Hack 72 Deliver Digital Goods with a Return Page

figs/moderate.gif figs/hack72.gif

Instead of forcing customers to wait for an email, present an instant download link to customers as soon as they complete the checkout process.

Although you can deliver digital goods with IPN [Hack #71], there might be times you want to allow customers instant access to their purchases with a return page (via PDT). Email messages can be lost, might bounce, or might not be desired at the same address used in the buyer's PayPal account. PayPal provides a way to redirect your customers back to your web page after they have completed a purchase with PayPal. This return page can be used as another means to provide a data file to your customers and can be quicker than waiting for the email to arrive.

However, if you simply have the digital goods waiting for the customers once they reach the return page, they could avoid the payment step altogether. For example, a quick inspection of the Buy Now button code shows exactly where the return URL is. Someone who wants the product but doesn't want to pay for it could just type that URL into a browser.

You can prevent this by recording verified transactions with IPN, then checking against the list with a dynamic return page. To implement this hack, add form variables to your purchase buttons, create a database table, add a database update to the IPN page, and create a return page that checks the database for an appropriate transaction status before providing the file for download.

7.12.1 Augmenting the PayPal Button Code

You need to add two new variables, return and rm, to your button code. The first variable, return, defines the page to which your customers should be returned when they click Continue after making a payment. The second variable, rm, tells the PayPal system to send transaction data to that page using the POST method. Your return page uses that information to consult your database and determine whether to make the download available.

Add the return and rm variables between the button's opening and closing <form> tags. The new button should look like this:

<form target="paypal" action=

                "https://www.paypal.com/cgi-bin/webscr" method="post">

<input type="hidden" name="business" value="youremail@yourisp.com">

<input type="hidden" name="item_name" value="Widget">

<input type="hidden" name="item_number" value="Wid-001">

<input type="hidden" name="amount" value="1.00">

<input type="hidden" name="no_note" value="1">

<input type="hidden" name="currency_code" value="USD">

<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but22.gif" 

                border="0" name="submit">

<input type="hidden" name="add" value="1">

<input type="hidden" name="return" value="http://yoursite.com/return.asp">

<input type="hidden" name="rm" value ="2">


PayPal prompts the customer to return to your return.asp page after making the payment.

7.12.2 Creating an IPN Page

Use the IPN page created in [Hack #71], which introduced the concept of selling digital goods and delivering the file via email. Modify it to insert information about the purchase into the database when a purchase transaction has been completed. Insert the new code just below the code that sends the email to the customer.

We first need a way to uniquely identify the order. PayPal gives us a unique transaction ID with each order.

The merchant and customer each get a different unique transaction ID. Neither party can see the other's transaction ID. See [Hack #52] for details.

In this simple system, the transaction ID is the only identifying piece of information that is required. A simple SQL call to the database stores the transaction ID in a list of completed orders. Create a new variable and populate it with this value:

'Create and populate transaction id variable

Dim txn_id

txn_id = Request.Form("txn_id")

Insert the transaction ID into the database with a SQL statement, like this:

INSERT INTO tblOrders (txn_id) VALUES ('" & txn_id &'")

Finally, create a table in your database called tblOrders with just one field, txn_id, of a text type.

7.12.3 Building the Return Page

The final component in this system is the return page, the page the customers will see after they finish making payment and click Continue. Because the rm variable in the Buy Now button is set to 2, this page will receive a POST from PayPal that contains all of the transaction details. The return page looks up the transaction ID (txn_id) received in the tblOrders table of the database. If the transaction is there, you know the customer has paid and you can give access to the data file.

The IPN script is called when the buyer clicks the Pay button at PayPal, so a matching transaction ID should be present in the system by this time. However, the transaction ID might not be in your system yet, because the IPN script might not have finished processing the order. If you don't have the transaction ID yet, the return page displays a message that lets the buyer know he will get the file via email.

Some customers will not click on the Continue link that returns them to your page, but will instead either close their browser or remain on the PayPal web site. In such a case, the return system will not be activated and we must rely on the file delivery via email.

Here's the code for the return page:



'Process information

'Create and populate transaction id variable

Dim txn_id

txn_id = Request.Form("txn_id")

'Query the database for the txn_id

'Connect to database and create recordset

connStore = "DRIVER={Microsoft Access Driver (*.mdb)};


set rsOrderCheck = Server.CreateObject("ADODB.Recordset")

rsOrderCheck.ActiveConnection = connStore

rsOrderCheck.Source = "SELECT txn_id FROM tblOrders WHERE 

                txn_id = '" & txn_id & "'"

rsOrderCheck.Open( )





If Not rsOrderCheck.EOF Or Not rsOrderCheck.BOF Then

'Order is valid, display download link


<a href="/filestore/file.zip">Click here to downlaod your file</a>



'Order is invalid or not yet complete; display message


Your order is being processed. Please check your email for the 

                file delivery.


End If




See the "Database Coding and Platform Choices" section of the Preface for the additional information needed to put this SQL statement to work with this and the other hacks in this book.

When this page is loaded after payment is made, it will provide the download for the customer. It will also guard against people who might fraudulently try to get a free download by going directly to your return page without paying.

Providing a direct link to the file can be dangerous because the customer can copy the link loca tion (/filestore/file.zip in this example) and pass it along to others.