PDA

View Full Version : Challenge Only For The Strongest...


NazWeb
11-01-2001, 03:29 PM
IN DOING A PAID MEMBERSHIP TO MY SITE:

I have a screen that takes peoples information then sends them to Paypal to pay (or whoever I eventually choose to take the payments).

Paypal allows me to insert the return link that I send them to AFTER they have paid.

Where and how could I send them to someplace that will be able to determine 1)THEIR USERNAME and 2)that YES they have paid NOW so allow them entrance into the site.

**I've already thought of having Paypal send them back to my flash site with a VARIABLE at the end of the URL that says '&Verify=Approved' SO that FLASH would then be able to check that. The problem with that is any old shmoe could then tell his buddy THE link address and then HE WOULD be approved,,,

AND THAT STILL DOESNT SOLVE MY PROBLEM WITH HOW I CAN KEEP THE USERNAME GOING FROM MY ORIGINAL FLASH SITE---TO PAYPAL---AND BACK TO MY VERIFY FLASH SITE---

SO

1).CAN I SEND VARIABLE BY 'POST' THROUGH PAYPAL???? OR IS THERE ANOTHER WAY OF HIDING MY VARIABLES and...

2).HOW DO I KEEP THE PERSONS IDENTITY FROM FLASH TO A 3rdParty HTML BACK TO ANOTHER FLASH PAGE
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!:eek:

mad_A
11-01-2001, 04:12 PM
There is one easy enough solution - If you can put a little code on the paypal site, JavaScript will do.
Have the paypal site take the date, in long format, and encrypt it with some form of simple encryption (substitution should do), then apend the date to the end of the url.
Send the user back to your site, and have a checker that unencrypts it and compares it with a current dat object.
It is probably easier to do the calculations by loading the flash and using fscommand to send the encrypted code to the page holding it and have that page with JS to unencrypt it and send it back in.




it is still not too secure, but you can use that for them to set up their account AND THE PAGE THEY GO BACK TO (A LOGIN SECTION THAT CAN'T BE ACCESSED BY A URL)...opps, hit cap locks!...that page within a movie lets then set up a user + password that write to a dB on your own server. Then when they log on in future they use their username and password, not the url. If anyone tries to use the url it will not work after the day it is given out.
If you want to make it more secure again bring the time down to the current hour.

So, does that get me free membership?


I have some code for simple encryption on my site at this page -
;) encryption (http://www.codedanswer.com/jsencryption.htm)

mad_A
11-01-2001, 04:17 PM
the url there should have beenthis! (http://www.codedanswer.com/jsencryption2code.htm)