UniFi - Integrate PayPal Standard with Hotspot (V3+ Controller)

Overview


PayPal Standard account is free of charge and therefore Paypal has more limitation on its capability. One of the limitations is that Paypal standard does not allow APIs. In other words, you cannot hook UniFi controller directly to a Paypal Standard account as shown in this how-to for integrating PayPal Pro. In order for this to work, you will need an external web server in order to leverage the Paypal Instant Payment Notification (IPN) service to successfully integrate with UniFi hotspot the Paypal Standard account.

The implications of this integration are more time for setup and maintenance efforts since an extra more entity is introduced in the architecture, adding more complexity. This deployment example* is designed to demonstrate how a PayPal Standard account can be integrated with UniFi Hotspot, we do not actually own the external web server piece. Note that we (as in Ubiquiti UniFi team) only make sure our UniFi controller interface to the external portal is functional correctly. It is the owner’s responsibility to ensure that this external server is working smoothly and all errors have been properly handled.

The example here was developed using PayPal Sandbox, a test environment provided by PayPal for developers. This shall provide the same UI/API interface as the normal PayPal website. If not, then you will need to check with PayPal. 

 

Disclaimers


  1. These steps are intended for a custom portal on UniFi controller version 3.2.1 and references line numbers accordingly. If you're using a controller version <3, it's advised that you disregard the referenced line numbers or, more preferred, upgrade to 3.2.1. These steps should work fine on future 3.x versions.
  2. We recommend that you configure apache2 with SSL and a commercial certificate installed. That is beyond the scope of this article. Without SSL, the communication from PayPal back to the controller to authorize a guest is unencrypted.
  3. Following these precise steps will allow your guests to access nearly 17 million IP addresses prior to authenticating. This is due to PayPal's geographically based IP addresses and rotating IP addresses. To find the relevant IP addresses for your area, you should do a dig or nslookup on the following domains:
    • paypal.com
    • ipnpb.paypal.com
    • sandbox.paypal.com
    • paypalobjects.com

 

Steps


 

Part I. Prepare the external portal website (Apache, PHP, UniFi example portal)

This example is based on Ubuntu 12.04 LTS, but should work with any Linux based distribution. Due to these steps being based on Ubuntu, the package manager used is aptitude and assumes the appropriate syntax. If you use a different Linux operating system, consult with the man page of your distribution's package manager. Also, this external web server machine needs an Internet IP address (for later Paypal IPN service to post back) or port forwarding needs to be enabled on the firewall.

  1. Install Apache2 and PHP5:
    apt-get install apache2 php5
  2. Verify Apache2 is running by pointing your browser to http://127.0.0.1 or, if using a separate machine, http://[Portal's IP address]. You should see a generic Apache2 page if Apache2 is running
  3. Create a directory under /var/www for your portal pages to be stored:
    mkdir /var/www/myportal
  4. Go to the base of the web server:
    cd /var/www
  5. Download thesampleportal:
    wget http://dl.ubnt.com/unifi/3.2.10/portal_sample_paypal.zip
    • Note the version number in the URL
  6. Extract the sample portal:
    tar -xvf portal_sample_paypal.tar.gz
  7. Change the folder name to something you prefer:
    mv portal_sample_paypal myportal
  8. Check what extensions you'reusing:
    echo '<?php phpinfo(); ?>' > info.php
    1. Browse to http://[Portal's IP address]
    2. Do a Ctrl+F on your keyboard
    3. Search for "openssl" and "curl"
      • OpenSSL should be installed and enabled by default
      • If curl is not found, you can install it via
        1. apt-get install curl libcurl3 libcurl3-dev php5-curl php5-mcrypt
        2. nano /etc/php5/apache2/php.ini
        3. Scroll down until you find the commented out line that reads "Dynamic Extensions"
        4. Scroll to the bottom of the "Dynamic Extensions" comment block
        5. Create a new line and enter
          extension=curl.so
        6. Save & Exit
        7. Restart apache2:
          service apache2 restart
  • Move to the portal directory:
    cd myportal
  • Edit the paypal_ipn.phpfile:
    nano paypal_ipn.php
    1. Issue Ctrl+W (Will be referenced as "find" in further steps)
      • You will be presented with a search bar,type
        username
        and press Enter
      • This should bring you to line 103, which can be confirmed with Ctrl+C
    2. Remove the "ubnt" and replace with your controller's username (leaving the single quotes around your username)
    3. On the following line, $password, remove the "ubnt" and replace with your controller's password (again, leaving the single quotes around your password)
    4. On the following line, $baseurl, modify the IP address if need be
    5. On the following line, $site, modify the site name if need be
    6. Pay close attention to lines 60, 62, & 64:
      if (strcmp ($_POST['option_selection1'], "8-Hour Pass") == 0) {
      } else if (strcmp ($_POST['option_selection1'], "1-Day Pass") == 0) {
      } else if (strcmp ($_POST['option_selection1'], "3-Day Pass") == 0) {

      These are your package names, they must match PRECISELY (CASE SENSITIVE) with the package names you enter when you create your PayPal button(s).

      If you want different package names, you may change the names in the paypal_ipn.php file.
      If you want to add a package, copy and paste the else-if statement including the } and { and paste them before the else statement.
      If you want to remove a package, delete its else-if statement.
    7. Save & Exit
  • Create the log and cookie file, assigning proper permissions:
    1. touch log.txt
    2. chmod 777 log.txt
    3. touch unifi_cookie.txt
    4. chmod 777 unifi_cookie.txt

 

Part II. Prepare PayPal

The following steps will demonstrate how to produce two buttons; a production button and a sandbox button.
The production button should be in use whenever you are prepared to start accepting real payments from your guests.
The sandbox button should be in use whenever you're testing or verifying your code.
You cannot use a sandbox account in a production environment and you cannot use a production account in a sandbox environment. It must be sandbox to sandbox or production to production.

 

Creating the Sandbox account

  1. Create a developer account, if you haven't already, at https://developer.paypal.com/
  2. Once logged in to that account, use the menu to browse to Applications
  3. You should have a menu across the left hand side, choose Sandbox accounts
  4. Choose the Create Account button in theupperright hand corner of the screen
    • Enter the details as you see fit
    • We recommend a balance of at least $200.00 on this sandbox account
  5. Take note of the email address that is generated when you create the account, this will be the email address to be used when testing the site

 

Create the Sandbox button

Now that you've created the sandbox account, you can now log in to the PayPal Sandbox using these credentials.

  1. Log in to your sandbox account at https://www.sandbox.paypal.com/
  2. On the main page, you should see an option for "My Saved Buttons", click that.
  3. On the right side, you should see an option for "Create new button", click that.
    pp_sb2.png
  4. Structure your button as shown in the picture below

    Note that the Item Name, Name of drop-down menu, and Price may be altered to suit your needs
    However, the Menu option name must match with what's stated in the paypal_ipn.php file (case sensitive)
  5. Click Create Button
  6. You should now be presented with the code that will need to be copied to your clipboard, copy the code.
  7. Go back to your portal server
    nano index.php
  8. Locate the comment block from lines 44-50
  9. Remove all the ellipses
  10. Paste your code at line 45, just inside the HTML comment block
    • If you would like to see your sandbox button on the portal, remove the comment block, save & exit, then load the index.php page in a web browser
  11. Save & Exit

 

Create the Production button

  1. Log in to your PayPal account at https://www.paypal.com/
  2. On the main page, you should see an option for "Tools", click that.
  3. Now you should have an option for "PayPal Buttons", click that.
  4. Structure your button as shown in the picture below

    Note that the Item Name, Name of drop-down menu, and Price may be altered to suit your needs
    However, the Menu option name must match with what's stated in the paypal_ipn.php file (case sensitive)
  5. Click Create Button
  6. You should now be presented with the code that will need to be copied to your clipboard, copy the code.
  7. Go back to your portal server
  8. nano index.php
  9. Locate the comment block from lines 36-42
  10. Remove all the ellipses
  11. Paste your code at line 37, just inside the HTML comment block
    • If you would like to see your Production button on the portal, remove the comment block, save & exit, then load the index.php page in a web browser
  12. Save & Exit

 

Viewing Your Buttons

Note that you can view buttons by removing the HTML comment block that surrounds the button.
For testing purposes, the Production button code should be commented out.
For production purposes, the Sandbox button code should be commented out.
To view your code:

  1. Open a web browser
  2. Browse to http://[Your portal IP address]/[Your path to files ommiting the /var/www]

 

Part III. Prepare the Controller

  1. Log in to your UniFi Controller
  2. Choose your intended portal site from the dropdown in the upper left hand corner
  3. In "Settings">"Guest Control">"Guest Policies" section, check "Enable Guest Portal" if you haven't already
  4. Choose "External Portal Server"
  5. For Custom Portal IP Address, enter the IP address of your portal. Do not include "http://", "https://", or the path. By default, UniFi will take what is entered in the box, add the http:// to the front, and /guest/s/[site name] to the end
  6. Add PayPal IP addresses to the list of Allowed Subnets
    • PayPal IP addresses are geographically based, so you may want to find the IP addresses that are bound to the following domains
      • paypal.com
      • ipnpb.paypal.com
      • sandbox.paypal.com
      • paypalobjects.com
    • You can dothisusing
      dig paypal.com
      from your portal server, then copy and paste the IPs that are returned with the A records in to the allowed subnets, append a "/32" on the end to indicate a single IP address
    • More details on this can be found here: https://ppmts.custhelp.com/app/answers/detail/a_id/92
    • Alternatively, you can add the following to your Allowed Subnets:
      1. 173.0.0.0/16
      2. 64.4.0.0/16
      3. 2.22.0.0/16
      4. 23.0.0.0/8
      • Note: Adding the above subnets will allow yours guests to access 16,973,816 addresses prior to being authorized on the network, but these subnets encompass all known PayPal IP addresses at the time of this writing. It is recommended that you find the PayPal IP addresses for your region and add them
    • Click Apply and these settings will sync out to your UAPs
  7. In "Settings">"Wireless Networks":
    • If you already have a Guest SSID configured, click Edit next to it, click the Guest Policy checkbox, and click Apply
    • If you want to set up a new Guest SSID, click Create, fill in the appropriate fields, and ensure the Guest Policy checkbox is checked, then click Apply

 

Part IV. Testing

To test your new portal:

  1. nano index.php
  2. Ensure the Sandbox button code is not commented out
  3. Have a WiFi capable device associate to the Guest SSID
  4. As soon as the guest associates, a web browser tab should open, displaying your portal with the sandbox button
    • If you are not brought to your portal page, your WiFi device isn't communication with the portal, this could mean a number of things:
      1. Portal site is included in the restricted subnets list, add the portal's IP to the Allowed Subnets list with a /32 at the end and apply the change
      2. Firewall preventing guests from communicating with the portal
      3. Ensure you can get to the portal site from another computer on the same LAN
  5. Click Buy Now, you should be brought to a PayPal login screen
    • If you do not get brought to a PayPal login screen, your Allowed Subnets list is probably inaccurate. Correct this and try again
  6. Log in to PayPal with your sandbox account
  7. Pay (this is not real money as long as you're signed in to your sandbox account when you pay)
  8. Check with the UniFi controller on the Guests tab, you should see an entry with your device's MAC address and a button that says "Unauthorize" to the right
  9. Congratulations! You've successfully integrated PayPal Standard in to the UniFi controller

 

Part V. Production

To put your new portal in to production mode:

  1. nano index.php
  2. Ensure the Production button code is not commented out
  3. Ensure the Sandbox button code is commented out
  4. Save & Exit

 

Part VI. Conclusion

Now you have a working guest portal with PayPal Standard integrated and can start accepting PayPal payments. If, at any point, you need to test the PayPal portion of the portal, you can simply comment out the Production PayPal button code and uncomment the Sandbox PayPal button code, do your testing, and then reverse the commented code blocks when you're ready for primetime again!

 

 

Notes


* - We will NOT support the example scripts. The example shall NOT be used in the production network. The reader of this document is expected to have HTML/PHP knowledge and are familiar with Paypal services. This is an EXAMPLE, please don’t just simply apply, think through first and make sure every line is properly modified according to your environment.

  1. UniFi FAQ
  2. Paypal Sandbox User Guide
  3. Paypal Instant Payment Notification Guide
  4. Super Special Thanks to UBNT-David & UBNT-Jamie. They put the original article together. It just needed to be brought up to current controller versions.
  5. Special thanks to JustTechmmaxmal and FreenetAntennas for their helpful posts!