Confirming Paypal Payment

AndyCr15 · 21 Nov 2017 at 19:32

I've built a very simple php shop on my site. You add and remove items, click the Paypal button and it uses Paypal express checkout to charge the user through Paypal.

The javascript function looks like this -

Code:

// onAuthorize() is called when the buyer approves the payment
onAuthorize: function(data, actions) {
        // Make a call to the REST api to execute the payment
        return actions.payment.execute().then(function() {
        <?php
            $_SESSION['paid'] = 1;
        ?>
        window.location.href = "shop_success.php";
        });
}

In the function I'm trying to set a session variable that can then be checked on the success page, where the database gets updated and an email gets sent to me with the order.

My problem is, the php code, setting the variable happens even if the payment isn't authorised, so you can load things into the basket, load the success page and the database gets updated and I get an email.

So, what method can I use to let the success page know it's been called because this function was run, that can't be spoofed by someone? I'm sure I should know, but can't think how

Thanks!

AndyCr15 · 21 Nov 2017 at 22:25

So I keep their basket and running cost in session variables. The code above is the bit that gets executed once payment is confirmed on Paypal. I assume something useful is held in data or actions? (I've not really done much Javascript before)

In that function is the call to load shop_success.php (where database is updated and mail sent), but I need to pass something to let the page know that the payment is made, otherwise you can just load the page and it does it all.

Thanks.

AndyCr15 · 22 Nov 2017 at 08:55

planty said:
If you're using jQuery, have a look at https://api.jquery.com/jquery.post/ for sending the post request.

This seems a littl beyond me at the moment

AndyCr15 · 22 Nov 2017 at 14:41

Thanks. To confirm though, I can't use <?php include 'update_database.php'; ?> where you say to update db, as they will run regardless of that if statement being true?

Javascript is next on my list to learn, I'd probably better get cracking...

AndyCr15 · 22 Nov 2017 at 15:58

Thanks, I had similar code, but I think maybe I was using a ; in the orderID bit.

Something's not working still though. I'm going straight to shop_success.php, like this -

Code:

$.post("shop_success.php", {
                                paid: 1
                            });

And then in shop_success.php -

Code:

if (isset($_POST['paid'])){
    $paid = $_POST['paid'];
}

...

<?php
                    if($paid == 1){
                ?>
// run code to update database and mail me the order

But it's not running the code?

I was about to separate out the two pages (updating db and send email and success page), but want to check I'm on the right track first?