I am working on a site where people can accumulate a balance in their account and then pay it all of at once using paypal. When the payment is complete, PayPal notifies a PHP script via IPN and it subtracts their payment from their balance (usually zeros it, but helps to prevent false zeros). Right now, I am passing the URL of the IPN script along with the users username and a unique ID string to PayPal through the form (these are generated with PHP and echoed out), but I do not want people to be able to get my IPN scripts location and the unique id because then they can simply write a php script to POST these values to my IPN script and clear their balance without paying for anything.

So, what I would like to do is have the user click a link to my PHP script that will then take all of the variables needed, POST them to PayPal like a normal form, without ever showing them to the user by printing them to the screen. I can do this with cURL or fopen, but they do not act like a normal HTML form, they do not send the user to the new page along with the posted data.

Is there a way for me to do this with PHP? Thanks in advance.

Is this even possible?
:confused:

what you SHOULD do...is see if you can write a script using paypal API to INVOICE the users for their accumulated balances...then pass them on to paypal and ask them to pay...once they pay, pay pal will pass them back to your site.

when you invoice them...you're invoicing paypal invoicing system...so the users wont be able to mess with the amounts...

EDIT: never done it...don't know if this works...in theory, it should.

Thanks for your reply, but I don't quite understand what you are talking about... Do you mean write a script that tells PayPal to send an invoice to the user (through an email?) and then the user uses that invoice to pay their balance?

Also, do you know where I could go to learn the paypal api, and where I could get some sample scripts?

thanks

https://www.paypal.com/IntegrationCenter/ic_pdnHome.html

Why can't you use cURL ? and parse the result?

I don't have an ssl certificate, I can't process their payments without sending them to the paypal site. cURL won't pass the user along with the POST data (you can display the page, but the page retains your url and things work poorly)