Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Our company works with affiliates that promote our products. They get paid based on how many sales they bring to us.
To track conversions, they ask us to put third party tracking pixels on our "thank you" page (final page where our customer is being redirected after payment through third party billing processor is complete).
So, we ended up with a ton of tracking JS code and hidden iframes on our "thank you" page.
Is it safe?
The billing processor sends sensitive data to this page via GET variables that we'd rather not make accessible to the affiliates.
Or maybe there is a better way to do this? Like, store all the tracking code from our affiliates in a database and only load the one that matches the customer's referral?
UPDATE
I'm worried about "third party tracking pixels" that are not from the "trusted" third parties (Like Google, Yahoo) but custom-made by our affiliates.
You do not have to worry about affiliates. Usually such solutions only talk to your partner and gets distributed on that end.
As for GET parameters or page content, just read the JavaScript code and see how it behaves. If it doesn't eval some response and doesn't touch DOM elements and cookies you're fine. And I really see no reason why they would need to do that. But if the partner seems untrustworthy, why deal with them at all?
Note that if you request a static resource, as an image, only cookies set by image's location domain are being sent. To see what's going on your page use Firebug or Chrome Developer Tools and check what request headers are being sent.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
Recently I built a website where the user fills in a form and then goes to a checkout page they then press the pay with paypal button and then are taken to the paypal checkout, Then in the paypal button settings I have them taken the user to a php script where it inserts the info to the server via mysql then instantly taken to a thank you page.
At least that's what I want to happen; the page doesn't seem to do anything and when testing it out I echoed one of the variables and it doesn't show up so I gathered that the cookies aren't remembered or something of the sort, although I don't know why this is happening
I'm simply lost on whats going on and my scripts definitely work as before I didn't connect the button and when clicked it did all the correct orders however when the paypal checkout confirmation directs the user it doesn't seem to work
I have seen a few threads on this however never saw a concrete conclusion however apologies if this has been covered
Appreciate any advice or help immensely and thank anyone in advance,
Cheers
To guarantee your server is notified of when a transaction completes, I recommend using this server-side integration demo as a skeleton:
https://developer.paypal.com/demo/checkout/#/pattern/server
Notice that there is no PayPal transaction created until the line that reads:
fetch('/demo/checkout/api/paypal/order/' + data.orderID + '/capture/'
This would be doing an XHR to a PHP script on your server (at that sample path), which must itself then call the PayPal API to capture the transaction.
This server-side design guarantees that your server will be notified of all completed transactions at capture time, so it can then immediately write the required record to your mysql database.
If instead you used a different type of integration, such as a client-side one, e.g. as shown here: https://developer.paypal.com/demo/checkout/#/pattern/client
Your server would not be guaranteed to be notified of captured transactions, since the capture happens via JS in the client web browser.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I'm developing a mobile web for android, iphone & blackberry. We should enforce license for users. Let us say this product comes with 3 types of license.
1 user 50USD
3 user 100USD
5 user 200USD
10 user 300 USD and so on...
They say "if customer has purchased application for 3 users then he should be allowed to access the application only in 3 devices, when he tries to access the same in 4th device he should be sent to some error page"
Let me explain further, we are designing a table, order selection app for restaurant, where every table(or waiter) will have a mobile, he/she opens the application and orders for the selected table. In such case a web app can be accessed in any device and customer may buy and install the app on their server and ask every one to access. That means he'll buy the product for one device and uses in many. So through PHP we need to limit the product to only one device. Remember it can be any device he's wish whenever, whatever the device he might use application should be accessed by/on x devices.
How can we do this? Any suggestions are welcomed.
Thanks in advance.
(FWIW I'd be very skeptical of buying a product licenced per device rather than on the basis of a named user).
The problem will be differentiating between devices.
While browser finger printing can provide very impressive results these datasets are predominantly filled with desktop browsers - I suspect you would see a lot less variation between mobile browsers (when was the last time you installed a new font on your android / iphone).
make a database of allowed devices, and set those devices with a cookie or track the users ip address (not recommended since it changes). You might also want to look into UNIX timestamps for figuring out time operations related to this.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I have a website which will be added paypal integration. But i still not sure which method (paypal merchant service) is right for me.
My website is selling service like placing banner in my website, which i want it automate published when the customer already paid through paypal. THe flow is like this.
Customer input form and information where to place the image.
From admin panel, then i will be select to approve or not this banner.
if i choose approve. My script will create temporary data which this banner is already approved and on the other hand my script will also contact the paypal to create invoice and send it to the customer.
After the customer get the mail from paypal, if the customer is already paid. Then i will receive information about this through mail. and paypal also contact me (contact atomically via Program Script, in this case is PHP) which give me infortaion the banner for ID (identification number) is paid. Then my script will set this banner to published.
Me and Customer get notification if the banner is published.
Can somebody inform me which paypal service can do that?
Thank you for your help,
GusDe
I don't know why do you want to approve the banners - I think its rather a small possibility that your users will want to pay for advertising and display spammy banners. I would go with a simplified process - implement a 'shopping cart' for the banners - location, size, exposure time, etc - let the user choose what he wants and needs, compute a sum to be paid and then direct the user straight to the PayPal to let him pay, automatically approving the banner appearance. If you make the user wait between his order and your approval, there are very big chances that the customer will change his mind and not buy anymore.
