No replies to this topic

[napap]

Hi, i am running an online ecommerce store where i let people list and sell their items.

Howerver the security is to weak. when people click the buy button on a product they are taken to process.php where a session is set to true, and then they are redirected to paypal to complete tehir orders. after their payment is completed they are redirected to success.php where they collect their download from a link to the download url posted by the user who listed the product.

now the problem is that all that is required to get access to file download is for the session to be "true", this means that someone could just navigate to process.php and then skip paypal and navigate directly to success.php.


Here is what i want to do: instead of the link beeing displayed in the success.php file, i want paypal to navigate directly to the file download instead...


Here is my php files: php_paypal.zip
Thank you all for helping me... i would be forever happy if any of you could have a look at the script and correct it as mentioned bellow, and please send the files back to : vallandepost@gmail.com ... thank you very much!