Jump to content


Photo

CF IPN Resource for purchases and subs


  • This topic is locked This topic is locked
13 replies to this topic

#1 davidh

davidh

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 15 January 2003 - 01:43 PM

For anyone like me who is a newcomer to PayPal IPN and has not been working long with CF, I was really hunting for a script that would help process the IPN and insert/update into a db with minimal customisation and deal with purchases and subscriptions.
I found the following resource
http://jshop.homeip...._paypal_ipn.cfm
and wanted to post this to maybe help others in a similar situation.

David

#2 THORAXX

THORAXX

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 21 February 2003 - 07:48 AM

Dav,

I use Jasons script now how ever I have heavly modified it to fit my needs. the reason is because paypal's password doesnt get un-hashed when its inserted in to the database. What this means is the paypal password that is supplied by paypal is usless to me because the clients who subscrib their password will not work.

I've worked with Jason and gave him the changes I dont know if he updated his code. But he code is a good starting point.

Ernie

#3 DopesApprentice

DopesApprentice

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 21 February 2003 - 07:45 PM

Ernie,

I'm using Jason's script too - now that I see it, I'm glad I didn't try it on my own. It was a good investment so far.

But now I'm testing it, and I'm running into that hashed password issue that you mentioned. Paypal issue a password like "red-car" but it gets written to my database like "Ee^3dff5#zQ1" I'm even able to authenticate new users, but they have to log in with this jumbled "Ee^3dff5#zQ1" password, not "red-car".

Now I don't know what to do. Any suggestions? Thanks.

-Mark

#4 jmercmon

jmercmon

    Member

  • Members
  • PipPip
  • 14 posts

Posted 23 February 2003 - 12:34 PM

Jason here,

I have been over this password issue several times and I always suggest that users will have to create some sort of system to generate passwords on there own. The reason is that the passwords that are passed by paypal have been encrypted using a unix hash and there is no way to undo them. The only know use (that I know of) is to insert these encrypted passwords directly in to a .htpassword file and allow a webserver that runs on unix\linux to use them in this fashion and sense most of us who use ColdFusion use windows servers running IIS this feature is not useful. Now I have heard that there are ways to get .htpassword functionality on a windows IIS server but this would be up to the person running the server if what I have heard is correct and it is even possible.

So what this all means is that the passwords from paypal are useless. I have emailed a person I know at paypal and asked about getting it changed to have an option to send it either way encrypted/unencrypted and he said it was the way it is going to stay for now.

I do remember a person who sent me some info on a password generator but I cannot seem to find the code. When I developed the paypal ipn tag for cf I decided on a stopping point with the code. The reason was that the next step from where I stopped was in to thousands of options for custom code and not everyone could possibly use all the options.

What I would like to do and I will have it setup in a few days is have and area where users can download the custom code snippets that users are sending me. I will send out and email to all when it is ready.

Now for the password one. For the life of me I cannot find the email or the code you sent me if you could please send it to me again so I can include it that would be great.


#5 paypal_pb

paypal_pb

    Advanced Member

  • Members
  • 2,960 posts

Posted 24 February 2003 - 12:51 PM

http://www.paypal.co...bership-outside

It's possible but not trivial to use the hashed passwords in a non-Unix environment. ASP users would need a module such as ASPCrypt from serverobjects.com

Patrick Breitenbach
PayPal, Inc.
Dev Net: https://www.paypal.com/pdn

#6 DopesApprentice

DopesApprentice

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 26 February 2003 - 12:37 PM

Thanks Patrick,

I think we are Codfusion users here. Any help in sight for us? I'd like to us you password service someday.

#7 DCS1000

DCS1000

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 28 February 2003 - 03:17 PM

Hi,

I have been writing CF applications for over 5 years and has extensive knowledge of the PayPal system. I have developed several custom shopping carts for PayPal, and others, and would be happy to assist in the development in any application you may need.

Please contact me to get started.

Regards,

John Turner
http://www.TheSolutionFactory.net/


#8 DCS1000

DCS1000

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 28 February 2003 - 03:34 PM

Hi again,

One thing I should add about using paypal for your transactions. It is possible for a user to over-ride the price you set and get paypal to charge a lower price, and then process as normal. This means that automated IPN scripts that are not tied into the shopping cart, or "front-end", can't check the post-transaction price against the original.

This should not cause a problem for most people, but could really cause some undue stress to others. A worthy note that you can read more about here http://commons.somew...tons.-.Set.html and many other places.

Hope this helps.

John

#9 paypal_pb

paypal_pb

    Advanced Member

  • Members
  • 2,960 posts

Posted 28 February 2003 - 06:25 PM

Merchants should always review their orders before fulfilling.

Patrick Breitenbach
PayPal, Inc.
Dev Net: https://www.paypal.com/pdn

#10 DCS1000

DCS1000

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 28 February 2003 - 07:21 PM

Yes, they should and I am sure they do. I was just speaking of instant delivery items such as website memberships or downloads which use IPN to grant access. In this case, it would be an automatic transaction and a review may not do much if the item has been downloaded or viewed.


John

#11 paypal_pb

paypal_pb

    Advanced Member

  • Members
  • 2,960 posts

Posted 01 March 2003 - 04:46 PM

No difference. Before granting access, your CGI/script should check the amount paid.

Patrick Breitenbach
PayPal, Inc.
Dev Net: https://www.paypal.com/pdn

#12 DCS1000

DCS1000

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 01 March 2003 - 05:06 PM

If you will read my second post you will see I was refering to IPN tags such as the one Jason is selling.

Snippet from original post:

"This means that automated IPN scripts that are not tied into the shopping cart, or "front-end", can't check the post-transaction price against the original."

So, if someone were to just have a link on a website, then used a prefab IPN module (cold fusion or otherwise) to grant access, there would be no way for the script to check.

Regardless, I have setup a Cold Fusion forum for PayPal developers. It is exactly like this one, but is all Cold Fusion. The link is http://www.dcs1000.c...hpBB2/index.php

I am happy to answer all questions I can on this forum, so please dont hesitate to post.

Hope this helps.

John





#13 jmercmon

jmercmon

    Member

  • Members
  • PipPip
  • 14 posts

Posted 02 March 2003 - 08:45 AM

Adding checking in the IPN script I wrote is very easy. There are several areas in the code you can do this and stop anyone form running bad transactions. There is no need to have it tied in to a shopping cart or "Front-end" to stop this from happening. Now all this will have to be coded on a per item basis. I am currently working on an entire shopping system that is intergrated in with paypal as DCS1000 talks. It will soon be available and all your worries about people tampering with code will be over. This new shopping cart system will be very hard to fool. ( but not impossible nothing is impossible) Someone would would have to go to great lengths to change the price of an item and then the system would still catch it.

#14 Chadd

Chadd

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 16 May 2003 - 01:34 PM

Can anyone please let me copy their IPN script for subscription that actually works. Please help nothing is working. i get eliteweaver to show that i am posting incorrect script but that is it.

this link doesnt work http://jshop.homeip...._paypal_ipn.cfm




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users