Anyway, both workflows can be implemented using PayPal's Instant Payment Notification
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I am trying to learn how I can add PayPal Subscription to my existing PHP app using IPN and looking for a good article that explains the ins-and-outs.
In my app, users can register for a free account and then they can select a membership type and rate (daily, weekly, monthly and yearly). When they have made their selection, the configured PayPal button is displayed. They can click the Subscribe button which takes them to PayPal.
I need to know how to identify the user: what custom information to send to PayPal that is then sent back? I would also like to know what information PayPal sends back to the IPN page.
It seems that the button can be configured for the notify url. Does that mean I still have to turn on IPN?
I just have too many questions to list here... The PayPal site does not have any teaching material that explains Subscriptions and how to integrate it into a site.
Any good and recent articles you know of?
anon445699, I completely agree with you about the subscribe information it mostly shows you how to generate a button with no parameters.
Maybe this will help some people in the future, it oulines all the possible parameters for subscriptions. I know it helped me
https://www.paypalobjects.com/en_US/ebook/subscriptions/html.html
There are plenty of articles out there, just google it. The date doesn't matter as much, most of the main functionality is basically the same, they don't change it much because a ton of people rely on it being the same. What you really need to do though, is look at the documentation at paypal, its quite thorough, and even has code samples. Including for subscriptions, how do you think the people who wrote articles, and everyone who has implemented it did it? Did they just guess and hope for the best?
Next get yourself an account on the paypal sandbox. Want to know what the IPN sends back? Setup a script to catch an IPN post, and save all the $_POST data to a file, and see for yourself using the sandbox to complete a fake order. Thats what I did when implementing paypal. Of course, the return values are also noted in the documents as well.
Edit
I believe the field they will send back is called custom. You could hijack a field you are not using, like productnumber. Or maybe use the payer_id field. Or identify them with their email. There is not just one way to do it. The best way to find out though, is to try it on the sandbox rather than waiting for someone to do it for you or write an article. You could have saved yourself 3 days of reading if you would just try it.
Links
Found these in about 2 minutes, there is more than enough info in these to get the job done.
Various IPN and subscription tutorials:
http://net.tutsplus.com/tutorials/php/using-paypals-instant-payment-notification-with-php/
http://www.web-development-blog.com/archives/easy-payments-using-paypal-ipn/
http://www.paymentsplus.com.au/joomla/faq/paypal-buy-now-guide.html
Sandbox:
https://developer.paypal.com/devscr?cmd=_signup-run
Paypal Documentation:
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_subscribe_buttons (this is the one you really want)
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_admin_IPNIntro
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
ok heres my problem, im creating a site where people sign up first then pay straight after, my problem is what if the customer who signs up uses a different card to pay so for example, his wife. im trying to work out how to match the sign up info and the payment info without having to store the card details and get an ssl cert.. i need this so i can tell if they paid.. im writing it in php, it currently sends me an email when they sign up rather than straight into a database, any help?
Simplest thing that comes to mind would be to have options on the payment screen that let you:
(1) Use the billing info you supplied during registration
(2) Specify the name as it appears on the card (as most sites I've ordered from include)
Does this answer your question?
If you are concerned about matching the account to being paid if they use a different name, you most likely have some kind of $Session going on I would think. Use the user's login information from the Session() and then you can tell.
We use Authorize.Net for our payment processor. They have two different APIs which give you different levels of control (AIM - Advanced, SIM - Simple). From your description of not desiring a SSL Cert, SIM would be the best way to proceed.
We have designed our system to collect as much information as possible from the customer and then pass (via POST) to AuthNet's SIM method where they only need to enter in their card-specific information (number, expiration date, and CID). If the transaction is successful (and also in some failure cases), they notify us by a pre-defined 'silent-post' transaction and also redirect the user to a 'relay url'. We provide AuthNet with an order/invoice number as part of our original post data, so we can use it in their silent post to match up their payment with the appropriate order.
The SIM interface has worked well for us over the years and we now have it tweaked via CSS so that it closely resembles our site despite being hosted elsewhere, saving use far larger PCI-DSS compliance issues by doing everything locally.
im trying to work out how to match the sign up info and the payment info without having to store the card details and get an ssl cert
In that case the best advice is to use something like PayPal, Amazon Payments, or Google Checkout. Other than that, your question was a bit hard to decipher.
i need this so i can tell if they paid.. im writing it in php, it currently sends me an email when they sign up rather than straight into a database, any help?
Most 3rd party payment processors (PayPal, Google, Amazon), provide a way of checking payment status. Most also offer pinging a callback when the payment status changes.
PayPal IPN
Amazon IPN
Google Notifications
Many credit-card processing options will send a response to your server containing crucial information about the user that you can use to verify that they have successfully paid. For example, PayPal has an IPN (Instant Payment Notification). You can use the data returned in this to automate a process on your server that states the user has paid.
My advice is to contact whoever is processing your credit-card transactions and ask what options they provide for relaying information back to your server to verify which users have suffessfully paid for the products/services.