Jump to content


Photo

PHP POST data?


  • Please log in to reply
9 replies to this topic

#1 vdubdriver

vdubdriver
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 05 June 2006 - 06:15 PM

Hi,
I'm designing a web store and I want to use Paypal, but with my own shopping cart. I want it to be secure as possible so; is there any way to send post data with php and not with html form code?

This is the code that paypal says to use. But someone could save the html and just change what the cost was and then submit the form.
<form action="https://www.paypal.c...cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="you@youremail.com">
<input type="hidden" name="item_name" value="Item Name">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="amount" value="0.00">
<input type="image" src="http://www.paypal.co...lick-but01.gif" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>



#2 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 05 June 2006 - 06:41 PM

put that inside this:

echo "

CODE

";

inside a php file?

#3 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 05 June 2006 - 06:45 PM

that would still echo out the html code. the problem is that paypal is on a different server, so there's no way you can fool proof your code. you have to make your script to keep track of what the cost is, and when you get the money from paypal, check to see if it matches. if not, then you would go from there - like, contacting the customer or paypal - something non-automated, seeing as how they are trying to scam you and all...


Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#4 vdubdriver

vdubdriver
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 05 June 2006 - 07:13 PM

So the answer is there isn't any way too?

#5 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 05 June 2006 - 07:15 PM

Couldn't he take that html code and do some of this? :

<script type="text/javascript">document.write('\u003c\u0066\u006f\u0072\u006d\u0020\u0061\u0063\u0074\u0069\u006f\u006e\u003d\u0022\u0068\u0074\u0074\u0070\u0073\u003a\u002f\u002f\u0077\u0077\u0077\u002e\u0070\u0061\u0079\u0070\u0061\u006c\u002e\u0063\u006f\u006d\u002f\u0063\u0067\u0069\u002d\u0062\u0069\u006e\u002f\u0077\u0065\u0062\u0073\u0063\u0072\u0022\u0020\u006d\u0065\u0074\u0068\u006f\u0064\u003d\u0022\u0070\u006f\u0073\u0074\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0068\u0069\u0064\u0064\u0065\u006e\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0063\u006d\u0064\u0022\u0020\u0076\u0061\u006c\u0075\u0065\u003d\u0022\u005f\u0078\u0063\u006c\u0069\u0063\u006b\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0068\u0069\u0064\u0064\u0065\u006e\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0062\u0075\u0073\u0069\u006e\u0065\u0073\u0073\u0022\u0020\u0076\u0061\u006c\u0075\u0065\u003d\u0022\u0079\u006f\u0075\u0040\u0079\u006f\u0075\u0072\u0065\u006d\u0061\u0069\u006c\u002e\u0063\u006f\u006d\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0068\u0069\u0064\u0064\u0065\u006e\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0069\u0074\u0065\u006d\u005f\u006e\u0061\u006d\u0065\u0022\u0020\u0076\u0061\u006c\u0075\u0065\u003d\u0022\u0049\u0074\u0065\u006d\u0020\u004e\u0061\u006d\u0065\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0068\u0069\u0064\u0064\u0065\u006e\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0063\u0075\u0072\u0072\u0065\u006e\u0063\u0079\u005f\u0063\u006f\u0064\u0065\u0022\u0020\u0076\u0061\u006c\u0075\u0065\u003d\u0022\u0055\u0053\u0044\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0068\u0069\u0064\u0064\u0065\u006e\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0061\u006d\u006f\u0075\u006e\u0074\u0022\u0020\u0076\u0061\u006c\u0075\u0065\u003d\u0022\u0030\u002e\u0030\u0030\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0069\u006d\u0061\u0067\u0065\u0022\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0077\u0077\u0077\u002e\u0070\u0061\u0079\u0070\u0061\u006c\u002e\u0063\u006f\u006d\u002f\u0065\u006e\u005f\u0055\u0053\u002f\u0069\u002f\u0062\u0074\u006e\u002f\u0078\u002d\u0063\u006c\u0069\u0063\u006b\u002d\u0062\u0075\u0074\u0030\u0031\u002e\u0067\u0069\u0066\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0073\u0075\u0062\u006d\u0069\u0074\u0022\u0020\u0061\u006c\u0074\u003d\u0022\u004d\u0061\u006b\u0065\u0020\u0070\u0061\u0079\u006d\u0065\u006e\u0074\u0073\u0020\u0077\u0069\u0074\u0068\u0020\u0050\u0061\u0079\u0050\u0061\u006c\u0020\u002d\u0020\u0069\u0074\u0027\u0073\u0020\u0066\u0061\u0073\u0074\u002c\u0020\u0066\u0072\u0065\u0065\u0020\u0061\u006e\u0064\u0020\u0073\u0065\u0063\u0075\u0072\u0065\u0021\u0022\u003e\u000a\u003c\u002f\u0066\u006f\u0072\u006d\u003e\u000a')</script>
does the same exact thing....
[a href=\"http://www.codehouse.com/webmaster_tools/html_encoder/\" target=\"_blank\"]http://www.codehouse.com/webmaster_tools/html_encoder/[/a]

#6 vdubdriver

vdubdriver
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 05 June 2006 - 07:21 PM

hahha DUDE that is sick

#7 Buyocat

Buyocat
  • Members
  • PipPipPip
  • Advanced Member
  • 267 posts

Posted 05 June 2006 - 07:33 PM

Are you really bent on using those hidden fields? It seems like it would be more secure to not have those; maybe try serializing an object/array somewhere (like a cookie/session) and unserializing it upon form submition?
Looking for some easy-to-use tools?  Try these, https://sourceforge....jects/utils-php -- I made them myself.  They're distinct tools which are easy to understand and use.  See some examples uses at http://www.anotherearlymorning.com

#8 vdubdriver

vdubdriver
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 05 June 2006 - 08:07 PM

[!--quoteo(post=380336:date=Jun 5 2006, 03:33 PM:name=Buyocat)--][div class=\'quotetop\']QUOTE(Buyocat @ Jun 5 2006, 03:33 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Are you really bent on using those hidden fields? It seems like it would be more secure to not have those; maybe try serializing an object/array somewhere (like a cookie/session) and unserializing it upon form submition?
[/quote]

Yea that's what I was wondeirng like, is there a way to submit variables to a page with PHP instead of html (the hidden fields).

#9 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 05 June 2006 - 08:13 PM

yeah localhost.. that's a great solution.. until the user disables javascript. and oh yeah, you can easily decode that.
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#10 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 06 June 2006 - 12:41 AM

[!--quoteo(post=380356:date=Jun 5 2006, 08:13 PM:name=Crayon Violent)--][div class=\'quotetop\']QUOTE(Crayon Violent @ Jun 5 2006, 08:13 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
yeah localhost.. that's a great solution.. until the user disables javascript. and oh yeah, you can easily decode that.
[/quote]

The best way is to charge the user to use your website then let them login and take all possable datails ok.


If you also used paypal ipn program and update the current users table as paid and time and date you can match aginst paypal ipn information.

As long as you got the time date and user info and match it to that user any other transactions will be free money.

Goto the paypal forum and read ok.
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users