Paypal IPN button issue

[amber.long83]

hi friends

i am having an issue with IPN paypal button. it would be quite interesting. i have one subscription of $19.95 but i am sometimes receiving payment of $0.001. after

checking the code and some research, i found that people who are quite technical, they are change the paypal button price from paypal button code using firegug and

then click on that.

so paypal get the changed amount in their post variable and user finish that payment and get access to my site. so how can i stop user to do that

can i report paypal customer care for such fraud?

thanks in advanced

 

[louie]

Redirect the button link to another page attaching the productID to it.
On the new page, create the form dynamically and redirect to PayPal

There are other way you can do this and this is the first that came to mind.

 

[MickyWall]

In the IPN script you could check the product ID against the cost in the database. If it doesn't match then code for this scenario.

 

[jmcc]

I think it is possible to encrypt the button data using Openssl. The documentation should be in the Paypal developer site.

Regards...jmcc

 

[php.allstar]

Hi,

In PHP I'd do something like the following:

Store the backet cost in $_SESSION['subscriptionPrice'] also store the subscriptionID in $_SESSION['subscriptionID']

When the user returns to the site via paypal, check that the amout of the paypal transaction matches the $_SESSION['subscriptionPrice'] and approve the transaction with your application logic.

If you're using plain old HTML, I'd suggest you get your friendly resident coder *ahem* to create a PHP page masked as a HTML page, if your server permits.

 

[jason]

You should never send data that you don't want manipulated back to the client browser. E.g. you wouldn't implement an access control system in javascript that could redirect a user to a secure document.

Anything that comes from a browser should be assumed to be lies unless proven otherwise. I concur with php.allstar that you should use a session object to either directly or indirectly store data that will be used to derive the amount charged via Paypal.

 

[dylangle3]

OMG!

Be very careful dealing with your paypal... make sure that your computer is virus free.

 

[amber.long83]

thanks for the suggestion

 

[immediate]

You have to encode the form variables when creating the button at paypal. Or if you are using IPN, verify the payment gross when you are delivering the goods.