Not sending correct info for reseller Payflow Pro

HC Support:

How do I fix HC when it does not send the correct VENDOR, PWD, USER, and PARTNER information when setting up the Payflow Pro billing gateway?

I¬m writing a PFP gateway handler for a client who runs HC. I am testing my code against a vanilla [eval] installation of HC running in a virtual machine and using SQL. My client also has a PFP account with real information. I have populated the variables in the HCAdmin account.

However, when I¬m logged in as one of the fake reseller accounts, using my own PARTNER, PWD, VENDOR, and USER values, only the values that are established in the HCAdmin account are being passed to the handler that I¬m writing.

I suppose I can just go in and query the db on my own for the proper information, but I shouldn¬t have to do this.

Requesting Assistance.

-Brian

I¬m able to get the information from the database by using this SQL query, and I¬ve included it in my gateway handler, but again, the information in the HTTP post should be correct for the reseller account that I am logged into...

In other words.... YOU HAVE A MODERATELY SERIOUS SECURITY VULNERABILITY HERE!

SELECT gate.propname, gate.propvalue FROM tblgatewaycustomize gate
JOIN Admin_List uid ON (gate.adminname = uid.Name)
WHERE gate.adminname = ¬insert account name here¬

-Brian

We have provided Gateway Open API. I am afraid you have to consult with the documentation of Payflow Pro billing gateway yourself to fix this issue.

offcourse If you locally run this query from the server then you may get the required records. One can not exploit it remotely.