Announcement

Collapse
No announcement yet.

Need help in parsing a URL returned from payment processor

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Need help in parsing a URL returned from payment processor

    Hi All,

    This is new to me, so I need some guidance on how best to parse a URL. Here is what I would like to happen -
    My application is an accounting program. I have lots of already prepared base databases and I allocate one to each new user. I store the database name in the sec_users table so that after log in, they can access their own data.
    So,
    1. A payment gateway, on a successful check out, will do a "Thank You" redirect URL and I can add various bits of information to that URL string, using the usual ? to store the variables I need to register a new user.
    2. The redirect URL will be sent to a control app.
    3. in that app I wish to parse the URL for the specified ? variables and add a new user to the security tables using that information.
    4. It is intended to provide the purchaser with immediate access to a program and their own database.

    So, how do I parse the URL so I can get the variables filled.

    Thanks

    Tony

    PS. If there is a better way to do this sort of thing - tell me about it - I am new to PHP.

  • #2
    You allocate one database to one user?? Hmm that is not what I would do.
    I would use one database and put the users in a user table, then use the userid in a column in the other tables.
    Sending an URL back has to be done in a safe way.
    Say you have a table payment with
    userid number
    orderid number
    redirkey varchar(64)
    payfeedback varchar
    The moment the order is completed you make a semi random redirkey, and update the payment table field redirkey.
    e.g. you make it 1432MMALSD993mm etc.. (only use a-z A-Z 0-9 and a few simple extra characters, avoid strange characters like ' + " etc..).
    When your payment provider sends the client back they do that by the url string you give them so you would create an url like:
    http://mywebsite/order/order.php?ord...432MMALSD993mm
    In your events you grab the HTTP_GET variables (see http://php.net/manual/en/reserved.variables.get.php)
    Then all you need to do is use your query with the feedback parameter in your sql on the order.php page which you of course just made in scriptcase.

    In your sql you would set a vatiable whcih on fill with your HTTP_GET on the orderid
    That long story about the security I kind of miss. Just make a website that receives payments and allow the payment provider data redirect back. Most payment providers do that.
    Your orderreceveived page can then be a simple public page.

    My idea on the security is simpler. You have in your case only 3 security types. The admin and the user and a visitor. So if you set a variable holding which of the two it is you can simply set a field with the user.
    If the user is logged in set the field to logged in
    If the user is admin set it to admin
    If the user is visitor keep it empty.
    Then on your forms simply check the value of the variable with a bit of custom code and redirect accordingly.


    A well it does depend on the payment provider.. The great trick lies in $_GET and $_POST depending on which you choose or which your payment provider enforces.

    Comment


    • #3
      Thanks rr,

      I have managed to get it all working thanks to your pointing me in the right direction. One thing led to another, and I ended up using htmlspecialchars($_GET["value in url"]); to get the values from the url.

      Once again thanks

      Tony

      Comment

      Working...
      X