On 15 Jun 2001 16:18:14 -0500, Anthony Monta wrote:
Hi. I'm trying to set up a website that registers people for a conference. I'd like to restrict access to the conference registry form to people who have already paid to a PayPal account (i.e., registered). What's the most effective way to do this?
The solution I've come up with so far (I'm not a programmer by profession) is to have PayPal send customers who have paid to a dtml script that sets a cookie value and then redirects the customer to a form viewable only if the cookie has the correct value. But this model is insecure because there's nothing to prevent someone who *hasn't* paid to PayPal from running the script if they know what its URL is; and if I set some security block on it in Zope, then it wouldn't run when people who *have* paid were directed there. Obviously I'm missing something or just not looking in the right place. Maybe PayPal's confirmation email could be used in some way?
Ask paypal, they have a method for payment confirmation. it isn't pretty, and I haven't done it in zope/python yet.