Re: PHP Paypal Question with BuyNow Process (Paypal Standard)
- From: Manuel Lemos <mlemos@xxxxxxx>
- Date: Thu, 07 Feb 2008 12:44:10 -0200
Hello,
on 02/07/2008 10:35 AM Carolyn Marenger said the following:
on 02/07/2008 09:36 AM Carolyn Marenger said the following:
Okay, so let's say I build a page with a Buy Now button on it thatFrom my understanding, the paypal buy now button has a few issues.
takes the user to PayPal, they make the purchase, and then they return
back to my payment confirmation page. Fine, but how do I reliably
detect that the user came to this page legitimately and didn't just
guess it? I mean, I think I could look up document.referer, but don't
know if that would be reliable enough. And, does PayPal do a form post
to my confirmation page or simply a page redirect?
Primarily it doesn't track purchases and it can be hijacked.
This is not accurate. With either PDT (which is he is using with return
pages) or IPN you should always connect back to Paypal with all the
parameters you got and retrieve the transaction details.
Usually you need to verify if the amount and the payee was correct but
if you used encrypted buttons with a Paypal generated key, it is
pratically impossible to forge payments.
Please confirm for me then, that the following scenario is not possible.
With the paypal buy now form, can I not read the variables in your form,
make a dummy page selling the dew-hickey for $10 rather then the $100
you are charging. I then buy the item for $10 and make the payment to
paypal. Paypal then sends you the notification of the purchase for $10.
If you don't send me the item, I can make a stink and you have to fight
to clear your good name on paypal. Or worse, I make the page public and
you have hundreds of orders to purchase the item for $10.
I may not be able to steal the funds from your account, but could I not
in essence damage your paypal standing and thus your business?
When you used encrypted payment buttons, there is no way you can change
the order details.
--
Regards,
Manuel Lemos
PHP professionals looking for PHP jobs
http://www.phpclasses.org/professionals/
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
.
- References:
- PHP Paypal Question with BuyNow Process (Paypal Standard)
- From: Roberto
- Re: PHP Paypal Question with BuyNow Process (Paypal Standard)
- From: Carolyn Marenger
- Re: PHP Paypal Question with BuyNow Process (Paypal Standard)
- From: Manuel Lemos
- Re: PHP Paypal Question with BuyNow Process (Paypal Standard)
- From: Carolyn Marenger
- PHP Paypal Question with BuyNow Process (Paypal Standard)
- Prev by Date: Re: Read a DB in a random way without repeat...
- Next by Date: Re: Read a DB in a random way without repeat...
- Previous by thread: Re: PHP Paypal Question with BuyNow Process (Paypal Standard)
- Next by thread: Re: PHP Paypal Question with BuyNow Process (Paypal Standard)
- Index(es):
