-1

we are currently developing a payment proxy, so our clients can implement our payment system in their shop and we handle all the interfaces to paypal and other payment options, e.g the users selects paypal as payment options and clicks on the link in the clients shop, the shop sends the cart to our proxy and then gets redirected to paypal. so user clicks "buy with paypal" -> proxy -> paypal he pays and the confirmation goes paypal -> proxy -> client web shop,

the problem is, the user should not notice the proxy, he should get directly redirectet to paypal, how can we do this (redirect with posts)? paypal needs posts so we cant use php's header functions as they don't support posts, and we cant use fsock because paypal would then be open on our proxy....

joschua011
  • 4,157
  • 4
  • 20
  • 25

3 Answers3

1

You can make AJAX query to your proxy, proxy returns parameters for Paypal, then JavaScript will build new form that submits to Paypal with parameters received from proxy and will submit this automatically.

Alex Amiryan
  • 1,374
  • 1
  • 18
  • 30
1

Use a 307 redirect header:

header("HTTP/1.1 307 Temporary Redirect",true,307);
header("Location: .....");

When the browser receives a 307 status code in response to a POST request, it should immediately retry the same request with the given URL. The user will probably never see the proxy involved, unless they view the link's target in the DOM or similar action.

Niet the Dark Absol
  • 320,036
  • 81
  • 464
  • 592
  • interesting...but the posts for paypal get created on the proxy, as the posts from the webshop are our own posts we use for every other payment option too.... – joschua011 Mar 25 '12 at 12:31
  • well, fox and opera at least warned me (but quite vaguely and user may take this waring as a part of the payment process) but chrome and ie let it pass. what a gift for the carders – Your Common Sense Mar 25 '12 at 12:39
  • 1
    @joschua011: Ah, well in that case it's a little bit more complicated. You'll need to use JavaScript to create an iframe on the shop page, which posts to the proxy. The proxy then returns the post data that needs sending to PayPal, and the JS on the shop can then create that new form and send it. This is similar to Alex Amiryan's suggestion, except that it gets around the cross-domain issue. – Niet the Dark Absol Mar 25 '12 at 13:26
0

The situation when "user should not notice the proxy" is called phishing and this "payment system" won't survive even a day as it gets banned by Paypal for sure.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
  • phishing is when you want to get the users login data, but we dont get them because the user logs in on paypal's site, we only get the confirmation – joschua011 Mar 25 '12 at 12:34