SitePoint Sponsor

User Tag List

Results 1 to 20 of 20
  1. #1
    SitePoint Addict
    Join Date
    Oct 2010
    Posts
    292
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    php querry is stoping form post data from sending, and redirection problem

    please ignore that i am still using the old mysql query, as i am working on the updated version.
    my question is when i submit a payment processing form all the data is posted except the ones after a query to get the customer's name are not posted, the form is below


    PHP Code:
    <?php require_once("include/session.php");?>
    <?php 
    require_once("include/dataconnect.php");?>
    <?php 
    require_once("include/functions.php");?>
    <!--php print_r($_POST);
    die(); -->
    <?php $orderno mysql_real_escape_string(htmlentities(strip_tags($_POST['orderno'])));
    $paynow mysql_real_escape_string(htmlentities(strip_tags($_POST['paynow'])));
    ?>

    <html>

    <body onload="document.submit2gtpay_form.submit()">

    <form name="submit2gtpay_form" action="https://ibank.gtbank.com/GTPay/Tranx.aspx" target="_self" method="post">

    <input type="hidden" name="gtpay_mert_id" value="" />

    <input type="hidden" name="gtpay_tranx_id" value="<?php echo $orderno?>" />

    <input type="hidden" name="gtpay_tranx_amt" value="<?php
    $addprodresult 
    mysql_query("SELECT * FROM outstanding WHERE Uname = '{$_SESSION['username']}'") or die(mysql_error());
    $row mysql_fetch_array($addprodresult);
     echo 
    $row{paynow}; ?>" />

    <input type="hidden" name="gtpay_tranx_curr" value="566" />

    <input type="hidden" name="gtpay_cust_id" value="<?php echo $_SESSION['username']; ?>" />

    <input type="hidden" name="gtpay_cust_name" value="<?php  
    $fullname 
    mysql_query("SELECT * FROM reuser WHERE Uname = '{$_SESSION['username']}'") or die(mysql_error());
    $row mysql_fetch_array($fullname);
     echo 
    $row{fullname};
    ?>" />

    <input type="hidden" name="gtpay_tranx_memo" value="" />

    <input type="hidden" name="gtpay_no_show_gtbank" value="yes" />

    <input type="hidden" name="gtpay_echo_data" value="ORDER PAYMENT" />

    <input type="hidden" name="gtpay_gway_name" value="" />

    <input type="hidden" name="gtpay_tranx_noti_url" value="https://reacheasy.co.uk/paynotification.php" />

    <input type="submit" value="Pay Via GTPay" name="btnSubmit"/>

    <input type="hidden" name="gtpay_echo_data" value="">

    </form>

    </body>

    </html>
    also when the query for the customer name is removed it post all the parameters(which indicates thats where the problem is),


    2. when the customers name is not requested as in<input type="hidden" name="gtpay_cust_name" value="" /> , the notification page url which is
    <input type="hidden" name="gtpay_tranx_noti_url" value="https://reacheasy.co.uk/paynotification.php" />
    i would have expected to redirect to reacheasy.co.uk/paynotification.php was redirecting to https://reacheasy.co.uk/~reachea2/paynotification.php, and i reachea2 is just my hostname.
    please any idea why the query is breaking the form and the redirection is pointing to the url.
    thanks
    Last edited by SpacePhoenix; Oct 2, 2013 at 22:57. Reason: placed php tags around php code

  2. #2
    SitePoint Addict
    Join Date
    Aug 2006
    Location
    Nantwich, Cheshire
    Posts
    278
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    So, you open the page above and it populates the form to be submitted on click. If you right-click and "view source" (or however you do that in your browser), what value has it put in for the customer name in the form? In fact, can you display the form and post the source as your browser shows it, before you click 'submit'?
    http://www.firenza.net - my homage to a car from the 1970s

