Post secure info to a file?

Mandakins

I'm working on a service based website, and had the 'checkout' area all configured and ready to certify by the merchant company. The code they provide for 'linking' to their gateway is just a form that sends the info to their gateway, verifies it and sends the results back to the pages you specify (accept/decline/missing info). However, they can't certify the site because the merchant account number shows in the form source code which anyone can view if they look at the page source.

They recommended the following:

Instead of posting directly to [the gateway], you would post to a page or a file that is secure. In that page or file is all of your information, and this file must be secure from outside access. This way, when someone is on your form page, they do not see the source, they only see the file that it is posting too. The file itself has all of the link information into it, which is secure.

Problems:

I am passing additional information I need for subsequent pages to get my registration area to work properly.
I have no idea how to post to a file and have that file post to the merchant gateway.

Can anyone offer any suggestions as to how I might accomplish this or point me in the right direction?

AstroTeg

The idea is you post your data over an SSL connection to another script you have which fishes out from a secure location (be it a non-web accessible directory) the gateway's parameters. You load the parameters and then post to the gateway.

Mandakins

Right. I get that.

What I can't figure out is how to post that information to their gateway url from the secure page automatically.

Is there some kind of post or other function that will do the trick?

I've thought of javascript redirect with all the info attached to the url, but that doesn't work.
Also thought of attaching the info to the php header redirect url, but that's impractical as well.

It's easy enough to collect the information at the secure page, but how to then get it to the gateway url is the dilemma.

Marino

maybe you could use javascript in the pages body.

<body onLoad="form.submit">

Then simply fill the form with the values and when ready it is submitted.

AstroTeg

Originally posted by Marino
maybe you could use javascript in the pages body.
<body onLoad="form.submit">
Then simply fill the form with the values and when ready it is submitted. [/B]

My concern using this method would be an thug can intercept this page (especially with JavaScript disabled) and modify the payment values.

Instead, look into using fsocket or curl to mimic a post submit. It takes a little effort, but there's all sorts of docs on the net on how to do it.