1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

E-commerce fraud and scrubbing project - developer needed

Discussion in 'General Programming Chat' started by jsonajax, Jan 31, 2009.

  1. jsonajax

    jsonajax Newbie

    Joined:
    Jan 30, 2009
    Messages:
    4
    Likes Received:
    0
    START

    JOIN
    1. user goes to website and selects to opt in and join. One this page our script is loaded.
    a. the submit post and or the href link is followed and loaded in the browser. This may or may not be the same URL as the original URL that the script was loaded from.
    b. we record and post the user information of the entire form (all field:value pairs, or href link) and encrypt and post to a https php URL. No response will or redirect will return from this post.

    INITIAL FORM
    2. from step 1 above, the user is redirected to the same or a different URL while we maintain our script. The user will then complete an initial sign up form and then submit.
    a. the submit post is followed and loaded in the browser. This may or may not be the same URL as the original URL that the script was loaded from.
    b. we record and post the user information of the entire form (all field:value pairs) and encrypt and post to a https php URL. No response will or redirect will return from this post. We will need to have an identifier (sessionid + transactionid) to match the record to previous records from this session.

    SECONDARY FORM
    3. from step 2 above, the user is redirected to the same or a different URL while we maintain our script. The user will then complete a secondary sign up form and then submit.
    a. the submit post is followed and loaded in the browser. This may or may not be the same URL as the original URL that the script was loaded from.
    b. we record and post the user information of the entire form (all field:value pairs) and encrypt and post to a https php URL. No response will or redirect will return from this post. We will need to have an identifier (sessionid + transactionid) to match the record to previous records from this session.

    ADDITIONAL FORMS
    4. from step 3 above, the user is redirected to the same or a different URL while we maintain our script. The user will then complete an optional 3rd (this scenario should be able to operate "n" cycles until the sign up is
    complete) sign up form and then submit.
    a. the submit post is followed and loaded in the browser. This may or may not be the same URL as the original URL that the script was loaded from.
    b. we record and post the user information of the entire form (all field:value pairs) and encrypt and post to a https php URL. No response will or redirect will return from this post. We will need to have an identifier (sessionid + transactionid) to match the record to previous records from this session.

    COMPLETED RESPONSE
    5. sign up complete will be recognized based on the approval of the data returns of the posts.
    a. we monitor the return data and when sign up is complete based on certain criteria in the return message i.e. approved or sign up complete we release the browser to the redirected url as normal.
    b. we record the final evaluated return as final post the return information and encrypt and post to a https php URL. No response will or redirect will return from this post. We will need to have an identifier (sessionid + transactionid) to match the record to previous records from this session.
    END

    We have received a great response from this community on our project opening. Thank you all! In order to better provide an understanding of our project and the challenges we have included comments and notes that many of you have taken the time to communicate. Please read our original job description and use case and the notes below. If you believe there is a method to accomplish this please provide a proposal and estimate. This is a proof of concept and we have numerous projects and work available!

    COMMENT: "A script from page A can not access the contents of page B if that page is located on some other domain. This security is present in all new versions of browsers without any exception. This restriction applies on all scripting techniques. For example you can access the contents of iframe if that page is loaded from the same domain, but you can not access the contents of the iframe having page served from different domain. This is a very basic security implication."

    NOTE: We have tested this with iframes and with AJAX using Jquery Jform Jframe and found this to be true.

    COMMENT: "There is a way to achieve this thing, but that's not an alternate or even a hack. In this method your server will not actually forward the request to other server, but will effectively act as proxy and will serve all the contents itself by rewriting the urls, just like any other proxy server does. In that way you'll gain access to everything."

    Note: This scenario would only work if we could make the proxy forward the original IP address of the browser entering the data and posting. In other words we must keep all of the session information the same when using a proxy.

    COMMENT: "According to your description it seems you want to submit multiple forms one after another using ajax and php.. and then finally submit the main form."

    Note: The multiple submissions will be posted to the same domain and or different domains.

    COMMENT: "Ajax works only in same domain. It can be done using jsonP.. but that depends on many other factors. also php proxy using fsocket / curl could be used."

    Note: We don't know if JsonP has to be served from each different domain. We could serve it from the first domain but not always from subsequent domains in our use case. If this is the case it won't work.

    COMMENT: "These opinions above are all correct. I didn't realize that you were trying to obtain customer sign-up information from forms served from different domains. I can't think of a way that this might be accomplished."

    Note: If this we're easy we could do this in-house. That is why we are reaching out to the development community.