my_name_is_chris Posted April 18, 2013 Share Posted April 18, 2013 Hi there. I'm a beginner so hopefully someone can help me. Say I have a paypal button on my site, that after using it to pay, takes you to a page with a download link on it that allows you to download a file on my sites server. How can I make it so that people can't just bypass the payment process by typing in the url of the download link page? I've looked into PayPal IPN but I find it hard to understand the underlying code, and wonder if there's another way. Any actual coding examples would be gratefully appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/277109-how-to-prevent-bypass-of-paypal-payment-process/ Share on other sites More sharing options...
mac_gyver Posted April 18, 2013 Share Posted April 18, 2013 the page on your site that the download link goes to, must be a php script that checks if the current logged in visitor is allowed to download the file. if the visitor is allowed to download the file, the php script reads and outputs the actual file contents from a protected folder that visitors cannot directly access. the way that your php script knows if a visitor is allowed to download a file is because you have stored information on your site that indicates the payment was successful. the way you get that information is to use the IPN process. just being redirected back from paypal to your site's "success" page only means that the checkout process was successful, not that the payment will be successful and anyone can browse to your site's success page. Quote Link to comment https://forums.phpfreaks.com/topic/277109-how-to-prevent-bypass-of-paypal-payment-process/#findComment-1425597 Share on other sites More sharing options...
my_name_is_chris Posted April 18, 2013 Author Share Posted April 18, 2013 Thanks for explaining the process, I understand a bit better now. With your described method, would I have to create a database that stores the IPN information, and if so, how would I associate that IPN info with a particular visitor? Quote Link to comment https://forums.phpfreaks.com/topic/277109-how-to-prevent-bypass-of-paypal-payment-process/#findComment-1425606 Share on other sites More sharing options...
davidannis Posted April 18, 2013 Share Posted April 18, 2013 You can use sessions to store a visitor ID or pass Paypal a variable that it will pass back (Paypal uses custom and invoice as pass through variables) https://www.x.com/developers/paypal/documentation-tools/ipn/integration-guide/IPNandPDTVariables A warning. Paypal IPN notifications can sometimes be delayed a lot. https://www.x.com/developers/paypal/documentation-tools/ipn/integration-guide/IPNIntro The IPN message service does not assume that all messages will be received by your listener in a timely manner. Because the internet is not 100% reliable, messages can become lost or delayed. To handle the possibility of transmission and receipt delays or failures, the IPN message service implements a retry mechanism that resends messages at various intervals until you acknowledge that the message has successfully been received. Messages may be resent for up to four days after the original message. Quote Link to comment https://forums.phpfreaks.com/topic/277109-how-to-prevent-bypass-of-paypal-payment-process/#findComment-1425610 Share on other sites More sharing options...
my_name_is_chris Posted April 18, 2013 Author Share Posted April 18, 2013 Thanks for your suggestions and for the warning. I will look into sessions and custom/invoice variables. Quote Link to comment https://forums.phpfreaks.com/topic/277109-how-to-prevent-bypass-of-paypal-payment-process/#findComment-1425615 Share on other sites More sharing options...
davidannis Posted April 18, 2013 Share Posted April 18, 2013 This stackoverflow is interesting on PDT vs IPN http://stackoverflow.com/questions/2836779/paypal-ipn-vs-pdt In my experience 3-5% of IPN notifications took over 7 seconds to arrive. Quote Link to comment https://forums.phpfreaks.com/topic/277109-how-to-prevent-bypass-of-paypal-payment-process/#findComment-1425653 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.