Baub Eis
asked on
How to hide hidden form values in ASP
I have a form that transmits credit card data:
https://wwwthebusinessstore.net/sign_up_cc.asp
There are hidden fields that pass the credit card account credentials to the bank site. How can I hide those values from doing an inspect element in Chrome or whatever. Needs to be server side scripted some how? Javascript or .asp? Whats the best attack here, I'm not very good at javascript.
thanks for any help
Baub
https://wwwthebusinessstore.net/sign_up_cc.asp
There are hidden fields that pass the credit card account credentials to the bank site. How can I hide those values from doing an inspect element in Chrome or whatever. Needs to be server side scripted some how? Javascript or .asp? Whats the best attack here, I'm not very good at javascript.
thanks for any help
Baub
When you send credit card data via a form, you will send it ONLY using https. If you do that, you are good. It does not matter if you use <input type="hidden"> or <input type="text"> because hidden means from the screen. It is still sent the same way.
ASKER
nope. The HTTPS:// form would prevent a man in the middle type attack, ie when the data is sent the data is encrypted. But if you load the page above, and then use chrome to open it, and then select "inspect element" you can peruse down through the code until you see the hidden values which include the authentication key and password that is being sent.
You should check with your processer but some of this looks like it should be encrypted. Merchant ID's, Pin's, Password's are typically sent encrypted and usually a one way hash like md5 or preferably sha1. Hashing means concatenating predetermined fields. You may send your merchant_id as the actual id, but the merchant_pin or password as sha1(password&some_keyfiel d&another_ keyfield). Where sha1 is a function loaded on your page. Again, as long as you are sending via https you are good.
<input name="ssl_merchant_id" type="hidden" id="ssl_merchant_id" value="001010">
<input name="ssl_pin" type="hidden" id="ssl_pin" value="L0QHGS">
<input name="ssl_show_form" type="hidden" id="ssl_show_form" value="false">
<input name="ssl_user_id" type="hidden" id="ssl_user_id" value="001010">
Check your certificate. It throws a warning because of the way you named it.
You attempted to reach www.thebusinessstore.net, but instead you actually reached a server identifying itself as thebusinessstore.net. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of www.thebusinessstore.net.
You should not proceed, especially if you have never seen this warning before for this site.
<input name="ssl_merchant_id" type="hidden" id="ssl_merchant_id" value="001010">
<input name="ssl_pin" type="hidden" id="ssl_pin" value="L0QHGS">
<input name="ssl_show_form" type="hidden" id="ssl_show_form" value="false">
<input name="ssl_user_id" type="hidden" id="ssl_user_id" value="001010">
Check your certificate. It throws a warning because of the way you named it.
You attempted to reach www.thebusinessstore.net, but instead you actually reached a server identifying itself as thebusinessstore.net. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of www.thebusinessstore.net.
You should not proceed, especially if you have never seen this warning before for this site.
ASKER
<input name="ssl_transaction_type" type="hidden" id="ssl_transaction_type" value="ccaddrecurring">
<input name="ssl_amount" type="hidden" id="ssl_amount" value="89.95">
<input name="ssl_billing_cycle" type="hidden" id="ssl_billing_cycle" value="BIMONTHLY">
<input name="ssl_merchant_id" type="hidden" id="ssl_merchant_id" value="001010">
<input name="ssl_pin" type="hidden" id="ssl_pin" value="L0QHGS">
<input name="ssl_show_form" type="hidden" id="ssl_show_form" value="false">
<input name="ssl_user_id" type="hidden" id="ssl_user_id" value="001010">
<input name="ssl_cvv2cvc2_indicator" type="hidden" id="ssl_cvv2cvc2_indicator" value="1">
<input name="ssl_receipt_decl_method" type="hidden" id="ssl_receipte_decl_method" value="REDG">
<input name="ssl_receipt_decl_get_url" type="hidden" id="ssl_receipt_decl_get_url" value="https://theBusinessStore.net/decline.asp">
<input name="ssl_receipt_apprvl_method" type="hidden" id="ssl_receipt_apprvl_method" value="REDG">
<input name="ssl_receipt_apprvl_get_url" type="hidden" id="ssl_receipt_apprvl_get_url" value="https://theBusinessStore.net/approval.asp">
I need to hide those values from the "inspect element" of google chrome
ASKER
>"I need to hide those values from the "inspect element" of google chrome"
There is no hiding if they are required. If you don't wan that to be shown, you should be able to set up the info on the processor side. If there is no way around it you simply need to add serverside code for the page, "https://theBusinessStore.net/decline.asp" to only allow incoming traffic from your cc service or they probably have some type of key value and you just check for that.
Setting up ecommerce is much more complex then you would think.
There is no hiding if they are required. If you don't wan that to be shown, you should be able to set up the info on the processor side. If there is no way around it you simply need to add serverside code for the page, "https://theBusinessStore.net/decline.asp" to only allow incoming traffic from your cc service or they probably have some type of key value and you just check for that.
Setting up ecommerce is much more complex then you would think.
ASKER
I realize that. But how could I hide these values, say through asp? Can I force those values to be run at the server, ie runat=server in the form or anything like that? Encapsulate those values in <% %> somehow?
They don't need to be on the form. They can be variables.
<%
if request.form("credit_card_no")<>"" then
MerchNO="1234"
MyPin="abc"
credit_card_no="request.form("credit_card_no")
' keep adding fields
theURL = "https://demo.myvirtualmerchant.com/VirtualMerchantDemo/process.do"
'now use xmlhttp post http://support.microsoft.com/kb/290591 to send data. Any items you want hidden form people are in your variables and posted this way.
DataToSend = "ssl_merchant_id =MerchNO& ssl_pin=MyPin&CC_NO=credit_card_no"
dim xmlhttp
set xmlhttp = server.Createobject("MSXML2.ServerXMLHTTP")
xmlhttp.Open "POST",theURL,false
xmlhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xmlhttp.send DataToSend
Response.ContentType = "text/xml"
Response.Write xmlhttp.responsexml.xml ' this is your response from the post but probably not used in your case
Set xmlhttp = nothing
end if
%>
<form action="thispage.asp">
<input type="text" name="credit_card_no">
<button type="submit">Submit</button>
</form>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yeah I figured that. Thank you very much this is what I am looking for. At least a direction... HA HA. you rule PADAS.
Thanks! Good luck.
One thing to keep in mind, treat the data you are posting via xmlhttpost as if it was on your form. All the data is hidden from "view source". It is important that the post is over https otherwise, people smarter then us can sniff out what is being sent. I work with multiple payment processors where one is extreme on encrypting everything and another is not claiming as long as it is sent via https all is good.
One thing to keep in mind, treat the data you are posting via xmlhttpost as if it was on your form. All the data is hidden from "view source". It is important that the post is over https otherwise, people smarter then us can sniff out what is being sent. I work with multiple payment processors where one is extreme on encrypting everything and another is not claiming as long as it is sent via https all is good.
ASKER
I can't quite get this to work. Is this post still open or do you still get this email? Or do I need to open a new post?
I could open a new post so you could get 500 more points....
I could open a new post so you could get 500 more points....
Post your code and lets see where you are at. If I can't get it right away, then post another question. I will be out of commission for a couple of hours.
ASKER
New page is at http://thebusinessstore.net/sign_up_ccxml.asp
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include file="Connections/durgorama.asp" -->
<% if request.form("ssl_card_number") <> "" Then
card_number=request.form("ssl_card_number")
transaction_type="ccaddrecurring"
amount="89.95"
billing_cycle="MONTHLY"
merchant_id="001010"
user_id="001010"
pin="L0QHGS"
cvv2cvc2_indicator="1"
receipt_decl_method="REDG"
receipt_decl_get_url="https://thebusinesstore.net/decline.asp"
receipt_apprvl_method="REDG"
receipt_apprvl_get_url="https://thebusinessstore.net/approval.asp"
next_payment_date=request.form("ssl_next_payment_date")
first_name=request.form("ssl_first_name")
last_name=request.form("ssl_card_number")
exp_date=request.form("ssl_exp_date")
show_form="false"
theURL="https://demo.myvirtualmerchant.com/VirtualMerchantDemo/process.do"
DataToSend = "ssl_merchant_id=merchant_id&ssl_pin=pin&ssl_card_number=credit_card_no&ssl_transaction_type=ccaddrecurring&ssl_cvv2cvc2_indicator=cvv2cvc2&ssl_receipt_decl_method=receipt_decl_method&ssl_receipt_decl_url=receipt_decl_url&ssl_receipt_apprvl_method=receipt_apprvl_method&ssl_receipt_apprvl_get_url=receipt_apprvl1_get_url&ssl_next_payment_date=next_payment_date&ssl_first_name=first_name&ssl_last_name=last_name&ssl_exp_date=exp_date&ssl_show_form=show_form&ssl_user_id=user_id"
dim xmlhttp
set xmlhttp = server.Createobject("MSXML2.ServerXMLHTTP")
xmlhttp.Open "POST",theURL,false
xmlhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xmlhttp.send DataToSend
Response.ContentType = "text/xml"
Response.Write xmlhttp.responsexml.xml ' this is your response from the post but probably not used in your case
Set xmlhttp = nothing
end if
%>
<html><!-- InstanceBegin template="/Templates/DetailPage16grid.dwt.asp" codeOutsideHTMLIsLocked="false" -->
<head>
<!--#include file="ScriptLibrary/userloginwhoami.asp" -->
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<!-- InstanceBeginEditable name="doctitle" -->
<title>theBusinessStore.net</title>
<!-- InstanceEndEditable -->
<link rel="stylesheet" type="text/css" href="Styles/960grid/960_16_col.css" />
<link rel="stylesheet" type="text/css" href="Styles/960grid/reset.css" />
<link rel="stylesheet" type="text/css" href="Styles/960grid/text.css" />
<link href="Styles/960grid/baub.css" rel="stylesheet" type="text/css">
<!-- InstanceBeginEditable name="head" -->
<link rel="stylesheet" type="text/css" href="Styles/dmxUniform/default/uniform.default.css" />
<script type="text/javascript" src="ScriptLibrary/jquery-latest.pack.js"></script>
<script type="text/javascript" src="ScriptLibrary/dmxUniform.js"></script>
<!-- InstanceEndEditable -->
<link rel="shortcut icon" href="favoicon.ico">
</head>
<body>
<div id="header" class="container_16 clearfix">
<div class="grid_16"><div id="headerwrapper">
<img src="images/headerimager2.jpg" width="940" height="80" usemap="#Map">
<map name="Map">
<area shape="rect" coords="735,59,937,75" href="for_brokers_and_realtors.asp">
<area shape="rect" coords="593,60,723,75" href="Sellabusiness.asp" alt="Sell a Business">
<area shape="rect" coords="455,61,582,73" href="buyabusiness.asp" alt="Buy a Business">
<area shape="rect" coords="6,7,346,72" href="default9.asp">
<area shape="rect" coords="378,55,444,76" href="default9.asp" alt="Home">
</map>
<% If Request.Cookies("MM_UserAuthorization") = "admin" Then %><div class="loggedInAs">
Logged in as: <%=(whoAmI.Fields.Item("user_name").Value)%> <%=(whoAmI.Fields.Item("user_lastname").Value)%>| <a href="Broker_Landing_Page.asp">My Listings</a> | <a href="<%= MM_Logout %>">Logout</a></div>
<% ElseIf Request.Cookies("MM_UserAuthorization") = "user" Then %><div class="loggedInAs">Logged in as: <%=(whoAmI.Fields.Item("user_name").Value)%> <%=(whoAmI.Fields.Item("user_lastname").Value)%> | <a href="Broker_Landing_Page.asp">My Listings</a> | <a href="<%= MM_Logout %>">Logout</a></div>
<% Else %>
<div class="notloggedin"><a href="Broker_Landing_Page.asp">LOGIN</a></div><% End If %>
</div>
<img src="images/top_red.jpg" width="940" height="35"> </div>
</div>
<div id="content" class="container_16">
<div class="grid_12"><!-- InstanceBeginEditable name="MainContent" -->
<form class="dmxUniform" name="dmxUniform1" id="dmxUniform1" method="post" action="sign_up_ccXML.asp">
<table width="640" border="0" cellspacing="5" cellpadding="5">
<tr>
<td colspan="2" align="left"><h2>Payment Details</h2></td>
</tr>
<tr>
<td align="right"><strong>First Name:</strong></td>
<td><input name="ssl_first_name" type="text" id="ssl_first_name" size="50"></td>
</tr>
<tr>
<td align="right"><strong>Last Name:</strong></td>
<td><input name="ssl_last_name" type="text" id="ssl_last_name" size="50"></td>
</tr>
<tr>
<td width="253" align="right"><strong>Name on Card:</strong></td>
<td width="352"><input name="textfield3" type="text" id="textfield3" size="50"></td>
</tr>
<tr>
<td align="right"><img src="images/icons/1361942662_credit_cards.png" alt="" width="64" height="64"></td>
<td><p>We accept Visa, Mastercard, Discovery and American Express.</p>
<p>You are setting up a recurring bi-monthly charge of $318 every 2 months. Plus an extra free month.</p></td>
</tr>
<tr>
<td align="right"><strong>Credit Card Number:</strong></td>
<td><input name="ssl_card_number" type="text" id="ssl_card_number" size="50"></td>
</tr>
<tr>
<td align="right"><strong>Expiration Date:</strong></td>
<td><input name="ssl_exp_date" type="text" id="ssl_exp_date" size="4">
format MMYY</td>
</tr>
<tr>
<td align="right" valign="top"><p><strong>Credit Verification Code (CVC2):</strong></p>
<p></p></td>
<td><p>
<input name="ssl_cvv2cvc2" type="text" id="ssl_cvv2cvc2" size="8">
</p>
<p>The CVC code is either a 3 digit code number on the back side of Visa, Mastercard, Discover, or a 4 digit code on the front side of an American Express card.</p>
<p><img src="images/CVCexamples.png" width="223" height="68"></p></td>
</tr>
<tr>
<td align="right"><p>
<input name="ssl_next_payment_date" type="hidden" id="ssl_next_payment_date" value="<%=(Right("0" & Month(Date()), 2) & "/" & Right("0" & Day(Date()), 2) & "/" & Year(Date()))%>">
</p></td>
<td><input type="submit" name="button" id="button" value="Continue"></td>
</tr>
</table>
</form>
<script type="text/javascript">
// <![CDATA[
jQuery(document).ready(
function()
{
jQuery("#dmxUniform1").dmxUniform(
{}
);
}
);
// ]]>
</script>
<!-- InstanceEndEditable --></div>
<div class="grid_4"><!-- InstanceBeginEditable name="SidebarContent" --><!-- webbot bot="HTMLMarkup" startspan -->
<!-- GeoTrust QuickSSL [tm] Smart Icon tag. Do not edit. -->
<script language="javascript" type="text/javascript" src="//smarticon.geotrust.com/si.js"></script>
<!-- end GeoTrust Smart Icon tag -->
<!-- webbot bot="HTMLMarkup" endspan --><!-- InstanceEndEditable --></div>
</div>
<div id="footer" class="container_16 clearfix">
<div class="grid_16">
<p><img src="images/bottom_footer_red.jpg" width="940" height="35"><br>
</p>
<table width="940" border="0" cellspacing="5" cellpadding="5">
<tr>
<td width="160" align="left" valign="top" bgcolor="#F3F5F7"><p><a href="search_state.asp?state=Alabama">Alabama</a></p>
<p><a href="search_state.asp?state=California">California</a></p>
<p><a href="search_state.asp?state=Florida">Florida</a></p>
<p><a href="search_state.asp?state=Illinois">Illinois</a></p>
<p><a href="search_state.asp?state=Kentucky">Kentucky</a></p>
<p><a href="search_state.asp?state=Massachusetts">Massachusetts</a></p>
<p><a href="search_state.asp?state=Missouri">Missouri</a></p>
<p><a href="search_state.asp?state=New Hampshire">New Hampshire</a></p>
<p><a href="search_state.asp?state=North Carolina">North Carolina</a></p>
<p><a href="search_state.asp?state=Oregon">Oregon</a></p>
<p><a href="search_state.asp?state=South Dakota">South Dakota</a></p>
<p><a href="search_state.asp?state=Vermont">Vermont</a></p>
<p><a href="search_state.asp?state=Wisconsin">Wisconsin</a></p></td>
<td width="160" align="left" valign="top" bgcolor="#F3F5F7"><p><a href="search_state.asp?state=Alaska">Alaska</a></p>
<p><a href="search_state.asp?state=Colorado">Colorado</a></p>
<p><a href="search_state.asp?state=Georgia">Georgia</a></p>
<p><a href="search_state.asp?state=Indiana">Indiana</a></p>
<p><a href="search_state.asp?state=Louisiana">Louisiana</a></p>
<p><a href="search_state.asp?state=Michigan">Michigan</a></p>
