堆栈内存溢出
  简体   繁体   English

如何安全地发送贝宝付款信息(HTML表格)到贝宝?

[英]how to send paypal paypment info ( html form ) to paypal securely?

 原文  2015-03-31 16:27:39       php/ html/ wordpress/ forms/ paypal

问题描述

I am creating a wordpress plugin where I need to add payment feature with paypal . 我正在创建一个wordpress插件,需要在其中添加使用paypal的付款功能。 To pay with paypal , generally a html form with required information such as paying amount , currency etc is sent to paypal for pay . 要使用Paypal进行付款,通常将带有所需信息(例如付款金额,货币等)的html表单发送到paypal进行付款。

But as the form is in client side so it could be changed any time by browser element inspector. 但是由于该表单位于客户端,因此可以随时通过浏览器元素检查器进行更改。

For an example I need to get 200 USD from user. 例如,我需要从用户那里获得200美元。 But if the user change the amount from 200 to 20 USD using element inspector , this will be paid 20 USD. 但是,如果用户使用元素检查器将金额从200 USD更改为20 USD,则将向其支付20 USD。

Though I am informed about paypal IPN . 虽然我了解到贝宝IPN。 It could be detect if the user is paid the required amount or not using IPN message. 可以使用IPN消息检测是否向用户支付了所需的金额。 But I also need to send user id to detect which user has paid . 但是我还需要发送用户ID来检测哪个用户已经付款。 But if someone change the user id from html form , it will not be detectable using IPN message . 但是,如果有人从html格式更改用户ID,则使用IPN消息将无法检测到该ID。

I have sent the form with user id . 我已发送带有用户ID的表格。 I can also find out current user id in IPN listener script . 我还可以在IPN侦听器脚本中找到当前用户ID。

But the problem is here . 但是问题就在这里。 User is not accessing IPN listener but paypal accessing ipn listener , so as if paypal is not the user , user id will not be retrieved from database . 用户不是在访问IPN侦听器,而是paypal在访问ipn侦听器,因此,如果paypal不是该用户,则不会从数据库中检索用户ID。 As a result I could not verify which user has paid . 结果,我无法验证哪个用户已经付款。

What can I do at this moment ? 此刻我该怎么办? Should I send the form to paypal from server side using CURL ? 我应该使用CURL从服务器端将表单发送到Paypal吗? or anyhow ? 还是?

1 个解决方案

解决方案1
 0 已采纳  2015-03-31 17:01:55

I guess you are using the PayPal standard button. 我想您正在使用PayPal标准按钮。

It is possible to encrypt/ sign the data of the button using asymmetric encryption, this prevents manipulation of the button. 可以使用非对称加密对按钮的数据进行加密/签名,这可以防止对按钮的操作。

Details can be found on the PayPal website: https://developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/encryptedwebpayments/ 可以在PayPal网站上找到详细信息: https : //developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/encryptedwebpayments/

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何通过贝宝IPN发送和检索自定义表格信息? - how to send and retrieve custom form info through paypal IPN? 如何安全地将购物篮订单和付款信息发送到 PHP 中的 PayPal? - How to securely send basket order and payment information to PayPal in PHP? 如何安全地发送贝宝形式的隐藏变量? - how to safely send hidden variables of paypal form? PayPal IPN 间歇性地不从表单提交将购物车/信息发布到 PayPal - PayPal IPN intermittently not POSTing cart/info to PayPal from form submit 包含电子邮件和贝宝的贝宝表格 - Paypal form with email and paypal 如何在不干扰 PayPal 智能按钮的情况下向服务器发送表单 - How to Send a Form to the Server Without Interfering with PayPal Smart Buttons 在贝宝(Paypal)表格中转换货币,并以英镑发送给贝宝(Paypal) - Convert currency within Paypal form and send to Paypal as GBP 如何将商品信息发送给贝宝? - How to send item information to paypal? 如何使用PHP安全地传递paypal API凭证(为什么这不被认为是安全的) - How to pass paypal API credentials SECURELY in with php (and why is this not considered secure) 如何使用Paypal IPN将发货地址发送到Paypal - How to send Shipping address to Paypal, when using Paypal IPN
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM