encrypted buttons final answer

Mike Bonner bonnmike at gmail.com
Tue Aug 16 00:09:52 EDT 2016


Hey, I asked about generating encrypted paypal buttons a while back, have
been busy since, but it does turn out to be relatively easy so I thought
I'd share the method.

   put "item_name=" & field "item_name" into tEncrypt
   put cr & "amount=" & field "Amount" after tEncrypt
   put cr & "on1=" & "luretype" after tencrypt
   put cr & "os1=" & the text of field "luretype" after tEncrypt
   put cr & "lc=US"  after tEncrypt
   put cr & "cert_id=yourcertidhere"  after tEncrypt -- the id of the
certificate uploaded to paypal.
   put cr & "currency_code=USD" after tEncrypt
   put cr & "no_shipping =2" after tEncrypt -- we are set up to use a
defined shipping method (first item costs, all further items free shipping)
   put cr & "no_note=0" after tEncrypt
   put cr & "cn=Add special instructions to the seller:" after tEncrypt
   put cr &  "add=1" after tEncrypt
   put cr & "business=paypalemail.here.com" after tEncrypt -- your paypal
email
   put cr & "cmd=_cart" after tEncrypt
   put cr & "button_subtype=products" after tEncrypt
   put cr & "bn=PP-ShopCartBF:btn_cart_LG.gif:NonHosted" after tEncrypt

Then, since i'm working on windows and things work slightly different, save
the above to a file and execute the shell script..
   put shell("c:\openssl-win32\bin\openssl  smime -sign -signer
my-pubcert.pem -inkey my-prvkey.pem -outform der -nodetach -binary <data |
c:\openssl-win32\bin\openssl  smime -encrypt -des3 -binary -outform pem
paypal_cert.pem") into tD

the first half before the pipe uses my pub cert and private key to encrypt
from the file named data using <data
The second half encrypts the result of the first half using the paypal
public cert.

The required .pem file (created in this case with openssl) is uploaded to
paypal, and a cert_id is assigned by paypal (and is then used as part of
the encrypted data above)

Option menus for things like sizes can't be encrypted (as far as I can
tell) so the code for that is generated and put into the variable tOption

At this point I merge the encrypted data, cleartext item name and image
into a full button code and save the required information to a database.
(with category id so I can only show the buttons on want on a page)

<div class="floating-box">
<img src="[[field "image_name"]]" alt="[[field "item_name"]]" />
<p>[[field "item_name"]]

 <form action="https://www.paypal.com/cgi-bin/webscr" method="post"
target=ppal>
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="encrypted" value="[[tEncrypted]]">

<table class="payme">
[[tOption]]
<input type="image" src="
https://www.paypalobjects.com/en_US/i/btn/btn_cart_LG.gif" border="0"
name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="
https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1"
height="1"></td></tr>
</table>
</form>
</p>
</div>

An lc script on the server reads the database and grabs the button code,
popping it into a page.

Once everything is working, we went into the paypal profile settings and
changed things to only accept encrypted buttons, making it hard for anyone
to mess with our non-hosted home built buttons.

The only real issue I had is that on windows it seems annoyingly difficult
to get openssh to see a config file, so there were "cannot locate
/usr/blah/blah/openssh.cnf" (even after setting proper environment
variables)  I ended up filtering the 2 error messages out, the rest works
like a charm.

As an Off-Topic question... I'm horrid at web design (and am also
restricted by my friends wishes of course) but.. Would anyone mind looking
at the site and offering suggestions re: font sizes, layout, that sort of
thing?  (the "home" button in the upper right of sub pages seems a bit off
to me, but thats the way they want it) Its been a REALLY long time since
I've done much of this.  (Oh, and tomorrow sometime the buttons will change
how they open up the paypal cart page, but the look shouldn't change, and
its the look and feel I could use input on)  the site is
http://thomascustomlures.com



More information about the Use-livecode mailing list