I am making a website where you have to pay (through PayPal) before you can access certain secure parts of the site. I have it set up so the “Sign up” button takes you straight to PayPal, then once you’re done paying there you’re led to the signup (root/signup/index.php) page where you input your name, email, password, etc and this information is stored in a database. Once someone’s information is in the database, they can sign in to the secure part of the site.
My problem is that users can bypass paying at PayPal by going to http://www.mysite.com/signup/ and inputting their name/email/pw/etc, which will still be inputted into the database, granting them access to the site without paying.
Is there any way I can make http://www.mysite.com/signup/ a page accessible ONLY from PayPal? I have a PayPal button set up to take users to the signup page after they complete payment, and I want that to be the only way users can access that page.
Well typically when the user is being returned from PayPal, you have them directed to a specific page on your site where you can then evaluate the data that PayPal has posted to you. You could simply verify that the user made a successful purchase and if so, set a session variable and direct the users to your signup page. Only if they have a valid session variable indicating they are a paid customer would you then present them with the signup form.
If the user arrive at your page without the proper validation, you sijmply redirect them somewhere else, or give them some error message.