FormsAssurity - integrating secure forms into your ecommerce system

Integrating Secure Forms with your Ecommerce system

FormsAssurity can easily be integrated into your shopping cart / e-commerce system by passing field values to the applet form, through HTML or a dynamic page.

Components in the form can be initialized with values using <PARAM ...> tags.

For textfield and textarea components values must use escape sequences as follows: new line as \n, carriage return as \r, tab as \t and backslash character as \\. Example <PARAM NAME="textarea1" VALUE="line1\nline2\nline...\\3\nline\t4">. This "language" is the same used in scripting (PHP, Perl, etc).

Combobox, listbox and radiobuttongroup items can be selected by item value. For example if a combobox has 2 entries item1/item value1 and item2/item value2, the selection can be set using <PARAM NAME="combobox1" VALUE="item value2">.

Checkboxes can be marked in the following way: <PARAM NAME="checkbox1" VALUE="true">

Below is sample HTML code used to load the applet form:

<OBJECT classid = "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
         codebase = "http://java.sun.com/products/plugin/autodl/jinstall-1_4-windows-i586.cab#Version=1,4,0,0"
         WIDTH = 400 HEIGHT = 300>
         <PARAM NAME = CODE VALUE = "Form" >
         <PARAM NAME = ARCHIVE VALUE = "Form.jar, bcprov-jdk14-119.jar" >
         <PARAM NAME = "type" VALUE = "application/x-java-applet;version=1.4">
         <PARAM NAME = "scriptable" VALUE = "false">
         <PARAM NAME = "fld_product_name" VALUE = "anything">
         <PARAM NAME = "fld_quantity" VALUE = "anything">
</OBJECT>

In the example above, the fld_product tag instructs the applet form to use the value "anything" for the field name called "product_name" and the field name called "quantity".

These values can be assigned to the PARAM tags either through static calls (by writting the desired value within the HTML source) or through a scripting parameter.

Using standard form handling methods, you can integrate the applet form within HTML, PHP, ASP or CGI form pages. Just make sure you assign the same field names for the form applet fields with the fields you want to pass from previous form pages to the form applet visible or hidden fields. Depending on your preferences, you can pass these values by using the URL method (by posting the filled form fields to the form applet, as a set of URL strings, for example <Form method="post" action="sample_secure_form.html">), by using scripts (so the VALUE of the PARAM tag will be a variable, defined according to the scripting language you want to use) or by using cookies.

For example, if you want the product field to be dynamically loaded with the product selected by the user on a previous page, you can use javascript to pass the VALUE name to the HTML page that loads the applet. You can also use these values to be passed to a hidden field that will get, as a string, other previously filled fields, without displaying them within the applet form, but passing them with the applet form submission. See Form Properties for use of hidden fields.

The information that your e-commerce system passes from one page to another will need to be passed to an HTML, PHP, ASP, etc. page, which will contain:

1)  a static reference to load the applet (which is the BODY code from the secure_form.html file).

2)  a set of variables which contain the values of the fields which were previously filled-in by the user of the shopping cart.

When the user submits the form, the applet will look into the web page that loaded it and it will record and submit those fields too.

Example of Usage

You deploy a form that consists of two pages, where page one is an HTML page where users select products and page two is the secure form (contains the FormsAssurity applet) where users enter their personal information. On page one, you use the form submit button with the method POST and submit the form data to the second page (using the ACTION tag, so it will look like <Form method="post" action="page.html">), then page two will automatically load the values of the fields which were filled in on page one. These values are sent along with their names (e.g. Product_Name="My Product") to page two, which will automatically assign these values to whatever PARAM tags that match their names. So my parameter $Product_Name will take the value "My Product". If their names don't match any visible or hidden field name from the applet, then those values will be ignored on the final form submission. This is a very basic example, using HTML only, but you can make complex cases using java scripts, cgi, perl, asp or php. If you want to, you can even use cookies and you can instruct a parameter to take the value from a cookie.