0
我试图使自动付款系统,其中用户可以使用PerfectMoney充值他们的帐户。他们的网站有SCI表格生成器,它生成此表格:PerfectMoney API集成(错误500)
<form action="https://perfectmoney.is/api/step1.asp" method="POST">
<input type="hidden" name="PAYEE_ACCOUNT" value="E1089920">
<input type="hidden" name="PAYEE_NAME" value="Test account">
<input type='hidden' name='PAYMENT_ID' value='<?=time() ?>'>
<input type="text" name="PAYMENT_AMOUNT" value=""><BR>
<input type="hidden" name="PAYMENT_UNITS" value="EUR">
<input type="hidden" name="STATUS_URL" value="http://dev.limited.rs/status.php">
<input type="hidden" name="PAYMENT_URL" value="http://dev.limited.rs/complete.php">
<input type="hidden" name="PAYMENT_URL_METHOD" value="POST">
<input type="hidden" name="NOPAYMENT_URL" value="http://dev.limited.rs/failed.php">
<input type="hidden" name="NOPAYMENT_URL_METHOD" value="POST">
<input type="hidden" name="SUGGESTED_MEMO" value="">
<input type="hidden" name="BAGGAGE_FIELDS" value="IDENT"><br>
<input type="submit" name="PAYMENT_METHOD" value="Pay Now!" class="tabeladugme"><br><br>
</form>
将数据发送到PerfectMoney网站的常规表单。反过来,PerfectMoney将通过POST方法将数据发回给我两次,一次是付款完成,另一次是用户重定向到网站。当支付完成后,我干脆把所有的数据,并存储在数据库中,只是这样我就可以检查它,当用户回到网站,像这样的:
<?php
ob_start();
session_start();
require 'config.php';
if (!isset($_POST['PAYMENT_ID']) || !isset($_POST['PAYEE_ACCOUNT']) || !isset($_POST['PAYMENT_AMOUNT']) || !isset($_POST['PAYMENT_UNITS']) || !isset($_POST['PAYMENT_BATCH_NUM']) || !isset($_POST['PAYER_ACCOUNT']) || !isset($_POST['TIMESTAMPGMT']))
{
header("location:uploadfunds.php");
exit();
}
if (isset($_POST['PAYMENT_ID']) || isset($_POST['PAYEE_ACCOUNT']) || isset($_POST['PAYMENT_AMOUNT']) || isset($_POST['PAYMENT_UNITS']) || isset($_POST['PAYMENT_BATCH_NUM']) || isset($_POST['PAYER_ACCOUNT']) || isset($_POST['TIMESTAMPGMT']))
{
$sum=$_POST['PAYMENT_AMOUNT'];
$passphrase=strtoupper(md5("<passphrase here>"));
$hash=$_POST['PAYMENT_ID'].':'.$_POST['PAYEE_ACCOUNT'].':'.
$_POST['PAYMENT_AMOUNT'].':'.$_POST['PAYMENT_UNITS'].':'.
$_POST['PAYMENT_BATCH_NUM'].':'.
$_POST['PAYER_ACCOUNT'].':'.$passphrase.':'.
$_POST['TIMESTAMPGMT'];
$hash2=strtoupper(md5($hash));
$pending = "Pending";
$sqlcheck1 = "SELECT * FROM payments WHERE Hash = '$hash' AND Status = '$pending'";
$rescheck1 = mysql_query($sqlcheck1);
if (mysql_num_rows($rescheck1) != 0)
{
if($hash2==$_POST['V2_HASH'])
{
echo "Hash2 = V2_HASH";
$method = "Uploaded funds";
$completed = "Completed";
$today = date('Y-m-d');
$type = "Perfect Money";
$addfunds = "UPDATE balance SET Balance = Balance + '$sum' WHERE User = '$uploader'";
$addhistory = "INSERT INTO bank (User,Amount,Method,Transdate,Type,Status) VALUES ('$me','$sum','$method','$today','$type','$status')";
$updatepayment = "UPDATE payments SET Status = '$completed' WHERE Hash = '$hash' AND User = '$uploader'";
mysql_query($addfunds);
mysql_query($addhistory);
mysql_query($updatepayment);
header("bank.php");
exit();
}
if($hash2!=$_POST['V2_HASH'])
{
echo "hash2 != V2_HASH";
header("location:error.php?id=2");
exit();
}
}
?>
因此,我从字面上比较数据我之前2秒钟获得了我现在得到的数据,它应该匹配并且它确实。在我编写脚本10天后,它开始失败,我得到了错误500.任何地方都没有任何日志来说明发生了什么,并且从调试代码开始,这一切似乎都奏效。
请不要再使用'mysql_ *'函数。它们被弃用,容易被注射。有关更多信息,请参见http://www.php.net/manual/en/function.mysql-query.php。 – chill0r
谢谢,但我真的只是想解决这个错误在这一点上..除非你认为这是实际的问题,我宁愿做一个工作代码,很容易升级到pdo或mysqli稍后的道路=) –