|
|
|
Rank: Starting Member
Groups: Registered
Joined: 1/16/2003
Posts: 65
Location: ,
|
I have the code below in my thankyou page but even after I purchase something and click continue from Paypal, I'm still denied access...Fix? Thanks
<?php
if (!preg_match("/^65.206/", $REMOTE_ADDR)) {
echo "<html><body bgcolor='#ffffff'><div align='center' style='margin-top:50px;font:bold 30px tahoma;color:red'>ACCESS DENIED</div></body></html>";
}
else {
header("Location: http://site.com/download_page.html");
}
?>
|
|
|
|
|
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 9/16/2002
Posts: 2,960
Location: ,
|
Some web servers disallow a POST to an HTML page. You'll either need to switch your "return" url to a .php page or include rm=1 in your PayPal pay button which will cause the Continue button to link/GET the "return" URL. Patrick Breitenbach PayPal, Inc. Dev Net: https://www.paypal.com/pdn
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 1/16/2003
Posts: 65
Location: ,
|
Access still denied...
My return page is already a .php page and PP is posting to it.
I've tried rm=1 and rm=2 changing the POST/GET.
I have tried with the IPN turned on and off...Access still denied.
Should I be including something in my return page script like:
$REMOTE_ADDR = $_POST['REMOTE_ADDR']; ???
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 9/16/2002
Posts: 2,960
Location: ,
|
What page are you trying to access? Patrick Breitenbach PayPal, Inc. Dev Net: https://www.paypal.com/pdn
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 1/16/2003
Posts: 65
Location: ,
|
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 4/14/2003
Posts: 59
Location: ,
|
I think you want to use HTTP_REFERER instead. The remote addr is the client side.
Of course, you shouldn't soley rely on http_referer since it can be spoofed rather easily.
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 1/16/2003
Posts: 65
Location: ,
|
You know...I tried for about a month last year to use $HTTP_REFERER even going as far as calling Paypal to ask...The tech knew absolutely nothing about it and after posting in several forums with a lot of talented people, we determined they had dynamically disabled it. I was thinking the above code was doing the same thing...since it's checking the Paypal address.
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 7/21/2003
Posts: 11
Location: ,
|
Why would PayPal disable referers? I've been trying to get my referer script to work with PayPal and I just assumed somehow PayPal did not have one. I know referers can be spoofed and some people have them disabled, but I want to use referers, so that if someone links to my thank you page they get redirected.
And I know a PayPal representative is going to say use IPN. Almost every question is answered "Try IPN" or "Read this article" which oddly enough is about IPN. Well I'm not going to use IPN, and I know many people also are refusing this new break through in technology.
Anywho, PayPal disabled referers.. could/would they just as easily enable them?
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 9/16/2002
Posts: 2,960
Location: ,
|
I don't believe it's possible to disable referrers since that is fully controlled by the browser. The browser simply reports the URL from which the surfer traveled. There is no referrer in IPN, though, as there should not be. Patrick Breitenbach PayPal, Inc. Dev Net: https://www.paypal.com/pdn
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 9/16/2002
Posts: 2,960
Location: ,
|
I'm not able to retrieve the referer. I'm checking into it. Patrick Breitenbach PayPal, Inc. Dev Net: https://www.paypal.com/pdn
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 7/21/2003
Posts: 11
Location: ,
|
Thanks, it'd help me out a lot, others too I would imagine.
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 1/16/2003
Posts: 65
Location: ,
|
One requirement is that the user must have clicked on a link...which the user does when he clicks "continue" in Paypal. Like I said, you won't be able to use HTTP_REFERER for one reason or another...possibly because it's a secured site.
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 7/21/2003
Posts: 11
Location: ,
|
I just did some research and your guess was right, RFC 2616 section 15.1.3 says that clients should not include a referer when transmitting from a secure site to a nonsecure site. And I won't hold my breath waiting for the continue page to be put on a nonsecure server.
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 7/21/2003
Posts: 11
Location: ,
|
I just noticed that PayPal stores its images on a nonsecured server, ex: http://images.paypal.com/images/x-click-but5.gif so maybe it's not too far fetched to have the continue page alone on a nonsecured server.
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 9/16/2002
Posts: 2,960
Location: ,
|
I think there's more to it than that. Our server would have to redirect from a secure posted page to an unsecure page whcih normally causes problems. Also, since it's trivial to spoof the referer, we generally recommend against relying on it. Patrick Breitenbach PayPal, Inc. Dev Net: https://www.paypal.com/pdn
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 7/21/2003
Posts: 11
Location: ,
|
My real interest in referers is just keeping download pages from being linked to or indexed by search engines. That said, I think it would be a good move to disallow pages with referers. It wouldn't be completely effective, but it wouldn't cause any harm either.
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 1/16/2003
Posts: 65
Location: ,
|
Yeah...It's kinda lame when you havta tell Paypal just how their setup works...
You're probably better off using Authorize.net, worldpay, ECHO, paysystems, or Kagi anyway because they don't make the customer signup like paypal does instantly killing sales...
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 4/14/2003
Posts: 59
Location: ,
|
Zoobie -
Give the guy a break. At least PayPal is willing to take the time to investigate these things free of charge.
|
|
|
|
Guest
|
