如何从 Laravel 中的通知 url 获取令牌号?
How can i get token number from notify url in Laravel?
我在我的项目中使用 citruspay 支付网关,当 return url 点击页面时
比 VerifyCsrfToken.php 第 53 行中的 TokenMismatchException:错误显示。
如何匹配令牌。
route.php
Route::POST('ideas/paymentResponse',function(){
return View::make('ideas.paymentDone');
});
payment.php
<form method="post" action="https://sandbox.citruspay.com/qwer">
<input type="hidden" id="merchantTxnId" name="merchantTxnId" value="<?php echo $merchantTxnId; ?>" />
<input type="hidden" id="orderAmount" name="orderAmount" value="<?php echo $orderAmount; ?>" />
<input type="hidden" name="_token" id="_token" value="{{ csrf_token() }}">
<input type="hidden" id="currency" name="currency" value="<?php $currency ?>" />
<input type="hidden" name="returnUrl" value="http://local.ideabazaar.com/ideas/paymentResponse" />
<input type="hidden" id="notifyUrl" name="notifyUrl" value="http://local.ideabazaar.com/ideas/paidNotify" />
<input type="hidden" id="secSignature" name="secSignature" value="<?php echo $securitySignature ?>" />
<input type="Submit" class="redBtn" value="Pay Now"/>
paymentResponse.php
@extends('layouts.home')
@section('content')
<?php
set_include_path('../lib'.PATH_SEPARATOR.get_include_path());
//Replace this with your secret key from the citrus panel
$secret_key = "***************";
{{ csrf_token() }}
$data = "";
$flag = "true";
if(isset($_POST['TxId'])) {
$txnid = $_POST['TxId'];
$data .= $txnid;
}
if(isset($_POST['TxStatus'])) {
$txnstatus = $_POST['TxStatus'];
$data .= $txnstatus;
}
if(isset($_POST['amount'])) {
$amount = $_POST['amount'];
$data .= $amount;
}
if(isset($_POST['pgTxnNo'])) {
$pgtxnno = $_POST['pgTxnNo'];
$data .= $pgtxnno;
}
if(isset($_POST['issuerRefNo'])) {
$issuerrefno = $_POST['issuerRefNo'];
$data .= $issuerrefno;
}
if(isset($_POST['authIdCode'])) {
$authidcode = $_POST['authIdCode'];
$data .= $authidcode;
}
if(isset($_POST['firstName'])) {
$firstName = $_POST['firstName'];
$data .= $firstName;
}
if(isset($_POST['lastName'])) {
$lastName = $_POST['lastName'];
$data .= $lastName;
}
if(isset($_POST['pgRespCode'])) {
$pgrespcode = $_POST['pgRespCode'];
$data .= $pgrespcode;
}
if(isset($_POST['addressZip'])) {
$pincode = $_POST['addressZip'];
$data .= $pincode;
}
if(isset($_POST['signature'])) {
$signature = $_POST['signature'];
}
$respSignature = hash_hmac('sha1', $data, $secret_key);
if($signature != "" && strcmp($signature, $respSignature) != 0) {
$flag = "false";
}
?>
<html>
<head>
<meta HTTP-EQUIV="Content-Type" CONTENT="text/html;CHARSET=iso-8859-1">
</head>
<body>
<?php
if ($flag == "true") {
?>
Your Unique Transaction/Order Id : <?php echo $txnid ?>
Transaction Status : <?php echo $txnstatus ?>
<?php } else { ?>
Citrus Response Signature and Our (Merchant) Signature Mis-Mactch
<?php } ?>
</body>
</html>
@stop
请帮忙
您必须使用 _token 插入隐藏输入,然后像获取 ajax post.
中的其他表单字段一样获取该值
<input type="hidden" name="_token" value="{{ csrf_token() }}" />
在您看来,您可以使用 _token
设置一个对象
<script type="text/javascript">
var _globalObj = {{ json_encode(array('_token'=> csrf_token())) }}
</script>
如果您的支付网关允许为每个请求指定自定义回调 URL,您可以将回调 URL 设置为包含当前的 CSFR 令牌。像这样:
$callbackUrl = url('ideas/paymentResponse?_token=' . csrf_token());
如果您无法自定义每个请求的回调 URL,您唯一剩下的选择就是 disabling CSFR protection for your callback URL。像这样
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'ideas/paymentResponse',
];
}
我在我的项目中使用 citruspay 支付网关,当 return url 点击页面时
比 VerifyCsrfToken.php 第 53 行中的 TokenMismatchException:错误显示。
如何匹配令牌。
route.php
Route::POST('ideas/paymentResponse',function(){
return View::make('ideas.paymentDone');
});
payment.php
<form method="post" action="https://sandbox.citruspay.com/qwer">
<input type="hidden" id="merchantTxnId" name="merchantTxnId" value="<?php echo $merchantTxnId; ?>" />
<input type="hidden" id="orderAmount" name="orderAmount" value="<?php echo $orderAmount; ?>" />
<input type="hidden" name="_token" id="_token" value="{{ csrf_token() }}">
<input type="hidden" id="currency" name="currency" value="<?php $currency ?>" />
<input type="hidden" name="returnUrl" value="http://local.ideabazaar.com/ideas/paymentResponse" />
<input type="hidden" id="notifyUrl" name="notifyUrl" value="http://local.ideabazaar.com/ideas/paidNotify" />
<input type="hidden" id="secSignature" name="secSignature" value="<?php echo $securitySignature ?>" />
<input type="Submit" class="redBtn" value="Pay Now"/>
paymentResponse.php
@extends('layouts.home')
@section('content')
<?php
set_include_path('../lib'.PATH_SEPARATOR.get_include_path());
//Replace this with your secret key from the citrus panel
$secret_key = "***************";
{{ csrf_token() }}
$data = "";
$flag = "true";
if(isset($_POST['TxId'])) {
$txnid = $_POST['TxId'];
$data .= $txnid;
}
if(isset($_POST['TxStatus'])) {
$txnstatus = $_POST['TxStatus'];
$data .= $txnstatus;
}
if(isset($_POST['amount'])) {
$amount = $_POST['amount'];
$data .= $amount;
}
if(isset($_POST['pgTxnNo'])) {
$pgtxnno = $_POST['pgTxnNo'];
$data .= $pgtxnno;
}
if(isset($_POST['issuerRefNo'])) {
$issuerrefno = $_POST['issuerRefNo'];
$data .= $issuerrefno;
}
if(isset($_POST['authIdCode'])) {
$authidcode = $_POST['authIdCode'];
$data .= $authidcode;
}
if(isset($_POST['firstName'])) {
$firstName = $_POST['firstName'];
$data .= $firstName;
}
if(isset($_POST['lastName'])) {
$lastName = $_POST['lastName'];
$data .= $lastName;
}
if(isset($_POST['pgRespCode'])) {
$pgrespcode = $_POST['pgRespCode'];
$data .= $pgrespcode;
}
if(isset($_POST['addressZip'])) {
$pincode = $_POST['addressZip'];
$data .= $pincode;
}
if(isset($_POST['signature'])) {
$signature = $_POST['signature'];
}
$respSignature = hash_hmac('sha1', $data, $secret_key);
if($signature != "" && strcmp($signature, $respSignature) != 0) {
$flag = "false";
}
?>
<html>
<head>
<meta HTTP-EQUIV="Content-Type" CONTENT="text/html;CHARSET=iso-8859-1">
</head>
<body>
<?php
if ($flag == "true") {
?>
Your Unique Transaction/Order Id : <?php echo $txnid ?>
Transaction Status : <?php echo $txnstatus ?>
<?php } else { ?>
Citrus Response Signature and Our (Merchant) Signature Mis-Mactch
<?php } ?>
</body>
</html>
@stop
请帮忙
您必须使用 _token 插入隐藏输入,然后像获取 ajax post.
中的其他表单字段一样获取该值<input type="hidden" name="_token" value="{{ csrf_token() }}" />
在您看来,您可以使用 _token
设置一个对象<script type="text/javascript">
var _globalObj = {{ json_encode(array('_token'=> csrf_token())) }}
</script>
如果您的支付网关允许为每个请求指定自定义回调 URL,您可以将回调 URL 设置为包含当前的 CSFR 令牌。像这样:
$callbackUrl = url('ideas/paymentResponse?_token=' . csrf_token());
如果您无法自定义每个请求的回调 URL,您唯一剩下的选择就是 disabling CSFR protection for your callback URL。像这样
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'ideas/paymentResponse',
];
}