $paymentAmount;
$nvpstr = $nvpstr . "&PAYMENTREQUEST_0_PAYMENTACTION=" . $paymentType;
$nvpstr = $nvpstr . "&RETURNURL=" . $returnURL;
$nvpstr = $nvpstr . "&CANCELURL=" . $cancelURL;
$nvpstr = $nvpstr . "&PAYMENTREQUEST_0_CURRENCYCODE=" . $currencyCodeType;
$nvpstr = $nvpstr . "&ADDROVERRIDE=1";
$nvpstr = $nvpstr . "&PAYMENTREQUEST_0_SHIPTONAME=" . $shipToName;
$nvpstr = $nvpstr . "&PAYMENTREQUEST_0_SHIPTOSTREET=" . $shipToStreet;
$nvpstr = $nvpstr . "&PAYMENTREQUEST_0_SHIPTOSTREET2=" . $shipToStreet2;
$nvpstr = $nvpstr . "&PAYMENTREQUEST_0_SHIPTOCITY=" . $shipToCity;
$nvpstr = $nvpstr . "&PAYMENTREQUEST_0_SHIPTOSTATE=" . $shipToState;
$nvpstr = $nvpstr . "&PAYMENTREQUEST_0_SHIPTOCOUNTRYCODE=" . $shipToCountryCode;
$nvpstr = $nvpstr . "&PAYMENTREQUEST_0_SHIPTOZIP=" . $shipToZip;
$nvpstr = $nvpstr . "&PAYMENTREQUEST_0_SHIPTOPHONENUM=" . $phoneNum;

$_SESSION["currencyCodeType"] = $currencyCodeType;
$_SESSION["PaymentType"] = $paymentType;

//'---------------------------------------------------------------------------------------------------------------
//' Make the API call to PayPal
//' If the API call succeded, then redirect the buyer to PayPal to begin to authorize payment.
//' If an error occured, show the resulting errors
//'---------------------------------------------------------------------------------------------------------------
$resArray=hash_call("SetExpressCheckout", $nvpstr);
$ack = strtoupper($resArray["ACK"]);
if($ack=="SUCCESS" || $ack=="SUCCESSWITHWARNING")
{
$token = urldecode($resArray["TOKEN"]);
$_SESSION['TOKEN']=$token;
}

return $resArray;
}

/*
'-------------------------------------------------------------------------------------------
' Purpose:  Prepares the parameters for the GetExpressCheckoutDetails API Call.
'
' Inputs:
'       None
' Returns:
'       The NVP Collection object of the GetExpressCheckoutDetails Call Response.
'-------------------------------------------------------------------------------------------
*/
function GetShippingDetails( $token )
{
//'--------------------------------------------------------------
//' At this point, the buyer has completed authorizing the payment
//' at PayPal.  The function will call PayPal to obtain the details
//' of the authorization, incuding any shipping information of the
//' buyer.  Remember, the authorization is not a completed transaction
//' at this state - the buyer still needs an additional step to finalize
//' the transaction
//'--------------------------------------------------------------

//'---------------------------------------------------------------------------
//' Build a second API request to PayPal, using the token as the
//'  ID to get the details on the payment authorization
//'---------------------------------------------------------------------------
$nvpstr="&TOKEN=" . $token;

//'---------------------------------------------------------------------------
//' Make the API call and store the results in an array.
//' If the call was a success, show the authorization details, and provide
//'     an action to complete the payment.
//' If failed, show the error
//'---------------------------------------------------------------------------
$resArray=hash_call("GetExpressCheckoutDetails",$nvpstr);
$ack = strtoupper($resArray["ACK"]);
if($ack == "SUCCESS" || $ack=="SUCCESSWITHWARNING")
{
$_SESSION['payer_id'] = $resArray['PAYERID'];
}
return $resArray;
}

/*
'-------------------------------------------------------------------------------------------------------------------------------------------
' Purpose:  Prepares the parameters for the GetExpressCheckoutDetails API Call.
'
' Inputs:
'       sBNCode:    The BN code used by PayPal to track the transactions from a given shopping cart.
' Returns:
'       The NVP Collection object of the GetExpressCheckoutDetails Call Response.
'--------------------------------------------------------------------------------------------------------------------------------------------
*/
function ConfirmPayment( $FinalPaymentAmt )
{
/* Gather the information to make the final call to
finalize the PayPal payment.  The variable nvpstr
holds the name value pairs
*///Format the other parameters that were stored in the session from the previous calls
$token              = urlencode($_SESSION['TOKEN']);
$paymentType        = urlencode($_SESSION['PaymentType']);
$currencyCodeType   = urlencode($_SESSION['currencyCodeType']);
$payerID            = urlencode($_SESSION['payer_id']);

$serverName         = urlencode($_SERVER['SERVER_NAME']);

$nvpstr  = '&TOKEN=' . $token . '&PAYERID=' . $payerID . '&PAYMENTREQUEST_0_PAYMENTACTION=' . $paymentType . '&PAYMENTREQUEST_0_AMT=' . $FinalPaymentAmt;
$nvpstr .= '&PAYMENTREQUEST_0_CURRENCYCODE=' . $currencyCodeType . '&IPADDRESS=' . $serverName;

/* Make the call to PayPal to finalize payment
If an error occured, show the resulting errors
*/
$resArray=hash_call("DoExpressCheckoutPayment",$nvpstr);

/* Display the API response back to the browser.
If the response from PayPal was a success, display the response parameters'
If the response was an error, display the errors received using APIError.php.
*/
$ack = strtoupper($resArray["ACK"]);

return $resArray;
}

/*
'-------------------------------------------------------------------------------------------------------------------------------------------
' Purpose:  This function makes a DoDirectPayment API call
'
' Inputs:
'       paymentType:        paymentType has to be one of the following values: Sale or Order or Authorization
'       paymentAmount:      total value of the shopping cart
'       currencyCode:       currency code value the PayPal API
'       firstName:          first name as it appears on credit card
'       lastName:           last name as it appears on credit card
'       street:             buyer's street address line as it appears on credit card
'       city:               buyer's city
'       state:              buyer's state
'       countryCode:        buyer's country code
'       zip:                buyer's zip
'       creditCardType:     buyer's credit card type (i.e. Visa, MasterCard ... )
'       creditCardNumber:   buyers credit card number without any spaces, dashes or any other characters
'       expDate:            credit card expiration date
'       cvv2:               Card Verification Value
'
'-------------------------------------------------------------------------------------------
'
' Returns:
'       The NVP Collection object of the DoDirectPayment Call Response.
'--------------------------------------------------------------------------------------------------------------------------------------------
*/function DirectPayment( $paymentType, $paymentAmount, $creditCardType, $creditCardNumber,
$expDate, $cvv2, $firstName, $lastName, $street, $city, $state, $zip,
$countryCode, $currencyCode )
{
//Construct the parameter string that describes DoDirectPayment
$nvpstr = "&AMT=" . $paymentAmount;
$nvpstr = $nvpstr . "&CURRENCYCODE=" . $currencyCode;
$nvpstr = $nvpstr . "&PAYMENTACTION=" . $paymentType;
$nvpstr = $nvpstr . "&CREDITCARDTYPE=" . $creditCardType;
$nvpstr = $nvpstr . "&ACCT=" . $creditCardNumber;
$nvpstr = $nvpstr . "&EXPDATE=" . $expDate;
$nvpstr = $nvpstr . "&CVV2=" . $cvv2;
$nvpstr = $nvpstr . "&FIRSTNAME=" . $firstName;
$nvpstr = $nvpstr . "&LASTNAME=" . $lastName;
$nvpstr = $nvpstr . "&STREET=" . $street;
$nvpstr = $nvpstr . "&CITY=" . $city;
$nvpstr = $nvpstr . "&STATE=" . $state;
$nvpstr = $nvpstr . "&COUNTRYCODE=" . $countryCode;
$nvpstr = $nvpstr . "&IPADDRESS=" . $_SERVER['REMOTE_ADDR'];

