Search code examples
phpgoogle-checkoutweb-applications

How to detect if something has been bought from Google Checkout from PHP?

I am making a Web app that will be available in free and paid forms. I want to make it detect whether the user has paid for paid version using Google Checkout, and enable paid features if they have.

How would I do this in PHP?

Update I already have a user table in my database, and the user is required to log in to use the app. I will also create a table called purchases which will have the following:

  • userid An internally used account id
  • chitchat (the name of the app) NULL or a Google order id

Then when I need to detect if the user has bought it I would use

$userid=esc($_SESSION["id"]); // esc is a function that returns the SQL escaped string
if($query=mysqli_query($link,"SELECT * FROM purchases WHERE userid='$userid'")&&mysqli_num_rows($query)>0){
    // The user has bought the paid version
}

But then, in case my server is hacked, how would I confirm the order id with Google?

Solution

  • Given the fact that you've shared very little information about your web app, it's difficult to answer with a precise answer but here are some pointers:

    1. Create a database of users and require that people sign up.
    2. When someone makes a purchase, note that in the database. During the Google checkout process, Google will let you know that a transaction was successful.
    3. When a user signs in, check whether or not they've made a purchase and grant them permission to "paid-only" areas.