homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Gold Sponsor 2015!
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

paypal IPN fraud check

WebmasterWorld Senior Member 10+ Year Member

Msg#: 4525414 posted 6:18 pm on Dec 5, 2012 (gmt 0)

Hi, I am trying to add a script for ipn for paypal.
A ipn.php file.
I have the code from a tutorial wich i have been changing,
it looks as it works, at least the client gets a message saying the purchase is done.
However I receive an email with subject IPN fraud warning.
And the warning I get is:
IPN failed fraud checks:
'mc_gross' does not match:

This is due to that the code originally had:
if ($_POST['mc_gross'] != 9.99)
$errmsg .= "'mc_gross' does not match: ";
$errmsg .= $_POST['mc_gross']."\n";

However as my prices changes and they should come from a var in the calculatorform I have, when they click on purchase that value in that var is the one that should be the same as mc_gross.
I have tried to do this:
if ($_POST['mc_gross'] != $amount)
$errmsg .= "'mc_gross' does not match: ";
$errmsg .= $_POST['mc_gross']."\n";

However it does not work, I dont understand how I can pass the value to the ipn.php script as I go to paypal wich is the one that check the script.



WebmasterWorld Administrator coopster us a WebmasterWorld Top Contributor of All Time 10+ Year Member

Msg#: 4525414 posted 9:29 pm on Jan 20, 2013 (gmt 0)

I wouldn't trust the value coming from the form, even it is a hidden input field, which is what it seems you may be doing here. Correct me if I'm wrong. Rather, I would total up the values and compare to the total displayed to the user prior to PayPal processing ... unless we are missing something here?

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved