In the automatic return of the pagseguro I can not save the information in the bank

0

I wonder if something is wrong:

if(isset($_POST['notificationType']) && $_POST['notificationType'] == 'transaction'){
//Todo resto do código iremos inserir aqui.

$email = 'douglas@...';
$token = '95112...';

$url = 'https://ws.pagseguro.uol.com.br/v2/transactions/notifications/' . $_POST['notificationCode'] . '?email=' . $email . '&token=' . $token;

$curl = curl_init($url);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$transaction= curl_exec($curl);
curl_close($curl);

if($transaction == 'Unauthorized'){
    //Insira seu código avisando que o sistema está com problemas, sugiro enviar um e-mail avisando para alguém fazer a manutenção
    $resultado = "Não autorizado!";
    exit;//Mantenha essa linha
}
$transaction = simplexml_load_string($transaction);

$transactionStatus = $transaction->status;  
if($transactionStatus > 0) {


    $TransacaoID = $transaction->code;
    $Referencia = $transaction->reference;        
    $mpresult = $transaction->paymentMethod->type;
    if($mpresult == 1){ 
        $MetodoPagamento = "Cartão de crédito";
    } elseif($mpresult == 2){ 
        $MetodoPagamento = "Boleto";
    } elseif($mpresult == 3){ 
        $MetodoPagamento = "Débito online (TEF)"; 
    } else { 
        $MetodoPagamento = "Outro"; 
    }
    $DataTransacao = date('d/m/Y', strtotime($transaction->date));
    if($transactionStatus == 1){
        $transactionStatus = 'Aguardando pagamento';
    } elseif($transactionStatus == 2){
        $transactionStatus = 'Em análise';
    } elseif($transactionStatus == 3){ // :)
        $transactionStatus = 'Paga';
    } elseif($transactionStatus == 4){ // :D
        $transactionStatus = 'Disponível';
    } elseif($transactionStatus == 5){
        $transactionStatus = 'Em disputa';
    } elseif($transactionStatus == 6){
        $transactionStatus = 'Devolvida';
    } elseif($transactionStatus == 7){
        $transactionStatus = 'Cancelada';
    }   
    $CliNome = $transaction->sender->name;


    $sql = mysql_query("INSERT INTO pedidos (TransacaoID,Referencia,MetodoPagamento,StatusTransacao,CliNome) VALUES ('".$TransacaoID."', '".$Referencia."', '".$MetodoPagamento."', '".$transactionStatus."', '".$CliNome."')");

} } else {
echo "Transação concluida com sucesso!"; }
    
asked by anonymous 01.03.2016 / 23:15

1 answer

4

You need to make a pay-as-you-go query with the transaction code to save the information to the bank. The problem is that you were using a notification URL . So I took the first condition that checked if it was a notification and changed the URL.

See how the code went:

header("access-control-allow-origin: https://sandbox.pagseguro.uol.com.br");

$email = 'douglas...';
$token = '4360...';

$codigotransicao = $_GET['pagamento'];
$url = 'https://ws.sandbox.pagseguro.uol.com.br/v2/transactions/'. $codigotransicao .'?email=' .$email. '&token=' .$token;

// Errado $url = 'https://ws.sandbox.pagseguro.uol.com.br/v2/transactions/notifications/' . $_POST['notificationCode'] . '?email=' . $email . '&token=' . $token;

$curl = curl_init($url);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$transaction= curl_exec($curl);
curl_close($curl);

if($transaction == 'Unauthorized'){
    //Insira seu código avisando que o sistema está com problemas, sugiro enviar um e-mail avisando para alguém fazer a manutenção
    $name = 'log.txt';
    $text = " A transação não foi validada!" . "\r\n";
    $file = fopen($name, 'a+');
    fwrite($file, $text);
    fclose($file);
    exit;//Mantenha essa linha
}
$transaction = simplexml_load_string($transaction);

if($transaction->code > 0) {
$TransacaoID = $transaction->code;
$CompradorID = $transaction->reference;        
    $mpresult = $transaction->paymentMethod->type;
    if($mpresult == 1){ 
        $MetodoPagamento = "Cartão de crédito";
    } elseif($mpresult == 2){ 
        $MetodoPagamento = "Boleto";
    } elseif($mpresult == 3){ 
        $MetodoPagamento = "Débito online (TEF)"; 
    } else { 
        $MetodoPagamento = "Outro"; 
    }
    $nParcelas = $transaction->installmentCount;
    $TaxaPacelas = $transaction->installmentFeeAmount;
    $DataTransacao = date('d/m/Y', strtotime($transaction->date));
    if($transaction->status == 1){
        $transactionStatus = 'Aguardando pagamento';
    } elseif($transaction->status == 2){
        $transactionStatus = 'Em análise';
    } elseif($transaction->status == 3){ // :)
        $transactionStatus = 'Paga';
    } elseif($transaction->status == 4){ // :D
        $transactionStatus = 'Disponível';
    } elseif($transaction->status == 5){
        $transactionStatus = 'Em disputa';
    } elseif($transaction->status == 6){
        $transactionStatus = 'Devolvida';
    } elseif($transaction->status == 7){
        $transactionStatus = 'Cancelada';
    }   
    $CliNome = $transaction->sender->name;

    $sql = mysql_query("INSERT INTO pedidos (TransacaoID,CompradorID,MetodoPagamento,nParcelas,TaxaParcelas,StatusTransacao,CliNome) VALUES ('".$TransacaoID."', '".$CompradorID."', '".$MetodoPagamento."', '".$nParcelas."', '".$TaxaParcelas."', '".$transactionStatus."', '".$CliNome."')") or die(mysql_error());

}
    
03.03.2016 / 16:16
___ ___ erkimt Get database data ______ qstntxt ___

Well it's the following I have the following code:

%pre%

Supposedly, I want to get the login data, where login is equal to $ login variable, and then display the login password, however the following errors appear:

  

Warning: mysqli_query () expects at least 2 parameters, 1 given in   C: \ Program Files \ VertrigoServ \ www \ adm \ logar.php on line 9

     

Warning: mysql_fetch_array () expects parameter 1 to be resource, null   given in C: \ Program Files \ VertrigoServ \ www \ adm \ logar.php on line 10

What's wrong?

Thank you.

    
______ azszpr115525 ___

The %code% function in procedural mode waits for a parameter variable to create a connection with the bank and the one with the query itself, you are just passing the query.

Try this:

%pre%

However, the query would be very vulnerable in this way, you could parameterize this query, like this:

%pre%

This narrows the vulnerability a bit, but does not mean that the code is safe with just that.

    
______ azszpr115524 ___

It is necessary to pass the connection parameters when using the mysqli_query functions, and as the comrade said, try not to mix the two libraries.

More about mysqli: link

    
___ Help with SubQuery in SQL?