I have integrate payfast payment gateway in our Laravel 5.1 website, it is working perfect on our development server but when we move site on live server it give error in ITN request step, here is the error which I am getting:
HTTP/1.1 500 Internal Server Error
Date: Wed, 09 Nov 2016 14:10:09 GMT
Server: Apache
Cache-Control: no-cache, private
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
When I am searching for solution I got below option to enable ITN request without CSRF token
protected $except = [
//
'/itn'
];
but this also not working, I put sample code folder on my website root folder and try to do payment and that will working.
Also when I try to write notify response in text file it print success in response to the file.
After debugging my code I found there is problem with the CURL post.
// Base settings
$curlOpts = array(
// Base options
CURLOPT_USERAGENT => USER_AGENT, // Set user agent
CURLOPT_RETURNTRANSFER => true, // Return output as string rather than outputting it
CURLOPT_HEADER => false, // Don't include header in output
CURLOPT_SSL_VERIFYHOST => true,
CURLOPT_SSL_VERIFYPEER => false,
// Standard settings
CURLOPT_URL => 'https://' . $pfHost . '/eng/query/validate',
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $pfParamString,
);
curl_setopt_array($ch, $curlOpts);
// Execute CURL
$res = curl_exec($ch);
curl_close($ch);
Main issue occurs because of these two line code
CURLOPT_SSL_VERIFYHOST => true,
CURLOPT_SSL_VERIFYPEER => false,
I change its value and it start working
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_SSL_VERIFYPEER => true,
This will fix my problem and payfast working perfect after doing these changes.
Related
Request:
$headers = array( 'Content-Type:application/xml' );
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => 'https://example.com',
CURLOPT_POST => 1,
CURLOPT_HEADER => $headers,
CURLOPT_USERPWD=>'test:test',
CURLOPT_POSTFIELDS => $XMLData
));
$APIResponse = curl_exec($curl);
curl_close($curl);
And I get this response from an API
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: ----
X-AspNet-Version: -----
X-Powered-By: ASP.NET
Date: ---- GMT
Content-Length: 100
<?xml version="1.0" encoding="utf-8"?><response xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.example.com"><ID>12345</ID></response>
I want to fetch ID from xml ID tag. How can I get that in my php code?
You're getting the HTTP header data included within your response from cURL, which is making it hard to extract the XML part.
However this is happening due to a simple misunderstanding - the CURLOPT_HEADER option doesn't do what you think it does.
That doesn't include your request headers in the request (as your code seems to be trying to do), instead it sets an option telling cURL whether or not the response headers should be included in the main output or not. If you set
CURLOPT_HEADER => 0
in your code, your problem should go away - then only the response body (in your case, just the XML) will included in the output from curl_exec.
In the meantime, if you need to set custom HTTP headers in your request, you can do it via the CURLOPT_HTTPHEADER option - a detailed example can be found here and in many other places online.
P.S. Admittedly these option names are not, in themselves, very clear about the difference between them, but the PHP manual does describe what they do in more detail.
What is the issue?
We need to extract X-CardConnect-SessionKey from the response header of Card-Connect API. We are using v2/connect API of CardConnect through PHP-CURL method.
What we have done to extract the header?
We are using below methods of PHP to get the headers from the response
get_headers | getallheaders
Passing the below parameters in the CURL request:
CURLOPT_FOLLOWLOCATION => 1,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_VERBOSE => 1,
CURLOPT_HEADER => 1,
CURLINFO_HEADER_OUT => 1,
CURLOPT_NOBODY => 1,
Our Observations.
When we call the same API from PostMan we are able to see X-CardConnect-SessionKey in the response header, but when we dump full header using the above methods not getting that same key highlighted in below screen-shot.
When using postman locally on my machine, I am able to send the request no problem and get a response back. Because of the invalid token I am sending the api, I should receive this back.
{
"status": "Error",
"message": "Invalid API Token"
}
Using postman's utility to generate php curl code to make this request I get this.
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://app.mobilecause.com/api/v2/reports/transactions.json",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_POSTFIELDS => "",
CURLOPT_COOKIESESSION => true,
CURLOPT_COOKIEFILE => "cookie.txt",
CURLOPT_COOKIEJAR => "cookie.txt",
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => array(
'Authorization: Token token="test_token"',
"Content-Type: application/x-www-form-urlencoded",
"cache-control: no-cache",
),
));
curl_setopt($curl, CURLOPT_VERBOSE, true);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
Running this code on my webserver results in a page body returned that is a cloudflare landing page, specifically this.
Please enable cookies.
One more step
Please complete the security check to access app.mobilecause.com
Why do I have to complete a CAPTCHA?
Completing the CAPTCHA proves you are a human and gives you temporary access to the web property.
What can I do to prevent this in the future?
If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware.
If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices.
Cloudflare Ray ID: RAY_ID • Your IP_REDACTED • Performance & security by Cloudflare
I cannot explain why this happens. I have a valid 'cookie.txt' that is getting written to, but it seems like it is missing content.
