Hello.. I am trying to make a billing script that will credit a user automatically after they pay their payment from paypal.

Currently I have to manually credit users accounts after they pay which is extremely slow.

My question is this:
Is there some sort of environmental variable that I can use that will verify that a user came from "paypal's" billing page!

Meaning,
if(user is coming from paypals page):
then execute:
else:
echo "sorry Hacker..";
endif;

I realize I will need more verification methods but just wondering if there is something that can verify a person has come from a page that I specify.

I appreciate any help..

    You want to look at $HTTP_REFERER which should give you the info you want. It definately isn't a secure option though.

      a month later

      I think you'll find that paypal have a system whereby they send a code with the successful payment notification which you can then send back to paypal to generate a verification response.

      See their manual pages 53 and 54.

      Having sent back the info to paypal you will get the response 'VERIFIED' or 'INVALID' to confirm that it is a genuine transaction and that all transaction details are correct.

      Someone will write a nice snippet of PHP script soon .... it may be me if I'm not beaten to it (waits for flood of offerings)

        Yes.. I just saw that option on Paypal.. They have the code in perl and asp but not php.. I was hoping someone would write it in php.. If you ever get it done and you post it here I would be forever gratefull 🙂

        thanks,

        Greg

          / return whatever PayPal sent and add cmd /
          while (list ($key, $value) = each ($HTTP_POST_VARS)) {
          echo "$key: $value<br>\n";
          $postdata .= $key.'='.$value.'&';
          }
          $postdata .= 'cmd=_notify-validate';
          $url = '';

          $command = '/usr/bin/curl -m 120 -d "'.$postdata.'" https://www.paypal.com/cgi-bin/webscr -L';
          exec ($command, $return_array, $return_value);

          if ($return_array[0] == 'INVALID') {
          / invalid /
          }
          else if ($return_array[0] == 'VERIFIED') {
          / valid /
          }

            This is perfect!! Thank you, thank you.. It is very much appreciated!

              2 months later

              Just wondering if you got this to work, and if you made any modifications?

                3 months later

                I wrote a longer script that does the same thing, but inserts the variables from PayPal into a MySQL table, including whether PayPal returned VERIFIED or INVALID. Too long to post here, so e-mail me at steph@bairey.net if you'd like it!

                Steph

                  11 days later

                  Steph's script worked great on one of my servers. However, is there a way to do the same thing without libcurl installed? I have a second server that is hosted by an ISP that does not want to install curl. Thanks for the help in advance.

                    Write a Reply...