Jump to content
  • 0

The Form Token Is Invalid

smicroz

Asked by smicroz,

 Share

Question

18 answers to this question

Recommended Posts

  • 0
Cody Newbie

Cody

Posted
Posted

Sounds like you're gateway is posting back to your Blesta installation. I'm sure that's not what you intended. Make sure the form for your non-merchant gateway is posting to your payment service provider.

  • 0
smicroz Newbie

smicroz

Posted
  • Author
Posted

Should be to url provided by payment gateway, include order number, amount, description and mail.

{
		
        $amount = round($amount, 2);

        $order_id = $this->ifSet($contact_info['client_id']) . "-" . time();

        //redirection URL
        $redirect_url = Configure::get("Blesta.gw_callback_url") . Configure::get("Blesta.company_id") . "/flow/" . $this->ifSet($contact_info['client_id']);


		$fields = array(
				'orden_compra' => $order_id,
				'monto' => $amount,
				'concepto' => $this->ifSet($options['description']),
				'email_pagador' => $this->ifSet($client->email),
				);


		$this->view = $this->makeView("process", "default", str_replace(ROOTWEBDIR, "", dirname(__FILE__) . DS));
		// Load the helpers required for this view
		Loader::loadHelpers($this, array("Form", "Html"));


		$this->view->set("post_to", $flow_url_pago);
		$this->view->set("fields", $fields);
		
		return $this->view->fetch();
	}
  • 0
Tyson Newbie

Tyson

Posted
Posted

The code you provided shows what is set to your gateway's view. I see you set a $redirect_url that is unused, though. What is the content of the process.pdt view? This is where your form is being generated.

  • 0
smicroz Newbie

smicroz

Posted
  • Author
Posted

I reread the documentation and had some mistakes, but basically do not get that error now. (I add code a little below, $parameters is a hidden input that contains order details and some requirements of payment gateway, as amount, order id, description, private_key)

 

But I have some doubts about how it blesta works

 

1. First, about order id, when a user is in /client/pay/confirm/ , there some order_id to identify the transaction?

2. The payment gateway url needs three url post-payment process. I only should be use the callback with blesta? any suggestion?

 

Confirmation page (callback): It corresponds to a page that will be called by the gateway with the outcome of the transaction. If the payment was made by credit card on this page you can confirm or reject the transaction. For this payment gateway will deliver the transaction data and you can verify if they match the data you sent.

Success page:This page will be called by the payment gateway once the transaction is accepted and send the data of the successful transaction.

Failure page: This page will be called by the payment gateway when the transaction was rejected.

 

Process.pdt

	// Disable CSRF for this form
	$this->Form->setCsrfOptions(array('set_on_create' => false));
	
	$this->Form->create($post_to);
	$this->Form->fieldHidden('parameters', $parameters);
	
	$this->Form->fieldSubmit("submit", $this->_("Flow.buildprocess.submit", true));
	
	$this->Form->end();

Thanks!

  • 0
Tyson Newbie

Tyson

Posted
Posted

Your template looks fine. I take it your $post_to variable is set to the payment gateway's expected payment URL?

 

 

1. First, about order id, when a user is in /client/pay/confirm/ , there some order_id to identify the transaction?

A transaction is created once a payment is made. The URI you included is the review page before making a payment, so there is no transaction ID or order ID, etc., available. If your gateway needs one, you can generate a unique identifier yourself.

 

 

2. The payment gateway url needs three url post-payment process. I only should be use the callback with blesta? any suggestion?

 

Confirmation page (callback): It corresponds to a page that will be called by the gateway with the outcome of the transaction. If the payment was made by credit card on this page you can confirm or reject the transaction. For this payment gateway will deliver the transaction data and you can verify if they match the data you sent.

Success page:This page will be called by the payment gateway once the transaction is accepted and send the data of the successful transaction.

Failure page: This page will be called by the payment gateway when the transaction was rejected.

Your confirmation callback can be sent to the callback URL. PayPal's callback URL defined in the buildProcess method is:

Configure::get("Blesta.gw_callback_url") . Configure::get("Blesta.company_id") ."/paypal_payments_standard/?client_id=" . $this->ifSet($contact_info['client_id'])

You would simply replace "paypal_payments_standard" with your gateway's name.

  • 0
Tyson Newbie

Tyson

Posted
Posted

I forgot to mention you can have the gateway return the client (success/failure page) to the return URL given to you in the buildProcess method. i.e.

$this->ifSet($options['return_url']);

Another question, is there any way to get the user's mail? The array $contact_info not contains this.

 

I'm a little surprised the email is not included. We should probably add that. However, you can query for it yourself:

public function buildProcess(array $contact_info, ...) {
    Loader::loadModels($this, array('Contacts'));
    $contact = $this->Contacts->get($contact_info['id']);
    $email = $contact->email;
    
    ...
}
  • 0
smicroz Newbie

smicroz

Posted
  • Author
Posted

Hi Tyson,

 

Thanks by help!

 

I have some doubs to create callback.

 

1. This url should be work to success and failture?

$this->ifSet($options['return_url']);

2. As there is no a order ID, I set clientNumer-date, the problem I should save it somewhere, because the callback resend (orderid, amount, concept, mail, and ID of transaction generated by gateway [also this id should be saved in somewhere]), any suggestion to store this details? or other solution?

$order_id = $this->ifSet($contact_info['client_id']) . "-" . time();

3. When gateway is returned to client/pay/received/gatewayname/id/ dates is captured by validate function? and I should send to success function?

4. OFFTOPIC - I change name of payment gateway from language, but this not is updated to clients? there some cache? if so, how I can clean cache?

