credit card processing
Moderator: General Moderators
- bluesman333
- Forum Commoner
- Posts: 52
- Joined: Wed Dec 31, 2003 9:47 am
credit card processing
I'm unclear on exactly how credit card processing will work.
To be compliant with credit card company regulations, you must provide users with a page to confirm the details of there order before submitting. But, how do you do this without storing the password somewhere?
You have a page that collects the credit card number and POSTs to a page to confirm. If you are not saving passwords anywhere, how do you then POST to the payment gateway?
To be compliant with credit card company regulations, you must provide users with a page to confirm the details of there order before submitting. But, how do you do this without storing the password somewhere?
You have a page that collects the credit card number and POSTs to a page to confirm. If you are not saving passwords anywhere, how do you then POST to the payment gateway?
- bluesman333
- Forum Commoner
- Posts: 52
- Joined: Wed Dec 31, 2003 9:47 am
- Ollie Saunders
- DevNet Master
- Posts: 3179
- Joined: Tue May 24, 2005 6:01 pm
- Location: UK
By adding a form which collects the cc details and posts to the processing script. User must enter the CC info just before the processing. Then you process and return status.bluesman333 wrote:I am using curl to send the data to the payment gateway. But, how do I get the cc number to the script that sends to the payment gateway without saving to db?
I'm dealing with a similar problem.
I currently have a billing.php page which collects the user's credit card info. The submit button on billing.php submits this info to check_credit.php.
check_credit.php uses the post variables and curl to submit the payment to the credit card company and returns status.
Note that both billing.php and check_credit.php check a session variable called "current" to see if it contains "billing". If it doesn't, the script redirects the user to another page.
However, my concern is that check_credit.php can be executed while the user is on billing.php (i.e. by opening up another window and typing in http://.../check_credit.php.)
So I would like check_credit.php only be able to be access once the user has submitted his/her credit card info.
Any help is appreciated. Thanks!
I currently have a billing.php page which collects the user's credit card info. The submit button on billing.php submits this info to check_credit.php.
check_credit.php uses the post variables and curl to submit the payment to the credit card company and returns status.
Note that both billing.php and check_credit.php check a session variable called "current" to see if it contains "billing". If it doesn't, the script redirects the user to another page.
However, my concern is that check_credit.php can be executed while the user is on billing.php (i.e. by opening up another window and typing in http://.../check_credit.php.)
So I would like check_credit.php only be able to be access once the user has submitted his/her credit card info.
Any help is appreciated. Thanks!
then add a hidden field named __post with value 1 and on check_credit.php use but this could be hacked
Code: Select all
if($_POST['__post']=='1') { // do the processing }- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
Just make sure you keep the session active from file to file. I oftentimes forget that not every PHP programmer uses sessions as often as a lot of us do, but I have sessions active on every page. Just keep the session up. It's the most secure method.Rod wrote:miro_igov thanks for your reply
However, I'd prefer not to set a session variable in billing.php, because then the user just has to be on billing.php to access check_credit.php.
I'd like it for the user only to be able to access check_credit.php when the submit button is hit on billing.php.
- bluesman333
- Forum Commoner
- Posts: 52
- Joined: Wed Dec 31, 2003 9:47 am
I typed wrong. I meant to say save 'credit card number' not 'password' - big difference. Completely different issue. Allow me to explain again.ole wrote:You store whether they are logged in or not in a session. You never need to store a password at all anyway because you can compare hashes of it.
Lets say I want to have a page where I collect the credit card number. After collecting the number I want to allow the user to confirm the details before submitting the transaction to the payment gateway. What do I do with the credit card number while the user is on the confirmation page?
I'm using authorize.net as my gateway. I know that I can use transaction type AUTH_ONLY to authorize the credit card. I'm thinking that I can then do a PRIOR_AUTH_CAPTURE on the confirmation page, but I'm unsure of the results this will produce since I'm still using a test account and haven't been able to test this.
I'd like to know if it's possible to do AUTH_CAPTURE and be able to give the user a confirmation page.