Using the status_url cgi page to make a payment to someone else I currently have a form that people fill in to join a club , after they click submit they are directed to an e-gold sci form to make the payment.
After they've made the payment, the status url cgi page I have takes the information they've submitted and compares the MD5 V2 hash with one I've constucted from the data to make sure the submission is coming from e-gold. It then creates a record in a MySQL database and emails the person the link to log into the database. WHAT I would like to do next is have the status cgi form pay the referral commission automatically by submitting to: https://www.e-gold.com/acct/confirm.asp I've already constructed a stand alone script using the above and tested it. I just can't seem to figure out how to do that within the status url. Dan McLean [EMAIL PROTECTED] 26 Jan 01 I will explain below more clearly, exactly the steps: 1. a person fills out an online form at my site. It collects their egold number and their referrals egold number as well as other info required. <input type='hidden' name='STATUS_URL' value='egoldpayment_status_url.cgi'> <input type='hidden' name='PAYMENT_URL_METHOD' value='POST'> <input type='hidden' name='PAYMENT_URL' value='egoldpaymentnew.cgi'> <input type='hidden' name='NOPAYMENT_URL_METHOD' value='POST'> <input type='hidden' name='NOPAYMENT_URL' value='egoldnonpaymentnew.cgi'> 2. They submit the above form. 3. The data is directed to a form called "egoldpayment_check_record.cgi" where their egold account number(which is their username) is checked against the MySQL database to make sure they haven't already paid and are already a member. If there is a duplicate record, it displays the following and STOPS. "Error: Duplicate e-gold account number. This record already exists in Database. No need to resubmit. To obtain a password to access this account click: Click here to go to Personal Members Area You have already paid for your membership. " 4. If they are a new record i.e. their egold account number is not in the database the data is sent to: https://www.e-gold.com/sci_asp/payments.asp e-metal payment order Pay: xxxxxxxxxxxxxxxxxxxx Account: xxxxxx Amount: .01 USD' worth of Gold Memo: email@address/John Doe ref. # Refer-egold- xxxxx/ From: xxxxxxxxx (Account Number) 5. They make the payment by clicking on "Preview" then "Confirm" The following things happens to the information sent to: egoldpayment_status_url.cgi a) First the V2_HASH is compared against a calculated V2 hash from the information received. The alternate password which is used in the construction of the comparison hash, is stored in a file that is above the web root server, so it is not accessible if someone was able to read the script. It is brought in for use by utilization of a script that reads data from static files: my $xxxx = static_page ("xxxxxxx"); This is done using Perl -> Digest::MD5 if ($real_faker eq "False"){ print "This is not a real payment submission from the egold site! \n";print "Transaction cancelled\n"; exit (0); } If it passes that test then I know that the data is coming form egold site and payment has been made. b) It then does the duplicate record check again to make sure we don't create a duplicate record. If it passes that test then I know that this is a new record. c) It then creates a new record in the MySQL database. Within that record it marks referral_fee_paid field as "N" which means it hasn't been paid yet. d) It emails the person their login information for the members area. It also emails myself information about the new member. 6. Back to where the member is at the: https://www.e-gold.com/sci_asp/pmtcommit.asp form waiting to press the continue button to take them back to my site to the: egoldpaymentnew.cgi form. They press the "Continue Button" Now this is where it gets interesting and a bit complicated. a) egoldpaymentnew.cgi is a frame top level page that utilizes perl as well as JavaScript in it's html sections to accomplish its 2 GOALS: i) Pay the referral fee, if it hasn't been paid already. ii) Show a confirmation to the user of the spend they've made, with a link to their personal members area, where they can login. There are 4 files associated with this section: egoldpayment.cgi -> top level frame The egoldpayment.cgi html section looks like this <frameset rows='0,*'> <frame name='header' scrolling='no' noresize target='_self' src='$egoldpaymentnew_f'> <frame name='main' src='egoldpaymentnew.cgi' target='_self' scrolling='auto'> egoldpayment_ref.cgi -> referral fee automatic payment script or top.htm -> an empty html file used when either the record doesn't exist in the MySQL Database or the referral fee has already been paid. egoldpaymentnew.cgi -> Confirmation form for members that is always displayed b) When egoldpaymentnew.cgi starts it checks to see if the egold account number(username) from the https://www.e-gold.com/sci_asp/pmtcommit.asp exists in the MySQL database and whether the referral fee has already been paid. "SELECT * FROM members WHERE ref_fee_paid = 'N' AND username = ?"); c) If the above conditions are true, then