Getting the cost

[adammc]

Hi,

I have viewed the example page that came in the zip and there is no mention of how to get the cost of the domain to send to a php script.

The only way I could see was adding the price into the url, but this wont be too secure as people can change the price in the url.

What is the variable name so I can make up a form to place in the 'available domain template section' ?

I eventually want to do this:

$_SESSION['domain_price'] = $_REQUEST['cost'];
this results as - $25.00, however i need to strip the $ off the price, can you possibly tell me how would this be done?

[Patrick]

Cost should be calculated by your other script based on TLD that is passed in. If you are passing in price in some manner from the whois script, your logic is flawed somewhere.

The best thing you can do in your other script (you external / third party / own script) is to base cost on TLD that is passed in such as domain=whatever&ext=TLD. Then you can use a php switch statement or similar to determine cost (the switch statement would be in your third party script):

PHP Code:

// convert to lowercase just in case
$tld = strtolower($_REQUEST['ext']);

// actual switch statement
switch($tld)
{
    // .com domains
    case "com" : $cost = 25.00;
    break;

    // .net domains
    case "net" : $cost = 20.00;
    break;

    // .info & .us domains, both same price
    case "info" :
    case "us" : $cost = 16.00;
    break;

    // unknown (default case)
    default : $cost = "";
}

// error if cost is empty (indicating unknown / invalid extension)
if (empty($cost))
    die("Invalid domain extension!"); 


You should ALWAYS calculate cost based on the TLD and NEVER on any possible cost that can be tampered with by the user (as you noted as well).

In fact, if you are using a PayPal script (you didn't specify), you may want to go so far as to generate multiple encrypted order links from within PayPal website to prevent tampering, one for each of your possible costs. Then you can use a switch statement, similar to the above, to determine which link to display and in that manner display the correct order form with the correct price that is encrypted. This is a real fundamental and basic approach, but it would provide the functionality and security that you require.

[adammc]

Hiya Patiek,

Cost should be calculated by your other script based on TLD that is passed in. If you are passing in price in some manner from the whois script, your logic is flawed somewhere.

I'm not sure I understand? Why bother to have a pricelist in your script admin if you cant use it? Or am i missiing something?

I mean, doesnt your script send the TLD price to a variable?

[Patrick]

The prices within the script are used for display purposes.

Your billing script has to have the ability to assign price based on TLD (or you could make a script that acts as a middle man between the whois script and your billing script), otherwise price will not be secure. The only other method of creating a secure price would be to encrypt the price and then decrypt the price. However, the price could still be tampered with by the user (for example, a lower encrypted price in place of a higher encrypted price).

Remember: never assume that sessions are inaccessible to the user.

[adammc]

Thanks for clearing that up Patiek.
Much appreciated

[adammc]

Code:

// .info & .us domains, both same price
case "info" :
case "us" : $cost = 16.00;


// unknown (default case)
default : $cost = "";

Do you need to 'break;' after each of these?

[Patrick]

Code:

// .info & .us domains, both same price
case "info" :
case "us" : $cost = 16.00;


// unknown (default case)
default : $cost = "";

Do you need to 'break;' after each of these?

I have corrected my original post to fix the error and display how it should be.