|
PHP - Payment Gateway Vulnerabilty Using Post
hey guys.
I am using Liberty reserve to sell my digital items online, when the user buys the item LR posts back item_id so I can grab the id out of the database to display to the buyer and lr_amnt to check the amount against the one inside the database before displaying the result to the user. TOP: <?php include 'includes/config.inc.php'; if(isset($_POST['item_id']) && isset($_POST['lr_amnt'])) { $itemID = $_POST['item_id']; $lrAmt = $_POST['lr_amnt']; $result = mysql_query("SELECT * FROM items WHERE item_id='$itemID'"); while($row = mysql_fetch_array($result)) { $login = $row['item_login']; $pass = $row['item_pass']; $itemName = $row['item_account']; $itemDel = $row['item_del']; $price = $row['item_price']; } } ?> -------------------------------- Header: <?php if($lrAmt != $price) : ?> <h2>Fatal error in transaction: the price does not match that in the database</h2> <?php else: ?> <h2>Thank you for you're purchase of <?php echo $itemName; ?>. Please keep these details safe as they have been deleted from our database.</h2> <?php echo '<br />'; echo 'Your new Username: ' . $login; echo '<br />'; echo 'Your password: ' . $pass; ?> <?php endif; ?> but if the user views the source code and grabs the ID they could easily get it for free by making a simple html script that takes in item_id and lr_amnt and put in the values and post it to the success page. example: Code: [Select] <fieldset> <!-- <legend>Forgot password</legend> --> <form method="post" action="http://angrypossum.org/carl/mySaleTwo/success.php"> <p> <label for="itemid">Item ID: </label> <input type="text" name="item_id" id="itemid" class="input" /> </p> <p> <label for="itemprice">Item price: </label> <input type="text" name="lr_amnt" id="itemprice" class="input" /> </p> <p> <input type="submit" name="login" value="Steal" class="button" /> </p> </form> </fieldset> how could I stop that? thanks Similar TutorialsHi guys, I just want to know if any one has worked with streamline payment gateway before, we are building a cart for a customer, a in house built sulition, and just wanted some help / advice on how to process payments. The customer has picked streamline as their merchant Thank you Hi, Is there any one has integrated securenet payment gateway in php? Is yes, can any one provide me HTML code and php code for it? Looking foward Hi guys, I'm not really experienced with PHP to a high degree, very very basic knowledge. I took a website for a client which was an e-commerce website in need of a re-host? Sounds Simple enough. However when uploading the site i found it went to a secure server outside of the one I was hosting it on when it came to submitting the payment. I then had to get access to these files and get them working on locally on my server. This where I'm having trouble... It's easier to show you the problems rather than try and explain them. This is the original working version of the payment page: https://secure.wilkesdesign.com/egowear/pay.php And this is my version: http://www.egowear.co.uk/payment/pay.php Which is essentially a duplicate, all I have changed is the details for it accessing the database on the the server which is included in "inc_db.php" As well as updating the link in protx.php to the correct TermUrl. The rest is the same as the original If you go to the first page and enter no details and just click "Make Payment" at the bottom of the page, you should get several validation errors appear in red at the top of the page. Do exactly the same on my version, the second link. And nothing seems to happen, no errors nothing. I'll admit i'm quite out of my depth here now, and I'm betting it's just me missing something obvious. So if anyone has any