Jump to content

paypal question


bm4499

Recommended Posts

hi,

 

Does anyone know how to deal with paypal?

 

What I want:

 

Visitors of my site have paid via paypal they need to see a *.php where they can process theirs form.

 

After it has been processed and they got what they wanted, they must NOT be able to copy the URL to give it to theirs friends or use it another time...

 

HOw do I deal with this problem?

Link to comment
https://forums.phpfreaks.com/topic/179746-paypal-question/
Share on other sites

here is something you can do:

 

if you use paypal form on your site with a return url then you can have php generate a random number using rand()

 

then save it in a mysql database along with the users email in a row and use GET for the form so in the return url you can get the inputed random number and then after the user has gotten what they wanted it deletes the random number from the database so it cant be matched anymore on the return page sorry its a bit hard to explain.

 

-John

Link to comment
https://forums.phpfreaks.com/topic/179746-paypal-question/#findComment-948350
Share on other sites

ok i have made the script its 3 pages

 

payment.php

proccess.php

 

and

 

confirm.php

 

=================

Create a table in mysql called "any tablename you want" and edit process.php and confirm.php for correct mysql info

 

can create 2 fields in the table called email & token both VARCHAR 100   

 

=========

 

this is payment.php:

<?php
$token = rand(); //This will generate a random number
?>
<form action="process.php" method="get">
<input type="text" name ="email"> <?php // users email ?>
<input type="hidden" name="token" value='<?php echo "$token"; ?>'> <?php // the randomly generated number will be here ?>
<input type="submit" name="submit" value="Process Order">
</form>

 

this is process.php:

<?php
if(isset($_GET['submit'])) {

$email = $_GET['email'];
$token = $_GET['token'];

mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());

mysql_query("INSERT INTO tablename 
(email, token) VALUES('$email', '$token' ) ") 
or die(mysql_error());  
?>

<form action="https://www.paypal.com/cgi-bin/webscr" method="post"> 
<input type="hidden" name="cmd" value="_xclick"> 
<input type="hidden" name="business" value="[email protected]"> 
<input type="hidden" name="item_name" value="hat">
<input type="hidden" name="amount" value="15.00"> 
<INPUT TYPE="hidden" NAME="return" value='http://domain.com/confirm.php?email=<?php echo $email;?>&token=<?php echo $token; ?>'>
<input type="image" name="submit" border="0" src="https://www.paypal.com/en_US/i/btn/btn_buynow_LG.gif" alt="PayPal - The safer, easier way to pay online"> 
</form>

 

and this is confirm.php:

<?php
if(isset($_GET['email'])) { //checks if email is set in url

$email = $_GET['email']; //Gets email from url
$token = $_GET['token']; //Gets token from url

mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());

$result = mysql_query("SELECT token FROM tablename WHERE email='$email'") //this gets the token from the database
or die(mysql_error());  
$row = mysql_fetch_array( $result )

$realtoken = $row['token']; //This sets the variable for the token

if($realtoken == $token) { // This will check if the token and the token in the database match

//Proceed and do stuff for purchase


//Below here will delete the token from the database
mysql_query("DELETE token FROM tablename WHERE token='$token'")  
or die(mysql_error()); 

} else {
?>
<h1><font color="red">INVALID PURCHASE</font></h1>
<?php
}

} else {

?>
<h1><font color="red">INVALID PURCHASE</font></h1>

 

-John

 

Link to comment
https://forums.phpfreaks.com/topic/179746-paypal-question/#findComment-948353
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.