Verify Thank You Page

by AccountCache

Posted: 13 years ago 6 replies

PROGRAMMING

I thought this would be easy to solve but after reading all the posts about IPN I'm still confused.

The Problem: My Thank You page contains a form that generates an unlock key for my software. All I want to do is verify that anyone accessing the form has been sent by PayPal (ClickBank, PayDotCom & DigiResult).

There is nothing to download and I don't need any information in the IPN.

Is there a simple solution to this?

Thanks for any help,

Geoff

#page #verify

theIMgeek

13 years ago

Hi Geoff,

To do this the "proper" way (the secure way) you would have to use PayPal's IPN or PDT services.

IPN - Instant Payment Notification - happens in the background, so you would need a custom script to receive this notice, generate the unlock key, and email it to the customer.

PDT - Payment Data Transfer - is similar but it happens out in front. PayPal sends people back to your page, adding a tx value (transaction id) to the end of the url. Your page is supposed to verify this transaction ID with PayPal and then display your unlock code to your customer.

Both would require a little bit of custom programming.

The "quick and dirty" way would be to use PayPal to make an encoded "Buy Now" button... which means people can't see what information is in your payment form... and specify a secret "thank you" page address. Then you would be relatively sure knowing that only PayPal customers could get there.

Mind you, once that page address becomes known, your security is out the window.

-Ryan

Thanks
1 reply

Signature

FREE WSO: Protect and Automatically Deliver Your Digital Products

Ask the Internet Marketing Geek <-- Happy to help with technical challenges
MiniSiteMaker.org <-- Free software to make your mini-sites fast and easy

{{ DiscussionBoard.errors[3636010].message }}

AccountCache

13 years ago

Originally Posted by theIMgeek

The "quick and dirty" way would be to use PayPal to make an encoded "Buy Now" button... which means people can't see what information is in your payment form... and specify a secret "thank you" page address. Then you would be relatively sure knowing that only PayPal customers could get there.

Mind you, once that page address becomes known, your security is out the window.

-Ryan

Thanks for your insight Ryan. I'm amazed that there doesn't appear to be a canned solution to what seems like a common problem.

Since we are launching in just a couple of days we bought WP Member Champ which is a great plugin for creating member sites but doesn't do exactly what we want. It should get us by until we can come up with something better.

Thanks
1 reply

{{ DiscussionBoard.errors[3637179].message }}

Cash Money Hosting 13 years ago

maybe not the most secure, but you could always just do a simple referrer check in php.

if($_SERVER['http_referrer']!='http://www.paypal.com){die('Invalid Page Request');exit;}
- Thanks
{{ DiscussionBoard.errors[3638005].message }}

theIMgeek

13 years ago

The trouble with using a referrer is that it is not guaranteed that the browser will submit that value. You could potentially block out a paying customer.

-Ryan

Thanks
1 reply

Signature

{{ DiscussionBoard.errors[3638058].message }}

HamzaSiddiqui

13 years ago

Originally Posted by theIMgeek

The trouble with using a referrer is that it is not guaranteed that the browser will submit that value. You could potentially block out a paying customer.

-Ryan

you are right

Thanks
1 reply

{{ DiscussionBoard.errors[3645685].message }}

AccountCache 13 years ago

CMH - This is exactly the kind of simple solution I was hoping to find but as Ryan points out I can't risk losing customers.

For now I guess we will go with WP Member Champ until we can come up with a more appropriate solution.
- Thanks
{{ DiscussionBoard.errors[3647467].message }}

Verify Thank You Page

Trending Topics

Any thoughts on golf's latest phenom...Scottie Scheffler??

The Twilight Zone

What's the Best IM-Related Skill to Learn Today That Can Help in the Future?

best high quality crypto traffic.

Should i Index Author pages?