0
How is it possible to circumvent a CPF validation, being that in the company I work if the client has any pending in the CPF, the sales page does not allow to proceed. Already by other means, have one or two employees who are managing to circumvent this process through the F12 key (Devtool), so far I come exhaustively in search of the solution of this question, someone has some hint.
If you leave this validation in jquery is possible, you have to do this validation using php.
– Wictor Chaves
I don’t understand, what is retoenl, you mean Return?
– Wictor Chaves
There is a way to program the return of a form, by element inspection?
– feac
Explain in more detail, please
– Wictor Chaves
You will have to validate Cpf on the server side, in your case in php, a double check. If Cpf received by the form in php does not meet your validation rule you do not follow your routine drop and session it could still send an email warning that that user is trying to circumvent its validation.
– Leandro Angelo
There are 3 pages in the validation process, where you enter NAME, DATA_NASC, CPF and ID, already on the return of this page shows the situation of the CPF, if approved you can configure the sale, if you do not complete registration, and the third page brings the situation of the analysis and suggests a new analysis. That part is being swindled, and I can’t figure out which code parameter.
– feac
You can do it two ways, the simplest and leave the validation the way this, and before saving you simply check in php if everything is ok and saved, ai if they try to cheat, it will send the form but will not be saved, or validate everything using ajax.
– Wictor Chaves
More in what variable and what information is he entering to advance page? I work in one of the largest company in the internet branch of Brazil, and we use oivende to make sales.
– feac
Explain the process better, the system is the "oivende"? the "oivende" is used for what? this form is the "oivende" or is yours?
– Wictor Chaves
It is the sales system of OI, until now I imagined that it would be the validation link, as if it were possible to exchange, but I believe it is a predictable that is being changed.
– feac
https://pastebin.com/cEyrDTGS.
– feac
Without you answering @Wictor Chaves questions it is difficult to help. Especially if you are the one responsible for the server side code.
– Juven_v
Client-side data validation should only be done in a simple way the most complex ones that can compromise your systems should always be done on the server, plus you can use an evnet system and disable the F12 key, or take users who are using it
– Marcos Brinner
I am a Sales Agent in the company, the site of oivende is used to configure the order of the client’s plan, as I am attending ADS, in case I solve this security flaw, I will conquer such a dreamed vacancy in the development sector. How the system works: first it is identified the sector of the client after the type State of the campaign and CPF, soon after comes these pages of consultation of analysis of credit, where in some variable these colleagues of work edits the value and manages to cheat the analysis of credit. Passing by
– feac
With the information you have passed is complicated from a precise answer, but what you have to do is pass this check to the server and do not leave it on the client side.
– Wictor Chaves
I found out where the information exchange is done, it simply changes the jquery of the button, putting the validation that can proceed, I’m still exploring the code to learn more about front-end. I would like to thank everyone for their support and attention.
– feac