Hello, I am currently integrating a custom payment module and have been stuck on the final issue for a while so was wondering it anyone could advise me please.

When a customer pays for an order they are returned to our site to a script that stands alone from Zen Cart, but on the same domain so should have the same PHP session ID, (it seemed the best way at the time) where we verify the payment status, if it was unsuccessful they will be presented with an error and taken back to the payment handler to try again, similarly if they try and spoof a paid status they will be presented with a different error and if payment was successful they will be redirected by a header() call to the correct page within Zen Cart.

My questions are;

1) What is the URL we should forward them to for the order to be processed and inserted in to the database.
2) How do I mark the order as paid, is there a session variable that stores this?

I am fairly new to working with Zen Cart but know we have a pretty heavily modified version and so I am unsure whether it is normal practice to only insert the order in to the database after the order has been paid for. If this is the case I assume there is a way I can mark the order as paid so that it can be inserted to the database properly.

Apologies if this is really simple and I have missed something obvious.