webnick Posted November 11, 2006 Share Posted November 11, 2006 I've written a long script to try and post payments to a gateway. It was working fine for a week but now the client reports the script posts to the gateway but the page hangs blank. I would sure appreciate any feedback on this. I'm not sure of sessions are the best way to work with a shopping cart; maybe this is part of the issue? Or a long SQL query?! Thanks for feedback.[code]<? // Script prepares/ submits invoce for credit card processingforeach($_POST AS $key => $value) { ${$key} = $value; } // Make form variables available by nameif($_POST['consent'] == "true") { // Start the transaction // Open database connection $connection = mysql_connect($dbServer, $dbUser, $dbPass); $db = mysql_select_db($dbName); if (!$connection || !$db) { exit(mysql_error()); } // Check posted passwords if (!isset($password) || $password == "" || sha1($password) !== sha1($password2)) { exit('Sorry, passwords provided did not match.'); } else { // Add user info to database $login = $email; $pass = sha1($password); unset($_POST['password']); unset($_POST['password2']); $birthday = "$birthmo/$birthdy/$birthyr"; $cust_name = "$first_name $last_name"; $sql = "SELECT `id`, `password` FROM `onlineusers` WHERE `login`='$login' LIMIT 1"; // Check if username is in use $result = mysql_query($sql); if (mysql_numrows($result) > 0) { $row = mysql_fetch_array($result); if($row['password'] !== $pass) { exit('Sorry, password or username did not match our records.'); } $currentuser = $row['id']; $sql = "UPDATE `onlineusers` SET `birthday`='$birthday', `first_name`='$first_name', `last_name`='$last_name', `email`='$email', `address`='$address', `address2`='$address2', `city`='$city', `state`='$state', `phone`='$phone', `phone2`='$phone2', `x_first_name`='$x_first_name', `x_last_name`='$x_last_name', `x_company`='$x_company', `x_address`='$x_address', `x_address2`='$x_address2', `x_city`='$x_city', `x_state`='$x_state', `x_zip`='$x_zip', `x_card_num`='$x_card_num', `x_card_type`='$x_card_type', `x_exp_date`='$x_exp_date', `x_cardid`='$x_cardid' WHERE `login`='$login' AND `password`='$pass' LIMIT 1;"; // Make sure to verify the password against record } else { $id = time('U'); $currentuser = $id; $sql = "INSERT INTO `onlineusers` (`id`, `login`, `password`, `birthday`, `first_name`, `last_name`, `email`, `address`, `address2`, `city`, `state`, `phone`, `phone2`, `x_first_name`, `x_last_name`, `x_company`, `x_address`, `x_address2`, `x_city`, `x_state`, `x_zip`, `x_card_num`, `x_card_type`, `x_exp_date`, `x_cardid`) VALUES ('$id', '$login', '$pass', '$birthday', '$first_name', '$last_name', '$email', '$address', '$address2', '$city', '$state', '$phone', '$phone2', '$x_first_name', '$x_last_name', '$x_company', '$x_address', '$x_address2', '$x_city', '$x_state', '$x_zip', '$x_card_num', '$x_card_type', '$x_exp_date', '$x_cardid');"; } if (!mysql_query($sql)) { exit(mysql_error()); } } // Prepare values for Authorize.net $DEBUGGING = 0; // Display additional information to track down problems $TESTING = 0; // Set the testing flag so that transactions are not live $ERROR_RETRIES = 2; // Number of transactions to post if soft errors occur $auth_net_login_id = "foo"; $auth_net_tran_key = "bar"; $auth_net_url = "https://secure.authorize.net/gateway/transact.dll"; // https://test.authorize.net/gateway/transact.dll $authnet_values = array( "x_login" => $auth_net_login_id, "x_version" => "3.1", "x_delim_char" => "|", "x_delim_data" => "TRUE", "x_url" => "FALSE", "x_type" => "AUTH_ONLY", //AUTH_CAPTURE, AUTH_ONLY, CAPTURE_ONLY, CREDIT, VOID, PRIOR_AUTH_CAPTURE "x_method" => "", "x_tran_key" => $auth_net_tran_key, "x_relay_response" => "FALSE", // always FLASE with AIM system "x_invoice_num" => "", "x_cust_id" => "$currentuser", "x_card_num" => "", "x_exp_date" => "", "x_description" => "", "x_line_item" => "", "x_amount" => "", "x_first_name" => "", "x_last_name" => "", "x_address" => "", "x_city" => "", "x_state" => "", "x_zip" => "", "x_email" => "$email", "x_ship_to_first_name" => "$first_name", "x_ship_to_last_name" => "$last_name"); // Build post query $postdata = ""; foreach($authnet_values as $key => $val) { if(array_key_exists($key, $_POST)) { // If they're part of the Authnet post, replace array with post values if(!is_array($_POST[$key])) { $val = $_POST[$key]; } } $postdata .= "$key=". urlencode($val) ."&"; } // Get line-items for invoice. These pipes should not be URL encoded $itemNo = "1"; foreach($_POST['x_line_item'] as $key => $val) { $postdata .= "x_line_item=item$itemNo<|>$first_name $last_name<|>$key<|>1<|>$val<|>N&"; $itemNo++; } // Now post the transaction $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $auth_net_url); curl_setopt($ch, CURLOPT_HEADER, 0); // set to 0 to eliminate header info from response curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Returns response data instead of TRUE(1) curl_setopt($ch, CURLOPT_POSTFIELDS, rtrim($postdata,"& ")); // use HTTP POST to send form data curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); // uncomment this line if you get no gateway response. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); // uncomment this line if you get no gateway response. $response = curl_exec($ch); // execute POST and get results curl_close($ch); // Interpet the post response $text = $response;// Use this hack to get transaction Response Code$fpos = strpos($text, $authnet_values['x_delim_char']);$fval = $text{$fpos - 1};if($fval == "1") { $fval = "Approved";} elseif($fval == "2") { $fval = "Declined";} elseif($fval == "3") { $fval = "Error";} $anet_rsp = ""; $h = substr_count($text, $authnet_values['x_delim_char']); // Count the number of substring occurrences $h++; for($j=1; $j <= $h; $j++) // Iterate through each part of response code { $p = strpos($text, $authnet_values['x_delim_char']); // Find position of first delineation in returned string if ($p === false) { if($j >= 69) { // Merchant definied variables for fields above 69 $anet_rsp .= "\n($j) Merchant-defined: $text <br />"; } else { $anet_rsp .= "\n($j) $text <br />"; } } else { // x_delim_char was found, now return response code values $p++; $pstr = substr($text, 0, $p); // this prepares the text and returns one value of the submitted and processed name/value pairs at a time $pstr_trimmed = substr($pstr, 0, -1); // removes "|" at the end if($pstr_trimmed == "") { $pstr_trimmed = "NO VALUE RETURNED <br />"; } switch($j) { case 1: /* This wasn't finding Response Code $fval = ""; if($pstr_trimmed == "1") { $fval = "Approved"; } elseif($pstr_trimmed == "2") { $fval = "Declined"; } elseif($pstr_trimmed == "3") { $fval = "Error"; } */ $anet_rsp .= "\n($j) Response Code: $fval <br />"; break; case 2: $anet_rsp .= "\n($j) Response Subcode: $pstr_trimmed <br />"; break; case 3: $anet_rsp .= "\n($j) Response Reason Code: $pstr_trimmed <br />"; break; case 4: $anet_rsp .= "\n($j) Response Reason Text: $pstr_trimmed <br />"; break; case 5: $anet_rsp .= "\n($j) Approval Code: $pstr_trimmed <br />"; break; default: if($j >= 69){ $anet_rsp .= "\n($j) Merchant-defined: $pstr_trimmed"; } elseif($pstr_trimmed == "NO VALUE RETURNED <br />") { // Do nothing } else { $anet_rsp .= "\n($j) $pstr_trimmed <br />"; } break; } // Remove the part that we identified and work with the rest of the string $text = substr($text, $p); } } // Add record for each purchase item if($fval == "Approved") { $sql = "INSERT INTO `onlinesales` (`id`, `date`, `x_cust_id`, `cust_name`, `x_invoice_num`, `x_amount`, `x_line_item`, `itemprice` ) VALUES "; foreach($_POST['x_line_item'] as $key => $val) { $sql .= "\n(NULL, '$date', '$currentuser', '$cust_name', '$x_invoice_num', '$x_amount', '$key', '$val'),"; } $sql = substr($sql, 0, -1); // Trim last comma from query @mysql_query($sql); // No MYSQL errors at this point. Transaction was already sent $umessage = "\n<p>$fval: Your transaction was submitted and approved. A recipt has been e-mailed to the address provided.<br />"; $umessage .= "\n<div style=\"border:1px solid orange;padding:1em\">"; $umessage .= "\nInvoice date: $date <br />Invoice No: $x_invoice_num<br /><br />"; $umessage .= "\n<em>Transaction Codes:</em><br />\n$anet_rsp</div>"; } else { $umessage = "\n<p>$fval: There was an error in the submitted transaction. Please use your 'back' button to try again.</p>"; $umessage .= "\n<div style=\"border:1px solid orange;padding:1em\"><em>Transaction Codes:</em><br />\n$anet_rsp</div>"; }} else { $umessage = "Error. We don't have enough information for this request";}?><html><head><title>Checkout</title></head><body><?= $umessage; print_r($_SESSION); ?></body></html>[/code] Link to comment https://forums.phpfreaks.com/topic/26903-long-shopping-cart-script/ Share on other sites More sharing options...
fenway Posted November 12, 2006 Share Posted November 12, 2006 I can't guess what could possibly be wrong with such a script... eliminate all of the non-session stuff, see if it still works or not. Link to comment https://forums.phpfreaks.com/topic/26903-long-shopping-cart-script/#findComment-123404 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.