close ad
WARNING: Do Not Install the DREAMWEAVER CC 2017 or 2018 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

Ecart 5 - Paypal Standard - Clearing the Cart on Success

Thread began 5/12/2014 4:51 pm by Meic Delwedd | Last modified 5/13/2014 11:24 am by Meic Delwedd | 497 views | 4 replies

Meic Delwedd

Hi Jason,

Thanks for your reply. I think I've got this fixed now.

I was submitting the return URL as a hidden field. The issue I had was that after making a payment through PayPal, the user can still type the URL of your cart (e.g. http://example.com/cart.php) in the address bar, or press back before being transferred to the checkout_success.php page. This is easier on PayPal as they can give a user notifying "You will be redirected in 10 Seconds", in which time they can just type the URL easily.

By doing this, a payment could be processed for one item, this would then, in time, notify my system via the IPN that the order id's status is complete. By just going direct to the cart page and not killing the session, the user can return to the cart, add more items to an order, press checkout, and without even going to PayPal, they can increase their order and make it look like they have paid for many more items than they actually have (although I'd recommend all clients check their orders and check it against their PayPal transactions), which was a bit of a security flaw for me.

What I did was (using Data Assist's Clear Session Values) create the following snippet. This checked if the session had a order id set, if so, it would clear all session variables.

@session_start();
if (isset($_SESSION['shop_OrderID']) && !empty($_SESSION['shop_OrderID'])){
// WA_ClearSession
$clearAll = TRUE;
$clearThese = explode(",","");
if($clearAll){
foreach ($_SESSION as $key => $value){
unset($_SESSION[$key]);
}
}
else{
foreach($clearThese as $value){
unset($_SESSION[$value]);
}
}
}

Is this correct? I've tested it a few times, and it appears to work fine.

Also, if you pass the notify_url as a hidden field on your confirm page, you can set the URL you wish the IPN notification to be sent to, rather than configure it manually in your PayPal account. (took me a while to spot that one).

Thanks,

Aled

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...