On Sat, Apr 19, 2008 at 3:01 PM, tedd <tedd@xxxxxxxxxxxx> wrote:
> Hi gang:
>
> I have a problem. I set up a PayPal billing for a client. It's pretty
> simple, the process sends the credit card information with payment required
> to PayPal and then PayPal clears the transaction and sends back a
> authorization. Everything works.
>
> To stop the possibility of double billing, I did the following:
>
> 1. I check the database to see if the user has purchased the item before.
> If so, then I don't allow them to purchase again.
>
> 2. I placed a javascript routine to disable the "Submit button for
> purchase" after clicking once. That way, the user can only click it once.
>
> 3. The "Submit button" when clicked once will send the data gathered to
> another page ("Submit the data to PayPal) that actually submits the data to
> PayPal. In that page I have a token that is assigned a value upon loading.
> If the user refreshes the page, then the non-zero token causes the page to
> destroy the sessions and redirect the user to another page requiring the
> user to enter the data again.
>
> 4. Inside the above "Submit the data to PayPal" I have another token that
> is assigned a value once the "send the data to PayPal" routine is triggered.
> Once the token is non-zero, the routine won't send anything to PayPal again.
>
> However, even with all of this, occasionally a user will be charged twice
> for the same purchase. Each charge is time-stamped and recorded in our
> database -- the times between duplicate purchases vary from from 3 to 23
> seconds.
>
> Now, my question is why? Is this a race issue or something similar?
>
> And more importantly, what can I do about it?
>
> Cheers,
>
> tedd
>
> PS: I have directed the question to PayPal as well.
> --
> -------
> http://sperling.com http://ancientstones.com http://earthstones.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Does paypal offer duplicate transaction protection? The merchant providers
I've worked with in the past has had it as part of their fraud protection
modules. For instance, you can set it how soon after that card can be
charged again. 1 min, 5 mins, etc. I found it a good final failsafe.
--
-Dan Joseph
"Build a man a fire, and he will be warm for the rest of the day.
Light a man on fire, and will be warm for the rest of his life."
