tags:

views:

117

answers:

1
Q: 

How to deny payment via PayPal IPN?

Hello all,

I need to create dynamic 'Pay Now' buttons on my site, and PayPal says the way to do this is via an HTML FORM with preset variables for the price, currency, and item of the purchase. I use PayPal IPN to notify me when a payment has complete.

However, what's to stop someone from modifying the query parameters of the Pay Now button to change the price? Some people have told me to redirect the button through a PHP file that sends you to a PayPal payment page with the parameters in place, but the price could just as easily be manipulated in the Web browser's address bar. My question is, how can I deny a payment if the information I receive from PayPal's IPN service is invalid (if the price doesn't match our records)?

I'm quite confused and couldn't find any documentation on what I'm looking for. Hopefully, you guys can help.

Thanks!

A: 

I think you want to enable Encrypted Website Payments. I haven't done this before, but you can read more here: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_encryptedwebpayments

Paul Kearney - pk  2010-05-14 23:39:46
That looks perfect for what I need, but how do I create the 'encrypted code'? I've created my public/private keys, uploaded the public one, etc.. but now I need to use a Windows program to generate the code? How can I do this on Linux?
Nick  2010-05-15 00:39:41
Paul Kearney - pk  2010-05-15 00:54:38
For the record, I didn't really want to try to get Java Runtime Environment and more crap than I need installed on my server to run this encrypter, but with a short Google (I feel stupid), I found this PHP script that does the same thing: http://www.stellarwebsolutions.com/en/articles/sample_button_code_for_php.txt
Nick  2010-05-15 01:53:34

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases