HIDING THE CONTENTS OF PAYPAL FORM FIELDS FROM PRYING EYES (BEST) - Sep 14th, 2012
|
I had a number of PayPal buttons that returned visitors to signup and submission forms after payment. The trouble was that a quick look at the source code would allow anyone to circumvent the payment page and spambots to capture the payment email address.
As I mentioned in the previous recipe, a JavaScript cloaking solution was only an interim measure until a real solution could be found.
Thanks to Jason Sauchuk, from Interactive Tools, there is a better solution.
He suggested the use of an intermediate PHP page that would do all of the heavy lifting of URL replacement on the server side and never allow the hidden values to be seen in a viewer's source code.
Here's his basic idea.
In place of the link that you'd like to hide, use something like:
<a href = "intermediate.php?url=1">Click Here!</a>
On the intermediate.php page, you use the values passed in to figure out which URL to redirect to:
<?php $value = @$_REQUEST['url']; $url = ""; if ($value == 1) { $url = "http://www.myfirstoption.com"; } elseif ($value == 2) { $url = "http://www.mysecondoption.com"; } elseif ($value == 3) { $url = "http://www.mythirdoption.com"; } if ($url) { redirectBrowserToURL($url); } exit; ?>
USING THE CONCEPT FOR PAYPAL PAYMENT LINKS
PULLING DATA FROM FIELDS IN A SINGLE RECORD EDITOR (See below for pulling data from a multi-record editor)
On the viewer where I wanted the PayPal Payment links to go I added one of the following links:
NOTE: I found that I had to use text instead of numbers for the URL values to get the scheme to work.
<a href="intermediate1.php?url=one">Click Here for link 1!</a>
<a href="intermediate1.php?url=two">Click Here for link 2!</a>
<a href="intermediate1.php?url=three">Click Here for link 3!</a>
<a href="intermediate1.php?url=four">Click Here for link 4!</a>
<a href="intermediate1.php?url=five">Click Here for link 5!</a>
Then on your intermediate page insert the following code in the body, Adding your own ifelse sets as required:
<!-- create the required variables -->
<?php $var1 = $your_tableRecord['amount_field_1']; ?> <?php $var2 = $your_tableRecord['paypal_payment_e_mail_address_1']; ?> <?php $var3 = $your_tableRecord['amouint_field_2']; ?> <?php $var4 = $your_tableRecord['paypal_payment_e_mail_address_2']; ?> <?php $ret1 = "http://www.your_site.com/hidden_page1.php']; ?> <?php $ret2 = "http://www.your_site.com/hidden_page2.php"; ?>
<?php
$value = @$_REQUEST['url']; $url = ""; // build the url with a value of 'one' from it's component parts
if ($value == 'one') { $url = "https://www.paypal.com/cgi-bin/webscr?"; $url .= "cmd=_xclick&"; $url .= "amount=".urlencode($var1)."&"; $url .= "business=".urlencode($var2)."&"; $url .= "lc=US&"; $url .= "cbt=item 1 button title&"; $url .= "currency_code=USD&"; $url .= "rm=1&"; $url .= "cpp_header_image=".urlencode("http://www.your_site.com/images/paypal_header.jpg")."&"; $url .= "item_name=item 1 name&"; $url .= "no_shipping=1&"; $url .= "no_note=1&"; $url .= "return=".urlencode($ret1)."&"; } // build the url with a value of 'two' from it's component parts
elseif ($value == 'two') { $url = "https://www.paypal.com/cgi-bin/webscr?"; $url .= "cmd=_xclick&"; $url .= "amount=".urlencode($var3)."&"; $url .= "business=".urlencode($var4)."&"; $url .= "lc=US&"; $url .= "cbt=item 2 button title&"; $url .= "currency_code=USD&"; $url .= "rm=1&"; $url .= "cpp_header_image=".urlencode("http://www.your_site.com/images/paypal_header.jpg")."&"; $url .= "item_name=item 2 name&"; $url .= "no_shipping=1&"; $url .= "no_note=1&"; $url .= "return=".urlencode($ret2)."&"; } // the rest are simple URLs elseif ($value == 'three') { $url = "http://www.site1.com"; } elseif ($value == 'four') { $url = "http://www.site2.com"; } elseif ($value == 'five') { $url = "site3"; } if ($url) { redirectBrowserToURL($url); } exit; ?>
PULLING VARIABLE DATA FROM A FIELD IN A SPECIFIC RECORD IN A MULTI-RECORD EDITOR
I had one situation where the entry fee varied depending on the particular exhibition record and the links to intermediate.php was on a detail page for that record.
On the page that contained the link I added the record number by changing the link code to
<a href="intermediate1.php?url=one&num=<?php echo $your_tableRecord['num'] ?>">Click Here for link 1!</a>
Then on the intermediate page I added a load records call for the table with the detail page and added a where statement to limit the records to ones matching the record number that was appended to the URL that called the intermediate.php page.
So if the table was your_table_one, the code would be:
list($your_table_oneRecords, $your_table_oneMetaData) = getRecords(array( 'tableName' => your_table_one', 'where' => whereRecordNumberInUrl('num'), 'limit' => '1', )); $your_table_oneRecord = @$your_table_oneRecords[0]; // get first record
Then I added a variable for that entry fee data:
<?php $var5 = $your_table_oneRecord['entry_fee']; ?>
NOTE: Since I was pulling other variables from another single record table I had to remove
'where' => whereRecordNumberInUrl(1), 'limit' => '1',
from the list records call for that table and add
'allowSearch' => false,
|
The materials on this web site have been created for use with CMS Builder content management software. CMS Builder software is published and licensed for use by InteractiveTools.com. Please contact
Interactive Tools for information on the downloading of the software or the purchasing of licenses.