"Technical" details re GetResponse / Mailchimp etc

0 replies
Before going into greater detail about what I'm trying to do, what I'm looking for is are details re the prefix / suffix autoresponder hosts add to their user generated 'custom' fields, and the URL of where the user is sent from when they get sent back to the "return" page.

In short, I am adding a couple of security features to a script.

The script itself - which will be part of a software suite to be retailed shortly - will enable users to select one of several gifts when they subscribe. The signup form will include a custom field containing a "secret key" This will be returned to the script when users subscribe, and are returned to the website. The script then checks the key in the custom field with the one stored on the server. If they match, the script will continue.

It also checks the referer value to ensure it has come from the autoresponder host, and is not someone trying to defraud the system.

So if a hacker somehow discovers the return URL ...
  1. The code they enter into the address bar will not contain the secret key
  2. The referer URL value will not be matched
  3. (The script will ignore GET data, and only respond to POST data)

As I'm an Aweber user, (and thus have the values) here is the process.

Now Aweber's custom fields are given the prefix "custom(space)", so if I set up a field called "key", it will be returned to the script as "custom key" (what I need to know is the syntax GetResponse / Mailchimp /others use)

When people are returned to the script on my site, the script looks to see who the script has come from. (In Aweber's case, it's "aweber.com". Other vendors may return people from another named domain. If your subscriber's are returned to a script, you can find this value by adding the line $ENV{'HTTP_REFERER'), printing the outcome and printing the result to screen / file)

Two final points. I wrote to GetResponse, but they claimed providing these details were "security issues", and I should instead sign up for a 30 day trial!! I don't really want to do that, so help appreciated. Mailchimp is also not vital as I have set up a new account to trial and find these values. Any other popular responders I should add to script?

Thanks in advance for your time / assistance

++ UPDATE ++
Having just spent an hour or so looking at the Mailchimp interface, I'm not sure this will work with my scripts. For whilst the form editor allows you to create hidden fields ... those hidden fields are also not included in the signup form (unless you edit the embed code, and put all the HTML code on your page) It also doesn't state if when they return people to the external "Thank You" page, any variables at all will be passed. Add to this fact the signup form cannot be resized to fit your own page, and that you cannot set up any autoresponder unless you become a paying member it's got a lot going against it as opposed to Aweber
#details #getresponse #mailchimp #technical

Trending Topics