George Botley Posted May 30, 2011 Share Posted May 30, 2011 Hello, I wish to secure the PayPal form button. As my button is used on a subscription website, I don't want people changing the parameters and code needs to be hidden from peering eyes with firebug for instance. I have heard that you can pass the data to PayPal be given a CMD URL in return and you simply forward the user to such URL. Anyone know of this? - or another method? The button manager is not acceptable as the values will change in the hidden fields. George. Quote Link to comment Share on other sites More sharing options...
JonnySnip3r Posted May 30, 2011 Share Posted May 30, 2011 hi dude, do you not want the values show at all or do you just want it where they can't edit them? If so when paypal pass the details back to your IPN script you can double check the values to ensure everything is ok before you grant them access to premium or to purchase what ever product. So if they changes the values they wouldnt be able to purchase what the bought its their own fault Quote Link to comment Share on other sites More sharing options...
George Botley Posted May 31, 2011 Author Share Posted May 31, 2011 Okay, so just leave it in the clear but confirm all the transaction details on return against the values in a database? Sounds a simple enough route, but it still can't be safe, surely? Quote Link to comment Share on other sites More sharing options...
cssfreakie Posted May 31, 2011 Share Posted May 31, 2011 it can if you compare against pre set values in a database. Quote Link to comment Share on other sites More sharing options...
George Botley Posted May 31, 2011 Author Share Posted May 31, 2011 <form name="myform" action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="charset" value="utf-8"> <input type="hidden" name="return" value="http://#/sandbox/?page=PayPal_Payment_Return&id=<? echo "$ltj_txn_id"; ?>"> <input type="hidden" name="currency_code" value="GBP"> <input type="hidden" name="business" value="#"> <input type="hidden" name="cpp_header_image" value="#"> <input type="hidden" name="item_name" value="LTJ Annaul Subscription"; ?>) "> <input type="hidden" name="amount" value="10.00"> <input type="hidden" name="quantity" value="1"> <input type="hidden" name="first_name" value="<? echo "$form[fname]"; ?>"> <input type="hidden" name="last_name" value="<? echo "$form[lname]"; ?>"> <input type="hidden" name="email" value="<? echo "$form[email]"; ?>"> <input name="custom" type="hidden" id="custom" value="<? echo "$id"; ?>"> <input name="ipn_notification_url" type="hidden" id="ipn_notification_url" value="http://#"> <input type="hidden" name="cbt" value="Renew My Letters To June Subscription"> <input type="hidden" name="lc" value="GB"> </form> There is the form, does that look safe? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.