Just so you don't get too confused -- my example script returns "OK"
before checking the data details. That's because some clients pay for
programming work via PayPal without any button involved, and it sends me
notifications for those. You don't have to do it in that order.
On 7/20/2016 1:59 PM, Mike Bonner wrote:
I just turned the corner on understanding the old method, I suspect i'll be
able to make it work once sha-256 is implemented. And now I _think_ I have
an inkling of what you mean re: the cgi on file and back confirming the
correct info. I can see more reading in my immediate future. Thank you
much for the guidance.
On Wed, Jul 20, 2016 at 12:35 PM, J. Landman Gay <jac...@hyperactivesw.com>
wrote:
On 7/20/2016 11:00 AM, Mike Bonner wrote:
Ah, so I need to find an updated guide.
I misspoke a bit -- it's SHA-256, and the cutover is just beginning. Test
systems were put in place some time ago and the full transition will be
completed Sept 30. Noncompliant servers will fail after that date.
Currently most of the buttons are clear text. Its not too difficult for my
friend to copy and paste an item listing and edit the form values to
create
a new item. (or to adjust prices etc) but the clear text part is bad
because.. well.. People are involved. (cynical I know)
Paypal does quite a bit to assure that the button hasn't been compromised.
It sends a verification message to the CGI on file and your script must
respond with "OK" if the information passes your tests. The script on your
server needs to check that some or all of a dozen or so details are
correct. Paypal will only allow a payout if your script has verified the
info and returned permission. For example, you'd want to check that the
payee is your Paypal merchant ID and that the product code and price are
accurate. The Paypal script on my website checks nine variables before
allowing the transaction to complete.
But that does prohibit your friend from just modifying an existing button
to add new products. If Paypal doesn't have the product code on file, the
transaction will fail.
--
Jacqueline Landman Gay | jac...@hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
--
Jacqueline Landman Gay | jac...@hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