ideas I'd really appreciate it . Best Regards Chris Source code for pay.php: Code: [Select] <?php ini_set('display_errors','1'); ini_set('display_startup_errors','1'); error_reporting(E_ALL ^ E_NOTICE); $homeURL = "http://www.egowear.co.uk/"; //$homeURL = "http://intranet.wilkesdb.com/ego/"; // include at the start of the script being called. //error_reporting(E_ALL); ini_set('display_errors', '1'); $asId = 1; include "includes/inc_db.php"; $db = new DB; $db1 = new DB; $vatRate = $db->getval("SELECT glValue FROM globals WHERE glId=1","glValue")+0; $xorCountry = 2; $orDelCountry="UK"; $orPayNote='Unconfirmed'; $orPaid=0.00; $header = "MIME-Versin: 1.0\r\n" . "Content-type: text/plain; charset=ISO-8859-1; format=flowed\r\n" . "From: Egowear <sales@egowear.co.uk>\r\n"; $header .= "Reply-To: Egowear <sales@egowear.co.uk>\r\n"; $header .= "X-Mailer: PHP/" . phpversion() . "\r\n"; if($basketURL) { $basketArray = double_explode(":","|",$basketURL); //print_r($basketArray); $subTotal=$discount=$orDelCharge=0; $items = $subTotal = $totalWeight = 0; foreach ($basketArray as $key => $val) { $extraCost = 0; $prId = $val[0]; $qty = $val[1]; $prSize=$val[2]; $prColour=$val[3]; $extraCost = $val[5]; $db->query("SELECT prtName, prtPrice, prtImage, prColour, prPrtId, prVatable, IF(prWeight>0,prWeight,prtWeight) weight FROM products, prtypes WHERE prId='$prId' AND prtId=prPrtId"); $db->next_record(); list($prtName, $prPrice, $prtImage, $prColour, $prPrtId, $prVatable, $weight) = $db->Record; $prPrice = $prPrice + $extraCost; if($prVatable) $prPrice = calcVat($prPrice); $totalWeight += $qty*$weight; $items += $qty; $lineTotal = $qty*$prPrice; $subTotal += $lineTotal; } // calulate delivery (use function!!!!) $orDelChargeArray = getDelCharge($totalWeight, $xorCountry); //var_dump($orDelChargeArray); $deliveryTypesCount = count($orDelChargeArray); //echo "count: $deliveryTypesCount"; if (!$deliveryTypesCount) $orDelCharge = -1; elseif ($deliveryTypesCount==1) { list($crType) = array_keys($orDelChargeArray); $orDelCharge = $orDelChargeArray[$crType]; } if ($delOverride) $orDelCharge = $delOverride; $orVcId=0; if($xcnId) { $voucherCode = $db->getval("SELECT cnCurrentVoucherCode FROM contacts WHERE cnId='$xcnId'","cnCurrentVoucherCode"); if($voucherCode) { list($valid, $offerDescription, $vcDiscountPercent, $vcDiscountValue, $vcFreePostage, $vcMinValue, $orVcId) = validateVoucherCode($voucherCode, $xcnId); if($valid) { if($vcFreePostage) $orDelCharge=0; if($vcDiscountPercent>0) { if(!($vcMinValue>0) || ($subTotal>=$vcMinValue)) $discount = $subTotal*($vcDiscountPercent/100); } if($vcDiscountValue>0) { if(!($vcMinValue>0) || ($subTotal>=$vcMinValue)) $discount = $vcDiscountValue; } } } } $orTotal = round($subTotal+$orDelCharge-$discount,2); //$orTotal = round($subTotal*1.175,2); //echo formatnumber($subTotal).",".formatnumber($orDelCharge).",".formatnumber($discount); //$orTotal=0.01; } //echo "$subTotal<br />$orDelCharge<br />"; //echo "$orTotal<br />"; if ($sbmt) { // not used but leave in just in case!! if ($paypalOK) $ignorePayment = 1; // go with payment processing // first validate // validate fields if ($action!="callback") { if (strlen($cardHolder) < 2) $error = " • Enter the name as it appears on your card <br>"; if (!ereg("^[0-9]{10,20}", $cardNumber)) $error .= " • Please enter a valid card number <br>"; if ($startDate AND !ereg("^[0-9]{2}[0-9]{2}", $startDate)) $error .= " • Your start date is invalid <br>"; if (!ereg("^[0-9]{2}[0-9]{2}", $expiryDate)) $error .= " • Your expiry date is invalid <br>"; $billingAddress = $ccAddress1."\n\r".$ccAddress2."\n\r".$ccAddress3."\n\r".$ccTown; //if (strlen($billingAddress) < 10) $error .