ababmxking Posted July 11, 2008 Share Posted July 11, 2008 Ok i know about SHA and md5 and stuff but as far as i know none of this will work for a paypal POST form, since the encrypted information would always be the same and using them wouldnt matter. So im asking, and yes ive serched this on the forum, google. And im still very new to php. so atleast just point me in the right direction. thanks, Carl Quote Link to comment https://forums.phpfreaks.com/topic/114353-encryption/ Share on other sites More sharing options...
DarkWater Posted July 11, 2008 Share Posted July 11, 2008 You should be using SSL anyway for any transaction processing, so I don't understand the question. Quote Link to comment https://forums.phpfreaks.com/topic/114353-encryption/#findComment-588058 Share on other sites More sharing options...
ababmxking Posted July 11, 2008 Author Share Posted July 11, 2008 its a paypal form with a link that sends them back to our game if payment was sent, and then the information is added into our db and the users claim there "Credits". This is for a text based rpg. Quote Link to comment https://forums.phpfreaks.com/topic/114353-encryption/#findComment-588059 Share on other sites More sharing options...
rmbarnes82 Posted July 11, 2008 Share Posted July 11, 2008 You should be using SSL anyway for any transaction processing, so I don't understand the question. That usually only happens if you actually take the payment details on your own site. Usually with stuff like paypal you hash the cart contents then post it to the payment provider. It's just there to stop ppl altering the form (eg changing all the product prices to 1 cent to rip you off). Far better to send the post form using curl. Quote Link to comment https://forums.phpfreaks.com/topic/114353-encryption/#findComment-588064 Share on other sites More sharing options...
rmbarnes82 Posted July 11, 2008 Share Posted July 11, 2008 Don't paypal use some sort of secret key only you and they know, then use that and a hashing algorithm they give you to encrypt the form data? Quote Link to comment https://forums.phpfreaks.com/topic/114353-encryption/#findComment-588067 Share on other sites More sharing options...
ababmxking Posted July 11, 2008 Author Share Posted July 11, 2008 well ya i spose. but what im trying to get at is, we have to make the form our site (as far as we understand it) and transfer all the information (ie. The Successful purchase link, the amount etc.) but we have no clue how to do this and havent found a single thing that would actually change the encrypted stuff so that the user cant just copy the form into a freehostia site using the encrypted link for successful payment and get free "Credits". Quote Link to comment https://forums.phpfreaks.com/topic/114353-encryption/#findComment-588068 Share on other sites More sharing options...
rmbarnes82 Posted July 12, 2008 Share Posted July 12, 2008 You mean the user pretending to be paypal and send back a purchase successful form to your website? Quote Link to comment https://forums.phpfreaks.com/topic/114353-encryption/#findComment-588084 Share on other sites More sharing options...
ababmxking Posted July 16, 2008 Author Share Posted July 16, 2008 You mean the user pretending to be paypal and send back a purchase successful form to your website? exactly. how would i somehow stop this? Quote Link to comment https://forums.phpfreaks.com/topic/114353-encryption/#findComment-591962 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.