1. 首頁
  2. 問答
  3. 登錄後提交登錄身份驗證

登錄後提交登錄身份驗證

2017-05-26 90 views
1

我正在通過一個用戶,並從電話設備傳遞到.php頁面。這工作正常。然後,我將這個用戶名密碼並將它們放入一個函數,檢查數據庫是否正確。這工作也很好。下一步是,如果驗證是正確的,我需要一個表格發送。要做到這一點,我已經tryed下面的代碼不發送形式:登錄後提交登錄身份驗證

$login = \Fr\LS::login($user, $pass, false, false); 
if($login === true){ 

//Some database stuff 

$amount = "$price"; 
$id = "$num_fact"; 
$terminal = "01"; 
$moneda = "978"; 
$trans = "0"; 
$fuc = "335814141"; 
$urlOK = "https://www..com/.php"; 

$miObj = new RedsysAPI; 
$miObj->setParameter("DS_MERCHANT_AMOUNT",$amount); 
$miObj->setParameter("DS_MERCHANT_ORDER",$id); 
$miObj->setParameter("DS_MERCHANT_MERCHANTCODE",$fuc); 
$miObj->setParameter("DS_MERCHANT_CURRENCY",$moneda); 
$miObj->setParameter("DS_MERCHANT_TRANSACTIONTYPE",$trans); 
$miObj->setParameter("DS_MERCHANT_TERMINAL",$terminal); 
$miObj->setParameter("DS_MERCHANT_MERCHANTURL",$url); 
$miObj->setParameter("DS_MERCHANT_URLOK",$urlOK); 
$miObj->setParameter("DS_MERCHANT_URLKO",$urlKO); 
$params = $miObj->createMerchantParameters(); 
$claveModuloAdmin = ''; 
$signature = $miObj->createMerchantSignature($claveModuloAdmin); 
?> 

<form name="form_tpv" id="form_tpv" style="display:none" action="https://sis-t.redsys.es:/sis/realizarPago" method="POST"> 
<input type="text" name="Ds_SignatureVersion" value="HMAC_SHA256_V1"/> 
<input type="text" name="DS_MerchantParameters" value="<?php echo $params; ?>"/> 
<input type="text" name="Ds_Signature" value="<?php echo $signature; ?>"/> 
<input type="submit" value="Realizar Pago"/> 
</form> 

<script> 
setTimeout(function(){ 
document.getElementById('form_tpv').submit(); 
}, 1000); 
</script>

我與超時tryed什麼是當它加載(表格將被加載尚未),在一秒鐘內表格將被髮送。

現實化: 這是怎樣的代碼看起來像現在:

$login = \Fr\LS::login($user, $pass, false, false); 
if($login === true){ 

$amount = "120"; 
$id = "gr"; 
$terminal = "01"; 
$moneda = "978"; 
$trans = "0"; 
$fuc = "335814141"; 
$urlOK = "https://www..com/.php"; 

$miObj = new RedsysAPI; 
$miObj->setParameter("DS_MERCHANT_AMOUNT",$amount); 
$miObj->setParameter("DS_MERCHANT_ORDER",$id); 
$miObj->setParameter("DS_MERCHANT_MERCHANTCODE",$fuc); 
$miObj->setParameter("DS_MERCHANT_CURRENCY",$moneda); 
$miObj->setParameter("DS_MERCHANT_TRANSACTIONTYPE",$trans); 
$miObj->setParameter("DS_MERCHANT_TERMINAL",$terminal); 
$miObj->setParameter("DS_MERCHANT_MERCHANTURL",$url); 
$miObj->setParameter("DS_MERCHANT_URLOK",$urlOK); 
$miObj->setParameter("DS_MERCHANT_URLKO",$urlKO); 
$params = $miObj->createMerchantParameters(); 
$claveModuloAdmin = ''; 
$signature = $miObj->createMerchantSignature($claveModuloAdmin); 
$url = 'https://sis-t.redsys.es:/sis/realizarPago'; 
$data = array(
    'Ds_SignatureVersion'=> 'HMAC_SHA256_V1', 
    'DS_MerchantParameters' => $params, 
     'Ds_Signature' => $signature 
); 

//url-ify the data for the POST 
foreach($data as $key=>$value) { $fields_string .= $key.'='.$value.'&'; } 
rtrim($fields_string, '&'); 

//open connection 
$ch = curl_init(); 

//set the url, number of POST vars, POST data 
curl_setopt($ch,CURLOPT_URL, $url); 
curl_setopt($ch,CURLOPT_POST, count($data)); 
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string); 
//YOUR LINK IS HTTPS 
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false); 

//execute post 
$result = curl_exec($ch); 

//close connection 
curl_close($ch);`

來源

2017-05-26 alberzyzz

回答

1

如果你已經擁有的價值觀,不要以這種方式使用的形式,這是錯誤的,並會在幾個問題導致。您不需要與該表單進行用戶交互,因此只需調用一個函數,該函數依賴https://sis-t.redsys.es:/sis/realizarPago發送一個包含所需的所有值的數組作爲參數,後端將按您的要求處理這些值。

嚴重刪除html和javascript。

$login = \Fr\LS::login($user, $pass, false, false); 
if($login === true){ 

//Some database stuff 

$amount = "$price"; 
$id = "$num_fact"; 
$terminal = "01"; 
$moneda = "978"; 
$trans = "0"; 
$fuc = "335814141"; 
$urlOK = "https://www..com/.php"; 

$miObj = new RedsysAPI; 
$miObj->setParameter("DS_MERCHANT_AMOUNT",$amount); 
$miObj->setParameter("DS_MERCHANT_ORDER",$id); 
$miObj->setParameter("DS_MERCHANT_MERCHANTCODE",$fuc); 
$miObj->setParameter("DS_MERCHANT_CURRENCY",$moneda); 
$miObj->setParameter("DS_MERCHANT_TRANSACTIONTYPE",$trans); 
$miObj->setParameter("DS_MERCHANT_TERMINAL",$terminal); 
$miObj->setParameter("DS_MERCHANT_MERCHANTURL",$url); 
$miObj->setParameter("DS_MERCHANT_URLOK",$urlOK); 
$miObj->setParameter("DS_MERCHANT_URLKO",$urlKO); 
$params = $miObj->createMerchantParameters(); 
$claveModuloAdmin = ''; 
$signature = $miObj->createMerchantSignature($claveModuloAdmin); 
if ($signature){ 
$data = array(
     'Ds_SignatureVersion'=> 'HMAC_SHA256_V1', 
     'DS_MerchantParameters' => $params, 
      'Ds_Signature' => $signature 
    ); 
    realizarPago($data); 
} 
?>

您可以使用捲曲發送數據,如果形式的到底是不是你的系統:

$url = 'https://sis-t.redsys.es:/sis/realizarPago'; 
$data = array(
     'Ds_SignatureVersion'=> 'HMAC_SHA256_V1', 
     'DS_MerchantParameters' => $params, 
      'Ds_Signature' => $signature 
    ); 

//url-ify the data for the POST 
foreach($data as $key=>$value) { $fields_string .= $key.'='.$value.'&'; } 
rtrim($fields_string, '&'); 

//open connection 
$ch = curl_init(); 

//set the url, number of POST vars, POST data 
curl_setopt($ch,CURLOPT_URL, $url); 
curl_setopt($ch,CURLOPT_POST, count($data)); 
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string); 
//YOUR LINK IS HTTPS 
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false); 

//execute post 
$result = curl_exec($ch); 

//close connection 
curl_close($ch);

觀察: http://php.net/manual/en/function.curl-setopt.php#110457

請大家,停止設置CURLOPT_SSL_VERIFYPEER爲假或0.如果 您的PHP安裝沒有最新的CA根證書 包,請在curl websi下載它TE並將其保存 服務器上:

http://curl.haxx.se/docs/caextract.html

在php.ini文件然後設置的路徑給它,例如在Windows上:

curl.cainfo = C:\ PHP \ cacert.pem

關閉CURLOPT_SSL_VERIFYPEER允許中間人(MITM)攻擊 ,你不想要的!

來源

2017-05-26 10:22:28 calexandre

+0

謝謝你的評論和完整的答案。但是,如何將數組中的所有'$ data'發送到「https://sis-t.redsys.es:25443/sis/realizarPago」?我不行吧 – alberzyzz

+1

如果系統不一樣,用cURL發送數據,我會編輯我的答案。 – calexandre

+0

對不起,我有點迷路,想要理解。我應該使用哪一段代碼? – alberzyzz

相關問題

 相關問題