[e-gold-tech] Re: how to confirm the cgi file after status_url is e-gold ?
hi Jay ,
when i have confirmed payment, the page at
https://www.e-gold.com/sci_asp/pmtcommit.asp
which has the followig html :-
html
head
meta HTTP-EQUIV=Content-Type content=text/html; charset=iso-8859-1
META HTTP-EQUIV=Pragma CONTENT=no-cache
titlee-metal Payment Order - Confirmation/title
/head
body bgcolor=#FF
img src=../gif/logo.gif width=105 height=45 hspace=50 align=absmiddle
font color=#00 size=5 face=Arial, Helvetica, sans-serifbe-metal
Payment Order - Confirmation/bbr
/font font face=Arial, Helvetica, sans-serif
PAccount#: Bx/BBRAccount Name: B/BPBThe following transaction
has been
posted:BRBRYou Paid: x, Account# xBRBRUS$nbsp;0.01' worth of
Goldnbsp;(0.37 oz
or 0.001142 grams)BRBRMemo: xxBRBRBRPH2Transaction Posted! e-gold
Payment batch #:
xxx/H2
brdiv align='center'table cellspacing='5' border='0'tr
td align=centerbrfont face=arial size=3bClick the Continue button to
proceed:/b/fontbrtable border=1 hspace=0 vspace=0 bgcolor=#C0C0C0 cellspacing=0
cellpadding=2trtda style=text-decoration: none;
href=http://www..com/checkfromegold.cgi;font face=Arial, Helvetica,
sans-serif color=#00Continue/a/td/tr/table/td/tr/table/div
phrdiv align=rightfont size=1copy;2000,2001 e-gold Ltd./font/div
/font
/body
/html
but when i click on continue to go to
http://www..com/checkfromegold.cgi, my cgi file cannot detect that the
http referer using $ENV{'HTTP_REFERER'} because it is coming from https.
so, how can i check to see that the post is from e-gold ?
the $ENV{'HTTP_REFERER'} is empty / blank.
---
You are currently subscribed to e-gold-tech as: archive@jab.org
To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-tech] Re: how to confirm the cgi file after status_url is e-gold ?
i guess i will try to check this first. check to see if the post to you is coming from something in the 63.240.230.x range of IPs. currently this is where e-gold is located. (at some future distant time this might change.) do i do this from a cgi perl script ? --- You are currently subscribed to e-gold-tech as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-tech] Re: how to confirm the cgi file after status_url is e-gold ?
check to see if the post to you is coming from something in the 63.240.230.x range of IPs. currently this is where e-gold is located. (at some future distant time this might change.) do i do this from a cgi perl script ? yes --- You are currently subscribed to e-gold-tech as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
[e-gold-tech] Re: how to confirm the cgi file after status_url is e-gold ?
-BEGIN PGP SIGNED MESSAGE- hi kane, there are a couple of things you can do... 1. check to see if the post to you is coming from something in the 63.240.230.x range of IPs. currently this is where e-gold is located. (at some future distant time this might change.) 2. make sure to verify the V2_HASH field that is presented to you. this field can only be generated by someone that knows your merchant passphrase (it acts as a shared secret). 3. to perform a final check, assign each SCI payment you make a unique PAYMENT_ID on the input side. then use the e-gold history automation interface to query the recipient account for the existence of such a payment. if all 3 of those things match, you can be assured that you have truly been paid. jay w. [EMAIL PROTECTED] how to confirm the cgi file after status_url is e-gold ? input type=hidden name=STATUS_URL value=http://mysite.com/cgi-bin/cofirm.cgi; can a cgi command check that e-gold is the site running confirm.cgi ? -BEGIN PGP SIGNATURE- Version: PGP 7.0.4 iQEVAwUBO3GlpsyM0YPqVE7FAQEs8gf/ceAEHsuL1gTbKQJ8gRo10g+ySmI3x6Go H37FYrG0JZ4yg92ViPSW8ZfvwLwJo6+LhTJOuc+qjOD2FY8XKwLTAa/TXsacmH01 s+1WcVKdyxPk1SxjqlCEC4bC0zTsNrXvNH/hb0HSxDB4GNYQYIlrEIl21CZ2TgQb ErEe2egyoX9dfGgkmImcSYjVnQRzPr42nduxc35794M4jU4/oH76HL7oceonsWo6 8UcC0jU/nCDl+7Cn5NVlOlmtdVumVn5Rg6xbuVlHuF7xI2rGeqWKvim1l6ga22ej PrEIPHB8HqqOsXzeRH73bNtBKpsdTiTpe6xP7WU5WJNvcOFJTuifUA== =pq2h -END PGP SIGNATURE- --- You are currently subscribed to e-gold-tech as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
