Bitcoin Forum
October 31, 2024, 10:56:31 AM *
News: Bitcoin Pumpkin Carving Contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Should I accept payments without a callback URL?  (Read 1137 times)
PBmining (OP)
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


View Profile WWW
December 29, 2013, 03:47:51 AM
 #1

When implementing a payment system, Blockchain.info uses callback URLs with their PHP examples.
I only understand its use of sending the user to a confirmation page after ordering.  I have read that it is for added security though too, but I don't see how. 
What if I chose not to use it?




Did you know?: Most of our hash power comes from other sources.  We are now specialized in the resale of cloudmining contracts through our associates!
Benson Samuel
Legendary
*
Offline Offline

Activity: 1890
Merit: 1000


Landscaping Bitcoin for India!


View Profile WWW
December 29, 2013, 04:32:47 AM
 #2

When implementing a payment system, Blockchain.info uses callback URLs with their PHP examples.
I only understand its use of sending the user to a confirmation page after ordering.  I have read that it is for added security though too, but I don't see how.  
What if I chose not to use it?





If you choose not to, then blockchain.info will not send any message back to your webpage and you may not know when the payment has reached.
If you do not use callbacks, your user would be stuck on the payment confirmation page until someone manually agrees to move him forward.
The added security is that it verifies the payment before sending the customer forward.

empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
December 29, 2013, 05:04:25 AM
 #3

When implementing a payment system, Blockchain.info uses callback URLs with their PHP examples.
I only understand its use of sending the user to a confirmation page after ordering.  I have read that it is for added security though too, but I don't see how.  
What if I chose not to use it?





If you choose not to, then blockchain.info will not send any message back to your webpage and you may not know when the payment has reached.
If you do not use callbacks, your user would be stuck on the payment confirmation page until someone manually agrees to move him forward.
The added security is that it verifies the payment before sending the customer forward.

So yes, the security is there and important.
Rannasha
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
December 29, 2013, 04:43:52 PM
 #4

You only show the code (btw, use code-tags for nicer formatting) for the page that reads invoices from the DB and displays the status. We can't tell why things aren't being added to the DB unless you show us the code that does the actual adding.
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
December 30, 2013, 02:30:07 AM
 #5

You only show the code (btw, use code-tags for nicer formatting) for the page that reads invoices from the DB and displays the status. We can't tell why things aren't being added to the DB unless you show us the code that does the actual adding.

Yeah, the horse has already bolted ... need to see the earlier code.
Rannasha
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
January 05, 2014, 07:33:15 PM
 #6

For debugging, you should make the script display all queries that are executed. You can then find the exact query it tries to run to insert data into the pending table and then use something like PHPMyAdmin or the mysql commandline client to run this query and get more detailed error messages.

In general it is a good idea to abstract away from calling mysql_query() directly (not to mention that it is deprecated and should be replaced by mysqli_query()).

Create a new function:
Code:
function do_query($query_string)
{
    // Comment or remove following line when not debugging
    echo "(DEBUG) " + $query_string + "<br>";

    $res = mysql_query($query_string);
    if (!$res)
    {
        // Do error-handling here. In development-code you can display the error.
        // In production-code you log the error server-side and show a generic error to the user.
        do_something()
    }

    return $res;
}
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!