The Little Guy Posted April 26, 2013 Share Posted April 26, 2013 (edited) We are going to be using Stripe so people can make payments to us. If you're not familiar with how Stripe works, here is the breakdown: JavaScript is used to build a one time token, and make some tests. If the data passes the JavaScript tests your information is sent to my server to use the Stripe API that actually makes the payment You get a json result back that is parsed back into php. If the charge fails an Error is Thrown that you need to catch If the charge is successful, then you get a confirmation id that you can save in your database to look it up later or do whatever you need with it. So that is how Stripe works. My question is, when an error is thrown, I want to redirect the user back to the form to fix the error, but I don't want to make them fill out the form again. What is a safest or most secure way to do this (when we go live we will be using SSL for HTTPS)? Edited April 26, 2013 by The Little Guy Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted April 28, 2013 Author Share Posted April 28, 2013 Anyone? Quote Link to comment Share on other sites More sharing options...
jcbones Posted April 29, 2013 Share Posted April 29, 2013 So if it is sent via javascript, then most likely you are using an AJAX request? If so, then you shouldn't be leaving the page until you get a response. Really though, there isn't enough to go on here. To many variables, not enough info. Quote Link to comment Share on other sites More sharing options...
Adam Posted April 29, 2013 Share Posted April 29, 2013 If you're handling the data yourself then you need to make sure you're PCI compliant. Even if you're not storing the data permanently, you need to make sure you're not breaking any violations for that short amount of time it exists on your server. Also make sure you aren't accidentally storing it for a longer period of time without realising; error and access logs for example! You need to be really careful. If your servers are compromised and someone's bank details are taken and you're not PCI compliant, they'll come down on you like a tonne of bricks! As for showing the form again, I wouldn't redirect, I would just render the form again? Redirect the request internally to the right controller, if that makes sense? Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted April 29, 2013 Share Posted April 29, 2013 Leave everything but their CC info (number, security number) sticky. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted April 30, 2013 Author Share Posted April 30, 2013 As for showing the form again, I wouldn't redirect, I would just render the form again? Redirect the request internally to the right controller, if that makes sense? I don't know if I really like that idea. I can do it, but I would like to stay away from it due to the way the site works. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.