paypal encrypted buttons using lc

J. Landman Gay jacque at hyperactivesw.com
Wed Jul 20 15:12:01 EDT 2016


Just so you don't get too confused -- my example script returns "OK" 
before checking the data details. That's because some clients pay for 
programming work via PayPal without any button involved, and it sends me 
notifications for those. You don't have to do it in that order.

On 7/20/2016 1:59 PM, Mike Bonner wrote:
> I just turned the corner on understanding the old method, I suspect i'll be
> able to make it work once sha-256 is implemented.  And now I _think_ I have
> an inkling of what you mean re: the cgi on file and back confirming the
> correct info.  I can see more reading in my immediate future. Thank you
> much for the guidance.
>
> On Wed, Jul 20, 2016 at 12:35 PM, J. Landman Gay <jacque at hyperactivesw.com>
> wrote:
>
>> On 7/20/2016 11:00 AM, Mike Bonner wrote:
>>
>>> Ah, so I need to find an updated guide.
>>>
>>
>> I misspoke a bit -- it's SHA-256, and the cutover is just beginning. Test
>> systems were put in place some time ago and the full transition will be
>> completed Sept 30. Noncompliant servers will fail after that date.
>>
>> Currently most of the buttons are clear text.  Its not too difficult for my
>>> friend to copy and paste an item listing and edit the form values to
>>> create
>>> a new item. (or to adjust prices etc) but the clear text part is bad
>>> because.. well.. People are involved. (cynical I know)
>>>
>>
>> Paypal does quite a bit to assure that the button hasn't been compromised.
>> It sends a verification message to the CGI on file and your script must
>> respond with "OK" if the information passes your tests. The script on your
>> server needs to check that some or all of a dozen or so details are
>> correct. Paypal will only allow a payout if your script has verified the
>> info and returned permission. For example, you'd want to check that the
>> payee is your Paypal merchant ID and that the product code and price are
>> accurate. The Paypal script on my website checks nine variables before
>> allowing the transaction to complete.
>>
>> But that does prohibit your friend from just modifying an existing button
>> to add new products. If Paypal doesn't have the product code on file, the
>> transaction will fail.
>>
>> --
>> Jacqueline Landman Gay         |     jacque at hyperactivesw.com
>> HyperActive Software           |     http://www.hyperactivesw.com
>>
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>


-- 
Jacqueline Landman Gay         |     jacque at hyperactivesw.com
HyperActive Software           |     http://www.hyperactivesw.com




More information about the use-livecode mailing list