I have a form that customer fills out with credit card info, name and such. The info is sent to https://someurl.com/processPayment. The server of the credit card company responds with an XML document. This is where I am confused, how do I process it?
The form sends you to the link in the action attribute of the form where the XML document is displayed. I need to return with the XML document to my page so I can process the information it holds. For example, I would have to send the request without leaving the site, wait for the response string and then p开发者_开发百科rocess it.
Could someone give me a simple example how this is achieved?
Sounds like a perfect application for javascript. Specifically, I would use jQuery with the Form Plugin. You make your form as usual, then include some JS scripts on your page, copy/paste a few lines of jQuery code from their examples, and you're good to go.
http://jquery.malsup.com/form/
You'll have to figure the rest out yourself, but you will have the full text of the XML page in your javascript "success" function so you can do whatever you want from there.
Maybe instead of posting straight to the payment gateway you should post to one of your own pages eg, /process.php and then use your PHP to make a POST request to the payment gateway. Then the gateway would return the XML to your PHP script for parsing/validation.
- User submits form.
- Form hits your server with their credit card information.
- Your server hits the gateway with their credit card info and grabs the XML file.
- The XML file is parsed, and depending on it's contents you display a success or failure message.
You can use curl to make POST requests with PHP. This may not be PCI compliant, but no other solution apart from sending users to a payment gateways website will be.
They might offer a hosted solution which may suit your needs better. If you are somewhat new to PHP you might not want to mess around with credit cards and security too much.
You would post the user details to a script on your server, that script would then format & forward the details to https://someurl.com/processPayment, read the response XML, parse and store it, then return some content to the user.
Alternatively, look for a hosted solution offered by someurl.com, otherwise you have large & expensive PCI compliance obligations.
I like to think I do know a thing or two about php and I am aware of the responsibility involved in this project. I am only working with a test gateway the creditcard company supplies, no actually monetary danger is involved. What baffles me really is that I can send standard html form post to this url and get a xml response but when I try doing this with javascript(with or without jquery) or with php I always get error code 500, exactly the same message I get when I change the url to http://some_crazy_url_that_doesnt_exist.com, I've tried using the same php code on some other server url, it didn't give any response as the arguments supplied were all wrong but I didn't get error code 500 as with http://someurl.com/processPayment. The code I used is below if you are interested and want to point out some mistakes:
<?php
function do_post_request($url, $data, $optional_headers = null)
{
$params = array('http' => array(
'method' => 'POST',
'content' => $data
));
if ($optional_headers !== null) {
$params['http']['header'] = $optional_headers;
}
$ctx = stream_context_create($params);
$fp = @fopen($url, 'rb', false, $ctx);
if (!$fp) {
throw new Exception("Problem with $url, $php_errormsg");
}
$response = @stream_get_contents($fp);
if ($response === false) {
throw new Exception("Problem reading data from $url, $php_errormsg");
}
return $response;
}
?>
I'm surprised that your php server has to gather user credit card data and post it. I would expect the flow to be more like:
Customer indicates he wants to buy your product
Either - you display a form asking for credit card details - the form has the action attribute set to the credit card gateway's server (weird case) OR - your php server redirects the user to a form hosted by the credit card gateway, passing your merchant id or similar.
When the credit card gateway is done collecting the user's details, their web server redirects the user back to a predefined page on your own web server. That page then goes and gets the xml (curl request or similar) from the cc gateway and makes sure that they actually paid for what they wanted.
Based on the results of the xml you redirect the user to "thanks for the purchase" or "your purchase failed" pages.
Most payment gateways (and most consumers) don't want Joe's web store to have access to their full credit card details. So most payment gateways provide their own forms that you redirect the user to (on SSL servers), so you don't actually have to collect/handle/be liable for the misuse of your customers' credit card numbers.
@James that's how I wished it could be, but the boss wants the payments to be performed on-site not be redirected to secure payment gateway.
精彩评论