Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

[PHP] PayPal IPN Security [HELP]

Xavi.

Xavi.

Skilled Illusionist
500 Posts 10 Happy Years
Joined
Jul 6, 2010
Messages
352
Reaction score
126
When creating a PayPal IPN, what security measures would you have to take? So far I have:

- Checking if the payment gross is the same as the amount they required to pay
- Check the currency.
- Check the receiver email.
- Check if the transaction ID already exists.
- Check if the payment status is completed.

And how would you deal with chargebacks/disputes? Do PayPal send something similar to "CHARGEBACK" to the IPN Listener?
 
Last edited:
The Best DDoS Protected Servers
Dave

Dave

Pee Aitch Pee
Joined
Mar 30, 2011
Messages
630
Reaction score
422
Re: [HELP] PayPal IPN Security

Check the currency.
Check the receiver email.
Check if the transaction ID already exists.
Check if the payment status is completed.

About the chargeback/dispute, search for "payment_status" on the following page:
You must be registered to see links

It will say the possible returned payment_status values. (Case sensitive)
 
Xavi.

Xavi.

Skilled Illusionist
500 Posts 10 Happy Years
Joined
Jul 6, 2010
Messages
352
Reaction score
126
Re: [HELP] PayPal IPN Security

Payment status complete is the "VERIFIED" right?

And with the transaction ID is that to prevent the user re-using their first payment to buy more, but not necessarily paying?

Thanks for this. Added to the list.

Is there anymore security measures I must take?
 
Dave

Dave

Pee Aitch Pee
Joined
Mar 30, 2011
Messages
630
Reaction score
422
Re: [HELP] PayPal IPN Security

Xavi. said:
Payment status complete is the "VERIFIED" right?

And with the transaction ID is that to prevent the user re-using their first payment to buy more, but not necessarily paying?

Thanks for this. Added to the list.

Is there anymore security measures I must take?
Click to expand...

I check for "Completed" in my PayPal API.
Also check the custom field value and the item_number field value (if you use the item_number field).
 
Xavi.

Xavi.

Skilled Illusionist
500 Posts 10 Happy Years
Joined
Jul 6, 2010
Messages
352
Reaction score
126
Re: [HELP] PayPal IPN Security

Alright, I see what you mean about Completed, But doesn't that mean you won't be able to accept bank transfers? As the status would be pending.

And what is the custom field value?
And what is item_number?
 
Dave

Dave

Pee Aitch Pee
Joined
Mar 30, 2011
Messages
630
Reaction score
422
Those are optional variables. You can store the account name of your customer in it for example. Or the amount of items they want to buy.
If people send their payment as eCheck, PayPal will automatically postback to your API once the eCheck period is over.

Not sure about bank transfers though.
 
You must log in or register to reply here.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
250
Guests online
6,887
Total visitors
7,137
Totals may include hidden visitors.

Forum statistics

Threads
429,065
Messages
4,590,109
Members
280,515
Latest member
Selfinjured
Most visitors online was 8830 , on 6 Feb 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top