  3. #3
    SitePoint Addict
    Join Date
    Oct 2010
    Posts
    292
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    thanks droopsnoot,

    before you click submit the page source is

    HTML Code:
    <form action='gbawo.php' method='Post' class='shlistbar'>
        <input type="text" name="orderno" value="90761933" />
        <table border='1'>
        <tr>
        <th></th>
        <th>SHOP NAME</th>
        <th>PRODUCT NAME</th>
        <th>PRODUCT SIZE</th>
        <th>PRODUCT COLOUR</th>
        <th>PRODUCT QUANTITY</th>
        <th>PRICE</th>
        <th>TOTAL</th>
        <th></th>
        </tr>
        
        <tr>
         <td>1</td>
        <td>very</td>
        <td>18 and East Lidia CrissCross Shirt </td>
        <td></td>
        <td> </td>
        <td>
        <input type='text' name='item[0][Pquantity]' id='Pquantity' value='1' readonly />
        <input type='hidden' name='item[0][Pidno]' id='Pidno' value='3550958 ' />
        </td>
        <td>
        <input type='text' name='item[0][Price]' id='Pquantity' value='35.00' readonly>
        </td>
        <td>35.00</td>
        <td><a href='deleteproduct.php?del=3550958 '>delete</a></td>
        </tr>         <tr>
                    <th>Total Price</th>
                    <th>38.5</th>
                    
                </tr>
                     
        <!--Close table and form-->
        <P>The Total price includes the procurement charge exclusive of transportation cost</p>
        
        </br>
         </br>
          </br>
    
                        <tr>
        <th>PART PAYMENT </th>
        <th>26.95</th>                
               </tr>
                       <tr>
        <th>CREDIT </th>
        <th>0</th>                
               </tr>
                                                      <tr>
        <th>TO BALANCE</th>
        <th>11.55</th>                
               </tr>
                                       <tr>
        <th>OUTSTANDING</th>
        <th>12</th>                
               </tr>
                                <tr>
        <th>TO PAY NOW</th>
        <th>9737.5</th>                
               </tr>
    
        </table>
        <input type='submit' name='submit2' value='SUBMIT' />
        </form>
    Last edited by SpacePhoenix; Oct 1, 2013 at 14:19. Reason: html tags around html markup

  4. #4
    SitePoint Addict
    Join Date
    Oct 2010
    Posts
    292
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    and this is after submiting the page it uploads(page source)

    HTML Code:
    <div id="info_area">
                        <div class="content shift25">
                            
                            <div class="shift20">
                                <div class="shift5">You're making a payment to</div>
                                <!-- MERCHANT INFO HERE -->
                                <div class="caption shift5">
        <span id="lblMertName">M COMPANY LTD.</span></div>
                                <div class="green_dot"><img src="assets/img/status_green.png" width="12" height="12" /></div>
                                <div class="float_left comment shy"> <span id="lblsite">DisplayResponse.aspx</span></div>
                                <div class="clear"></div>
                            </div>
                            
                            <div class="shift20">
                                <!-- CUSTOMER INFO/PAYMENT DETAILS HERE (IF AVAILABLE) -->
                                <div class="shy"><span id="lblCustName"></span></div>
                                <div class="shy"><span id="lblCustID">reacheasy</span></div>
                              
                            </div>
                            
                            <!-- AMOUNT HERE -->
                            <div id="orange_ribbon" class="shift20"><span id="lblAmt">₦97.38</span></div>
                            
                            <div class="small shift10">
                                <span class="bold">Transaction ID:
    Last edited by SpacePhoenix; Oct 1, 2013 at 14:39. Reason: html tags around html markup

  5. #5
    SitePoint Addict
    Join Date
    Aug 2006
    Location
    Nantwich, Cheshire
    Posts
    278
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Sorry, that's not the code I was hoping to see. I think it's because the first page you posted has a 'body onload' instruction to force it to create the initial form (with all the hidden vars) then submit it straight away, that I didn't notice. What I wanted to see was that form before it was submitted, because that's the one that is having trouble.

