CODEWITHSUNDEEP
pythonpaypalpaypal-ipnpaypal-subscriptions
Bhoot
Bhoot

Reputation: 1541

How to cancel an invalid/fraud subscription signup in Paypal?

I have written an HTML form that represents a Paypal Subscription Signup, using variables listed here:

HTML Variables for PayPal Payments Standard

I was also successful in setting up IPN script for signup subscription.

Now, I think anyone could fiddle with the 'a3', 'p3' and 't3' variables in the form, and alter the subscription amount to their advantage. I realize that I could validate the amount paid in IPN script. However, I have no clue as to how to cancel the subscription in case a payment is invalid/fraudelent.

Could someone help me out how to do that in IPN? Other solutions are welcome too.

NOTE: The Paypal subscription button I'm using is hosted on Paypal, and encrypted (_s-xclick). I figured I could directly integrate the amounts in the encrypted button, but my client wants a different UI than PayPal provides with the built-in subscription amount.

Upvotes: 0

Views: 137

Answers (1)

Tinel Barb
Tinel Barb

Reputation: 45

You may create a hidden field named "validation" or "v" within the form with the sensitive information encrypted and validate the form server-side after the submit. You may add useful info along with the 'a3', 'p3' and 't3' variables, like time or expiration time of the data included in form. This way you can easily avoid forgery. You can use a symmetric algorithm with a good salting and password.

Another way is to use MD5 (salted or else) to hash the desired info and validate it server-side.

Upvotes: 1

Related Questions