Route_Action vs. Custom File

mansour · January 5, 2021, 11:23am

Hi,
my custom file name is : sadad.php (included common files).the payment gateway post the following parameters to our website. this is my code for sadad.php:

if (isset($_POST["ResCode"])){
$resultCode = $_POST["ResCode"];
$InvoiceNumber = $_POST["OrderId"];
$Token = $_POST["token"];
SWITCH ($resultCode){
case "0":
echo "success";
break;
default:
echo "error";
}

we can’t control post parameters that send by payment gateways to our website.
e.g. bank send us result of a payment transaction using post method.
how to control post parameters that send to the script from external sites?
thanks
mansour

arbei · January 6, 2021, 1:17am

You may use Route_Action server event, see: https://discourse.hkvstore.com/t/using-route-action-server-event-v2021/3393/1 your payment gateway posts data to your site by HTTP POST, the route arguments are unimportant, you just get the data by $_POST or by POST Parameters and then do what you want with the data.You may just put your code in your route action and change echo to:

$body = $response->getBody();
$body->write('Hello');

and return the $response in your route action.Please re-read the example in https://discourse.hkvstore.com/t/using-route-action-server-event-v2021/3393/1 and see The Response Body.

mansour · January 6, 2021, 5:20am

Hi,
I used the following code for testing purpose.

$app->post('/sadad', function ($request, $response, array $args) {
if (isset($_POST["ResCode"])){
$resultCode = $_POST["ResCode"];
$InvoiceNumber = $_POST["OrderId"];
$Token = $_POST["token"];
SWITCH ($resultCode){
case "0":
$body = $response->getBody();
$body->write('success');
return $response; // Return the response
break;
default:
$body = $response->getBody();
$body->write('error');
return $response; // Return the response
}
}
});

I received the following error when I opened the site home page and also http://site/sadad{“statusCode”:0,“error”:{“class”:“text-danger”,“type”:“\u062e\u0637\u0627”,“description”:“\u0647\u0646\u06af\u0627\u0645 \u067e\u0631\u062f\u0627\u0632\u0634 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0634\u0645\u0627 \u062e\u0637\u0627\u06cc\u06cc \u062f\u0627\u062e\u0644\u06cc \u0631\u062e \u062f\u0627\u062f\u0647 \u0627\u0633\u062a.”}}What’s the problem?
Thanks

arbei · January 6, 2021, 5:53am

mansour wrote:

$app->post(‘/sadad’, function ($request, $response, array $args) {
…
I received the following error when I opened the site home page and also > http://site/sadad

If you use $app->post() you cannot use it by HTTP GET, you must use HTTP POST, see How to create routes.
Enable debug to see detailed error message.

mansour · January 6, 2021, 7:02am

Hi,
This is the error after activating Debug mode:{“statusCode”:0,“error”:{“class”:“text-danger”,“type”:“\u062e\u0637\u0627”,“description”:“C:\xampp\htdocs\newpedra\vendor\nikic\fast-route\src\DataGenerator\RegexBasedAbstract.php(86): Cannot register two routes matching "/newpedra/sadad" for method "POST"”}}Thanks

arbei · January 6, 2021, 7:07am

mansour wrote:

Cannot register two routes matching "/newpedra/sadad" for method "POST"

As the error said, you cannot have duplicate routes. You may either remove/rename your Custom File or rename your route.

mansour · January 6, 2021, 8:59am

Hi,
I corrected the route name. Now, I receive the 400 error message after coming back from bank gateway.
It’s because of Token, isn’t it? (CHECK_TOKEN I mean)Thanks

arbei · January 6, 2021, 9:10am

Routes created in Route_Action does not require token at all (because your own code does not check it). Make sure you have updated your payment gateway to post to your correct(renamed) route (no “.php”).

mansour · January 7, 2021, 11:50am

Hi,
I changed the codes and works fine.

testform.php

<form action="test" method="post">
		<!-- Token -->
        <?php if (Config("CHECK_TOKEN")) { ?>
        <input type="hidden" name="<?= $TokenNameKey ?>" value="<?= $TokenName ?>"><!-- CSRF token name -->
        <input type="hidden" name="<?= $TokenValueKey ?>" value="<?= $TokenValue ?>"><!-- CSRF token value -->
        <?php } ?>
        <!-- Token End -->
  <div class="form-group">
    <label for="exampleInputEmail1">Email address</label>
    <input type="text" name="email" class="form-control" id="exampleInputEmail1" aria-describedby="emailHelp" placeholder="Enter email">
    <small id="emailHelp" class="form-text text-muted">We'll never share your email with anyone else.</small>
  </div>
  <div class="form-group">
    <label for="exampleInputPassword1">Password</label>
    <input type="text" name="password" class="form-control" id="exampleInputPassword1" placeholder="Password">
  </div>
  <div class="form-check">
    <input type="checkbox" class="form-check-input" id="exampleCheck1">
    <label class="form-check-label" for="exampleCheck1">Check me out</label>
  </div>
  <button type="submit" class="btn btn-primary">Submit</button>
</form>

test.php:

<?php
echo $_POST['email'];
echo $_POST['password'];
?>

Route_Action event:

$app->post('test', function ($request, $response, array $args) {
    return $response;
});

It seems the problem is related to CHECK_TOKEN setting. How to exclude some scripts from CHECK_TOKEN ?Thanks

arbei · January 7, 2021, 1:00pm

If you post to your route action /test, you don’t need the test.php and the token at all. To update data just get the posted data in your route action, then build and execute an UPDATE statement by ExecuteUpdate().

mansour · January 11, 2021, 5:27am

Hi,
The Route_Action server event prints the result as the plain text and header / footer of the site does NOT show.
I want to print the route result as a normal generated file (with header & footer)
any idea?Thanks

arbei · January 11, 2021, 5:39am

mansour wrote:

I want to print the route result as a normal generated file (with header & footer)

If you want header and footer, then you better use Custom File with Include common files (which includes header and footer) enabled.

mansour · January 11, 2021, 6:07pm

Hi,
yes, but the problem is I have no control on bank payment gateway post parameters.
thanks

arbei · January 12, 2021, 1:39am

mansour wrote:

the problem is I have no control on bank payment gateway post parameters. >

You may use Page_Load server event. (Make sure you use the latest version, v2021.0.8 as of today.)You may also put your code in the content of the Custom File.

mansour · January 13, 2021, 6:33am

Hi,
So, placing the following code in Page_Load sever event for sadad.php will ignore the default “CHECK_TOKEN” setting?if (CurrentPage()->TableName == “sadad.php”) {
Config(“CHECK_TOKEN”, false);
}Isn’t it?Thanks

arbei · January 13, 2021, 7:05am

https://discourse.hkvstore.com/t/post-form-token/3688/2

mobhar · January 13, 2021, 10:28am

Try Page_Loading or Page_Rendering server event instead.