Solved

Where to add affiliate code to paypal payment code

Posted on 2009-07-11
6
388 Views
Last Modified: 2013-12-13
Hola!

I have a query re my paypal processing code. I used to use simple buttons to push the info to paypal, paypal the returned the info to ipn.php which was a cURL script posting to two seperate ipn's, the payment system and the affiliate system.

All the affiliate system needs is to track is this
<input type="hidden" name="custom" value="<?PHP echo $_SERVER['REMOTE_ADDR']; ?>">

this tracks the affiliate url the client was sent from, i.e. www.mysite.com/23453

I dont want to delve into the realms of the affilaite software as its way too complex, suffice to say all it needs is the variable above posting to it via ipn.

The problem I have is that I no longer use a standard button, I use a final payment page which calls upon 2 config files containing what would generally be a button and the posts it to paypal.

I don't know where to include the <input type="hidden" name="custom" value="<?PHP echo $_SERVER['REMOTE_ADDR']; ?>">

I've attached the code, I;m sure its something easy but I;m a little lost.

AddPickFinal is the final payment page where the code commences
Process is the next page the user is sent to which collects configinc and globslconfig and the autoredirects to paypal
process.txt
globalconfiginc.txt
configinc.txt
final.txt
0
Comment
Question by:mlynch1985
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 24834376
For future reference, please post code in the code snippets instead of in files - it makes it MUCH easier to see and understand the code, plus the line numbers are consistent and available.  

Also, you might want to hire a knowledgeable developer ASAP to clean up this code.  Upon reading "final.txt" it is obvious that your data base could easily be destroyed if a hacker wanted to put phony values into the URL get string.  There are serious timebombs in these scripts (I note that some of it dates from 2004) and the Community of Evil has learned a lot about how to attack PHP scripts since then.  Forewarned is forearmed.

On line 100 of "final.txt" there is a form that posts to action="/process.php" with this:
<input type="hidden" name="custom" value="<?PHP echo $_SERVER['REMOTE_ADDR']; ?>">

On line 48 of "configinc.txt" there is this:
$paypal[custom]="$_POST[custom]";

After the "include" statement at line 19 of "process.txt", the variable $paypal["custom"] is loaded with the value of whatever was present in $_SERVER["REMOTE_ADDR"] from "final.txt"

Line 26 of "globalconfiginc.txt" contains this:
$array_name[custom]=$_POST['custom'];

Line 223 of "globalconfiginc.txt" contains this:
<input type="hidden" name="custom" value="<?=$paypal[custom_field]?>">

Since "custom_field" is not the same variable as "custom" it would appear that you need to change line 223 to use a value of $paypal["custom"].

You can use var_dump() to print out the contents of variables.  For example,

var_dump($paypal);

... will show you what is in that array.

HTH, and best of luck with your project, ~Ray
0
 

Author Comment

by:mlynch1985
ID: 24834490
Hi Ray,

Many thanks for your input. It think I need to hire a developer as there are about 3 things I need doing and none of which I seem to be able to sort myself!

Cheers,

Matt
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 24834546
Hi, Matt.  Having an expert is usually a good plan!  Reminds me of the old joke about the engineer who pushed a button and charged the client $1,000.  When asked for an itemized bill, he replied:

Pushing button: $1.
Knowing which button to push: $999.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This article discusses four methods for overlaying images in a container on a web page
The purpose of this video is to demonstrate how to set up basic WordPress SEO. This will be demonstrated using a Windows 8 PC. The plugin used will be WordPress SEO by Yoast. Go to your WordPress login page. This will look like the following: myw…
The viewer will learn how to count occurrences of each item in an array.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question