Jaa


RequiredTotalCy

Use the RequiredTotalCy pipeline component to verify that values on a page have not been tampered with or reset. The component compares values in order against values in the _Verify_With dictionary.

For more information, see Currency Enhancements.

Intended use: Order Processing pipeline, Order Total stage.

Configuration Values

None.

Values Read

The RequiredTotalCy pipeline component reads the following values from the indicated dictionaries.

Key

Dictionary

Description

_Verify_With

Order

A dictionary whose keys and values will be tested against keys and values in the order form.

MessageManager.pur_badverify

Context

The error message text (optional).

Values Written

The RequiredTotalCy pipeline component writes the following value to the Order dictionary.

Key

Description

_Purchase_Errors

Error messages are written to this SimpleList object.

Errors

The RequiredTotalCy pipeline component returns error level 2 (OPPERRORLEV_WARN) when one or more of the keys and values in the _Verify_With dictionary do not match the corresponding OrderForm entries. Other errors return error level 3 (OPPERRORLEV_FAIL).

The component writes error messages to the _Purchase_Errors collection. The components use a MessageManager object to retrieve user warning message text.

Constant

Condition

pur_badverify

At least one of the keys and values in the _Verify_With dictionary did not match the corresponding pair in the order form.

Remarks

The RequiredTotalCy pipeline component goes through the keys and values in the _Verify_With dictionary to make sure that the keys exist in the OrderForm and have the same values.

You can use the RequiredTotalCy pipeline component to verify that values on a page have not been tampered with or reset. To verify values on a page, add a hidden field for each item named _VERIFY_WITH that contains the item and the associated value. For, example to verify that the value ship_to_zip has not been altered, you would create a tag on the page similar this:

<INPUT TYPE="HIDDEN" NAME="_VERIFY_WITH"
       VALUE="<% = "ship_to_zip=" & CStr(mmsOrderForm.ship_to_zip) %>">

When the page is posted, the name and value will be added as a key and value to the _Verify_With key in the Order dictionary.

The Order Total pipeline stage always performs a _VERIFY_WITH check. Any fields in the post that appear as _VERIFY_WITH="value=key" will verify that the order has such a key and it is set to that value. This prevents a malicious resetting of addresses or contents. If _VERIFY_WITH is not on the order form, no check is performed.

For example, order._total_total should equal (order._VERIFY_WITH)._total_total if _total.total is in the _VERIFY_WITH clause.

See Also

Other Resources

Pipeline Component Reference