d3rr3chn3r Posted February 10, 2003 Posted February 10, 2003 I'm not too familiar with other payment gateweays, but I do know that you can get away from actually paying with the cart ever knowing the difference by simply cut and copy the URL given to paypal when visiting thier site to pay. When you go to the page the cart told paypal to send you after you make your payment, the cart thinks you paid. This can be especially dangerous for those who just have downloadable files for sale.
westkoast Posted February 10, 2003 Posted February 10, 2003 Wow...that's a nasty glitch on the OSC end of things...just tried it on my test site an it works perfectly... Any modules out there to stop this type of behaviour? I need to read the rules more often...
mindsetdesigns Posted February 10, 2003 Posted February 10, 2003 Perhaps the paypal payment page should have a "No Right Click Script" and also have a basic browser window...I.E. No toolbar or address buttons.. As far as I know there is no keyboard shortcut to open "View Source"...This would be my solution for the paypal problem...Hmmmm Iwonder if you can pass variables to the paypal page to do that...or make your payment page pop open in that kind of window that way the paypal page may inherit those things....hope everyone follows this as I think it may work and am going to try it out myself...
Paul_C Posted February 10, 2003 Posted February 10, 2003 Perhaps the paypal payment page should have a "No Right Click Script" and also have a basic browser window...I.E. No toolbar or address buttons..As far as I know there is no keyboard shortcut to open "View Source"...This would be my solution for the paypal problem... This is far from a solution, I shouldn't even need to go into the many different ways this kind of thing is bipassed or ignored completely. Doesn't the IPN contribution take care of this? (Anyone using it know?) "It's a damn poor mind that can only think of one way to spell a word." -- Andrew Jackson
mindsetdesigns Posted February 10, 2003 Posted February 10, 2003 Wait a minute I just tested my cart with paypal option. The page where they fill out the paypal payment info I right clicked to view source and i could not FIND the successful payment page URL embedded in there at least not in plain text!!.. what exactly are you talking about??
mindsetdesigns Posted February 10, 2003 Posted February 10, 2003 Well since I can't find an Edit Post button ZI had to post again... This is the succesful payment URL: http://www.4motorcycleparts.com/catalog/ch...onfirmation.php Even if you are logged in and you go to this address it defaults to the Home Page...
westkoast Posted February 10, 2003 Posted February 10, 2003 Wait a minute I just tested my cart with paypal option. The page where they fill out the paypal payment info I right clicked to view source and i could not FIND the successful payment page URL embedded in there at least not in plain text!!.. what exactly are you talking about?? In the address bar (on the payal.com page) just chop out everything except your web address...it will take you to the confirmation page, and you will receive an email of a new order being placed. Just make sure you double check your paypal.com acct. before sending products out. I need to read the rules more often...
wizardsandwars Posted February 10, 2003 Posted February 10, 2003 In the address bar (on the payal.com page) just chop out everything except your web address...it will take you to the confirmation page, and you will receive an email of a new order being placed. Uh......., no. Here's the webaddress. http://www.wizardsandwars.com/paypal_notify.php I'm sorry, but this does not take you to any comfirmation page. Maybe you left out a step? ------------------------------------------------------------------------------------------------------------------------- NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit. If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help.
pbreit Posted February 10, 2003 Posted February 10, 2003 I believe the PayPal IPN contribution checks the amount paid rendering the described action unuseful. Patrick Breitenbach
Guest Posted February 10, 2003 Posted February 10, 2003 Uh.......' date=' no. Here's the webaddress. http://www.wizardsandwars.com/paypal_notify.php I'm sorry, but this does not take you to any comfirmation page. Maybe you left out a step? Hi, Can I confirm you are using the IPN mod, if so you are aware that a notify page will be blank. I dont know if any of you have come accross Eliteweavers IPN test bed, this may be a useful place for Paypal users to test their carts etc: http://www.eliteweaver.co.uk/testing/ipntest.php This is an invaluable service and the developer is on Paypals Developer Network Advisory Board : http://www.paypal.com/cgi-bin/webscr?cmd=p...t-board-outside
wizardsandwars Posted February 10, 2003 Posted February 10, 2003 Yes, I am using the IPN mod. if so you are aware that a notify page will be blank. Not sure what you mean. If you do what you said to do, you will get a blank page, and you will not trick OSC into thinking that you have paid. ------------------------------------------------------------------------------------------------------------------------- NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit. If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help.
Guest Posted February 10, 2003 Posted February 10, 2003 Hi, notify.php should be blank, it is only designed to hold the 'post' variables from Paypal (and to post them back to validate) I have to be honest with you as I have not installed the IPN mod yet but I will take a look as I have a pretty good knowledge of IPN and file delivery, I am afraid though at the momen I am gulping at the contents of Paypals new user agreement (but that's a whole different story) Regards Ed
westkoast Posted February 10, 2003 Posted February 10, 2003 Uh......., no. Here's the webaddress. http://www.wizardsandwars.com/paypal_notify.php I'm sorry, but this does not take you to any comfirmation page. Maybe you left out a step? Yeah, I guess that paypal IPN thing does the trick. What is it...a contribution? Or does it come with the OSC package? BTW you can delete "OSC test user" from your customers....just wanted to see what you were talking about with the link you posted. I need to read the rules more often...
wizardsandwars Posted February 11, 2003 Posted February 11, 2003 That's cool. I have Pablo's PayPal IPN contribution installed. However, even without it, there is no security issue. At least not as described in this thread. ------------------------------------------------------------------------------------------------------------------------- NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit. If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.