PHP 会员脚本 + PayPal IPN,我需要请求哪些信息并与哪些信息进行比较?
所以我有一个产品。为了让用户购买它,他们需要创建一个帐户。该帐户稍后将用于访问我的产品。
我的问题是:注册时(付款前)我需要向用户询问哪些信息?每当 Paypal 发送通知时,我都需要一些东西来比较。我的意思是这样的:如果我只要求用户名和密码 - 我如何知道是那个特定用户付款,并相应地更新数据库?
显然我还需要名字、姓氏和电子邮件。我之所以提出上述情况,是因为我看到其他会员网站要求提供电子邮件(不是 PayPal 电子邮件),但他们无法确定名字、姓氏和/或电子邮件与客户所拥有的信息相匹配他们的贝宝。
简而言之:每当收到通知时,如何更新客户帐户(将数据库中的“活动”字段设置为 TRUE 等),以及我要验证/验证哪些信息?
如果我的问题不够清楚,请随时告诉我。 :)
So I have a product. In order for users to buy it, they need to create an account. That account will later be used to access my product.
My question is this: What information do I ask the user for upon registration (before payment)? I will need something to compare with, whenever Paypal sends a Notification. What I mean by that is this: if I only ask for a username and password - how will I know that it was that specific user that paid, and update the database accordingly?
Obviously I would want to require firstname, lastname, and E-Mail aswell. The reason I presented the above situation, was because I see other membership sites that ask for an E-Mail (not PayPal email), but they cant be sure that the firstname, lastname, and/or email match the info the customer has on their PayPal.
To make it short: How do I update the clients account whenever I receive a Notification (set the Active field in the Database to TRUE, or something), and what information do I verify/validate with?
If my question is not clear enough, please do not hesitate to let me know. :)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
好吧,我认为这与正常的“我如何真正知道产品 X 确实是通过 PayPal 支付的”没有什么不同。你这里的“产品”是会员订阅,而不是实体产品,否则本质上是一样的。
当您将用户发送到 PayPal 时,只需在 PayPal 数据中发送该用户的唯一标识符即可。 (如果您不想创建要销售的“产品”,则可以只使用用户表的 ID。)使用“自定义”字段或“item_number”字段传递此信息。 PayPal 将在 IPN 中将这两条信息传回给您,您可以使用它来验证是否已为该用户进行付款。
如果您担心用户代表其他用户欺骗付款,您可以 a) 加密您发送到 PayPal 的所有数据,b) 将 PayPal 设置设置为仅接受您帐户的加密购物车数据。
编辑:有关向 PayPal 传递信息的更多具体信息:
您可以使用很多很多变量向 PayPal 发送信息。假设您正在使用网站支付标准和购物车功能,则可以将其分为两个部分。
并非所有信息都会通过 IPN 传回给您。要查看 IPN 中传回给您的内容,请查看此处的“示例 IPN 消息”部分:https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=developer/e_howto_admin_IPNIntro。
您需要的是一条信息,a) 您将其传递给 PayPal 以唯一地识别用户,b) PayPal 在 IPN 中将其传回给您。
我建议您使用名为“custom”的变量来实现此目的。 (请参阅表 4:支付交易的 HTML 变量。)
您在“自定义”变量中传递的具体内容取决于您。您可以发送a)用户表中用户的ID,b)他们在您网站上注册的电子邮件地址,c)其中之一的一些散列......只要它唯一标识用户,这并不重要,这样当您取回 IPN 时,您可以说“我知道这笔付款是针对用户 X 的”。
Well, I don't think it's really any different then the normal "how do I really know that product X was really paid for via PayPal". Your "product" here is a membership subscription, not a physical product, otherwise it's essentially the same.
When you send the user to PayPal, just send a unique identifier for the user along in the PayPal data. (You can just use the id of the user table, if you don't want to create a "product" to sell.) Pass this along using either the "custom" field or the "item_number" field. PayPal will pass both these pieces of information back to you in the IPN, and you can use that to verify that a payment was made for that user.
If you were worried about users spoofing payments on behalf of other users you can a) encrypt all the data that you send to PayPal and b) set your PayPal settings to only accept encrypted shopping cart data for your account.
EDIT: Lots more specific information on passing information to PayPal:
There are many, many variables that you can use to send information to PayPal. Assuming that you are using Website Payments Standard and the shopping cart functionality, this can be divided into two buckets.
Not all of that information is passed back to you in in the IPN. To see what is passed back to you in the IPN, look at the "Sample IPN Message" section here: https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=developer/e_howto_admin_IPNIntro.
What you need is a piece of information that a) you pass to PayPal to uniquely identify a user and b) PayPal passes back to you in the IPN.
I suggest that you use the variable called "custom" for this purpose. (See Table 4: HTML Variables for Payment Transactions.)
What exactly you pass in the "custom" variable is up to you. You could send a) the id for the user in your user table, b) their registered email address on your site, c) some hash of one of those... it doesn't really matter as long as it uniquely identifies the user, so that when you get the IPN back you can say "I know this payment is for User X".