<p><a href="search_state.asp?state=Montana">Montana</a></p>
<p><a href="search_state.asp?state=New Jersey">New Jersey</a></p>
<p><a href="search_state.asp?state=North Dakota">North Dakota</a></p>
<p><a href="search_state.asp?state=Pennsylvania">Pennsylvania</a></p>
<p><a href="search_state.asp?state=Tennessee">Tennessee</a></p>
<p><a href="search_state.asp?state=Virginia">Virginia</a></p>
<p><a href="search_state.asp?state=Wyoming">Wyoming</a></p></td>
<td width="160" align="left" valign="top" bgcolor="#F3F5F7"><p><a href="search_state.asp?state=Arizona">Arizona</a></p>
<p><a href="search_state.asp?state=Connecticut">Connecticut</a></p>
<p><a href="search_state.asp?state=Hawaii">Hawaii</a></p>
<p><a href="search_state.asp?state=Iowa">Iowa</a></p>
<p><a href="search_state.asp?state=Maine">Maine</a></p>
<p><a href="search_state.asp?state=Minnesota">Minnesota</a></p>
<p><a href="search_state.asp?state=Nebraska">Nebraska</a></p>
<p><a href="search_state.asp?state=New Mexico">New Mexico</a></p>
<p><a href="search_state.asp?state=Ohio">Ohio</a></p>
<p><a href="search_state.asp?state=Rhode Island">Rhode Island</a></p>
<p><a href="search_state.asp?state=Texas">Texas</a></p>
<p><a href="search_state.asp?state=Washington">Washington</a></p>
<p><a href="search_state.asp?state=District of Columbia">District of Columbia</a></p></td>
<td width="160" align="left" valign="top" bgcolor="#F3F5F7"><p><a href="search_state.asp?state=Arkansas">Arkansas</a></p>
<p><a href="search_state.asp?state=Delaware">Delaware</a></p>
<p><a href="search_state.asp?state=Idaho">Idaho</a></p>
<p><a href="search_state.asp?state=Kansas">Kansas</a></p>
<p><a href="search_state.asp?state=Maryland">Maryland</a></p>
<p><a href="search_state.asp?state=Mississippi">Mississippi</a></p>
<p><a href="search_state.asp?state=Nevada">Nevada</a></p>
<p><a href="search_state.asp?state=New York">New York</a></p>
<p><a href="search_state.asp?state=Oklahoma">Oklahoma</a></p>
<p><a href="search_state.asp?state=South Carolina">South Carolina</a></p>
<p><a href="search_state.asp?state=Utah">Utah</a></p>
<p><a href="search_state.asp?state=West Virginia">West Virginia</a></p></td>
<td width="220" align="left" valign="top" bgcolor="#F3F5F7"><h5><a href="advertise_with_us.asp">Advertise with Us </a></h5>
<h5><a href="careers.asp">Careers</a> </h5>
<h5><a href="FAQ.asp">Help / FAQs</a></h5>
<h5>My Account</h5>
<h5>Promotions</h5>
<h5><a href="privacy_statement.asp">Privacy Statement</a> </h5>
<h5>Sitemap </h5>
<h5><a href="terms_and_conditions.asp">Terms & Conditions</a></h5>
<p><!-- webbot bot="HTMLMarkup" startspan -->
<!-- GeoTrust QuickSSL [tm] Smart Icon tag. Do not edit. -->
<script language="javascript" type="text/javascript" src="//smarticon.geotrust.com/si.js"></script>
<!-- end GeoTrust Smart Icon tag -->
<!-- webbot bot="HTMLMarkup" endspan --></p></td>
</tr>
</table>
<hr>
<p>© 2013 TheBusinessStore.net ™ - "Where Business Buyers and Sellers Meet"</p>
<p> </p>
</div>
</div>
</body>
<!--#include file="ScriptLibrary/userloginclose.asp" -->
<!-- InstanceEnd --></html>
I think I lead you stray in the DataToSend. Check my work but you want it to be
"ssl_merchant_id="&merchan t_id&"&... .
"ssl_merchant_id="&merchan
DataToSend = "ssl_merchant_id="&merchant_id&"&ssl_pin="&pin&"&ssl_card_number="&credit_card_no&"&ssl_transaction_type="&ccaddrecurring&"&ssl_cvv2cvc2_indicator="&cvv2cvc2&"&ssl_receipt_decl_method="&receipt_decl_method&"&ssl_receipt_decl_url="&receipt_decl_url&"&ssl_receipt_apprvl_method="&receipt_apprvl_method&"&ssl_receipt_apprvl_get_url="&receipt_apprvl1_get_url&"&ssl_next_payment_date="&next_payment_date&"&ssl_first_name="&first_name&"&ssl_last_name="&last_name&"&ssl_exp_date="&exp_date&"&ssl_show_form="&show_form&"&ssl_user_id="&user_id
As a check,
DataToSend = "ssl_merchant_id="&merchant_id&"&ssl_pin="&pin&"&ssl_card_number="&credit_card_no&"&ssl_transaction_type="&ccaddrecurring&"&ssl_cvv2cvc2_indicator="&cvv2cvc2&"&ssl_receipt_decl_method="&receipt_decl_method&"&ssl_receipt_decl_url="&receipt_decl_url&"&ssl_receipt_apprvl_method="&receipt_apprvl_method&"&ssl_receipt_apprvl_get_url="&receipt_apprvl1_get_url&"&ssl_next_payment_date="&next_payment_date&"&ssl_first_name="&first_name&"&ssl_last_name="&last_name&"&ssl_exp_date="&exp_date&"&ssl_show_form="&show_form&"&ssl_user_id="&user_id
' after testing remove the two lines below or comment out. This will display what is being sent.
Response.write DataToSend
Response.end()
dim xmlhttp
set xmlhttp = server.Createobject("MSXML2.ServerXMLHTTP")
xmlhttp.Open "POST",theURL,false
xmlhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xmlhttp.send DataToSend
Response.ContentType = "text/xml"
Response.Write xmlhttp.responsexml.xml ' this is your response from the post but probably not used in your case
Set xmlhttp = nothing
ASKER
next round....
I am getting:
This page contains the following errors:
error on line 20 at column 8: Opening and ending tag mismatch: link line 0 and head
Below is a rendering of the page up to the first error.
I am getting:
This page contains the following errors:
error on line 20 at column 8: Opening and ending tag mismatch: link line 0 and head
Below is a rendering of the page up to the first error.
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include file="Connections/durgorama.asp" -->
<% if request.form("ssl_card_number") <> "" Then
card_number=request.form("ssl_card_number")
transaction_type="ccaddrecurring"
amount="89.95"
billing_cycle="MONTHLY"
merchant_id="001010"
user_id="001010"
pin="L0QHGS"
cvv2cvc2_indicator="1"
receipt_decl_method="REDG"
receipt_decl_get_url="https://thebusinesstore.net/decline.asp"
receipt_apprvl_method="REDG"
receipt_apprvl_get_url="https://thebusinessstore.net/approval.asp"
next_payment_date=request.form("ssl_next_payment_date")
first_name=request.form("ssl_first_name")
last_name=request.form("ssl_card_number")
exp_date=request.form("ssl_exp_date")
show_form="false"
theURL="https://demo.myvirtualmerchant.com/VirtualMerchantDemo/process.do"
DataToSend = "ssl_merchant_id=" & merchant_id & "ssl_pin=" & pin & "ssl_card_number=" & card_number & "ssl_transaction_type=" & ccaddrecurring &"ssl_cvv2cvc2_indicator=" & cvv2cvc2 & "ssl_receipt_decl_method=" & receipt_decl_method & "ssl_receipt_decl_url="& receipt_decl_url &"ssl_receipt_apprvl_method=" & receipt_apprvl_method & "ssl_receipt_apprvl_get_url=" & receipt_apprvl1_get_url & "ssl_next_payment_date=" &next_payment_date & "ssl_first_name=" & first_name & "ssl_last_name=" & last_name & "ssl_exp_date=" & exp_date & "ssl_show_form=" & show_form & "ssl_user_id=" & user_id
dim xmlhttp
set xmlhttp = server.Createobject("MSXML2.ServerXMLHTTP")
xmlhttp.Open "POST",theURL,false
xmlhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xmlhttp.send DataToSend
Response.ContentType = "text/xml"
Response.Write xmlhttp.responsexml.xml ' this is your response from the post but probably not used in your case
Set xmlhttp = nothing
end if
%>
<html><!-- InstanceBegin template="/Templates/DetailPage16grid.dwt.asp" codeOutsideHTMLIsLocked="false" -->
<head>
<!--#include file="ScriptLibrary/userloginwhoami.asp" -->
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<!-- InstanceBeginEditable name="doctitle" -->
<title>theBusinessStore.net</title>
<!-- InstanceEndEditable -->
<link rel="stylesheet" type="text/css" href="Styles/960grid/960_16_col.css" />
<link rel="stylesheet" type="text/css" href="Styles/960grid/reset.css" />
<link rel="stylesheet" type="text/css" href="Styles/960grid/text.css" />
<link href="Styles/960grid/baub.css" rel="stylesheet" type="text/css">
<!-- InstanceBeginEditable name="head" -->
<link rel="stylesheet" type="text/css" href="Styles/dmxUniform/default/uniform.default.css" />
<script type="text/javascript" src="ScriptLibrary/jquery-latest.pack.js"></script>
<script type="text/javascript" src="ScriptLibrary/dmxUniform.js"></script>
<!-- InstanceEndEditable -->
<link rel="shortcut icon" href="favoicon.ico">
</head>
<body>
<div id="header" class="container_16 clearfix">
<div class="grid_16"><div id="headerwrapper">
<img src="images/headerimager2.jpg" width="940" height="80" usemap="#Map">
<map name="Map">
<area shape="rect" coords="735,59,937,75" href="for_brokers_and_realtors.asp">
<area shape="rect" coords="593,60,723,75" href="Sellabusiness.asp" alt="Sell a Business">
<area shape="rect" coords="455,61,582,73" href="buyabusiness.asp" alt="Buy a Business">
<area shape="rect" coords="6,7,346,72" href="default9.asp">
<area shape="rect" coords="378,55,444,76" href="default9.asp" alt="Home">
</map>
<% If Request.Cookies("MM_UserAuthorization") = "admin" Then %><div class="loggedInAs">
Logged in as: <%=(whoAmI.Fields.Item("user_name").Value)%> <%=(whoAmI.Fields.Item("user_lastname").Value)%>| <a href="Broker_Landing_Page.asp">My Listings</a> | <a href="<%= MM_Logout %>">Logout</a></div>
<% ElseIf Request.Cookies("MM_UserAuthorization") = "user" Then %><div class="loggedInAs">Logged in as: <%=(whoAmI.Fields.Item("user_name").Value)%> <%=(whoAmI.Fields.Item("user_lastname").Value)%> | <a href="Broker_Landing_Page.asp">My Listings</a> | <a href="<%= MM_Logout %>">Logout</a></div>
<% Else %>
<div class="notloggedin"><a href="Broker_Landing_Page.asp">LOGIN</a></div><% End If %>
</div>
<img src="images/top_red.jpg" width="940" height="35"> </div>
</div>
<div id="content" class="container_16">
<div class="grid_12"><!-- InstanceBeginEditable name="MainContent" -->
<form class="dmxUniform" name="dmxUniform1" id="dmxUniform1" method="post" action="sign_up_ccXML.asp">
<table width="640" border="0" cellspacing="5" cellpadding="5">
<tr>
<td colspan="2" align="left"><h2>Payment Details</h2></td>
</tr>
<tr>
<td align="right"><strong>First Name:</strong></td>
<td><input name="ssl_first_name" type="text" id="ssl_first_name" size="50"></td>
</tr>
<tr>
<td align="right"><strong>Last Name:</strong></td>
<td><input name="ssl_last_name" type="text" id="ssl_last_name" size="50"></td>
</tr>
<tr>
<td width="253" align="right"><strong>Name on Card:</strong></td>
<td width="352"><input name="textfield3" type="text" id="textfield3" size="50"></td>
</tr>
<tr>
<td align="right"><img src="images/icons/1361942662_credit_cards.png" alt="" width="64" height="64"></td>
<td><p>We accept Visa, Mastercard, Discovery and American Express.</p>
<p>You are setting up a recurring bi-monthly charge of $318 every 2 months. Plus an extra free month.</p></td>
</tr>
<tr>
<td align="right"><strong>Credit Card Number:</strong></td>
<td><input name="ssl_card_number" type="text" id="ssl_card_number" size="50"></td>
</tr>
<tr>
<td align="right"><strong>Expiration Date:</strong></td>
<td><input name="ssl_exp_date" type="text" id="ssl_exp_date" size="4">
format MMYY</td>
</tr>
<tr>
<td align="right" valign="top"><p><strong>Credit Verification Code (CVC2):</strong></p>
<p></p></td>
<td><p>
<input name="ssl_cvv2cvc2" type="text" id="ssl_cvv2cvc2" size="8">
</p>
<p>The CVC code is either a 3 digit code number on the back side of Visa, Mastercard, Discover, or a 4 digit code on the front side of an American Express card.</p>
<p><img src="images/CVCexamples.png" width="223" height="68"></p></td>
</tr>
<tr>
<td align="right"><p>
<input name="ssl_next_payment_date" type="hidden" id="ssl_next_payment_date" value="<%=(Right("0" & Month(Date()), 2) & "/" & Right("0" & Day(Date()), 2) & "/" & Year(Date()))%>">
</p></td>
<td><input type="submit" name="button" id="button" value="Continue"></td>
</tr>
</table>
</form>
<script type="text/javascript">
// <![CDATA[
jQuery(document).ready(
function()
{
jQuery("#dmxUniform1").dmxUniform(
{}
);
}
);
// ]]>
</script>
<!-- InstanceEndEditable --></div>
<div class="grid_4"><!-- InstanceBeginEditable name="SidebarContent" --><!-- webbot bot="HTMLMarkup" startspan -->
<!-- GeoTrust QuickSSL [tm] Smart Icon tag. Do not edit. -->
<script language="javascript" type="text/javascript" src="//smarticon.geotrust.com/si.js"></script>
<!-- end GeoTrust Smart Icon tag -->
<!-- webbot bot="HTMLMarkup" endspan --><!-- InstanceEndEditable --></div>
</div>
<div id="footer" class="container_16 clearfix">
<div class="grid_16">
<p><img src="images/bottom_footer_red.jpg" width="940" height="35"><br>
</p>
<table width="940" border="0" cellspacing="5" cellpadding="5">
<tr>
<td width="160" align="left" valign="top" bgcolor="#F3F5F7"><p><a href="search_state.asp?state=Alabama">Alabama</a></p>
<p><a href="search_state.asp?state=California">California</a></p>
<p><a href="search_state.asp?state=Florida">Florida</a></p>
<p><a href="search_state.asp?state=Illinois">Illinois</a></p>
<p><a href="search_state.asp?state=Kentucky">Kentucky</a></p>
<p><a href="search_state.asp?state=Massachusetts">Massachusetts</a></p>
<p><a href="search_state.asp?state=Missouri">Missouri</a></p>
<p><a href="search_state.asp?state=New Hampshire">New Hampshire</a></p>
<p><a href="search_state.asp?state=North Carolina">North Carolina</a></p>
<p><a href="search_state.asp?state=Oregon">Oregon</a></p>
<p><a href="search_state.asp?state=South Dakota">South Dakota</a></p>
<p><a href="search_state.asp?state=Vermont">Vermont</a></p>
<p><a href="search_state.asp?state=Wisconsin">Wisconsin</a></p></td>
<td width="160" align="left" valign="top" bgcolor="#F3F5F7"><p><a href="search_state.asp?state=Alaska">Alaska</a></p>
<p><a href="search_state.asp?state=Colorado">Colorado</a></p>
<p><a href="search_state.asp?state=Georgia">Georgia</a></p>
<p><a href="search_state.asp?state=Indiana">Indiana</a></p>
<p><a href="search_state.asp?state=Louisiana">Louisiana</a></p>
<p><a href="search_state.asp?state=Michigan">Michigan</a></p>
<p><a href="search_state.asp?state=Montana">Montana</a></p>
<p><a href="search_state.asp?state=New Jersey">New Jersey</a></p>
<p><a href="search_state.asp?state=North Dakota">North Dakota</a></p>
<p><a href="search_state.asp?state=Pennsylvania">Pennsylvania</a></p>
<p><a href="search_state.asp?state=Tennessee">Tennessee</a></p>
<p><a href="search_state.asp?state=Virginia">Virginia</a></p>
<p><a href="search_state.asp?state=Wyoming">Wyoming</a></p></td>
<td width="160" align="left" valign="top" bgcolor="#F3F5F7"><p><a href="search_state.asp?state=Arizona">Arizona</a></p>
<p><a href="search_state.asp?state=Connecticut">Connecticut</a></p>
<p><a href="search_state.asp?state=Hawaii">Hawaii</a></p>
<p><a href="search_state.asp?state=Iowa">Iowa</a></p>
<p><a href="search_state.asp?state=Maine">Maine</a></p>
<p><a href="search_state.asp?state=Minnesota">Minnesota</a></p>
<p><a href="search_state.asp?state=Nebraska">Nebraska</a></p>
<p><a href="search_state.asp?state=New Mexico">New Mexico</a></p>
<p><a href="search_state.asp?state=Ohio">Ohio</a></p>
<p><a href="search_state.asp?state=Rhode Island">Rhode Island</a></p>
<p><a href="search_state.asp?state=Texas">Texas</a></p>
<p><a href="search_state.asp?state=Washington">Washington</a></p>
<p><a href="search_state.asp?state=District of Columbia">District of Columbia</a></p></td>
<td width="160" align="left" valign="top" bgcolor="#F3F5F7"><p><a href="search_state.asp?state=Arkansas">Arkansas</a></p>
<p><a href="search_state.asp?state=Delaware">Delaware</a></p>
<p><a href="search_state.asp?state=Idaho">Idaho</a></p>
<p><a href="search_state.asp?state=Kansas">Kansas</a></p>
<p><a href="search_state.asp?state=Maryland">Maryland</a></p>
<p><a href="search_state.asp?state=Mississippi">Mississippi</a></p>
<p><a href="search_state.asp?state=Nevada">Nevada</a></p>
<p><a href="search_state.asp?state=New York">New York</a></p>
<p><a href="search_state.asp?state=Oklahoma">Oklahoma</a></p>
<p><a href="search_state.asp?state=South Carolina">South Carolina</a></p>
<p><a href="search_state.asp?state=Utah">Utah</a></p>
<p><a href="search_state.asp?state=West Virginia">West Virginia</a></p></td>
<td width="220" align="left" valign="top" bgcolor="#F3F5F7"><h5><a href="advertise_with_us.asp">Advertise with Us </a></h5>
<h5><a href="careers.asp">Careers</a> </h5>
<h5><a href="FAQ.asp">Help / FAQs</a></h5>
<h5>My Account</h5>
<h5>Promotions</h5>
<h5><a href="privacy_statement.asp">Privacy Statement</a> </h5>
<h5>Sitemap </h5>
<h5><a href="terms_and_conditions.asp">Terms & Conditions</a></h5>
<p><!-- webbot bot="HTMLMarkup" startspan -->
<!-- GeoTrust QuickSSL [tm] Smart Icon tag. Do not edit. -->
<script language="javascript" type="text/javascript" src="//smarticon.geotrust.com/si.js"></script>
<!-- end GeoTrust Smart Icon tag -->
<!-- webbot bot="HTMLMarkup" endspan --></p></td>
</tr>
</table>
<hr>
<p>© 2013 TheBusinessStore.net ™ - "Where Business Buyers and Sellers Meet"</p>
<p> </p>
</div>
</div>
</body>
<!--#include file="ScriptLibrary/userloginclose.asp" -->
<!-- InstanceEnd --></html>
ASKER
I have form submitting to the same page? Is that right?
