Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to make a new "route"?
#1
Hi

I was wondering if anyone could help? I need to make a new "route". Much like when the client is redirected to the login page, I need a similar thing but where I can call for the redirection myself. I was wondering how I would go about this?

Kind regards
James
Reply
#2
Can you provide more details on what you want to accomplish?
Author of Barebones CMS

If you found my reply to be helpful, be sure to donate!
All funding goes toward future product development.
Reply
#3
Hi Thruska

Who better to respond than the author! Thanks for getting back to me Thruska.

Basically, I need to make an endpoint route and a page. So, much like the "login" page, I need that... I'm trying to integrate Stripe Payment System.

So it will have the follow sort of flow:

User clicks a "purchase" button, sso_functions.php then makes request to the endpoint to see if this user has a card attached already, if they do, it sends back a URL for the payment to process on the servers index page, if they don't it sends back a different URL on the servers index page where they can enter their card details to process the payment. All of these services must have a logged in user (still trying to work out how to confirm a user is logged in).

So I need to know, in short, how to make an endpoint route and then a new "page" on the servers index and make it all work. Am I making sense?

Thanks again
James
Reply
#4
So just whipped this up, thought it would put things into perspective. It fully works until the redirect happens. At which point I get this:


Quote:The session ID is invalid. Most likely cause: Expired.

It's line 257 of index.php (SERVER) that's throwing this. Does anyone know how I can get this to work?

sso_functions.php (CLIENT)

PHP Code:
   public function HasPaymentSetup() {
 
       if (isset($this->user_info) && isset($this->user_info["sso_id"]) && $this->user_info["sso_id"] != "") {
 
           $options = array(
 
               "sso_id" => $this->user_info["sso_id"]
 
           );

 
           $Request $this->SendRequest("haspaymentsetup"$options);
 
           
            if 
(!$Request["success"]) {
 
               echo htmlspecialchars($this->Translate("Unable to obtain server access.  Error:  %s"$Request["error"]));
 
               exit();
 
           }
 
           header('Location: ' $Request['url']);
 
           exit;
 
       } else {
 
           return false;
 
       }
 
   
endpoint.php (SERVER)
PHP Code:
    else if ($sso_data["action"] == "haspaymentsetup") {
        if ($sso_apikey_info["type"] != "normal")
            SSO_EndpointError("Invalid API key type.");

        if (!isset($sso_data["sso_id"]))
            SSO_EndpointError("Session ID expected.");

        $sso_session_id explode("-"$sso_data["sso_id"]);
        if (count($sso_session_id) != 2)
            SSO_EndpointError("Invalid session ID specified.");
        
        $sso_sessionrow 
$sso_db->GetRow("SELECT", array(
            "*",
            "FROM" => "?",
            "WHERE" => "id = ? AND apikey_id = ? AND session_id = ? AND updated > ?",
                ), $sso_db_user_sessions$sso_session_id[1], $sso_apirow->id$sso_session_id[0], CSDB::ConvertToDBTime(time() - $sso_clockdrift));

        if ($sso_sessionrow === false)
            SSO_EndpointError("The session ID is invalid.  Most likely cause:  Expired.");

        $sso_session_info unserialize($sso_sessionrow->info);
        if (!$sso_session_info["validated"])
            SSO_EndpointError("The session ID is not validated.");

        $sso_userrow $sso_db->GetRow("SELECT", array(
            "*",
            "FROM" => "?",
            "WHERE" => "id = ?",
                ), $sso_db_users$sso_sessionrow->user_id);

        if ($sso_userrow === false)
            SSO_EndpointError("The session ID maps to an invalid user.");
        $sso_user_info SSO_LoadDecryptedUserInfo($sso_userrow);   
        
        
if(isset($sso_user_info['stripe_id']) && !empty($sso_user_info['stripe_id'])) {
            $RedURL '';
        } else {
            $RedURL '';
        }

        $result = array(
            "success" => true,
            "url" => SSO_LOGIN_URL '?sso_action=makepayment&sso_id=' $sso_data["sso_id"],
        );

        SSO_EndpointOutput($result);
        
    
}  
index.php (SERVER)
PHP Code:
else if(isset($_REQUEST["sso_action"]) && $_REQUEST["sso_action"] == "makepayment") {
        echo 'It worked.';
    
Reply
#5
(04-13-2017, 02:19 PM)James Pollard Wrote: Hi Thruska

Who better to respond than the author! Thanks for getting back to me Thruska.

Basically, I need to make an endpoint route and a page. So, much like the "login" page, I need that... I'm trying to integrate Stripe Payment System.

So I need to know, in short, how to make an endpoint route and then a new "page" on the servers index and make it all work. Am I making sense?

Thanks again
James

You should never need to modify 'endpoint.php'. Use a read/write field for the API key and then do something like:

PHP Code:
// Verify logged in.
if (!$sso_client->LoggedIn())  $sso_client->Login();

// Force server side data retrieval.
if (!$sso_client->LoadUserInfo())
{
    echo 
"Unable to load user information.";
    exit();
}

$stripeinfo $sso_client->GetField("stripe");
$stripeinfo = @json_decode($stripeinfotrue);

if (!
is_array($stripeinfo))
{
    
// New/Invalid account.
}
else
{
    
// Existing account.
}

// Save the value of $stripeinfo to the SSO server AND reload.  Both calls are required.  SetField() simply queues up one or more fields to send.  LoadUserInfo(true) saves and reloads the client information from the SSO server.
$sso_client->SetField("stripe"json_encode($stripeinfo));
$sso_client->LoadUserInfo(true); 

The way you phrased your request/question makes it sound like you are planning on storing actual credit card numbers into the SSO server. PCI compliance is hard to get right and I make no claims that the SSO server is PCI compliant. Use the above with caution and care. I'd only put real card numbers on an isolated system, just in case. I'd also make sure every card access and transaction is logged to a permanent log somewhere that can't be modified by an attacker.
Author of Barebones CMS

If you found my reply to be helpful, be sure to donate!
All funding goes toward future product development.
Reply
#6
(04-14-2017, 07:57 AM)thruska Wrote:
(04-13-2017, 02:19 PM)James Pollard Wrote: Hi Thruska

Who better to respond than the author! Thanks for getting back to me Thruska.

Basically, I need to make an endpoint route and a page. So, much like the "login" page, I need that... I'm trying to integrate Stripe Payment System.

So I need to know, in short, how to make an endpoint route and then a new "page" on the servers index and make it all work. Am I making sense?

Thanks again
James

You should never need to modify 'endpoint.php'.  Use a read/write field for the API key and then do something like:

PHP Code:
// Verify logged in.
if (!$sso_client->LoggedIn())  $sso_client->Login();

// Force server side data retrieval.
if (!$sso_client->LoadUserInfo())
{
    echo 
"Unable to load user information.";
    exit();
}

$stripeinfo $sso_client->GetField("stripe");
$stripeinfo = @json_decode($stripeinfotrue);

if (!
is_array($stripeinfo))
{
    
// New/Invalid account.
}
else
{
    
// Existing account.
}

// Save the value of $stripeinfo to the SSO server AND reload.  Both calls are required.  SetField() simply queues up one or more fields to send.  LoadUserInfo(true) saves and reloads the client information from the SSO server.
$sso_client->SetField("stripe"json_encode($stripeinfo));
$sso_client->LoadUserInfo(true); 

The way you phrased your request/question makes it sound like you are planning on storing actual credit card numbers into the SSO server.  PCI compliance is hard to get right and I make no claims that the SSO server is PCI compliant.  Use the above with caution and care.  I'd only put real card numbers on an isolated system, just in case.  I'd also make sure every card access and transaction is logged to a permanent log somewhere that can't be modified by an attacker.

Thanks Thruska. Where do I put the sample you have posted? I'm sorry my code gave the impression that I would be storing card information. I assure you it won't be. Stripe (the company) store the information and I store a token that allow's me to charge a customer with that token. I won't be needing to become PCI compliant.

So with the sample posted, once saved, how do I get around the redirect part? I need to display a page for the user to put their card info in but all I get is the error quoted above.

Kind regards
James
Reply
#7
You put the code sample(s) in your application. You don't need to make any changes to the SSO server other than setting up a field for storing the token and making it read/write for the API key you are using.
Author of Barebones CMS

If you found my reply to be helpful, be sure to donate!
All funding goes toward future product development.
Reply
#8
Thanks again! Unfortunately, I will still need to modify the server side index as I still need a page where users can input their card information. I've attached a picture of how the rough flow should be and what I'm trying to achieve to hopefully put it into perspective Smile


   
Reply
#9
The simplest solution is to put the card entry page on the client end of things with the rest of your application. The code I provided is all you need for this route. Unless I'm missing something, there's no need to redirect to the SSO server.

If you REALLY want to go through the SSO server, you can write an 'index_hook.php' file for the purpose but it'll be more difficult and it's up to you how you want to handle SSO server fields but the database interactions you would need to perform are handled for you. Again, you don't need to modify the SSO server itself to accomplish this.
Author of Barebones CMS

If you found my reply to be helpful, be sure to donate!
All funding goes toward future product development.
Reply
#10
Thanks for getting back to me Thruska. So due to how many website I will have setup on this, it would be more logical to have one single server side process than a clone for all clients, given that it's the server that will ultimately be processing the whole transaction. I've managed to complete all of what I need to achieve, except one thing... the redirect part in the code I posted a while back. I keep getting this:

The session ID is invalid. Most likely cause: Expired.

Even though I have passed a valid sso_id.

Kind regards
James
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
© CubicleSoft