Just a question about paypal.

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
synical21
Forum Contributor
Posts: 150
Joined: Tue Jul 28, 2009 8:44 am
Location: London UK

Just a question about paypal.

Post by synical21 »

At the end stages of my website i want money to be put onto a user account via paypal. The only way i understand to do this is to create a button, go through the details then have a automatic direction at the end back to your site. Now that could be http://www.mysite.com/processmoney.php

Then run a script to update the table where user = current user with money....

Thats the only way i can think of and it doesnt seem safe or unexploitable. Can anyone advise me on what to do with this kind of thing?
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Just a question about paypal.

Post by kaisellgren »

The processor must lie somewhere where accessible. Anyone can indeed forge false requests, but PayPal has the ability to tell you whether some requests were valid or not. Simply put, you ask PayPal whether this X payment was processed, if PayPal answered Yes, then you can do your updates. See: https://cms.paypal.com/us/cgi-bin/?cmd= ... de_samples
Post Reply