I'm building a paypal module for a shopping cart in a shared hosting account.
Here's the scenario:
A Customer adds a $100.00 item into the cart, before hitting the checkout button he goes into the browser's inspector and changes the price of that item to $1.00, hits the checkout button (uploads the cart to paypal) and now paypal shows a $1.00 order in their checkout screen, then the customer pays us $1.00 for that item.
When this happens my script saves the order with a status of "Pending" and an email is sent to the site's admin notifying him that a payment was received for an order with a mismatching price. The admin logs into paypal to confirm, once he sees the price is not the same as the price we charge for that product, he cancels the paypal payment and voids the order in the backend.
My Question:
Is this the right way to handle tampered orders or is there a way i can notify PayPal as soon as i get the IPN with the invalid information so PayPal doesn't even take that payment?
Again because this is a shared hosting account I can't use the cart encryption that paypal suggests (because i can't use openssl on the shared hosting).
Thanks.
I handle payments exactly the same way, there is no better way to do that as paypal will always use the value defined on your website - which can easily be changed with TamperData or even with Inspect Element.