I have a website where I want the form data to be submitted only if I know the customer has paid via the PayPal button. Right now I have it at the point where they can pay and I verify it (via IPN) and that's about it.
I'm looking for some ideas on the best way to approach this? I was thinking that when the IPN verifies I can insert a column into the DB saying "paid" and store some information in the session. You can then only access the form if that data is in the session. Once the form has been completed I can update the status from "paid" to "completed" and remove the session data. I would remove the session data because a customer can pay as many times as they like with different form data each time.
Any other ideas? Also, this isn't a site where you would log in.
To sum it up, I want the customer to pay first (and I know they paid) then fill out a form.
If you don't have any login mechanism, I would request an email aswell when paying, Store the email + paymentID (unique PK) in the DB, when payment comes back through IPN, email the customer with a secret passkey, you can only move forward with that passkey.
In my opinion sessions are a problem to use for paying user. what happens if that user's computer crashs right after he paid. He has no way to access his product. An email + secret passkey would enable him to