Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming How to allow landing on an internal page only after (for example, Paypal) registration
How to allow landing on an internal page only after (for example, Paypal) registration
  • El Forum
    Guest
  •  
#1
05-11-2013, 12:15 AM

[eluser]alvaroeesti[/eluser]

UPDATE

I think it is much more complicated than this. It involves cURL library coding to re-check with the paypal site that a payment has actually been made.

Hello

I have written a registration page, but I want that users can only access that page after having registered (paid actually) in Paypal. I have read in the paypal docs that this is the way it works. Once you have completed your payment at Paypal, they let you redirect to a page of your choice. Alright,my registration is my page of choice but how can you prevent that there is no other way to access it but that?

Starting a function by _ makes it private and makes the page not accessible by typing directly the URL in the http box, but...I dont think this is what helps here, because if the Paypal redirection should work, any redirection from other page would. The only thing that should work is a session based stuff or something like that, like

Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

but how can I make it work for something that comes from outside my internal pages?

thank you

  • El Forum
    Guest
  •  
#2
05-19-2013, 05:29 AM

[eluser]TheFuzzy0ne[/eluser]
The only way I can think of, is to check the referrer ($this->input->server('HTTP_REFERER')), and see if it matches a regular expression. However, this can be faked.
  • El Forum
    Guest
  •  
#3
05-19-2013, 06:37 AM

[eluser]alvaroeesti[/eluser]


Hello

thank you for your reply.

I think I have some possible code: What do you think ?


Code:
<?php

// STEP 1: Read POST data

// reading posted data from directly from $_POST causes serialization
// issues with array data in POST
// reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
  $keyval = explode ('=', $keyval);
  if (count($keyval) == 2)
     $myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
   $get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {        
   if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
        $value = urlencode(stripslashes($value));
   } else {
        $value = urlencode($value);
   }
   $req .= "&$key=$value";
}


// STEP 2: Post IPN data back to paypal to validate

$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));

// In wamp like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below.
// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
if( !($res = curl_exec($ch)) ) {
    // error_log("Got " . curl_error($ch) . " when processing IPN data");
    curl_close($ch);
    exit;
}
curl_close($ch);


// STEP 3: Inspect IPN validation result and act accordingly

if (strcmp ($res, "VERIFIED") == 0) {
    // check whether the payment_status is Completed
    // check that txn_id has not been previously processed
    // check that receiver_email is your Primary PayPal email
    // check that payment_amount/payment_currency are correct
    // process payment

    // assign posted variables to local variables
    $item_name = $_POST['item_name'];
    $item_number = $_POST['item_number'];
    $payment_status = $_POST['payment_status'];
    $payment_amount = $_POST['mc_gross'];
    $payment_currency = $_POST['mc_currency'];
    $txn_id = $_POST['txn_id'];
    $receiver_email = $_POST['receiver_email'];
    $payer_email = $_POST['payer_email'];
} else if (strcmp ($res, "INVALID") == 0) {
    // log for manual investigation
}
?>
  • El Forum
    Guest
  •  
#4
05-19-2013, 07:28 AM

[eluser]TheFuzzy0ne[/eluser]
If it works reliably, then it's all good. However, I would suggest that instead of reading directly from the post array, that you use $this->input->post(), which take magic quote into account automatically. No point reinventing the wheel. Smile
  • El Forum
    Guest
  •  
#5
05-19-2013, 07:42 AM

[eluser]alvaroeesti[/eluser]


of course, this is taken from the Paypal website, some forsaken page no longer supported but I looked at the code and it helped, and certainly would sanitize everything through the validation classes

thank you again




Theme © iAndrew 2016 - Forum software by © MyBB