Witango PayPal Integration

paypal.tcf is a Witango class file that supports e-commerce per the PayPal Web Payments Standard Integraton Guide. It is provided free under the LGPL license. For questions, please contact us.

Features

• A single Class File can be used with any number of paypal accounts.
  
• A configuration file allows each object instance to use a different set of keys.
  
• Any arbitrary payload may be encrypted, allowing encrypted payloads for both buttons and carts.
• A parameter allows testing in the Paypal sandbox environment.
  
• Creation of both plaintext and encrypted Buy Now Buttons is supported.

Contents

• LICENSE.txt contains the LGPL license under which this software is released.
• README.html contains this descriptive content
• pp_buttontest.taf is an application file to test the class file
• keystore is a directory containing encryption information. This directory does NOT contain sample keys or certificates. You must generate them yourself.
• TCF is a directory containing the paypal.tcf class file
• TCF_config is a directory containing a configuration file for the paypal.tcf class file. You must edit this file to correspond with your PayPal account settings.

Requirements

The following are required:

• Witango application server version 5
• openssl (for encrypted web payments)

Installation

1. Download and un-zip the package.Read and accept the license included with the package
2. Copy the file TCF/paypal.tcfinto a directory within the Witango Class Path. Verify that it is readable by the user under which witango runs on your system.
3. Set up your keystore, which will contain files used to encrypt data sent to paypal. Take care that the keystore is kept secure.
   1. Copy the directory keystore to some location that is NOT publically accessible.
   2. Generate a private and public key pair within the keystore directory.
   3. Upload your public key to paypal (and optionally the paypal sandbox). Note the Certificate IDs provided by Paypal.
   4. Download paypal's public certificate (and optionally the paypal sandbox public certificate) into the keystore directory.
   5. edit the files ewp.sh (and optionaly sandbox.ewp.sh), replacing the string 'path/to/my/' with the actual path to the keystore directory. Verify that the path to openssl is correct.
4. Configure the Class File
   1. Copy the TCF_config directory into the web root of each domain using paypal.tcf.
      
   2. Witango requires that this directory be within the webroot, but it is important to keep this private. Add the following stanza to the apache virtual host (or the .htaccess file):
      Deny from All
   3. Edit the file /TCF_config/paypal.conf, updating the instance variables keystore_path, the cert_id, sandbox.cert_id, and order_email with the values you use with paypal. The params instance variable can be left unchanged; it is the name of file which will contain the cleartext payload to be encrypted.

Using paypal.tcf

The paypal.tcf object must be instantiated within a witango application file. If instantiated in a persistent scope, make sure that it is not available to unauthorized users, domains or applications.

Creating a button

The make_buy_now_button method is used to create a paypal "Buy Now" button. This method take the following parameters:

• parameters is an array of parameters to be sent to paypal. Row 0 of the array contains the names of each parameter, as specified in the paypal integration guide. Subsequent rows contain the corresponding values.
• submit_button is the URI of a graphic used as the submit button. Many standard buttons are available from PayPal.
• encrypt is a boolean value that specifies whether the parameters are to be encrypted. TRUE means encrypt the parameters.
• sb_prefix is a string used to specify that the button payload should be encrypted for testing in the PayPal sandbox. For use with the live site, leave this blank. For use with the sandbox, use the string 'sandbox.'.
• row is the row of the parameter array containing the payload to be made into a Buy Now button. This allows you to iterate over a single database query to generate multiple buttons.

Encrypting a payload

The ewp method uses the openssl library to encrypt a payload for PayPal encrypted web payments. This method takes the following parameters:

• parameters is an array of parameters to be sent to paypal. Row 0 of the array contains the names of each parameter, as specified in the paypal integration guide. Subsequent rows contain the corresponding values.
• sb_prefix is a string used to specify that the button payload should be encrypted for testing in the PayPal sandbox. For use with the live site, leave this blank. For use with the sandbox, use the string 'sandbox.'.
• row is the row of the parameter array which contains the payload to be encrypted.

Example

The application file pp_buttontest.taf will generate a button using a parameter array defined in the appfile.