it changes the ref_fee_paid field to 'Y' {i.e. paid} If they're false it changes the variable $egoldpaymentnew_f from egoldpayment_ref.cgi to top.htm. d) It then sets some memory variables using JavaScript that the other "child" frame forms: egoldpayment_ref.cgi and egoldpaymentnew.cgi can gain access to using JavaScript and references like this: parent.r_id_d_top Set within egoldpayment.cgi using JavaScript within the html section of the cgi script var r_id_d_top = '$r_id' var email_top = '$email_d' var Name_top = '$realname_d' var membership_fee_top = '$fee_d' var PAYMENT_AMOUNT_top = '$PAYMENT_AMOUNT_d' var batchnum_top = '$batchnum_d' var egold_top = '$egold_account_number' e) If the record exists and ref fee hasn't been paid then this script runs in the hidden top frame: egoldpayment_ref.cgi This form generates all the information required to submit to: https://www.e-gold.com/acct/confirm.asp <form method='POST' action='https://www.e-gold.com/acct/confirm.asp' name='formegold' > which is the automatic payment side of e-gold. It does this by generating an html page with onLoad=checkPage(this.form) in the body tag. <BODY BGCOLOR='#FFFFFF' TEXT='#000000' onLoad=\"checkPage(this.form)\"> The checkPage JavaScript located in the head portion of the html looks like this: <SCRIPT LANGUAGE='JavaScript'><!--<!-- Begin function checkPage(formegold) { document.formegold.Payee_Account.value = parent.r_id_d_top document.formegold.Memo.value = 'ref fee:' + parent.email_top +'/'+parent.Name_top document.formegold.AccountID.value = '$AccountID_a' document.formegold.PassPhrase.value = '$xxxxx' document.formegold.Amount.value = '$Amount' document.formegold.PAY_IN.value = '$PAY_IN_a' document.formegold.WORTH_OF.value = '$WORTH_OF_a' document.formegold.submit()} // End --> //--></SCRIPT> The PassPhrase which is used to make the automated payment, is stored in a file that is above the web root server, so it is not accessible if someone was able to read the script. It is brought in for use by utilization of a script that reads data from static files: my $xxxx = static_page ("xxxxxxx"); The important part of this is the final part which is document.formegold.submit() which submits the form data to egold: https://www.e-gold.com/acct/confirm.asp and makes the referral payment. YOU CANNOT PLACE ANYTHING IN THE function checkPage after document.formegold.submit() if you do the submit will not happen, because it will stop it. ~~~~~~~~~~~~~~~~~~~~~~~ NOW THAT I'VE DESCRIBED THE BACKGROUND I CAN DESCRIBE MY PROBLEM. Number 1 A TIMING PROBLEM: If the record isn't created quickly enough by the status url submission then when the member clicks on continue the egoldpayment.cgi script will not find the record in the database and will therefore not pay the referral commission. I've tried playing with the perl sleep command in the egoldpayment.cgi to allow time for the record to be created in the MySQL database. But I finally abandoned that as creating more problems than it was worth. On the plus side I've found that about 80% of the commissions do get paid, and the ones that aren't paid are marked in the MySQL database as "N" so I can easily check. What I really want to be able to do is utilize the status url script egoldpayment_status_url.cgi to make the payment. But I can't seem to be able to get it to do it because "however if any HTML is returned it is simply ignored and discarded." so I can't do the submit form JavaScript thing I do with egoldpayment_ref.cgi. I know there must be a way to make automatic payments utilizing perl to the https://www.e-gold.com/acct/confirm.asp without having to submit forms or use html- which will be ignored as stated below, but I can't figure it out. If I can use the status url then I won't have the timing problem since it won't make the payment until the record is already created, plus I won't need to worry about anyone spoofing forms since the submission is coming right from egold and has already been verified using the V2_HASH ANY ASSISTANCE WITH THIS WOULD BE GREATLY APPRECIATED. Daniel McLean [EMAIL PROTECTED] http://www.e-gold.com/docs/e-gold_sci.html#_Toc533218759 "This Form is submitted using the POST method to the URL provided previously to e-gold® system in the hidden text field called STATUS_URL. This URL is typically that of a cgi program that reads and acts upon the hidden text fields present on the form. It is likely that the program will store the order information and the e-gold transaction information for accounting purposes. No response is expected from the merchant system when this form is submitted, however if any HTML is returned it is simply ignored and discarded. Note that the e-gold® server is designed to resubmit the Payment Transaction Form until it obtains a valid http(s) status response (indicating a successful post) or until the configured retries have been exhausted. Because of this, under certain communication error conditions it may be possible for the Merchant’s server to receive a duplicate Payment Transaction Form." --- You are currently subscribed to e-gold-tech as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.