Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Use the RequiredTotalCy pipeline component to verify that values on a page have not been tampered with or reset. The component compares values in order against values in the _Verify_With dictionary.
For more information, see Currency Enhancements.
Intended use: Order Processing pipeline, Order Total stage.
Configuration Values
None.
Values Read
The RequiredTotalCy pipeline component reads the following values from the indicated dictionaries.
Key |
Dictionary |
Description |
|---|---|---|
_Verify_With |
Order |
A dictionary whose keys and values will be tested against keys and values in the order form. |
MessageManager.pur_badverify |
Context |
The error message text (optional). |
Values Written
The RequiredTotalCy pipeline component writes the following value to the Order dictionary.
Key |
Description |
|---|---|
_Purchase_Errors |
Error messages are written to this SimpleList object. |
Errors
The RequiredTotalCy pipeline component returns error level 2 (OPPERRORLEV_WARN) when one or more of the keys and values in the _Verify_With dictionary do not match the corresponding OrderForm entries. Other errors return error level 3 (OPPERRORLEV_FAIL).
The component writes error messages to the _Purchase_Errors collection. The components use a MessageManager object to retrieve user warning message text.
Constant |
Condition |
|---|---|
pur_badverify |
At least one of the keys and values in the _Verify_With dictionary did not match the corresponding pair in the order form. |
Remarks
The RequiredTotalCy pipeline component goes through the keys and values in the _Verify_With dictionary to make sure that the keys exist in the OrderForm and have the same values.
You can use the RequiredTotalCy pipeline component to verify that values on a page have not been tampered with or reset. To verify values on a page, add a hidden field for each item named _VERIFY_WITH that contains the item and the associated value. For, example to verify that the value ship_to_zip has not been altered, you would create a tag on the page similar this:
<INPUT TYPE="HIDDEN" NAME="_VERIFY_WITH"
VALUE="<% = "ship_to_zip=" & CStr(mmsOrderForm.ship_to_zip) %>">
When the page is posted, the name and value will be added as a key and value to the _Verify_With key in the Order dictionary.
The Order Total pipeline stage always performs a _VERIFY_WITH check. Any fields in the post that appear as _VERIFY_WITH="value=key" will verify that the order has such a key and it is set to that value. This prevents a malicious resetting of addresses or contents. If _VERIFY_WITH is not on the order form, no check is performed.
For example, order._total_total should equal (order._VERIFY_WITH)._total_total if _total.total is in the _VERIFY_WITH clause.