Page 1 of 1

encypted a link so that it cannot be shared

Posted: Tue Aug 03, 2010 4:43 pm
by wright0768
Basically I have a thank you page on my website that updates a database after making a payment on paypal. However, someone could manually type in the thank you page url and my database would think a payment has been made. Is there a function in php where if the actual webpage is http://www.site.com/thankyou.php it would show up in the browser as http://www.site.com/somerandomstring. Then if someone shared the link http://www.site.com/somerandomstring and it was entered into the browser, they would get an error saying the page doesn't exist.
Is this possible?

Re: encypted a link so that it cannot be shared

Posted: Tue Aug 03, 2010 6:23 pm
by jraede
Just have it check to verify if an actual payment has been made.

But if you want to do what you're talking about, you could generate a random alphanumeric "key" and have it only usable once. Store in the database, or in some other fashion. Once someone accesses the page by using that key, remove the key from the database, so it can't be used again.

Re: encypted a link so that it cannot be shared

Posted: Tue Aug 03, 2010 6:30 pm
by PHPHorizons
Hello wright0768,

You might have a second problem. What happens if the user does not click the link to go back to your website? It sounds like your thankyou page would not be accessed and that database update would not be performed.

I would recommend using PayPal's IPN system to guarantee that your database is only updated when a purchase is made and that no purchases are missed.

Cheers

Re: encypted a link so that it cannot be shared

Posted: Tue Aug 03, 2010 6:41 pm
by wright0768
I have looked a little at PayPal's IPN system however, if i am updating the database based on their username at my site which most likely differs from their paypal account, can the IPN system still update the correct record?

Re: encypted a link so that it cannot be shared

Posted: Tue Aug 03, 2010 7:55 pm
by PHPHorizons
Absolutely. There is a field named "custom" that you can use in your pay pal form to pass the username. If you are already using that field for something else, then you can squeeze both in by using a CSV.

Re: encypted a link so that it cannot be shared

Posted: Tue Aug 03, 2010 11:04 pm
by wright0768
O nice thanks a lot.

Re: encypted a link so that it cannot be shared

Posted: Wed Aug 04, 2010 6:59 am
by PHPHorizons
You're welcome ;)