----- Original Message -----
From: Fotwun <[EMAIL PROTECTED]>
To: Jason Wong <[EMAIL PROTECTED]>; Fotwun <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, August 21, 2001 4:24 AM
Subject: RE: [PHP-DB] E-Commerce - Integrating Sessions With Charging
Processes That rePOST
> How, code wise do I retreive the session data from the session id. Also,
> another response below said HTTP_REFERRER is not secure. So how do people
> who use this type of payment gateway secure the script it redirects to.
All
> of the data it sends is form data, so once somebody new what script it
> redirects to, and what form data it posts, it would be quite easy for them
> to authorize their own charges in my opinion.
Basically the info that the customer provides when clicking on the "buy
button" needs to be processed by you (ie stored into a session) then passed,
along with a return URL, on to the payment gateway. The return URL (say
confirm.php) displays confirmation of whether or not the transaction
succeeded.
I am assuming the following:
You have a page which collects the customer info (say order.php). When they
submit this, the info is processed by another page (say buy.php) which also
passes the form info to the payment gateway.
order.php
=========
There is nothing special about this. All it needs is that the form action is
set to buy.php
buy.php
=======
## Store the form info into some session data
##
## NB. I tend to name my form elements like : form[name], form[address],
form[phone] etc.
## This way it becomes very easy to process like so:
session_register("form");
This will store form[name], form[address], form[phone] etc into the session
data.
The session-id can be gotten by:
$session_ID = session_id();
Now all the remains is to POST the form data (form[name], form[address],
form[phone] etc) and return URL to the payment gateway.
Construct the return URL:
## this is just an example, alter to taste:
$ret_URL = "http://www.mydomain.com/confirm.php?sid=$session_ID";;
Now POST this along with form data to the payment gateway. I haven't a clue
how to do this, maybe use CURL library?
NB If the payment gateway accepts GETs then its just a simple matter of
tacking the form data and return URL onto the the URL of the gateway and
sending an HTTP redirect header.
Something like:
header("Location:
http://payment.gateway.com/payment.cgi?name=$form[name]&address=form[address
]&phone=$form[phone]&returnURL=$ret_URL")
Hopefully after the gateway has done its stuff it will redirect back to your
confirmation page.
confirm.php
===========
To retrieve the session-id just do:
session_id($session_ID);
To get your session data:
session_register("form");
echo "Name: $form[name]";
NB all the above is untested :)
regards
--
Jason Wong
Gremlins Associates
www.gremlins.com.hk
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
