• PHP Help
  • No API call after the order's created

I am using a php web video script that has Paypal integrated. Upon attempting a Live transaction to test, the process proceeds to Paypal, shows the transaction amount and returns to the web site successfully,
however, no amount is added to the website and no amount is deducted from the paypal user account. I see no errors at paypal or on the website.
After communicating with Paypal Merchant Support they said:
"From the token you provided, we were able to find the v2/checkout/orders API where you successfully created an order. We can see that there is an v2/checkout/orders API call to create the order, but it is not being approved and capture correctly. It seems like the integration you’re using isn’t being integrated correctly. There isn’t any addition API call after the order was created.
After buyer confirmed their funding method, you can use the Capture URL: https://api.paypal.com/v2/checkout/orders/5H041277RN955904F/capture to do POST API call to capture the payment. Please refer to the Order_Capture API for details: https://developer.paypal.com/docs/api/orders/v2/#orders_capture "

The developer of the web script is unavailable, so I am attempting to find/fix the issue, although I'm a little lost on the Merchant Tech explanation.
Since I'm not getting helped by the developer, maybe you can tell me if this file looks like where a modification is needed to "POST API call to capture the payment".
Any help is appreciated...

<?php
if (IS_LOGGED == false && $first != 'success_fortumo' && $first != 'success_aamarpay' && $first != 'cashfree_paid' && $first != 'iyzipay_paid' && $first != 'success_yoomoney') {
    $data = array(
        'status' => 400,
        'error' => 'Not logged in'
    );
    echo json_encode($data);
    exit();
}
require 'assets/includes/paypal_config.php';


$payment_currency = $pt->config->payment_currency;
$paypal_currency = $pt->config->paypal_currency;

if ($first == 'replenish') {
	$data    = array('status' => 400);
	$request = (!empty($_POST['amount']) && is_numeric($_POST['amount']));
	if ($request === true) {
		$price = PT_Secure($_POST['amount']);

		$ch = curl_init();

	    curl_setopt($ch, CURLOPT_URL, $url . '/v2/checkout/orders');
	    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	    curl_setopt($ch, CURLOPT_POST, 1);
	    curl_setopt($ch, CURLOPT_POSTFIELDS, '{
	      "intent": "CAPTURE",
	      "purchase_units": [
	            {
	                "items": [
	                    {
	                        "name": "Wallet Replenishment",
	                        "description":  "Pay For ' . $pt->config->name.'",
	                        "quantity": "1",
	                        "unit_amount": {
	                            "currency_code": "'.$pt->config->paypal_currency.'",
	                            "value": "'.$price.'"
	                        }
	                    }
	                ],
	                "amount": {
	                    "currency_code": "'.$pt->config->paypal_currency.'",
	                    "value": "'.$price.'",
	                    "breakdown": {
	                        "item_total": {
	                            "currency_code": "'.$pt->config->paypal_currency.'",
	                            "value": "'.$price.'"
	                        }
	                    }
	                }
	            }
	        ],
	        "application_context":{
	            "shipping_preference":"NO_SHIPPING",
	            "return_url": "'.PT_Link("aj/wallet/get_paid?status=success&amount=").$price.'",
	            "cancel_url": "'.PT_Link("aj/wallet/get_paid?status=false").'"
	        }
	    }');

	    $headers = array();
	    $headers[] = 'Content-Type: application/json';
	    $headers[] = 'Authorization: Bearer '.$pt->paypal_access_token;
	    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

	    $result = curl_exec($ch);
	    if (curl_errno($ch)) {
	        echo 'Error:' . curl_error($ch);
	    }
	    curl_close($ch);
	    $result = json_decode($result);
	    if (!empty($result) && !empty($result->links) && !empty($result->links[1]) && !empty($result->links[1]->href)) {
	        $data = array(
		        'status' => 200,
		        'type' => 'SUCCESS',
		        'url' => $result->links[1]->href
		    );
	    }
	    elseif(!empty($result->message)){
	        $data = array(
	            'type' => 'ERROR',
	            'details' => $result->message
	        );
	    }
	    echo json_encode($data);
	    exit();
	}
}
if ($first == 'get_paid') {
	$data['status'] = 500;
	if (!empty($_GET['amount']) && is_numeric($_GET['amount']) && !empty($_GET['token'])) {

