Currently, I have some custom capabilities that can be purchased with a PayPal button. The button works fine, and when paying through PayPal, the user is returned to the site and has the custom capabilities associated with their WordPress account.
However, I’ve noticed that I can inspect the button element in my browser, and change the HTML input element containing the price to anything I want. I can set it to $0.00, and still pay through PayPal and receive access.
Is there any way to prevent this from happening? I’m trying to possibly save something to the database associated with the user account, i.e. “total_amount_paid”, and then if that value differs from the total cost of everything they’ve bought, disallow access to the paid content.
Any ideas? Thank you in advance.
EDIT: I resolved this issue by using do_shortcode() within the checkout template, and embedding the various different prices within the s2member shortcode. s2member will generate an encrypted string preventing any changes to the price.