I'm sending and retrieving data from a credit card bureau.
what they want is for me to build a special form delivered to my user via https like this
<form method=post action='https://creditcardbureau.com/authorize.dll'>
<input type=hidden name='encryptedinfo' value='md5stuffhere>
<input type=text name=creditcard>
etc.
Then they'll parse the POSTed data and authorize a credit card.
Now I have to problems with this:
I want to authorize the card along with capturing a bunch of other data. Downloading this big form via https: takes for damned ever on dialup.
I have to run through a lot of hidden information, encrypt it, and send it along with the form.
The credit card company responds with their butt ugly "your credit card was charged" page, also sent (don't ask me why) via https. They'll only send a single static link on this page, so if somebody was in the middle of something, I have to mess around recreating the state from cookies,etc, which is also a pain.
I was NOT a happy camper.
Just for fun I tried sending a GET type request rather than a POST.
It worked fine.
What I do now is:
Download the form via http.
Use javascript to do rudimentary encrypt of creditcard data entered.
POST the form to MY server.
Parse the POSTED data
I take the data and create a URL:
$url="https://creditcardbureau.com/authorize.dll'>
?encrypteddata=$encrypteddata&creditcardnumber=$creditcardnumber":
then I
$linesarray=file($url);
Then I mess around with the response from the credit card company and proceed however I want.
Since this "GET" behavior is NOT documented by the credit card company, I suppose I'm taking a lot of extra chances.
Is there a way to mimic a POST to the credit card company to replace the "GET" method I'm using? Without actually building a form where the user must click a button?
Thanks for ideas.