 

Thanks!

 

Rgds,

Eduardo

  • 0
Tyson Newbie

Tyson

Posted
Posted

4. OFFTOPIC - I change name of payment gateway from language, but this not is updated to clients? there some cache? if so, how I can clean cache?

The gateway name is stored in the database still, so updating it in the language file would have no effect. You can re-install the gateway for the name change to take effect. Alternatively, you could update Blesta's core to use the language file instead as naja7host demonstrates in another thread.

 

 

1. This url should be work to success and failture?

$this->ifSet($options['return_url']);

 

Does your gateway support making a callback to one URL while redirecting the client to another URL? I assume so, in which case you should redirect the callback to the callback URL:

Configure::get("Blesta.gw_callback_url") . Configure::get("Blesta.company_id") ."/paypal_payments_standard/?client_id=" . $this->ifSet($contact_info['client_id']);

Then you would tell the gateway to redirect the customer to the return URL:

$this->ifSet($options['return_url']);

If the gateway does not send data to the callback URL without redirecting the customer back at the same time, then you must use the callback URL instead.

 

 

2. As there is no a order ID, I set clientNumer-date, the problem I should save it somewhere, because the callback resend (orderid, amount, concept, mail, and ID of transaction generated by gateway [also this id should be saved in somewhere]), any suggestion to store this details? or other solution?

$order_id = $this->ifSet($contact_info['client_id']) . "-" . time();

When the processor returns data back to your gateway, it will be available in your validate and success methods. Check the $get and $post data for the values you need to save. Make sure your validate method returns the correct data. If you have a special ID to save, you might save it as the reference_id.

 

 

3. When gateway is returned to client/pay/received/gatewayname/id/ dates is captured by validate function? and I should send to success function?

When the gateway processor returns data back to your gateway, it will come in through validate. You do not need to call success at all.

  • 0
smicroz Newbie

smicroz

Posted
  • Author
Posted

Hi,

 

4. Thanks, I reinstalled and language is correctly updated :)

2. The confirmation page is invoked by the payment gateway with the result of transaction, allowing to the trade accept or reject, if in this page the transaction it not accepted, no payment shall be made. A example code of payment gateway confirmation page (I add to success method)

Loader::load(dirname(__FILE__) . DS . "lib" . DS . "flowAPI.php");
        $flowAPI = new flowAPI();


        try {
			// Read data sent by payment gateway
			$flowAPI->read_confirm();
			
		} catch (Exception $e) {
			// If there an error the response is false
			echo $flowAPI->build_response(false);
			return;
		}

		//Retrieves the values of the Order
		$FLOW_STATUS = $flowAPI->getStatus();  //The result of the transaction (success or failure)
		$ORDEN_NUMERO = $flowAPI->getOrderNumber(); // Trade Order No.
		$MONTO = $flowAPI->getAmount(); // Transaction amount
		$ORDEN_FLOW = $flowAPI->getFlowNumber(); // If $FLOW_STATUS = "SUCCESS" the Order No. of payment gateway
		$PAGADOR = $flowAPI->getPayer(); // Email of end-client

		if($FLOW_STATUS == "SUCCESS") {
			// The transaction was accepted by payment gateway
			// Here you can update your information with the data received by payment gateway
			echo $flowAPI->build_response(true); // Trade accepts the transaction
		} else {
			echo $flowAPI->build_response(false); // Trade rejects the transaction
		}

The response should be similar to

 

status=SUCCESS&c=trademail&s=electronic signature

 

But it does not work

 

Thanks!

  • 0
smicroz Newbie

smicroz

Posted
  • Author
Posted

Update 2

Finally the confirmation step, should be show a white page with the following text (The payment gateway invoke this page and send (_POST) to check signature and execute the payment)

status=success&c=mail-trade&s=signature

I think that confirmation page should be a different to 

Configure::get("Blesta.gw_callback_url") . Configure::get("Blesta.company_id") ."/paypal_payments_standard/?client_id=" . $this->ifSet($contact_info['client_id']);

Some suggestion?

  • 0
Tyson Newbie

Tyson

Posted
Posted

Are you referring to the page that the client is sent back to after they make a payment with the processor? If so, you can use the return_url I mentioned above. The client will be redirected to the generic payment-success page in Blesta when they come back from making a payment.

  • 0
Tyson Newbie

Tyson

Posted
Posted

This is how I interpret the steps in that graph:

  1. Client tries to pay an invoice using your gateway
  2. Client is redirected to the payment processor's website where they make a payment
  3. The payment processor contacts Blesta (via the callback URL) to tell Blesta a payment has been made.
  4. Your Blesta gateway performs any required validation necessary to ensure the payment is legitimate.
  5. Normally, validating step 4 would be an API request to acknowledge and confirm the payment with the payment processor. You can perform a remote request over the API from your validate method before returning from this method.
  6. The payment processor receives your confirmation request and would reply with some information indicating whether the payment details were correct.
  7. Steps 7-9 shouldn't be anything you need to worry about in your gateway. After the client is redirected back to Blesta, they will see a page indicating the payment is being processed. This can suffice as the success and failure pages.

 

Finally the confirmation step, should be show a white page with the following text (The payment gateway invoke this page and send (_POST) to check signature and execute the payment)

status=success&c=mail-trade&s=signature

You shouldn't need to generate any "page" to send to the payment processor for confirmation. Make an API request however their API dictates, for example, via cURL to POST the fields "status=success&c=mail-trade&s=signature" to them. Take a look at the validate method in PayPal Payments Standard to get a better idea of how it confirms the payment.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to question listing
×
×
  • Create New...