Securing a script

zoobie

It's really hard to test my creditcard processing...so, I'll have to ask about this first.

txn_id is a long unique transaction id# posted from the creditcard processor to this page. I want to make sure nobody comes into the page without the posted txn_id from the creditcard processor. Would this work? Thanks a bunch.

$txn_id = $POST['txn_id'];
$my_id = $POST['txn_id'];

if($txn_id == $my_id){
continue to process}

else {
Echo "ERROR"}

PS - I can't use [REFERER] because a https site doesn't post one for security reasons.

benkillin

well, you could use a hidden input field with wahtever you want in it, and only have it on the page submitted.

ScubaKing22

You could use isset() to see if the variable has been created yet:

if (isset($var))
{
//ITS SET
}
else
{
//ITS NOT SET
}

zoobie

Too easy to spoof...
Will my script work?
Thanks

Weedpacket

No, for the (obvious) reason that $txn_id is always going to be equal to $my_id.

zoobie

I guess nobody knows...