rocknbil - 5:10 pm on Mar 21, 2011 (gmt 0)

I've never been a fan of redirecting. :-) Second, I'm seeing a potential problem in keeping "the person that's just paid" connected with the create account page - seems like someone could hack into that quite easily. Why can't you structure it something like this? I'm removing a lot of code to expose the logic.

if (! $some_form_input or ($some_from_input_and_error)) {
output_form_here($title,$error);
}
else {
// post your curl . . .
$response_array = explode($post_values["x_delim_char"],$post_response);
if ($the_response_is_good) {
output_the_login_form_here();
}
else {
output_form_here('credit card error',$error);
}

That's how I'd begin to approach it, no one can get to the account creation form without posting a successful payment.