HIDING THE CONTENTS OF PAYPAL FORM FIELDS FROM PRYING EYES (BEST) - Sep 14th, 2012


I had a number of PayPal buttons that returned visitors to signup and submission forms after payment. The trouble was
that a quick look at the source code would allow anyone to circumvent the payment page and spambots to capture the
payment email address.

As I mentioned in the previous recipe, a JavaScript cloaking solution was only an interim measure until a real solution
could be found.

Thanks to Jason Sauchuk, from Interactive Tools, there is a better solution.

He suggested the use of an intermediate PHP page that would do all of the heavy lifting of URL replacement on the server
side and never allow the hidden values to be seen in a viewer's source code.

Here's his basic idea.


In place of the link that you'd like to hide, use something like:



<a href = "intermediate.php?url=1">Click Here!</a>



On the intermediate.php page, you use the values passed in to figure out which URL to redirect to:



<?php
$value = @$_REQUEST['url'];

$url = "";

if (
$value == 1) {
$url = "http://www.myfirstoption.com";
}
elseif (
$value == 2) {
$url = "http://www.mysecondoption.com";
}
elseif (
$value == 3) {
$url = "http://www.mythirdoption.com";
}

if (
$url) {
redirectBrowserToURL($url);
}
exit;

?>


USING THE CONCEPT FOR PAYPAL PAYMENT LINKS

PULLING DATA FROM FIELDS IN A SINGLE RECORD EDITOR (See below for pulling data from a multi-record editor)

On the viewer where I wanted the PayPal Payment links to go I added one of the following links:

NOTE: I found that I had to use text instead of numbers for the URL values to get the scheme to work.



<a href="intermediate1.php?url=one">Click Here for link 1!</a>

<a href="intermediate1.php?url=two">Click Here for link 2!</a>

<a href="intermediate1.php?url=three">Click Here for link 3!</a>

<a href="intermediate1.php?url=four">Click Here for link 4!</a>

<a href="intermediate1.php?url=five">Click Here for link 5!</a>


Then on your intermediate page insert the following code in the body, Adding your own ifelse sets as required:


<!-- create the required variables -->

<?php $var1 = $your_tableRecord['amount_field_1']; ?>
<?php $var2 = $your_tableRecord['paypal_payment_e_mail_address_1']; ?>
<?php $var3 = $your_tableRecord['amouint_field_2']; ?>
<?php $var4 = $your_tableRecord['paypal_payment_e_mail_address_2']; ?>
<?php $ret1 = "http://www.your_site.com/hidden_page1.php']; ?>
<?php $ret2 = "http://www.your_site.com/hidden_page2.php"; ?>

<?php


$value = @$_REQUEST['url'];

$url = "";
// build the url with a value of 'one' from it's component parts

if ($value == 'one') {

$url = "https://www.paypal.com/cgi-bin/webscr?";
$url .= "cmd=_xclick&";
$url .= "amount=".urlencode($var1)."&";
$url .= "business=".urlencode($var2)."&";
$url .= "lc=US&";
$url .= "cbt=item 1 button title&";
$url .= "currency_code=USD&";
$url .= "rm=1&";
$url .= "cpp_header_image=".urlencode("http://www.your_site.com/images/paypal_header.jpg")."&";
$url .= "item_name=item 1 name&";
$url .= "no_shipping=1&";
$url .= "no_note=1&";
$url .= "return=".urlencode($ret1)."&";
}
// build the url with a value of 'two' from it's component parts

elseif ($value == 'two') {

$url = "https://www.paypal.com/cgi-bin/webscr?";
$url .= "cmd=_xclick&";
$url .= "amount=".urlencode($var3)."&";
$url .= "business=".urlencode($var4)."&";
$url .= "lc=US&";
$url .= "cbt=item 2 button title&";
$url .= "currency_code=USD&";
$url .= "rm=1&";
$url .= "cpp_header_image=".urlencode("http://www.your_site.com/images/paypal_header.jpg")."&";
$url .= "item_name=item 2 name&";
$url .= "no_shipping=1&";
$url .= "no_note=1&";
$url .= "return=".urlencode($ret2)."&";

}
// the rest are simple URLs

elseif ($value == 'three') {
$url = "http://www.site1.com";
}
elseif (
$value == 'four') {
$url = "http://www.site2.com";
}

elseif (
$value == 'five') {
$url = "site3";
}

if (
$url) {
redirectBrowserToURL($url);
}
exit;
?>


PULLING VARIABLE DATA FROM A FIELD IN A SPECIFIC RECORD IN A MULTI-RECORD EDITOR

I had one situation where the entry fee varied depending on the particular exhibition record and the links to
intermediate.php was on a detail page for that record.

On the page that contained the link I added the record number by changing the link code to



<a href="intermediate1.php?url=one&num=<?php echo $your_tableRecord['num'] ?>">Click Here for link 1!</a>



Then on the intermediate page I added a load records call for the table with the detail page and added a where statement
to limit the records to ones matching the record number that was appended to the URL that called the intermediate.php
page.

So if the table was your_table_one, the code would be:


list($your_table_oneRecords, $your_table_oneMetaData) = getRecords(array(
'tableName' => your_table_one',
'where' => whereRecordNumberInUrl('num'),
'limit' => '1',
));
$your_table_oneRecord = @$your_table_oneRecords[0]; // get first record


Then I added a variable for that entry fee data:



<?php $var5 = $your_table_oneRecord['entry_fee']; ?>


NOTE: Since I was pulling other variables from another single record table I had to remove



'where' => whereRecordNumberInUrl(1),
'limit' => '1',


from the list records call for that table and add


'allowSearch' => false,



The materials on this web site have been created for use with CMS Builder content management software. CMS Builder software is published and licensed for use by InteractiveTools.com. Please contact Interactive Tools for information on the downloading of the software or the purchasing of licenses.


Terms of Service