session, curl and credit card processing

alexei999

Hi there,

what i'm trying to do here is a credit card transaction with logging the user in after transaction has been approved.

Transaction works fine, but what I want to happen next is to set a session variable and redirect a user to clients home page.

but I believe curl sends headers and as a result, i can't set session variables or it gets another Session_Id() from server.

is there any way around it ? may be completely different steps of what i have

I have three pages to process transaction:
1) register.php - Registration form. Posts to register.php, validates all required info and inserts user details into a temporary table than using curl post to process.php
2) process.php takes required info from temp table, adds more merchant account details and posts a transaction request on a secure server.
3) processfinal.php - if transaction was successful - secure server posts back on this page - here I add user to a users table and need to set a session variable $HTTP_SESSION_VARS["userid"] = last inserted id.

azkworld

What payment processor are you using and which curl version (lib or external)?

curl shouldn't send headers.

alexei999

my payment processor is iTransact
curl - lib - probably latest version ..

but yes it does send headers 🙁
i just tried it using

headers_sent()

i made

echo "sent=".headers_sent();

curl call thing ..

and in the script it calls at the very top repeated the same thing:
echo "sent=".headers_sent();

as a result it displays first one is empty, second is equals to 1 ..

azkworld

Perhaps I'm missing something, but after the first echo(), naturally the headers are sent. That is, the first echo pushes the headers out in front of it, so they would be sent by the time code gets to second echo()

alexei999

oops, you are absolutely right. it doesn't send any headers 🙁

so why doesn't it set the session variable then ?

tihs is the code i'm using.
session_start() is in the include file on the very top

and then after validation i do this:
$userid= "22";
session_register("userid");

than on the next page i call $HTTP_SESSION_VARS["userid"]

i mean sessions work on my site, i have a login form using sessions and also the users that just registered can sign in .. but i don't want them to make this extra step .. 🙁

azkworld

I'm not 100% sure, but:
1. $userid= "22";
session_register("userid");
put session_register BEFORE assigning the value like this:
session_register("userid");
$userid= "22";

as a matter of fact, register all the session vars at the very top of each page anyway.

This is not technically wrong, just a pointer:
you don't have to do $HTTP_SESSION_VARS["userid"];
you can simply do $userid once it's registered.

alexei999

may be i have to pass PHPSESSID ? or something else ?

this is how i call curl:

$cookieVars="Language=".$HTTP_COOKIE_VARS["Language"];
$vars="shite required for a transaction separated by &";
$URL="www.domain.com/processing.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://$URL");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_COOKIE, $cookieVars);
curl_setopt($ch, CURLOPT_WRITEHEADER, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, 0);
curl_setopt($ch, CURLOPT_POSTFIELDS, $vars);
curl_exec ($ch);
curl_close ($ch);

an i missing something here ?

azkworld

Am I nuts or are you CURLing your OWN (another) page?
And this other page of yours is supposed to set a session variable (while being curled), and once the curler script finishes executing the curl, you want the curler to have access to that session variable?

If yes, I not only know what the problem is, but can also tell you right now that there is no solution to that.

Confirm above, I will explain.

alexei999

i'm setting session on the first page.. after session has been set i call curl .. yes my own page.. the reason for that is that i have four different forms for different purposes and they all ment for the credit card transactions.
so what happens is:

from the form i post into a .php file
in that php file i validate the form and set session vairable
after session has been set i curl the processor file (on my server yes)
and from processor I add more variables and call the transaction server processor

but what was that you were talking about? that you know why it cannot be done ? could you please tell me ?

alexei999

it appears that session vars do not exist in the script i curl post.
but they do exist in the script i call it from 🙁 🙁 🙁

azkworld

Ok.
The issue is that a session is a unique "conversation" between the web server and the client.
When first script gets loaded into browser, a session is created, and assigned a name, for example "xxx".
When the second script gets "curled", it is being curled by the web server. (Since those are both yur scripts, the client and server in that "conversation" are one and the same, but this is just a side note, irrelevant to the process).
So your webserver's client is your browser for script1, but it is the webserver itself for script2. Because of that, another session is created and called "yyy".
The script3 is once again going to the browser, and therefore uses session "xxx" as well.
So when first script and third script are working with variable "aaa", they are working with the following object stored on the server:
allsessions["xxx"]["aaa"]
but when the second script gets executed, it is working with
allsessions["yyy"]["aaa"]

a little closer to the technical implementation:
if your browser's IP address (well, machine it's on) is 100.100.100.100, and your webserver's is 200.200.200.200, then
when scripts 1 or 3 do
$aaa = 3; it is equivalent (not php equivalent, but rather actual storage) to
servers[serverinstance]->allsessions["100.100.100.100"]["aaa"] = 3;
but for script 2 it is
servers[serverinstance]->allsessions["200.200.200.200"]["aaa"] = 3;

So either a) have script 2 write stuff to db or b) have script 2 return value (such as trans id), or c) do NOT curl your own pages -- there are other easier and faster-executing ways to achieve what you need.