anevins Posted March 26, 2011 Share Posted March 26, 2011 Hello, I'm trying to use a rest-based card clearence service, but I don't know how to pass the information through the URL without using the form action attribute. I need to have a URL looking like this: index.php?p=checkout?service=cardAuth&msg_id=3864&num_md5=e2740266aab85558996a9a87fc561c0e&amount=24.99¤cy=GBP&api_key=739a720ade31ad2a14b30aa7b3a6b20e But at the moment, I have a URL looking like this: index.php?cardAuth=&title=Mr&fname=Alderton&sname=Arkie&ctype=mastercard&cnumber=5105105105105100&smonth=01&syear=07&fmonth=01&fyear=10&checkout=Check+Out There's a few more problems; - I can't get the card number to md5 - I don't know how to retreive a variable used in another file, which counts up the total amount due Here's my PHP: <h2>Please enter your details</h2> <h3>All fields required</h3> <div id="checkout"> <?php if (isset($_GET['checkout'])){ $title = $_GET['title']; $fname = $_GET['fname']; $sname = $_GET['sname']; $ctype = $_GET['ctype']; $cnumber = md5($_GET['cnumber']); $syear = $_GET['smonth'] . $_GET['syear']; $fyear = $_GET['fmonth'] . $_GET['fyear']; $service = $_GET['cardAuth']; $amount = $_REQUEST[$total]; $msg = rand(1000,9999); $api = 'd41d8cd98f00b204e9800998ecf8427e'; } ?> <form method="get" action="index.php?p=checkout?<?php.'service='.$service.'msg_id='.$msg.'num_md5='.$cnumber.'amount='.$amount.'currency=GBP'.'api_key='.$api.?>"> <table> <tr> <td><input type="hidden" name="cardAuth" value="<?php if (!empty($service)) echo $service; ?>" /></td> </tr> <tr> <td> Title: </td> <td> <select name="title" value="<?php if (!empty($title)) echo $title; ?>" > <option></option> <option>Mr</option> <option>Sir</option> <option>Ms</option> <option>Miss</option> <option>Mrs</option> </select> </td> </tr> <tr> <td> First Name: </td> <td> <input type="text" name="fname" value="<?php if (!empty($fname)) echo $fname; ?>"/> </td> </tr> <tr> <td> Surname: </td> <td> <input type="text" name="sname" value="<?php if (!empty($sname)) echo $sname; ?>"/> </td> </tr> <tr> <td> </td> </tr> <tr> <td> Card Type: </td> <td> <select name="ctype" value="<?php if (!empty($ctype)) echo $ctype; ?>"> <option>mastercard</option> <option>visa</option> <option>amex</option> <option>solo</option> <option>maestro</option> <option>jcb</option> <option>diners</option> </select> </td> </tr> <tr> <td> Card Number: </td> <td> <input type="text" name="cnumber" value="<?php if (!empty($cnumber)) echo $cnumber; ?>"/> </td> </tr> <tr> <td> Valid From: </td> <td> <select name="smonth" value="<?php if (!empty($smonth)) echo $smonth; ?>"> <option>01</option> <option>02</option> <option>03</option> <option>04</option> <option>05</option> <option>06</option> <option>07</option> <option>08</option> <option>09</option> <option>10</option> <option>11</option> <option>12</option> </select> <select name="syear" value="<?php if (!empty($syear)) echo $syear; ?>"> <option>07</option> <option>08</option> <option>09</option> <option>10</option> <option>11</option> </select> </td> </tr> <tr> <td> Expires End: </td> <td> <select name="fmonth" value="<?php if (!empty($fmonth)) echo $fmonth; ?>"> <option>01</option> <option>02</option> <option>03</option> <option>04</option> <option>05</option> <option>06</option> <option>07</option> <option>08</option> <option>09</option> <option>10</option> <option>11</option> <option>12</option> </select> <select name="fyear" value="<?php if (!empty($fyear)) echo $fyear; ?>"> <option>10</option> <option>11</option> <option>12</option> <option>13</option> <option>14</option> </select> </td> </tr> <tr> <td> </td> </tr> <tr> <td> </td> <td> <input type="submit" name="checkout" value="Check Out"/> </td> </tr> </table> </form> </div> Link to comment https://forums.phpfreaks.com/topic/231771-rest-based-card-clearence/ Share on other sites More sharing options...
monkeytooth Posted March 26, 2011 Share Posted March 26, 2011 md5: (reference: http://php.net/manual/en/function.md5.php) $myNewEncryptedValue = md5('value you want to pass as md5'); echo "My md5 hash: ". $myNewEncryptedValue; As for that value of something in a different file, not exactly sure i know what you mean by that. All depends on how that value is stored, generated, or whatever. Link to comment https://forums.phpfreaks.com/topic/231771-rest-based-card-clearence/#findComment-1192490 Share on other sites More sharing options...
anevins Posted March 26, 2011 Author Share Posted March 26, 2011 In another file, I have the variable total which counts up the quantity and times' it by the price. $total += $qty*$row['price']; Can I store that in a session so I can use it over multiple pages? If so, how do I store it in a session? Link to comment https://forums.phpfreaks.com/topic/231771-rest-based-card-clearence/#findComment-1192495 Share on other sites More sharing options...
monkeytooth Posted March 26, 2011 Share Posted March 26, 2011 You can.. but keep in mind Sessions and Cookies are just as vulnerable as _GET and _POST they can be changed by a user should they really want to change it and know how. Playing with money online is always a pain in the ass, cause people will exploit any medium they can to get your items for free.. So if your going to store a global total so to speak via a cookie, I would also store another cookie thats a md5 hash of the total running price you want, then sha1 encrypt that md5 with a salted value of your choice so that way you can always verify it as correct. Cause every place your going to call the running price from your going to want to rerun the md5, with the sha1 formula you concoct and double check no one is manipulating the data, where if they are throw out an error and handle it the way you see fit. Me personally I go over board on that concept, but playing with money is no joke either, you can lose a lot of it if someone place you right.. I usually md5 the dynamic variable, sha1 with one hardcoded value and then sha1 again with another hardcoded value. And sometimes I tie user information into that just to be doublely careful, better safe then sorry in my book when it comes to that. Link to comment https://forums.phpfreaks.com/topic/231771-rest-based-card-clearence/#findComment-1192497 Share on other sites More sharing options...
anevins Posted March 26, 2011 Author Share Posted March 26, 2011 I needn't worry too much about security; this card clearence service is solely for academic purposes. The testee will be entering user details from a set list of 18 different credit card accounts, which are dummy, not real. Link to comment https://forums.phpfreaks.com/topic/231771-rest-based-card-clearence/#findComment-1192501 Share on other sites More sharing options...
anevins Posted March 26, 2011 Author Share Posted March 26, 2011 bump Link to comment https://forums.phpfreaks.com/topic/231771-rest-based-card-clearence/#findComment-1192570 Share on other sites More sharing options...
anevins Posted March 26, 2011 Author Share Posted March 26, 2011 bump Link to comment https://forums.phpfreaks.com/topic/231771-rest-based-card-clearence/#findComment-1192612 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.