Paypal and My site Need Help!

tego10122 · 12-11-2009, 12:04 AM

question, how would I handle Product->Paypal->Purchase->Mysql_add_credit->update_table

So, a customer buys "Credits/Points" he'd go to the website, login. Click Buy Credits, then hed be directed to a paypal page to pay for the credit ammount he desires . I got that far now I need a method to update his credit count in the database. I can have him redirected to http://www.site.com/purchase/success...edit&ammout=40. But heres the problem... if he refreshes he can add credits with out paying or he can set http://www.site.com/purchase/success...ammount=400000 and give himself as many credit points as he wants! grr im stuck

Enfernikus · 12-11-2009, 12:57 AM

To make it well and truly secure I'd upon them clicking the amount of credits wanted, store that number temporarily in the database along with their user id ( assuming your system has one for each user ) and send THAT off PayPal and weather you had them redirected to a page with the ID at the end or sent back in the post-back data it'd be secure.

Of course, you need to verify they paid the amount which correlates to their points. They could just edit their post data and pay a dime for 400000 credits.

Following possible scenario:
Person tries to randomly guess ID's, won't work because his user id is not tied to the ID in the table.

Village Idiot · 12-13-2009, 06:45 PM

Use paypal IPN to verify that payment has been sent, it is the only secure way. Base the credits off of the amount that IPN reports.