Re: [PHP-DB] E-Commerce - Integrating Sessions With Charging Processes That rePOST
- Original Message - From: Fotwun [EMAIL PROTECTED] To: Jason Wong [EMAIL PROTECTED]; Fotwun [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, August 21, 2001 4:24 AM Subject: RE: [PHP-DB] E-Commerce - Integrating Sessions With Charging Processes That rePOST How, code wise do I retreive the session data from the session id. Also, another response below said HTTP_REFERRER is not secure. So how do people who use this type of payment gateway secure the script it redirects to. All of the data it sends is form data, so once somebody new what script it redirects to, and what form data it posts, it would be quite easy for them to authorize their own charges in my opinion. Basically the info that the customer provides when clicking on the buy button needs to be processed by you (ie stored into a session) then passed, along with a return URL, on to the payment gateway. The return URL (say confirm.php) displays confirmation of whether or not the transaction succeeded. I am assuming the following: You have a page which collects the customer info (say order.php). When they submit this, the info is processed by another page (say buy.php) which also passes the form info to the payment gateway. order.php = There is nothing special about this. All it needs is that the form action is set to buy.php buy.php === ## Store the form info into some session data ## ## NB. I tend to name my form elements like : form[name], form[address], form[phone] etc. ## This way it becomes very easy to process like so: session_register(form); This will store form[name], form[address], form[phone] etc into the session data. The session-id can be gotten by: $session_ID = session_id(); Now all the remains is to POST the form data (form[name], form[address], form[phone] etc) and return URL to the payment gateway. Construct the return URL: ## this is just an example, alter to taste: $ret_URL = http://www.mydomain.com/confirm.php?sid=$session_ID;; Now POST this along with form data to the payment gateway. I haven't a clue how to do this, maybe use CURL library? NB If the payment gateway accepts GETs then its just a simple matter of tacking the form data and return URL onto the the URL of the gateway and sending an HTTP redirect header. Something like: header(Location: http://payment.gateway.com/payment.cgi?name=$form[name]address=form[address ]phone=$form[phone]returnURL=$ret_URL) Hopefully after the gateway has done its stuff it will redirect back to your confirmation page. confirm.php === To retrieve the session-id just do: session_id($session_ID); To get your session data: session_register(form); echo Name: $form[name]; NB all the above is untested :) regards -- Jason Wong Gremlins Associates www.gremlins.com.hk -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] E-Commerce - Integrating Sessions With Charging Processes That rePOST
- Original Message - From: Fotwun [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, August 20, 2001 1:40 PM Subject: [PHP-DB] E-Commerce - Integrating Sessions With Charging Processes That rePOST Hi, I have basically seen and used two methods for integrating credit card gateways into PHP code. The first method is one that opens a socket to the gateway server and sends the data from within the code. The second is where FORM data is posted to a https URL with the URL is should send the response back to, with the confirmation code, etc. [snip] Because the clients order id that is generated will be stored as a session, I need a way to reference the order ID and confirmation code that is returned by the posted data from the gateway, against the session data to start inserting the data into the DB if it was a successful charge. You can store the session-id in the return URL. regards -- Jason Wong Gremlins Associates www.gremlins.com.hk -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] E-Commerce - Integrating Sessions With Charging Processes That rePOST
How, code wise do I retreive the session data from the session id. Also, another response below said HTTP_REFERRER is not secure. So how do people who use this type of payment gateway secure the script it redirects to. All of the data it sends is form data, so once somebody new what script it redirects to, and what form data it posts, it would be quite easy for them to authorize their own charges in my opinion. I think the more I think about this, the POST/REDIRECT type of gateway is pretty hooky. I would like someones input who actually uses this type of gateway and how it is secured and how they maintain their sessions that correlate to that broswer. I think I just need to find a company with more reasonable rates that allow direct socket authorization. Any recommendations on that? -Original Message- From: Jason Wong [mailto:[EMAIL PROTECTED]] Sent: Monday, August 20, 2001 12:43 PM To: Fotwun; [EMAIL PROTECTED] Subject: Re: [PHP-DB] E-Commerce - Integrating Sessions With Charging Processes That rePOST - Original Message - From: Fotwun [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, August 20, 2001 1:40 PM Subject: [PHP-DB] E-Commerce - Integrating Sessions With Charging Processes That rePOST Hi, I have basically seen and used two methods for integrating credit card gateways into PHP code. The first method is one that opens a socket to the gateway server and sends the data from within the code. The second is where FORM data is posted to a https URL with the URL is should send the response back to, with the confirmation code, etc. [snip] Because the clients order id that is generated will be stored as a session, I need a way to reference the order ID and confirmation code that is returned by the posted data from the gateway, against the session data to start inserting the data into the DB if it was a successful charge. You can store the session-id in the return URL. regards -- Jason Wong Gremlins Associates www.gremlins.com.hk -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
