Software, your way.
How To Get Good Custom Software
(Download)
(PDF)
burger menu icon
WillMaster

WillMaster > LibraryCookies and Browser Interaction

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

PayPal Purchase Validation

When a purchase is made via PayPal, the buyer is generally returned to a download or other purchase confirmation page. Should the URL of that page be obtained by the unscrupulous, product may be lost to theft.

PayPal provides several purchase validation methods that require some programming expertise to set up.

If you have insufficient programming experience and prefer not to hire someone right now to do it for you, there is another way. Validation with a cookie.

It's not as secure as what PayPal provides. Get better validation when you have the time and funds to do so. Still, the cookie method is better than no validation at all. Which is why I'm going to show you how to it.

I made implementation as easy as I possibly could.

When the buyer clicks the Buy Now button, a cookie is set in the browser before it goes to PayPal. When the browser returns from PayPal and lands on the after-purchase thank-you page, the presence of the cookie validates the purchase. The cookie's absence blocks delivery of the product.

The system can be bypassed by clicking the Buy Now button and not actually paying for the product. Just going to the download page. Yet, it is better than letting non-buyers go straight to the download page with no purchase validation at all.

The cookie method is intended to thwart casual thieves, not the persistent, skilled, or professional. This same method may be applied to purchases made via other payment gateways.

Implementing Cookie Purchase Validation

Part I - Setting the cookie (before PayPal)

Step 1.

Somewhere in the source code of the web page containing the PayPal Buy Now button, insert the JavaScript in the box below. It can be in the HEAD area or in the BODY area. It may also be imported into the web page from an external file. 

<script type="text/javascript">
function SetPayPalPurchaseCookie() {
var CookieName = "PayPalPurchase"; // Cookie's name
document.cookie = CookieName + "=" + escape(document.URL) + "; path=/";
return true;
}
</script>

Note: If you change the cookie's name in the JavaScript, a corresponding change needs to be made as noted in Part II of Implementing Cookie Purchase Validation.

Step 2.

A bit of code needs to be inserted into the Buy Now button form's action tag.

Here is the code of an example Buy Now form. 

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="85NQZ5T78S7EG">
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>

The Buy Now button form's action tag is the first line of the above code. You'll be inserting something between the word "form" and the word "action".

This is what to insert: 

onsubmit="return SetPayPalPurchaseCookie()"

When the above code is inserted into the Buy Now button form's action tag, the code of the Buy Now form will look like this (using the previous example). 

<form onsubmit="return SetPayPalPurchaseCookie()" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="85NQZ5T78S7EG">
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>

Part I is now complete.

Part II - Reading the cookie (after PayPal)

The after-purchase thank-you page needs to be a PHP web page. The cookie read can be done with JavaScript instead of PHP. But with JavaScript it could be obvious to anyone looking at the web page source code that a cookie is required to get the product.

Therefore, let's make the after-purchase thank-you page a PHP web page.

Three code snippets need to be inserted into the page.

Snippet 1.

The PHP code in the box below needs to be inserted somewhere toward the top of the source code of the after-purchase thank-you page, perhaps in the head area or above the <html> tag. 

<?php
$CookieName = "PayPalPurchase"; // Cookie's name
$Authenticated = (isset($_COOKIE[$CookieName]) and strpos($_COOKIE[$CookieName],'http')===0) ? true : false;
?>

Note: If you change the cookie's name in the above PHP code, a corresponding change needs to be made to the cookie name in the JavaScript as noted in Part I of Implementing Cookie Purchase Validation.

Snippet 2.

The PHP code in the box below needs to be inserted at the location in the after-purchase thank-you page where the after-purchase content is to be published (needs to be somewhere below where snippet 1 was inserted). 

<?php if( $Authenticated ): ?>
The content to publish if the browser has the cookie.
<?php endif; ?>

Replace "The content to publish if the browser has the cookie." with whatever content you want to publish for those who have completed the purchase.

Snippet 3.

The PHP code in the box below needs to be inserted at the location in the after-purchase thank-you page where the after-purchase content is to be published, anywhere above or below snippet 2 (needs to be somewhere below where snippet 1 was inserted). 

<?php if( ! $Authenticated ): ?>
The content to publish if the browser does NOT have the cookie.
<?php endif; ?>

Replace "The content to publish if the browser does NOT have the cookie." with whatever content you want to publish for those with browsers that do not have the purchase cookie.

Part II is now complete.

The PayPal purchase validation with a cookie is implemented.

Use

When the Buy Now button is clicked to pay at PayPal, a cookie is set. (The cookie automatically deletes when the browser is closed.)

The download/confirmation page checks to see if the cookie is available. If yes, it provides relevant after-purchase content. If no, it provides other content.

The system has the fault that a cracker may determine that a cookie is used for validation. The system is not intended to stop the persistent, skilled, or professional.

If no validation is currently done, the cookie validation is an improvement. Don't let them grab your product unless the browser has the purchase cookie.

Will Bontrager

Was this article helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method

All information in WillMaster Library articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

More "Cookies and Browser Interaction" Articles

Cookie Directory Protection

How to Set a Secure Affiliate Cookie

Setting Cookies at Other Domains

Other Recent Articles from the Library

Keeping Image Location Secret

Easier Reading of JSON Data

Fixed Position Image

Visually Centering Images

Check SSL Certificate

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2024 Will Bontrager Software LLC