CrisTany Posted June 4, 2013 Report Posted June 4, 2013 Salut, lucrez la un nou website, tema nu conteaza aici, vreau sa fac ca platile sa se desfasoara prin paypal. Pe websiteul meu exista o moneda virtuala uCredits, aceste uCredits le cumperi folosind PayPal.Uite si problema mea, cand creez butonul pe paypal.com de Buy now, pot completa un camp unde sa redirectioneze clientul dupa ce plata e realizata. Daca pun de exemplu www.mywebsite.com/home/payment/credits , unde e pagina in care adaug creditele in baza de date, clienti pot intra din nou acolo fara a face plata si sa exploateze siteul. Problema mai pe scurt: cum pot face ca doar dupa ce face plata sa poata accesa acea pagina si sa i se incarce contul cu uCredits.Asa arata formul dat de paypal pe care il pun pe website:<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top"><input type="hidden" name="cmd" value="_s-xclick"><input type="hidden" name="hosted_button_id" value="WZNDEN836CHR8"><input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!"><img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"></form>Daca mai aveti intrebari sau nu ati inteles ceva lasati un reply, multumesc. Quote
Robert1995 Posted June 4, 2013 Report Posted June 4, 2013 Daca vrei sa fie secured.Trebuie sa setezi IPN-ul din paypal in settings sa nu fie public si sa fii atent sa faci mai multe verificari.Dai pe google paypal IPN Quote
Sim Master Posted June 4, 2013 Report Posted June 4, 2013 In pagina unde creezi butonul, bifezi "Add advanced variables" si adaugi in acel textarea asta:notify_url=http://domeniu.com/pagina.phpPe linkul ala paypalul iti va trimite prin POST o gramada de detalii despre tranzactia efectuata, inclusiv de la cine si suma platita. Parsarea parametrilor primiti nu cred ca e o problema. Mai ramane validarea datelor, pentru ca oricine ar putea face un POST catre linkul ala.Ca sa validezi datele primite si sa te asiguri ca ce ai primit prin e o tranzactie paypal valida, va trebui sa faci un request simplu, GET la linkul urmator:https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate&$postVariabila $post din link va contine toate datele primite prin post formatate sub forma nume=valoare&nume=valoareDaca raspunsul primit in pagina este "VERIFIED" atunci ii dai creditele, altfel nu. Quote
Active Members akkiliON Posted June 4, 2013 Active Members Report Posted June 4, 2013 (edited) OFF:La unele site-uri poti schimba pretul folosind doar Tamper Data ! Aceasta metoda este veche ! Poate careva nu stie de aici si m-am gandit sa va anunt. 1. Use Google to find sites that take PayPal as payment.2. Find something (not too expensive lol.)3. Turn on Tamper Data (can be found in tools once installed.)4. Click start tamper5. Click add to cart.6. This is the annoying part, every time the site tries to store something, Tamper Data pops up and asks what you want to do, being very careful, glance down and look for the price of the item, if its not there, then click OK. If it is, then select the price and change it to what you want (I decided to change it to 1% (Item was $123, I changed it to $1.23) All will become apparent very soon. Then click ok.7. Once PayPal has loaded, turn Tamper Data off by clicking stop tamper8. Notice PayPal now charges you whatever price you entered earlierIf you get to the PayPal confirm payment page, then you have gone too far, just go back to the beginning and try again. Edited June 4, 2013 by akkiliON Quote
CrisTany Posted June 10, 2013 Author Report Posted June 10, 2013 Am tot incercat sa fac dar nu am reusit, si am zis ca poate e problema cu query-ul meu de UPDATE, si am zis pentru o tura sa pun un INSERT la plesneala sa vad daca se adauga, si se adauga. Deci problema e cu query-ul meu.Cam asa am query-ul:include 'models/config.php';mysql_query("UPDATE `users` SET `credits` = `credits`+ '".$_POST['custom2']."' WHERE `id` = '".$_POST['custom']."' ");si asta e formul meu actual:<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top"><input type="hidden" name="cmd" value="_s-xclick"><input type="hidden" name="hosted_button_id" value="MT8FUVFNAJ9G6"><input type="hidden" name="notify_url" value="http://www.usedarchive.com/paypal.php"><input type="hidden" name="custom" value="'.$fetch['id'].'"><input type="hidden" name="custom2" value="10"><input type="hidden" name="return" value="http://www.usedarchive.com/home.php"><input type="hidden" name="cancel_return" value="http://www.usedarchive.com/home.php"><input type="submit" value="Pay"></form>Care sa fie prblema ? Nu se trimite ID-ul sau cantitatea in cele 2 posturi ? Quote
