Problem with verifying how the user access's the page

[barrowvian]

So far my code is;

<?php
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-synch';

$tx_token = $_GET['tx'];

$auth_token = "UG7EULv61yHJShpAe-by20mdo4whhll3KKL5wRP6S12LB_1QRggsSt41ZRK";

$req .= "&tx=$tx_token&at=$auth_token";


// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);
// If possible, securely post back to paypal using HTTPS
// Your PHP server will need to be SSL enabled
// $fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);

if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
// read the body data
$res = '';
$headerdone = false;
while (!feof($fp)) {
$line = fgets ($fp, 1024);
if (strcmp($line, "\r\n") == 0) {
// read the header
$headerdone = true;
}
else if ($headerdone)
{
// header has been read. now read the contents
$res .= $line;
}
}

// parse the data
$lines = explode("\n", $res);
$keyarray = array();
if (strcmp ($lines[0], "SUCCESS") == 0) {
array_pop($lines);
// pop the last element off the end
for ($i=1; $i<count($lines);$i++){
list($key,$val) = explode("=", $lines[$i]);
$keyarray[urldecode($key)] = @urldecode($val);
}
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
$firstname = $keyarray['first_name'];
$lastname = $keyarray['last_name'];
$itemname = $keyarray['item_name'];
$amount = $keyarray['mc_gross'];

echo ("<p><h2>Success</h2></p>");

echo ("Thank you <strong>$firstname $lastname</strong> for purchasing <strong>$itemname</strong> for a total amount of <strong>$amount</strong>");

// put the email form in here


}
else if (strcmp ($lines[0], "FAIL") == 0) { // the user has just entered the url manually
header('Location: http://localhost/ads/adspace.php');
}

}

fclose ($fp);

?>

 

Basically it checks to see if the user has been redirected from paypal. If they have then it continues, if they havent then it redirects them.

 

Im wanting to include a couple of things on the form though. I require the user to send me a couple of details (for this example just say their firstname and their lastname). I want to have a simple form, but with the form will come some kind of validation checks. I would like all of the validation to be completed on the same page (without interfering with the already processed paypal checks). Once the user submits the form then they will get the thank you page and thats it done. However, if the user then presses the back button I dont want them to be able to access this page again as it could potentially allow them to submit more data and just send spam.

 

All in all, I want validation to be done on the same page and no access to this page apart from the original redirect from paypal (no forward or back access).

 

Please could someone give me a little bit of help and/or advice, thanks.

 

[barrowvian]

Actually.....forget the whole first part of doing the validation within the same page etc, I've managed to sort that out 

 

But please could someone still help me with denying access to users who user forward or back to try and access the page? thanks.