= " • Enter a valid billing address <br>"; $ccPostcode = strtoupper($ccPostcode); if($orDelCountry == "UK") { //if (!ereg("^[A-Z]{1,2}[0-9]{1,2}[A-Z]{0,1}[[:space:]][0-9]{1}[A-Z]{2}", $ccPostcode)) $error .= " • Enter a valid billing postcode. (Ensure that you have included the space!) <br>"; } if (!ereg("^[0-9]{3,4}", $CV2)) $error .= " • You have missed out your CV2 number<br>"; $orDelPostcode = strtoupper($orDelPostcode); //if ($orDelCountry == "UK") if (!ereg("^[A-Z]{1,2}[0-9]{1,2}[A-Z]{0,1}[[:space:]][0-9]{1}[A-Z]{2}", $orDelPostcode)) $error .= " • Your delivery postcode is invalid. (Ensure that you have included the space!) <br>"; // check if UK and BT (i.e. NI postcode) - should do this as part of the delivery package. //if ($orDelCountry == "UK" && substr($orDelPostcode, 0, 2) == "BT") $error .= " • You have selected UK postage. 'BT' postcodes are Northern Ireland and have different rates from mainland UK. Please click 'Cancel' and sellect the correct postal type."; if (strlen($orName) < 2) $error .= " • Please enter a customer name<br>"; if (strlen($orTel) < 5) $error .= " • Please tell us your telephone number<br>"; //if (strlen($orDelAddress1) < 2 || strlen($orDelTown) < 2) $error .= " • Please enter a valid customer address<br />"; if ($cnUsername) { $chkCnId = $db->getval("SELECT cnId FROM contacts WHERE cnUsername = '$cnUsername'", "cnId"); if ($cnUsername AND $chkCnId AND $chkCnId != $cnId) $error .= " • Your username is already in use by someone else. Please try another<br />"; } } //end if not callback // if(!eregi('^([a-z0-9\._-])+@([^\.]+\.[^\.]+)', $cnEmail, $matched)) $error .= " • Enter a valid email address<br>"; // second go with payment if (!$error) { /////////////////////////////////////// Payment not started yet so create order /////////////////////////////////// if(!isset($_GET['action']) && !($orId)) { //Add order if($xcnId>0) { // update contact $db->query("UPDATE contacts SET cnName='$cardHolder', cnEmail='$orEmail', cnAddress1='$ccAddress1', cnAddress2='$ccAddress2', cnAddress3='$ccAddress3', cnTown='$ccTown', cnPostcode='$ccPostcode' WHERE cnId='$xcnId'"); } else { $db->query("INSERT INTO contacts SET cnName='$cardHolder', cnUsername='$cnUsername', cnPassword='$cnPassword', cnEmail='$orEmail', cnAddress1='$ccAddress1', cnAddress2='$ccAddress2', cnAddress3='$ccAddress3', cnTown='$ccTown', cnPostcode='$ccPostcode', cnGroups='$cnGroups', cnPrefs='$cnPrefs'"); $xcnId = mysql_insert_id(); } if ($paypalOK) $orStatus = "Check Paypal Payment"; else $orStatus = "Payment Pending"; $db->query("INSERT INTO orders SET orCnId='$xcnId', orName='$orName', orDelAddress1='$orDelAddress1', orDelAddress2='$orDelAddress2', orDelAddress3='$orDelAddress3', orDelTown='$orDelTown', orDelCounty='$orDelCounty', orDelPostcode='$orDelPostcode', orDelCountry='$orDelCountry', orEmail='$orEmail', orDate=NOW(), orDelCharge='$orDelCharge', orDelType='$orDelType', orStatus='$orStatus', orVcId='$orVcId', orPayNote='$orPayNote', orPaid='$orPaid', orTotal='$orTotal', orDiscount='$discount', orTel='$orTel', orVatRate='$vatRate'"); $orId = mysql_insert_id(); $orVat=$orNet=0; foreach ($basketArray as $key => $val) { $flexString=""; $prId = $val[0]; $qty = $val[1]; $prSize=$val[2]; $flexString=$val[3]; $oiVat=$oiNet=0; $db->query("SELECT prtName, prtPrice, prtImage, prColour, prPrtId, prVatable, IF(prWeight>0,prWeight,prtWeight) weight FROM products, prtypes WHERE prId='$prId' AND prtId=prPrtId"); $db->next_record(); list($prtName, $prPrice, $prtImage, $prColour, $prPrtId, $prVatable, $weight) = $db->Record; $oiNet=$prPrice; if($prVatable) { $prPrice = calcVat($prPrice); $oiVat=$prPrice-$oiNet; $orVat+=$oiVat; } else $oiVat=0; if($qty) { $db->query("INSERT INTO orderitems SET oiOrId='$orId', oiPrId='$prId', oiQty='$qty',oiSize='$prSize',oiColour='$prColour', oiWidth='$prWidth',oiVat='$oiVat',oiNet='$oiNet',oiPriceEach='$prPrice', oiName='$prtName', oiFlexString='$flexString'"); $lineTotal = $qty*$prPrice; } } } $db->query("UPDATE orders SET orVat='$orVat', orNet='$orNet' WHERE orId='$orId'"); $vendorTxCode = "Order_".