# Hidden form Callback...



## JiminSA (Dec 15, 2011)

```

```
As mentioned in a previous thread, I am using a 3rd party company for online payment. Problem is, I don't think that their Sandbox test base is calling back to my data receive script, because the database change and dispatch of emails, which my routine should perform aren't happening. (Perhaps they want us to spend more cash by doing live tests for small amounts as previously suggested by DrP re:- PayPal)

I have decided to emulate the data return via a hidden form (which is their methodology) but am unsure of the way to do it - specifically will simply including a hidden form in the emulation php post it, when I link back to my handling script?

I don't believe so - would I have to do something like this ...

```
<script>
function auto() {
  document.frmPay.submit();
}
</script>
```
in the html and ...

```
<!-- HIDDEN FORM -->
<form action="./notify.php" method="post" name="frmPay" id="frmPay">
<input type='hidden' name='submit' />
<input type="hidden" name="m_payment_id" value="44-102">
<input type="hidden" name="pf_payment_id" value="TRN">
<input type="hidden" name="payment_status" value="1">
<input type="hidden" name="item_name" value="Premiership">
<input type="hidden" name="item_description" value="Upgrade to Premium Classified Ads.">

<!-- PAYMENT BREAKDOWN -->
<input type="hidden" name="amount_gross" value="128.00">
<input type="hidden" name="amount_fee" value="7.50">
<input type="hidden" name="amount_net" value="120.50">

</form>

<font color="red">EMULATE ...</a>
<a href="./notify.php" OnClick="auto();"><img src="clickhere.png" title="Emulate PayFast callback ..."></a>
```
in the


----------



## DrP (Jul 23, 2005)

Have you been into their documentation and found an example callback?


----------



## JiminSA (Dec 15, 2011)

The form structure is theirs, the javascript and link mine - albeit ineffective.

All I want to do is simulate the hidden form submission to notify.php, whilst having it available in the browser and not operating in background.

Their code which initiates notify.php is not documented.


----------



## allnodcoms (Jun 30, 2007)

Just spotted this one...

I've found this (which is an utter mess!), but this looks a lot more useful, especially when you marry it up with this...

Does 'this' make any sense at all 

Danny


----------



## JiminSA (Dec 15, 2011)

Yup - been there bought the T-shirt - they, (PayFast) seem to have all the bells and whistles, but in reality when I utilise their Sandbox Testing Base I get null response in terms of the initiation of the return_url (which is this piece of code http://surf4wheels.biz/ClassAds/notify.php)
More than likely, I've made a faux-pas in it, but can't see one and am assuming that the darn thing isn't being called by the sandbox stuff.
So in order to test this behind-the-scenes code I have set up an emulate.php (http://surf4wheels.biz/ClassAds/emulate.html), to call it and that's where I am currently stumped...


----------



## allnodcoms (Jun 30, 2007)

Can't see your 'notify.php' mate - it's server side... Strip out the sensitive stuff and whack it up in a code block...

[EDIT] Or PM it over...