    Could you remove the "onload="document.submit2gtpay_form.submit()" from the end of the body statement, display the form and then post the page source for that? That's the form that's causing trouble after the customer name query.
    http://www.firenza.net - my homage to a car from the 1970s

  6. #6
    SitePoint Addict
    Join Date
    Oct 2010
    Posts
    292
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    thanks droopsnoot for pointing me to that page source, i was able to see error from it, and i sorted it.
    the second question i asked, which is the notification the page is to redirect, the page returns blank, i tried printing the post variable nothing is coming up, the page source is also blank, any idea to trouble shoot

    thisi is code i am using to see all the post data that is to be redirected to the page
    <?php
    require_once("include/session.php");
    require_once("include/dataconnect.php");
    require_once("include/functions.php");
    //echo $_SESSION['username'];
    php print_r($_POST);
    die();?>

  7. #7
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    4,904
    Mentioned
    93 Post(s)
    Tagged
    0 Thread(s)
    Have you used session_start() somewhere (presumably you're using it in the file session.php) before trying to access the $_SESSION array?
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  8. #8
    SitePoint Addict
    Join Date
    Oct 2010
    Posts
    292
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SpacePhoenix View Post
    Have you used session_start() somewhere (presumably you're using it in the file session.php) before trying to access the $_SESSION array?
    yes i have but, what i dont know is since the the customer has left my site due to the processing and then been redirected, if the session will still hold or the session is broken

  9. #9
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    4,904
    Mentioned
    93 Post(s)
    Tagged
    0 Thread(s)
    Add this at the start of the script, right after the initial <?php

    PHP Code:
    error_reporting(E_ALL E_STRICT E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_CORE_WARNING E_COMPILE_ERROR E_COMPILE_WARNING E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_RECOVERABLE_ERROR);
    ini_set('display_errors'1); 
    Then try the script again. Are any errors reported, if so please post the text of the errors
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  10. #10
    SitePoint Addict
    Join Date
    Oct 2010
    Posts
    292
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    no error is coming up

  11. #11
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    4,904
    Mentioned
    93 Post(s)
    Tagged
    0 Thread(s)
    When you do:

    PHP Code:
    var_dump($_SESSION); 
    What comes up?
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  12. #12
    SitePoint Addict
    Join Date
    Oct 2010
    Posts
    292
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SpacePhoenix View Post
    When you do:

    PHP Code:
    var_dump($_SESSION); 
    What comes up?
    it comes back with

    array(1) { ["username"]=> string(9) "reacheasy" } which is the username


    i tried it by going directly to the weblink, and through the payment process

    PHP Code:
    <?php
    require_once("include/session.php");
    require_once(
    "include/dataconnect.php"); 
    require_once(
    "include/functions.php");
    var_dump($_SESSION);
    //echo $_SESSION['username']; 
    php print_r($_POST);
    die();
     
    ?>

  13. #13
    SitePoint Enthusiast
    Join Date
    Apr 2006
    Location
    MA, USA
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    One thing I noticed in the original post's code is you are using curly brackets when referencing the array.

    [Edit] - Scratch that, that does seem to be acceptable syntax. I haven't seen that before, but I don't think that's an issue
    jbWebWare.com - Bringing The Web To You!!!

    AllianceCMS.com - Bringing Us Together!!!

  14. #14
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    4,904
    Mentioned
    93 Post(s)
    Tagged
    0 Thread(s)
    Try the select queries in turn directly against the database (via phpMyAdmin), with the value for {$_SESSION['username']} substituted for what it's meant to be just to make sure that it does return one or more rows in the result set.
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  15. #15
    SitePoint Enthusiast
    Join Date
    Apr 2006
    Location
    MA, USA
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    One suggestion to help keep things organized and help debug these kinds of issues is to keep code that builds variables separate from where you use it.

    Code:
    <?php
    $query = mysql_query("SELECT * FROM reuser WHERE Uname = '{$_SESSION['username']}'") or die(mysql_error());
    $row = mysql_fetch_array($query);
        $fullname = $row{fullname};
    ?>
    
    <input type="hidden" name="gtpay_cust_name" value="<?php  echo $fullname; ?>" />
    Also, you might want to get rid of "or die(mysql_error()". I don't remember why, but I do remember that I used to use that and it would cause issues, even when the query was successful.

    In all honesty, I'd switch to PDO, then you can try/catch and handle errors more properly.
    jbWebWare.com - Bringing The Web To You!!!

