The RequiredTotal component, which appears in the Order Total stage of an order processing pipeline, performs a _VERIFY_WITH check on the OrderForm.
The stage always performs a _VERIFY_WITH check. Any fields in the post that appear as _VERIFY_WITH="value=key" will verify that the order has such a key and it is set to that value. This prevents a malicious resetting of addresses or contents. If _verify_with
is not on the OrderForm, no check is performed.
For example, order._total_total
should equal (order._VERIFY_WITH)._total_total
if _total.total
is in the _VERIFY_WITH clause.
<INPUT TYPE="HIDDEN" NAME="_VERIFY_WITH" VALUE="<% = "ship_to_zip=" & CStr(mmsOrderForm.ship_to_zip) %>">
For more examples, see the \Clocktower\Purchase.asp file in the Commerce Server installation.