Reply
Member
Posts: 7
Registered: ‎11-23-2011
Accepted Solution

Pass variable on cancel? SIM API

[ Edited ]

With the SIM API, one can specify a cancel URL/text. Is there a way to pass a variable back to the cancel URL? I assume there isn't, but can anyone offer an alternative for what I am trying to accomplish? Im using PHP.

 

Thanks in advance.


Accepted Solutions
Solution
Accepted by topic author webphibian00
‎08-21-2015 01:58 AM
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: Pass variable on cancel? SIM API

Simplest way is to just have a script run automatically every hour or so that kills users who haven't made their first payment within a certain amount of time. Obviously, you also won't allow login for anyone who hasn't paid yet, since there will be a short period of time between registration and account removal.

View solution in original post


All Replies
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: Pass variable on cancel? SIM API

What sort of variable? You could theoretically cheat and use a cookie.

Member
Posts: 7
Registered: ‎11-23-2011

Re: Pass variable on cancel? SIM API

Any variable custom or defined from Authorize.net.

 

My scenario: customer fills out info for their username, submits their information (where their info is then saved), then goes to Authorize.net and pays for this functionality. (This is the client's desired flow, not mine)

 

I'm trying to design a practical and secure way of canceling their username (deleting their information from the database since they have not paid). 

 

The variable passed from Authorize.net could tell me which user canceled, and I could automatically delete their information, rather thant my client manually deleting a user from their site administration interface.

 

Although, thinking about your "cheat", it doesn't appear that even if Authorize.net could send back a parameter, it couldn't really be authenticated on my end, and a malicious user take advantage of this. Similar to the COOKIE case, a malicious user could just visit the "cancel URL" with a cookie that may indicate any user and that user will be deleted. I hope that makes sense.

 

Any suggested alternatives? If the client pushes for that particular flow, then maybe they should be required to manually delete usernames that cancel on the payment form? 

Solution
Accepted by topic author webphibian00
‎08-21-2015 01:58 AM
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: Pass variable on cancel? SIM API

Simplest way is to just have a script run automatically every hour or so that kills users who haven't made their first payment within a certain amount of time. Obviously, you also won't allow login for anyone who hasn't paid yet, since there will be a short period of time between registration and account removal.

Member
Posts: 7
Registered: ‎11-23-2011

Re: Pass variable on cancel? SIM API

Excellent point. I do not know why I didn't think of cron jobs. You're on a roll today.