SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Member
    Join Date
    Feb 2006
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Paypal, http/https, success return page...

    Well, after that cryptic thread subject I hope I can explain the problem I am having a bit better here!

    I'm in the process of developing my site and I am going to be using paypal to accept payments. I am using paypal website payments standard and having a problem that I do not find either satisfactorily answered/explained on the paypal developer forums but I am hoping someone else here on sitepoint has seen this and found the answer for their own development.

    Basically, I setup a Buy Now paypal form, but one that is able to accept an aggregate of items. Sending multiple items with one Buy Now button is possible when you have a custom cart implementation that accumulates items which are then only sent to paypal when a buyer is ready to checkout. In this situation I only use paypal for their payment receiving capability and not their cart functionality.

    My paypal form specifies a return url on payment success. While testing this out in the paypal "sandbox" I find that the entire transaction proceeds without problems until the buyer presses the button to return to my site. At that point I get the ugly and annoying Security Warning dialog from the browser, with the usual message that information is being sent over an unencrypted connection and asking for the user to accept that. The dialog displays twice in my FF 1.07 browser with an acceptance required each time.

    I cannot see a reason for why the transfer from the https page at paypal to my non-https return page should cause the warning. There shouldn't really be a reason why I would have to have ssl on my end since that is one of the major advantages of using paypal - that I wouldn't need ssl on my end.

    Any insight into this problem would be greatly appreciated as I do not want to have to have ssl for my site for this seemingly unnecessary situation and I do not want to have my buyers have to see and respond to that dialog.

    If it might help, here is the form code being used to interact with the sandbox...

    <form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
    <input type="hidden" name="cmd" value="_cart" />
    <input type="hidden" name="upload" value="1" />
    <input type="hidden" name="business" value="something@somewhere.com" />
    <input type="hidden" name="return" value="http://localhost/buySuccess.php?type=paypal" />
    <input type="hidden" name="cancel_return" value="http://localhost/viewCart.php" />
    <input type="hidden" name="currency_code" value="USD" />
    <input id="paypalCheckoutBtn" type="image" src="images/PayPalCheckout.gif" name="submit" alt="Buy now using paypal..." title="Buy now using paypal..." />

    <input type="hidden" name="quantity_1" value="1" />
    <input type="hidden" name="item_name_1" value="Item name" />
    <input type="hidden" name="amount_1" value="30.00" />
    <input type="hidden" name="on0_1" value="Description" />
    <input type="hidden" name="os0_1" value="Item Description" />
    </form>

    Thanks!
    Geoff

  2. #2
    winter is around the corner Tomer's Avatar
    Join Date
    Jul 2005
    Location
    Israel
    Posts
    684
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hmm, I think that's a rule that when a secure site goes to another site without https it gives warning. Maybe I'm wrong.

    Anyways, you could always just get a $20/year SSL.

    - Tomer


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •