Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

paypal IPN fraud check



6:18 pm on Dec 5, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Hi, I am trying to add a script for ipn for paypal.
A ipn.php file.
I have the code from a tutorial wich i have been changing,
it looks as it works, at least the client gets a message saying the purchase is done.
However I receive an email with subject IPN fraud warning.
And the warning I get is:
IPN failed fraud checks:
'mc_gross' does not match:

This is due to that the code originally had:
if ($_POST['mc_gross'] != 9.99)
$errmsg .= "'mc_gross' does not match: ";
$errmsg .= $_POST['mc_gross']."\n";

However as my prices changes and they should come from a var in the calculatorform I have, when they click on purchase that value in that var is the one that should be the same as mc_gross.
I have tried to do this:
if ($_POST['mc_gross'] != $amount)
$errmsg .= "'mc_gross' does not match: ";
$errmsg .= $_POST['mc_gross']."\n";

However it does not work, I dont understand how I can pass the value to the ipn.php script as I go to paypal wich is the one that check the script.


9:29 pm on Jan 20, 2013 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

I wouldn't trust the value coming from the form, even it is a hidden input field, which is what it seems you may be doing here. Correct me if I'm wrong. Rather, I would total up the values and compare to the total displayed to the user prior to PayPal processing ... unless we are missing something here?

Featured Threads

Hot Threads This Week

Hot Threads This Month