Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

PayPal Insecure

Guest

By Guest
in Other

 Share

Recommended Posts

Guest

Guest

Posted
Posted (edited)

Ok, I don't know how well know it is. The PayPal payment module that is included in the osCommerce installation is insecure.. With a downloadable item, like software, once you arrive at the PayPal entry screen to begin the billing portion of checkout, all you have to do is type the "Return URL" which goes to "site.com/[catalog]/checkout_process.php" into your address bar, press enter, and you are given the "Success" page with the download link. Thereby bypassing PayPal altogether.

 

My question is, does anyone know of anyway around this? Please, keep in mind that I have not used PayPal before from a developers end. I do not know what options are available to me. Also, is there a better module for PayPal?

 

Please help me. I have used real merchant accounts before, like Pay Flow Pro, and prefer them over offsite payment solutions, but this client really wants PayPal and is going to be selling downloadable ebooks, so the downloads have to be secure and I am able to access them freely every time I try, without once ever entering any information into PayPal.

 

Thank you for your help!

 

-FireStorm69-

In a mad world, only the mad are sane...

Edited by sparky
Mark Evans

Mark Evans

Posted
Posted

The best way to secure downloads is to use the IPN payment module.

 

This can be found in the contributions section.

Mark Evans

osCommerce Monkey & Lead Guitarist for "Sparky + the Monkeys" (Album on sale in all good record shops)

 

---------------------------------------

Software is like sex: It's better when it's free. (Linus Torvalds)

Aziz

Aziz

Posted
Posted

actually...

 

i would add a small test on top of its header to check if the user really did buy it..

 

if it is let em view it else kick em out

 

peace,

--------------------------------

Guest

Guest

Posted
Posted (edited)

Ok, this is to both replies so far. :)

 

First one, I downloaded the paypalipn-1.5b.zip and set it up, the best I could with the instructions given. How am I supposed to setup the paypal module in the admin section? Is there anything special I have to do to lock the download until the paypalipn.php gets the response from paypal and unlocks it? Because my problem is as long as I go directly to checkout_process.php in the catalog directory, it says success and gives me the download link. I must be missing something here, I dunno.

 

Second one, what would I be testing for specificly? I have never dealt with paypal before, so please bear with me on this. I prefer real merchant accounts, but oh well..

 

Thanks for your help, both of you!

Edited by firestorm69
ecartz

♥ecartz

Posted
Posted
Is there anything special I have to do to lock the download until the paypalipn.php gets the response from paypal and unlocks it?
There is a contribution called the Downloads Controller for this.

 

The problem is that the PayPal IPN does not guarantee that the order will be authorized/declined by the time that it reaches checkout_process.php and checkout_process.php has no way of waiting.

 

Hth,

Matt

Always back up before making changes.

Guest

Guest

Posted
Posted
There is a contribution called the Downloads Controller for this. 

 

The problem is that the PayPal IPN does not guarantee that the order will be authorized/declined by the time that it reaches checkout_process.php and checkout_process.php has no way of waiting. 

Ok, how does the downloads controller accomplish this? The client I am working for wants this to be 100% fully automatic. She doesn't want to approve downloads or anything, but she wants to stick to paypal because she says not everybody has a credit card but they may have a paypal account.

 

Will the downloads controller allow this to be fully automatic if used in conjunction with the PayPal IPN?

 

And which one should I use? I see a couple in the contributions section, but not sure if they are the same and just different versions or completely different modules? I downloaded the Download Controllev5.3 MS2.2 but I am not sure if that is the correct one or not.

 

Thank you greatly for your help!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...