Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Aligatro2017-07-01 11:50:04
Electronic commerce
Aligatro, 2017-07-01 11:50:04

How to generate payment token in wordpress?

Good afternoon, in general a subject.
How to properly organize payments from a security point of view (not woocommerce, paid subscription on the site). In general, I'm interested in the moment with a fake callback response by an attacker, for this I want to create a unique payment token that will be checked in the callback script and now I'm thinking about how best to organize this on wp.

  1. Just add a column with a static token to the users table and compare ID + token in the callback itself
  2. Generate a unique token for each payment, but then the question arises with payments that can be paid after some time, because the token, in theory, will be formed before the moment of payment ...

In general, there may be an article with best practice on how it is desirable to organize it, otherwise on the Internet I find only instructions for working with payment gateways without additional information about working with security on the server side.
Thank you.
PS In general, the question is removed, the response from the gateway is encrypted, and not transmitted in plain text. But in general, I would still be interested to know how to organize payments in the right way.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
W
WordPress WooCommerce, 2017-07-02
@Aligatro

I think it's worth starting with such a thing as an Order. Any sites that have a more or less intelligible subscription mechanics have Orders in one form or another. Whether it's WooCommerce or LiterLMS (there are purely subscriptions and courses).
In any case, everything revolves around Orders. The user creates an Order. Further pays.
If this is a payment through Yandex Checkout or Wallet, then the token is sewn into the gateway panel. And the site should check it. If it matches, then consider the payment went through.
If payment is made by hand, for example, through payment on a card or in cash, then the admin pokes the order with his hands in the admin panel. After that, the Order is considered paid and then the rest of the logic dances from this.
Something like this.

Similar questions
K
karellen2013-05-14 09:39:05
How to make a robotic mannequin? 3Reply
M
Maxim Malikov2013-05-23 17:19:31
Website sales taxes 4Reply
S
Svet Valentin2016-01-30 18:43:25
How to simplify the process of changing prices in an online store? 2Reply
N
nikon2013-07-03 00:41:01
Recommend SMS billing 4Reply
L
Longes2013-07-23 10:48:13
Shipping Razer 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question