Export (0) Print
Expand All

RequiredTotalCy

Commerce Server 2007
For the latest version of Commerce Server 2007 Help, see the Microsoft Web site.

Use the RequiredTotalCy pipeline component to verify that values on a page have not been tampered with or reset. The component compares values in order against values in the _Verify_With dictionary.

For more information, see Currency Enhancements.

Intended use: Order Processing pipeline, Order Total stage.

The RequiredTotalCy pipeline component reads the following values from the indicated dictionaries.

Key

Dictionary

Description

_Verify_With

Order

A dictionary whose keys and values will be tested against keys and values in the order form.

MessageManager.pur_badverify

Context

The error message text (optional).

The RequiredTotalCy pipeline component writes the following value to the Order dictionary.

Key

Description

_Purchase_Errors

Error messages are written to this SimpleList object.

The RequiredTotalCy pipeline component returns error level 2 (OPPERRORLEV_WARN) when one or more of the keys and values in the _Verify_With dictionary do not match the corresponding OrderForm entries. Other errors return error level 3 (OPPERRORLEV_FAIL).

The component writes error messages to the _Purchase_Errors collection. The components use a MessageManager object to retrieve user warning message text.

Constant

Condition

pur_badverify

At least one of the keys and values in the _Verify_With dictionary did not match the corresponding pair in the order form.

The RequiredTotalCy pipeline component goes through the keys and values in the _Verify_With dictionary to make sure that the keys exist in the OrderForm and have the same values.

You can use the RequiredTotalCy pipeline component to verify that values on a page have not been tampered with or reset. To verify values on a page, add a hidden field for each item named _VERIFY_WITH that contains the item and the associated value. For, example to verify that the value ship_to_zip has not been altered, you would create a tag on the page similar this:

<INPUT TYPE="HIDDEN" NAME="_VERIFY_WITH"
       VALUE="<% = "ship_to_zip=" & CStr(mmsOrderForm.ship_to_zip) %>">

When the page is posted, the name and value will be added as a key and value to the _Verify_With key in the Order dictionary.

The Order Total pipeline stage always performs a _VERIFY_WITH check. Any fields in the post that appear as _VERIFY_WITH="value=key" will verify that the order has such a key and it is set to that value. This prevents a malicious resetting of addresses or contents. If _VERIFY_WITH is not on the order form, no check is performed.

For example, order._total_total should equal (order._VERIFY_WITH)._total_total if _total.total is in the _VERIFY_WITH clause.

Show:
© 2014 Microsoft