[Zope] Newbie: PayPal and Zope
Anthony Monta
amonta@regents.state.la.us
Fri, 15 Jun 2001 16:18:14 -0500
Hi. I'm trying to set up a website that registers people for a conference.
I'd like to restrict access to the conference registry form to people who
have already paid to a PayPal account (i.e., registered). What's the most
effective way to do this?
The solution I've come up with so far (I'm not a programmer by profession)
is to have PayPal send customers who have paid to a dtml script that sets a
cookie value and then redirects the customer to a form viewable only if the
cookie has the correct value. But this model is insecure because there's
nothing to prevent someone who *hasn't* paid to PayPal from running the
script if they know what its URL is; and if I set some security block on it
in Zope, then it wouldn't run when people who *have* paid were directed
there. Obviously I'm missing something or just not looking in the right
place. Maybe PayPal's confirmation email could be used in some way?
Any pointers/help would be greatly appreciated.
Cheers,
Anthony