Danny


----------



## JiminSA (Dec 15, 2011)

It's not so big and not so sensitive...

```
Notify from PayFast

[CENTER]

<?php
ini_set('date.timezone', 'Africa/Johannesburg');
// FORM GETS

echo "arrived at notify ";
if(isset($_POST['submit'])) {
echo " - hidden form found ";
	$m_payment_id = $_REQUEST["m_payment_id"];			//Unique transaction ID on the receiver's system.			
	$pf_payment_id = $_REQUEST["pf_payment_id"];		//Unique transaction ID on PayFast.			
	$payment_status = $_REQUEST["payment_status"];		//The status of the payment.			
	$item_name = $_REQUEST["item_name"];				//The name of the item being charged for.				100 char	
	$item_description = $_REQUEST["item_description"];	//The description of the item being charged for.		255 char	
	$amount_gross = $_REQUEST["amount_gross"];			//The total amount which the payer paid.			
	$amount_fee = $_REQUEST["amount_fee"];				//The total in fees which was deducted from the amount.			
	$amount_net = $_REQUEST["amount_net"];				//The net amount credited to the receiver's account.

	$id_no = $m_payment_id;

	$servernamearray[0] = "www.payfast.co.za";
	$servernamearray[1] = "w1w.payfast.co.za";
	$servernamearray[2] = "w2w.payfast.co.za";
	$servernamearray[3] = "sandbox.payfast.co.za";
	$servernamearray[4] = "surf4wheels.biz";

	$servername = $_SERVER['SERVER_NAME'];
	$serverok = "No";
	$sub = (array_count_values($servernamearray));; // Number of names
	for ($i = 0 ; $i < $sub; $i++)
    {
		if ($servernamearray[$i] == $servername)
		{
		$serverok = "Yes";
		}
	}

	$adrec = dirname(__FILE__) . "/ad_file/" . $id_no . ".txt";
// ******* Get data record to be upgraded
	$adrec_opened = fopen($adrec, 'r+') or die("Can't open file");  // open for update        
	$adrec_content = file_get_contents($adrec) or die("Can't read file " . $adrec);
	list($id, $topic, $time, $name, $phone, $email, $model, $year, $mileage, $price, $text, $ip, $unix_time, $passwd, $prem, $numpics, $vnum) = explode("||", $adrec_content);
	$id = $id*(-1);
	$prem = "p";
	$adrec_content = $id ."||". $topic ."||". date("Y-m-d G:i:s") ."||". $name ."||". $phone ."||". $email ."||". $model ."||". $year ."||". $mileage ."||". $price ."||". $text ."||". $_SERVER['REMOTE_ADDR'] ."||". time() ."||". $passwd ."||" . $prem . "||" . $numpics ."||". $vnum ."||";

// RE-FILE THE AMENDED RECORD
	fwrite($adrec_opened, $adrec_content);
	fclose($adrec_opened);

//Construct emails to inform us and the client of upgrade..

// notify admin of success
	$mailTo = "[email protected]";
	$msgSubject = "Premiership";
	$msgBody = "$id_no, $name, $email, $amount_gross, $amount_fee, $amount_net";
	$xHeaders = "From: [email protected] X-Mailer: PHP - " . phpversion();

    mail ($mailTo, $msgSubject, $msgBody, $xHeaders);

// thank customer
	$mailTo = $email;
	$msgSubject = "Thank You for Going Premier";
	$msgBody = "Please feel free to contact us if you have any questions or comments. Thank You.";
	$xHeaders = "From: [email protected] X-Mailer: PHP - " . phpversion();

	mail ($mailTo, $msgSubject, $msgBody, $xHeaders);

}
else
{
echo " - hidden form NOT found ";

// notify admin of failure
	$mailTo = "[email protected]";
	$msgSubject = "Premiership payment error";
	$msgBody = "Error on payment for $id_no, $name, $email, $amount_gross, $amount_fee, $amount_net";
	$xHeaders = "From: [email protected]";

    mail ($mailTo, $msgSubject, $msgBody, $xHeaders);
}
?>
```


----------



## allnodcoms (Jun 30, 2007)

OK Jim, your problem seems to be that the value 'submit' is not posted... Try whacking this in there, unconditionally:

```
foreach( $_POST as $key => $val )
    {
    	echo $key." = ".$val;
    }
```
This will list out everything that you get back from PayFast. Give it a go and see what you get...

Danny


----------



## JiminSA (Dec 15, 2011)

It's in and uploaded, but this notify.php is, as you say, serverside, so maybe I should email as opposed to echo - yes? Perhaps an email array loop, but how do I know when to stop! (Durh!)

```
$i=0;
foreach( $_POST as $key => $val )
    {
    	$emailarray[$i] = $val;
	$i += 1;
    }
```
will this do it?


----------



## allnodcoms (Jun 30, 2007)

Bugger! Forgot the forward facing thing... Yes, mailing would be good, or writing to a log file that you can watch in your FTP app.
Put a test transaction through and let me know what your var dump comes up with, but I'm pretty sure it's the 'submit' thing.

Danny


----------



## allnodcoms (Jun 30, 2007)

How about...

```
$message="Variable list:\n\n"; 
foreach( $_POST as $key => $val ) 
    { 
        $message.=$key." = ".$val."\n"; 
    }
```
Then process and send the message?

Danny


----------



## JiminSA (Dec 15, 2011)

No email was sent by the dummy transaction going through the sandbox, so I activated notify.php via my front end emulator, which caused an email to be sent.
What shall we deduce from that my dear Watson?
The sandbox doesn't initiate notify.php, would be my deduction.

Monday, I'm gonna give PayFast a rollicking-call, methinks!

Meanwhile, I need some help with the front-end emulator...
My big question was and still is


> will simply including a hidden form in the emulation php post it, when I link back to my handling script?


