I am trying to use the Codeigniter Library and configuring Paypal Express Checkout. Now I keep on getting Error 10410 for an invalid token.
How do I set up the following fields in my Do_express_checkout_payment() function.
‘token’ => ‘ ‘, ‘payerid’ => ‘ ‘,
The token value comes back in the SetExpressCheckout response. The Payer ID comes back in the GetExpressCheckoutDetails response. You would need to save those in a session variable or something similar so that you can populate DoExpressCheckoutPayment accordingly.
Related
I have a rating & review form which is used by the customers to submit their reviews. This form can be accessed using a url even if they are not signed-in to the platform.
I use signed routes to prevent anyone from submitting the form. The url is shared to them via email. The url looks like below:
http://localhost:8000/review?order_id=12345&signature=c95c7d59e240d97c5d4ceaa0fe4d75a9a100871a0d36b8a997f5a4c4f4567777
If someone tries to submit the form without the signature or invalid signature or invalid order_id, an error is thrown. Each signature is unique to an order_id.
I create signed route using below code:
$signed_url = URL::signedRoute('add-review', ['order_id' => $newOrder->id], null, false);
I am writing a test case to check if the signature exists and is valid but I can't seem to find an assert that I could use to check if signature is valid.
The only asserts I found which is for signed route is:
assertRedirectToSignedRoute
https://laravel.com/docs/9.x/http-tests#assert-redirect-to-signed-route
I do not redirect user to a signed route, instead I store the url in the database and attach the url when an email is sent.
The code I use in the controller to do the check is
if (! $request->hasValidRelativeSignature()) {
throw new HttpResponseException(response()->json([], 403));
}
Why not fetch the url to the database and use assertEqual() to test if the signed url and the url related to the order ID is equal
Currently, if user tries to reset password using link which was built using reset token, at certain point validateReset function inside PasswordBroker.php is called. In the body of this function, validation of token itself is done, and if it is not valid static::INVALID_TOKEN will be returned. The problem is that from this response I can not know if the token was invalid because token string was wrong or because the token has expired.
My question is if it is possible to override this function to act differently for this two cases, specifically, I want to display informing message to user if token has expired and send him an email containing new reset link.
Json view of my paypal after payment is made
I am desperately trying to access the description which is under the transactions array but can't seem to find a way!
It's totally different if I want to access payment_method for instance all I do is this:
(By the way, I assigned this array to $method)
$method->payer->payment_method , but the same thing doesn't work if I want to access description. All I get is an error.
I'm using laravel 5.5, in case that makes a difference.
I'm doing this because I need to find a way to reference my product in the final page after the paypal payment has been made.
Looks like transactions in an array so if you would like the description of the first one that would look like this.
$method->transactions[0]->description
I want to send email value in parameters in ajax. I am using following code it is working properly, but I want to make it secure. no user can check or pass invalid value from calling this action in query string or in any other way. How can I make it secure?
$.ajax({
url: '/Application/UserInfo/',
type: 'POST',
data:{email:emailid},
success: function (result) {
var json = eval(result);
}
});
If you dont want anyone to be able to see the value of the email parameter, you should consider using HTTPS.
But for passing invalid values, you should do some validation server side where this value is used
It may help if you are doing it with two steps at all:
First you can check the email having the right format with a regular expression:
/^\w[\w|\.\-\_]+#\w[\w\.\-äöüÄÖÜ]+\.[a-zA-Z]{2,18}$/.test(email);
Then you may crypt the mail and then you can send it safely.
I am using blowfish. On page loading I generate a key that is set to the javascript of my page. Both, javascript and php have a blowfish controler that can crypt and decrypt any value. I am crypting the value on javascript and send it to the server.
There I decrypt it and check it again with regular expression. The key is not sent to server again, its stored somewhere in the session or so.
To take care that the email is correct you can check whether the domain is reachable through curl or so, but I prefer sending a confirmation mail to the adress and wait for an accept with a generated unique token.
If you just want to get sure of a user signed in with google plus account you may get use of the google plus api and check if the user is logged in. If not you don't accept it.
CodeIgniter gives an error "The action you have requested is not allowed." when it fails the check for CSRF. As I understand it, this means the POST is missing the hidden token from the form that proves that an attack is not being done.
The token is generated automatically with a call to the CI form_open function.
In my case, I'm using Knockout to post the contents of a ViewModel for saving, like this:
ko.utils.postJson($("form")[0], self.pages);
I've found solutions elsewhere that simply turn off the CSRF setting for the specific page, but that doesn't seem like a good solution.
Presumably because the token is not being received, the postJson call is not submitting the existing form. Is there a way to either submit the required token along with the JSON data or submit the JSON data with the existing form?
try to use form_open() and form_close
all form helper functions that will help.
or: I think it's from time zone difference as the Security class depends on time for hashing.