$orId; $billingAddress = substr($ccAddress1."\n\r".$ccAddress2."\n\r".$ccAddress3."\n\r".$ccTown,0,199); include("includes/protx.php"); $data = array ( 'VPSProtocol' => '2.22', 'TxType' => 'PAYMENT', 'Vendor' => 'egowear', 'VendorTxCode' => substr(substr($vendorTxCode,0,40-strlen(time())).'_'.time(),0,40), 'Amount' => number_format($orTotal,2), 'Currency' => "GBP", 'Description' => substr("Egowear Website Order: (".trim($typeDescrip).")",0,99), 'CardHolder' => substr($cardHolder,0,50), 'CardNumber' => substr($cardNumber,0,20), 'StartDate' => substr($startDate,0,4), 'ExpiryDate' => substr($expiryDate,0,4), 'IssueNumber' => substr($issueNumber,0,2), 'CV2' => substr($CV2,0,4), 'CardType' => substr($cardType,0,15), 'BillingAddress' => substr($billingAddress,0,199), 'BillingPostCode' => substr($ccPostcode,0,10), 'CustomerName' => substr($orName,0,99), 'CustomerEMail' => substr($orEmail,0,254), 'ContactNumber' => substr("",0,20), 'ClientIPAddress'=>$_SERVER['REMOTE_ADDR'] ); //echo $vendorTxCode; if($data) $optRequest = formatData($data); /////////////////////////////////////// Protx.php /////////////////////////////////// if(!isset($_GET['action'])) { $p = null; $response1 = _CompletePayment($p,$Vars,$optRequest,$orId); if(substr($response1,0,6)=="iframe") $iframecode=substr($response1,6); else if($response1) $error.=$response1; else $iframecode=0; } else if($_GET['action'] == 'callback') { $error .= __VerifyCallback($_POST, $Vars,null,$orId); } else if($_GET['action'] == 'callbacktest') { $optRequest = '... .. '; __VerifyCallback($p = null, $Vars, $optRequest); } else { $error.=('Invalid action'); } } // no error } else { // end submit if($xcnId && !$error && !$cardHolder) { $db->query("SELECT cnName, cnAddress1, cnAddress2, cnAddress3, cnTown, cnPostcode FROM contacts WHERE cnId='$xcnId'"); $db->next_record(); list($cardHolder, $ccAddress1, $ccAddress2, $ccAddress3, $ccTown, $ccPostcode) = $db->Record; /*$orName = $cardHolder; $orDelAddress1 = $ccAddress1; $orDelAddress2 = $ccAddress2; $orDelAddress3 = $ccAddress3; $orDelTown = $ccTown; $orDelPostcode = $ccPostcode;*/ } } // end no submit if($iframecode) echo $iframecode; else { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Egowear</title> <link rel="stylesheet" type="text/css" href="includes/default.css"> <script language="javascript"> function goCopy() { document.getElementById('cardHolder').value = document.getElementById('orName').value; document.getElementById('ccAddress1').value = document.getElementById('orDelAddress1').value; document.getElementById('ccAddress2').value = document.getElementById('orDelAddress2').value; document.getElementById('ccAddress3').value = document.getElementById('orDelAddress3').value; document.getElementById('ccTown').value = document.getElementById('orDelTown').value; document.getElementById('ccPostcode').value =document.getElementById('orDelPostcode').value; } </script> <!--[if lt IE 7]><script defer type="text/javascript" src="pngfix.js"></script><![endif]--> </head> <body> <div align="center"> <? include "includes/nav.php"; ?> <div id="wrapper2" style="position:relative;z-index:1;top:25px"> <div align="left" id="<?= $theme ?>"> <div style="text-align:left;padding:18px 0px 0px 18px;overflow:hidden;"> <div style="float:right;padding:20px 160px 0px 0px;border:0px solid #000;width:535px;text-align:center;height:25px"> <h1><?= $wcTitle ?></h1> </div> <div><img src="images/logo.jpg" /></div> </div> <div align="left" class="pageMiddle"> <div style="position:relative;z-index:1;padding:2px 30px 10px 32px;" > <h1>Card Payment</h1> <form name="form1" method="post" action=""> <table id="tableSubCategories" style="width:100%;text-align:left;"> <tr id="trColumnTitles" > <td colspan="2" style=""><div style="background:#FF0000; color:#FFFFFF; font-weight:bold"><? echo $error ?></div></td> </tr> <tr id="trColumnTitles" > <td colspan="2" style="background-color:#CCC"> <strong>Delivery Address:</strong></td> </tr> <tr > <td style="width:45%"><div align="right">Name*:</div></td> <td><input name="orName" type="text" id="orName" value="<? echo $orName ?>" size="40" maxlength="100"> </td> </tr> <tr> <td><div align="right">Delivery Address: *: </div></td> <td><input name="orDelAddress1" type="text" id="orDelAddress1" value="<? if($orDelAddress1) echo $orDelAddress1; else echo $orDelAddress1; ?>" size="50" maxlength="50"></td> </tr> <tr> <td> </td> <td><input name="orDelAddress2" type="text" id="orDelAddress2" value="<? if($orDelAddress2) echo $orDelAddress2; else echo $orDelAddress2; ?>" size="50" maxlength="50"></td> </tr> <tr> <td><div align="right"> </div></td> <td><input name="orDelAddress3" type="text" id="orDelAddress3" value="<? if($orDelAddress3) echo $orDelAddress3; else echo $orDelAddress3; ?>" size="50" maxlength="50"></td> </tr> <tr> <td><div align="right">Town:</div></td> <td><input name="orDelTown" type="text" id="orDelTown" value="<? if($orDelTown) echo $orDelTown; else echo $orDelTown; ?>" size="50" maxlength="50"></td> </tr> <tr> <td><div align="right">Post Code<? if($orDelCountry == "UK") echo "*" ?>: </div></td> <td><input name="orDelPostcode" type="text" id="orDelPostcode" value="<? if($orDelPostcode) echo $orDelPostcode; else echo $orDelPostcode; ?>" size="10" maxlength="10"></td> </tr> <tr> <td><div align="right">County:</div></td> <td><input name="orDelCounty" type="text" id="orDelCounty" value="<? echo $orDelCounty ?>" size="40" maxlength="100"> </td> </tr> <tr> <td><div align="right">Email*:</div></td> <td><input name="orEmail" type="text" id="orEmail" value="<? echo $orEmail ?>" size="40" maxlength="100"></td> </tr> <tr id="trColumnTitles" > <td colspan="2" style="background-color:#CCC"> <strong>Billing Address:</strong></td> </tr> <tr> <td><div align="right"> Credit Card Billing Address: *: </div></td> <td><input name="ccAddress1" type="text" id="ccAddress1" value="<? if($ccAddress1) echo $ccAddress1; else echo $orDelAddress1; ?>" size="50" maxlength="50"></td> </tr> <tr> <td><div align="right">[<a href="Javascript:goCopy();">click here to copy from delivery address </a>] </div></td> <td><input name="ccAddress2" type="text" id="ccAddress2" value="<? if($ccAddress2) echo $ccAddress2; else echo $orDelAddress2; ?>" size="50" maxlength="50"></td> </tr> <tr> <td><div align="right"> </div></td> <td><input name="ccAddress3" type="text" id="ccAddress3" value="<? if($ccAddress3) echo $ccAddress3; else echo $orDelAddress3; ?>" size="50" maxlength="50"></td> </tr> <tr> <td><div align="right">Town:</div></td> <td><input name="ccTown" type="text" id="ccTown" value="<? if($ccTown) echo $ccTown; else echo $orDelTown; ?>" size="50" maxlength="50"></td> </tr> <tr> <td><div align="right">Post Code<? if($orDelCountry == "UK") echo "*" ?>: </div></td> <td><input name="ccPostcode" type="text" id="ccPostcode" value="<? if($ccPostcode) echo $ccPostcode; else echo $orDelPostcode; ?>" size="10" maxlength="10"></td> </tr> <tr> <td><div align="right">Telephone No *: </div></td> <td><input name="orTel" type="text" id="orTel" value="<?= $orTel; ?>" size="14" maxlength="20"></td> </tr> <tr id="trColumnTitles" > <td colspan="2" style="background-color:#CCC"> <strong>Card details:</strong></td> </tr> <tr> <td><div align="right">Payment amount: £</div></td> <td><input name="orTotal" type="text" id="orTotal" value="<? echo number_format($orTotal,2, ".", ""); ?