Jump to content

Can someone explain whats happening to $e in this


Kiwiguy51
 Share

Recommended Posts

Hi,

Can someone explain in english what this is doing to email addresses? Is it validating the users input format?

I've got 2 Buy Now buttons that take people to Paypal but then Paypal says error wrong email address.

 

Yet above this code $ppe is set as my correct paypal email address. This is from my config.php.

 

Does the 2nd to last line change $e into my $ppe paypal email?

 

if ($_SESSION['page'] !== 'index') {}
else {
$e = $_GET['e'];
if (
($e == '') ||
($e == 'paypal@email.com') ||
($e == 'paypal@emailaddress.com') ||
($e == 'PAYPAL@EMAIL.COM') ||
($e == 'PAYPAL@EMAILADDRESS.COM') ||
($e == '-8-email-8-') ||
($e == '-8-paypalemail-8-') ||
($e == '-8-EMAIL-8-') ||
($e == '-8-PAYPALEMAIL-8-') ||
($e == '[={PAYPAL}]') ||
($e == '[={PAYPALEMAIL}]') ||
($e == 'zzzezzz') ||
($e == 'zzzppezzz')
)
$e = $ppe;
$redirect = 'Location: '.$url0;

 

Thanks in advance ~Rod

PS: I don't code but I do kind of understand what it's doing.

Link to comment
Share on other sites

Thanks for that.

I didn't want to paste the whole config.php it's quite long.

Basically the code above what I posted sets some variables one of which is $ppe for my paypal email

 

Then he sets some page security so you can only get to the download page after signing up on squeeze page

 

then the code I pasted

 

then sets some cookies

 

then does the one time offer and downsell stuff

 

then he has a way of sending a thankyou graphic to appear on paypals 'pay now' page with the users email loaded.

 

then he replaces symbols like @ and : with their %40 and %3a equivalents

 

then he sets the button url which may be where my problem is.

 

$button_url = 'Location: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business='.
$paypal2.'&item_name='.$product_name2.'&item_number='.$product_id2.'&amount='.$price2.'&no_shipping=1&return='.
$download_link2.'&cancel_return='.$cancel_link2.'&no_note=1&currency_code=USD&notify_url='.$ipn_link2.'&cpp_header_image='.$ppheader_url2;

 

That's the link to paypal so on the sales page he just writes $button_url

$paypal2 should be the users email address

$ipn_link don't know what this is (notify url) but he's turned it off (commented it out) previously

 

I don't see any reference to my paypal account could this be why paypal says error wrong email address to the buyer?

Link to comment
Share on other sites

then he replaces symbols like @ and : with their %40 and %3a equivalents

That should be one single call to rawurlencode.

 

$button_url = 'Location: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business='.
$paypal2.'&item_name='.$product_name2.'&item_number='.$product_id2.'&amount='.$price2.'&no_shipping=1&return='.
$download_link2.'&cancel_return='.$cancel_link2.'&no_note=1&currency_code=USD&notify_url='.$ipn_link2.'&cpp_header_image='.$ppheader_url2;

I'm not too familiar with this part of PayPal but I believe the business= is your email address, not the customer's.

 

Separately, it looks like you're putting the notify_url for IPN in the URL you're redirecting too? That should be specified in your account instead. Exposing that location to the user is a risk to your listening code, and though it should not be a problem (because it verifies the request with PayPal) there's always the chance of a malicious user discovering an exploit in the code. I don't know how it was "turned off" so this may not be a problem.

Edited by requinix
Link to comment
Share on other sites

This thread is more than a year old. Are you sure you have something important to add to it?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.