Jump to content

cspasztor

REGISTERED
  • Content Count

    1
  • Joined

  • Last visited

  • Days Won

    1

Posts posted by cspasztor

  1. After the php5.6 changes this is not working on https.


    But I can make fake commissions from my browser http://mysite.com/myfolder/sale/amount/$AMOUNT/trans_id/$ORDERID/tracking_code/$COOKIE

    I write the values into the variables.


    I think everybody can make fake commission who "know" the script.


    I think it is a security risk.

    It is a better method to post (with a security ID) than this.

    Or another possibility if I can change the route from "myfolder/sale/amount/" to "myfolder/sale23tqprz65kst/amount/" for example.


    Or if you not encrypt a file - the sale.php I think.

    If the file is "open source" (only this file) we can implemet own our secure transactions.


    Thanks,

    Csaba

    • Like 1
×
×
  • Create New...