>" size="20" maxlength="20" readonly=""></td> </tr> <tr> <td><div align="right">Card holder's name as it appears on your card*:</div></td> <td><input name="cardHolder" type="text" id="cardHolder" value="<? if($cardHolder) echo $cardHolder; else echo $orName ?>" size="50" maxlength="50"></td> </tr> <tr> <td><div align="right">Card Type*:</div></td> <td> <select name="cardType" id="cardType"> <option value="VISA" <? if($cardType=="VISA") echo "selected"; ?>>Visa</option> <option value="DELTA" <? if($cardType=="DELTA") echo "selected"; ?>>Visa Delta/Debit </option> <option value="MC" <? if($cardType=="MC") echo "selected"; ?>>Mastercard</option> <option value="SWITCH" <? if($cardType=="SWITCH") echo "selected"; ?>>Maestro</option> <option value="SOLO" <? if($cardType=="SOLO") echo "selected"; ?>>SOLO</option> <option value="UKE" <? if($cardType=="UKE") echo "selected"; ?>>Visa Electron</option> </select> </td> </tr> <tr> <td><div align="right">Card Number*:</div></td> <td><input name="cardNumber" type="text" id="cardNumber" value="<? echo $cardNumber ?>" size="20" maxlength="20"> (no spaces please)</td> </tr> <tr> <td><div align="right">Start Date:</div></td> <td><input name="startDate" type="text" id="startDate" value="<? echo $startDate ?>" size="4" maxlength="4"> (MMYY) Switch and Solo cards only </td> </tr> <tr> <td><div align="right">Expiry Date*:</div></td> <td><input name="expiryDate" type="text" id="expiryDate" value="<? echo $expiryDate ?>" size="4" maxlength="4"> (MMYY)</td> </tr> <tr> <td><div align="right">Issue Number:</div></td> <td><input name="issueNumber" type="text" id="issueNumber" value="<? echo $issueNumber ?>" size="2" maxlength="2"> Exactly as it appears on the card</td> </tr> <tr> <td><div align="right">CV2*: </div></td> <td><input name="CV2" type="text" id="CV2" value="<? echo $CV2 ?>" size="4" maxlength="4"> Last three digits on signature strip</td> </tr> <? if(!$xcnId) {?> <tr id="trColumnTitles" > <td colspan="2" style="background-color:#CCC"> <strong>Confirm order:</strong></td> </tr> <tr> <td colspan="2"> If you would like us to save your details for future orders create a username and password below: </td> </tr> <tr> <td colspan="2"><div style="float:left; width:10%">Username: </div><div style="float:left;"> <input name="cnUsername" type="text" id="cnUsername" value="<? echo $cnUsername ?>" size="40" maxlength="100"></div></td> </tr> <tr> <td colspan="2"><div style="float:left; width:10%">Password: </div><div style="float:left"> <input name="cnPassword" type="password" id="cnPassword" value="<? echo $cnPassword ?>" size="40" maxlength="100"></div></td> </tr> <? } ?> <tr > <td colspan="2"><input name="sbmt" type="hidden" id="sbmt" value="1"> <input type="submit" name="Submit" value="Make payment"> <? echo back($back); ?> <input name="paypalOK" type="hidden" id="paypalOK" value="0"></td> </tr> </table> <input type="hidden" name="basketURL" value="<?= double_implode(":","|",$basketArray); ?>" /> <input type="hidden" name="xcnId" value="<?= $xcnId ?>" /> <input type="hidden" name="orId" value="<?= $orId ?>" /> <input type="hidden" name="prSize" value="<?= $prSize?>" /> </form> </div> </div> <div style="position:absolute;"> <div style="position:relative;z-index:2;margin-top:5px;margin-left:35px" > <a style="text-decoration:none;background:none" href="http://www.egowear.co.uk/designer.php"><img src="images/spacer.gif" border="0" width="200" height="205" /></a> </div> </div> <img src="images/bot1.jpg" /> </div> </div> </div> </body> </html> <? } ?