Customer information when using PayPal IPN

Question

What is the recommended workflow to store my customer ID upon purchase of a subscription to a service?

Here's my thinking:

1. User decides to buy
2. User creates account or logs in (if not logged in yet)
3. Session variables are established
4. Do Paypal transaction
5. Get IPN info and add the proper session variable to the DB

I've never dealt with payments before and just wanted to make sure I'm doing things the right way. The several tutorials I could found don't specifically address that question. I'll be validating that my user is authorized to use the tool based on the payment info. I'm using PHP and got the paypal transaction working already.

It seems like payer_id is not really a very reliable way to do this as it may change. So I'm really looking for a way to tie the results of that transaction to an existing customer in my DB, whose session would be active at the moment of purchase. One problem with that is that I'd have to deal with it in the IPN response instead of the SUCCESS response because a user may close the browser upon payment. Thoughts?

Answer 1

I found an acceptable solution (quite simple, actually) and I'm posting it here as I couldn't quite find it anywhere. The way to do this is to add a hidden field to your form that takes the user id of your logged in user.

<input type="hidden" name="custom" value="<?php echo $your_userid; ?>"> //set somewhere else in the code

Then, on your IPN url, that form field value is going to be available back to you via POST:

$userid_to_log = $_POST['custom']; 

Add a new column to your payments table named userid (for example) Finally, include that field in your insert statement:

$db->query("INSERT INTO payments(item_number,txn_id,payment_gross,currency_code,payment_status, userid) VALUES('".$item_number."','".$txn_id."','".$payment_gross."','".$currency_code."','".$payment_status."','".$userid_to_log."')");

With this solution you have to turn IPN on but in my view it is safer than relying on the SUCCESS option which basically gets all variables via GET instead.