I am having trouble using the BMCreateButton of the Button Manager API to get a multiple-item cart uploaded.
Inside the paypal documentation for the cart upload command, the paragraph on "securing your button" implies that it should be possible to get encrypted buttons for all the functions listed above, including the cart upload form. And in this SO thread, someone states they have solved this with PHP, but having looked it up, it's not evident they use a simple HTTP Post, as it's got to do with a PHP class's internal workings.
So far, I am able to only view one item only, and when trying to use the multiple-item syntax (item_name_1, item_name_2...) it's showing no items at all with a total of 0.00.
Here is my request code:
string requestContent =
"METHOD=BMCreateButton" +
"&VERSION=85.0" +
"&USER=<user>" +
"&PWD=<pwd>" +
"&SIGNATURE=<sig>" +
"&BUTTONCODE=ENCRYPTED" +
"&BUTTONTYPE=BUYNOW" +
"&BUTTONIMAGE=reg" +
"&BUTTONCOUNTRY=US" +
"&BUTTONSUBTYPE=PRODUCTS" +
//"&L_BUTTONVAR1=cmd%3D_cart" + //having this in here definitely causes an error message to display
"&L_BUTTONVAR1=button_subtype%3DPRODUCTS" +
"&L_BUTTONVAR2=business%3Dbiz%40biz.com" +
"&L_BUTTONVAR3=item_name_1%3DToaster" +
"&L_BUTTONVAR4=amount_1%3D45.00" +
"&L_BUTTONVAR5=quantity_1%3D1" +
"&L_BUTTONVAR6=upload%3D1";
It doesn't work -I have asked the PayPal tech support and will post back here if I hear anything back from them on this topic.
I encountered the same issue and as there was no progress, I contacted PayPal support. There is the answer:
There is quoted reply in case the link will die:
It's not only with ENCRYPTED. If you try CLEARTEXT, the same error is thrown.
Upload cart is a slightly different kind of button, that was never intended to be pre-built, and that's why this functionality doesn't exist in BMCreateButton. If you compare the Button Manager in the account and the API functionality - they have the same capabilities and, in both cases, the upload cart isn't there.
Looking at the documentation, you will also notice the BUTTONTYPE=CART refers to Add to cart.
It makes perfect sense to try to secure the upload cart code, but the best way will always be post-transaction consistency verification (with IPN).
So to sum this up, it is not possible to encrypt it, we can only detect tampering, e.g., with IPN.
In the reaction to my question, the PayPal moderator filed an issue to clarify this in the documentation.
Related
Our domain email address started receiving blank spam emails from our contact form (this is known from the header). They are from seemingly random email addresses and have no content. They are received roughly every 5 minutes with occasional 45 minute breaks. The form works correctly and I've tried both Askimet and Honeypot plugins (both together and separately) to no avail. The contact form (Contact-Form-7) has required fields. I believe Honeypot is failing due to the blank content and the hidden field not being populated. Here is an example of what the email contains:
From: WordPress [mailto:info#domain.com]
Sent: Thursday, April 13, 2017 3:47 PM
To: info#domain.com
Subject: contact form from domain.com
Name: 58f0002d1ad5f 58f0002d1ada9
Email: randomname#random.com
Subject:
Message:
The random name & email services are from various providers (billy#hotmail.com, kelly#yahoo.com, jim#gmail.com, etc). The Name field contains a seemingly random string (58efeaa9252e7 58efeaa92532d, 58efeaaf3099c 58efeaaf309da,58f0002d1ad5f 58f0002d1ada9, etc)
What is responsible for this particular type of spam?
What is the actual goal of blank spam email?
Is there another plugin or workaround that could filter the spam besides captcha?
Honeypot will not catch blank email spam as noted above. Invisible reCaptcha will prevent this particular type of spam.
As far as possible motivation(s)/reason(s):
1.The spammers send the e-mail, along with a million others. Some bounce, some don't. They now know which e-mail addresses are still current.
