drhanlau
Reputation: 2527
Ensure paypal return page coming from Paypal
Further to my question and awesome answers from the previous thread, Redirection / Return Check in PHP
I would also love to know, if a payment confirmation page is returned to my website from PayPal, how can I 100% sure that it is coming from paypal and the payment is made?
Regards, Andy
Upvotes: 2
Views: 783
Answers (1)
Alix Axel
Reputation: 154553
To make sure the request is coming from PayPal you can try resolving the IP address:
if (preg_match('~^(?:.+[.])?paypal[.]com$~', gethostbyaddr($_SERVER['REMOTE_ADDR'])) > 0)
{
// came from PayPal
}
You can (and should) also request https://www[.sandbox].paypal.com/cgi-bin/webscr/ with the same data your received in POST and append the cmd => _notify-validate key-value pair to the request, if the response is VERIFIED the data is valid.
See also this question: PayPal IPN Security
Upvotes: 1
Related Questions
- paypal buy button return page link
- Paypal - Return url page and variables
- Paypal: Standard Checkout Return
- Paypal automatic return URL feature
- PayPal API handling the return
- What data to process on 'return' URL in Paypal?
- Paypal POST return
- How to validate PayPal return data?
- Paypal return URL - using GET parameters?
- Paypal return URL