Jump to content


Photo

Security Advice


  • Please log in to reply
1 reply to this topic

#1 Javizy

Javizy
  • Members
  • PipPipPip
  • Advanced Member
  • 44 posts

Posted 31 March 2006 - 11:22 PM

I'm currently setting up a little shop that uses PayPal as a payment system. I've searched online and on the board and found enough information to get going. The way certain things are done worry me though. Any help with any of these would be appreciated.

1. It seems as though the payment is completed before the user clicks the 'continue' button which leads back to my site. If for some reason the user did not make it back to the site, the database cannot be effectively updated in regards to the order. This seems to go against the concept of a transaction to me.

2. Sending data initially to PayPal through hidden form variables. I've read this is not a good way to do it, and I don't like the idea of anyone being able to view this information. Would it be better to send the vars through a socket (which is the only other post data solution I've come across) in some sort of Order class?

3. I've written a Basket class with a getTotal() function. I could send this to PayPal, but then the entire basket is counted as a single item, and this might confuse users. Is there a way around this?

These are my three main concerns (particularly #1). If anyone is familiar with this stuff, are there any other security considerations I should be making? This is the first time I've done anything involved a payment system, and I want it to be as safe as possible.

Thanks in advance for any help on this.

#2 toplay

toplay
  • Staff Alumni
  • Advanced Member
  • 973 posts

Posted 01 April 2006 - 02:46 AM

1) After payment, behind the scenes PayPal fires off the transaction to your script. Your script has to handle IPN transactions and update your database. It has nothing to do with the continue button being pressed or not.

2) There's other ways, like using cURL. A good tutorial link is below.

3) Don't understand this point so I can't comment. Maybe somebody else will address it.


PayPal PHP IPN tutorial:
[a href=\"http://www.zend.com/zend/tut/tutorial-paypal.php\" target=\"_blank\"]http://www.zend.com/zend/tut/tutorial-paypal.php[/a]

IPN test sites:
[a href=\"http://www.eliteweaver.co.uk/testing/ipntest.php\" target=\"_blank\"]http://www.eliteweaver.co.uk/testing/ipntest.php[/a]
[a href=\"http://www.optioninsight.com/IPNtestbed.html\" target=\"_blank\"]http://www.optioninsight.com/IPNtestbed.html[/a]

Horror stories of using PayPal:
[a href=\"http://nopaypal.com/forums/\" target=\"_blank\"]http://nopaypal.com/forums/[/a]




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users