Option for Redirect

doubledee · April 27, 2011

I have a Payment Form that has become rather complex, and I think it's time to hand things off to another page?!

Here is the gist of my form...

<?php	session_start();	?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head></head>
<body>
	<?php
		// Initialize variables.

		// *********************************************************************
		// HANDLE FORM.
		// *********************************************************************
		if (isset($_POST['submitted'])){
			// Initialize Errors Array.
 			$errors = array();

			// ********************
			// CHECK FORM DATA.	*
			// ********************

			// Determine if any errors.
			if (empty($errors)){
				// *********************************************************************
				// PROCESS PAYMENT.
				// *********************************************************************

				//@@@@@@@@@@@  START AUTHORIZE.NET CODE  @@@@@@@@@@@@@@@@@

				// Use HTTP POST to send form data.
				curl_setopt($request, CURLOPT_POSTFIELDS, $post_string);

				// Print Response Code.
				switch($response_array[0]){
					case "1":
						$responseCode = 'Approved';
						break;
					case "2":
						$responseCode = 'Declined';
						break;
					case "3":
						$responseCode = 'Error  (Please contact Customer Service.)';
						break;
					case "4":
						$responseCode = 'Held for Review  (Please contact Customer Service.)';
						break;
				}

				echo "<br />Response Code: " . $responseCode . "<br />";
				//@@@@@@@@@@@  END AUTHORIZE.NET CODE  @@@@@@@@@@@@@@@@@@

				// Do not return to Payment Form!!!
				exit();
				// *********************************************************************
			}// End of PROCESS PAYMENT.
		}// End of HANDLE FORM.

	?>

	<!-- @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ -->
	<!-- HTML PAYMENT FORM -->
	<form id="payment" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">


	</form>
</body>
</html>

In fairness, this actually isn't the entire page - it is just the HTML Form and PHP Handling Script...

The entire page will also have a Header and Footer, and is why I am asking for help.

As my code works no, after the form is submitted, the user sees a white screen with only a Response Message.

How can I redirect the user to another page which has my website's Header and Footer and a more personalized message??

(I could technically echo a boat-load of HTML in the IF-THEN-ELSE after the form is submitted, but that seems excessive. So a page re-direct seems to make more sense...)

Thanks,

Debbie

meltingpoint · April 27, 2011

Instead of having the page that has the form on it process the form (i.e. php_self)- have a 2nd page with your header/footer/menu etc. and in the body of that page- have your form processed complete with error messages or a "Thank for your form submission" if they enter all correctly.

doubledee · April 27, 2011

Instead of having the page that has the form on it process the form (i.e. php_self)- have a 2nd page with your header/footer/menu etc. and in the body of that page- have your form processed complete with error messages or a "Thank for your form submission" if they enter all correctly.

No can do. That would require complete PCI compliance on my webserver which I can't offer.

I stand by my post and think its the best way.

Good suggestion, though.

Debbie

Fadion · April 27, 2011

That would require complete PCI compliance on my webserver which I can't offer.

I may not be getting the point, but what has PCI Compliance to do with a form action?

You may just use header("Location: page.html"). It would need output buffering in your current code, or: validating the form before any output or using the deprecated meta refresh.

doubledee · April 27, 2011

That would require complete PCI compliance on my webserver which I can't offer.

I may not be getting the point, but what has PCI Compliance to do with a form action?

Passing Credit Card and PII data fromone form to another has *everything* to do with PCI Compliance!!

You may just use header("Location: page.html").

So I just put that anywhere inside my form code when I want to switch to a "results.php" page?

It would need output buffering in your current code,

Where does that go?

Can you give me a little more of a hint on the code?

or: validating the form before any output or using the deprecated meta refresh.[/quote]

You lost me on this last part...

