How to correctly mark the user's payment in the database (or the problem with the ResultURI)?

A

Al Sm2016-11-07 19:41:54

PHP

Al Sm, 2016-11-07 19:41:54

Hello!
Friends, tell me please, I encountered for the first time, apparently I'm doing something wrong.
As I understand it, upon successful payment, the robokassa accesses the result file, the path to which is indicated in the technical settings.
This file contains password No. 2, as well as an entry in the order.txt file where payment information is entered, and I also specified an sql query to make changes to the database (user's payment mark).
But the fact is that with a successful payment (the payment goes through and comes to the account of the robokassa), no information is entered into the file or into the database. Their support can't help.
The form:

<form method="post" action="https://merchant.roboxchange.com/Index.aspx">

$mrh_login = "логин";
$mrh_pass1 = "пароль1";

// номер заказа
$inv_id = 0;

// описание заказа
$inv_desc = "Подтверждение участия в проекте АДМ на сайте chudopridet.ru, от ".$_SESSION["auth_email"];

// сумма заказа
$out_summ = "1";

// тип товара
$shp_item = "2";

// предлагаемая валюта платежа
$in_curr = "";

// язык
$culture = "ru";

// формирование подписи
$crc  = md5("$mrh_login:$out_summ:$inv_id:$mrh_pass1:Shp_item=$shp_item");

// форма оплаты товара
print "<input type=hidden name=MrchLogin value=$mrh_login>".
      "<input type=hidden name=OutSum value=$out_summ>".
      "<input type=hidden name=InvId value=$inv_id>".
      "<input type=hidden name=Desc value='$inv_desc'>".
      "<input type=hidden name=SignatureValue value=$crc>".
      "<input type=hidden name=Shp_item value='$shp_item'>".
      "<input type=hidden name=IncCurrLabel value=$in_curr>".
      "<input type=hidden name=EmailUser value={$_SESSION["auth_email"]}>".
      "<input type=hidden name=Culture value=$culture>";

result:

$mrh_pass2 = "пароль2";
//установка текущего времени
$tm=getdate(time()+9*3600);
$date="$tm[year]-$tm[mon]-$tm[mday] $tm[hours]:$tm[minutes]:$tm[seconds]";

// чтение параметров
$out_summ = $_REQUEST["OutSum"];
$inv_id = $_REQUEST["InvId"];
$shp_item = $_REQUEST["Shp_item"];
$email_user = $_REQUEST["EmailUser"];
$crc = $_REQUEST["SignatureValue"];

$crc = strtoupper($crc);

$my_crc = strtoupper(md5("$out_summ:$inv_id:$mrh_pass2:Shp_item=$shp_item"));

// проверка корректности подписи
if ($my_crc !=$crc) {
  echo "bad sign\n";
  exit();
}

// признак успешно проведенной операции
echo "OK$inv_id\n";

include("db_connect.php");
mysql_query("UPDATE reg_user SET payment = '1' WHERE email = {$email_user}",$link);

// запись в файл информации о проведенной операции
[email protected]("order.txt","a+") or
          die("error");
fputs($f,"order_num :$inv_id;Summ :$out_summ;Date :$date\n");
fclose($f);

Thanks a lot to everyone who responded!

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

R

RoverWhite, 2016-11-07
@RoverWhite

First of all, I do not like the form of payment for the goods

print "<input type=\"hidden\" name=\"MrchLogin\" value=\"$mrh_login\">".
      "<input type=\"hidden\" name=\"OutSum\" value=\"$out_summ\">".
      "<input type=\"hidden\" name=\"InvId\" value=\"$inv_id\">".
      "<input type=\"hidden\" name=\"Desc\" value=\"$inv_desc\">".
      "<input type=\"hidden\" name=\"SignatureValue\" value=\"$crc\">".
      "<input type=\"hidden\" name=\"Shp_item\" value=\"$shp_item\">".
      "<input type=\"hidden\" name=\"IncCurrLabel\" value=\"$in_curr\">".
      "<input type=\"hidden\" name=\"EmailUser\" value=\"{$_SESSION["auth_email"]}\">".
      "<input type=\"hidden\" name=\"Culture\" value=\"$culture\">";

Second, add logging of file accesses to the result file:
at least like this
file_put_content('result_'.time().'.log', var_export($_REQUEST, true));
Then at least it will be possible to see if there are any return notifications from robokassa at all
and what exactly went wrong.
Maybe the signature is incorrect, maybe something else with encodings, for example, or maybe the appeal does not come at all.