Encripting source code

[legohead6]

ok, i have a paypal payment system, and to comfirm they have acutally paid i send a random number with paypal that is created before hand with rand(), the problem is if someone is wise and veiws the source it shows in the code for paypal that number and they can copy the link and skip paying. My question is how do i incript code so you cant view it from the source..... heres the code

 

<form action="XXXLINKXXX" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="legohead6@shaw.ca">
<input type="hidden" name="item_name" value="Filepile Extended Size">
<input type="hidden" name="amount" value="5.00">
<input type="hidden" name="page_style" value="Primary">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="return" value=<? echo "XXXLINKXXX"; ?>>
<input type="hidden" name="cancel_return" value="XXXLINKXXX">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="CAD">
<input type="hidden" name="lc" value="CA">
<input type="hidden" name="bn" value="PP-BuyNowBF">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_paynow_SM.gif" border="0" name="submit" alt="Click here to Pay with Paypal">
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>

[Wolphie]

I don't think it's possible to encrypt source code. The best way to do what your asking is to generate a dynamic and unique encrypted string for each Payment.

[legohead6]

the only problem is i can only send and recieve GET variables from paypal. it cant create sessions or anything... also anything i recieve back has to be created before it links to paypal

[schilly]

How do they skip payment?

 

Can't you just verify the response from paypal on the return page to make sure they paid?

[legohead6]

if they look at the source and see the XXXreturn link XXX they can go directly to it and skip the payment...

[rhodesa]

To truly do it right, you should use https://www.paypal.com/ipn

 

Don't ask me how to do it though, I only know about it from the osCommerce plugin

[schilly]

they see the return link but doesn't paypal send some kind of confirmation variable that you can validate against?

[laffin]

PayPal offers some code to also verify payments.

looks a lot like the ipn code, but the cmd is different.

 

this will allow ya to check the payment status