Jump to content

How to Prevent Bypass of PayPal Payment Process?


my_name_is_chris

Recommended Posts

Hi there. I'm a beginner so hopefully someone can help me.

 

Say I have a paypal button on my site, that after using it to pay, takes you to a page with a download link on it that allows you to download a file on my sites server. How can I make it so that people can't just bypass the payment process by typing in the url of the download link page?

 

I've looked into PayPal IPN but I find it hard to understand the underlying code, and wonder if there's another way.

 

Any actual coding examples would be gratefully appreciated.

Link to comment
Share on other sites

the page on your site that the download link goes to, must be a php script that checks if the current logged in visitor is allowed to download the file. if the visitor is allowed to download the file, the php script reads and outputs the actual file contents from a protected folder that visitors cannot directly access.

 

the way that your php script knows if a visitor is allowed to download a file is because you have stored information on your site that indicates the payment was successful. the way you get that information is to use the IPN process.

 

just being redirected back from paypal to your site's "success" page only means that the checkout process was successful, not that the payment will be successful and anyone can browse to your site's success page.

Link to comment
Share on other sites

You can use sessions to store a visitor ID or pass Paypal a variable that it will pass back (Paypal uses custom and invoice as pass through variables)  https://www.x.com/developers/paypal/documentation-tools/ipn/integration-guide/IPNandPDTVariables

 

A warning. Paypal IPN notifications can sometimes be delayed a lot. https://www.x.com/developers/paypal/documentation-tools/ipn/integration-guide/IPNIntro

 

The IPN message service does not assume that all messages will be received by your listener in a timely manner. Because the internet is not 100% reliable, messages can become lost or delayed. To handle the possibility of transmission and receipt delays or failures, the IPN message service implements a retry mechanism that resends messages at various intervals until you acknowledge that the message has successfully been received. Messages may be resent for up to four days after the original message.

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.