I have a single product, a file that is dynamically created and I need a paypal to return a customer after payment is done to the address of the file.
Simple Buy Now button is elegant but if I put
<input type="hidden" name="return" value="http://www.mysite.com/x727x7e.dat">
into a button's code, simple browser's Page - View Source can reveal the file address before the payment.
Here is a sample of button code:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="return" value="http://www.mysite.com/x727x7e.dat">
<input type="hidden" name="cancel_return" value="http://www.mysite.com/nothanx.html">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="1111111111">
<input type="image" src="https://www.paypal.com/en_AU/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypal.com/en_AU/i/scr/pixel.gif" width="1" height="1"></form>
I assume the right way would be to use PayPal api and to generate the file after the transaction has been sucessfull but since I am noob to paypal and was wondering can this be solved in an elegant way?
Can I make a (asp.net c#) button that makes post method with this parameters to paypal, so that return url in not visible to the customer?
Yes, create a hidden input named return and insert your return address. You can also set a hidden input named cancel_return and insert a cancel-return address that is used if the user tries to cancel the transaction. Finally you may add one named notify_url that will receive a POST asynchronously after the purchase. The return address will also receive a POST but only if the user clicks to return.
EDIT:
I just noticed you want to hide the address. One, as I mentioned the payment information is posted to that address, which includes a validation code you can ask paypal if the payment is valid. So this means it's not vital to keep the address secret (besides, after one payment a user could see where he went to anyway).
Two, you may register an SSL key with paypal and then encrypt your fields with it. Please see their documentation on how to do this.
The worst that a user can do is complete an erroneous payment through paypal -- they'd still be charged money but would have to, with a straight face, claim that your website said it (whatever you are selling) was only $0.01 USD instead of $10.00 USD.
That may or may not be a concern depending on what you are selling.
Related
I have Login page which Customer should login with their Email adresse ,But when i write email adresse and hit button , its just redirected me to the same page i was before (Login) and than i debugge the code and its retrieve all null.Can anyone direct me in the right direction? thx
According to your debugging screen shot, your ED_data_A_S_Customer model has a property called E_Mail. But the form element you're using is named Email. These names are different. As a result, the ASP.NET MVC Framework's model binder has no way to know where to get the E_Mail value.
Change your form element to match your model:
<input style="color:black;" id="Email" name="E_Mail" value="" required="" type="email" placeholder="Kunde ID ..." class="input">
<!-- ^here -->
Since you're only using a single value, you could also just as easily not use the model at all and just use that single value:
public ActionResult Login(string e_mail)
(Name it whatever you like, just make sure the form element's name matches.)
Of course, it's also worth noting here that a login which has only a username and no password is terribly insecure.
The client should be able to send everything with a button, so I can do the following:
Send everything as form fields named like invoiceId_detail_text where invoiceId would be the id of the invoice, detail the part, and text the kind of field.
Example:
<form id="invoices" name="invoice">
#foreach(var Invoce in Model.Invoices) {
<div>
<input type="number" id="#String.Format("{0}_amount", Invoice.InvoiceId)"/>
</div>
/*More Input Fields for the Invoice*/
<div>
<button type="submit"></button>
</div>
}
</form>
Or I can put every invoice separated in its own form, and send them by ajax, every form success I send the next one and so on.
Example:
#foreach(var Invoice in Model.Invoices) {
string formName = String.Format("{0}_form", Invoce.InvoceId);
<form id="#formName" class="invoiceForm" id="#formName" action="#Url.Action("EditIndividualInvoice","InvoicingEdit")">
<input type="hidden" name="InvoiceId" value="#Invoice.InvoiceId"/>
<div>
<input type="number"/>
</div>
/*More Input Fields for the Invoice*/
</form>
}
<button type="button" onclick="SendAllForms();">Send</button>
I did some research between some of my co-workers and many of them told me to just go with a post with all the invoices at the same time and then access every field by item id because I don't have knowledge of how many invoices are going to be sent, but i can get all of them by class on JQuery so it shouldn't be a problem.
I also read this article from a UX point of view and it keeps me thinking about it.
By doing it with AJAX the cliend could be able to see a loading bar and it would be great, but if he closes the page the request would be incomplete and it could be complicated.
Which option could be better and why and what are the security implications of using one over another?
I think the solution depends principally of the behavior that you wish.
By doing it with AJAX the cliend could be able to see a loading bar and it would be great, but if he closes the page the request would be incomplete and it could be complicated.
In the 2 solutions, if the user closes the page after clicking the button, this will not cancel the save. Once the request sent, it cannot be cancelled. So you shouldn't have "security" problems whatever the choosen solution.
The only thing you need to be careful, is to disable all AJAX buttons during an AJAX request, to avoid the user sending several request in the same time (that can provoke saving inconsistency data).
The classic solution is generally most simple to implement.
The AJAX solution can be most complicated to implement (more code), but provides a friendliest behavior.
I am having a little problem. Whenever i login and set Remember password option to yes, the next page contains a form and it also includes username and password textboxes. They automatically get filled with the same username and password. Why is this happening? Please Tell me how to solve it
Its browser property. To stop this you can set autocomplete="off" in your inupt type.
