我正在尝试制作自动付款系统,用户可以使用PerfectMoney充值帐户。他们的网站有SCI表格生成器,它生成这种形式:
<form action="https://perfectmoney.is/api/step1.asp" method="POST">
<input type="hidden" name="PAYEE_ACCOUNT" value="E1089920">
<input type="hidden" name="PAYEE_NAME" value="Test account">
<input type='hidden' name='PAYMENT_ID' value='<?=time() ?>'>
<input type="text" name="PAYMENT_AMOUNT" value=""><BR>
<input type="hidden" name="PAYMENT_UNITS" value="EUR">
<input type="hidden" name="STATUS_URL" value="http://dev.limited.rs/status.php">
<input type="hidden" name="PAYMENT_URL" value="http://dev.limited.rs/complete.php">
<input type="hidden" name="PAYMENT_URL_METHOD" value="POST">
<input type="hidden" name="NOPAYMENT_URL" value="http://dev.limited.rs/failed.php">
<input type="hidden" name="NOPAYMENT_URL_METHOD" value="POST">
<input type="hidden" name="SUGGESTED_MEMO" value="">
<input type="hidden" name="BAGGAGE_FIELDS" value="IDENT"><br>
<input type="submit" name="PAYMENT_METHOD" value="Pay Now!" class="tabeladugme"><br><br>
</form>
将数据发送到PerfectMoney网站的常规表单。反过来,PerfectMoney将通过POST方法向我发送两次数据,一次是在付款完成时,一次是在用户重定向回网站时。付款完成后,我只需将所有数据存储在数据库中,这样我就可以在用户返回网站时进行检查,如下所示:
<?php
ob_start();
session_start();
require 'config.php';
if (!isset($_POST['PAYMENT_ID']) || !isset($_POST['PAYEE_ACCOUNT']) || !isset($_POST['PAYMENT_AMOUNT']) || !isset($_POST['PAYMENT_UNITS']) || !isset($_POST['PAYMENT_BATCH_NUM']) || !isset($_POST['PAYER_ACCOUNT']) || !isset($_POST['TIMESTAMPGMT']))
{
header("location:uploadfunds.php");
exit();
}
if (isset($_POST['PAYMENT_ID']) || isset($_POST['PAYEE_ACCOUNT']) || isset($_POST['PAYMENT_AMOUNT']) || isset($_POST['PAYMENT_UNITS']) || isset($_POST['PAYMENT_BATCH_NUM']) || isset($_POST['PAYER_ACCOUNT']) || isset($_POST['TIMESTAMPGMT']))
{
$sum=$_POST['PAYMENT_AMOUNT'];
$passphrase=strtoupper(md5("<passphrase here>"));
$hash=$_POST['PAYMENT_ID'].':'.$_POST['PAYEE_ACCOUNT'].':'.
$_POST['PAYMENT_AMOUNT'].':'.$_POST['PAYMENT_UNITS'].':'.
$_POST['PAYMENT_BATCH_NUM'].':'.
$_POST['PAYER_ACCOUNT'].':'.$passphrase.':'.
$_POST['TIMESTAMPGMT'];
$hash2=strtoupper(md5($hash));
$pending = "Pending";
$sqlcheck1 = "SELECT * FROM payments WHERE Hash = '$hash' AND Status = '$pending'";
$rescheck1 = mysql_query($sqlcheck1);
if (mysql_num_rows($rescheck1) != 0)
{
if($hash2==$_POST['V2_HASH'])
{
echo "Hash2 = V2_HASH";
$method = "Uploaded funds";
$completed = "Completed";
$today = date('Y-m-d');
$type = "Perfect Money";
$addfunds = "UPDATE balance SET Balance = Balance + '$sum' WHERE User = '$uploader'";
$addhistory = "INSERT INTO bank (User,Amount,Method,Transdate,Type,Status) VALUES ('$me','$sum','$method','$today','$type','$status')";
$updatepayment = "UPDATE payments SET Status = '$completed' WHERE Hash = '$hash' AND User = '$uploader'";
mysql_query($addfunds);
mysql_query($addhistory);
mysql_query($updatepayment);
header("bank.php");
exit();
}
if($hash2!=$_POST['V2_HASH'])
{
echo "hash2 != V2_HASH";
header("location:error.php?id=2");
exit();
}
}
?>
所以我将2秒前得到的数据与我现在获得的数据进行比较,它应该匹配并且确实匹配。在我编写脚本10天后,它开始失败,我收到错误500.没有任何记录可以让我知道发生了什么,并且从调试代码开始,这一切似乎都有效。
答案 0 :(得分:0)
是的,所以我找到了答案,即使它是可耻的......
header("Location:bank.php");代替header("bank.php");是的,我花了很长时间才找到这个。人生就是这样。