Gravity Support Forums Topic: Payment amount spoofed somehow https://legacy.forums.gravityhelp.com/topic/payment-amount-spoofed-somehow Gravity Support Forums Topic: Payment amount spoofed somehow en-US Mon, 20 Apr 2026 16:54:16 +0000 http://bbpress.org/?v=1.0.1 <![CDATA[Search]]> q https://legacy.forums.gravityhelp.com/search.php Carl Hancock on "Payment amount spoofed somehow" https://legacy.forums.gravityhelp.com/topic/payment-amount-spoofed-somehow#post-52970 Tue, 20 Mar 2012 12:22:22 +0000 Carl Hancock 52970@https://legacy.forums.gravityhelp.com/ <p>It is not possible to spoof the prices that appears on the form and have those prices submitted and stored as such.</p> <p>It IS possible to manipulate the javascript that displays the pricing and the Total price on the form itself. HOWEVER, the form processor doesn't rely on this javascript for the pricing and it calculates the total using server side code when the form is submitted.</p> <p>When Gravity Forms processes the PayPal IPN request, it verifies that the PayPal IPN request totals match the totals stored in the form entry data. It will reject the IPN request if they do not match.</p> <p>So yes, there is verification in place to prevent users from manipulating pricing data both on the form, and when checking out via PayPal. </p> James on "Payment amount spoofed somehow" https://legacy.forums.gravityhelp.com/topic/payment-amount-spoofed-somehow#post-52829 Mon, 19 Mar 2012 08:00:51 +0000 James 52829@https://legacy.forums.gravityhelp.com/ <p>Does anyone have an update on this? </p> James on "Payment amount spoofed somehow" https://legacy.forums.gravityhelp.com/topic/payment-amount-spoofed-somehow#post-52654 Fri, 16 Mar 2012 06:32:13 +0000 James 52654@https://legacy.forums.gravityhelp.com/ <p>Hello,</p> <p>Yesterday someone somehow purchased a product off my site that should have cost $3 for $0.01. After doing a bit of research online some people are saying it's possible to spoof posted variables and do this.</p> <p>The bigger problem is that the Gravity forms entry actually shows the wrong amount, but the purchase still completed! As I'm using the user addon as well to work as a digital delivery system this basically means someone got this product for free.</p> <p>Does Gravity forms check that the amount returned from Paypal matches the product value? If it doesn't is there anyway I can implement this?</p> <p>Thanks,<br /> James </p>