Your reply to my previous came through as I'm writing, but I think it's academic now...


----------



## allnodcoms (Jun 30, 2007)

I'm not entirely sure what you're asking here Jamesy. You have a hidden form that submits data to your notify script. You use a button to 'submit' it, which is fine and dandy, but as you go through a JS script to perform the actual submission you could just as easily put this in an onLoad handler for the page (true automation at work).

If your 'emulation form' sends the same data in the same way then it will work. You may have a problem with the '$server_name' in 'notify' though (as the data won't be coming from the servers listed in the array).

If you mean will notify get your data 'without' submitting... then it's a no, you have to submit (send) it.

I hope that covers it...

Danny


----------



## JiminSA (Dec 15, 2011)

Yup, I figured that was the case - ta muchly.
So if I perform my js function "<body onload..." and forget the button click it should then pass control to notify.php - yes?
But will it still be in the browser to send echo's? Only one way to find out, eh? As per usual, thanks Danny!


----------



## allnodcoms (Jun 30, 2007)

JiminSA said:


> So if I perform my js function "<body onload..." and forget the button click it should then pass control to notify.php - yes?


Yup!


JiminSA said:


> But will it still be in the browser to send echo's? Only one way to find out, eh?


Yup!

(and as for the last bit - You're welcome!)

Danny


----------



## JiminSA (Dec 15, 2011)

Having incorporated your suggestions, I went ahead and tested the emulate.php -> notify.php link.
No joy!
Using the automatic body onload javascript to submit the form, no email was sent.
Using the Button href link for submission an email was sent, but no form variables were detected.
Here's the current notify.php code...

```
<?php
ini_set('date.timezone', 'Africa/Johannesburg');

// FORM GETS
if(isset($_POST['frmPay'])) {
	$m_payment_id = $_REQUEST["m_payment_id"];			//Unique transaction ID on the receiver's system.			
	$pf_payment_id = $_REQUEST["pf_payment_id"];		//Unique transaction ID on PayFast.			
	$payment_status = $_REQUEST["payment_status"];		//The status of the payment.			
	$item_name = $_REQUEST["item_name"];				//The name of the item being charged for.				100 char	
	$item_description = $_REQUEST["item_description"];	//The description of the item being charged for.		255 char	
	$amount_gross = $_REQUEST["amount_gross"];			//The total amount which the payer paid.			
	$amount_fee = $_REQUEST["amount_fee"];				//The total in fees which was deducted from the amount.			
	$amount_net = $_REQUEST["amount_net"];				//The net amount credited to the receiver's account.

	$id_no = $m_payment_id;

	$servernamearray[0] = "www.payfast.co.za";
	$servernamearray[1] = "w1w.payfast.co.za";
	$servernamearray[2] = "w2w.payfast.co.za";
	$servernamearray[3] = "sandbox.payfast.co.za";
	$servernamearray[4] = "surf4wheels.biz";

	$servername = $_SERVER['SERVER_NAME'];
	$serverok = "No";
	$sub = (array_count_values($servernamearray));; // Number of names
	for ($i = 0 ; $i < $sub; $i++)
    {
		if ($servernamearray[$i] == $servername)
		{
		$serverok = "Yes";
		}
	}

	$adrec = dirname(__FILE__) . "/ad_file/" . $id_no . ".txt";
// ******* Get data record to be upgraded
	$adrec_opened = fopen($adrec, 'r+') or die("Can't open file");  // open for update        
	$adrec_content = file_get_contents($adrec) or die("Can't read file " . $adrec);
	list($id, $topic, $time, $name, $phone, $email, $model, $year, $mileage, $price, $text, $ip, $unix_time, $passwd, $prem, $numpics, $vnum) = explode("||", $adrec_content);
	$id = $id*(-1);
	$prem = "p";
	$adrec_content = $id ."||". $topic ."||". date("Y-m-d G:i:s") ."||". $name ."||". $phone ."||". $email ."||". $model ."||". $year ."||". $mileage ."||". $price ."||". $text ."||". $_SERVER['REMOTE_ADDR'] ."||". time() ."||". $passwd ."||" . $prem . "||" . $numpics ."||". $vnum ."||";

// RE-FILE THE AMENDED RECORD
	fwrite($adrec_opened, $adrec_content);
	fclose($adrec_opened);

//Construct emails to inform us and the client of upgrade..

// notify admin of success
	$mailTo = "[email protected]";
	$msgSubject = "Premiership";
	$msgBody = "$id_no, $name, $email, $amount_gross, $amount_fee, $amount_net";
	$xHeaders = "From: [email protected]";

    mail ($mailTo, $msgSubject, $msgBody, $xHeaders);

// thank customer
	$mailTo = $email;
	$msgSubject = "Thank You for Going Premier";
	$msgBody = "Please feel free to contact us if you have any questions or comments. Thank You.";
	$xHeaders = "From: [email protected]";

	mail ($mailTo, $msgSubject, $msgBody, $xHeaders);

}
else
{

// notify admin of failure
	$mailTo = "[email protected]";
	$msgSubject = "Premiership payment error";
	$msgBody = "Error on payment for $id_no, $name, $email, $amount_gross, $amount_fee, $amount_net";
	$xHeaders = "From: [email protected]";
$msgBody="Variable list:\n\n"; 
foreach( $_POST as $key => $val ) 
    { 
        $msgBody.=$key." = ".$val."\n"; 
    }
    mail ($mailTo, $msgSubject, $msgBody, $xHeaders);
}
?>
```
I changed the javascript slightly, after reading something on the net - viz:-http://www.javascript-coder.com/javascript-form/javascript-form-submit.phtml

```
<script>
function auto() {
	document.forms["frmPay"].submit();
}
</script>
</head>


<body onload="auto()">
<center>

<!-- HIDDEN FORM -->
<form action="./notify.php" method="post" name="frmPay" id="frmPay">
<input type='hidden' name='submit' />
<input type="hidden" name="m_payment_id" value="44-102">
<input type="hidden" name="pf_payment_id" value="TRN">
<input type="hidden" name="payment_status" value="1">
<input type="hidden" name="item_name" value="Premiership">
<input type="hidden" name="item_description" value="Upgrade to Premium Classified Ads.">

<!-- PAYMENT BREAKDOWN -->
<input type="hidden" name="amount_gross" value="128.00">
<input type="hidden" name="amount_fee" value="7.50">
<input type="hidden" name="amount_net" value="120.50">

</form>

<font color="red">EMULATE FORM INITIATED...</a>
<a href="./notify.php" OnClick="auto();"><img src="clickhere.png" title="Emulate PayFast callback ..."></a>

</body>
</html>
```
I am at a complete loss as to why this form is not being submitted
You don't think the ini_set at the head of the php is having an effect? 
Nah it wasn't