The cookie that curl writes through this request stored in 'cookie.txt' looks like this. (Redacted potentially sensitive information.)
#HttpOnly_.app.mobilecause.com TRUE / FALSE shortStringOfNumbers __cfduid longStringOfNumbers
The cookies generated by postman when executing the command through postman look like this. (Redacted potentially sensitive information.)
__cfruid=longStringOfNumbers-shortStringOfNumbers; path=/; domain=.app.mobilecause.com; HttpOnly; Expires=Tue, 19 Jan 2038 03:14:07 GMT;
__cfduid=longStringOfNumbers; path=/; domain=.app.mobilecause.com; HttpOnly; Expires=Thu, 23 Jan 2020 04:54:50 GMT;
Essentially it seems like the php request is missing the '__cfruid' cookie. Could this be the cause?
Copying this exact code into http://phpfiddle.org/ produces this same cloudflare landing page. Running this locally on my machine produces the expected result.
You're running into a Managed Challenge: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
The key question here is whether you own the zone. The site owner can add a managed challenge for pretty much any reason as part of their WAF: https://developers.cloudflare.com/waf/ . We could speculate about whether it's due to your traffic being deemed a bot or maybe they're blocking based on your user agent string. You don't have control over managed challenges that are served to you if you don't own the domain in Cloudflare.
If you are the site owner, you can determine which rule is causing this Managed Challenge by taking the Cloudflare rayID and filtering for it in Security > Overview. You can then add a bypass to your firewall rule to exclude this PHP curl traffic.
I'm trying to scrape the below feed (with permission) via PHP cURL:
http://www.safc.com/Home/RSS Feeds/News%20Feed
Loads fine in a browser, but gives me a 400 'bad request' with cURL.
$ch = curl_init($uri); //http://www.safc.com/Home/RSS Feeds/News%20Feed
curl_setopt_array($ch, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_ENCODING => '',
CURLOPT_TIMEOUT => CURL_CONNECT_TIMEOUT,
CURLOPT_USERAGENT => CURL_USER_AGENT,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_FOLLOWLOCATION => true
));
$ret = curl_exec($ch);
Result is a 400; I know this from looking in curl_getinfo().
CURL_USER_AGENT is an arbitrary identifier as I realised some other feeds wouldn't spit out content unless this header was present. I have tried removing the headers one by one, and tried adding a few more, but that approach feels a bit needle/haystack.
Before I approach the owners of the site, does anyone know how I might resolve this?
use http://www.safc.com/home/rss%20feeds/news%20feed check different between "Home" and "home" there is 301 redirect when you use "Home".
I am trying to build an application using Google Opensocial API.
But when i make a POST request with following CURL headers, i am getting 405 Method not allowed error :
CURLOPT_URL : http://www.orkut.com/social/rpc/
CURLOPT_POSTFIELDS : [{"method":"people.get","id":"self","params":{"userId":["#me"],"groupId":"#self","fields":["displayName","currentLocation","thumbnailUrl","gender","name"]}},{"method":"people.get","id":"friends","params":{"userId":["#me"],"groupId":"#friends","fields":["displayName","currentLocation","thumbnailUrl","gender","name"],"count":300}}]
CURLOPT_CUSTOMREQUEST : POST
CURLOPT_RETURNTRANSFER : true
CURLOPT_USERAGENT : osapi 1.0
CURLOPT_FOLLOWLOCATION : 1
CURLOPT_SSL_VERIFYPEER : false
CURLOPT_HEADER : true
CURLINFO_HEADER_OUT : true
CURLOPT_HTTPHEADER : Array
(
[0] => Authorization: OAuth oauth_body_hash="A3ZOHT4b3YMOzEfg+2j3v+N302E=", oauth_nonce="6ad533sdfsb9261ssdfsdf29af7d", oauth_version="1.0", oauth_timestamp="1318236734", oauth_consumer_key="www.mydomain.com", oauth_token="1%2FKhAasdfsd8YX2bfsdfsdf6MsdfsfsdfsdfJYyULWUog", oauth_signature_method="HMAC-SHA1", oauth_signature="osdf4pShOsdfsdf88nnpwsdfsdf9g%3D"
[1] => Content-Type: application/json
[2] => Content-Length: 0
[3] => User-Agent: osapi 1.0
)
Following is the CURL-POST response I am recieving :
["http_code"] => int(405)
["data"] => string(12614)
"HTTP/1.1 405 Method Not Allowed
Content-Type: text/html; charset=UTF-8
Content-Length: 12462
Date: Tue, 14 Jun 2011 08:07:58 GMT
Server: GFE/2.0
I asked about this issue on Google Codes forum and they told me to remove following line from CURL request as my website is hosted on hostgator.
CURLOPT_CUSTOMREQUEST : POST
I tried above thing but still i am getting 405 Method not allowed error. Kindly assist me further on this issue.
Do i need to modify my PHP-CURL code above to send POST request? If so, then please help me..
The Google Social specification has an example in which people.get is requested with GET, not via POST. Generally keep in mind that GET is for requesting information, while POST is for changing existing information.