Thanks,


Debbie

Fadion · April 27, 2011

Apart from a general knowledge of what PCI is, I have no idea what standarts should be used, so bear with me in that question. Anyway, having a secure connection (SSL), shouldn't bring up any issues whatsoever. Not my department, so I'm not discussing

header() is a function that sends specific headers (hence it's name) to the browser. These headers are sent once before the page has been loaded and can't be sent after any HTML has been outputted. To bypass this problem, there is output buffering. You basically prevent those header to be sent by default, store them, do whatever you have to do and finally send them. Output buffering is started by ob_start() at the start of your script and ob_end_flush() at the end of it. However, output buffering isn't the best programming practice ever and should generally be avoided.

You have 2 options appart from output buffering (I've used those 2 words 1.000 times in this post): 1) validate the form before sending any output to the browser or 2) use meta refresh (deprecated tag).

1) The recommended way - Validate the form in the top of your page.

<?php
if (isset($_POST['submitted'])) {
     $errors = array();
     //other code..
     
     //the validation was successful
     if (count($errors) = 0) {
          header('Location: thankyou.html');
     }
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<!-- everything else continues here -->

2) Meta Refresh is a deprecated tag and is not recommended. It's functionality may be not supported in the future. Also it will let part of the page load before the redirect. You could place the following code anywhere you want the redirect to start (after the form has been validated correctly, obviously).

<?php
/*
** It's an HTML tag which I printed using PHP. The "0" part is the number of seconds you want to delay the redirect.
*/
echo '<meta http-equiv="refresh" content="0;url=thankyou.html" />';
exit();
?>

doubledee · April 27, 2011

*Reading your response now*

Apart from a general knowledge of what PCI is, I have no idea what standarts should be used, so bear with me in that question. Anyway, having a secure connection (SSL), shouldn't bring up any issues whatsoever. Not my department, so I'm not discussing

The short answer goes like this...

With my current set-up, your credit card info is not stored anywhere and goes over SSL directly to Authorize.net. Therefore I am not required to have a PCI-Compliant website/webserver per my Payment Gateway and Payment Processor.

Web pages are stateless. (Trust me, I know! I wasted 8 hours learning this the hard way yesterday!!)

With the earlier proposal, I'd have to store the Credit Card details in a Cookie, Session, or Database in order to get it from "payment_form.php" to "payment_results.php".

See the problem?!

The minute I do that, I have exponentially more responsibility and requirements. (I'm not going down that path anytime soon!)

However, if I capture a "Pass/Fail" message in my original Payment Form, and then store that in a Session, and you help me redirect to "results.php", then...

- I get to use my website template

- No PII or CC Info is passed/stored

- It is okay to pass/store/retrieve the string "Pass/Fail"

And I have a better solution than what I've got now.

Debbie

doubledee · April 27, 2011

header() is a function that sends specific headers (hence it's name) to the browser. These headers are sent once before the page has been loaded and can't be sent after any HTML has been outputted. To bypass this problem, there is output buffering. You basically prevent those header to be sent by default, store them, do whatever you have to do and finally send them. Output buffering is started by ob_start() at the start of your script and ob_end_flush() at the end of it. However, output buffering isn't the best programming practice ever and should generally be avoided.

You have 2 options appart from output buffering (I've used those 2 words 1.000 times in this post): 1) validate the form before sending any output to the browser or 2) use meta refresh (deprecated tag).

1) The recommended way - Validate the form in the top of your page.
<?php
if (isset($_POST['submitted'])) {
     $errors = array();
     //other code..
     
     //the validation was successful
     if (count($errors) = 0) {
          header('Location: thankyou.html');
     }
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>

But that won't work because my HTML needs to be both a form and a pass/fail message.

Like I said, I don't want to muck with wrapping HTML in echo statements as that's just ugly.

It is easier to redirect to another page and pass a "Pass/Fail" string in a Session and then use a standalone page for that.

What you said above sounded good until you came down on output buffering... :shrug:

Debbie

Sign In

Option for Redirect

Recommended Posts

doubledee

Link to comment

Share on other sites

meltingpoint

Link to comment

Share on other sites

doubledee

Link to comment

Share on other sites

Fadion

Link to comment

Share on other sites

doubledee

Link to comment

Share on other sites

Fadion

Link to comment

Share on other sites

doubledee

Link to comment

Share on other sites

doubledee

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information