cancel
Showing results for 
Search instead for 
Did you mean: 

Pass variable on cancel? SIM API

With the SIM API, one can specify a cancel URL/text. Is there a way to pass a variable back to the cancel URL? I assume there isn't, but can anyone offer an alternative for what I am trying to accomplish? Im using PHP.

 

Thanks in advance.

webphibian00
Member
1 ACCEPTED SOLUTION

Accepted Solutions

Simplest way is to just have a script run automatically every hour or so that kills users who haven't made their first payment within a certain amount of time. Obviously, you also won't allow login for anyone who hasn't paid yet, since there will be a short period of time between registration and account removal.

View solution in original post

4 REPLIES 4

What sort of variable? You could theoretically cheat and use a cookie.

TJPride
Expert

Any variable custom or defined from Authorize.net.

 

My scenario: customer fills out info for their username, submits their information (where their info is then saved), then goes to Authorize.net and pays for this functionality. (This is the client's desired flow, not mine)

 

I'm trying to design a practical and secure way of canceling their username (deleting their information from the database since they have not paid). 

 

The variable passed from Authorize.net could tell me which user canceled, and I could automatically delete their information, rather thant my client manually deleting a user from their site administration interface.

 

Although, thinking about your "cheat", it doesn't appear that even if Authorize.net could send back a parameter, it couldn't really be authenticated on my end, and a malicious user take advantage of this. Similar to the COOKIE case, a malicious user could just visit the "cancel URL" with a cookie that may indicate any user and that user will be deleted. I hope that makes sense.

 

Any suggested alternatives? If the client pushes for that particular flow, then maybe they should be required to manually delete usernames that cancel on the payment form? 

Simplest way is to just have a script run automatically every hour or so that kills users who haven't made their first payment within a certain amount of time. Obviously, you also won't allow login for anyone who hasn't paid yet, since there will be a short period of time between registration and account removal.

Excellent point. I do not know why I didn't think of cron jobs. You're on a roll today.