贝宝高级付款-验证发送的参数以确认和取消页面 [英] PayPal Payments Advanced -- Validate Parameters Sent to Confirm and Cancel Pages
问题描述
我正在使用TEMPLATE = TEMPLATEC的贝宝高级付款.我已经弄清楚了如何创建IFRAME并从PayPal接收确认/取消/silent_post响应.但是我发现没有办法验证我的Confirm/Cancel/silent_post页面收到的参数.有没有办法确保这些参数来自PayPal,而不仅仅是由任意用户发送?
I'm using PayPal Payments Advanced with TEMPLATE=TEMPLATEC. I already figured out how to create an IFRAME and receive confirm/cancel/silent_post responses from PayPal. But I've found no way to validate parameters my confirm/cancel/silent_post pages receive. Is there a way to ensure that these parameters are from PayPal and not just sent by arbitrary user?
推荐答案
关于最好的选择,是在显示iframe之前,对从PayPal收到的安全令牌和安全令牌ID进行查询交易(TRXTYPE=I) .如果运行了某个事务,则该调用将为您提供该事务中的事务ID(PNREF). (并且根据您的情况,可能只需要PNREF.)如果与买方发送回给您的PNREF相匹配,则很有可能其余数据是真实的.
About the best option you have is to run an inquiry transaction (TRXTYPE=I) against the secure token and secure token ID you received from PayPal before displaying the iframe. If a transaction was run, that call will give you the transaction ID (PNREF) from the transaction. (And depending on your situation, the PNREF may be all you need.) If that matches the PNREF sent back to you by the buyer, then there's a good chance that the rest of the data is genuine.
例如:
请求:
USER=****&VENDOR=****&PARTNER=****&PWD=****&TRXTYPE=I&SECURETOKEN=7tGDq6ILZeEmATCwTXrSRkwjz&SECURETOKENID=76ac5819ee01475daf15b2af038da977&VERBOSITY=HIGH
响应:
RESULT=0&PNREF=E79P4ABEC9DE&TRANSSTATE=8&ORIGRESULT=0&ORIGPNREF=E19P4BFB14B2&RESPMSG=Approved&AUTHCODE=111111&AVSADDR=Y&AVSZIP=Y&CVV2MATCH=Y&ORIGPPREF=1XR06058R58346646&CORRELATIONID=bdd79cb3c7fb6&PROCAVS=X&PROCCVV2=M&SETTLE_DATE=2013-04-23 07:22:06&TRANSTIME=2013-04-23 07:22:06&LASTNAME=NotProvided&AMT=24.99&ACCT=3698&EXPDATE=1214&CARDTYPE=0&IAVS=N
ORIGRESULT是原始事务的结果(0是成功;其他都是失败.)
ORIGRESULT is the result of the original transaction (0 is a success; anything else is a failure.)
ORIGPNREF是原始交易的PNREF.
ORIGPNREF is the PNREF from the original transaction.
这篇关于贝宝高级付款-验证发送的参数以确认和取消页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
