On 11-07-03 04:17 PM, Kirk Bailey wrote:
ok, here's the deal; we sent someone to the paypal site for their
purchase; the site will use the palpal shopping cart. When they come
back, there needs to be a way to identify the product and the
transaction so they an get the product ONCE. Now for a single
purchase, we can just send them to (productname)thankyou.php and
attach a magic cookie to the url as a query string. this magic
cookie can only be used once. THIS WILL NOT WORK IF WE USE THE FULL
SHOPPING CART AND THERE IS MORE THAN ONE PRODUCT TO DOWNLOAD, it
only works with a buynow button for one only product.
This kind of functionality, if worked out in detail, will lend
itself to being adapted to MANY sorts of Eproducts, so I think
there's an arguement to be made that this is of benefit to a
significant segment of the php community. Well, at th4est them of us
who like to get paid reliably, and not get ripped off.
Isn't this broken from the get-go? You don't know for certain that they
made the purchase until you get the IPN and verify the IPN. This is why
many sites send a URL once the transaction clears.
A ROUGH STAB AT HOW TO DO IT FOR SINGLE ITEMS
As for one time only with buynow buttons:
Send the customer to paypal with a cookie from the top of a list.
When they come back, read the list's first entry. If it's there,
make the download link available. the download is in a secured
directory, a la Apache's directory securing methods. GIVE THEM THE
PASSWORD. The user name is the magic cookie; tell them this. When
they go to that page, apache demands the user name and password,
which they give, and the page then (thanks to the query string
having the item name) makes a download link available. This page
also deletes that magic cookie from the list of them,so it can never
be used again.
This is also broken... once logged in I can change the name of the item
to download. At the very least add a salted MD5 or SHA1 verification to
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php