Welcome to WebmasterWorld Guest from 54.196.244.45

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

paypal IPN fraud check

     
6:18 pm on Dec 5, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 27, 2003
posts: 1308
votes: 0


Hi, I am trying to add a script for ipn for paypal.
A ipn.php file.
I have the code from a tutorial wich i have been changing,
it looks as it works, at least the client gets a message saying the purchase is done.
However I receive an email with subject IPN fraud warning.
And the warning I get is:
IPN failed fraud checks:
'mc_gross' does not match:

This is due to that the code originally had:
if ($_POST['mc_gross'] != 9.99)
{
$errmsg .= "'mc_gross' does not match: ";
$errmsg .= $_POST['mc_gross']."\n";
}


However as my prices changes and they should come from a var in the calculatorform I have, when they click on purchase that value in that var is the one that should be the same as mc_gross.
I have tried to do this:
if ($_POST['mc_gross'] != $amount)
{
$errmsg .= "'mc_gross' does not match: ";
$errmsg .= $_POST['mc_gross']."\n";
}


However it does not work, I dont understand how I can pass the value to the ipn.php script as I go to paypal wich is the one that check the script.
Thanks
9:29 pm on Jan 20, 2013 (gmt 0)

Administrator

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 31, 2003
posts:12533
votes: 0


I wouldn't trust the value coming from the form, even it is a hidden input field, which is what it seems you may be doing here. Correct me if I'm wrong. Rather, I would total up the values and compare to the total displayed to the user prior to PayPal processing ... unless we are missing something here?