uShop English (U.S.) for 179!

uStorekeeper English (U.S.) for 149!

 Products
       uTest
       uReserve
       uShop
       uStorekeeper
       uGolf
       uDirectory
       uSignIn
 Tech Support
       Support Policy
       Knowledge Base
            uTest
            uReserve
            uShop
            uStorekeeper
            uGolf
            uDirectory
            uSignIn
       Documentation
       Reference Sites
 Legal
       Software Piracy
       Legal Notices
       Privacy Policy
       Licensing
 Miscellaneous
       Reseller Info
       Contact Us
       Site Map
CGI Redirects for Path Protection?

Knowledge Base Lobby : uShop Support Conference : CGI Script Related Problems
Oct-20-17 12:02 PM EST
Original Message
CGI Redirects for Path Protection?
Author Susan on 01-19-2001 at 00:56 (EST)
In the uShop order html, the path to the in/secure server is visible if you view source. What if there is an intermediary script?

i.e. you pass your order first to a redirector CGI script, which then passes the order to the secure server. Is data preserved across this redirect?

If that was possible, would you have to use GET or is POST still possible?

I heard aol users' browser (custom IE) only supported GET .. so uShop might not be working in places for like 20 million potential clients ..

TABLE OF CONTENTS

Table Of Contents
  RE: CGI Redirects for Path Protection? Bill Weiner, 2001-01-19 06:15:54 (1)
            CGI Redirects and "Login" problem Susan, 2001-01-19 21:17:00 (2)
                 RE: CGI Redirects and "Login" problem" Bill Weiner, 2001-01-22 06:29:14 (3)

Messages In This Discussion
         1. RE: CGI Redirects for Path Protection?
        Author Bill Weiner on 01-19-2001 at 06:15 (EST)
In regard to your (uShop 2.x?) questions:

1) Are you referring to seeing the information in the URL via the GET method in uShop 2.x?

2) In uShop 2.x, GET is the only method available (unless using the Authorize.Net add-on). uShop 3.x uses POST.

3) AOL browsers support both GET and POST.
TABLE OF CONTENTS
                 2. CGI Redirects and "Login" problem
                Author Susan on 01-19-2001 at 21:17 (EST)
> Are you referring to seeing the information in the URL via the GET method in uShop 2.x?

No, I was referring to when you view the source of the html page which has the uShop applet embedded, you can see the URL to the cgi script. This is in both 2.x and 3.x

Can you do the cgi redirect, (i.e. have the script_url aram point to the cgi redirect script which would then send the data to the actual uShop cgi script..) or does the data not persist over a redirect? i.e. must you click through the series of applets in order to get to a successful order?

And why when I hit "check out now", and have the path properly defined in the html .. permissions set properly (java dir 755, store dir 755, data dir 777, cgi-bin 755) and uploaded in ascii .. I always get the "login" instead of the order form? Am I missing something here?

TABLE OF CONTENTS
                         3. RE: CGI Redirects and "Login" problem"
                        Author Bill Weiner on 01-22-2001 at 06:29 (EST)
In regard to using a CGI re-direct to try to hide the URL of the uShop CGI script.... I suppose you could try to setup such a redirect (at that point the uShop data is passed through a POST)... but there is really no harm in showing the URL of the uShop CGI script... so I don't know why you would really want to bother.

In regard to getting the uShop Login screen during the order process, depending on when exactly during the order process the Login screen is showing up, I would suggest checking these three things:

1) Make sure the "script_url" parameter of your uShopOrderButton applet is pointing to the correct URL of the "ushop.pl" script on your secure server.

2) Make sure that configuration question #4 at the top of the "ushop.pl" script ($secure_script_url) is properly pointing to the correct URL of the "ushop.pl" script on your secure server. It should be the exact same URL being used as the "script_url" parameter of your uShopOrderButton applet.

3) And if you made any modifications to the "order_template.html" file, make sure that the < FORM > tag at the top of the "order_template.html" file is in ALL-CAPS. This is because that particular < FORM > tag on the "order_template.html" file is case-sensitive ... so make sure it is all UPPERCASE.

In none of the above suggestions resolve the problem for you, give me a URL where I can try out your order process and I will take a look at it.
TABLE OF CONTENTS

© 2003 Microburst Technologies, Inc.