bm4499 Posted October 31, 2009 Share Posted October 31, 2009 hi, Does anyone know how to deal with paypal? What I want: Visitors of my site have paid via paypal they need to see a *.php where they can process theirs form. After it has been processed and they got what they wanted, they must NOT be able to copy the URL to give it to theirs friends or use it another time... HOw do I deal with this problem? Quote Link to comment https://forums.phpfreaks.com/topic/179746-paypal-question/ Share on other sites More sharing options...
Jnerocorp Posted October 31, 2009 Share Posted October 31, 2009 here is something you can do: if you use paypal form on your site with a return url then you can have php generate a random number using rand() then save it in a mysql database along with the users email in a row and use GET for the form so in the return url you can get the inputed random number and then after the user has gotten what they wanted it deletes the random number from the database so it cant be matched anymore on the return page sorry its a bit hard to explain. -John Quote Link to comment https://forums.phpfreaks.com/topic/179746-paypal-question/#findComment-948350 Share on other sites More sharing options...
Jnerocorp Posted October 31, 2009 Share Posted October 31, 2009 ok i have made the script its 3 pages payment.php proccess.php and confirm.php ================= Create a table in mysql called "any tablename you want" and edit process.php and confirm.php for correct mysql info can create 2 fields in the table called email & token both VARCHAR 100 ========= this is payment.php: <?php $token = rand(); //This will generate a random number ?> <form action="process.php" method="get"> <input type="text" name ="email"> <?php // users email ?> <input type="hidden" name="token" value='<?php echo "$token"; ?>'> <?php // the randomly generated number will be here ?> <input type="submit" name="submit" value="Process Order"> </form> this is process.php: <?php if(isset($_GET['submit'])) { $email = $_GET['email']; $token = $_GET['token']; mysql_connect("localhost", "username", "password") or die(mysql_error()); mysql_select_db("database") or die(mysql_error()); mysql_query("INSERT INTO tablename (email, token) VALUES('$email', '$token' ) ") or die(mysql_error()); ?> <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="yourpaypalemail@domain.com"> <input type="hidden" name="item_name" value="hat"> <input type="hidden" name="amount" value="15.00"> <INPUT TYPE="hidden" NAME="return" value='http://domain.com/confirm.php?email=<?php echo $email;?>&token=<?php echo $token; ?>'> <input type="image" name="submit" border="0" src="https://www.paypal.com/en_US/i/btn/btn_buynow_LG.gif" alt="PayPal - The safer, easier way to pay online"> </form> and this is confirm.php: <?php if(isset($_GET['email'])) { //checks if email is set in url $email = $_GET['email']; //Gets email from url $token = $_GET['token']; //Gets token from url mysql_connect("localhost", "username", "password") or die(mysql_error()); mysql_select_db("database") or die(mysql_error()); $result = mysql_query("SELECT token FROM tablename WHERE email='$email'") //this gets the token from the database or die(mysql_error()); $row = mysql_fetch_array( $result ) $realtoken = $row['token']; //This sets the variable for the token if($realtoken == $token) { // This will check if the token and the token in the database match //Proceed and do stuff for purchase //Below here will delete the token from the database mysql_query("DELETE token FROM tablename WHERE token='$token'") or die(mysql_error()); } else { ?> <h1><font color="red">INVALID PURCHASE</font></h1> <?php } } else { ?> <h1><font color="red">INVALID PURCHASE</font></h1> -John Quote Link to comment https://forums.phpfreaks.com/topic/179746-paypal-question/#findComment-948353 Share on other sites More sharing options...
bm4499 Posted November 2, 2009 Author Share Posted November 2, 2009 Thanks Jnerocorp, I'm gonna try tonight after I get home. Do I have to place 'requireonce('****')' ontop of some scripts? Quote Link to comment https://forums.phpfreaks.com/topic/179746-paypal-question/#findComment-949278 Share on other sites More sharing options...
bm4499 Posted November 2, 2009 Author Share Posted November 2, 2009 is it also possible to open a phppage just ONLY after paypal send feedback that payment is done for that user? Quote Link to comment https://forums.phpfreaks.com/topic/179746-paypal-question/#findComment-949333 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.