> I need to store the Login ID and Key for my Payment Gateway, and figured it was best to do this outside my web root ("httpdocs") on my VPS. Unfortunately, my PHP Include is breaking, and it looks like this is a *major* thing to get working, since requires me to tinker with Plesk's default settings in Linux. (This link seems to discuss the same issues I'm having: http://stackoverflow.com/questions/2370053/how-to-include-file-outside-document-root ) Anyways... Since I'm no Linux guru and afraid of breaking my VPS, how bad would it be to store my Authorize.net API ID and Key in a PHP file in my web root and include that file in my "checkout.php" file?? If anyone knows a reasonably easy way to fix the issue described in the link above, I'm all for it, but I am thinking I may have to just settle on leaving things in my web root... Thanks, Debbie I am using Payeezy Payment Gateway, how to integrate with my PHP page, actually the payment gateway for my customer form, i done with form using PHP, how can i integrate Payeezy Payment Gateway with my PHP form. We are trying to capture customer details & redirecting the customer to payment gateway page and, after succesful transaction from payment gateway we are facing a problem for different browsers. Ideally after successful transaction the page should redirect to order confirmation page but it is redirecting to our cart page.In IE7 it is working fine but in mozilla firefox it is redireting to cart page.On analyzing we found that session is not persisting in firefox. Please help we have stuck here Suggest something if you have faced similar issue with different browsers. I have a form, details getting from customer and calculate the grand total, here how can i pass my grand total value to ccavenue payment gateway page and getting payment form customer? code : https://www.pastiebin.com/5cdbae859bb64 This topic has been moved to PHP Applications. http://www.phpfreaks.com/forums/index.php?topic=276607.0 Here is my code : https://paiza.io/projects/SUiG5qp_wttfcrQn-0Mwew?language=php FYI -> [index.htm -> LineNo : 781 & 782] After successfully received payment response page return 404 error The form & CC-Avenue Payment Gateway Request page working good, after customer paid the response page return 404 error. How can i solve the error? Edited May 22, 2019 by aveeva
Hello. I activate the Payment Gateway Platform (by Redsys in Spain), and it works fine asking you for card number and it goes through correctly and says PAYMENT OK, but the notification.PHP FILE does not work. Could my server (SSL) configuration be the problem? or is it the CODE? Any help about this, please, would be highly appreciated. Thank you. Part of the Nofication.php code is: __________________________________________________________________________________
<?php $handle = fopen("_redsys.log", "a");
require_once("include/dbcommon.php"); $miObj = new RedsysAPI;
$version = postvalue("Ds_SignatureVersion");
// $version = "HMAC_SHA256_V1";
$claveModuloAdmin = 'sq7HjrUOBfKmC576ILgskD5srU870gJ7';
if ($signatureCalculada === $signatureRecibida && $res["Ds_AuthorisationCode"]!="++++++" && !isset($res["Ds_ErrorCode"]) {
$sql = "SELECT Espacio FROM Espacios WHERE Id_Espacio=" . $values["Id_Espacio"];
// echo '<img src="data:image/jpeg;base64,'.$imageData.'">';
