desjardins Posted July 28, 2010 Share Posted July 28, 2010 Hi, guys/gals I have a site that offers a download/thankyoupage after purchase with paypal. I'm wanting to secure that page so that it checks to make sure the user came from paypal prior to letting him enter the page if not it would go to main page. is this possible? Link to comment https://forums.phpfreaks.com/topic/209112-http_refer-help-php/ Share on other sites More sharing options...
radar Posted July 28, 2010 Share Posted July 28, 2010 Well if you are using paypal's IPN you can use that to determine if they've come to that page from paypal.. otherwise $referer = $_SERVER['HTTP_REFERER']; will get you what you need. but you'll have to echo that out on the page when it comes back from paypal to see exactly what it says or if you'll need to do any extra data handling on it. paypal has a developer zone that you can use to test your code, without having to actually use the live paypal service. Link to comment https://forums.phpfreaks.com/topic/209112-http_refer-help-php/#findComment-1092143 Share on other sites More sharing options...
desjardins Posted July 28, 2010 Author Share Posted July 28, 2010 I appreciate your help on this topic. I tried to understand the whole IPN feature however It's above me. with the http_refer how would this be setup? the download.html page would have an echo script ? if all is well show the page and if fails send to main page Link to comment https://forums.phpfreaks.com/topic/209112-http_refer-help-php/#findComment-1092153 Share on other sites More sharing options...
radar Posted July 28, 2010 Share Posted July 28, 2010 do something like this $referer = $_SERVER['HTTP_REFERER']; $domain = parse_url($referer); if($domain['host'] == 'paypal.com') { //Run your dowloading code here normally } else { //The referrer is not paypal, we redirect to your home page header("Location: http://yoursite.com"); exit(); //Stop running the script } Link to comment https://forums.phpfreaks.com/topic/209112-http_refer-help-php/#findComment-1092155 Share on other sites More sharing options...
PFMaBiSmAd Posted July 28, 2010 Share Posted July 28, 2010 You cannot rely on $_SERVER['HTTP_REFERER'] for any security purpose. It is an optional header that anyone can set to make it look like they came from paypal. Soon after you start doing what you are attempting, you will find that all kinds of people and scripts will access the page on your site for free. You must check and record the information that the paypal IPN sends back to you to determine if the visitor actually paid. There are countless php/ipn scripts that you can use to capture this information into a database. It would then only be necessary to put code on your protected page to check against the database information if the visitor has paid. Link to comment https://forums.phpfreaks.com/topic/209112-http_refer-help-php/#findComment-1092175 Share on other sites More sharing options...
radar Posted July 28, 2010 Share Posted July 28, 2010 Well granted that information, I just gave him the options he wanted. Though definately checking the IPN is going to be the most secure method of figuring it out... go to: https://developer.paypal.com/ register for a developer account, it will have some php code available for you and you can test the code to ensure its functionality. Link to comment https://forums.phpfreaks.com/topic/209112-http_refer-help-php/#findComment-1092177 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.