1. 首页
  2. 问答
  3. 登录后提交登录身份验证

登录后提交登录身份验证

2017-05-26 113 views
1

我正在通过一个用户,并从电话设备传递到.php页面。这工作正常。然后,我将这个用户名密码并将它们放入一个函数,检查数据库是否正确。这工作也很好。下一步是,如果验证是正确的,我需要一个表格发送。要做到这一点,我已经tryed下面的代码不发送形式:登录后提交登录身份验证

$login = \Fr\LS::login($user, $pass, false, false); 
if($login === true){ 

//Some database stuff 

$amount = "$price"; 
$id = "$num_fact"; 
$terminal = "01"; 
$moneda = "978"; 
$trans = "0"; 
$fuc = "335814141"; 
$urlOK = "https://www..com/.php"; 

$miObj = new RedsysAPI; 
$miObj->setParameter("DS_MERCHANT_AMOUNT",$amount); 
$miObj->setParameter("DS_MERCHANT_ORDER",$id); 
$miObj->setParameter("DS_MERCHANT_MERCHANTCODE",$fuc); 
$miObj->setParameter("DS_MERCHANT_CURRENCY",$moneda); 
$miObj->setParameter("DS_MERCHANT_TRANSACTIONTYPE",$trans); 
$miObj->setParameter("DS_MERCHANT_TERMINAL",$terminal); 
$miObj->setParameter("DS_MERCHANT_MERCHANTURL",$url); 
$miObj->setParameter("DS_MERCHANT_URLOK",$urlOK); 
$miObj->setParameter("DS_MERCHANT_URLKO",$urlKO); 
$params = $miObj->createMerchantParameters(); 
$claveModuloAdmin = ''; 
$signature = $miObj->createMerchantSignature($claveModuloAdmin); 
?> 

<form name="form_tpv" id="form_tpv" style="display:none" action="https://sis-t.redsys.es:/sis/realizarPago" method="POST"> 
<input type="text" name="Ds_SignatureVersion" value="HMAC_SHA256_V1"/> 
<input type="text" name="DS_MerchantParameters" value="<?php echo $params; ?>"/> 
<input type="text" name="Ds_Signature" value="<?php echo $signature; ?>"/> 
<input type="submit" value="Realizar Pago"/> 
</form> 

<script> 
setTimeout(function(){ 
document.getElementById('form_tpv').submit(); 
}, 1000); 
</script>

我与超时tryed什么是当它加载(表格将被加载尚未),在一秒钟内表格将被发送。

现实化: 这是怎样的代码看起来像现在:

$login = \Fr\LS::login($user, $pass, false, false); 
if($login === true){ 

$amount = "120"; 
$id = "gr"; 
$terminal = "01"; 
$moneda = "978"; 
$trans = "0"; 
$fuc = "335814141"; 
$urlOK = "https://www..com/.php"; 

$miObj = new RedsysAPI; 
$miObj->setParameter("DS_MERCHANT_AMOUNT",$amount); 
$miObj->setParameter("DS_MERCHANT_ORDER",$id); 
$miObj->setParameter("DS_MERCHANT_MERCHANTCODE",$fuc); 
$miObj->setParameter("DS_MERCHANT_CURRENCY",$moneda); 
$miObj->setParameter("DS_MERCHANT_TRANSACTIONTYPE",$trans); 
$miObj->setParameter("DS_MERCHANT_TERMINAL",$terminal); 
$miObj->setParameter("DS_MERCHANT_MERCHANTURL",$url); 
$miObj->setParameter("DS_MERCHANT_URLOK",$urlOK); 
$miObj->setParameter("DS_MERCHANT_URLKO",$urlKO); 
$params = $miObj->createMerchantParameters(); 
$claveModuloAdmin = ''; 
$signature = $miObj->createMerchantSignature($claveModuloAdmin); 
$url = 'https://sis-t.redsys.es:/sis/realizarPago'; 
$data = array(
    'Ds_SignatureVersion'=> 'HMAC_SHA256_V1', 
    'DS_MerchantParameters' => $params, 
     'Ds_Signature' => $signature 
); 

//url-ify the data for the POST 
foreach($data as $key=>$value) { $fields_string .= $key.'='.$value.'&'; } 
rtrim($fields_string, '&'); 