		$amount = (int)PT_Secure($_GET['amount']);
		$token = PT_Secure($_GET['token']);

		include_once('assets/includes/paypal.php');

		$ch = curl_init();

		curl_setopt($ch, CURLOPT_URL, $url . '/v2/checkout/orders/'.$token.'/capture');
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_POST, 1);

		$headers = array();
		$headers[] = 'Content-Type: application/json';
		$headers[] = 'Authorization: Bearer '.$pt->paypal_access_token;
		curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

		$result = curl_exec($ch);
		if (curl_errno($ch)) {
		    header("Location: " . PT_Link('wallet'));
			exit();
		}
		curl_close($ch);
		if (!empty($result)) {
		    $result = json_decode($result);
		    if (!empty($result->status) && $result->status == 'COMPLETED') {

		    	$update  = array('wallet' => ($user->wallet_or += $amount));
				$db->where('id',$user->id)->update(T_USERS,$update);
				$payment_data         = array(
		    		'user_id' => $user->id,
		    		'paid_id'  => $user->id,
		    		'admin_com'    => 0,
		    		'currency'    => $pt->config->paypal_currency,
		    		'time'  => time(),
		    		'amount' => $amount,
		    		'type' => 'ad'
		    	);
				$db->insert(T_VIDEOS_TRSNS,$payment_data);

				$_SESSION['upgraded'] = true;
				$url     = PT_Link('wallet');
				if (!empty($_COOKIE['redirect_page'])) {
		            $redirect_page = preg_replace('/on[^<>=]+=[^<>]*/m', '', $_COOKIE['redirect_page']);
		            $url = preg_replace('/\((.*?)\)/m', '', $redirect_page);
		        }

		    	header("Location: $url");
		    	exit();
		    }
		}
	}
	header("Location: " . PT_Link('wallet'));
	exit();
}
`` `

    I have been away from this sort of transactional work for a while, but last I knew, you could use CURL functions (if your PHP install has that enabled), or even the native PHP file_get_contents() method/function to send POST data.

      It's been many years since I've done anything with Paypal and their documentation seems to rely no a lot of in-house jargon ("''HATEOAS'? What's wrong with OAS?"). But I see the /capture/ URL in there being called. Getting to that point assumes $_GET['amount'] and $_GET['token'] are nonempty, and that $first == 'get_paid'. So I'd be trying to confirm that those conditions are actually met, and if not, why not.

      There is also the include_once line there which doesn't seem to have been necessary for any other task, so I'm wondering what's in that.

        Many thanks for the replies.
        I don't know how to "confirm that those conditions are actually met, and if not, why not". Any additional guidance with that is appreciated.
        And in regard to
        include_once('assets/includes/paypal.php');
        I just don't see paypal.php in the list of files in assets/includes. It's not there.
        The closest thing to that I see is:
        assets/includes/paypal_config.php

        and in that is:

        `$url = "https://api-m.sandbox.paypal.com";
        if ($pt->config->paypal_mode == 'live') {
        $url = "https://api-m.paypal.com";
        }

        $pt->paypal_access_token = null;
        $ch = curl_init();

        curl_setopt($ch, CURLOPT_URL, $url . '/v1/oauth2/token');
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=client_credentials");
        curl_setopt($ch, CURLOPT_USERPWD, $pt->config->paypal_id . ':' . $pt->config->paypal_secret);

        $headers = array();
        $headers[] = 'Content-Type: application/x-www-form-urlencoded';
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

        $result = curl_exec($ch);
        curl_close($ch);
        $result = json_decode($result);
        if (!empty($result->access_token)) {
        $pt->paypal_access_token = $result->access_token;
        }`

        any additional insight or guidance is welcomed.

          the closest thing that I see is

          I would recommend changing the script to include the file that exists. And making sure that for testing it is using the sandbox URL.

          As for seeing what the values are, any modern browser should have an "Inspector" mode that contains a way to see network activity. This should show if values are being sent/POSTes and what they are....

            Thanks for your reply, however, I don't understand "changing the script to include the file that exists"...

              Write a Reply...