How to stop someone to see the PAY PAL thank you page

How do you stop some people that have not seen the Pay Pal thank you page from download or submit something? Is there a code to redirect them back to the Pay Pal page or to the first page? If they not come from Pay Pal?

 

wow you download the script from blackhat all by yourself?

 

You can try to check the $_server['http_referer'] and see which page the client came from and header redirect them based on that.

The Paypal IPN also has something in the form produced that you can have a cancel url. If they cancel during the paypal process it will send them to that address.

 

right i see that one. Thats a good idea. But can they not search for the page on the internet? I seen some black hat doing that?

 

Right that is where the IPN comes in . When a customer is at your website they get a unique id. Paypal posts back to your website they paid, you keep track on your website that that unique id paid. Also, with the payment information. So, if they don't have the unique id, name, password redirect them to the paypal payment account. you could possible track IP, but that changes when people are on dial up. You could possible track a cookie, but people delete or not even use that all the time.

 

yeah i know but if you search with google black hat style you can find it right?

 

No, not if you htaccess password protect your directory that is holding the files and only serve the files through a php script that you need to be logged into the website to access.

Those you find on google don't do this, they leave the directory's open to be spidered. Which in the end means it is a security flaw and is a trademark of a low quality php programmer.

Hey if you need help programming this in php then see my signature.

.

 

htaccess password oki well thats a good idea

 

Make It little more advanced when someone pays you and comes to your page then using ipn and you can get his/her email address from which he/she has paid .. If the person enters his email there and it exist in the paiid names then he can see ur real thank page

 

Also a good idea if the person not give out his email.