php - Deny direct access to success url in ecommerce website by typing it -

-

bottom line: how prevent direct access success page when transaction done (filename thankyou.php) if he/she knows url. have integrated ccavenue payment gateway in application.

full detail: have made ecommerce web application (still under construction).

on checkout page, whenever user clicks proceed payment button, generating unique ordercode , saving in session , calling session value in success url page , inserting details in order table , if ordercode not set, heading user away //www.example.com/store/

now, suppose knows success url (//www.example.com/store/thankyou.php) ccavenue redirecting after successful payment of amount merchant, types url directly. want user should not directly access typing in url bar, when payment done, thankyou.php file has shown 2 minutes , not more that. , after 2 minutes, if tries access success url page again, should not see success page again.

after bit of research, many of them have said use $_server['http_referer'] knowledge can bypassed if user tries do.

so how achieve ?

any highly appreciated. thank you.

after successful payment, ccavenue redirect our successurl details post url/get url.

whet need on top of thankyou.php page unique value return parameters,

in if block check set parameter , delivery address against particular customer not find in database display thankyou message , save delivery address of customer.

in else block redirect other page customer if hit again same url of thankyou page he/she cannot see page instead take redirected page.


Comments

Post a Comment

Popular posts from this blog

node.js - Mongoose: Cast to ObjectId failed for value on newly created object after setting the value -

-
this question has answer here: what's mongoose error cast objectid failed value xxx @ path “_id”? 7 answers even though has been asked many times because entity has no valid objectid field. i came across situation objectid set value can casted objectid still error. the schema: var serviceschema = parammongoose.schema({ servicename:{ type: parammongoose.schema.types.objectid , ref: 'servicenames',required:true } }); pseudo code: servicefromdb=new service({servicename:'some name'}); servicefromdb.servicename='000000000000000000000001'; servicefromdb.save(function(paramerror,paramdata){ if(paramerror){ console.log('but but...',servicefromdb,paramerror) } }); the output of code is: but but... { servicename: 000000000000000000000001, _id: 55079a90286f49280364f78b } { [casterror: cast objectid faile...
Read more

gradle error "Cannot convert the provided notation to a File or URI" -

-
i have defined 2 system properties in gradle.properties: systemprop.builddir=build systemprop.cfgdir=build\\cfg and have following task defined in build.gradle: task clean(group:'clean',description:'clean project') << { ant.sequential { delete(dir: system.properties.builddir) mkdir(dir: system.properties.builddir) delete(dir: system.properties.cfgdir) mkdir(dir: system.properties.cfgdir) } } this generates following error: execution failed task ':clean'. > cannot convert provided notation file or uri: {dir=build}. following types/formats supported: - string or charsequence path, e.g 'src/main/java' or '/usr/include' - string or charsequence uri, e.g 'file:/usr/include' - file instance. - uri or url instance. but equivalent block of code not generate error , works expected: task clean(group:'clean',description:'clean project') << { ...
Read more

python - NameError: name 'subprocess' is not defined -

-
i'm trying make rng website: http://jamesdotcom.com/?p=417 . when run following code: captureimage = subprocess.popen( [ "fswebcam", "-r", "356x292", "-d", "/dev/video0", "static.jpg", "--skip", "10" ], stdout=devnull, stderr=devnull) captureimage.communicate() i following error message: nameerror: name 'subprocess' not defined what should do? thanks have imported first? import subprocess captureimage = subprocess.popen(["fswebcam", ...) subprocess included in python standard library since python 2.4. should not necessary install it.
Read more