<input type="text" name="Username" autocomplete="off">
and AutoCompleteType="disable" when using asp:TextBoxes
You can also put this on the form tag. Note this does not work consistently in all browsers.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
I'm part of a project that requires auto-complete or auto-suggest feature for postal addresses (something similar to what google maps has). As the user starts to type in the number and then the street google starts to suggest valid options. I would like to know if there is an api (even commercial) available in the market.
Note: I'm not looking for an address validation API.
I could also buy a address database and implement this on top of it. But thats a lot of Dev overhead involved if we need to build something robust and sophisticated. Any good pointers will help.
Thanks
Bala
This looks to give you a solution similar to the one you are searching for. If you replace the on_click event with the Javascript onkeyup you should then be able to check the address realtime.
This is a quick step-by-step integration guide describing how to add a RapidAddress postcode based address finder to a HTML website. We recommend you read the JavaScript user guide first.
Step #1
Download the latest version of the JavaScript class from the downloads section. You could also use the integration pack, it contains ready made HTML pages that may be handy as a starting point.
Upload the JavaScript file crafty_postcode.class.js to your webserver and reference it in your HTML, you may have to use relative or absolute paths in the src property:
<script type="text/javascript" charset="ISO-8859-1" src="crafty_postcode.class.js">
</script>
NOTE: the "ISO-8859-1" bit is important as the JS script is compressed.
Step #2
Create and configure the JavaScript object:
<script>
var cp_obj = CraftyPostcodeCreate();
cp_obj.set("access_token", "xxxxx-xxxxx-xxxxx-xxxxx"); // your token here
cp_obj.set("result_elem_id", "crafty_postcode_result_display");
cp_obj.set("form", "address");
cp_obj.set("elem_company" , "companyname");
cp_obj.set("elem_street1" , "address1");
cp_obj.set("elem_street2" , "address2");
cp_obj.set("elem_street3" , "address3");
cp_obj.set("elem_town" , "town");
cp_obj.set("elem_county" , "county");
cp_obj.set("elem_postcode" , "postcode");
</script>
Step #3
Create an address form in HTML:
<form method="post" name="address">
Postcode:<br/>
<input type="text" name="postcode"/>
<button type="button" onclick="cp_obj.doLookup()">Find Address</button><br/>
<span id="crafty_postcode_result_display"> </span><br/>
Company:<br/>
<input type="text" name="companyname"/><br/>
Address:<br/>
<input type="text" name="address1"/><br/>
<input type="text" name="address2"/><br/>
<input type="text" name="address3"/><br/>
Town:<br/>
<input type="text" name="town"/><br/>
County:<br/>
<input type="text" name="county"/>
</form>
NOTE: "companyname", "address2/3" and "county" are optional, you can leave these fields out if it suits your site. Remember to delete also them from the JavaScript config in step 2. For example if you do not want the county field : cp_obj.set("elem_county", "");
Note the 'Find Address' button, the onclick action calls the doLookup() method.
The address results (or an error message) will be placed in the element with id="crafty_postcode_result_display".
All done!
If things don't work for any reason, email any error codes/messages to us. We will be happy to help. You may also want to read the JavaScript user guide, if you haven't already.
As found at:
http://www.craftyclicks.co.uk/web-service/docs/javascript-address-finder-how-to-add-rapidaddress
You can use googles geo autocomplete api
http://code.google.com/p/geo-autocomplete/
This will give you the same auto-complete for locations that you would get on googlemaps.
If I see something like:
if(Request["Email"])
{
}
What does this actually mean? Where is the Email collection member actually being set?
It's retrieving the variable from get/post parameters.
somepage.aspx?blah=1
string blahValue = Request["blah"];
Console.WriteLine(blahValue);
> 1
Even more specificially:
Cookies, Form, QueryString or ServerVariables
http://msdn.microsoft.com/en-us/library/system.web.httprequest_members(VS.71).aspx
See this for example.
Taken from the above link
All variables can be accessed directly by calling Request(variable) without the collection name. In this case, the Web server searches the collections in the following order:
QueryString
Form
Cookies
ClientCertificate
ServerVariables
It retrieves either the submited form values (POST) or the submitted querystring values (GET).
You would generally see it written as either Request.Form["Email"] or Request.Querystring[Email"] instead of just Request["Email"].
Example of Form (POST) method:
On the HTML or ASPX Page:
<form action="SomePage.aspx">
<input type="hidden" name="Email" value="someaddress#email.com" />
<input type="Submit" value="Submit Form" />
</form>
Once the form has been submitted by clicking the Submit Form button you would retrieve the form values using Request.Form["Email"] (or just Request["Email"] for the lazy :))
Just some additions to the posts of the others.
To have things more explicitly you normally use Request.QueryString[...] for getting values from the QueryString, so when a GET request has been done and Request.Form[...] when a POST request is done. Although in the latter case you usually directly access the values of your server controls, since ASP.net uses the ViewState mechanism to load back on your controls when the request comes back from the client.