RE: [OT] Redirect POST to POST off-site?
(sorry about the blank reply a minute ago) I am looking into the more advanced paypal instant notification stuff for the next version of my sw, but version one is using a simpler approach to get it out the door. Even that paypal sw wouldn't solve my problem, which is to make sure that the POST to paypal actually matches the transaction that the user has built up. I found IPN to be *very* simple to use, logging the notifications to a DB and then acting as required. I would even be happy to send you my notification script, which uses Apache::Registry but is really just a simple POST BACK to paypal and when the response is 'OK', take the appropriate action (payment received, account terminated, etc) (but please reply privately if you want it). The only nits I experienced were A) forgetting to send back the OK\r\n to paypal that they expect to see from a successful notify. They called me and wondered if my script was broken... B) having to set up a unique index on my logging table on the verify_sign field, because in spite of the correct response chain, paypal has a tendency to notify repeatedly and redundantly. HTH! L8r, Rob
Redirect POST to POST off-site?
Possibly off topic but I am not sure I have a page that contains a payment button for paypal which is essentially a form that gets POST'ed to paypal's https server. I would like to do some processing on my end when the user clicks on that form. My config is Apace 1.3.2x, MP 1.2x, Apache::Registry (all very recent but don't have the numbers handy here). My idea is to replace the action on the form to point to my (non-https) web server, do my processing, and then redirect the request to paypal via 307. My research seems to turn up that the appropriate RFC says the browser MUST confirm such a redirect with the user, which is no good for me on the server end (although I understand why on the client side). I don't want to proxy the paypal server because: - it seems like a security issue, even if I use https - it probably violates paypal TOS If it doesn't violate the TOS, I suppose I could just proxy the PayPal landing page and let paypal handle it from there. But I am hoping for a easier solution... any ideas? I am looking into the more advanced paypal instant notification stuff for the next version of my sw, but version one is using a simpler approach to get it out the door. Even that paypal sw wouldn't solve my problem, which is to make sure that the POST to paypal actually matches the transaction that the user has built up. GV
