How to secure payment via Paypal?

I

Ibishka2020-05-11 03:25:35

HTML

Ibishka, 2020-05-11 03:25:35

<form method="post" action="{$paypal.gate}" id="paypal_form">
    <input type="hidden" name="cmd"             value="_xclick" />
    <input type="hidden" name="business"        value="..." />
    <input type="hidden" name="item_name"       value="..." />
    <input type="hidden" name="item_number"     value="..." />
    <input type="hidden" name="amount"          value="213" />
    <input type="hidden" name="return"          value="..." />
    <input type="hidden" name="cancel_return"   value="..." />
    <input type="hidden" name="notify_url"  value="..." />
    <input type="hidden" name="no_shipping"     value="1" />
    <input type="hidden" name="rm"              value="2" />
</form>

The problem is that the amount value from the console can be changed and the payment confirmed. lol where is the security? How can paypal be integrated so that the amount for just no one could change?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Arseniy, 2020-05-11
@Ibishka

Serve form data as a backend.
No, not even that. Just do not try to shove it all into a form with all the guts out, but immediately give back after, say, submitting from the order confirmation page. The amount of the order and other information is stored in the back (well, or you have all the seams), therefore, the total can be summarized directly in the back and given to the paypal action. Nothing complicated, but a little safer.

D

Dimonchik, 2020-05-11
@dimonchik2013

such smart people - trace / open a payment and spend 1 cent - have always been and are
about like parsers
, unlike parsers, it is very easy to deal with such parsers