Block Customers' Paypal Email Address or PAYERID?

[Opal]

Thank you so much once again!

[Opal]

Dr. Byte, I was just wondering, I have updated my zen store to version 1.3.9h and I noticed that the line I had to edit for this in the paypalwpp.php has now changed to around line 1638. It also has additional text added to it: $this->notify('NOTIFY_PAYPAL_EXPRESS_CHECKOUT_PAYERID_DETERMINED', $response['PAYERID']);

Where would I now put the block code for the new updated paypalwpp.php file?

Do I replace it with:

$_SESSION['paypal_ec_payer_id'] = $response['PAYERID'];
if ($response['PAYERID'] == 'PUT_PAYER_ID_HERE') {
$this->terminateEC('Sorry, your transaction cannot be completed at this time.', true, FILENAME_CHECKOUT_SHIPPING);
}
$gender = '';

or do I add after?

Thank you.

[DrByte]

There's an even better way, which now means you won't have to edit the PayPal PHP file anymore!

That line that's replaced the part you were inserting before now allows the logic for your custom change to be handled by another file altogether. And that means it's easier for you to maintain the list without having to hunt through a huge long file to re-make the changes whenever an upgrade happens, or when you want to add another ID to the list.

Create two new files on your server, as follows:

1. /includes/auto_loaders/config.paypal_restricted_buyers.php

Code:

<?php
/**
 * Autoloader to instantiate observer class
 */
$autoLoadConfig[200][] = array('autoType'=>'class',
                              'loadFile'=>'observers/class.paypal_restricted_buyers.php');
$autoLoadConfig[200][] = array('autoType'=>'classInstantiate',
                              'className'=>'paypal_restricted_buyers',
                              'objectName'=>'paypal_restricted_buyers');

2. /includes/classes/observers/class.paypal_restricted_buyers.php

Code:

<?php
/**
 * Deny certain PayPal buyers (intended only to be used when certain buyers are chronic refunders or fraudulent but PayPal isn't shutting them down)
 *
 * @package observers
 * @copyright Copyright 2003-2011 Zen Cart Development Team
 * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
 * @version $Id: class.paypal_restricted_buyers.php 18039 2011-03-08 20:53:35Z drbyte $
 */

class paypal_restricted_buyers extends base {
 /**  constructor method !
   *
   * Attach observer class to the global $zco_notifier and watch for a single notifier event.
   */
  //function paypal_restricted_buyers() {  //use this line if using old version of PHP (4 or lower), instead of the next line
  function __construct() {
    $this->attach($this, array('NOTIFY_PAYPAL_EXPRESS_CHECKOUT_PAYERID_DETERMINED'));
  }
 /**   Actual Method that does the desired activity
   *
   * Called by observed class when any of the notifiable events occur
   *
   * @param object $class
   * @param string $eventID
   */
  function update(&$class, $eventID, $paramsArray = array()) {
    $denied = array();


    // Set list of denied PayPal PAYERIDs here:
    $denied[] = 'PUT_PAYER_ID_HERE';
    $denied[] = 'PUT_PAYER_ID_HERE';
    $denied[] = 'PUT_PAYER_ID_HERE';
    $denied[] = 'PUT_PAYER_ID_HERE';
    $denied[] = 'PUT_PAYER_ID_HERE';
    $denied[] = 'PUT_PAYER_ID_HERE';
    $denied[] = 'PUT_PAYER_ID_HERE';
    $denied[] = 'PUT_PAYER_ID_HERE';

    //repeat additional lines ABOVE as needed, following the same pattern

    //---------------------------------------------------
    // Do not touch below:
    foreach($denied as $key=>$val) {
      if ($val != '' && $val != 'PUT'. '_PAYER_ID_' . 'HERE') {
        if ($paramsArray == $val) {
          $class->terminateEC('Sorry, your transaction cannot be completed at this time.', true, FILENAME_CHECKOUT_SHIPPING);
        }
      }
    }
  }
}

The part in red is the only thing you'll edit. Everything else should work exactly as-is.

I recommend testing with your own ID for verification.

[Opal]

Thank you so very much Dr.Byte! It's very much appreciated!

[advplans]

Dr. Byte,

does this new method in 1.3.9h still work only with paypal express checkout, or can it be made to work with PayPal Website Payments Standard?

I gotta couple of problem buyers with the same problem as the original poster.

[DrByte]

Due to PayPal's architecture of Website Payments Standard, this method cannot be used with that module.
It can be easily used with Express Checkout though, as described above.

[Dreamer40]

After yet another raid on my site yesterday by someone who buys my digital downloads and puts them on auction sites I did a quick hack on my site. I am still using PayPal Website Payments Standard and am more of a DBA than a programmer so put my DBA hat on and created a trigger on the paypal table. It checks the Paypal payer_id of any new entries against a lookup table of banned id's and, if it finds a match, changes the order to Pending so that they don't get a download button. I can then cancel the order and refund the payment at my leisure.

I am sure it won't stop them if they are determined but it made me feel better

[ifss]

Hi all,
Resurrecting an old thread, but this interests me greatly.

We have a repeat offender (digital downloads) and we've blocked him via both our .htaccess file and through our Gateway.
We use Paymate, and the slippery little sucker got through both of our restrictions, I am now looking at a full country ban.

Can the above be adapted to use for Country ID/Code/Name as Paymate do not accept the country at all.

I like the solution in #23 by Dr. Byte as it is elegant, and can be run independantly, which means it's safer in some respects to alter. Having it adapted for more than 1 gateway, would be fab.
http://www.zen-cart.com/showthread.p...00#post1004800

Great work.

[DrByte]

Yes it can. You just have to edit your paymate payment module code and find where it processes responses from the gateway, and then inspect the transaction details for whatever criteria you're able to use to identify bad buyers. Your best bet for help with that is to talk to the Paymate folks, since they're the experts on what you can use to determine bad buyers.