On Jul 3, 2011, at 10:58 AM, Kirk Bailey wrote:
OK, I want to send someone back from paypal to a thank you page; this reloads to the actual file they will purchase. BUT, I want to include a magic cookie that will prevent someone else from going to that url at a later time and getting the payload without paying for it. Any thoughts on how to build a secure vendobot? Let's discuss this in this thread.
I'm not at all familiar with the paypal API, but i'm thinking if you could send along a unique signature generated by the application making the call to paypal, such as generating an md5 checksum with timestamp, squirreling it away, then have the return page from paypal invoke the same signature you could check against that?
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php