I'm testing my IPN handler with micro-payments using Live PayPal and I want to know how to detect what option was selected when the user clicked my PayPal "Buy Now" button. I've checked many places and found conflicting documentation and guidance.
Based on another StackOverflow thread, I added the last 4 hidden elements below to the SELECT drop-down OPTION(s) on the ASP.NET page with my Buy Now button:
<input type="hidden" runat="server" name="hosted_button_id" value="WYUM54ACPKUH6" id="hosted_button_id"/>
<input type="hidden" name="on0" value="SubType"/>SubType
<select name="os0">
<option value="S10">Standard (10 users) $0.04 USD</option>
<option value="ENT">Enterprise (unlimited) $0.05 USD</option>
</select>
<input type="hidden" name="option_select0" value="S10"/>
<input type="hidden" name="option_select1" value="ENT"/>
<input type="hidden" name="option_amount0" value="0.04" />
<input type="hidden" name="option_amount1" value="0.05" />
These are not being POSTed back. In a specific test case, I bought the "Standard" option for $0.04 and dumped out the Form variables posted back to my site from PayPal and here are the only things even close to what I am looking for:
option_name1 = SubType
option_selection1 = S10
payment_gross = 0.04
The threads I read and the doc I read emphasized the naming convention of the OPTION elements and the name and value of the corresponding hidden elements as being as shown above. YET - my testing indicates different things being posted back regarding the choice that was made by the user (i.e. me).
One specific thing is why the suffix is 1 when it seems like it should be 0 (since that first choice and it should be relative to 0). Is there anybody who can clarify what to expect?
Related
Now, I am working on the project creating a blog like site and I am facing the problem that I can't change the value whether it is published by using checkbox and react-hook-form.
It workded a weeks ago so I am thinking this is due to the update of react-hook-form but I don't know how to solve it.
I am assuming that the code below is the part to be changed.
publish is a checkbox and when checked and submitted the value of post changed to published and turned to be visible. but corrently I can't turn it to be published. It stays false which means it is not published even if it's checked.
<fieldset>
<input className={styles.checkbox} name="published" type="checkbox" ref={register} />
<label>Published</label>
</fieldset>
<button type="submit" className="btn-green" disabled={!isDirty || !isValid}>
Save Changes
</button>
this part works fine.
{!isDirty || !isValid}
I hope some kind people will help me.
Thank you.
The problem here is similar to your last question - you need to modify the usage of register to support v7:
<fieldset>
<input type="checkbox" {...register("published")} />
<label>Published</label>
</fieldset>
when I didn't set the product size, it will show the text "Must pick 1 size for the product". But it can't show the text. I want to know how to use select and input Element?
<select name="product_size" class="form-control" required oninput="setCustomValidity('')"
oninvalid="setCustomValidity('Must pick 1 size for the product')">
<option disabled selected>Select a Size</option>
<option>Small</option>
<option>Medium</option>
<option>Large</option>
</select>
enter image description here
Welcome to StackOverflow!
There are a two things wrong with your code.
The oninvalid callback was never able to be executed, as nothing ever checked for the validity of the select element. You can fix this by wrapping it in a form element and have a <button> in it. When this button gets clicked by a user, the form gets validated by the browser, will see, that the select is invalid and call your oninvalid code.
It is never invalid in chrome. I have tested your code and it worked perfectly on Firefox after wrapping it with a form. Chrome however does not think your default option is invalid to make it think this I added the value="" attribute to it.
A working example:
<form action="javascript:void()">
<select
required
name="product_size"
class="form-control"
oninput="setCustomValidity('')"
oninvalid="setCustomValidity('Must pick 1 size for the product')"
>
<option value="" disabled selected>Select a Size</option>
<option>Small</option>
<option>Medium</option>
<option>Large</option>
</select>
<button type="submit">Submit</button>
</form>
I am looking to integrate BitPay for processing bitcoin payments on one of my sites.
Their hosted checkout form (similar to PayPal checkout form) is easy to integrate however I don't know how I can pass order amount with the form so that the same checkout button can be used for different orders (payments).
