As we all know, when you view the source on a page with a form using hidden fields, the hidden fields are shown. I need to submit unseen information through the hidden fields.

I found something that does this, and it looks like something that would be easy for someone to make who knows CGI.

The details are here: http://www.katsueydesignworks.com/cgi_mhf.htm

The problem is, to download their free version of this script, you must sign up for their ezine (which I have done) and when your first mail comes in from them, your account is activated. I have been waiting, and no mail has come, so I come to WHT for help.

Does anyone know of any other (free, possibly) scripts that can do this same thing, or something similar? (I would code it myself, but I don't know CGI/Perl.) :(

Thanks a lot!
Mike

The only way you can 'pass' data without going through the client is by storing that data on the server side. You can do that with config files for static data, or sessions & cookies for dynamic data.

The script you posted appears to do the former. It takes the user request, pads on additional data you give it at setup time, and passes it on to your actual CGI. Pretty cool, really. Sure, you could just load your own config file, but what fun is that? PHP has built-in session handling, and you should be able to find something similar for Perl.

I would suggest modifying the actual program to handle whatever server-side values you need. If you don't know how to modify the program, you will need to pay someone to modify it for you, anyway, so this hack is as good as anything.

Thanks for the reply.

The problem is, these hidden values are for a PayPal order, and the real hidden value is the return URL which is formatted like this: http://myserver.com/myscript.php?code=348sadflkj8523u89

My script generates a code that is put in the return area of the hidden string. After they pay on PayPal, paypal directs them to whatever I have set in this field. The code is in place to make sure they have payed. The problem is, if this hidden field is visible, they can just bypass paying.

I would do the sessions idea, or anything else, however I cannot modify the PayPal system, and need this to be a hidden field for it to work correctly.

I hope this makes sense, and if your reply explained how to do this sort of thing, I just didn't quite understand it.

Any other ideas?

Thanks again, Mike :)

MHF won't work for that, then, since it would be server-side only (same goes for my ideas -- it pays to be specific). Paypal does offer a notification system that would be more reliable:
https://www.paypal.com/cgi-bin/webscr?cmd=p/xcl/rec/ipn-intro-outside

It isn't as nice as the Authorize.net structure, but it gets the job done.

ahhha. I know.

If you're on a linux hosting box/plan you can use php, and mcrypt library.

go down to your bookstore and checkout the php cookbook from o'reilly. there's a recipe there for encrypting data before sending it back to the client.

what happens is;
someone enters a form on page 1, and gets posted to page 2.
page 2 first reads the form data, and bundles it all together into a single encrypted hidden field and passes it back to the client.

then, on the final page, you can use a saved key to decrypt this information again.

i know, it's vague, but check out the recipe book for clarity.

Thanks for the advice!

I had been looking about the PayPal IPN feature, but could not find that page you linked me to with the samples and such, so I didn't understand it. Thanks, I will use the IPN.

About the mcrypt library, thanks for the help, but unfortunately this server is on Windows.

Thanks to all for the help :)

mcrypt works on Windows too.

Interesting; I shall look into that if I ever need any encryption of that matter. However, I have set up IPN already and it is working like a charm. Thanks.