PHP – Use Case 10: Integrating Payment Processing with PayPal/Stripe in PHP

Project Overview

Integrating Payment Processing allows your website to accept payments from users securely. This project covers setting up payment gateways like PayPal or Stripe, handling transactions, and ensuring secure data transmission using PHP. It is essential for e-commerce websites, subscription services, and any platform that requires monetary transactions.

Prerequisites

Ensure you have the following:

• Web Server: Apache (using XAMPP, WAMP, or MAMP)
• PHP: Version 7.4 or higher
• MySQL: For database management (optional, depending on use case)
• Code Editor: VS Code, Sublime Text, PHPStorm, etc.
• Composer: For dependency management
• PayPal or Stripe Account: For obtaining API credentials
• SSL Certificate: Required for secure transactions (use HTTPS)

Step-by-Step Procedure

1. Setting Up the Development Environment

1. Install XAMPP:
   • Download from XAMPP Official Website.
   • Follow the installation wizard and install it in the default directory.
2. Start Apache and MySQL:
   • Open the XAMPP Control Panel.
   • Start the Apache and MySQL modules.
3. Install Composer:
   • Download from Composer Official Website.
   • Follow the installation instructions for your operating system.

2. Creating the Project Structure

Organize your project files as follows:

payment-integration/
├── vendor/             # Composer dependencies
├── assets/
│   ├── css/
│   │   └── styles.css
│   └── js/
│       └── scripts.js
├── config/
│   └── db.php         # Optional, if storing transactions
├── templates/
│   ├── header.php
│   └── footer.php
├── index.php
├── process_payment.php
├── success.php
├── cancel.php
├── README.md
└── composer.json

3. Installing Payment Gateway SDKs via Composer

Depending on the chosen payment gateway, install the respective SDK.

a. Installing Stripe SDK

1. Initialize Composer:
   • Navigate to your project directory in the terminal.
   • Run: composer init
   • Follow the prompts to set up composer.json.
2. Install Stripe PHP SDK: composer require stripe/stripe-php

b. Installing PayPal SDK

1. Initialize Composer (if not already done):
   • If you’ve already initialized Composer in the Stripe setup, skip this step.
2. Install PayPal PHP SDK: composer require paypal/rest-api-sdk-php

Note: This guide will focus on integrating Stripe for payment processing. Integrating PayPal follows similar steps with differences in SDK usage.

4. Configuration

a. Stripe API Credentials

1. Obtain API Keys:
   • Log in to your Stripe Dashboard.
   • Navigate to Developers > API keys.
   • Copy the Publishable key and Secret key.
2. Store API Keys Securely:
   • For security, avoid hardcoding API keys. Use environment variables or a separate configuration file outside the web root.

b. Database Setup (Optional)

If you wish to store transaction details:

1. Create a transactions Table: Field Type Null Key Default Extra id INT NO PRI NULL AUTO_INCREMENT transaction_id VARCHAR(100) NO UNI NULL amount DECIMAL(10,2) NO NULL currency VARCHAR(10) NO NULL status VARCHAR(50) NO NULL created_at TIMESTAMP NO CURRENT_TIMESTAMP
   • Click “Save”.

c. Database Connection (config/db.php)

Create a file named db.php inside the config directory to handle database connections (if storing transactions).

<?php
// config/db.php

$host = 'localhost';
$db   = 'payment_integration';
$user = 'root'; // Default XAMPP MySQL user
$pass = '';     // Default XAMPP MySQL password is empty
$charset = 'utf8mb4';

$dsn = "mysql:host=$host;dbname=$db;charset=$charset";

$options = [
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION, // Enable exceptions
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,       // Fetch associative arrays
    PDO::ATTR_EMULATE_PREPARES   => false,                  // Disable emulation
];

try {
    $pdo = new PDO($dsn, $user, $pass, $options);
} catch (\PDOException $e) {
    // Handle connection errors
    http_response_code(500);
    echo "Database connection failed.";
    exit;
}
?>

5. Creating Reusable Templates

a. Header (templates/header.php)

<?php
// templates/header.php
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Payment Integration with Stripe</title>
    <link rel="stylesheet" href="/payment-integration/assets/css/styles.css">
</head>
<body>
    <header>
        <h1>Payment Integration with Stripe</h1>
        <nav>
            <a href="/payment-integration/index.php">Home</a>
        </nav>
    </header>
    <main>

b. Footer (templates/footer.php)

<?php
// templates/footer.php
?>
    </main>
    <footer>
        <p>&copy; <?php echo date("Y"); ?> Your Company Name</p>
    </footer>
    <script src="/payment-integration/assets/js/scripts.js"></script>
</body>
</html>

6. Building the Payment Page (index.php)

This page displays a payment form where users can enter payment details.

<?php
// index.php

require 'vendor/autoload.php'; // Composer's autoloader
require 'templates/header.php';

// Set your secret key. Remember to switch to your live secret key in production!
// See your keys here: https://dashboard.stripe.com/account/apikeys
\Stripe\Stripe::setApiKey('sk_test_YOUR_SECRET_KEY'); // Replace with your Stripe Secret Key

// Generate a new client secret for the payment intent
$paymentIntent = \Stripe\PaymentIntent::create([
    'amount' => 5000, // Amount in cents ($50.00)
    'currency' => 'usd',
    'payment_method_types' => ['card'],
]);

// Store the client secret to use in the frontend
$clientSecret = $paymentIntent->client_secret;
?>

<h2>Make a Payment</h2>

<form id="payment-form">
    <div id="card-element"><!-- A Stripe Element will be inserted here. --></div>
    <button id="submit">Pay $50.00</button>
    <div id="error-message"><!-- Display error messages here --></div>
</form>

<script src="https://js.stripe.com/v3/"></script>
<script>
    const stripe = Stripe('pk_test_YOUR_PUBLISHABLE_KEY'); // Replace with your Stripe Publishable Key
    const elements = stripe.elements();
    const card = elements.create('card');
    card.mount('#card-element');

    const form = document.getElementById('payment-form');
    const submitButton = document.getElementById('submit');
    const errorMessage = document.getElementById('error-message');

    form.addEventListener('submit', async (e) => {
        e.preventDefault();
        submitButton.disabled = true;

        const {error, paymentIntent} = await stripe.confirmCardPayment('<?php echo $clientSecret; ?>', {
            payment_method: {
                card: card,
                billing_details: {
                    name: 'Customer Name', // Replace with customer name if available
                },
            }
        });

        if (error) {
            // Show error to your customer
            errorMessage.textContent = error.message;
            submitButton.disabled = false;
        } else {
            if (paymentIntent.status === 'succeeded') {
                // Show a success message to your customer
                window.location.href = 'success.php';
            }
        }
    });
</script>

<?php
require 'templates/footer.php';
?>

Note: Replace 'sk_test_YOUR_SECRET_KEY' and 'pk_test_YOUR_PUBLISHABLE_KEY' with your actual Stripe Secret and Publishable Keys, respectively.

7. Processing the Payment (process_payment.php)

With Stripe’s PaymentIntent, the payment processing is handled on the client side using JavaScript. However, if you wish to perform server-side processing after a successful payment, you can create a webhook or handle redirection to a success page.

For simplicity, this guide includes a success page to display upon successful payment.

8. Success Page (success.php)

This page confirms that the payment was successful.

