Solved

Urgent, hash verification posted from another site if ok then do the query

Posted on 2004-09-09
1
142 Views
Last Modified: 2013-12-24
I have an online processor, that for whatever reason allows the buyer to see the complete url (which includes the total amount to be paied) and the user can edit this information and the processor will allow him to pay it. The only security they provide is sending me back a hashed key, which i will verify aganist the information i sent them.

Now, here is what i want to do,
First, after the customer is done with selecting what he needs, he will be directed to the payment processor. he pays then he will be redirected to my web site, if his transaction is accpeted (verifyied against the hased key) the information of the transaction he made will be entered into my db and an e-mail will be sent to him and to me.

the e-mail thing (do not worry about it, it is very easy)
first problem, how will i store his information, since the information he entered into the form (i'm trying not to store it until i get the confirmation) will be lost! so where should i store this information and how.

second, how to accept the parameters passed back from the processor, they will send me the parameters as hidden form fields?

third, well if i know how to accept the parameters i can run a check against the hashed key they send to me.

I'm running out of time, so urgent help is needed (and be some how detailed)
Thanks,
0
Comment
Question by:MMsabry
1 Comment
 
LVL 21

Accepted Solution

by:
pinaldave earned 500 total points
ID: 12019025
Hi MMsabry,
 first problem, how will i store his information, since the information
 he entered into the form (i'm trying not to store it until i get the
 confirmation) will be lost! so where should i store this information and how.

    session variables

 
 second, how to accept the parameters passed back from the processor,
 they will send me the parameters as hidden form fields?

    you can access them as form.variablename may be you need pound around them...
 
 third, well if i know how to accept the parameters i can run a check
 against the hashed key they send to me.

    I guess
 
 I'm running out of time, so urgent help is needed (and be some how detailed)
 Thanks,

    what you want to know more?? :)


Regards,
---Pinal
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Mapping Custom Error Page in IIS 7.0 / Windows 2008 3 49
Htaccess - if subdomain "dev." 2 74
Problem to Eclipse 16 117
site launch date and last modified date 3 80
One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now