[Zope] Newbie: PayPal and Zope

Anthony Monta amonta@regents.state.la.us
Fri, 15 Jun 2001 16:18:14 -0500


Hi. I'm trying to set up a website that registers people for a conference. 
I'd like to restrict access to the conference registry form to people who 
have already paid to a PayPal account (i.e., registered). What's the most 
effective way to do this?

The solution I've come up with so far (I'm not a programmer by profession) 
is to have PayPal send customers who have paid to a dtml script that sets a 
cookie value and then redirects the customer to a form viewable only if the 
cookie has the correct value. But this model is insecure because there's 
nothing to prevent someone who *hasn't* paid to PayPal from running the 
script if they know what its URL is; and if I set some security block on it 
in Zope, then it wouldn't run when people who *have* paid were directed 
there. Obviously I'm missing something or just not looking in the right 
place. Maybe PayPal's confirmation email could be used in some way?

Any pointers/help would be greatly appreciated.

Cheers,
Anthony