Big Problems..Data between to Web pages!! pls Help

[Forri]

Hi all,

i have a website (A) where people can buy stuff!

i have another website (B) which acts primarily as a payment gateway.

i would like to send information from website (A) with regards to merchant number, amount etc! to website B which will recieve this data, save the relavant details in the db then asks the user for the Visa Card number and other relevant stuff and upon hitting enter it will process the payemnt and send him back to Website A.


I tought of sending the data from A to B by using the url and encrypt the data!

The Problems i would like you to solve or help me with are:

1) HOw can i use encryption which can be encrypted on one page and decrypted on the other.

2) or how can i go about (a more effecient and secure way) of sending the data from A to B

Thanks
Nick

 

[sleipnir214]

What is the relationship between the two sites? Are they on the same server?

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[Forri]

Yes they are?

As i was saying WEBSITE A is one of our Client's sites and WEBSITE B is a common Payment Gateway for all of our customers! i can control both!!

Thakns

 

[sleipnir214]

Controlling both is not the same as having both on the same physical server.

I assume that the domains of the site and the payment gateway are different.

If they are both on the same physical server, it is possible to use session variables and force PHP to append the session id to the URL.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[Forri]

How can that be done? and will it be safe?

 

[sleipnir214]

Whether it can be done depends on your environment. If you are running PHP with Apache, you can set the PHP runtime configuration directive session.use_trans_sid to 1 on a per-directory basis from within httpd.conf or a .htaccess file.

You then just use PHP's session-handling system as normal.


Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[Forri]

the problem is that i'm currently developing on NT and IIS and upload everything on apache and linux system!!

so your saying...if i understood well..to use the session variables or environemtal variables to store the data!!

 

[sleipnir214]

Waitaminit....

The problem with using PHP's default session-handling system is that your website and payment gateway are under different URLs, and the session-token cookie isn't guaranteed to cross domains. It depends on the browser and the security settings.

But I have a couple of ideas.

One is to use IIS's virtual directory system to make the script directory of the payment gateway appear as a subdirectory of your catalog website. That way, you can use the same gateway code in multiple sites using a names subdirectory path.

Another is to use IIS's host name methodology to name your website

http://www.domain.com

and your payment gateway pay.domain.com (the gateway having multiple domain names attached to it), then use session_set_cookie_params() (

http://www.php.net/manual/en/function.session-set-cookie-params.php)

to make the session-token cookie available to the domain ".domain.com", which should make it available to both domains.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!