Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/javascript/396.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Javascript 防止用户更改付款页面上的收费金额_Javascript_Php_Html_Payment Gateway - Fatal编程技术网
Fatal编程技术网
  • javascript/
  • Javascript 防止用户更改付款页面上的收费金额

Javascript 防止用户更改付款页面上的收费金额

javascript php html

Javascript 防止用户更改付款页面上的收费金额,javascript,php,html,payment-gateway,Javascript,Php,Html,Payment Gateway,我正在尝试在我的网站上集成支付网关。有三种不同价格的课程。我正在将金额和包的值传递给form.php,并且我已经将输入字段设置为只读,但是用户仍然可以在inspect元素中更改金额,并将其设置为0,然后传递值,免费获得课程。如何阻止用户更改值?或者是否有其他方法传递值?还是先加密然后再解密 这是我的代码index.php <div id="outer"> <div class="box"> <h4>Rs. 9,900/-

我正在尝试在我的网站上集成支付网关。有三种不同价格的课程。我正在将金额和包的值传递给
form.php
,并且我已经将输入字段设置为只读,但是用户仍然可以在inspect元素中更改金额,并将其设置为0,然后传递值,免费获得课程。如何阻止用户更改值?或者是否有其他方法传递值?还是先加密然后再解密

这是我的代码
index.php

<div id="outer">
        <div class="box">
            <h4>Rs. 9,900/-</h4>
            <ul>
                <li>2-Days Classroom Training</li>
                <li>E-Learning Course</li>
            </ul>
            <form action="form.php" method="post">
                <input type="hidden" name="amount" value="9900" readonly="readonly">
                <input type="hidden" name="package" value="basic" readonly="readonly">
                <input type="submit" name="BUY NOW" value="BUY NOW">
            </form>
        </div>
        <div class="box">
            <h4>Rs. 11,900/-</h4>
            <ul>
                <li>4-Days Classroom Training</li>
                <li>E-Learning Course</li>
            </ul>
            <form action="form.php" method="post">
                <input type="hidden" name="amount" value="11900" readonly="readonly">
                <input type="hidden" name="package" value="standard" readonly="readonly">
                <input type="submit" name="BUY NOW" value="BUY NOW">
            </form> 
        </div>
        <div class="box">
            <h4>Rs. 14,900/-</h4>
            <ul>
                <li>4-Days Classroom Training</li>
                <li>E-Learning Course</li>
                <li>5 Hours Personal Session With The Trainer</li>
            </ul>
            <form action="form.php" method="post">
                <input type="hidden" name="amount" value="14900" readonly="readonly">
                <input type="hidden" name="package" value="pro" readonly="readonly">
                <input type="submit" name="BUY NOW" value="BUY NOW">
            </form>
        </div>
    </div>

<body>
    <?php
        if (isset($_POST['amount']) && isset($_POST['package'])) {
            $amount = $_POST['amount'];
            $package = $_POST['package'];
        }
    ?>

<div>
<table>
    <form name="postForm" action="form_process.php" method="POST" >
    <tr><td>txnid</td><td><input type="text" name="txnid" readonly="readonly" value="<?php echo $txnid=time().rand(1000,99999); ?>" /></td></tr>
    <tr><td>amount</td><td><input type="text" name="amount" readonly="readonly" value="<?php echo $amount; ?>" /></td></tr>
    <tr><td>firstname</td><td><input type="text" name="firstname" value="" /></td></tr>
    <tr><td>email</td><td><input type="text" name="email" value="" /></td></tr>
    <tr><td>phone</td><td><input type="text" name="phone" value="" /></td></tr>
    <tr><td>Package</td><td><input type="text" name="productinfo" readonly="readonly" value="<?php echo $package; ?>"/></td></tr>
    <tr><td colspan="3"><input type="hidden" name="service_provider" value="payu_paisa" size="64" /></td></tr>
    <tr><td><input type="hidden" name="surl" value="http://localhost/payment/success.php" size="64" readonly="readonly" /></td></tr>
    <tr><td><input type="hidden" name="furl" value="http://localhost/payment/failure.php" size="64" readonly="readonly" /></td></tr>
    <tr><td><input type="submit" /></td><td><input type="reset" /></td></tr>
    </form>
</table>
</div>
</body>

<script>
    function submitForm() {
      var postForm = document.forms.postForm;
      postForm.submit();
    }
</script>
</head>
<?php 
if(!isset($_POST['firstname'])){header("location: form.php");}
// Change the Merchant key here as provided by Payumoney
$MERCHANT_KEY = "Bm2pCkYO";

// Change the Merchant Salt as provided by Payumoney
$SALT = "zqLhSo9FTL";


    $firstname =$_POST['firstname'];
    $email =$_POST['email'];
    $phone =$_POST['phone'];
    $productinfo =$_POST['productinfo'];
    $service_provider =$_POST['service_provider'];
    $amount =$_POST['amount'];
    $txnid =$_POST['txnid'];
    $productinfo =$_POST['productinfo'];
    $surl =$_POST['surl'];
    $furl =$_POST['furl'];


    //$ =$_POST[''];

    $hashseq=$MERCHANT_KEY.'|'.$txnid.'|'.$amount.'|'.$productinfo.'|'.$firstname.'|'.$email.'|||||||||||'.$SALT;
    $hash =strtolower(hash("sha512", $hashseq)); 

?>

<body onload="submitForm();">

<div>
<h2>Payment Gateway Testing Sample</h2>
<table>
<tr><td>Transaction Id</td><td><strong><?php echo $_POST['txnid']; ?></strong></td><td>Amount: </td><td><strong>Rs. <?php echo $_POST['amount']; ?></strong></td>
</table>
<div >
<p>In this page we will genrate hash and send it to payumoney.</p>
<br>
<p>Please be patient. this process might take some time,<br />please do not hit refresh or browser back button or close this window</p>
</div>
</div>

<div>
    <form name="postForm" action="https://sandboxsecure.payu.in/_payment" method="POST" >
        <input type="hidden" name="key" value="<?php echo $MERCHANT_KEY; ?>" />
        <input type="hidden" name="hash" value="<?php echo $hash;  ?>"/>
        <input type="hidden" name="txnid" value="<?php echo $_POST['txnid'];  ?>" />
        <input type="hidden" name="amount" value="<?php echo $_POST['amount'];  ?>" />
        <input type="hidden" name="firstname" value="<?php echo $_POST['firstname'];  ?>" />
        <input type="hidden" name="email" value="<?php echo $_POST['email'];  ?>" />
        <input type="hidden" name="phone" value="<?php echo $_POST['phone'];  ?>" />
        <input type="hidden" name="productinfo" value="<?php echo $_POST['productinfo'];  ?>" />
        <input type="hidden" name="service_provider" value="payu_paisa" size="64" />
        <input type="hidden" name="surl" value="<?php echo $_POST['surl'];  ?>" />
        <input type="hidden" name="furl" value="<?php echo $_POST['furl'];  ?>" />
    </form>
</div>
</body>

<body>
    <script>var time = 5;
setInterval(function() {
  var seconds = time % 60;
  var minutes = (time - seconds) / 60;
  if (seconds.toString().length == 1) {
    seconds = "0" + seconds;
  }
  if (minutes.toString().length == 1) {
    minutes = "0" + minutes;
  }
  document.getElementById("time").innerHTML = minutes + ":" + seconds;
  time--;
  if (time == 0) {
    window.location.href = "index.php";
  }
}, 1000);
</script>

    <div>
        <h2>Payment Success</h2>
    </div>

    <div>
        <?php 
            if(isset($_POST['status'])){
                if($_POST['status']=="success"){
                    echo "<p>Payment Done Successfully.<br>Details Are Below.</p>";
                    echo "<p>Txn Id: ".$_POST['txnid']."</p>";
                    echo "<p>Name: ".$_POST['firstname']."</p>";
                    echo "<p>Email: ".$_POST['email']."</p>";
                    echo "<p>Amount: ".$_POST['amount']."</p>";
                    echo "<p>Phone No: ".$_POST['phone']."</p>";
                    echo "<p>Product Info: ".$_POST['productinfo']."</p>";
                    echo "<p>encryptedPaymentId: ".$_POST['encryptedPaymentId']."</p>";
                }
            }

