Hi,

I am a little rusty with PHP, but that is why I am asking this question.
Say a person buys software from my website with Paypal, then upon succesful completion of the transaction, they are redirected to another page which generates a serial key using PHP code. If I do this, will the serial generating code within the PHP file be vulnerable? And is there a way to prevent that page from loading when it's accessed from some place other than the succesful transaction?

There are a number of systems which can handle distribution and licensing and there are other systems which can encode your source code to protect any licensing system you add in. This is discussed quite often here so have a search to see what other topics come up. http://www.webhostingtalk.com/showthread.php?t=482999 is the latest one I've been participating in.

You'll want to use PayPal IPN to verify that the purchase actually happened.

You'll want to look at the Paypal IPN documentation at http://developer.paypal.com. It'll explain how to validate an IPN post and check it was actually sent by Paypal. Once you've implemented IPN post validation, you can use that to prevent people simply accessing the file to get a license key.