SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast RicoKnox's Avatar
    Join Date
    Aug 2006
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Checking where the user was linked from

    Hey.

    I've been coding a couple of simple scripts and in one the user pays for his (or her) purchase via PayPal and then is redirected to a page on my server. Is there any code I can put on this page to check that it was PayPal that redirected them there to stop non paying users getting free copies.

    Thanks in advance,
    Richard
    www.developlive.com

    "Richard's great communication and
    accuracy of coding are second to none.
    "

  2. #2
    SitePoint Addict silentcollision's Avatar
    Join Date
    Jun 2006
    Location
    New Zealand
    Posts
    388
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    $referrer $_SERVER['HTTP_REFERER']; 
    http://nz.php.net/reserved.variables

    Not sure how you'd validate it to be sure that its from PayPal (And not someone faking it), but that will give you the referrer.

  3. #3
    SitePoint Enthusiast RicoKnox's Avatar
    Join Date
    Aug 2006
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Do you know of any other ways that aren't so exploitable?
    www.developlive.com

    "Richard's great communication and
    accuracy of coding are second to none.
    "

  4. #4
    SitePoint Wizard
    Join Date
    Mar 2007
    Posts
    1,211
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use the encrypted payment code from pay pal. It stops most people.

    I know i have seen script that does not allow people to go to download unless payment is made not sure who has it.

  5. #5
    SitePoint Addict pkSML's Avatar
    Join Date
    Aug 2006
    Location
    Ohio
    Posts
    230
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yah, you're stuck here. At least with IE6, https sites do not send HTTP Referers.
    Since it comes from the user, they could easily spoof it. So referers are not the way to go.


    I'm not sure how Paypal works, but if you can get the user's email, you could create a script that would email the script they payed for. You could also create a time-sensitive download URL, which would expire.

    Then, there is no 100% protection, as a script could easily be distributed to anyone in the digital realm.
    -Stephen

    Get a LitlURL to this page!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •