PayPal Password Management Installation Guide For Professional Use Only Currently only available in English. A usage Professional Uniquement Disponible en Anglais uniquement pour l'instant.
PayPal Password Management Installation Guide © 2006 PayPal Inc. All rights reserved. PayPal and the PayPal logo are registered trademarks of PayPal, Inc. Designated trademarks and brands are the property of their respective owners. Notice of Non-Liability PayPal, Inc. and the authors assume no liability for errors or omissions, or for damages, resulting from the use of this Manual or the information contained in this Manual.
Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Chapter 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 9 System Requirements Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Apache Basic Authentication . . . . . . . . . . . . . . . . 11 Setting Up Basic Authentication with Apache . . . . . . . . . . . . . . . . . . . . . . . . 11 Apache Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 4 April 2002 Password Management Installation Guide
List of Tables Table 4.1 Errors, Possible Causes, Potential Solutions Password Management Installation Guide April 2002 . . . . . . . . . . . . . . .
List of Tables 6 April 2002 Password Management Installation Guide
Preface This Document This is the original release for Password Management Installation Guide, a document that describes installing and configuring the PayPal password management script for use by merchants who use PayPal’s subscription management. Intended Audience This document is written for users of PayPal subscription management feature. Organization of This Document Chapter 1, “Introduction,” gives some background information about this product.
Preface Typeface How Used Serif bold User interface names, such as window names or menu selections. For example: On the Profile page, click Email to confirm your email address. San-serif oblique Placeholders used in the context of a format or programming standard or formal descriptions of PayPal system syntax. Placeholders indicate values or names that the reader should provide.
1 Introduction Subscription services often give their subscribers unique usernames and passwords in order that they may access "member only" sections of their sites. These merchants have the option to have PayPal generate unique usernames and passwords for their subscribers. If a merchant chooses this option when creating a subscription button, a username and password pair generated by PayPal will be presented to their subscribers on the PayPal completion page after they successfully sign-up.
1 10 Introduction April 2002 Password Management Installation Guide
2 Apache Basic Authentication Basic Authentication is a way to password-protect your web content. Access is granted only when a valid username and password is presented to your webserver. Apache provides a simple way to use Basic Authentication. By creating an .htaccess file you can protect an entire directory of content. The .htaccess file tells your web server where to find a list of authorized usernames and passwords: a file called .htpasswd.
2 Apache Basic Authentication Apache Configuration Because this file needs to be accessed and written to by the Password Management script, the owner must be the Apache user that the script will run as. For example if your Apache username is apache: chown /var/www/files/.htpassword apache Apache Configuration You need to verify that Apache's configuration is ready to support basic authentication. Look in your Apache configuration file, httpd.
3 Configuring the PayPal Password Management Script First, install the Perl script. This is a four-step process. 1. Download the package and copy it to a temporary directory on your web server. 2. Uncompress the file with the following command: gzip -dc filename.tar.gz | tar -x The temporary directory should now contain the following files: paypal.pl README 3. Next you need to copy the paypal.pl script to your web server’s CGI script directory.
3 Configuring the PayPal Password Management Script Configuring the PayPal Password Management Script my my my my my my my my my $PERIOD1 = ''; $PERIOD2 = ''; $PERIOD3 = ''; $AMOUNT1 = ''; $AMOUNT2 = ''; $AMOUNT3 = ''; $SMTP_SERVER = '192.168.1.10'; $ADMIN_EMAIL = 'admin@abc123.com'; @PAYMENT_EMAILS = ('s@a123.com'); 3. Change the path of $PASSWORD_FILE to that of your .htpassword file which you created above. 4. You need to specify a path and filename for $TRANSACTION_FILE.
Configuring the PayPal Password Management Script Updating your PayPal Account Preferences 3 8. The PayPal Password Management script features email alerts to notify the website operator of any unexpected errors. Enabling this feature requires you to modify the following constants: my $SENDMAIL_PATH = '/usr/sbin/sendmail'; my $ADMIN_EMAIL = 'admin@abc123.com'; The $SENDMAIL_PATH should be filled in with the location of sendmail. Your ISP or system administrator should be able to provide this information.
3 Configuring the PayPal Password Management Script PayPal Password Management Encryption to generate usernames and passwords for your subscribers." The new button works just as before, just cut and paste the HTML. You have completed the basic installation of PayPal User Password Management. PayPal Password Management Encryption At this point communication between your website and PayPal is unencrypted. Adding encryption is recommended but not a necessity.
Configuring the PayPal Password Management Script PayPal Password Management Encryption 3 make test make install 8. When you connect to PayPal's secure server (https://www.paypal.com) it will present you with a digital certificate, signed by a trusted Certificate Authority (Verisign). To be 100% certain of the authenticity of this transaction your code should verify PayPal's certificate using Verisign's public key.
3 18 Configuring the PayPal Password Management Script PayPal Password Management Encryption April 2002 Password Management Installation Guide
4 Error Handling and Reporting The PayPal Password Management Script has two mechanisms for reporting errors, the Apache error log (error_log) and notification emails. All exceptions are logged to the error log, however, email notifications are optional. Errors are reported identically in both. Below is a list of 8 possible error messages, examples on how they may occur, and potential solutions. TABLE 4.
4 Error Handling and Reporting TABLE 4.1 20 Errors, Possible Causes, Potential Solutions Error Possible Cause Potential Solution An IPN was received that did not match your primary email address Message was ignored. A valid notification was received however the recipient email address for the subscription did not match the one specified in my@PAYMENT_EMAILS in paypal.pl. Either a malicious person is trying to gain access or my @PAYMENT_EMAILS needs to be updated.
Error Handling and Reporting Manual Modifications to .htpasswd TABLE 4.1 4 Errors, Possible Causes, Potential Solutions Error Possible Cause Potential Solution Username: ppsomename already exists This is unexpected. PayPal checks each name against previously used names to be certain it has not been used on your site. If your .htpassword file is being used by other credit card processors it is theoretically possible a duplicate can occur however this is extremely unlikely.
4 Error Handling and Reporting Recreating .htpasswd If you want to deactivate a username and password, simply canceling a users subscription will not necessarily deactivate the pair. If the cancellation was due to a payment failure, usernames and passwords are immediately canceled when the subscription is canceled. If the cancellation was made by the buyer or seller, then the usernames and passwords will be active until the subscription terms expire (the date of the next scheduled payment).