2.Some people, amazingly, actually reply, even if it's just to say "Unsubscribe me!". Bingo, the e-mail address is current and there's a person behind it, and that person actually opens e-mails sent by the particular send address they've used.
3.Sometimes the content isn't as empty as it seems. For instance, many spam messages contain a one-pixel-by-one-pixel image with a trackback url; as soon as you view the message, they get pinged that this particular pixel was viewed - Bingo as above. That's the reason many modern mail clients warn you about images in messages and suggest you don't view the images unless you trust the source.
You could use invisible reCAPTCHA or use Contact Form's build in quiz/question.
I'm having the same issue with this bot/spammer. Honeypot doesn't work for me either. Would be interested to know the source and goal of this spammer.
We have a notification which will post data to an application using the application end point.
notification ABC{
post = savedetailsurl
body = {{.|json}}
useBody = true
}
So the end point will save all the details in mysql DB.
Now in our template we call another end point to get the details which we saved using the webhook in notification.
template ABC {
use the " getDetailsUrl" and use the details in forming the email
}
Now the problem is race condition. Sometimes the details are not saved yet in the backend (mysql), and getDetailsUrl is called. So we get the empty result.
Is there are way to solve the race condition.
Bosun's notification system is designed to be very basic. If you want something more advanced you will need to use a separate system to generate the notification details and/or handle the alert workflow. Some people have used pagerduty or other monitoring systems like Shinken to do more advanced notifications or alert management.
Your best bet is to skip the built in notifications and do everything in a external system. You can still use the http://bosun.org/api to integrate with the various alert states (crit/warn/ack/close/etc) or you can change your alerts to use log = true to bypass all the built in states and create your own workflow.
Current Project:
ASP.NET 4.5.2
MVC 5
PayPal API
I am using this example to build myself a PayPal transaction (and yes, my code is virtually identical), as I do not know of any other method that will return the three values in the title.
My main problem is that, the example I am utilizing is much more concise and compact than the one I used for a much older Web Forms application, and as such, I am unsure as to where or even how to grab the three values I need.
My initial thought was to do so right after the ACK, and indeed I was able to obtain the CorrelationId as well as the TimeStamp, but because this was prior to the user being carted off to PayPal’s site (sandbox in this case -- see the return new PayPalRedirect contained within the if), the TransactionId was blank. And in this example, PayPal explicitly redirects the user to a Success page without returning to the Action that sent the user to PayPal in the first place, and I am not seeing any GET values in the URL at all aside from the Token and the PayerId, much less ones that could provide me with the TransactionId.
Suggestions?
I have also looked at the following examples:
For ASP.NET Core, was unsure how to adapt to my current project particularly due to appsettings.json, but it looked quite well done. I really liked how the values were rolled up in lists.
For MVC 4, but I couldn’t find where ACK was being used to determine success or successwithwarning so I couldn’t hook into that.
I have also found the PayPal content to be like trying to drink from a fire hose at full blast -- not only was the content was hopelessly outdated (Web Forms code, FTW!) but there was also so many different examples it would have taken me days to determine which one was most appropriate to use.
Any assistance would be greatly appreciated.
Edit: my initial attempt at modifying the linked code has this portion:
values = Submit(values);
var ack = values["ACK"].ToLower();
if(ack == "success" || ack == "successwithwarning") {
using(_db = new ApplicationDbContext()) {
var updateOrder = await _db.Orders.FirstOrDefaultAsync(x => x.OrderId == order.OrderId);
if(updateOrder != null) {
updateOrder.OrderProcessed = false;
updateOrder.PayPalCorrelationId = values["CORRELATIONID"];
updateOrder.PayPalTransactionId = values["TRANSACTIONID"];
updateOrder.PayPalTimeStamp = values["TIMESTAMP"];
updateOrder.IPAddress = HttpContext.Current.Request.UserHostAddress;
_db.Entry(updateOrder).State = EntityState.Modified;
await _db.SaveChangesAsync();
}
}
return new PayPalRedirect {
Token = values["TOKEN"],
Url = $"https://{PayPalSettings.CgiDomain}/cgi-bin/webscr?cmd=_express-checkout&token={values["TOKEN"]}"
};
}
Everything within and including the using() is my added content. As I mentioned, the CorrelationId and the TimeStamp come through just fine, but I have yet to successfully obtain the TransactionId.
