Jump to content
  • 0

The Form Token Is Invalid


smicroz

Question

Hi,
 
I'm trying create a payment gateway usign https://docs.blesta.com/display/dev/Payment+Gateways, but when I click on pay buttom get " The form token is invalid."
 
In the gateway php file I add this line but I continue getting error.
// Disable CSRF for this form
$this->Form->setCsrfOptions(array('set_on_create' => false));

Any suggestion?

 

Rgds,

Link to comment
Share on other sites

18 answers to this question

Recommended Posts

  • 0

Should be to url provided by payment gateway, include order number, amount, description and mail.

{
		
        $amount = round($amount, 2);

        $order_id = $this->ifSet($contact_info['client_id']) . "-" . time();

        //redirection URL
        $redirect_url = Configure::get("Blesta.gw_callback_url") . Configure::get("Blesta.company_id") . "/flow/" . $this->ifSet($contact_info['client_id']);


		$fields = array(
				'orden_compra' => $order_id,
				'monto' => $amount,
				'concepto' => $this->ifSet($options['description']),
				'email_pagador' => $this->ifSet($client->email),
				);


		$this->view = $this->makeView("process", "default", str_replace(ROOTWEBDIR, "", dirname(__FILE__) . DS));
		// Load the helpers required for this view
		Loader::loadHelpers($this, array("Form", "Html"));


		$this->view->set("post_to", $flow_url_pago);
		$this->view->set("fields", $fields);
		
		return $this->view->fetch();
	}
Link to comment
Share on other sites

  • 0

I reread the documentation and had some mistakes, but basically do not get that error now. (I add code a little below, $parameters is a hidden input that contains order details and some requirements of payment gateway, as amount, order id, description, private_key)

 

But I have some doubts about how it blesta works

 

1. First, about order id, when a user is in /client/pay/confirm/ , there some order_id to identify the transaction?

2. The payment gateway url needs three url post-payment process. I only should be use the callback with blesta? any suggestion?

 

Confirmation page (callback): It corresponds to a page that will be called by the gateway with the outcome of the transaction. If the payment was made by credit card on this page you can confirm or reject the transaction. For this payment gateway will deliver the transaction data and you can verify if they match the data you sent.

Success page:This page will be called by the payment gateway once the transaction is accepted and send the data of the successful transaction.

Failure page: This page will be called by the payment gateway when the transaction was rejected.

 

Process.pdt

	// Disable CSRF for this form
	$this->Form->setCsrfOptions(array('set_on_create' => false));
	
	$this->Form->create($post_to);
	$this->Form->fieldHidden('parameters', $parameters);
	
	$this->Form->fieldSubmit("submit", $this->_("Flow.buildprocess.submit", true));
	
	$this->Form->end();

Thanks!

Link to comment
Share on other sites

  • 0

Your template looks fine. I take it your $post_to variable is set to the payment gateway's expected payment URL?

 

 

1. First, about order id, when a user is in /client/pay/confirm/ , there some order_id to identify the transaction?

A transaction is created once a payment is made. The URI you included is the review page before making a payment, so there is no transaction ID or order ID, etc., available. If your gateway needs one, you can generate a unique identifier yourself.

 

 

2. The payment gateway url needs three url post-payment process. I only should be use the callback with blesta? any suggestion?

 

Confirmation page (callback): It corresponds to a page that will be called by the gateway with the outcome of the transaction. If the payment was made by credit card on this page you can confirm or reject the transaction. For this payment gateway will deliver the transaction data and you can verify if they match the data you sent.

Success page:This page will be called by the payment gateway once the transaction is accepted and send the data of the successful transaction.

Failure page: This page will be called by the payment gateway when the transaction was rejected.

Your confirmation callback can be sent to the callback URL. PayPal's callback URL defined in the buildProcess method is:

Configure::get("Blesta.gw_callback_url") . Configure::get("Blesta.company_id") ."/paypal_payments_standard/?client_id=" . $this->ifSet($contact_info['client_id'])

You would simply replace "paypal_payments_standard" with your gateway's name.

Link to comment
Share on other sites

  • 0

I forgot to mention you can have the gateway return the client (success/failure page) to the return URL given to you in the buildProcess method. i.e.

$this->ifSet($options['return_url']);

Another question, is there any way to get the user's mail? The array $contact_info not contains this.

 

I'm a little surprised the email is not included. We should probably add that. However, you can query for it yourself:

public function buildProcess(array $contact_info, ...) {
    Loader::loadModels($this, array('Contacts'));
    $contact = $this->Contacts->get($contact_info['id']);
    $email = $contact->email;
    
    ...
}
Link to comment
Share on other sites

  • 0

Hi Tyson,

 

Thanks by help!

 

I have some doubs to create callback.

 

1. This url should be work to success and failture?

$this->ifSet($options['return_url']);

2. As there is no a order ID, I set clientNumer-date, the problem I should save it somewhere, because the callback resend (orderid, amount, concept, mail, and ID of transaction generated by gateway [also this id should be saved in somewhere]), any suggestion to store this details? or other solution?

$order_id = $this->ifSet($contact_info['client_id']) . "-" . time();

3. When gateway is returned to client/pay/received/gatewayname/id/ dates is captured by validate function? and I should send to success function?

4. OFFTOPIC - I change name of payment gateway from language, but this not is updated to clients? there some cache? if so, how I can clean cache?

 

Thanks!

 

Rgds,

Eduardo

Link to comment
Share on other sites

  • 0

4. OFFTOPIC - I change name of payment gateway from language, but this not is updated to clients? there some cache? if so, how I can clean cache?

The gateway name is stored in the database still, so updating it in the language file would have no effect. You can re-install the gateway for the name change to take effect. Alternatively, you could update Blesta's core to use the language file instead as naja7host demonstrates in another thread.

 

 

1. This url should be work to success and failture?

$this->ifSet($options['return_url']);

 

Does your gateway support making a callback to one URL while redirecting the client to another URL? I assume so, in which case you should redirect the callback to the callback URL:

Configure::get("Blesta.gw_callback_url") . Configure::get("Blesta.company_id") ."/paypal_payments_standard/?client_id=" . $this->ifSet($contact_info['client_id']);

Then you would tell the gateway to redirect the customer to the return URL:

$this->ifSet($options['return_url']);

If the gateway does not send data to the callback URL without redirecting the customer back at the same time, then you must use the callback URL instead.

 

 

2. As there is no a order ID, I set clientNumer-date, the problem I should save it somewhere, because the callback resend (orderid, amount, concept, mail, and ID of transaction generated by gateway [also this id should be saved in somewhere]), any suggestion to store this details? or other solution?

$order_id = $this->ifSet($contact_info['client_id']) . "-" . time();

When the processor returns data back to your gateway, it will be available in your validate and success methods. Check the $get and $post data for the values you need to save. Make sure your validate method returns the correct data. If you have a special ID to save, you might save it as the reference_id.

 

 

3. When gateway is returned to client/pay/received/gatewayname/id/ dates is captured by validate function? and I should send to success function?

When the gateway processor returns data back to your gateway, it will come in through validate. You do not need to call success at all.

Link to comment
Share on other sites

  • 0

Hi,

 

4. Thanks, I reinstalled and language is correctly updated :)

2. The confirmation page is invoked by the payment gateway with the result of transaction, allowing to the trade accept or reject, if in this page the transaction it not accepted, no payment shall be made. A example code of payment gateway confirmation page (I add to success method)

Loader::load(dirname(__FILE__) . DS . "lib" . DS . "flowAPI.php");
        $flowAPI = new flowAPI();


        try {
			// Read data sent by payment gateway
			$flowAPI->read_confirm();
			
		} catch (Exception $e) {
			// If there an error the response is false
			echo $flowAPI->build_response(false);
			return;
		}

		//Retrieves the values of the Order
		$FLOW_STATUS = $flowAPI->getStatus();  //The result of the transaction (success or failure)
		$ORDEN_NUMERO = $flowAPI->getOrderNumber(); // Trade Order No.
		$MONTO = $flowAPI->getAmount(); // Transaction amount
		$ORDEN_FLOW = $flowAPI->getFlowNumber(); // If $FLOW_STATUS = "SUCCESS" the Order No. of payment gateway
		$PAGADOR = $flowAPI->getPayer(); // Email of end-client

		if($FLOW_STATUS == "SUCCESS") {
			// The transaction was accepted by payment gateway
			// Here you can update your information with the data received by payment gateway
			echo $flowAPI->build_response(true); // Trade accepts the transaction
		} else {
			echo $flowAPI->build_response(false); // Trade rejects the transaction
		}

The response should be similar to

 

status=SUCCESS&c=trademail&s=electronic signature

 

But it does not work

 

Thanks!

Link to comment
Share on other sites

  • 0

Update 2

Finally the confirmation step, should be show a white page with the following text (The payment gateway invoke this page and send (_POST) to check signature and execute the payment)

status=success&c=mail-trade&s=signature

I think that confirmation page should be a different to 

Configure::get("Blesta.gw_callback_url") . Configure::get("Blesta.company_id") ."/paypal_payments_standard/?client_id=" . $this->ifSet($contact_info['client_id']);

Some suggestion?

Link to comment
Share on other sites

  • 0

Are you referring to the page that the client is sent back to after they make a payment with the processor? If so, you can use the return_url I mentioned above. The client will be redirected to the generic payment-success page in Blesta when they come back from making a payment.

Link to comment
Share on other sites

  • 0

This is how I interpret the steps in that graph:

  1. Client tries to pay an invoice using your gateway
  2. Client is redirected to the payment processor's website where they make a payment
  3. The payment processor contacts Blesta (via the callback URL) to tell Blesta a payment has been made.
  4. Your Blesta gateway performs any required validation necessary to ensure the payment is legitimate.
  5. Normally, validating step 4 would be an API request to acknowledge and confirm the payment with the payment processor. You can perform a remote request over the API from your validate method before returning from this method.
  6. The payment processor receives your confirmation request and would reply with some information indicating whether the payment details were correct.
  7. Steps 7-9 shouldn't be anything you need to worry about in your gateway. After the client is redirected back to Blesta, they will see a page indicating the payment is being processed. This can suffice as the success and failure pages.

 

Finally the confirmation step, should be show a white page with the following text (The payment gateway invoke this page and send (_POST) to check signature and execute the payment)

status=success&c=mail-trade&s=signature

You shouldn't need to generate any "page" to send to the payment processor for confirmation. Make an API request however their API dictates, for example, via cURL to POST the fields "status=success&c=mail-trade&s=signature" to them. Take a look at the validate method in PayPal Payments Standard to get a better idea of how it confirms the payment.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...