On Fri, 28 Jun 2002, Kris Vose wrote: > Basically I want to check to see if a user has gone to PayPal.com and > paid for a product before I disseminate the username and password > through a script called thankyou.php. > > I tried using an if statement that checks the global variable > $HTTP_REFERER: > > if($GLOBALS['HTTP_REFERER'] == >"https://www.paypal.com/cgi-bin/webscr?__track=_xclick-flow:p/xcl/pay/buy-confirm:_xclick-payment-confirm-submit") > { > > > //access code that disseminates usernames and passwords > > > } > > > Unfortunately...This is not working. I went to the php manual and it > basically stated that not all web sites will post the $HTTP_REFERER. I > believe that is what is happening in this case.
Also, anyone can fake HTTP_REFERER to be anything they want, so it's a pretty lousy payment verification mechanism. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php