<?php
// success.php

require 'templates/header.php';
?>

<h2>Payment Successful</h2>
<p>Thank you! Your payment of $50.00 has been processed successfully.</p>
<a href="index.php">Back to Home</a>

<?php
require 'templates/footer.php';
?>

9. Optional: Handling Transactions in the Database

If you wish to store transaction details:

1. Update process_payment.php to Save Transaction Details: However, since the payment is processed on the client side, you would need to implement webhooks to listen for payment events and store transaction details securely.
2. Setting Up Stripe Webhooks:
   • In your Stripe Dashboard, navigate to Developers > Webhooks.
   • Click “Add endpoint” and enter your webhook URL, e.g., https://yourdomain.com/payment-integration/webhook.php.
   • Select events like payment_intent.succeeded and payment_intent.payment_failed.
3. Creating webhook.php: <?php // webhook.php require 'vendor/autoload.php'; require 'config/db.php'; // You can find your endpoint's secret in your webhook settings $endpoint_secret = 'whsec_YOUR_ENDPOINT_SECRET'; $payload = @file_get_contents('php://input'); $sig_header = $_SERVER['HTTP_STRIPE_SIGNATURE']; $event = null; try { $event = \Stripe\Webhook::constructEvent( $payload, $sig_header, $endpoint_secret ); } catch(\UnexpectedValueException $e) { // Invalid payload http_response_code(400); exit(); } catch(\Stripe\Exception\SignatureVerificationException $e) { // Invalid signature http_response_code(400); exit(); } // Handle the event switch ($event->type) { case 'payment_intent.succeeded': $paymentIntent = $event->data->object; // contains a \Stripe\PaymentIntent // Save transaction to database $stmt = $pdo->prepare('INSERT INTO transactions (transaction_id, amount, currency, status) VALUES (?, ?, ?, ?)'); $stmt->execute([ $paymentIntent->id, $paymentIntent->amount / 100, // Convert cents to dollars $paymentIntent->currency, $paymentIntent->status ]); break; // ... handle other event types default: // Unexpected event type http_response_code(400); exit(); } http_response_code(200); ?> Note: Replace 'whsec_YOUR_ENDPOINT_SECRET' with your actual webhook secret.

10. Testing the Application

1. Access the Payment Page:
   • Navigate to http://localhost/payment-integration/index.php.
   • Enter payment details using Stripe’s test card numbers (e.g., 4242 4242 4242 4242 with any future expiration date and any CVC).
2. Complete the Payment:
   • Submit the payment form.
   • Verify redirection to the success page upon successful payment.
3. Test Webhooks (If Implemented):
   • Use Stripe CLI or dashboard to send test webhook events to ensure transactions are recorded in the database.
4. Handle Errors:
   • Attempt payments with invalid card details to test error handling.

11. Deployment Considerations

When deploying your Payment Integration to a live server, consider the following:

• Secure Your Server with HTTPS:
  • Payment gateways require secure connections to handle sensitive data.
• Use Live API Keys:
  • Replace test API keys with live keys from your Stripe Dashboard.
• Handle Webhooks Securely:
  • Verify webhook signatures to ensure authenticity.
• Store Transactions Securely:
  • Protect transaction data by following best security practices and compliance standards like PCI DSS.
• Error Handling and Logging:
  • Implement robust error handling and logging mechanisms to monitor payment processing.
• Update CORS Policies:
  • Configure CORS headers appropriately to allow necessary origins.
• Regularly Update Dependencies:
  • Keep Stripe SDK and other dependencies updated to benefit from security patches and new features.

12. Enhancements and Best Practices

• Multiple Payment Methods:
  • Integrate additional payment methods like Apple Pay, Google Pay, or bank transfers.
• Subscription Services:
  • Implement recurring payments for subscription-based services.
• Receipt Emails:
  • Send automated receipt emails to users upon successful payments.
• Dashboard for Admins:
  • Create an admin dashboard to view and manage all transactions.
• Refunds and Cancellations:
  • Implement functionality to handle refunds and payment cancellations.
• Frontend Enhancements:
  • Improve the user interface with better design and responsive elements using CSS frameworks like Bootstrap.
• Security Enhancements:
  • Implement CSRF protection, input validation, and other security measures to protect against common web vulnerabilities.