----------



## allnodcoms (Jun 30, 2007)

Found your problem...


> Using the automatic body onload javascript to submit the form, no email was sent.


Try putting a semi-colon after auto()


> Using the Button href link for submission an email was sent, but no form variables were detected.


auto() has a semi-colon after it in your onclick handler, but I've just reviewed the whole thread and I've found the main issue...

*Your main check for the existence of form data is not actually looking for form data!*

In your original script you were looking for the submit button, and in this one you're looking for the whole form. The form name and id are there (AFAIK) purely to allow it to be recognised / manipulated by the code on the page the original form is on, it's not sent via POST. POST only sends "values", which is why empty input elements (where value is undefined or empty) are not sent. The name is only there to let you pull the value server side.

To check for the existence of posted form data, if there is a value you need, then check for that. If you don't know what to expect in the POST array, just check for the existence of it, and optionally verify the length.

That should solve the problem matey... 

[Edit] Oh, and you might want to check your input tag closures...
[Edit 2] And if notify and emulate are in the same directory, you don't need the "./" prefix. If notify is in parent, it should be "../"

Danny


----------



## DrP (Jul 23, 2005)

You seem to be doing alright here!

Mind if I point out you'd have been better off leaving Javascript out of this until you've got the server-side code working?

And, although it doesn't look like a public-facing form, you should really be validating/filtering anything sent to your Notify page for security reasons. Sorry, to add more work!


----------



## JiminSA (Dec 15, 2011)

Apologies for my late response Danny and Clive - I ran out of internet cap! (we are ripped off by our ISP's out here!)...

How on earth did you spot that Danny!? Did you mark my 'A' level papers, perchance? Thanks mate!

Clive, how else could I submit the form, if not via javascript?
The reason for doing the emulation is to verify the server-side codng, so unless you can suggest an alternative method of posting, I'm kinda stuck with javascript for submission, no?

As regards the validation and filtering - the 3rd party company has supplied me with routines which I will incorporate, once I have lift-off - but thanks.

I'm going to implement the suggested changes and retry - will keep you posted...


----------

