Verifying payment?

[3raser]

Hey,

 

Within my experience of PHP, I have never had anything to do with making secure payments before. And this is a problem I can't seem to get around. I want to let people purchase a premium version of a game, and it will add their name to a PHP file or databse after they are redirected from PayPal to a special page that adds their username to the PHP file after typing it in.

 

How would one make sure they don't just go to the webpage VIA the URL, and that they only came from the PHP redirect after purchase?

[3raser]

Anyone feedback on this? 

_ 

|

|

|

O 

/|\

/\

 

^^^^^^^^

^^^^^^^^

^^^^^^^^

 

[YourNameHere]

You can check the $_SERVER['HTTP_REFERER'] variable and make sure that it comes from paypals website. That is just one way to do it. I'm sure there are more.

[denno020]

If you're using Paypal for your payment method, then you can use their IPN scripts. Very secure, and apparently exceptionally hard to muck with.. Does take a bit of work to get going and to understand it, but it's very much worth it.

 

Denno

[3raser]

You can check the $_SERVER['HTTP_REFERER'] variable and make sure that it comes from paypals website. That is just one way to do it. I'm sure there are more.

 

But when people finish a payment, does the URL have a lot of stuff like index.php?purchase_id=t7i 4ldskg;sfjg

 

or something?

 

Will

 

if($_SERVER['HTTP_REFERER']=="http://www.paypal.com")

 

work?