Chrisj Posted July 25, 2010 Share Posted July 25, 2010 On a web site I'm using, the php credit script succeeds when, upon a return from paypal, purchased credits are added to the users account. However, the return location is a success page that has a "click here to return to the home page" link. If a user stays on that success page and refreshes the page, the amount of credits purchased keeps adding that amount to the users account, upon every refresh (without paying for those extras credits). Rather than find someone to modify the script, I thought one solution might be to add something so that the page never appears and somehow the "click here to return to the home page" link automatically re-directs the successful purchaser to the home page, so he doesn't have the chance to refresh the success page. Is this a sound solution? Can you suggest what might be nedded to accomplish this? Or suggest a better solution? Quote Link to comment https://forums.phpfreaks.com/topic/208809-php-script-has-paypal-related-flaw/ Share on other sites More sharing options...
Pikachu2000 Posted July 25, 2010 Share Posted July 25, 2010 That sounds like a great deal. Can I have the URL? Just kidding. A header() redirect on successful completion of the transaction should do the trick. Quote Link to comment https://forums.phpfreaks.com/topic/208809-php-script-has-paypal-related-flaw/#findComment-1090814 Share on other sites More sharing options...
Pikachu2000 Posted July 25, 2010 Share Posted July 25, 2010 Also, you may also to unset any transaction-related SESSION vars . . . Quote Link to comment https://forums.phpfreaks.com/topic/208809-php-script-has-paypal-related-flaw/#findComment-1090818 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.