            ?>
    </div>
    <div>Redirecting to home page in <span id="time"></span></div>

form_process.php

<div id="outer">
        <div class="box">
            <h4>Rs. 9,900/-</h4>
            <ul>
                <li>2-Days Classroom Training</li>
                <li>E-Learning Course</li>
            </ul>
            <form action="form.php" method="post">
                <input type="hidden" name="amount" value="9900" readonly="readonly">
                <input type="hidden" name="package" value="basic" readonly="readonly">
                <input type="submit" name="BUY NOW" value="BUY NOW">
            </form>
        </div>
        <div class="box">
            <h4>Rs. 11,900/-</h4>
            <ul>
                <li>4-Days Classroom Training</li>
                <li>E-Learning Course</li>
            </ul>
            <form action="form.php" method="post">
                <input type="hidden" name="amount" value="11900" readonly="readonly">
                <input type="hidden" name="package" value="standard" readonly="readonly">
                <input type="submit" name="BUY NOW" value="BUY NOW">
            </form> 
        </div>
        <div class="box">
            <h4>Rs. 14,900/-</h4>
            <ul>
                <li>4-Days Classroom Training</li>
                <li>E-Learning Course</li>
                <li>5 Hours Personal Session With The Trainer</li>
            </ul>
            <form action="form.php" method="post">
                <input type="hidden" name="amount" value="14900" readonly="readonly">
                <input type="hidden" name="package" value="pro" readonly="readonly">
                <input type="submit" name="BUY NOW" value="BUY NOW">
            </form>
        </div>
    </div>

<body>
    <?php
        if (isset($_POST['amount']) && isset($_POST['package'])) {
            $amount = $_POST['amount'];
            $package = $_POST['package'];
        }
    ?>

<div>
<table>
    <form name="postForm" action="form_process.php" method="POST" >
    <tr><td>txnid</td><td><input type="text" name="txnid" readonly="readonly" value="<?php echo $txnid=time().rand(1000,99999); ?>" /></td></tr>
    <tr><td>amount</td><td><input type="text" name="amount" readonly="readonly" value="<?php echo $amount; ?>" /></td></tr>
    <tr><td>firstname</td><td><input type="text" name="firstname" value="" /></td></tr>
    <tr><td>email</td><td><input type="text" name="email" value="" /></td></tr>
    <tr><td>phone</td><td><input type="text" name="phone" value="" /></td></tr>
    <tr><td>Package</td><td><input type="text" name="productinfo" readonly="readonly" value="<?php echo $package; ?>"/></td></tr>
    <tr><td colspan="3"><input type="hidden" name="service_provider" value="payu_paisa" size="64" /></td></tr>
    <tr><td><input type="hidden" name="surl" value="http://localhost/payment/success.php" size="64" readonly="readonly" /></td></tr>
    <tr><td><input type="hidden" name="furl" value="http://localhost/payment/failure.php" size="64" readonly="readonly" /></td></tr>
    <tr><td><input type="submit" /></td><td><input type="reset" /></td></tr>
    </form>
</table>
</div>
</body>

<script>
    function submitForm() {
      var postForm = document.forms.postForm;
      postForm.submit();
    }
</script>
</head>
<?php 
if(!isset($_POST['firstname'])){header("location: form.php");}
// Change the Merchant key here as provided by Payumoney
$MERCHANT_KEY = "Bm2pCkYO";

// Change the Merchant Salt as provided by Payumoney
$SALT = "zqLhSo9FTL";


    $firstname =$_POST['firstname'];
    $email =$_POST['email'];
    $phone =$_POST['phone'];
    $productinfo =$_POST['productinfo'];
    $service_provider =$_POST['service_provider'];
    $amount =$_POST['amount'];
    $txnid =$_POST['txnid'];
    $productinfo =$_POST['productinfo'];
    $surl =$_POST['surl'];
    $furl =$_POST['furl'];


    //$ =$_POST[''];

    $hashseq=$MERCHANT_KEY.'|'.$txnid.'|'.$amount.'|'.$productinfo.'|'.$firstname.'|'.$email.'|||||||||||'.$SALT;
    $hash =strtolower(hash("sha512", $hashseq)); 

?>

<body onload="submitForm();">

<div>
<h2>Payment Gateway Testing Sample</h2>
<table>
<tr><td>Transaction Id</td><td><strong><?php echo $_POST['txnid']; ?></strong></td><td>Amount: </td><td><strong>Rs. <?php echo $_POST['amount']; ?></strong></td>
</table>
<div >
<p>In this page we will genrate hash and send it to payumoney.</p>
<br>
<p>Please be patient. this process might take some time,<br />please do not hit refresh or browser back button or close this window</p>
</div>
</div>

