I have a scenario where i need to have a user checkout through PayPal and then once we receive the payment then we create a membership record in our membership site. The PayPal requires a "return" field when you submit the form button that will take the user back to our page once the order has been successfully processed. On that page is where we actually track the sale and fire a chunk of javascript to track the sale.
So my question is this, how can i make sure that the return page comes from PayPal and is not spoofed by a user in the system. I know there is a way to use the notify_url to have PayPal post back to our system, but in this case i have to run a chunk of javascript. Is there an easy way to do this, or would i have to write some looping/timeout function that checks to see if the notify post has come through?
Im using .net to do the posting to paypal
You need to have PayPal call a script on your site in order to prevent spoofing. Anything that goes through the client/browser is open to the user for modification, so only things that come directly to your server from PayPal are secure.
Related
i installed ezsystems/payment-paypal-bundle on ibexa commerce as a payment provider with all config and useraction=commit. so the Customer logs in from Paypal and clicks on the Pay Now button. Paypal gives no error, everything seems to be successful and customer is redirected at the RETURNURL, but no transaction is created in the buyer or in the seller account.
You are expected to show a review page on return, and run DoExpressCheckoutPayment (or equivalent) after the payer confirms the payment on your site. Setting useraction=commit will change the verbiage of the last button to say "Pay Now" instead of "Continue", indicating to the user that you are going to capture immediately (skipping the default review step) but this is only a wording change -- you still need to do a DoExpressCheckoutPayment (or newer API order capture/execution) to get a success orfailure response, and show the result.
It's worth noting that SetExpressCheckout / DoExpressCheckout payment are very old APIs....
The current v2/checkout/orders REST API does have similar capabilities if doing a redirect integration, but such redirecting is an old flow/ Keeping your site loaded and using JS for the approval instead of a redirect is always recommended nowadays (works with both current and old APIs).
I have an ASP.NET website that allows users to subscribe to a service. When a user decides to pay for their subscription, they are redirected to the PayPal site. Please note, I have a website payments standard account. Regardless, they are redirected to a URL that looks like the following:
https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_xclick-subscriptions&business=MYID&item_name=Service Subscription&a3=12&p3=1&t3=Y&src=1&srt=1&no_note=1&return=https://www.mysite.com/confirmation.aspx?id=b67e1f4d-35fa-40f7-812b-2f32b87a3d15
Interestingly, the ID in my query string of the URL is removed. I really want to pass a variable from my site to paypal, and then from paypal back to my site. The purpose of this variable is associate the subscription with the user. Is there a way to do this with website payments standard account?
Thank you!
You need to set up profiles with your membership system. You can then associate a variable with a particular subscriber.
http://www.codersbarn.com/post/2008/07/10/ASPNET-PayPal-Subscriptions-IPN.aspx
Profiles are available out-of-the-box with the website template. If you're using the WAP template, then it requires some extra work (worth the effort).
As regards passing a custom variable, you can do this by using the appropriate PayPal variable and getting it back via IPN.
I want to integrate paypal buy now button and get feedback from paypal in a school project, but i don't want to use IPN because the computer running the website will not be accessible from outside.
Are there any options for doing this?
You don't have to enable IPN to have buy now buttons on Paypal, it's completely optional. The buy now button will still take you to the correct page on Paypal so the purchase can be made. IPN only allows you to get feedback from Paypal when this happens.
Well, I need to get some information
when a successful payment is made.
Paypal can notify you by mail when something has happened.
Apologies for the bump. Just adding this in case anyone else needs it:
Use "rm=2". (input type hidden, name=rm, value=2)
https://merchant.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_Appx_websitestandard_htmlvariables
Return method. The FORM METHOD used to send data to the URL specified by the return variable after payment completion. Allowable values:
0 – all shopping cart transactions use the GET method
1 – the payer’s browser is redirected to the return URL by the GET method, and no transaction variables are sent
2 – the payer’s browser is redirected to the return URL by the POST method, and all transaction variables are also posted
How to get a notification when someone has sent money using PayPal or Credit Card in Asp.NET?
Are you using some sort of payment processor (like paypal)? If so, they should have a way of notifying you when such an event occurs. This is usually done with them POSTing the data to a URL that you given them in your account setup. At that point it is as easy as having your site respond to POST requests with to that URL With webforms, this means either having an .aspx page, or [recommended] having a generic handler (ashx). For MVC, you simply need to have an action method on the controller that the POST request is routed to.
HTH
I'm trying to use PayPal WPS with my Ubercart, and I'd like for the user to not have to create an account on my site before placing an order. However, if I enable "anonymous checkout", then go through the process of a PayPal transaction, when PayPal redirects back to my site, it never creates a new user account.
It successfully updates the order with the payment from PayPal, but doesn't create a new user with which to associate the order, so all the user information is lost.
What could I be missing here? I believe I've followed all the steps on the UC side and on the PayPal side to enable anonymous checkout, but it still fails to automatically create a new user based on the PayPal transaction.
hey, i had this issue too, what solved it for me was going into the DB, checking users table and making sure the 1st row which is for anonymous users has the primary key as 0, try this if it doesnt let me know, Chris