View Full Version : How to match two fields for PAYPAL IPN Script please help

02-20-2012, 06:04 PM
Hello all experts..
i need your help.i have tried a lot but could not manage.
ok i have paypal IPN Scritp and its quite simple for auto payments.
few days before someone tried to edit the strings and was able to get balance.
but i manually check everything so there was not problem.but its a issue for me.
please help and guide me.
here is script for sendind data to paypal

case 'process':
$p->add_field('business', $papid["paypalid"]);
$p->add_field('return', $this_script.'?action=success');
$p->add_field('cancel_return', $this_script.'?action=cancel');
$p->add_field('notify_url', $this_script.'?action=ipn');
$p->add_field('item_name','Account Deposit');
$p->add_field('amount', $amount);
$p->add_field('item_number', '1');
$p->add_field('cpp_header_image', $URL.'images/paypal_750x90.gif');

which generate these strings bellow to send to PayPal

<head><title>Processing Payment...</title></head>
<body onLoad="document.forms['paypal_form'].submit();">
<center><h2>Please wait, your order is being processed and you will be redirected to the paypal website.</h2></center>
<form method="post" name="paypal_form" action="https://www.paypal.com/cgi-bin/webscr">
<input type="hidden" name="rm" value="2"/>
<input type="hidden" name="cmd" value="_xclick"/>
<input type="hidden" name="business" value="admin_1329547551_biz@gmail.com"/>
<input type="hidden" name="return" value="http://www.mywebsite.com/payment.php?action=success"/>
<input type="hidden" name="cancel_return" value="http://http://www.mywebsite.com/payment.php?action=cancel"/>
<input type="hidden" name="notify_url" value="http://http://www.mywebsite.com/payment.php?action=ipn"/>
<input type="hidden" name="item_name" value="Deposit"/>
<input type="hidden" name="amount" value="10.99"/>
<input type="hidden" name="item_number" value="1"/>
<input type="hidden" name="currency_code" value="USD"/>
<input type="hidden" name="cpp_header_image" value="http://http://www.mywebsite.com/images/paypal_750x90.gif"/>
<input type="hidden" name="custom" value="8477bf6b2e710c2ba10dc70ec9f7cf2e#sender@email.com#10.99"/>
<center><br/><br/>If you are not automatically redirected to paypal within 5 seconds...<br/><br/>
<input type="submit" value="Click Here"></center>

so a user copy these codes from browser and Edit this lines.then he farwaded to paypal paid 0.01 and get back to site and get balance of 10.99 becoz of value="8477bf6b2e710c2ba10dc70ec9f7cf2e#sender@email.com#10.99"/>

<input type="hidden" name="amount" value="10.99"/> ----(changed with 0.01)

now i just want to have some codes before update database which can compare and match(normally should be same without trick) amount on these lines bellow.

$p->add_field('amount', $amount);

problem is second line have subject+email+amount
how can i compare amount from both lines if not same should be exit...
i tried some sort of codes but not very good in php..any tutorial or guide please.
thank you for reading this post..

02-20-2012, 08:20 PM
Maybe you should be using their free "express checkout" API?
See their documentation and development scripting examples.
They have a whole PHP script example section for developers.
You can also use PHP SESSION for storing data if you wish.