In the paypal intergration instructions, what does this code do?

<script id="pap_x2s6df8d" src="http://www.mindreadingexposed.com/affiliate/scripts/sale.js" type="text/javascript"></script>
<script type="text/javascript"><!--
paypalSale();
--></script>

Does is NEED to be inside the button for whatever it does to work?

Can I just put it elsewhere on the page, or in any case, outside of an encrypted button.

Good point Mike,

But even when that is not necessary to integrate in the button, you still have this line that needs to be called:

<input type="hidden" name="notify_url" value="http://MYSITE.com/scripts/paypal.php">
<input type="hidden" name="custom" value="" id="pap_dx8vc2s5">

I’ve tested it with a encrypted button, by copying the whole line into the button that PAP had generated. But that didn’t work. Till now I still have only the solution in the other treat (http://forum.qualityunit.com/viewtopic.php?t=1471), but if others already found out how to do it, please let us know!

Thnx,

Patrick

If you want to use PayPal buttons, they can't be encrypted.

I realise that I can't use regular encrypted buttons, becuase PAP needs to pass custom fields within the button.

There is a solution to this problem, whereby you can encrypt custom fields into the button. To do this you need to obtain your own encryption/decryption keys and the encrypt the information into your own custom button. The problem is that when the button is encrypted, if is in the form of "name=value,name=value..."

There is no room for the "ID" element.

I made a post about this here:
http://www.pdncommunity.com/pdn/board/message?board.id=ewp&message.id=315

Today I also found a site that helps with the creation of custom encrypted buttons. I've not tested it, but it might be useful to some people:
http://encryptedpaypalbuttons.com/

So, I still need to know about this code:

<script id="pap_x2s6df8d" src="http://www.mindreadingexposed.com/affiliate/scripts/sale.js" type="text/javascript"></script>
<script type="text/javascript"><!--
paypalSale();
--></script>

Please take a look to this thread:
http://forum.qualityunit.com/viewtopic.php?t=1471&highlight=encryption

Thanks for the reply.

I'm afraid that thread doesn't really help me, I'm sure it will allow for secure sales in 99% of cases when selling to a non-tech minded crowd but it's not a secure way of dealing with a secure sale. I don't want people to get my product for free/cheap by allowing them to change the contents of the paypal button.

I'm looking for a solution that:

- Uses the paypal IPN to record sales.
- Doesn't let people jump straight to my thank-you page by viewing the source.
- Doesn't allow people to change the values in the button, for example making a copy of the page with the price set to $0.01.

The only way I can see to do this is to have an encrypted button, or to integrate an additional shopping cart style script, which I would hope is not necessary for the purposes of selling a single product. As I say, I've got no problem in encrypting my own buttons WITH custom fields, but that line I mentioned in my first post does not fit the standard ""name=value,name=value..."" as used in the encryption process.

The method described elsewhere for protecting your button source by 'escaping' the characters isn't secure. e.g.:
http://scriptasylum.com/tutorials/encdec/encode-decode.html

Anyone familiar with the concept of 'escaped characters' will recognize the encryption immediately.

I'm really sorry if I'm missing something here. If there's an easier SECURE way to to do this then I'd love to do it.

It's disappointing that the script doesn't work with a paypal buy it now button out of the box.

Maybe in the future we will have an integration for encrypted button, but not now. For this time you must use decrypted buttons only and don't worry about security. Paypal is secure with or without encryption.

But I do worry about security! And so will my affiliates.

How can a site be secure if anyone can 'view source' and see the return url and jump straight to the thank-you page and download the product for free.

How can a site be secure if anyone can recreate the forum offline, change the price to $0.01 and get the product for a penny.

Is there a method that I'm missing that prevents this?