0

I have used PayFast (South-African) Payment Gateway for multiple projects and never had this problem.

Using Yii2 Advanced without pretty URL's.

It is hosted on a sub-domain.

I created a form manually:

<form action="<?php echo $payfastUrl; ?>" method="post" name="payFastForm" id="payFastForm">
<input type="hidden" name="merchant_id" value="<?php echo $payfastMerchantId; ?>">
<input type="hidden" name="merchant_key" value="<?php echo $payfastMerchantKey; ?>">
<input type="hidden" name="return_url" value="<?php echo $payfastReturnUrl; ?>">
<input type="hidden" name="cancel_url" value="<?php echo $payfastCancelUrl; ?>">
<input type="hidden" name="notify_url" value="<?php echo $payfastNotifyUrl; ?>">
<input type="hidden" name="name_first" value="<?php echo $payfastNameFirst; ?>">
<input type="hidden" name="name_last" value="<?php echo $payfastNameLast; ?>">
<input type="hidden" name="email_address" value="<?php echo $payfastEmailAddress; ?>">
<input type="hidden" name="m_payment_id" value="<?php echo $payfastMPaymentId; ?>">
<input type="hidden" name="amount" value="<?php echo $payfastAmount; ?>">
<input type="hidden" name="item_name" value="<?php echo $payfastItemName; ?>">
<input type="hidden" name="custom_str1" value="<?php echo $custom_str1; ?>">
<input type="hidden" name="signature" value="<?php echo $payfastSignature; ?>">
</form>

custom_str1 holds my Csfr Token. (This was an attempt to fix my issue). I unfortunately cannot give it another name, custom_str1 it specified by the PayFast docs.

The three URL's look like this:

$return_url = 'http://mysub.mydomain.com/index.php?r=payment%2Freturn-payfast';//URL after success.
$cancel_url = 'http://mysub.mydomain.com/index.php?r=payment%2Fcancel-payfast';//URL after cancel.
$notify_url = 'http://mysub.mydomain.com/index.php?r=payment%2Fnotify-payfast';//URL called from PayFast system and POSTING data for me to process the payment on my domain.

The NotifyPayment Controller:

public function actionNotifyPayfast():void
{
    $custom_str1 = Yii::$app->getRequest()->getCsrfToken(true); //Attempt to fix my issue
    $mPaymentId = \Yii::$app->request->post('m_payment_id');
    $pfPaymentId = \Yii::$app->request->post('pf_payment_id');
    $paymentStatus = \Yii::$app->request->post('payment_status');

    $payment = Payment::findOne(['payment_reference' => $mPaymentId]);

    if($paymentStatus == 'COMPLETE') {
        $payment->payment_complete = 1;
        $payment->save();
    }
    else if($paymentStatus == 'CANCELLED') {
        $payment->payment_complete = 0;
        $payment->save();
    }
}

The POST received from PayFast:

$_POST = [
'm_payment_id' => '12345'
'pf_payment_id' => '12121212'
'payment_status' => 'COMPLETE'
'item_name' => 'My Item'
'item_description' => ''
'amount_gross' => '2500.00'
'amount_fee' => '-57.50'
'amount_net' => '2442.50'
'custom_str1' => 'FKoKcRaHH9tk0AKS8nH2hbFJxVsIicYaE8D2Ee4BV_sm42kwfPYtijO9QMKGRprQ936rDkbWsCplmMRTh0UEqA=='
'custom_str2' => ''
'custom_str3' => ''
'custom_str4' => ''
'custom_str5' => ''
'custom_int1' => ''
'custom_int2' => ''
'custom_int3' => ''
'custom_int4' => ''
'custom_int5' => ''
'name_first' => 'dfv'
'name_last' => 'dfv'
'email_address' => 'myemail@gmail.com'
'merchant_id' => '12345678'
'signature' => '4fb928d9a1888a75ae1034a0e4e56fe4']

And finally the Error:

    2023-04-19 11:14:40 [144.126.193.139][-][-][error][yii\web\HttpException:400] yii\web\BadRequestHttpException: Unable to verify your data submission. in /homepages/45/d952848623/htdocs/mysub/vendor/yiisoft/yii2/web/Controller.php:224
Stack trace:
#0 /homepages/45/d952848623/htdocs/mysub/vendor/yiisoft/yii2/base/Controller.php(176): yii\web\Controller->beforeAction()
#1 /homepages/45/d952848623/htdocs/mysub/vendor/yiisoft/yii2/base/Module.php(552): yii\base\Controller->runAction()
#2 /homepages/45/d952848623/htdocs/mysub/vendor/yiisoft/yii2/web/Application.php(103): yii\base\Module->runAction()
#3 /homepages/45/d952848623/htdocs/mysub/vendor/yiisoft/yii2/base/Application.php(387): yii\web\Application->handleRequest()
#4 /homepages/45/d952848623/htdocs/mysub/index.php(18): yii\base\Application->run()
#5 {main}
2023-04-19 11:14:40 [144.126.193.139][-][-][info][application] $_GET = [
    'r' => 'payment/notify-payfast'
]
Quentinb
  • 476
  • 1
  • 9
  • 30
  • I found this post: https://stackoverflow.com/questions/31505732/http-post-to-yii2 By adding the following line to my NotifyPayment Controller it solved the problem, I am just not sure if it's correct or not? public $enableCsrfValidation = false; – Quentinb Apr 19 '23 at 10:33

0 Answers0