Edit 2:
More problems -- the transactions that are “successful” through the sandbox site (the ReturnUrl is getting called) aren’t reflecting properly on my Facilitator and Buyer accounts, even when I do payments straight from the buyer’s PayPal account (not using the Credit Card). I know I am supposed to see transactions in the Buyer’s account, either through the overall Dev account (Accounts -> Profile -> balance or Accounts -> Notifications) or through the Buyer’s account in the sandbox front end. And yet -- multiple transactions returning me to the ReturnUrl path, and yet no transactions in either.
Edit 3:
Okay, this is really, really weird. I have gone over all settings with a fine-toothed comb, and intentionally introduced errors to see where things should crap out. It turns out that the entire process goes swimmingly - except nothing shows up in my notifications and no amounts get moved between my different accounts (Facilitator and Buyer). It’s like all my transactions are going into /dev/null, yet the process is successful.
Edit 4: A hint!
In the sandbox, where Buyer accepts the transaction, there is a small note, “You will be able to review the transaction before completing it” or something like that -- suggesting that an additional page is not coming up and that the user is being uncerimoniously dumped back to the success page. Why the success page? No clue. But it’s happening.
It sounds like you are only doing the first part of the process.
Express Checkout consists of 3 API calls:
SetExpressCheckout
GetExpressCheckoutDetails
DoExpressCheckoutPayment
SEC generates a token, and then you redirect to PayPal where the user signs in and reviews the transactions before agreeing to pay.
They are then sent to the ReturnURL included in your SEC request, and this is where you'll call GECD in order to obtain all the buyer details that are now available since they signed in.
Using that data you can complete the final DECP request, which is what finalizes the procedure. No money is actually processed until this final call is completed successfully.
I'm looking to have the information submitted on a google form to be on the email notification that I receive. I have tried several things but I can't seem to get it to work. Any ideas?
Create a new form in Google Docs, if you haven’t done that yet, add the necessary fields to the form and save your changes. Now go back to Google Docs and open the spreadsheet corresponding to that particular form.
Choose Tools > Notification rules... and select the option that says Notify me when... A user submits a form. You can also set how frequently you would like to be notified – right away or with daily digest.
Reference: https://support.google.com/docs/answer/91588
To get the notification in your email, you can refer to the this Google add-on.
Also to enable the data or responses to appear in notification you have to enter a script in the form. which basically tries to extract the columns from the spreadsheet. Sample:
var p = SpreadsheetApp.getActiveSheet();
var column = p.getRange(1,1,1,s.getLastColumn()).getValues()[0];
I hope you build the script by yourself!
I'm in a situation in which i need to be able to create a topics using self created bot. My forum has a special category and user, which can create a topics in that category.
Technology i'm using to create that bot is ruby + mechanize gem but it's not important right now. That bot works in a following way:
Sign in as previously mentioned user:
visit - /ucp.php?mode=login
fill the sign-in form using user credentials
if, after submiting a form, there is a sign-out link somewhere on the page, threat this whole process as "successfull"
Create a topic
visit - /posting.php?mode=post&f=21
fill subject field with desired subject
fill message field with desired message
submit a form using Submit button
And now, while first point works just great, the second one behaves in a strange way. After submiting a form, there is no error message or anything like that, i'm just getting redirected to /viewforum.php?f=21 (log's says that it's 302 Moved Temporarily status) page and the topic is not there.
Can anyone tell me what such behaviour means? Is there any security mechanism i don't know about? Please also note that the new topic form has form_token and creation_time fields filled correctly while form is beeing submited.
Thanks in advance for any clues.
According to this thread: https://stackoverflow.com/a/11713867/552936, user is treated as a bot if he sends a form without any delay (and it end's up with a 302 redirect). I can't find any info on google what's the exact delay, carck3r says that it's 8 seconds but for me, it was 2 seconds.