ASKER
there was a couple of small typos in the long string they are fixed. here is code:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include file="Connections/durgorama.asp" -->
<% if request.form("ssl_card_number") <> "" Then
card_number=request.form("ssl_card_number")
transaction_type="ccaddrecurring"
amount="89.95"
billing_cycle="MONTHLY"
merchant_id="001010"
user_id="001010"
pin="L0QHGS"
cvv2cvc2_indicator="1"
receipt_decl_method="REDG"
receipt_decl_get_url="https://thebusinesstore.net/decline.asp"
receipt_apprvl_method="REDG"
receipt_apprvl_get_url="https://thebusinessstore.net/approval.asp"
next_payment_date=request.form("ssl_next_payment_date")
first_name=request.form("ssl_first_name")
last_name=request.form("ssl_last_name")
exp_date=request.form("ssl_exp_date")
show_form="false"
theURL="https://demo.myvirtualmerchant.com/VirtualMerchantDemo/process.do"
DataToSend = "ssl_merchant_id=" & merchant_id & "ssl_pin=" & pin & "ssl_card_number=" & card_number & "ssl_transaction_type=" & transaction_type &"ssl_cvv2cvc2_indicator=" & cvv2cvc2 & "ssl_receipt_decl_method=" & receipt_decl_method & "ssl_receipt_decl_url=" & receipt_decl_url &"ssl_receipt_apprvl_method=" & receipt_apprvl_method & "ssl_receipt_apprvl_get_url=" & receipt_apprvl1_get_url & "ssl_next_payment_date=" &next_payment_date & "ssl_first_name=" & first_name & "ssl_last_name=" & last_name & "ssl_exp_date=" & exp_date & "ssl_show_form=" & show_form & "ssl_user_id=" & user_id
dim xmlhttp
set xmlhttp = server.Createobject("MSXML2.ServerXMLHTTP")
xmlhttp.Open "POST",theURL,false
xmlhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xmlhttp.send DataToSend
Response.ContentType = "text/xml"
Response.Write xmlhttp.responsexml.xml ' this is your response from the post but probably not used in your case
Set xmlhttp = nothing
end if
%>
<html><!-- InstanceBegin template="/Templates/DetailPage16grid.dwt.asp" codeOutsideHTMLIsLocked="false" -->
<head>
<!--#include file="ScriptLibrary/userloginwhoami.asp" -->
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<!-- InstanceBeginEditable name="doctitle" -->
<title>theBusinessStore.net</title>
<!-- InstanceEndEditable -->
<link rel="stylesheet" type="text/css" href="Styles/960grid/960_16_col.css" />
<link rel="stylesheet" type="text/css" href="Styles/960grid/reset.css" />
<link rel="stylesheet" type="text/css" href="Styles/960grid/text.css" />
<link href="Styles/960grid/baub.css" rel="stylesheet" type="text/css">
<!-- InstanceBeginEditable name="head" -->
<link rel="stylesheet" type="text/css" href="Styles/dmxUniform/default/uniform.default.css" />
<script type="text/javascript" src="ScriptLibrary/jquery-latest.pack.js"></script>
<script type="text/javascript" src="ScriptLibrary/dmxUniform.js"></script>
<!-- InstanceEndEditable -->
<link rel="shortcut icon" href="favoicon.ico">
</head>
<body>
<div id="header" class="container_16 clearfix">
<div class="grid_16"><div id="headerwrapper">
<img src="images/headerimager2.jpg" width="940" height="80" usemap="#Map">
<map name="Map">
<area shape="rect" coords="735,59,937,75" href="for_brokers_and_realtors.asp">
<area shape="rect" coords="593,60,723,75" href="Sellabusiness.asp" alt="Sell a Business">
<area shape="rect" coords="455,61,582,73" href="buyabusiness.asp" alt="Buy a Business">
<area shape="rect" coords="6,7,346,72" href="default9.asp">
<area shape="rect" coords="378,55,444,76" href="default9.asp" alt="Home">
</map>
<% If Request.Cookies("MM_UserAuthorization") = "admin" Then %><div class="loggedInAs">
Logged in as: <%=(whoAmI.Fields.Item("user_name").Value)%> <%=(whoAmI.Fields.Item("user_lastname").Value)%>| <a href="Broker_Landing_Page.asp">My Listings</a> | <a href="<%= MM_Logout %>">Logout</a></div>
<% ElseIf Request.Cookies("MM_UserAuthorization") = "user" Then %><div class="loggedInAs">Logged in as: <%=(whoAmI.Fields.Item("user_name").Value)%> <%=(whoAmI.Fields.Item("user_lastname").Value)%> | <a href="Broker_Landing_Page.asp">My Listings</a> | <a href="<%= MM_Logout %>">Logout</a></div>
<% Else %>
<div class="notloggedin"><a href="Broker_Landing_Page.asp">LOGIN</a></div><% End If %>
</div>
<img src="images/top_red.jpg" width="940" height="35"> </div>
</div>
<div id="content" class="container_16">
<div class="grid_12"><!-- InstanceBeginEditable name="MainContent" -->
<form class="dmxUniform" name="dmxUniform1" id="dmxUniform1" method="post" action="sign_up_ccXML.asp">
<table width="640" border="0" cellspacing="5" cellpadding="5">
<tr>
<td colspan="2" align="left"><h2>Payment Details</h2></td>
</tr>
<tr>
<td align="right"><strong>First Name:</strong></td>
<td><input name="ssl_first_name" type="text" id="ssl_first_name" size="50"></td>
</tr>
<tr>
<td align="right"><strong>Last Name:</strong></td>
<td><input name="ssl_last_name" type="text" id="ssl_last_name" size="50"></td>
</tr>
<tr>
<td width="253" align="right"><strong>Name on Card:</strong></td>
<td width="352"><input name="textfield3" type="text" id="textfield3" size="50"></td>
</tr>
<tr>
<td align="right"><img src="images/icons/1361942662_credit_cards.png" alt="" width="64" height="64"></td>
<td><p>We accept Visa, Mastercard, Discovery and American Express.</p>
<p>You are setting up a recurring monthly charge of $89.95. Plus an extra free month.</p></td>
</tr>
<tr>
<td align="right"><strong>Credit Card Number:</strong></td>
<td><input name="ssl_card_number" type="text" id="ssl_card_number" size="50"></td>
</tr>
<tr>
<td align="right"><strong>Expiration Date:</strong></td>
<td><input name="ssl_exp_date" type="text" id="ssl_exp_date" size="4">
format MMYY</td>
</tr>
<tr>
<td align="right" valign="top"><p><strong>Credit Verification Code (CVC2):</strong></p>
<p></p></td>
<td><p>
<input name="ssl_cvv2cvc2" type="text" id="ssl_cvv2cvc2" size="8">
</p>
<p>The CVC code is either a 3 digit code number on the back side of Visa, Mastercard, Discover, or a 4 digit code on the front side of an American Express card.</p>
<p><img src="images/CVCexamples.png" width="223" height="68"></p></td>
</tr>
<tr>
<td align="right"><p>
<input name="ssl_next_payment_date" type="hidden" id="ssl_next_payment_date" value="<%=(Right("0" & Month(Date()), 2) & "/" & Right("0" & Day(Date()), 2) & "/" & Year(Date()))%>">
</p></td>
<td><input type="submit" name="button" id="button" value="Continue"></td>
</tr>
</table>
</form>
<script type="text/javascript">
// <![CDATA[
jQuery(document).ready(
function()
{
jQuery("#dmxUniform1").dmxUniform(
{}
);
}
);
// ]]>
</script>
<!-- InstanceEndEditable --></div>
<div class="grid_4"><!-- InstanceBeginEditable name="SidebarContent" --><!-- webbot bot="HTMLMarkup" startspan -->
<!-- GeoTrust QuickSSL [tm] Smart Icon tag. Do not edit. -->
<script language="javascript" type="text/javascript" src="//smarticon.geotrust.com/si.js"></script>
<!-- end GeoTrust Smart Icon tag -->
<!-- webbot bot="HTMLMarkup" endspan --><!-- InstanceEndEditable --></div>
</div>
<div id="footer" class="container_16 clearfix">
<div class="grid_16">
<p><img src="images/bottom_footer_red.jpg" width="940" height="35"><br>
</p>
<table width="940" border="0" cellspacing="5" cellpadding="5">
<tr>
<td width="160" align="left" valign="top" bgcolor="#F3F5F7"><p><a href="search_state.asp?state=Alabama">Alabama</a></p>
<p><a href="search_state.asp?state=California">California</a></p>
<p><a href="search_state.asp?state=Florida">Florida</a></p>
<p><a href="search_state.asp?state=Illinois">Illinois</a></p>
<p><a href="search_state.asp?state=Kentucky">Kentucky</a></p>
<p><a href="search_state.asp?state=Massachusetts">Massachusetts</a></p>
<p><a href="search_state.asp?state=Missouri">Missouri</a></p>
<p><a href="search_state.asp?state=New Hampshire">New Hampshire</a></p>
<p><a href="search_state.asp?state=North Carolina">North Carolina</a></p>
<p><a href="search_state.asp?state=Oregon">Oregon</a></p>
<p><a href="search_state.asp?state=South Dakota">South Dakota</a></p>
<p><a href="search_state.asp?state=Vermont">Vermont</a></p>
<p><a href="search_state.asp?state=Wisconsin">Wisconsin</a></p></td>
<td width="160" align="left" valign="top" bgcolor="#F3F5F7"><p><a href="search_state.asp?state=Alaska">Alaska</a></p>
<p><a href="search_state.asp?state=Colorado">Colorado</a></p>
<p><a href="search_state.asp?state=Georgia">Georgia</a></p>
<p><a href="search_state.asp?state=Indiana">Indiana</a></p>
<p><a href="search_state.asp?state=Louisiana">Louisiana</a></p>
<p><a href="search_state.asp?state=Michigan">Michigan</a></p>
<p><a href="search_state.asp?state=Montana">Montana</a></p>
<p><a href="search_state.asp?state=New Jersey">New Jersey</a></p>
<p><a href="search_state.asp?state=North Dakota">North Dakota</a></p>
<p><a href="search_state.asp?state=Pennsylvania">Pennsylvania</a></p>
<p><a href="search_state.asp?state=Tennessee">Tennessee</a></p>
<p><a href="search_state.asp?state=Virginia">Virginia</a></p>
<p><a href="search_state.asp?state=Wyoming">Wyoming</a></p></td>
<td width="160" align="left" valign="top" bgcolor="#F3F5F7"><p><a href="search_state.asp?state=Arizona">Arizona</a></p>
<p><a href="search_state.asp?state=Connecticut">Connecticut</a></p>
<p><a href="search_state.asp?state=Hawaii">Hawaii</a></p>
<p><a href="search_state.asp?state=Iowa">Iowa</a></p>
<p><a href="search_state.asp?state=Maine">Maine</a></p>
<p><a href="search_state.asp?state=Minnesota">Minnesota</a></p>
<p><a href="search_state.asp?state=Nebraska">Nebraska</a></p>
<p><a href="search_state.asp?state=New Mexico">New Mexico</a></p>
<p><a href="search_state.asp?state=Ohio">Ohio</a></p>
<p><a href="search_state.asp?state=Rhode Island">Rhode Island</a></p>
<p><a href="search_state.asp?state=Texas">Texas</a></p>
<p><a href="search_state.asp?state=Washington">Washington</a></p>
<p><a href="search_state.asp?state=District of Columbia">District of Columbia</a></p></td>
<td width="160" align="left" valign="top" bgcolor="#F3F5F7"><p><a href="search_state.asp?state=Arkansas">Arkansas</a></p>
<p><a href="search_state.asp?state=Delaware">Delaware</a></p>
<p><a href="search_state.asp?state=Idaho">Idaho</a></p>
<p><a href="search_state.asp?state=Kansas">Kansas</a></p>
<p><a href="search_state.asp?state=Maryland">Maryland</a></p>
<p><a href="search_state.asp?state=Mississippi">Mississippi</a></p>
<p><a href="search_state.asp?state=Nevada">Nevada</a></p>
<p><a href="search_state.asp?state=New York">New York</a></p>
<p><a href="search_state.asp?state=Oklahoma">Oklahoma</a></p>
<p><a href="search_state.asp?state=South Carolina">South Carolina</a></p>
<p><a href="search_state.asp?state=Utah">Utah</a></p>
<p><a href="search_state.asp?state=West Virginia">West Virginia</a></p></td>
<td width="220" align="left" valign="top" bgcolor="#F3F5F7"><h5><a href="advertise_with_us.asp">Advertise with Us </a></h5>
<h5><a href="careers.asp">Careers</a> </h5>
<h5><a href="FAQ.asp">Help / FAQs</a></h5>
<h5>My Account</h5>
<h5>Promotions</h5>
<h5><a href="privacy_statement.asp">Privacy Statement</a> </h5>
<h5>Sitemap </h5>
<h5><a href="terms_and_conditions.asp">Terms & Conditions</a></h5>
<p><!-- webbot bot="HTMLMarkup" startspan -->
<!-- GeoTrust QuickSSL [tm] Smart Icon tag. Do not edit. -->
<script language="javascript" type="text/javascript" src="//smarticon.geotrust.com/si.js"></script>
<!-- end GeoTrust Smart Icon tag -->
<!-- webbot bot="HTMLMarkup" endspan --></p></td>
</tr>
</table>
<hr>
<p>© 2013 TheBusinessStore.net ™ - "Where Business Buyers and Sellers Meet"</p>
<p> </p>
</div>
</div>
</body>
<!--#include file="ScriptLibrary/userloginclose.asp" -->
<!-- InstanceEnd --></html>
The form should submit to where ever you have the xmlhttp code. That can be on the same page or another page. It's probably just as easy to have it on the same page. Once you get this to work, you may want to add some server side error checking.
Some snipets
Some snipets
if request.form("ssl_card_number") <> "" Then
errMessage=""
card_number=request.form("ssl_card_number")
':
first_name=request.form("ssl_first_name")
last_name=request.form("ssl_last_name")
if len card_number< 8 then
errMessage="Please enter your card number<br>"
end if
if len first_name< 3 then
errMessage=errMessage&"Please enter your First Name<br>"
end if
if len last_name< 3 then
errMessage=errMessage&"Please enter your Last Name<br>"
end if
':
':
if errMessage="" then ' only send if no error
DataToSend = "ssl_merchant_id=" & merchant_id & "ssl_pin=" & pin & "ssl_card_number=" & card_number & "ssl_transaction_type=" & transaction_type &"ssl_cvv2cvc2_indicator=" & cvv2cvc2 & "ssl_receipt_decl_method=" & receipt_decl_method & "ssl_receipt_decl_url=" & receipt_decl_url &"ssl_receipt_apprvl_method=" & receipt_apprvl_method & "ssl_receipt_apprvl_get_url=" & receipt_apprvl1_get_url & "ssl_next_payment_date=" &next_payment_date & "ssl_first_name=" & first_name & "ssl_last_name=" & last_name & "ssl_exp_date=" & exp_date & "ssl_show_form=" & show_form & "ssl_user_id=" & user_id
dim xmlhttp
set xmlhttp = server.Createobject("MSXML2.ServerXMLHTTP")
xmlhttp.Open "POST",theURL,false
xmlhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xmlhttp.send DataToSend
Response.ContentType = "text/xml"
Response.Write xmlhttp.responsexml.xml ' this is your response from the post but probably not used in your case
Set xmlhttp = nothing
end if ' no error
end if
%>
<!-- more code -->
<body>
<div id="header" class="container_16 clearfix">
<div class="grid_16"><div id="headerwrapper">
<!-- add error message -->
<% if errMessage<>"" then%>
<div class="error_mssg"><%=errMessage%></div>
<%end if%>
<!-- finish code below -->
ASKER
Yeah I have a good extension for validating fields. I just have to figure out how to get the credit card stuff working with xmlhttpost. Prolly done for the night but will be back on it in the morning.
Validate on the serverside. You can use client side (js) validation for speed but that can be spoofed if js is turned off. Don't assume anything and that is why I would do it server side.
ASKER
I have to get the dang form to submit first before I can validate on either side. So this is becoming a pain in the ass. Want me to open a new ticket? You are really helping and I think I am getting close. I had a few more tiny issues with the query string. But that all works now, I isolated the string and did a response write to make sure it was working correctly.
Here is the response.write(datatosend)
ssl_merchant_id=001010&ssl _pin=L0QHG S&ssl_card _number=41 1111111111 1111&ssl_t ransaction _type=ccad drecurring &ssl_cvv2c vc2_indica tor=1&ssl_ receipt_de cl_method= REDG&ssl_r eceipt_dec l_get_url= https://thebusinesstore.net/decline.asp&ssl_receipt_apprvl_method=REDG&ssl_receipt_apprvl_get_url=https://thebusinessstore.net/approval.asp&ssl_next_payment_date=03/14/2013&ssl_first_name=Richard&ssl_last_name=King&ssl_exp_date=0314&ssl_show_form=false&ssl_user_id=001010
Here is the current code.
Here is the response.write(datatosend)
ssl_merchant_id=001010&ssl
Here is the current code.
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include file="Connections/durgorama.asp" -->
<% if request.form("ssl_card_number") <> "" Then
card_number=request.form("ssl_card_number")
transaction_type="ccaddrecurring"
amount="89.95"
billing_cycle="MONTHLY"
merchant_id="001010"
user_id="001010"
pin="L0QHGS"
cvv2cvc2_indicator="1"
receipt_decl_method="REDG"
receipt_decl_get_url="https://thebusinesstore.net/decline.asp"
receipt_apprvl_method="REDG"
receipt_apprvl_get_url="https://thebusinessstore.net/approval.asp"
next_payment_date=request.form("ssl_next_payment_date")
first_name=request.form("ssl_first_name")
last_name=request.form("ssl_last_name")
exp_date=request.form("ssl_exp_date")
show_form="false"
theURL="https://demo.myvirtualmerchant.com/VirtualMerchantDemo/process.do"
DataToSend = "ssl_merchant_id=" & merchant_id & "&ssl_pin=" & pin & "&ssl_card_number=" & card_number & "&ssl_transaction_type=" & transaction_type &"&ssl_cvv2cvc2_indicator=" & cvv2cvc2_indicator & "&ssl_receipt_decl_method=" & receipt_decl_method & "&ssl_receipt_decl_get_url=" & receipt_decl_get_url &"&ssl_receipt_apprvl_method=" & receipt_apprvl_method & "&ssl_receipt_apprvl_get_url=" & receipt_apprvl_get_url & "&ssl_next_payment_date=" &next_payment_date & "&ssl_first_name=" & first_name & "&ssl_last_name=" & last_name & "&ssl_exp_date=" & exp_date & "&ssl_show_form=" & show_form & "&ssl_user_id=" & user_id
dim xmlhttp
set xmlhttp = server.Createobject("MSXML2.ServerXMLHTTP")
xmlhttp.Open "POST",theURL,false
xmlhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xmlhttp.send DataToSend
Response.ContentType = "text/xml"
'Response.Write xmlhttp.responsexml.xml ' this is your response from the post but probably not used in your case
Set xmlhttp = nothing
end if
%>
<html>
<head>
<!--#include file="ScriptLibrary/userloginwhoami.asp" -->
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>theBusinessStore.net</title>
<link rel="stylesheet" type="text/css" href="Styles/960grid/960_16_col.css" />
<link rel="stylesheet" type="text/css" href="Styles/960grid/reset.css" />
<link rel="stylesheet" type="text/css" href="Styles/960grid/text.css" />
<link href="Styles/960grid/baub.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" type="text/css" href="Styles/dmxUniform/default/uniform.default.css" />
<script type="text/javascript" src="ScriptLibrary/jquery-latest.pack.js"></script>
<script type="text/javascript" src="ScriptLibrary/dmxUniform.js"></script>
<link rel="shortcut icon" href="favoicon.ico" />
</head>
<body>
<div id="header" class="container_16 clearfix">
<div class="grid_16"><div id="headerwrapper">
<img src="images/headerimager2.jpg" width="940" height="80" usemap="#Map">
<map name="Map">
<area shape="rect" coords="735,59,937,75" href="for_brokers_and_realtors.asp">
<area shape="rect" coords="593,60,723,75" href="Sellabusiness.asp" alt="Sell a Business">
<area shape="rect" coords="455,61,582,73" href="buyabusiness.asp" alt="Buy a Business">
<area shape="rect" coords="6,7,346,72" href="default9.asp">
<area shape="rect" coords="378,55,444,76" href="default9.asp" alt="Home">
</map>
<% If Request.Cookies("MM_UserAuthorization") = "admin" Then %><div class="loggedInAs">
Logged in as: <%=(whoAmI.Fields.Item("user_name").Value)%> <%=(whoAmI.Fields.Item("user_lastname").Value)%>| <a href="Broker_Landing_Page.asp">My Listings</a> | <a href="<%= MM_Logout %>">Logout</a></div>
<% ElseIf Request.Cookies("MM_UserAuthorization") = "user" Then %><div class="loggedInAs">Logged in as: <%=(whoAmI.Fields.Item("user_name").Value)%> <%=(whoAmI.Fields.Item("user_lastname").Value)%> | <a href="Broker_Landing_Page.asp">My Listings</a> | <a href="<%= MM_Logout %>">Logout</a></div>
<% Else %>
<div class="notloggedin"><a href="Broker_Landing_Page.asp">LOGIN</a></div><% End If %>
</div>
<img src="images/top_red.jpg" width="940" height="35"> </div>
</div>
<div id="content" class="container_16">
<div class="grid_12">
<form class="dmxUniform" name="dmxUniform1" id="dmxUniform1" method="post" action="sign_up_ccXML.asp">
<table width="640" border="0" cellspacing="5" cellpadding="5">
<tr>
<td colspan="2" align="left"><h2>Payment Details</h2></td>
</tr>
<tr>
<td align="right"><strong>First Name:</strong></td>
<td><input name="ssl_first_name" type="text" id="ssl_first_name" size="50"></td>
</tr>
<tr>
<td align="right"><strong>Last Name:</strong></td>
<td><input name="ssl_last_name" type="text" id="ssl_last_name" size="50"></td>
</tr>
<tr>
<td width="253" align="right"><strong>Name on Card:</strong></td>
<td width="352"><input name="textfield3" type="text" id="textfield3" size="50"></td>
</tr>
<tr>
<td align="right"><img src="images/icons/1361942662_credit_cards.png" alt="" width="64" height="64"></td>
<td><p>We accept Visa, Mastercard, Discovery and American Express.</p>
<p>You are setting up a recurring monthly charge of $89.95. Plus an extra free month.</p></td>
</tr>
<tr>
<td align="right"><strong>Credit Card Number:</strong></td>
<td><input name="ssl_card_number" type="text" id="ssl_card_number" size="50"></td>
</tr>
<tr>
<td align="right"><strong>Expiration Date:</strong></td>
<td><input name="ssl_exp_date" type="text" id="ssl_exp_date" size="4">
format MMYY</td>
</tr>
<tr>
<td align="right" valign="top"><p><strong>Credit Verification Code (CVC2):</strong></p>
<p></p></td>
<td><p>
<input name="ssl_cvv2cvc2" type="text" id="ssl_cvv2cvc2" size="8">
</p>
<p>The CVC code is either a 3 digit code number on the back side of Visa, Mastercard, Discover, or a 4 digit code on the front side of an American Express card.</p>
<p><img src="images/CVCexamples.png" width="223" height="68"></p></td>
</tr>
<tr>
<td align="right"><p>
<input name="ssl_next_payment_date" type="hidden" id="ssl_next_payment_date" value="<%=(Right("0" & Month(Date()), 2) & "/" & Right("0" & Day(Date()), 2) & "/" & Year(Date()))%>">
</p></td>
<td><input type="submit" name="button" id="button" value="Continue"></td>
</tr>
</table>
</form>
<script type="text/javascript">
// <![CDATA[
jQuery(document).ready(
function()
{
jQuery("#dmxUniform1").dmxUniform(
{}
);
}
);
// ]]>
</script> </div>
<div class="grid_4"><!-- webbot bot="HTMLMarkup" startspan -->
<!-- GeoTrust QuickSSL [tm] Smart Icon tag. Do not edit. -->
<script language="javascript" type="text/javascript" src="//smarticon.geotrust.com/si.js"></script>
<!-- end GeoTrust Smart Icon tag -->
<!-- webbot bot="HTMLMarkup" endspan --></div>
</div>
<div id="footer" class="container_16 clearfix">
<div class="grid_16">
<p><img src="images/bottom_footer_red.jpg" width="940" height="35"><br>
</p>
<table width="940" border="0" cellspacing="5" cellpadding="5">
<tr>
<td width="160" align="left" valign="top" bgcolor="#F3F5F7"><p><a href="search_state.asp?state=Alabama">Alabama</a></p>
<p><a href="search_state.asp?state=California">California</a></p>
<p><a href="search_state.asp?state=Florida">Florida</a></p>
<p><a href="search_state.asp?state=Illinois">Illinois</a></p>
<p><a href="search_state.asp?state=Kentucky">Kentucky</a></p>
<p><a href="search_state.asp?state=Massachusetts">Massachusetts</a></p>
<p><a href="search_state.asp?state=Missouri">Missouri</a></p>
<p><a href="search_state.asp?state=New Hampshire">New Hampshire</a></p>
<p><a href="search_state.asp?state=North Carolina">North Carolina</a></p>
<p><a href="search_state.asp?state=Oregon">Oregon</a></p>
<p><a href="search_state.asp?state=South Dakota">South Dakota</a></p>
<p><a href="search_state.asp?state=Vermont">Vermont</a></p>
<p><a href="search_state.asp?state=Wisconsin">Wisconsin</a></p></td>
<td width="160" align="left" valign="top" bgcolor="#F3F5F7"><p><a href="search_state.asp?state=Alaska">Alaska</a></p>
<p><a href="search_state.asp?state=Colorado">Colorado</a></p>
<p><a href="search_state.asp?state=Georgia">Georgia</a></p>
<p><a href="search_state.asp?state=Indiana">Indiana</a></p>
<p><a href="search_state.asp?state=Louisiana">Louisiana</a></p>
