Validation and redirection

[sacerok]

GREETINGS PEOPLE

Sorry if this thread is in wrong section.

I'm planing to create one site where people will be able to buy some products,
and to pay with e-gold as option.

Now i know that after completed payment on e-gold site the buyer is redirected back to my site ( let we say order page from where he went to egold to make payment ) , but what i want is:

how to track that somebody came from e-gold site after compleated payment
because after payment i wish to provide link to download page for that product.

I don't wish that everybody can access my download page without prior payment.

So we talk about verification of user and from where he/she came from.

Is there some script or code for this or some other method of checking the visitor of my page and how to implement that code into my page.

Any help would be nice.

Thank's

 

[cef]

You can't really trust the referrer/IP since these can be spoofed.

Rather, you should rely on specific information (like the batch number) related to the egold transaction, as returned to you by the egold payment system.

The e-gold SCI (shopping cart interface) docs are here, and cover the process very well: http://www.e-gold.com/docs/e-gold_sci.html#_Toc29983880

The documentation states, in relation to your question:

Please note that only when payment succeeds does the e-gold® server submit a form directly to the merchant’s web server to indicate payment has been made. This form carries payment transaction status from the e-gold® system back to the merchant system in hidden text fields.

This form may seem superfluous until you consider that relying on the buyer’s browser to relay payment transaction data back to the merchant’s server is unreliable and unwise.

Basically, they're saying two things: (1) what I said: you can't trust information from the client; and (2) you'll get a form submitted to you from egold when the transaction succeeds (or fails, but we'll only cover success here). Your form processor should store the transaction details in a database. The page you show to the user could include a field to enter the batch number/user ID/transaction ID/whatever. The user will enter the information, and then your form could look it up in your database to confirm that it's valid. If valid, allow the dowload/access/whatever to the user.

I'm not sure if egold ensures that you, as a merchant, get the confirmation form submission BEFORE the user is redirected to your download page, meaning that the user might get to the download page before you've entered the transaction details in your database, but this is easily remedied by putting a notice on the page you show the user that if they enter information and the lookup fails, they should keep trying every few seconds until it succeeds. But as I say, I haven't read the docs carefully enough to see the exact order in which confirmations/redirects/etc. are executed.

The form submitted to you by egold contains a good deal of information (including some you can set yourself on the purchase page shown to the user, which gets propatagated to you, e.g. if you'd like to also generate your OWN unique transaction ID), and it comes with an MD5 hash as well so you can make sure the data is all valid.

Hope that helps. Basically, take a couple of hours and read the docs at the link posted above. It's tedious, but clear. They also have a fair amount of sample code available. Probably a sandbox as well, where you can test things out, but I didn't really go looking for it so I'm not certain.