//open connection 
$ch = curl_init(); 

//set the url, number of POST vars, POST data 
curl_setopt($ch,CURLOPT_URL, $url); 
curl_setopt($ch,CURLOPT_POST, count($data)); 
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string); 
//YOUR LINK IS HTTPS 
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false); 

//execute post 
$result = curl_exec($ch); 

//close connection 
curl_close($ch);`

来源

2017-05-26 alberzyzz

回答

1

如果你已经拥有的价值观,不要以这种方式使用的形式,这是错误的,并会在几个问题导致。您不需要与该表单进行用户交互,因此只需调用一个函数,该函数依赖https://sis-t.redsys.es:/sis/realizarPago发送一个包含所需的所有值的数组作为参数,后端将按您的要求处理这些值。

严重删除html和javascript。

$login = \Fr\LS::login($user, $pass, false, false); 
if($login === true){ 

//Some database stuff 

$amount = "$price"; 
$id = "$num_fact"; 
$terminal = "01"; 
$moneda = "978"; 
$trans = "0"; 
$fuc = "335814141"; 
$urlOK = "https://www..com/.php"; 

$miObj = new RedsysAPI; 
$miObj->setParameter("DS_MERCHANT_AMOUNT",$amount); 
$miObj->setParameter("DS_MERCHANT_ORDER",$id); 
$miObj->setParameter("DS_MERCHANT_MERCHANTCODE",$fuc); 
$miObj->setParameter("DS_MERCHANT_CURRENCY",$moneda); 
$miObj->setParameter("DS_MERCHANT_TRANSACTIONTYPE",$trans); 
$miObj->setParameter("DS_MERCHANT_TERMINAL",$terminal); 
$miObj->setParameter("DS_MERCHANT_MERCHANTURL",$url); 
$miObj->setParameter("DS_MERCHANT_URLOK",$urlOK); 
$miObj->setParameter("DS_MERCHANT_URLKO",$urlKO); 
$params = $miObj->createMerchantParameters(); 
$claveModuloAdmin = ''; 
$signature = $miObj->createMerchantSignature($claveModuloAdmin); 
if ($signature){ 
$data = array(
     'Ds_SignatureVersion'=> 'HMAC_SHA256_V1', 
     'DS_MerchantParameters' => $params, 
      'Ds_Signature' => $signature 
    ); 
    realizarPago($data); 
} 
?>

您可以使用卷曲发送数据,如果形式的到底是不是你的系统:

$url = 'https://sis-t.redsys.es:/sis/realizarPago'; 
$data = array(
     'Ds_SignatureVersion'=> 'HMAC_SHA256_V1', 
     'DS_MerchantParameters' => $params, 
      'Ds_Signature' => $signature 
    ); 

//url-ify the data for the POST 
foreach($data as $key=>$value) { $fields_string .= $key.'='.$value.'&'; } 
rtrim($fields_string, '&'); 

//open connection 
$ch = curl_init(); 

//set the url, number of POST vars, POST data 
curl_setopt($ch,CURLOPT_URL, $url); 
curl_setopt($ch,CURLOPT_POST, count($data)); 
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string); 
//YOUR LINK IS HTTPS 
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false); 

//execute post 
$result = curl_exec($ch); 

//close connection 
curl_close($ch);

观察: http://php.net/manual/en/function.curl-setopt.php#110457

请大家,停止设置CURLOPT_SSL_VERIFYPEER为假或0.如果 您的PHP安装没有最新的CA根证书 包,请在curl websi下载它TE并将其保存 服务器上:

http://curl.haxx.se/docs/caextract.html

在php.ini文件然后设置的路径给它,例如在Windows上:

curl.cainfo = C:\ PHP \ cacert.pem

关闭CURLOPT_SSL_VERIFYPEER允许中间人(MITM)攻击 ,你不想要的!

来源

2017-05-26 10:22:28 calexandre

+0

谢谢你的评论和完整的答案。但是,如何将数组中的所有'$ data'发送到“https://sis-t.redsys.es:25443/sis/realizarPago”?我不行吧 – alberzyzz

+1

如果系统不一样,用cURL发送数据,我会编辑我的答案。 – calexandre

+0

对不起,我有点迷路,想要理解。我应该使用哪一段代码? – alberzyzz

相关问题

 相关问题