_______________________________________________________________________________________________ I am using Magento (Ver 1.9.x) If i try with my localhost success url like, http://192.168.1.65/magento/index.php/checkout/onepage/success/ and return success message with order id. if i try with live, success url like, https://abc.in/payubiz/redirect/success/ success page like blank page. How to solve the issue? Code : https://github.com/ZusZus/Payubiz Edited February 4, 2020 by aveevaHi i buy new domain www.ipogtech.com Server is IIS 7 I have installed SMF Forum which is fully developed by PHP and add the database also but when i opened the site it is showing Bad Gateway Web server received an invalid response while acting as a gateway or proxy server. Web Server at ipogtech.com pls help me to recover form this error. Hey guys, glad I found this forum! I have written a SMS gateway software using VB6 and would like to port to PHP. Is there a way to write it under windows OS? I m using the dio_* commands in PHP and it works, but I dont want to do infinite loop to read incoming sms... right now I do infinite loop until I received +CMTI and the while loop breaks. This is very redundant and costly, is there any way that PHP has a "timer" feature-like in VB6 to check on incoming sms, like say, every second? Thanks guys! hi, i`m trying to connect a cms to a gateway but in my country i cant use paypal or any other known gateways so i use a local bank for payments . i want to change cms`s paypal gateway to the local one these are the sample codes they gave me : sender.php
: send.php
and this one is for cms `s paypal gate way
define("_VALID_PHP", true);i`ll be grateful if you help me on this Hi, I have been exploring twilio for an app that should be able to receive and store a text message. Do I need a SMS gateway to accomplish this? Thank you V. Hi, when I browse my php website I recieve sometimes error 504. when it happens I try to refresh and get this error: Gateway Time-out The gateway did not receive a timely response from the upstream server or application. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. This website is in a shared hosting. Where can I find logs that will help me correct the issue? Thank you. This topic has been moved to Third Party PHP Scripts. http://www.phpfreaks.com/forums/index.php?topic=343228.0 if the date of selling goods " $date = "2011/06/05"; and if we have payment after of $days = "15"; - (15 days), how to calculate when the last day for payment? I am building program to manage payment/monthly payments. I've ran into an issue that I haven't been able to overcome and need some help. I've been lurking for a while and decided it was time to ask you guys...Here's the issue: I have a table 'payments' that contains scheduled payments that looks like: id clientid paymentduedate balance expected pending 367 112233 4/16/2011 1030.00 257.50 Y 368 112233 5/16/2011 1030.00 257.50 Y 369 112233 6/16/2011 1030.00 257.50 Y 370 112233 7/16/2011 1030.00 257.50 Y What I need to do that I haven't figured out is to adjust the expected amount according to the payment, update the status to N (not pending) without affecting the later expected payments. For example: they make a payment of $257.50, applies that to row 367, sets the status to N, but leaves the other status' to Y (for obvious reasons). the make a payment of $250.00, leaving the balance at $7.50, so lets add $7.50 to row 368, mark 367 status to N the make a payment of $300.00, leaving the expected balance at $0.00 for row 367, but adjust the balance for row 368 to $215.00 Any ideas? Thanks Hi guys, i'm in a dead end with this. I'm more a design guy and i'm trying to implement these 2 payment gateways on a website i'm launching soon but don't know how to do it. I have the php sample files from bitpay and the other payment gateway (offline atm payments). I can implement a button for the payment but the php needed to receive payment notification, ipn or callback, and update user balance in the database it's way out of my knowlegde. Can someone give me a hand in implementing this? I have paypal runing but i'd like to have these other two options. Thanks in advance, Tiago Vasconcelos |
|||||||