| paypal IPN fraud check
|
helenp
msg:4525416 | 6:18 pm on Dec 5, 2012 (gmt 0) |
Hi, I am trying to add a script for ipn for paypal.
A ipn.php file.
I have the code from a tutorial wich i have been changing,
it looks as it works, at least the client gets a message saying the purchase is done.
However I receive an email with subject IPN fraud warning.
And the warning I get is:
IPN failed fraud checks:
'mc_gross' does not match:
This is due to that the code originally had:
if ($_POST['mc_gross'] != 9.99)
{
$errmsg .= "'mc_gross' does not match: ";
$errmsg .= $_POST['mc_gross']."\n";
}
However as my prices changes and they should come from a var in the calculatorform I have, when they click on purchase that value in that var is the one that should be the same as mc_gross.
I have tried to do this:
if ($_POST['mc_gross'] != $amount)
{
$errmsg .= "'mc_gross' does not match: ";
$errmsg .= $_POST['mc_gross']."\n";
}
However it does not work, I dont understand how I can pass the value to the ipn.php script as I go to paypal wich is the one that check the script.
Thanks
|
coopster
msg:4537789 | 9:29 pm on Jan 20, 2013 (gmt 0) |
I wouldn't trust the value coming from the form, even it is a hidden input field, which is what it seems you may be doing here. Correct me if I'm wrong. Rather, I would total up the values and compare to the total displayed to the user prior to PayPal processing ... unless we are missing something here?
|
|
|
