Checkpost

Additional security to guard against price manipulation

Each time an item is placed into the shopping cart, SalesCart runs an asp file called checkpost.asp. The purpose of this file is to provide an additional level of security against price manipulations on a published webpage. Since the identity of the buyer must be known to receive delivery of product and take advantage of a price manipulation this is a rather subtle security threat that in most cases is not impossible to get away with. However, SalesCart affords this additional peace of mind. You may edit the shop1.asp file and remove the checkpost.asp include if you wish to remove this security level if it is not required.

The checkpost programs runs in one of two different ways depending on whether you have static product pages or dynamic product pages. If you have static product pages, the file checks the price against the static page stored on the server. In the case of a dynamic shopping cart, the price is checked against the database price. Static product page checks require knowing the referring URL to get the name of the http page...in some cases, this can be more problematic. Using a dynamic database ensures the highest level of security since the database price is unambiguously searched for using the unique SKU #.

By default, if the checkpost sees a price manipulation, it silently captures that information and sends and email to the merchant. However, it can be configured to immediately stop the order as well.

Configured Checkpost to send email

1. Edit the checkpost.asp file with Notepad or Textpad.
2. Find the value emailErr = 0
3. Set emailErr to 0 to email an error message to merchant, set it to 1 to display error message on error page, or set it to 3 to not have the error message emailed or displayed.

Using your own Products Database

When checkpost is run dynamically against a products database it can unequivocally know if a price modification has been made by looking up the sku #. Checkpost is designed to run against the Products Management Plugin without modification. However, in some cases, you may have your own products database and or using a different column name to store the price or sku # for example. In these cases, you may modify checkpost.asp for you particular application.

Changing the Database connection string.

To change the database connection string, follow this procedure.

For FrontPage users

1. Edit the checkpost.asp file with Notepad or text pad.
2. Find the value fpDBPath = Application("Products1_ConnectionString"). This variable contains the FrontPage database path to the products database.
3. Change it to the correct connection string for your particular situation.

For Dreamweaver users

1. Edit the checkpost.asp file with Notepad or text pad.
2. Find the value dwDBPath = "Driver={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("/") & "/fpdb/products.mdb". This variable contains the Dreamweaver database path to the products database.
3. Change it to the correct connection string for your particular situation.

Changing the Database column names.

1. Edit the checkpost.asp file with Notepad or Textpad.
2. Find the value
   SQLStr = "SELECT Price FROM Products "
   SQLStr = SQLStr & "WHERE SKU='" & partNum & "'; "
3. This variable contains the SQL string used to query the products database. The items that can be changed are Price, Products, and SKU. Change Price to the price field name in your products database. Change Products to the products table name in your products database. Change SKU to the item number or sku field name in your products database.