I am currently implementing the Paypal Payment Gateway into my shop. I added an return URL inside my paypal sandbox account.
Payment steps so far:
- Create an order
- Create a payment via
WC_Gateway_Paypalclass - Redirect to paypal site login & process payment
- redirect to
return_urlon succes
Sample code:
function create_order()
{
$order = wc_create_order();
$product = wc_get_product(55);
$order->add_product($product, 1);
$address = array(
'first_name' => 'John',
'last_name' => 'Doe',
'company' => '',
'email' => 'john@doe.com',
'phone' => '111111',
'address_1' => '',
'address_2' => '',
'city' => '',
'state' => '',
'postcode' => '',
'country' => ''
);
$order->set_address($address, 'billing');
$order->set_address($address, 'shipping');
$order->calculate_totals();
$order->set_payment_method('paypal');
$paypal = new WC_Gateway_Paypal();
$paymentdetails = $paypal->process_payment($order->get_id());
return $paymentdetails;
}
In $paymentdetails I return the paypal URL where I redirect the customer to.
After successful payment the customer gets redirect from paypal to: http://mypage.com/56/?key=wc_order_59d24a26d4ccb&utm_nooverride=1
Now I want to update my order. I know that I could just read the ID and the key of the order from the redirect URL, but wouldnt that be an security issue? If someone knows the ID or the key he could just trigger a GET to my site and update his order without actual payment.
Is there a better way to accomplish this? Or do I just have to use the key=wc_order_59d24a26d4ccb instead of the ID and be careful not to send the key to the frontend?
Also, I am not getting any transaction_id, $order->get_transaction_id(); is empty after successful payment. Is this because I am developing on my local machine / with a sandbox account?
