Register | Sign In | Help
 
PayPal Developer Community > Forums > Technical Discussion > Basic Website Payments > Re: Confused, digital download issue
   Reply    Reply   
 
   Message Listing    Message Listing   
   Previous Thread    Previous Thread   
   Next Thread    Next Thread   
Jump to Page:   1
Confused, digital download issue
Options    Options  
macy22
Visitor
Posts: 4
Registered: 09-16-2009

macy22

Message 1 of 8

Viewed 1,718 times


Hi

 

Right, lets get to the problem :smileyhappy:

 

I am trying to offer a digital download of a few items from a small website. To do this I plan to use the standard paypal cart, and accept payments this way.

 

If I give a customer a CustomerID as they submit their order into my database, and store it in the custom variable of a add to cart button, could I then retrieve it in a IPN or PDT script?, then assign that customerID with a unique downloadID.    Then have the downloadID variable added onto the end of a URL that the user ends up at (a thanks/download link page) e.g. download.php?ID=UNIQUE_ID

 

 

I am ok with coding all of this, I just can't get my head around where to set this downloadID and how to pass it to the ending page.The downloadID can only be set after payment :smileysurprised:.

 

 

If I inserted the ID into a database from a IPN/PDT script, how would I pass this ID to my final download page, e.g. download.php?ID=UNIQUE_ID

 

 

Am I right in thinking that the IPN script is basically a way of logging a payment, confirmed or not confirmed?    And that IPN is all back-end where as a PDT is all front end?

 

Ok so that's what's confusing me, and I have most likely confused you now that you have read it :smileyhappy:, I will help to clarify anything if needed. :smileyhappy:

 

Help would be really, really appreciated as I have been trying to figure this all out for the past few days!

 

Many thanks 

 

 

 

 
Kudos!
09-16-2009 03:53 PM  
Re: Confused, digital download issue
Options    Options  
skier
Ace Developer
Posts: 6574
Registered: 06-01-2007

skier

Message 2 of 8

Viewed 1,710 times


As you are saying, you do want to use PayPal's IPN feature.   To pass your ID, you would need to use the "custom" variable.  It is designed as a pass-thru variable. The value can be returned in IPN/PDT functions, show up in your Account Profile Transaction History but, the value will not appear in the email notification or the PayPal Screens.

 

Regards,

 

skier


 

JK Quilting™ and the BCES™ Button Code Example Site
Breckenridge, Colorado
Life is Good at 9603 Feet!
1
Kudos!
09-16-2009 04:04 PM  
Re: Confused, digital download issue
Options    Options  
lepipele
Ace Developer
Posts: 226
Registered: 08-25-2009

lepipele

Message 3 of 8

Viewed 1,706 times


Well, the important thing is that you obviously have desire to implement all that - we'll work out the details :smileywink:


First of all - it's obvious you'll need to make use of "custom" variable. That variable is visible to both PDT & IPN - so no problems there.

Second thing - related to PDT vs IPN - IPN is more reliable process as it is not user-driven as PDT is. For example - if you have only PDT in place and user closes his browser on that PayPal payment confirmation page (without waiting for redirection to your site) - you'll never get notification that user paid. On the other hand - the trouble with IPN is - you can't really signal "UI thread".

So, my suggestion would be - implement both. Add "custom" variable that will contain both CustomerID and DownloadID (you can always use some special char - | * :smileyhappy:), and pass user to the PayPal throught that form you have.

After he comes back to your site (PDT) - you'll have ?tx=SOME_VALUE ... you do standard cmd=_notify-synch, get transaction details & custom variable... and then just render rest of the page as appropriate (with download link).

You'll also get IPN message - use it to create email message to that customer of yours in which you'll say - here is download link for digital content you paid. This way he gets both receipt and link even if he closed browser.


Sounds ok?

 
1
Kudos!
09-16-2009 04:18 PM  
Re: Confused, digital download issue   [ Edited ]
Options    Options  
Wombat
Ace Developer
Posts: 1571
Registered: 02-14-2008

Wombat

Message 4 of 8

Viewed 1,662 times


macy22

 

From an experienced developer who has advised on this many many times, what you need for clarification is primarily a clear understanding of BOTH the post payment processes. Sale of intangible goods requires extensive cautions to avoid theft (unauthorized access; colleges are a great place for that!).

 

Because some have difficulty "programming" the IPN processor they tend to try and avoid it or advise others to avoid it (indicating it to the unwary as unnecessary). One cannot simply use both without explicit programming to avoid crossovers... you as others in the past have discovered will run into problems. Proper extensive programming may use the PDT process not just for its INTENDED purpose of DISPLAYING a "thank-you" page but to backup the IPN processor should for any reason it is slow or failed (ie a rare glitche in the PayPal IPN sending servers).

 

Because the IPN is harder to program for the inexperienced it should NOT be ignored or dismissed and should be expected as THE primary source of post payment record data acquisition and custom email sending.

 

So be advised it would be wrong to think of either PDT or IPN as a "frontend" or a "backend"... they have two distinct different purposes (true IPN is discreet, instant, not seen in any browser).

 

NOTE both the IPN and PDT processors (as per advised base sample codes) involve a seemingly complex frontend bi-directional handshake exchange of data between servers. This is an IMPERATIVE SECURITY feature for confirmation the data stream received is genuine and not interferred with in transit; do not ignore it.

 

Yes, use PayPals "custom" hidden tag in your dynamically generated pay button form page. This sort of thing is what it is for.

 

PDT
For you to capture some transaction details from which you can decide if it was successful or a failure for DISPLAY purposes you can include a form specific PDT processing dynamic script page URL to which your customer MAY or MAY NOT return to...
name="return" value="theFULLurlto/your/afterpaymentpreferencepage".

 

IPN
For ou to RELIABLY capture the transaction details for form specific db aving, customized emailing, UNIQUE download link generation and etc, ou include the hidden field tag...
name="notify_url" value="theFULLurlto/your/recordloggingunseenscript"

 

Digital Downloads.

Be also aware the greater problem with digital downloads is the need for creation of UNIQUE identifiers when pre payment saving of gathered data s concerned AND then at all costs protection of that uniqueness when the customer is shown their personal download link so that a buy-once scenario cannot be passed on to others (or illicitly detected!) for bulk "freebies".

 

The steps upon submitting form are...
*Capture and check all input.
*If not acceptable redisplay page with messages.
*If ok, save captured input to a simple temp file (db not recommended; dbs are more prone to DOS attacks for one thing!).
*The name of that file to include (in part) a UNIQUE generated identifier.
*Display the pay now button form including that unique identifier in the generated form's "custom" hidden tag.
[After payment]:
*Using PayPal's IPN activation, capture IPN post payment result and gather the "custom" value.
*Use the "custom" value to identify the associated temp file.
*Retrieve the pre pay captured info from the file and delete the temp file upon success.
*Do whatever with the retrieved data (like save to db, generate unique download link, and send supporting emails blah).
*Perform regular garbage collection of temp data from incomplete payments.
 

IF the customer does return to the "thank-you" page correctly, THEN the PDT process is used to get transaction identity from PayPal, grab some data from the IPN saved db record, and generate a DISPLAY version of their (limited use) UNIQUE download link. If not they will have received your backup emailed instructions sent by the IPN process.

 

Scenario_2  of this earlier post also explains this relative to pre payment saving and post payment getting of unique data. 

 

PayPal Partners: Note for all.

The importance of hiding unique limited-use "digital" download links is such that PayPal have quite a list of EXTERNAL Partner businesses for the non-programmer where they (the 3rd party sites) can handle all the complexity, hold your products, and organise your payments, on their site at reasonable cost. Regards.

Message Edited by Wombat on 09-18-2009 05:33 AM

 

'imself.  [ PHParagon.com ]
...bug free, my programs do occasionally include undisclosed FREE random features.
2
Kudos!
09-16-2009 09:08 PM  
Re: Confused, digital download issue
Options    Options  
macy22
Visitor
Posts: 4
Registered: 09-16-2009

macy22

Message 5 of 8

Viewed 1,619 times


Thanks for all of your amazing responces! :smileyhappy:

 

I am working on creating all of that!

 

If I run into anymore problems I will be sure to post them back here :smileyhappy:

 

Thanks again 

 
Kudos!
09-17-2009 09:51 AM  
Re: Confused, digital download issue
Options    Options  
macy22
Visitor
Posts: 4
Registered: 09-16-2009

macy22

Message 6 of 8

Viewed 1,542 times


Hello, again :smileytongue:

 

So far the coding is going fine, however I am a bit confused with part of the IPN script.

 

In the script is has

 

// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment

 

This is all very well, and quite simple to check however what happens if the receiver_email is a fake? It's just logged? and the transaction just goes ahead as normal?

 

Can the same not be said for some of the other checks?

 

Im confused as to what to do if, for example, the receiver_email is fake?

 

Would be great to get some more information on that :smileyvery-happy:

 

 

Thanks once again :smileyhappy:
Kudos!
09-18-2009 05:48 AM  
Re: Confused, digital download issue   [ Edited ]
Options    Options  
Wombat
Ace Developer
Posts: 1571
Registered: 02-14-2008

Wombat

Message 7 of 8

Viewed 1,533 times


G'Day again. I think you have missed the point of all that verification processing at the frontend of the script.

Once you have received the verification it is the signal from the PayPal server that the data stream sent to you is indeed unaltered and not interfered with in transit.

So, the receiver_email should match yours; the account ID address. If not then you (the script) has reason for suspicion (just because a data stream is verified is no reason to not still run your own internal checks; as notes in the base script point out).

As for all the rest it is what PayPal has received from the customer or from their account info if a PayPal account user plus all the data obtained about the actual transaction that you are allowed to receive.

That's it in a nutshell. Nothing better can be guaranteed than that IF PayPal confirms the data is true and correct and your own checks pass too.

 

As a 'for instance' (just one), if someone attempts to hyjack your pay butto form (copy it) and redirect payment to their account yet still hope to fool you for a while by including your IPN script URL, they couldn't if the receiver address were wrong and you checked it. Regards.

Message Edited by Wombat on 09-19-2009 12:35 AM

 

'imself.  [ PHParagon.com ]
...bug free, my programs do occasionally include undisclosed FREE random features.
1
Kudos!
09-18-2009 07:26 AM  
Re: Confused, digital download issue
Options    Options  
macy22
Visitor
Posts: 4
Registered: 09-16-2009

macy22

Message 8 of 8

Viewed 1,443 times


O I see, I understand now :smileytongue:.

 

Thanks once again for that useful information :smileyhappy:
Kudos!
09-20-2009 02:42 PM  
Jump to Page:   1
 
   Message Listing    Message Listing   
   Previous Thread    Previous Thread   
   Next Thread    Next Thread   

  Search Board       User Search  ·  Advanced  



Copyright © PayPal. All Rights Reserved. By using this site, you agree to be bound by PayPal's Legal Disclaimer, User Agreement, and Privacy Policy. This site is subject to change without notice. All other products and company names are trademarks of their respective corporations.