我有一个 html 立即付款按钮(立即购买),我必须将其托管在我自己的服务器上并删除保护,以便它能够执行我希望它执行的操作(一位在 paypal 工作的程序员告诉我我必须做什么这样做,所以我不能与他争论)
既然按钮按照我想要的方式工作,我需要对其进行加密,我已经在谷歌上搜索了大约两周左右,我发现了很多方法来获取工作完成了,但我想要最好的最简单的加密方法,因为我是 paypal 世界的新手,所以我不想遵循一个需要我一个月的时间才能理解
标准 html 加密是否有效的教程?我对此表示怀疑,但无论如何我还是要问。如果在服务器端有一种简单的方法来完成它,我会很高兴
简单是什么意思?
我不介意遵循一个漫长的分步教程来完成它,只要它是一步一步的教程
编辑
这是我的按钮的代码(我对其进行了一些更改,但您可以看到您需要知道的所有内容)
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="KU515658J">
<input type="hidden" name="lc" value="US">
<input type="hidden" name="amount" value="5">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="button_subtype" value="services">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="bn" value="PP-BuyNowBF:btn_paynow_SM.gif:NonHosted">
<table>
<tr><td><input type="hidden" name="on0" value="example">example</td></tr><tr><td><input type="text" name="os0" maxlength="200"></td></tr>
</table>
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_paynow_SM.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
正如我所说,我必须删除代码保护,现在您可以使用 firebug 或谷歌浏览器检查元素工具,或者任何你需要的只是改变它,不需要黑客来做到这一点
<input type="hidden" name="amount" value="5">
顺便说一句,我的网站是用 php 编写的
I have an html pay now button (buy now) i have to host it on my own server and remove the protection in order for it to do what i want it to do, (a programmer who works at paypal told me what i have to do, so i can't argue with him)
now that the button works just how i want it to work, I need to encrypt it, I've been googling for a about 2 weeks or so, and i found many ways to get the job done, but i want the best and simplest way to encrypt it, because i'm new to the paypal world so i don't want to follow a tutorial that would take me a month to understand
does the standard html encrypt, do the job? I doubt that but i have to ask it anyway. If there's a simple way to do it in the server side, I'll be so happy
What do I mean by simple?
I don't mind following a long step by step tutorial to get it done, as long as it is a step by step tutorial
EDIT
Here's the code of my button (i have changed it a bit but you can see everything you need to know)
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="KU515658J">
<input type="hidden" name="lc" value="US">
<input type="hidden" name="amount" value="5">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="button_subtype" value="services">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="bn" value="PP-BuyNowBF:btn_paynow_SM.gif:NonHosted">
<table>
<tr><td><input type="hidden" name="on0" value="example">example</td></tr><tr><td><input type="text" name="os0" maxlength="200"></td></tr>
</table>
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_paynow_SM.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
As I said I had to remove the code protection so now you can see the value, using firebug or google chrome inspect element tool, or whatever and all you need is to change it, it doesn't take a hacker to do it
<input type="hidden" name="amount" value="5">
By the way my website is in php
发布评论
评论(2)
如果您可以使用 PHP/cURL 进行 API 调用,请使用按钮管理器 API
您可以调用“创建按钮”API 并告诉 PayPal 使用您想要的所有变量和值为您创建一个加密按钮。
否则,使用加密网站付款
这将使用您服务器的资源来加密按钮,并且您需要找到一种方法来编写解决方案以在生成之前加密 PayPal 按钮它(还需要 PHP 或其他服务器端脚本语言)。
If you can make an API call using PHP/cURL, use the Button Manager API
You can call the 'create button' API and tell PayPal to make an encrypted button for you with all the variables and values you want.
Otherwise, use Encrypted Website Payments
This will use your server's resources to encrypt the button, and you will need to find a way to code a solution to encrypt the PayPal button before generating it (also requiring PHP or other server side scripting languages).
您是否需要加密按钮 HTML 或其发送的数据?
相对于前者:HTML 加密始终存在;您实际上无法以安全的方式加密 HTML - 总有人会找到绕过您的加密的方法,因为 HTML 必须可由浏览器解析。
在后一种情况下,PayPal 在向其服务器发送数据时使用
https://和 SSL,因此(几乎)尽可能安全。数据经过加密,因此数据包嗅探器很难弄清楚发生了什么。如果您查看 PayPal 表单代码,您会发现发送的信息并不多,最容易受到攻击的是 PayPal 验证的 ID。PayPal 等在安全性方面投入了大量工作。您不应该担心“加密”您的 HTML。
这段代码中有语法错误
- 您需要一个 <“示例按钮”之后的 code>>。关于能够更改该值,您应该检查 PayPal 端,看看 PayPal 是否在服务器端验证该值。如果不这样做,就没有办法让它变得更安全,这对 PayPal 来说是一个大问题。Do you need to encrypt the button HTML, or the data it sends?
In relation to the former: there will always be around HTML encryption; you can't actually encrypt HTML in a secure way - someone will always find a way round your encryption as HTML has to be parseable by the browser.
In the latter case, PayPal uses
https://and SSL when sending data to it's server, so that's (nearly) as safe as it gets. The data is encrypted so packet sniffers have a hard time figuring out what's going on. If you look at the PayPal form code, you'll see that not a lot of information is sent, the most vulnerable being an ID that is verified by PayPal anyway.PayPal and the like put a lot of work into security. You shouldn't be worrying about "encrypting" your HTML.
You have a syntax error in this piece of code
<td><input type="hidden" name="on0" value="example button"</td>- you need a>after"example button". In relation to being able to change the value, you should check on the PayPal side of things to see if PayPal validates the value server-side. If it doesn't, there isn't a way to make this any more secure and is a huge issue on PayPal's part.