Make a Donation

[thyon]

I've always had problems accepting payments (Paypal Restrictions for South Africa), so if someone wants help me test my paypal button (you can enter your own amount), that would be awesome.

http://www.thyon.com/donations.html

This will be the first time PayPal button-type integration, so someone please help me test this (as I can't test it myself). I'll post when it works, so you don't all have to try for this ;-)

[Medianomaly]

Merry Christmas, Thyon (if it works).

I did get an "empty referrer address" error -- that appeared to be Contao-generated -- upon clicking the button to return to your site (http://www.thyon.com/donations-thanks.html).

[ramjet]

Same Thyon,

"Return to Thyon design" results in

Empty referer address!
The current host address (www.thyon.com) does not match the current referer host address ().

This error occurres if your browser does not send the referer host address. Many anonymizer tools, security suites or browser tools (e.g. Google toolbar) provide an option to hide the referer address to prevent user tracking. Try to find the culprit on your local computer and disable the feature.

For more information, visit the Contao FAQ page or search the Contao forum.

IE7 ... No anonymiser tools, google toolbar etc.
I'll try in Firefox 3 and post again soon.

[freeyland]

Same for me:

Empty referer address!

The current host address (www.thyon.com) does not match the current referer host address ().

This error occurres if your browser does not send the referer host address. Many anonymizer tools, security suites or browser tools (e.g. Google toolbar) provide an option to hide the referer address to prevent user tracking. Try to find the culprit on your local computer and disable the feature.

For more information, visit the Contao FAQ page or search the Contao forum.

[Doublespark]

I also get "Empty referer address!"

That's with a standard installation of Chrome!

Anyway, have a Christmas beer on me, happy to test again next year :lol:

[ramjet]

Same result.
On your page donations.html firefox console shows one mootools-more js error (this.element is null) on line 149

Code:

this.parent(a);var d=this.cancel.bind(this,false);if($type(this.element)!="element"){this.element=document.id(this.element.getDocument().body);}var c=this.element;

and also one "message"

www.paypal.com : server does not support RFC 5746, see CVE-2009-3555

Once I'd been through the payment process there were a lot more of these messages accumulated, all from various paypal urls, all referring to RFC 5746, see CVE-2009-3555.

https://wiki.mozilla.org/Security:Renegotiation

This may shed more light?

[ramjet]

Thyon, its been a while since I did it, but I've incorporated a paypal system into a site I made, but I've used "_xclick"

Code:

<input type=\"hidden\" name=\"cmd\" value=\"_xclick\">

whereas yours uses "_s-xclick"

Code:

<input type="hidden" name="cmd" value="_s-xclick">

I'm not sure of the difference.

However in mine I also pass two extra parameters, which I think you may also need.

Code:

<input type=\"hidden\" name=\"return\" value=\"" . $websitebase . $ppreturn . "\">
<input type=\"hidden\" name=\"cancel_return\" value=\"" . $websitebase . $ppabort . "\">

One is the absolute url of the return page (visible on paypal after successful completion), the other is the url of a cancel return page (visible on paypal before successful completion).

Try adding

<input type="hidden" name="return" value="http://www.thyon.com/donations-thanks.html">
<input type="hidden" name="cancel_return" value="http://www.thyon.com/was-there-a-problem.html">

and this may solve the referer.
You may also need

<input type="hidden" name="rm" value="1">

before the above, I can't remember what this was, but maybe it turns on "return method" or somesuch.

My whole code is below, but its dynamic so the value won't apply, but it shows what I pass to paypal

Code:

//PAYPAL MISCELLANEOUS PAYMENT BUTTON TO ALLOW PAYER INPUT (amount/name is omitted)
$paypalmiscbutton = "
	<div id=\"paypalbutton\" class=\"paypalbutton\">
	<form action=\"https://www.paypal.com/cgi-bin/webscr\" method=\"post\">
		<input type=\"hidden\" name=\"cmd\" value=\"_xclick\">
		<input type=\"hidden\" name=\"business\" value=\"".$ppaccountemail."\">
		<input type=\"hidden\" name=\"button_subtype\" value=\"services\">		
		<input type=\"hidden\" name=\"lc\" value=\"NZ\">
		<input type=\"hidden\" name=\"currency_code\" value=\"".$ppcurrency."\">
		<input type=\"hidden\" name=\"charset\" value=\"utf-8\">		
		<input type=\"hidden\" name=\"rm\" value=\"1\">
		<input type=\"hidden\" name=\"return\" value=\"" . $websitebase . $ppreturn . "\">
		<input type=\"hidden\" name=\"cancel_return\" value=\"" . $websitebase . $ppabort . "\">
		<input type=\"hidden\" name=\"custom\"  value=\"" . $NZQAnumberstring . $JAnumberstring . "\">
		<input type=\"hidden\" name=\"item_number\"  value=\"NZQAID-" . $roundednzqaid . "-MISC\">
		<input type=\"hidden\" name=\"item_name\"  value=\"".$paypalmiscbuttonitemname."\">		
		<input type=\"hidden\" name=\"tax_rate\" value=\"".$paypalmiscbuttontaxrate."\">
		<input type=\"hidden\" name=\"bn\" value=\"PP-BuyNowBF:btn_paynowCC_LG.gif:NonHostedGuest\">
		<input type=\"image\" name=\"submit\" border=\"0\" src=\"https://www.paypal.com/en_US/i/btn/btn_paynowCC_LG.gif\" alt=\"PayPal - The safer, easier way to pay online\"> <img alt=\"\" border=\"0\" width=\"1\" height=\"1\" src=\"https://www.paypal.com/en_US/i/scr/pixel.gif\" >		
	</form>
	</div>
</div>
";

I think the whole https://wiki.mozilla.org/Security:Renegotiation thing is not associated with your referer thing, but it does imply paypal haven't got their shit together and upgraded their servers to circumvent a potential Man-in-the-middle attack.

A very lucrative testing method you've invented :D

[thyon]

LOL. Yep it was... Thanks for the donations though.... It's all pretty new to me, I just became a biz account user and then pasted their button text, with return and cancel urls's to boot... I'll see if there is a way I can test it with some type of sandbox as well...

PS. I fixed the mootools error. The page inherited an animation layout, so I reset it to the default non-animated layout (sliders, etc).

[Rob65]

The sandbox in the playground is off-limits to me (people might think I'm one of these dirty guys ...)

Therefor I love PayPal's sandbox - and I played around in it a few days this week - made me a happy kid :mrgreen:
But if someone feels like paying me for this I could always post a link to my site :lol:

No, serious. Paypal's sandbox is a very good thing.
I've been testing the Isotope eCommerce system's payment module for paypal and had some interesting results.
At least now I know I have to be careful when handling orders that are marked as being payed ...

Regards,
Rob

[thyon]

HA HA Rob.. I did post the link because I know some people wanted to make donations for the work I've done, but were just unable to do it. At least now it works and it's much easier to accept some payments.