I always use unencrypted Paypal button for my payment processing (due to several reason that I can't use encrypted button i.e. I use certain script that must use unencrypted button).
As I can see the unencrypted Paypal button just like a normal HTML form tag, so that anyone can alter the details such as price, email address, etc very easy.
So I need the script for details verification. The script must be able to verify:
1. The price
2. Product name
3. My Paypal email address
The purpose of this script is to secure my product from cheater that always alters the price of my product. With the function of this script, even though I reveal my Paypal button's form to public, they still can alter the price, but they won’t get anything other than redirected to warning page.
Here the overview how the script should works:
Sales page --> Unencrypted Paypal button --> Make payment --> redirect to return link (The Script will WORK HERE) --> matching the details collected from the payment with the information that already stored in my database -->
if (all details collected from payment = = all details stored in database)
proceed to secured download link;
if( price collected from payment != price stored in database)
redirect to link 1;
if( email collected from payment != email stored in database)
redirect to link 2;
if(Product name collected from payment != product name stored in database)
redirect to link 3;
.
.
.
The script:
1. Should in PHP or Perl/CGI Script
2. Should have easy admin panel
3. Should work with unencrypted Paypal button or another payment processing(optional)
4. Plug and play concept
5. Can be use for more than one item.
6. Should have instruction for the installation
*See attachment for further details (Project Program Control Diagram)