Urgent, hash verification posted from another site if ok then do the query
Posted on 2004-09-09
I have an online processor, that for whatever reason allows the buyer to see the complete url (which includes the total amount to be paied) and the user can edit this information and the processor will allow him to pay it. The only security they provide is sending me back a hashed key, which i will verify aganist the information i sent them.
Now, here is what i want to do,
First, after the customer is done with selecting what he needs, he will be directed to the payment processor. he pays then he will be redirected to my web site, if his transaction is accpeted (verifyied against the hased key) the information of the transaction he made will be entered into my db and an e-mail will be sent to him and to me.
the e-mail thing (do not worry about it, it is very easy)
first problem, how will i store his information, since the information he entered into the form (i'm trying not to store it until i get the confirmation) will be lost! so where should i store this information and how.
second, how to accept the parameters passed back from the processor, they will send me the parameters as hidden form fields?
third, well if i know how to accept the parameters i can run a check against the hashed key they send to me.
I'm running out of time, so urgent help is needed (and be some how detailed)