$resArray=hash_call("DoDirectPayment", $nvpstr);

return $resArray;
}/**
'-------------------------------------------------------------------------------------------------------------------------------------------
* hash_call: Function to perform the API call to PayPal using API signature
* @methodName is name of API  method.
* @nvpStr is nvp string.
* returns an associtive array containing the response from the server.
'-------------------------------------------------------------------------------------------------------------------------------------------
*/
function hash_call($methodName,$nvpStr)
{
//declaring of global variables
global $API_Endpoint, $version, $API_UserName, $API_Password, $API_Signature;
global $USE_PROXY, $PROXY_HOST, $PROXY_PORT;
global $gv_ApiErrorURL;
global $sBNCode;

//setting the curl parameters.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$API_Endpoint);
curl_setopt($ch, CURLOPT_VERBOSE, 1);

//turning off the server and peer verification(TrustManager Concept).
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);

curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST, 1);

//if USE_PROXY constant set to TRUE in Constants.php, then only proxy will be enabled.
//Set proxy name to PROXY_HOST and port number to PROXY_PORT in constants.php
if($USE_PROXY)
curl_setopt ($ch, CURLOPT_PROXY, $PROXY_HOST. ":" . $PROXY_PORT);

//NVPRequest for submitting to server
$nvpreq="METHOD=" . urlencode($methodName) . "&VERSION=" . urlencode($version) . "&PWD=" . urlencode($API_Password) . "&USER=" . urlencode($API_UserName) . "&SIGNATURE=" . urlencode($API_Signature) . $nvpStr . "&BUTTONSOURCE=" . urlencode($sBNCode);

//setting the nvpreq as POST FIELD to curl
curl_setopt($ch, CURLOPT_POSTFIELDS, $nvpreq);

//getting response from server
$response = curl_exec($ch);

//convrting NVPResponse to an Associative Array
$nvpResArray=deformatNVP($response);
$nvpReqArray=deformatNVP($nvpreq);
$_SESSION['nvpReqArray']=$nvpReqArray;

if (curl_errno($ch))
{
// moving to display page to display curl errors
$_SESSION['curl_error_no']=curl_errno($ch) ;
$_SESSION['curl_error_msg']=curl_error($ch);

//Execute the Error handling module to display errors.
}
else
{
//closing the curl
curl_close($ch);
}

return $nvpResArray;
}

/*'----------------------------------------------------------------------------------
Purpose: Redirects to PayPal.com site.
Inputs:  NVP string.
Returns:
----------------------------------------------------------------------------------
*/
function RedirectToPayPal ( $token )
{
global $PAYPAL_URL;

// Redirect to paypal.com here
$payPalURL = $PAYPAL_URL . $token;
header("Location: ".$payPalURL);
exit;
}/*'----------------------------------------------------------------------------------
* This function will take NVPString and convert it to an Associative Array and it will decode the response.
* It is usefull to search for a particular key and displaying arrays.
* @nvpstr is NVPString.
* @nvpArray is Associative Array.
----------------------------------------------------------------------------------
*/
function deformatNVP($nvpstr)
{
$intial=0;
$nvpArray = array();

while(strlen($nvpstr))
{
//postion of Key
$keypos= strpos($nvpstr,'=');
//position of value
$valuepos = strpos($nvpstr,'&') ? strpos($nvpstr,'&'): strlen($nvpstr);

/*getting the Key and Value values and storing in a Associative Array*/
$keyval=substr($nvpstr,$intial,$keypos);
$valval=substr($nvpstr,$keypos+1,$valuepos-$keypos-1);
//decoding the respose
$nvpArray[urldecode($keyval)] =urldecode( $valval);
$nvpstr=substr($nvpstr,$valuepos+1,strlen($nvpstr));
}
return $nvpArray;
}

?>

-2

Решение

Заголовок безопасности означает, что ваши учетные данные API неверны. Вам необходимо дважды проверить свои учетные данные и убедиться, что вы не отправляете действительные учетные данные на сервер песочницы или в visa-verse. Каждый из них будет иметь отдельные наборы учетных данных API.

0

Другие решения

Вы делаете это неправильно в paypalfunction.php. Нет необходимости <> введите свои учетные данные в «», как показано ниже.

$API_UserName="data_api1.website.domain";
$API_Password="YOURAPIPASSWORD";
$API_Signature="NeV3r.g1Ve.AwAaAY-YOUUUR.DATA-OF-SUCHTYPE-inToPublic-Forums";
0

По вопросам рекламы [email protected]