Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can one rely on Paypal IPN solely to record purchases?

Tags:

php

paypal

paypal-ipn

I'm setting up a simple 'buy now' transaction from a website with these major steps:

  1. Select product from price list
  2. Review selection (amounts, tax etc)
  3. Process Payment on Paypal
  4. Receipt / Thank you

At the moment, i'm storing a database record in step 2 - which potentially means there will be a number of records where no payment is received as people decide not to go ahead with their purchase after all. These records are of no real use since i'll use Google Analytics to track how successful the checkout flow is.

I'm using Paypal IPN to verify the authenticity of the payments and log them against the records inserted at step 2 - however, could I feasibly rely solely on the data from the IPN transactions to populate the database in the first place, thus removing the need to store them at step 2 and have to do database cleanup to remove transactions that never completed?

I personally can see no reason why I wouldn't - the IPN contains all the data I need about the payment and probably more besides, and Paypal will resend IPNs for several days if they don't go through first time due to server glitchery, but am I missing anything else important?

Obviously the number one consideration is that no transactions get lost or aren't logged so that no customer unhappiness ensues!

like image 652
Codecraft Avatar asked Jan 20 '23 13:01

Codecraft

1 Answers

It's important to do a 2 way validation like you have.

You save the order info (total, quantity) before the user leaves your system towards paypal. When ipn come back you validate the request (it must be from paypal ip or whatever), you validate that it's a successful transaction then your step 2 enters the scene. You validate if the total returned from paypal ipn is the same with the total that was saved before the user left (Paypal sometime may return partial payments, the user may grab the post data and do his own post from a modified html with a lower total set). Step 2 should also store the user_id of the buyer so you must compare that too.

here's a sample layer (no programming language just a dummy code):

if request comes from paypal:
    #   query the order
    if order.total == request.total && order.user_id == request.custom:
        payment may come in...
like image 157
Romeo M. Avatar answered Jan 30 '23 07:01

Romeo M.
Sign in to Comment

Related questions

PHP + jQuery + Ajax form submission - return results on the same page
Fopen, fread and flock
How can I stop Zend Form errors from being rendered as unordered lists?
CodeIgniter $this->load->vars()
send push notification form my server PHP
Best ways to sanitize user submitted content? [duplicate]
Get the last 50 lines from text file using php
Apache webroot icons not loading
Count rows in DB where
How can we exactly do caching in php [closed]
date() or format_date() returning 1970?
How can I make a regex to test username complexity requirements?
Caching PHP Simple HTML DOM Parser
Object.hasOwnProperty.call(object, key) in php
delete multiple files from the folder
Browser won't set cookie from an onclick event
Apache + PHP: how to change the value of $_SERVER['SERVER_NAME'] in apache?
User Notification
Detecting an IPv6 address in PHP and storing it properly in MySQL. How?
Multiple external JavaScript files using one script tag

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!