实际上,您无法阻止用户手动调用付款URL。 您需要做的是从PayPal本身请求验证。
每次收到付款时,首先要做的是打开连接 www.paypal.com ,并使用附加变量cmd发送您收到的所有POST数据: CMD = _notify-验证 。
以下是付款验证的示例:
// read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: ".strlen($req)."\r\n\r\n"; $fp = fsockopen('ssl://www.paypal.com', 443, $errno, $errstr, 30); if (!$fp) { // HTTP ERROR => RETRY LATER and check $errstr } else { fputs($fp, $header.$req); while (!feof($fp)) { $res = fgets($fp, 1024); if (strcmp($res, "VERIFIED") == 0) { // PAYMENT VALIDATED & VERIFIED! break; } else if (strcmp($res, "INVALID") == 0) { // PAYMENT INVALID => INVESTIGATE MANUALLY! break; } } fclose($fp); }
结论:如果您没有获得产品,请不要自动将产品发送给客户 VERIFIED 来自PayPal的状态。