CHIRY Posted June 10, 2013 Report Posted June 10, 2013 Cam ce trebuie sa faci:1. Formular<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top"><input type="hidden" name="cmd" value="_s-xclick"><input type="hidden" name="hosted_button_id" value="MT8FUVFNAJ9G6"><input type="hidden" name="notify_url" value="http://www.usedarchive.com/paypal.php"> <- pagina unde trimite paypal datele dupa ce a facut facuta comanda<input type="hidden" name="custom" value="'.$fetch['id'].'|'.$fetch['ce-cumpara'].'|'.$fetch['cat-cumpara'].'"> <- aici in custom pui id-ul, pachetul cumparat, si ce contine acel pachet (pentru securitate, vezi mai incolo)<input type="hidden" name="return" value="http://www.usedarchive.com/home.php"> <- unde il redirectioneaza dupa ce a fost facuta plata<input type="hidden" name="cancel_return" value="http://www.usedarchive.com/home.php"> <- unde il redirectioneaza daca se hotaraste sa numai platesca <input type="submit" value="Pay"></form>2 IPN care este: notify_url din formular<?phprequire("config.php"); // configurarea unde ai conectarea la baza de date// STEP 1: Read POST data// reading posted data from directly from $_POST causes serialization // issues with array data in POST// reading raw POST data from input stream instead. $raw_post_data = file_get_contents('php://input');$raw_post_array = explode('&', $raw_post_data);$myPost = array();foreach ($raw_post_array as $keyval) { $keyval = explode ('=', $keyval); if (count($keyval) == 2) $myPost[$keyval[0]] = urldecode($keyval[1]);}// read the post from PayPal system and add 'cmd'$req = 'cmd=_notify-validate';if(function_exists('get_magic_quotes_gpc')) { $get_magic_quotes_exists = true;} foreach ($myPost as $key => $value) { if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) { $value = urlencode(stripslashes($value)); } else { $value = urlencode($value); } $req .= "&$key=$value";}// STEP 2: Post IPN data back to paypal to validate$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_POSTFIELDS, $req);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));// In wamp like environments that do not come bundled with root authority certificates,// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path // of the certificate as shown below.// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');if( !($res = curl_exec($ch)) ) { // error_log("Got " . curl_error($ch) . " when processing IPN data"); curl_close($ch); exit;}curl_close($ch);// STEP 3: Inspect IPN validation result and act accordinglyif (strcmp ($res, "VERIFIED") == 0) { // check whether the payment_status is Completed // check that txn_id has not been previously processed // check that receiver_email is your Primary PayPal email // check that payment_amount/payment_currency are correct // process payment // assign posted variables to local variables// Variabile pe care le poti folosi$item_name = $_POST['item_name'];$item_number = $_POST['item_number'];$payment_status = $_POST['payment_status'];$payment_amount = $_POST['mc_gross'];$payment_currency = $_POST['mc_currency'];$txn_id = $_POST['txn_id'];$receiver_email = $_POST['receiver_email'];$payer_email = $_POST['payer_email'];$custom = explode('|', $_POST['custom']); // mai tii minte ce am pus in formularul de sus da ? 3 chestii$id = $custom[0]; // prima ID-ul$pachet = $custom[1]; // 2 ce cumpara $text = $custom[2]; // 3 cat cumpara$pack = mysql_fetch_object(mysql_query("SELECT * FROM `pachete` WHERE `nume`='{$item_name}' AND `cat_a_cumparat`='{$item_number}'"));mysql_query("UPDATE `users` SET `punct`=`punct`+'{$pack->punct}' WHERE `id`='{$id}'"); } else if (strcmp ($res, "INVALID") == 0) { // log for manual investigation}?>Sper ca ti-ai facut o idee !Bafta Quote
CrisTany Posted June 11, 2013 Author Report Posted June 11, 2013 Am reusit ieri seara, dupa mai multi dolarei aruncati pe teste. Quote
robertutzu Posted June 11, 2013 Report Posted June 11, 2013 Am reusit ieri seara, dupa mai multi dolarei aruncati pe teste.exista sandboxu de la paypal Quote
CrisTany Posted June 11, 2013 Author Report Posted June 11, 2013 stiu, dar nu l-am mai folosit. Quote
CHIRY Posted June 12, 2013 Report Posted June 12, 2013 Data viitoare spune si tu ca ai rezolvat ! Sa nu ne mai chinuim sa te ajutam Si daca tot ai rezolvat spune si cum, ca poate are si altcineva aceiasi problema si cauta rezolvarea ! Quote
TheTime Posted June 12, 2013 Report Posted June 12, 2013 Cam asa am query-ul:include 'models/config.php';mysql_query("UPDATE `users` SET `credits` = `credits`+ '".$_POST['custom2']."' WHERE `id` = '".$_POST['custom']."' ");SQLi. Daca ai pastrat query-ul, nu ar strica sa ti-l repari. Quote
CrisTany Posted June 12, 2013 Author Report Posted June 12, 2013 nu folosesc query-ul ala.Am rezolvat eliminand inputul care trimitea postul custom2, nu exista. In el trebuia sa introduc valorea creditelor, dar le-am introdus in custom ambele, iduser#credite, si folosind explode le-am extras.Done. Quote