<div>
    <form name="postForm" action="https://sandboxsecure.payu.in/_payment" method="POST" >
        <input type="hidden" name="key" value="<?php echo $MERCHANT_KEY; ?>" />
        <input type="hidden" name="hash" value="<?php echo $hash;  ?>"/>
        <input type="hidden" name="txnid" value="<?php echo $_POST['txnid'];  ?>" />
        <input type="hidden" name="amount" value="<?php echo $_POST['amount'];  ?>" />
        <input type="hidden" name="firstname" value="<?php echo $_POST['firstname'];  ?>" />
        <input type="hidden" name="email" value="<?php echo $_POST['email'];  ?>" />
        <input type="hidden" name="phone" value="<?php echo $_POST['phone'];  ?>" />
        <input type="hidden" name="productinfo" value="<?php echo $_POST['productinfo'];  ?>" />
        <input type="hidden" name="service_provider" value="payu_paisa" size="64" />
        <input type="hidden" name="surl" value="<?php echo $_POST['surl'];  ?>" />
        <input type="hidden" name="furl" value="<?php echo $_POST['furl'];  ?>" />
    </form>
</div>
</body>

<body>
    <script>var time = 5;
setInterval(function() {
  var seconds = time % 60;
  var minutes = (time - seconds) / 60;
  if (seconds.toString().length == 1) {
    seconds = "0" + seconds;
  }
  if (minutes.toString().length == 1) {
    minutes = "0" + minutes;
  }
  document.getElementById("time").innerHTML = minutes + ":" + seconds;
  time--;
  if (time == 0) {
    window.location.href = "index.php";
  }
}, 1000);
</script>

    <div>
        <h2>Payment Success</h2>
    </div>

    <div>
        <?php 
            if(isset($_POST['status'])){
                if($_POST['status']=="success"){
                    echo "<p>Payment Done Successfully.<br>Details Are Below.</p>";
                    echo "<p>Txn Id: ".$_POST['txnid']."</p>";
                    echo "<p>Name: ".$_POST['firstname']."</p>";
                    echo "<p>Email: ".$_POST['email']."</p>";
                    echo "<p>Amount: ".$_POST['amount']."</p>";
                    echo "<p>Phone No: ".$_POST['phone']."</p>";
                    echo "<p>Product Info: ".$_POST['productinfo']."</p>";
                    echo "<p>encryptedPaymentId: ".$_POST['encryptedPaymentId']."</p>";
                }
            }

            ?>
    </div>
    <div>Redirecting to home page in <span id="time"></span></div>
检查字段的值,如果为零,只需终止代码的执行,将用户发送回表单并打印警告

或者,您可以使用JavaScript验证提交后单击并再次检查的金额

外面是一片丛林

永远不要让用户发送价格。每门课程都有一个ID。让我们假设:

  • 课程1,ID=1,价格=499,名称=2天课堂培训
  • 课程2,ID=2,价格=999,名称=4天课堂培训
在您的付款页面中,在
内仅发送
课程id=X

在接收请求的PHP脚本上,您知道
course\u id=X
具有
price=Y
。。。这是你要收的价格

// index.php
<form action="form.php" method="post">
    <input type="hidden" name="course_id" value="1" readonly="readonly">
    <label>
        2-days learning course
    </label>
    <input type="submit" name="BUY NOW" value="BUY NOW">
</form>


//form.php
if (isset($_POST['course_id']){
   if ($_POST['course_id'] == 1){
       $amount = 499;
   }
} else {
    echo 'invalid request'; exit();
}

//index.php
为期两天的学习课程
//form.php
如果(isset($_POST['course\u id'])){
如果($_POST['course\u id']==1){
$amount=499;
}
}否则{
回显“无效请求”;退出();
}
U可以做一件事来避免陷阱,那就是为amount值创建一个会话变量,然后在下一页获取会话变量,然后发送amount元素的会话变量(强制)以及其他由支付网关加密/解密的字段。

当然不要将金额放在前端,在后端进行计算并发送。或者可能将其放在某个表中,获取基本价格,然后最终发送。用php进行计算并使用CURL。所有操作都将在服务器端完成。我建议虽然不要把你自己的东西汇总起来,但有太多的东西是不会出错的,只需下载一个经过测试的电子商务框架。你可以将金额显示为用户信息的文本。提交表单后,获得固定金额,如-$amount=“XXXX”$package=“XXXX”;如何从
form.php
amount传递此值请提供示例代码以支持您的评论。