<p><a href="search_state.asp?state=Michigan">Michigan</a></p>
<p><a href="search_state.asp?state=Montana">Montana</a></p>
<p><a href="search_state.asp?state=New Jersey">New Jersey</a></p>
<p><a href="search_state.asp?state=North Dakota">North Dakota</a></p>
<p><a href="search_state.asp?state=Pennsylvania">Pennsylvania</a></p>
<p><a href="search_state.asp?state=Tennessee">Tennessee</a></p>
<p><a href="search_state.asp?state=Virginia">Virginia</a></p>
<p><a href="search_state.asp?state=Wyoming">Wyoming</a></p></td>
<td width="160" align="left" valign="top" bgcolor="#F3F5F7"><p><a href="search_state.asp?state=Arizona">Arizona</a></p>
<p><a href="search_state.asp?state=Connecticut">Connecticut</a></p>
<p><a href="search_state.asp?state=Hawaii">Hawaii</a></p>
<p><a href="search_state.asp?state=Iowa">Iowa</a></p>
<p><a href="search_state.asp?state=Maine">Maine</a></p>
<p><a href="search_state.asp?state=Minnesota">Minnesota</a></p>
<p><a href="search_state.asp?state=Nebraska">Nebraska</a></p>
<p><a href="search_state.asp?state=New Mexico">New Mexico</a></p>
<p><a href="search_state.asp?state=Ohio">Ohio</a></p>
<p><a href="search_state.asp?state=Rhode Island">Rhode Island</a></p>
<p><a href="search_state.asp?state=Texas">Texas</a></p>
<p><a href="search_state.asp?state=Washington">Washington</a></p>
<p><a href="search_state.asp?state=District of Columbia">District of Columbia</a></p></td>
<td width="160" align="left" valign="top" bgcolor="#F3F5F7"><p><a href="search_state.asp?state=Arkansas">Arkansas</a></p>
<p><a href="search_state.asp?state=Delaware">Delaware</a></p>
<p><a href="search_state.asp?state=Idaho">Idaho</a></p>
<p><a href="search_state.asp?state=Kansas">Kansas</a></p>
<p><a href="search_state.asp?state=Maryland">Maryland</a></p>
<p><a href="search_state.asp?state=Mississippi">Mississippi</a></p>
<p><a href="search_state.asp?state=Nevada">Nevada</a></p>
<p><a href="search_state.asp?state=New York">New York</a></p>
<p><a href="search_state.asp?state=Oklahoma">Oklahoma</a></p>
<p><a href="search_state.asp?state=South Carolina">South Carolina</a></p>
<p><a href="search_state.asp?state=Utah">Utah</a></p>
<p><a href="search_state.asp?state=West Virginia">West Virginia</a></p></td>
<td width="220" align="left" valign="top" bgcolor="#F3F5F7"><h5><a href="advertise_with_us.asp">Advertise with Us </a></h5>
<h5><a href="careers.asp">Careers</a> </h5>
<h5><a href="FAQ.asp">Help / FAQs</a></h5>
<h5>My Account</h5>
<h5>Promotions</h5>
<h5><a href="privacy_statement.asp">Privacy Statement</a> </h5>
<h5>Sitemap </h5>
<h5><a href="terms_and_conditions.asp">Terms & Conditions</a></h5>
<p><!-- webbot bot="HTMLMarkup" startspan -->
<!-- GeoTrust QuickSSL [tm] Smart Icon tag. Do not edit. -->
<script language="javascript" type="text/javascript" src="//smarticon.geotrust.com/si.js"></script>
<!-- end GeoTrust Smart Icon tag -->
<!-- webbot bot="HTMLMarkup" endspan --></p></td>
</tr>
</table>
<hr>
<p>© 2013 TheBusinessStore.net ™ - "Where Business Buyers and Sellers Meet"</p>
<p> </p>
</div>
</div>
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-39238956-1']);
_gaq.push(['_setDomainName', 'thebusinessstore.net']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
</body>
<!--#include file="ScriptLibrary/userloginclose.asp" -->
</html>
When you say querystring, you mean the the data submitted from the form? There should probably not be a query string.
How do you know it is not submitting? What happens if you change the response urls to the current page.
receipt_decl_get_url="https://thebusinesstore.net/decline.asp"
receipt_apprvl_get_url="https://thebusinessstore.net/approval.asp"
Then on your current page, listen for the response
:Response.ContentType = "text/xml"
'Response.Write xmlhttp.responsexml.xml ' this is your response from the post but probably not used in your case
Set xmlhttp = nothing
<!-- listen here -->
' for testing use response.write
response.write "form response= "&request.form&" querystring response= "&request.querystring ' lets see what you get back
response.end() ' this is just for testing
<!-- resume -->
end if
How do you know it is not submitting? What happens if you change the response urls to the current page.
receipt_decl_get_url="https://thebusinesstore.net/decline.asp"
receipt_apprvl_get_url="https://thebusinessstore.net/approval.asp"
Then on your current page, listen for the response
:Response.ContentType = "text/xml"
'Response.Write xmlhttp.responsexml.xml ' this is your response from the post but probably not used in your case
Set xmlhttp = nothing
<!-- listen here -->
' for testing use response.write
response.write "form response= "&request.form&" querystring response= "&request.querystring ' lets see what you get back
response.end() ' this is just for testing
<!-- resume -->
end if
There is this to help too
https://www.myvirtualmerchant.com/VirtualMerchant/download/developerGuide.pdf
https://www.myvirtualmerchant.com/VirtualMerchant/download/developerGuide.pdf
ASKER
Yeah if I change the code as above I am getting the same thing. And yes I meant that the was the value of datatosend.
And I have a printed copy of the developerguide. I have a different page that works perfectly, it just has the hidden fields viewable.
And I have a printed copy of the developerguide. I have a different page that works perfectly, it just has the hidden fields viewable.
ASKER
Do I need to change the <doctype> or anything special since I am using a xml call?
The doctype probably should not affect this as long as it is valid. I checked on the pdf and they allow both text/xml and application/xml.
I am not clear as to what your exact problem is? Are you not getting ANY response back? If that is the case, I would contact myvirtualmerchant and they can run a trace for you.
I am not clear as to what your exact problem is? Are you not getting ANY response back? If that is the case, I would contact myvirtualmerchant and they can run a trace for you.
ASKER
ok... I've gotten a little further I think. I broke the code down to super simple just so that I could troubleshoot. I created a page: https://thebusinessstore.net/httpserver_test.asp
And I actually get a response back:
<txn>
<errorCode>6042</errorCode >
<errorName>Invalid Request Format</errorName>
<errorMessage>
XML request is not well-formed or request is incomplete.
</errorMessage>
</txn>
Saying my xml request is not well formed. Do I need to change the way I am formatting the DataToSend?
Does the DataToSend fields need to look like this"<ssl_merchant_id>0010 10</ssl_me rchant_id> " or is "ssl_merchant_id=001010" the way to do it?
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
Dim DataToSend
DataToSend = "ssl_merchant_id=001010"
DataToSend = DataToSend & "&ssl_pin=L0QHGS"
DataToSend = DataToSend & "&ssl_user_id=001010"
DataToSend = DataToSend & "&ssl_amount=89.95"
DataToSend = DataToSend & "&ssl_transaction_type=ccsale"
DataToSend = DataToSend & "&ssl_exp_date=1215"
DataToSend = DataToSend & "&ssl_card_number=4111111111111111"
DataToSend = DataToSend & "&ssl_show_form=false"
dim xmlhttp
set xmlhttp = server.Createobject("MSXML2.ServerXMLHTTP")
xmlhttp.Open "POST","https://demo.myvirtualmerchant.com/VirtualMerchantDemo/processxml.do",false
xmlhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xmlhttp.send DataToSend
Response.ContentType = "text/xml"
Response.Write xmlhttp.responsexml.xml
Set xmlhttp = nothing
%>
And I actually get a response back:
<txn>
<errorCode>6042</errorCode
<errorName>Invalid Request Format</errorName>
<errorMessage>
XML request is not well-formed or request is incomplete.
</errorMessage>
</txn>
Saying my xml request is not well formed. Do I need to change the way I am formatting the DataToSend?
Does the DataToSend fields need to look like this"<ssl_merchant_id>0010
ASKER
Thanks for all your help. I was able to get a hold of someone at the company that actually knew what they were doing and he sent me a script. :-) Thanks again for your patience and all of your help!