    AllianceCMS.com - Bringing Us Together!!!

  16. #16
    SitePoint Enthusiast
    Join Date
    Apr 2006
    Location
    MA, USA
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    To add to what @SpacePhoenix ; suggested, which was a good suggestion, when I get really stuck with a complex query I'll use a mysql client and run the queries directly, with hard values you know exist. You might get more helpful error messages, and if you don't then you know there's an issue with syntax or variable values.

    I prefer to use phpmyadmin as I have it installed locally and on my server.
    jbWebWare.com - Bringing The Web To You!!!

    AllianceCMS.com - Bringing Us Together!!!

  17. #17
    SitePoint Enthusiast
    Join Date
    Apr 2006
    Location
    MA, USA
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm sorry, I don't mean to go over your head or get too advanced for you, but I see something that I'd like to point out which might be helpful to you in the future. The "right" way that eventually you'll have to learn. I'd feel irresponsible and feel like I'm not doing my best to help out if I didn't mention it though :-)

    In production code you never want to store user specific data in a session or cookie, that leaves your site open to exploits like session highjacking.

    You might want to have an identifier unique to the user (I use a random hashed value) stored in the session and in the user's entry in the database. You can then query to see if the value in the session matches the value in the user's database entry. If the values match you can then check if the password is correct. If that does not fail then you can create a user object (or array if you'd like) that will store the user specific information, like $user->userName, $user->userId, $user->userEmail and what not.

    Like I said, I don't mean to go over your head if you're just learning, but my moto is "try to learn the right way the first way". If not, you will find yourself in the position where you have to relearn everything later on.

    If you have any questions about what I've said, please let me know. If so, I do think that's a subject for another thread :-p
    jbWebWare.com - Bringing The Web To You!!!

    AllianceCMS.com - Bringing Us Together!!!

  18. #18
    SitePoint Addict
    Join Date
    Oct 2010
    Posts
    292
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    hello jburns i am just going thru my thread and i saw your comment please could you advice me more on the cookie and session you mentioned.

    cheers

  19. #19
    SitePoint Enthusiast bronze trophy \\.\'s Avatar
    Join Date
    Oct 2013
    Location
    UK
    Posts
    72
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Have you considered using PHP + CURL to post the data to the payment server?

    ** UNTESTED and is theoretical **
    PHP Code:
    function sanitize($postdata){
        
    // in here you put what you want to sanitize your $_POST data
        
    $postdata stripslashes($postdata);
        
    // ... more cleaning ...
        
    return $postdata// return cleaned input
    }

    // in to the empty array we insert the sanitized data
    $fields = array(
                        
    "lname"        => "",
                        
    "fname"        => "",
                        
    "title"        => "",
                        
    "company"    => "",
                        
    "age"         => "",
                        
    "email"        => "",
                        
    "phone"        => ""
                        
    );
                        
    // do some laundry...
    foreach($fields as $accepted_input=>$value)
        if( isset(
    $_POST[$accepted_input]) ){
            
    $fields[$accepted_input] = urlencode(sanitize($_POST[$accepted_input]));
            }

    // build a query string
    $url "http://target.domain.com/get-post.php";

    //open connection
    $ch curl_init();

    //set the url, number of POST vars, POST data
    curl_setopt($ch,CURLOPT_URL$url);
    curl_setopt($ch,CURLOPT_POSTcount($fields));
    curl_setopt($ch,CURLOPT_POSTFIELDShttp_build_query($fields));

    //execute post
    $result curl_exec($ch);

    //close connection
    curl_close($ch); 
    You can expand on this idea.

    It is always best to treat any POST data as suspect and clean the inputs and I always use a whitelist approach to my scripts, accept inputs I designate, not what is in the POST stream.

  20. #20
    SitePoint Enthusiast
    Join Date
    Apr 2006
    Location
    MA, USA
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've started a new thread to discuss user authentication and secure sessions:

    http://www.sitepoint.com/forums/show...ecure-Sessions
    jbWebWare.com - Bringing The Web To You!!!

    AllianceCMS.com - Bringing Us Together!!!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •