Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using payPal button - user can change the price before paying

I have 3 items that I selling on my web site, I dont need to have shopping cart or stuff like that. After the user fill form with data, I navigate him to a new page, where I display all the data he entered, and the price. Now this PayPal button built from hidden input field:

<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="[email protected]">
<input type="hidden" name="lc" value="EN">
<input type="hidden" name="item_name" value="aaa">
<input type="hidden" name="item_number" value="12345">
<input type="hidden" name="button_subtype" value="services">
<input type="hidden" name="no_note" value="0">
<input type="hidden" name="amount" value="">
<input type="hidden" name="bn" value="">
<input type="image" src="https://www.paypalobjects.com/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>

With JavaScript I entering the parameters to the new page,and setting price in the amount input (price) of PayPal button.

As you click the button you navigate to a payPal page with the amount from:

<input type="hidden" name="amount" value="199.50">

My question: Is it the right thing to do? any user, not even hacker can simply before pressing the button to change the amount and press the button...as a result he will pay (probably less) different price!

I wanted to use the direct API, but it's only for businesses in USA, Canada.

What is the best thing to do?

like image 490
oleg Avatar asked Oct 22 '22 07:10

oleg


1 Answers

You should use encrypted website payments - https://www.paypal.com/cgi-bin/webscr?cmd=p/xcl/rec/ewp-intro-outside . This will ensure that the payment amount can't be changed. You can also update your settings to only allow payments from encrypted buttons to further protect your account / payments from being hacked to lower prices.

like image 159
streetlogics Avatar answered Oct 23 '22 21:10

streetlogics