On Fri, 28 Jun 2002, Kris Vose wrote:
> Basically I want to check to see if a user has gone to PayPal.com and
> paid for a product before I disseminate the username and password
> through a script called thankyou.php.
> 
> I tried using an if statement that checks the global variable
> $HTTP_REFERER:
> 
> if($GLOBALS['HTTP_REFERER'] == 
>"https://www.paypal.com/cgi-bin/webscr?__track=_xclick-flow:p/xcl/pay/buy-confirm:_xclick-payment-confirm-submit";)
> {
> 
> 
> //access code that disseminates usernames and passwords
> 
> 
> }
> 
> 
> Unfortunately...This is not working.  I went to the php manual and it
> basically stated that not all web sites will post the $HTTP_REFERER.  I
> believe that is what is happening in this case.

Also, anyone can fake HTTP_REFERER to be anything they want, so it's a 
pretty lousy payment verification mechanism.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to