HIDING THE CONTENTS OF PAYPAL FORM FIELDS FROM PRYING EYES (GOOD) - Aug 26th, 2012


FOR AN EVEN BETTER SOLUTION, LOOK AT THE NEXT RECIPE "HIDING THE CONTENTS OF FORM FIELDS (BEST)"

I had a number of PayPal buttons that returned visitors to signup and submission forms after payment. The trouble was
that a quick look at the source code would allow anyone to circumvent the payment page and spambots to capture the
payment email address.

It didn't seem that I could use PayPal encrypted buttons because the data in the button was dynamic so the solution I
came up with was to use javascript to encrypt the real field values.

Here's a 2 part solution that you can use for any form.

It's not a perfect solution, but it's better than none at all.

First create the cloaking generator which I call cloak1.php. In this example it's set up to generate the code for 3
fields, (1 payment email address and up to 2 return URLs (return and return2)). The generator doesn't differentiate
between field types, so you can mix and match the type of data that's cloaked. Note that the ret1, ret2 and ret3 code
is where the form field names are assigned. change them to match your form


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Cloaking Generator</title>
</head>

<body>
<h3>Cloaking Script Generating Form</h3>
<form
onsubmit="this.__enc_result.value=__enc_code(this.__enc_request.value,this.__enc2_request.value,this.__enc_email_request.value);
return false;" style="text-align:left">
<p>Enter the Return-URL you&#8217;d like to encode:
<input name="__enc_request" size="60" style="width:100%">
Enter the Second Return-URL you&#8217;d like to encode:
<input name="__enc2_request" size="60" style="width:100%">
Enter your PayPal &#8216;business&#8217; email to encode:
<input name="__enc_email_request" size="40" style="width:50%"></p>
<p><input type="submit" value="Click Here to Encode"></p>
<p>Then copy the code from the box below and paste it into your page between the <code>&lt;head&gt;</code> and
<code>&lt;/head&gt;</code> tags.</p>
<p><textarea name="__enc_result" cols="70" rows="20" readOnly="true" style="width:100%"
onclick="this.select()"></textarea>
</form>
<script>
<!--
var s1 = '<'+'script type="text/javascript">\n<!--\n';
var s2 = '\nfunction checkForm(theForm) {\n';
var s3 = '}\n//-->\n</'+'script>';
function __enc_code(str1,str2,str3) {
var len1 = str1.length;
var len2 = str2.length;
var len3 = str3.length;
var ret1 = "";
var ret2 = "";
var ret3 = "";
var jscode1 = "";
var jscode2 = "";
var jscode3 = "";
for (var i = 0; len1 > i; ++i) {
ret1 += "&#"+str1.charCodeAt(i)+";"+((4 == i % 5 )? '"\n+"': '') ;
}
for (var i = 0; len2 > i; ++i) {
ret2 += "&#"+str2.charCodeAt(i)+";"+((4 == i % 5 )? '"\n+"': '') ;
}
for (var i = 0; len3 > i; ++i) {
ret3 += "&#"+str3.charCodeAt(i)+";"+((4 == i % 5 )? '"\n+"': '') ;
}
if ("" != ret1) {
ret1 = 'var temp = "' + ret1 + '";\n';
jscode1 = 'if (theForm.return)\n theForm.return.value = temp;\n';
}
if ("" != ret2) {
ret2 = 'var temp2 = "' + ret2 + '";\n';
jscode2 = 'if (theForm.return2)\n theForm.return2.value = temp2;\n';
}
if ("" != ret3) {
ret3 = 'var temp3 = "' + ret3 + '";\n';
jscode3 = 'if (theForm.business)\n theForm.business.value = temp3;\n';
}
return s1+ret1+ret2+ret3+s2+jscode1+jscode2+jscode3+s3;
}
//-->
</script>
</body>
</html>


Here's how you'd implement this solution.

Paste the generated cloaking code in the head of your viewer.

Replace the email addresses and the URLs that are to be changed with temporary entries as in the PayPal button
membership example below.


<form onSubmit="checkForm(this)"
action= "https://www.paypal.com/cgi-bin/webscr">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="lc" value="US">
<input type="hidden" name="cbt" value="click to fill out your membership application">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="cpp_header_image" value="http://www.your_site.com/images/pplogo.jpg">
<input type="hidden" name="item_name" value="$<?php echo $become_a_memberRecord['regular_dues_amount'] ?> - 1st Year
Dues Payment">
<input type="hidden" name="amount" value="<?php echo $become_a_memberRecord['regular_dues_amount'] ?>">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="rm" value="1">
<input type="hidden" name="business" value="">
<input type="hidden" name="return" value="">
<input type="submit" value="CLICK HERE TO PAY $<?php echo $become_a_memberRecord['regular_dues_amount'] ?>">
</form>





The materials on this web site have been created for use with CMS Builder content management software. CMS Builder software is published and licensed for use by InteractiveTools.com. Please contact Interactive Tools for information on the downloading of the software or the purchasing of licenses.


Terms of Service