I am creating a wordpress plugin where I need to add payment feature with paypal . To pay with paypal , generally a html form with required information such as paying amount , currency etc is sent to paypal for pay .
But as the form is in client side so it could be changed any time by browser element inspector.
For an example I need to get 200 USD from user. But if the user change the amount from 200 to 20 USD using element inspector , this will be paid 20 USD.
Though I am informed about paypal IPN . It could be detect if the user is paid the required amount or not using IPN message. But I also need to send user id to detect which user has paid . But if someone change the user id from html form , it will not be detectable using IPN message .
I have sent the form with user id . I can also find out current user id in IPN listener script .
But the problem is here . User is not accessing IPN listener but paypal accessing ipn listener , so as if paypal is not the user , user id will not be retrieved from database . As a result I could not verify which user has paid .
What can I do at this moment ? Should I send the form to paypal from server side using CURL ? or anyhow ?
Aucun commentaire:
Enregistrer un commentaire