System with friendly URL get return in query string

-1

I have a problem with the PayPal return url, my system has the concept of friendly URL for example:

http://outros.local/vendas/carrinhos/finalizada

But with PayPal's return the URL is getting like this:

http://outros.local/vendas/carrinhos/finalizada?token=myToken&PayerID=myID

So I can not get the attributes token and PayerID , my .htacess looks like this:

DirectoryIndex index.php

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*?)$ index.php?url=$1
</IfModule>

I also have a file called dispenser.php , its function is to get the url parameter and transform it into controller , method and params :

<?php
/**
 * Created by PhpStorm.
 * User: Leonardo Vilarinho
 * Date: 09/07/2016
 * Time: 22:05
 */

/**
 * Resgata parametros da URL, separa controller de method, verificando também se o link
 * representa um alias, se representar pega o controlador e metodo do alias, se não pega
 * o padrao do link (site.com/controlador/metodo/parametros). Por fim resgata os demais parametros
 * colocando-o em array para serem usados no controlador.
 *
 * Exemplo:
 * URL -> site.com/pessoas/editar/51
 * Resultado do script será:
 *      $_GET['controller'] = 'pessoas'
 *      $_GET['method'] = 'editar'
 *      $_GET['params'] = array(0 => 51)
 *
 */
var_dump($_GET);
$url = isset($_GET['url']) ? $_GET['url'] : '';
unset($_GET['url']);

if(!empty($url))
{
    $params = explode('/', $url);
    $_GET['controller'] = isset($params[0]) ? $params[0] : '';
    $alias = Alias::check($_GET['controller']);
    if($alias != false)
    {
        $_GET['controller'] = explode('/', $alias)[0];
        $_GET['method'] =  explode('/', $alias)[1];
    }
    else
    {
        $_GET['method'] = isset($params[1]) ? $params[1] : '';
        unset($params[1]);
    }

    unset($params[0]);
    $get = array();
    foreach ($params as $value)
        array_push($get, $value);
    $_GET['params'] = $get;
}

The error already appears in var_dump , which is displayed:

/home/leonardo/www/outros/vendas/kernel/dispenser.php:23:
array (size=1)
  'url' => string 'carrinhos/finalizada' (length=20)

I noticed that the problem is the question mark in the return url (?), it would look like this:

http://outros.local/vendas?url=carrinhos/finalizada?token=myToken&PayerID=myID

Soon I would just get the first parameter.

How do I get the rest of the URL?

It worked like this (because in this case Paypal returns with & and not?):

http://outros.local/vendas?controller=carrinhos&method=finalizada&token=myToken&PayerID=myID

But my system would be exposed and with this url different from the others .. Another one that worked out was:

http://outros.local/vendas/carrinhos/finalizada&token=myToken&PayerID=myID

But when I put PayPal's return link as http://outros.local/vendas/carrinhos/finalizada it does not work because the PayPal system returns the query string starting with '?'.

How can I resolve this problem?

    
asked by anonymous 24.08.2016 / 01:17

2 answers

0

A simple way to solve is to just make a small change to the return URL

Your URL looks like this:

http://outros.local/vendas/carrinhos/finalizada

Just do this:

http://outros.local/vendas/carrinhos/finalizada/?paypal

When you return from Paypal you will receive something like

http://outros.local/vendas/carrinhos/finalizada/?paypal&token=myToken&PayerID=myID

Of course, this depends on how your system treats the URL.

But basically you can only read the global $_GET .

Normally process your URL in this friendly URL format, and the model for that page would do something like this:

if (isset($_GET['token'])) {
    // tchanranran
}

Does friendly URL provide security?

I noticed your concern about this stretch

  

But my system would be exposed and with this url different from the others ..   Another one that worked out was:

Whether or not the user sees parameter names in a URL does not change security at all. So if you can more easily resolve without friendly URLs, make it simpler rather than complicated.

Optional

You can also request that the return be done by the POST method

The parameter name is "rm". Set to 2 to receive this data by the POST method.

Return method. The METHOD FORM used to send data to the URL specified by the return variable. Allowable values are:

  

0 - all shopping cart payments use the GET method   

1 - the buyer's   browser is redirected to the return URL by using the GET method, but   no payment variables are included   

2 - the buyer's browser is   redirect to the return URL by using the POST method, and all payment   variables are included

link

I vaguely remembered something I posted about friendly URL and parameter extraction so I found this, which coincidentally was a question from you: #

    
24.08.2016 / 05:51
0

Hello, try adding this to the end of your rule:

RewriteRule ^ (. *?) $ index.php? url = $ 1 [QSA, NC, L]

    
13.04.2017 / 21:02