0
我試圖使自動付款系統,其中用戶可以使用PerfectMoney充值他們的帳戶。他們的網站有SCI表格生成器,它生成此表格:PerfectMoney API集成(錯誤500)
<form action="https://perfectmoney.is/api/step1.asp" method="POST">
<input type="hidden" name="PAYEE_ACCOUNT" value="E1089920">
<input type="hidden" name="PAYEE_NAME" value="Test account">
<input type='hidden' name='PAYMENT_ID' value='<?=time() ?>'>
<input type="text" name="PAYMENT_AMOUNT" value=""><BR>
<input type="hidden" name="PAYMENT_UNITS" value="EUR">
<input type="hidden" name="STATUS_URL" value="http://dev.limited.rs/status.php">
<input type="hidden" name="PAYMENT_URL" value="http://dev.limited.rs/complete.php">
<input type="hidden" name="PAYMENT_URL_METHOD" value="POST">
<input type="hidden" name="NOPAYMENT_URL" value="http://dev.limited.rs/failed.php">
<input type="hidden" name="NOPAYMENT_URL_METHOD" value="POST">
<input type="hidden" name="SUGGESTED_MEMO" value="">
<input type="hidden" name="BAGGAGE_FIELDS" value="IDENT"><br>
<input type="submit" name="PAYMENT_METHOD" value="Pay Now!" class="tabeladugme"><br><br>
</form>
將數據發送到PerfectMoney網站的常規表單。反過來,PerfectMoney將通過POST方法將數據發回給我兩次,一次是付款完成,另一次是用戶重定向到網站。當支付完成後,我乾脆把所有的數據,並存儲在數據庫中,只是這樣我就可以檢查它,當用戶回到網站,像這樣的:
<?php
ob_start();
session_start();
require 'config.php';
if (!isset($_POST['PAYMENT_ID']) || !isset($_POST['PAYEE_ACCOUNT']) || !isset($_POST['PAYMENT_AMOUNT']) || !isset($_POST['PAYMENT_UNITS']) || !isset($_POST['PAYMENT_BATCH_NUM']) || !isset($_POST['PAYER_ACCOUNT']) || !isset($_POST['TIMESTAMPGMT']))
{
header("location:uploadfunds.php");
exit();
}
if (isset($_POST['PAYMENT_ID']) || isset($_POST['PAYEE_ACCOUNT']) || isset($_POST['PAYMENT_AMOUNT']) || isset($_POST['PAYMENT_UNITS']) || isset($_POST['PAYMENT_BATCH_NUM']) || isset($_POST['PAYER_ACCOUNT']) || isset($_POST['TIMESTAMPGMT']))
{
$sum=$_POST['PAYMENT_AMOUNT'];
$passphrase=strtoupper(md5("<passphrase here>"));
$hash=$_POST['PAYMENT_ID'].':'.$_POST['PAYEE_ACCOUNT'].':'.
$_POST['PAYMENT_AMOUNT'].':'.$_POST['PAYMENT_UNITS'].':'.
$_POST['PAYMENT_BATCH_NUM'].':'.
$_POST['PAYER_ACCOUNT'].':'.$passphrase.':'.
$_POST['TIMESTAMPGMT'];
$hash2=strtoupper(md5($hash));
$pending = "Pending";
$sqlcheck1 = "SELECT * FROM payments WHERE Hash = '$hash' AND Status = '$pending'";
$rescheck1 = mysql_query($sqlcheck1);
if (mysql_num_rows($rescheck1) != 0)
{
if($hash2==$_POST['V2_HASH'])
{
echo "Hash2 = V2_HASH";
$method = "Uploaded funds";
$completed = "Completed";
$today = date('Y-m-d');
$type = "Perfect Money";
$addfunds = "UPDATE balance SET Balance = Balance + '$sum' WHERE User = '$uploader'";
$addhistory = "INSERT INTO bank (User,Amount,Method,Transdate,Type,Status) VALUES ('$me','$sum','$method','$today','$type','$status')";
$updatepayment = "UPDATE payments SET Status = '$completed' WHERE Hash = '$hash' AND User = '$uploader'";
mysql_query($addfunds);
mysql_query($addhistory);
mysql_query($updatepayment);
header("bank.php");
exit();
}
if($hash2!=$_POST['V2_HASH'])
{
echo "hash2 != V2_HASH";
header("location:error.php?id=2");
exit();
}
}
?>
因此,我從字面上比較數據我之前2秒鐘獲得了我現在得到的數據,它應該匹配並且它確實。在我編寫腳本10天后,它開始失敗,我得到了錯誤500.任何地方都沒有任何日誌來說明發生了什麼,並且從調試代碼開始,這一切似乎都奏效。
請不要再使用'mysql_ *'函數。它們被棄用,容易被注射。有關更多信息,請參見http://www.php.net/manual/en/function.mysql-query.php。 – chill0r
謝謝,但我真的只是想解決這個錯誤在這一點上..除非你認爲這是實際的問題,我寧願做一個工作代碼,很容易升級到pdo或mysqli稍後的道路=) –