Paypal IPN button issue

Status
Not open for further replies.

amber.long83

New Member
hi friends

i am having an issue with IPN paypal button. it would be quite interesting. i have one subscription of $19.95 but i am sometimes receiving payment of $0.001. after

checking the code and some research, i found that people who are quite technical, they are change the paypal button price from paypal button code using firegug and

then click on that.

so paypal get the changed amount in their post variable and user finish that payment and get access to my site. so how can i stop user to do that

can i report paypal customer care for such fraud?

thanks in advanced
 

louie

New Member
Redirect the button link to another page attaching the productID to it.
On the new page, create the form dynamically and redirect to PayPal

There are other way you can do this and this is the first that came to mind.
 

MickyWall

New Member
In the IPN script you could check the product ID against the cost in the database. If it doesn't match then code for this scenario.
 

jmcc

Active Member
I think it is possible to encrypt the button data using Openssl. The documentation should be in the Paypal developer site.

Regards...jmcc
 

php.allstar

New Member
Hi,

In PHP I'd do something like the following:

Store the backet cost in $_SESSION['subscriptionPrice'] also store the subscriptionID in $_SESSION['subscriptionID']

When the user returns to the site via paypal, check that the amout of the paypal transaction matches the $_SESSION['subscriptionPrice'] and approve the transaction with your application logic.

If you're using plain old HTML, I'd suggest you get your friendly resident coder *ahem* to create a PHP page masked as a HTML page, if your server permits.
 

jason

New Member
You should never send data that you don't want manipulated back to the client browser. E.g. you wouldn't implement an access control system in javascript that could redirect a user to a secure document.

Anything that comes from a browser should be assumed to be lies unless proven otherwise. I concur with php.allstar that you should use a session object to either directly or indirectly store data that will be used to derive the amount charged via Paypal.
 

immediate

New Member
You have to encode the form variables when creating the button at paypal. Or if you are using IPN, verify the payment gross when you are delivering the goods.
 
Status
Not open for further replies.
Award-winning Mac antivirus and Internet security software
Top