确保贝宝返回页面来自贝宝 [英] Ensure paypal return page coming from Paypal

问题描述

除了我的问题和上一个主题的出色答案之外， 在PHP中重定向/返回检查

Further to my question and awesome answers from the previous thread, Redirection / Return Check in PHP

我也想知道，如果付款确认页从PayPal返回到我的网站，我怎么能100％确定它来自Paypal并付款呢?

I would also love to know, if a payment confirmation page is returned to my website from PayPal, how can I 100% sure that it is coming from paypal and the payment is made?

关于， 安迪

推荐答案

要确保请求来自PayPal，您可以尝试解析IP地址:

To make sure the request is coming from PayPal you can try resolving the IP address:

if (preg_match('~^(?:.+[.])?paypal[.]com$~', gethostbyaddr($_SERVER['REMOTE_ADDR'])) > 0)
{
    // came from PayPal
}

您还可以(并且应该)使用与在POST中收到的相同数据来请求https://www[.sandbox].paypal.com/cgi-bin/webscr/，并将cmd => _notify-validate键值对添加到请求中(如果响应是VERIFIED数据)有效.

You can (and should) also request https://www[.sandbox].paypal.com/cgi-bin/webscr/ with the same data your received in POST and append the cmd => _notify-validate key-value pair to the request, if the response is VERIFIED the data is valid.

另请参阅以下问题: PayPal IPN安全性

这篇关于确保贝宝返回页面来自贝宝的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！