Here's their page regarding hosted checkout: https://bitpay.com/help-hosted-checkout
Bitpay has clearly stated that we can pass different order amount but they have not provided any field for this on the above mentioned page. I have contacted them and they will reply in 3 days but since I need to integrate this at the earliest, I hope somebody here can help me fast.
Thanks.
I was also looking for help with a bitpay button for a project and found this question (and another one like it), so coming back to answer in case it can help others in the future: If you got your bitpay button code from the payment button option on bitpay, your code might look something like this:
<form action="https://test.bitpay.com/checkout" method="post">
<input type="hidden" name="action" value="checkout" />
<input type="hidden" name="posData" value="" />
<input type="hidden" name="price" value="<?php echo $price_var;?>" />
<input type="hidden" name="data" value="...(your data value)..." />
<input name="checkout" type="submit" value="Checkout" class="form-button-submit button"/>
</form>
Having the line of code with 'name="price"' allows you to set a global variable (potentially your shopping cart total) as an order amount. Hope this helps!
I need to integrate payments with PayPal and I'm using the form integration
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="upload" value="1">
...
<input type="hidden" name="return" value="http://example.com/Thankyou.html">
<input type="hidden" name="notify_url" value="http://example.com/IPN">
<input type="image" name="submit" border="0" src="/img/logos_icons/paypal-btn.png" alt="PayPal - The safer, easier way to pay online">
</form>
After this point I'm a little bit confused: when the user click on the buy button is redirected on the PayPal website and when the transaction is completed is redirected on the "retun" link (a thank you page). At the same time PayPal send a notification (IPN) to the "notify_url".
is this the correct workflow?
if yes, in the notify method I should book the purchased products but how can I understand which is the original transaction linked to the current notification ?
You have the flow correct, although depending upon the nature of the transaction or user experience you are trying to provide you may have the fulfillment activity "book the purchased products") possible in two places: handled by the page the user the returns to (if they do return promptly and you want to fulfill the order immediately, e.g. so that they can navigate to a subscribed page) and via IPN to catch the cases where the user pays but does not return immediately to your site.
Generally you send a unique identifier of your choice to PayPal in the invoice field of the button; that identifier is linked to whatever context you need (purchase details/shopping cart, user account, whatever) on your side.
If ViewStatemac is enabled in an ASP.NET application can a user modify what is in ViewState and successfully pass it back to the server?
I have an applicaiton (that someone else wrote) that is using what is in ViewState to create an non-parameterized ORDER BY clause in a SQL query. Should I be worried about SQL Injection?
If ViewStateMAC is enabled the attacker would need to be able to crack the "machine key" in order to alter the ViewState, so it should be reasonably secure if this value is kept private.
Is the value set in the code behind (e.g. ViewState["OrderBy"]) rather than via a control? If so this will not be subject to Event Validation.
Yes you can modify the viewstate, and post it back, by simple copy paste the page to a local site as html, and modify it.
How ever on post back the validation will be fail and not accepted by the asp.net if you have open the EventValidation Property - it is open by default.
asp.net saves a hash file for every control and every event on the page on this property, and validate it on post back. If this fail, then is not continue. If you have this close then it can do what you say.
Look this simple html form:
<form name="input" action="someaction.asp" method="post">
<select name="sel">
<option value="1" >Milk</option>
<option value="2" >Coffee</option>
<option value="3" >Tea</option>
</select>
<input type="submit" value="Submit">
</form>
anyone can change the <option value="1" >Milk</option> to <option value="1 OR 1=1" >Milk</option> and post it back as it is, so you need to add a hash code before render it and post it back together with the rest, and validate that the values that is the same (return the same hash).
Some sites, and coders select to encrypt every single value on post back, if you for example see the amazon, you notice lines like:
<input name="offeringID.1" value="y3A0L7tSnS%2B7LBLvI....morehere" type="checkbox" id="fbt_x_check" style="display: none;" class="check" checked="checked">
And you if you use custom html control you need to add your personal validation of the values, to avoid been modified.
asp.net developers have decide to make a total hash values of all controls, and keep it on the EventValidation.
So keep the EventValidation on, and the modification will fail.