我正在传递用户并从手机设备传递到.php页面。这很好用。然后,我正在使用用户名和密码,并将它们放入一个检查数据库是否正确的函数中。这也很好。下一步是,如果验证是正确的,我需要一个表格发送。为此,我尝试了以下不发送表单的代码:
$login = \Fr\LS::login($user, $pass, false, false);
if($login === true){
//Some database stuff
$amount = "$price";
$id = "$num_fact";
$terminal = "01";
$moneda = "978";
$trans = "0";
$fuc = "335814141";
$urlOK = "https://www..com/.php";
$miObj = new RedsysAPI;
$miObj->setParameter("DS_MERCHANT_AMOUNT",$amount);
$miObj->setParameter("DS_MERCHANT_ORDER",$id);
$miObj->setParameter("DS_MERCHANT_MERCHANTCODE",$fuc);
$miObj->setParameter("DS_MERCHANT_CURRENCY",$moneda);
$miObj->setParameter("DS_MERCHANT_TRANSACTIONTYPE",$trans);
$miObj->setParameter("DS_MERCHANT_TERMINAL",$terminal);
$miObj->setParameter("DS_MERCHANT_MERCHANTURL",$url);
$miObj->setParameter("DS_MERCHANT_URLOK",$urlOK);
$miObj->setParameter("DS_MERCHANT_URLKO",$urlKO);
$params = $miObj->createMerchantParameters();
$claveModuloAdmin = '';
$signature = $miObj->createMerchantSignature($claveModuloAdmin);
?>
<form name="form_tpv" id="form_tpv" style="display:none" action="https://sis-t.redsys.es:/sis/realizarPago" method="POST">
<input type="text" name="Ds_SignatureVersion" value="HMAC_SHA256_V1"/>
<input type="text" name="DS_MerchantParameters" value="<?php echo $params; ?>"/>
<input type="text" name="Ds_Signature" value="<?php echo $signature; ?>"/>
<input type="submit" value="Realizar Pago"/>
</form>
<script>
setTimeout(function(){
document.getElementById('form_tpv').submit();
}, 1000);
</script>
我尝试使用超时的是当它加载时(表单将加载),在一秒钟内将发送表单。
现实化: 这就是代码现在的样子:
$login = \Fr\LS::login($user, $pass, false, false);
if($login === true){
$amount = "120";
$id = "gr";
$terminal = "01";
$moneda = "978";
$trans = "0";
$fuc = "335814141";
$urlOK = "https://www..com/.php";
$miObj = new RedsysAPI;
$miObj->setParameter("DS_MERCHANT_AMOUNT",$amount);
$miObj->setParameter("DS_MERCHANT_ORDER",$id);
$miObj->setParameter("DS_MERCHANT_MERCHANTCODE",$fuc);
$miObj->setParameter("DS_MERCHANT_CURRENCY",$moneda);
$miObj->setParameter("DS_MERCHANT_TRANSACTIONTYPE",$trans);
$miObj->setParameter("DS_MERCHANT_TERMINAL",$terminal);
$miObj->setParameter("DS_MERCHANT_MERCHANTURL",$url);
$miObj->setParameter("DS_MERCHANT_URLOK",$urlOK);
$miObj->setParameter("DS_MERCHANT_URLKO",$urlKO);
$params = $miObj->createMerchantParameters();
$claveModuloAdmin = '';
$signature = $miObj->createMerchantSignature($claveModuloAdmin);
$url = 'https://sis-t.redsys.es:/sis/realizarPago';
$data = array(
'Ds_SignatureVersion'=> 'HMAC_SHA256_V1',
'DS_MerchantParameters' => $params,
'Ds_Signature' => $signature
);
//url-ify the data for the POST
foreach($data as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string, '&');
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($data));
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
//YOUR LINK IS HTTPS
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);`
答案 0 :(得分:1)
如果您已经拥有这些价值观,请不要以这种方式使用表格,这是错误的,并会引发一些问题。您不需要用户与该表单进行交互,因此只需调用一个函数,该函数依赖https://sis-t.redsys.es:/sis/realizarPago发送一个数组,其中包含您需要的所有值作为参数,后端将按您的需要处理。
严肃地删除那个html和javascript。
$login = \Fr\LS::login($user, $pass, false, false);
if($login === true){
//Some database stuff
$amount = "$price";
$id = "$num_fact";
$terminal = "01";
$moneda = "978";
$trans = "0";
$fuc = "335814141";
$urlOK = "https://www..com/.php";
$miObj = new RedsysAPI;
$miObj->setParameter("DS_MERCHANT_AMOUNT",$amount);
$miObj->setParameter("DS_MERCHANT_ORDER",$id);
$miObj->setParameter("DS_MERCHANT_MERCHANTCODE",$fuc);
$miObj->setParameter("DS_MERCHANT_CURRENCY",$moneda);
$miObj->setParameter("DS_MERCHANT_TRANSACTIONTYPE",$trans);
$miObj->setParameter("DS_MERCHANT_TERMINAL",$terminal);
$miObj->setParameter("DS_MERCHANT_MERCHANTURL",$url);
$miObj->setParameter("DS_MERCHANT_URLOK",$urlOK);
$miObj->setParameter("DS_MERCHANT_URLKO",$urlKO);
$params = $miObj->createMerchantParameters();
$claveModuloAdmin = '';
$signature = $miObj->createMerchantSignature($claveModuloAdmin);
if ($signature){
$data = array(
'Ds_SignatureVersion'=> 'HMAC_SHA256_V1',
'DS_MerchantParameters' => $params,
'Ds_Signature' => $signature
);
realizarPago($data);
}
?>
如果表单的结尾不是您的系统,您可以使用cURL发送数据:
$url = 'https://sis-t.redsys.es:/sis/realizarPago';
$data = array(
'Ds_SignatureVersion'=> 'HMAC_SHA256_V1',
'DS_MerchantParameters' => $params,
'Ds_Signature' => $signature
);
//url-ify the data for the POST
foreach($data as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string, '&');
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($data));
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
//YOUR LINK IS HTTPS
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
观察: http://php.net/manual/en/function.curl-setopt.php#110457
请大家,停止将CURLOPT_SSL_VERIFYPEER设置为false或0.如果 您的PHP安装没有最新的CA根证书 捆绑,在curl网站下载一个并保存在你的 服务器:
http://curl.haxx.se/docs/caextract.html
然后在php.ini文件中设置一个路径,例如在Windows上:
curl.cainfo = C:\ PHP中\ cacert.pem
关闭CURLOPT_SSL_VERIFYPEER允许中间人(MITM) 攻击,你不想要的!