StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POUnable to Simulate HTTP 302 response
text
Body
copied!<p>I'm trying to incorporate PagSeguro (a payment gateway - Brazil's version of PayPal) into my site. After the customer finishes with PagSeguro, they send data (via POST) to a function which I specify. However, I'm not receiving the POST. After doing all the troubleshooting I could think of, I contacted PagSeguro. They said that their log indicates that the POST is being sent as normal but they are receiving an HTTP 302 response.</p> <p>In order to figure out why this is happening, I created a form with hidden values to simulate sending a POST to my function. I put this form under a different domain just in case it had something to do with that. Every time I send the POST from my simulation form, I receive an HTTP 200 response, and my log indicates that the POST was received.</p> <p>How is it possible that PagSeguro is receiving a different response than my simulation? Could it have something to do with the server or is it something to do with my script?</p> <p>Here is the function (using CodeIgniter) that should be receiving the POST:</p> <pre><code>function pagseguro_retorno(){ if (count($_POST) == 0) { return FALSE; } $msg = 'POST RECEIVED'; $simulate = $this->input->post('Simulate'); if ( ! empty($simulate)){ $result = 'VERIFICADO'; $msg .= ' FROM SIMULATOR'; } else { $this->load->library(PagSeguroNpi); $result = $this->PagSeguroNpi->notificationPost(); } $this->log($msg); if ($result == "VERIFICADO") { $id = $this->input->post('Referencia');//cart id $this->load->model('transacao_model'); $trans_row = $this->transacao_model->get_transaction($id); if ( ! is_object($trans_row)){ //LOAD NEW TRANSACTION if ( ! $this->new_transaction($id)){ $notice = "Unable to load new transaction</p><p>"; $this->log($notice); $notice .= '<pre>'.print_r($_POST, TRUE).'</pre>'; $this->email_notice($notice); } } $this->load->model('carrinho_model'); if($_POST['StatusTransacao'] == 'Aprovado'){ $status = 'apr'; }elseif($_POST['StatusTransacao'] == 'Em Análise'){ $status = 'anl'; }elseif($_POST['StatusTransacao'] == 'Aguardando Pagto'){ $status = 'wtg'; }elseif($_POST['StatusTransacao'] == 'Completo'){ $status = 'cmp'; //nothing more happens here - client must click on 'mark as shipped' before cart is removed and history data is loaded }elseif($_POST['StatusTransacao'] == 'Cancelado'){ //reshelf - don't set $status, because the cart's about to be destroyed $this->carrinho_model->reshelf(array($id)); } if (isset($status)){ $this->carrinho_model->update_carrinho($id, array('status' => $status)); } } else if ($result == "FALSO") { $notice = "PagSeguro return was invalid."; $this->log($notice); $notice .= '<pre>'.print_r($_POST, TRUE).'</pre>'; $this->email_notice($notice); } else { $notice = "Error in PagSeguro request"; $this->log($notice); $notice .= '<pre>'.print_r($_POST, TRUE).'</pre>'; $this->email_notice($notice); } } </code></pre> <p>SECURITY UPDATE:</p> <p>After posting, I soon realized that I was opening myself up to hack attempts. The function necessarily has to be public, so anyone who knows the name of the function could access it and post 'simulate' to get immediate verification. Then they could pass whatever data they wanted.</p> <p>I changed the name of the function to something that would be impossible to guess, and when not in production mode, I've disabled the simulate option.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload