|
|
|
Rank: Starting Member
Groups: Registered
Joined: 1/6/2003
Posts: 2
Location: ,
|
For anyone like me who is a newcomer to PayPal IPN and has not been working long with CF, I was really hunting for a script that would help process the IPN and insert/update into a db with minimal customisation and deal with purchases and subscriptions.
I found the following resource
http://jshop.homeip.net/buy_paypal_ipn.cfm
and wanted to post this to maybe help others in a similar situation.
David
|
|
|
|
|
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 2/21/2003
Posts: 2
Location: ,
|
Dav,
I use Jasons script now how ever I have heavly modified it to fit my needs. the reason is because paypal's password doesnt get un-hashed when its inserted in to the database. What this means is the paypal password that is supplied by paypal is usless to me because the clients who subscrib their password will not work.
I've worked with Jason and gave him the changes I dont know if he updated his code. But he code is a good starting point.
Ernie
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 1/26/2003
Posts: 3
Location: ,
|
Ernie,
I'm using Jason's script too - now that I see it, I'm glad I didn't try it on my own. It was a good investment so far.
But now I'm testing it, and I'm running into that hashed password issue that you mentioned. Paypal issue a password like "red-car" but it gets written to my database like "Ee^3dff5#zQ1" I'm even able to authenticate new users, but they have to log in with this jumbled "Ee^3dff5#zQ1" password, not "red-car".
Now I don't know what to do. Any suggestions? Thanks.
-Mark
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 1/16/2003
Posts: 14
Location: ,
|
Jason here,
I have been over this password issue several times and I always suggest that users will have to create some sort of system to generate passwords on there own. The reason is that the passwords that are passed by paypal have been encrypted using a unix hash and there is no way to undo them. The only know use (that I know of) is to insert these encrypted passwords directly in to a .htpassword file and allow a webserver that runs on unix\linux to use them in this fashion and sense most of us who use ColdFusion use windows servers running IIS this feature is not useful. Now I have heard that there are ways to get .htpassword functionality on a windows IIS server but this would be up to the person running the server if what I have heard is correct and it is even possible.
So what this all means is that the passwords from paypal are useless. I have emailed a person I know at paypal and asked about getting it changed to have an option to send it either way encrypted/unencrypted and he said it was the way it is going to stay for now.
I do remember a person who sent me some info on a password generator but I cannot seem to find the code. When I developed the paypal ipn tag for cf I decided on a stopping point with the code. The reason was that the next step from where I stopped was in to thousands of options for custom code and not everyone could possibly use all the options.
What I would like to do and I will have it setup in a few days is have and area where users can download the custom code snippets that users are sending me. I will send out and email to all when it is ready.
Now for the password one. For the life of me I cannot find the email or the code you sent me if you could please send it to me again so I can include it that would be great.
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 9/16/2002
Posts: 2,960
Location: ,
|
http://www.paypal.com/cg...ions-membership-outside
It's possible but not trivial to use the hashed passwords in a non-Unix environment. ASP users would need a module such as ASPCrypt from serverobjects.com Patrick Breitenbach PayPal, Inc. Dev Net: https://www.paypal.com/pdn
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 1/26/2003
Posts: 3
Location: ,
|
Thanks Patrick,
I think we are Codfusion users here. Any help in sight for us? I'd like to us you password service someday.
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 2/28/2003
Posts: 6
Location: ,
|
Hi, I have been writing CF applications for over 5 years and has extensive knowledge of the PayPal system. I have developed several custom shopping carts for PayPal, and others, and would be happy to assist in the development in any application you may need. Please contact me to get started. Regards, John Turner http://www.TheSolutionFactory.net/
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 2/28/2003
Posts: 6
Location: ,
|
Hi again, One thing I should add about using paypal for your transactions. It is possible for a user to over-ride the price you set and get paypal to charge a lower price, and then process as normal. This means that automated IPN scripts that are not tied into the shopping cart, or "front-end", can't check the post-transaction price against the original. This should not cause a problem for most people, but could really cause some undue stress to others. A worthy note that you can read more about here http://commons.somewhere....Buy.Buttons.-.Set.html and many other places. Hope this helps. John
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 9/16/2002
Posts: 2,960
Location: ,
|
Merchants should always review their orders before fulfilling. Patrick Breitenbach PayPal, Inc. Dev Net: https://www.paypal.com/pdn
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 2/28/2003
Posts: 6
Location: ,
|
Yes, they should and I am sure they do. I was just speaking of instant delivery items such as website memberships or downloads which use IPN to grant access. In this case, it would be an automatic transaction and a review may not do much if the item has been downloaded or viewed.
John
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 9/16/2002
Posts: 2,960
Location: ,
|
No difference. Before granting access, your CGI/script should check the amount paid. Patrick Breitenbach PayPal, Inc. Dev Net: https://www.paypal.com/pdn
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 2/28/2003
Posts: 6
Location: ,
|
If you will read my second post you will see I was refering to IPN tags such as the one Jason is selling. Snippet from original post: "This means that automated IPN scripts that are not tied into the shopping cart, or "front-end", can't check the post-transaction price against the original." So, if someone were to just have a link on a website, then used a prefab IPN module (cold fusion or otherwise) to grant access, there would be no way for the script to check. Regardless, I have setup a Cold Fusion forum for PayPal developers. It is exactly like this one, but is all Cold Fusion. The link is http://www.dcs1000.com/phpBB2/index.php
I am happy to answer all questions I can on this forum, so please dont hesitate to post. Hope this helps. John
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 1/16/2003
Posts: 14
Location: ,
|
Adding checking in the IPN script I wrote is very easy. There are several areas in the code you can do this and stop anyone form running bad transactions. There is no need to have it tied in to a shopping cart or "Front-end" to stop this from happening. Now all this will have to be coded on a per item basis. I am currently working on an entire shopping system that is intergrated in with paypal as DCS1000 talks. It will soon be available and all your worries about people tampering with code will be over. This new shopping cart system will be very hard to fool. ( but not impossible nothing is impossible) Someone would would have to go to great lengths to change the price of an item and then the system would still catch it.
|
|
|
|
Rank: Starting Member
Groups: Registered
Joined: 5/16/2003
Posts: 4
Location: ,
|
Can anyone please let me copy their IPN script for subscription that actually works. Please help nothing is working. i get eliteweaver to show that i am posting incorrect script but that is it. this link doesnt work http://jshop.homeip.net/buy_paypal_ipn.cfm
|
|
|
|
Guest
|
