8 replies to this topic

[katherholt]

I'm so glad to find this snippet! I have it working here:

http://www.chair-depot.com/WL-SB-210-GG.html

(The second PayPal button on the bottom of the page is from the snippet - the top one is from a form - in which you can view the email when you view the source code of the page). I was concerned about that and thank you for this much better way of building PayPal buttons. I did update it a bit for US shopping and it works well.

I have a lot more to add to the web site and this just made my job much easier. THANK YOU! (the first button will go away soon after I code the other pages.)

Now if I can just figure out how to build a better inventory system for these chairs to display the data instead of hand coding each page......

[Ed Headset]

katherholt, on Apr 4 2008, 05:25 AM, said:

I'm so glad to find this snippet! I have it working here:


(The second PayPal button on the bottom of the page is from the snippet - the top one is from a form - in which you can view the email when you view the source code of the page). I was concerned about that and thank you for this much better way of building PayPal buttons. I did update it a bit for US shopping and it works well.

I'm not want to burst your bubble, but I also see the email address in the second button code

(code has been edited, so it's better readable, links have been removes, also the real email address, for obvious reasons )

<form action="https://www.paypal.com........." method="post" target="paypal"><<snip>>....
 <input type="hidden" value="<EMAIL ADDRESS>" name="business" /> <<snip>>....
 </form>
  </p>
  <p>&nbsp;
<form target='paypal' action='https://www.paypal.com/.....' method='post'><<snip>>...
<input type='hidden' name='business' value='<EMAIL ADDRESS>'> <<snip>>.........
</form>

As you can see the email address is also in the second code

Edited by Ed Headset, 04 April 2008 - 10:31 AM.

[Cris D.]

The easiest way to hide your address from the button and start to get some sense of simplicity and start re-using code for each page is to make the button click go to a form that contains the info configured from a separate file or snippet.

You can have the button an icon that redirects to another page that contains a snippet that does the job,
you can make the button a form that has the action set to post the info to a page with a snippet
or even post to an external file. The product parameters can be collected and handled at the file or snippet level before sending off to paypal.

[Ralph]

I have done what Cris is explaining using parseChunk()... The end user never sees the form that kickstarts PayPal...

[katherholt]

Well, I still like the snippet. Thanks for the comments, everyone - I just don't have the time to look into the other ideas right now. I should have been more careful and looked at the source code to check if the email was showing up - I assumed it wouldn't because it would somehow be parsed. But - that's what I get for rushing and working late.

[katherholt]

The quickest thing I can think of is to encode the email address - here is a test page and it worked.
http://www.chair-depot.com/test-paypal.html - that should help some of the spamming. I used this url: http://www.wbwip.com/wbw/emailencoder.html

Here is the test page:
http://www.chair-depot.com/test-paypal.html

[Ed Headset]

katherholt, on Apr 4 2008, 03:51 PM, said:

The quickest thing I can think of is to encode the email address - here is a test page and it worked.
http://www.chair-depot.com/test-paypal.html - that should help some of the spamming. I used this url: http://www.wbwip.com/wbw/emailencoder.html

This looks much better!
But does it work, I mean have you tested it ?

As it might look nice, doesn't mean it works now does it

Anyhow, if you need more coding of Email addresses maybe you can also use :
Email-protect v1.6 Final
this can secure email addresses also, and you don't need any email encoder to code it for you

Maybe it give you an idea about hiding code in a Java script.
Maybe even hiding the whole Paypal code in a java script,
So you can see if there's a Email address is in the first place

Edited by Ed Headset, 04 April 2008 - 03:54 PM.

[katherholt]

Yes, it works, I tested it all the way through PayPal, received payment receipt and notification email and check with client to make sure the order was received. It was.

Thanks for telling me about the other snippet - I only go hunting for snippets when I find a need. This is definately a need.

[deadline]

Hi All,

After some experiments, I have to warn people on implementing Paypal button or cart without sending a secure encryption string to the paypal server -

The danger leads in passing the attributes qty, price, etc... in a non-encrypted way... this data can therefore be intercepted... (or generated), in different ways, and hacked to suit ones need... (imagine someone to buy from your webstore an article to a lower price than originaly sold...)

Paypal offers the possibility to encrypt one button at a time. But this is painfull, and not very effcicient for handling multiple articles...

So one solution is to dynamicaly encrypt the paypal data, as described here :
http://en.csharp-online.net/Encrypted_Webs...4PHP_Developers

... where the EncryptedButtons.php class provides all the logic for encrypting your buttons on the fly, and the Config.php handles all the preferences (basedirs, private and public ssl certificates paths, etc...)

Here is a snippet I wrote for Etomite to take advantage of this class, and let you encrypt your paypal buttons :

 require_once "../paypal/EncryptedButtons.php";
 
 $names = array("lc","item_number","invoice","currency_code","shipping","shipping2","item_name","amount", "tax", "no_shipping","return","rm","notify_url");
 
 $values = array("FR","ENA3-A1-L1","","EUR","0.00","0.00","Achat licence Nod32 v3 - 1 utilisateur - 1 an maj - en licence telechargeable", "33.11","6.49","0","http://yourwebsite/paypal-confirmation.htm","2", "http://yourwebsite/paypal-ipn.htm");
 
 // If you don't want to use the inbuilt config, you can pass an array
 // of config arguments in the constructor, or, you can add config parameters
 // using the changeConfig function.
 
 $config = array(
   "cert_id" => "YOUR_PAYPAL_CERT_ID", 
   "business" => "YOUR_BUSINESS_ACCOUNT_CONTACT",
   "basedir" => "./",
   "certstore" => "./",
   "tempdir" => "./",
   "my_private" => "private.key",
   "my_public" => "public.key",
   "paypal_public" => "paypal_public.key"
 );
 
 $paypal = new PayPal_EncryptedButtons($config);
 
 // You can add parameters to the button one by one (name, value) or you can pass two
 // arrays of names and values, as documented below.
  
 $paypal->addButtonParam($names, $values);
 
 // We can now generate our code
 $result = $paypal->encryptButtonData();
  if ($result !== PP_ERROR_OK) {
		 // Something went wrong
		 return $out = "Received Error #".$result."\n";
 }
 
 // Get the string of encrypted button data
 
 $out = '<form action="https://www.paypal.com/cgi-bin/webscr" method="post">';
 $out .= '<input type="hidden" name="cmd" value="_s-xclick" />';
 $out .= '<input type="image" src="https://www.paypal.com/fr_FR/i/btn/btn_xpressCheckout.gif" name="submit" alt="Effectuez vos paiements en ligne - c\'est rapide, gratuit et securise !" />';
 $out .= '<input type="hidden" name="encrypted" value="';
 $out .= $paypal->getButton();
 $out .= '" />';
 $out .= "</form>\n";
 
 return $out;

Hope it helps,
deadline