Forum Moderators: coopster
Your help would be extremely appreciated !;)
I've got form which sends a visitor
to the payment processor, but the return url
is visible in the code so it's vulnerable
to stealing.
My idea is to display a button that
sends visitors to the php script which
sends my form with visitors to the
payment processor to disguise form code
completely.
Is it possible to do it at all? And
if yes how should this php script look
like?
Here is an example of form that need to
be sent:
<form action=" https://ssl.dotpay.pl/ " method="post">
<input name="waluta" type="hidden" value="PLN" />
<input name="channel" type="hidden" value="11" />
<input name="ch_lock" value="1" type="hidden">
<input name="id" type="hidden" value="111" />
<input name="type" type="hidden" value="0" />
<input name="p_info" type="hidden" value="Description" />
<input name="p_email" type="hidden" value="x@xx.com" />
<input name="URL" type="hidden" value="http://www.return.com/return.php" />
<input name="lang" type="hidden" value="PL" />
<input name="description" value="#*$!" type="hidden" />
<input name="amount" value="47.77" type="hidden" />
<input name="buttontext" type="hidden" value="#*$!" />
<input type="submit" value="Pay!" /> </form>
You can use this to automate a secure form request on the back-end so the user can't fake any of the post variables. (IE if they set the price to 0.01, you just lost $47 dollars).
