I have a stripe checkout error in my symfony project. Here is my view that uses checkout by default :
<form action="" method="POST">
<script
src="https://checkout.stripe.com/checkout.js" class="stripe-button"
data-key="pk_test_C9N5xzeBHyGplmZwpsbyciS6"
data-amount="9999"
data-name="Demo Site"
data-description="Widget"
data-image="https://stripe.com/img/documentation/checkout/marketplace.png"
data-locale="auto"
data-zip-code="true"
data-currency="eur">
</script>
</form>
The method of my controller:
public function paiementAction(Request $request)
{
\Stripe\Stripe::setApiKey("sk_test_5W9Z1CdBKN2G46sTa2O5KI3T");
$token = $_POST['stripeToken'];
try {
$charge = \Stripe\Charge::create(array(
"amount" => 1000, // Amount in cents
"currency" => "eur",
"source" => $token,
"description" => "Example charge"
));
return $this->redirectToRoute("chk38_platform_confirmation");
} catch (\Stripe\Error\Card $e) {
// The card has been declined
return $this->redirectToRoute("chk38_platform_commande");
}
}`
Error Symfony
Thank you for your help
This issue of $_POST['stripeToken'] not being populated generally occurs when your code isn't creating a Token object via Stripe Checkout prior to running this bit of code.
I would suggest that you check your Stripe account's API logs (https://dashboard.stripe.com/test/logs/overview) and ensure that you are in fact correctly creating a Token object via Stripe Checkout prior to calling this create Charge snippet.
You may also want to read through their Checkout PHP tutorial (https://stripe.com/docs/checkout/php), to get a better understanding of how all of the pieces fit together. If you still have issues after all that, you may want to write in to their support staff via https://support.stripe.com/email since you probably don't want to discuss private account specific things in public.
This is a quick finding I just experienced. If you're using the default <form action="/directory" method="POST"> ... </form> from this stripe example page with your own endpoint make sure to specify down to the index.php file inside the directory folder.
I was getting an odd error where the token was being created but I would get directed to the PHP endpoint and it wasn't a POST event. I had an index.php file in /directory/ and I had to write the complete path not just up to /directory eg. /directory/index.php. Then it worked as expected.
I want to confirm and extend what subalublub said, in that the endpoint can simply be "/charge/" without having to use index.php there.
I ran into this issue and just using "/charge" was not passing in the $_POST values, but when changing to "/charge/" the index.php file inside that folder worked correctly.
Hope this helps someone.
Related
web API build with wordpress is showing error of
<script>document.cookie = "humans_21909=1"; document.location.reload(true)</script>
it works sometime on some network and sometime not working
I got same response for an API ending with api/register , then i change the name /register to /new_registerthen issue solved,
I think register in url is the reason for this error
First of all, clone the website using the All In One WP Migration to your local development machine. Then, check the REST API, if the same error persists. It means you have some error in your code. In my case, the REST API works perfectly fine in my local machine but shows the same HTTP 409 conflict. I contacted with the Bluehost support. They told me they have some mod_security issues. After 2 3 days, they fixed it. It worked fine after that.
I ran into the same Problem and below are the two json api have issues which are using Json API User Plugin.
http://example.com/api/get_nonce/?json=get_nonce&controller=user&method=register
http://example.com/api/user/register/?username=eww_test&email=john#domain.com&display_name=John¬ify=both&seconds=100&insecure=cool
Then i move whole site to localhost and check APIs and they were working fine so i contacted host in my case hostgator.
They suggested to disable mod_security for that domain which was subdomain in my case.
And The issue has been resolved.
Tested and worked well
I am facing same issue while loading image. My image name is contact-desktop.png and contact-display-mob.png
My cpanel hosting provider block name which contain words like contact or register.
So I renamed that file and it is working perfectly.
At times this error occurs when you name you folder or files a reserved or blocked name.
In my case I named a folder contact, turns out the name was blocked from being used as folder names.
When testing my script on postman, I was getting this error:
<script>
document.cookie = "humans_21909=1"; document.location.reload(true)
</script>
I changed the folder name from contact to contacts and it worked. The error was gone.
I had the same issue, I was hosting on bigrock.in.
In my case, the issue that my hosting provider said was the user's IP was blacklisted.
You can do a blacklist IP check from here https://mxtoolbox.com
I ran into the same issue as mentioned above. In my situation I was hosting a website on bluehost, which used contact.php to send an e-mail according to the contact-form on the website.
My contact form looked like this:
<div class="col-md-7 contact-form wow animated fadeInLeft">
<form id="contact-form" role="form" onsubmit="formSubmit(event)">
<div class="input-field">
<input id="name" type="text" required name="name" class="form-control" placeholder="Your Name...">
</div>
<div class="input-field">
<input id="email" type="email" required name="email" class="form-control" placeholder="Your Email...">
</div>
<div class="input-field">
<input type="text" name="subject" class="form-control" placeholder="Subject...">
</div>
<div class="input-field">
<textarea id="message" name="message" class="form-control" placeholder="Messages..."></textarea>
</div>
<button type="submit" id="submit" class="btn btn-blue btn-effect">Send</button>
</form>
<div id="form-success-message" class="form-success-message alert alert-success alert-dismissible" role="alert">
<h4 class="alert-heading">Thank you for contacting us!</h4>
<hr>
<p></p>
<strong>The form was submitted successfully.</strong>
<br>In a few minutes you will receive an e-mail confirming that your question was sent successfully.
<br>Our team will contact you soon!
<br>
<br>In case the confirmation e-mail would not arrive within the next hours, verify that the email is not in your SPAM folder, or please contact us directly (****#******.tech).
<button onclick="document.getElementById('form-success-message').style.display = 'none';" type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close form submitted message"></button>
</div>
<div id="form-no-success-message" class="form-no-success-message alert alert-danger alert-dismissible" role="alert">
<h4 class="alert-heading">Oeps, something went wrong</h4>
<hr>
<p></p>
<strong>The form was not submitted.</strong>
<br>Please try again later, or contact us directly via e-mail (******#******.tech) or via WhatsApp.
<button onclick="document.getElementById('form-success-message').style.display = 'none';" type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close form submitted message"></button>
</div>
</div>
The script on my index.html page looked like this:
<script>
// Function responsible for sending the e-mail via the message contact form.
// At the moment the message contact form is submitted, it tries to fetch a php function
// in case the php function is not working, it will return a response from which the ok is false.
// Otherwise, it should return a possitive ok.
// FYI: function does not return a inscanceof error for now.
//
// In case no errors are thrown, the website will display a form success message
// In case the ok response from the php form is negative, a form no success message is displayed.
function formSubmit(event) {
/* Prevent button causing default browser submit */
event.preventDefault();
/* Get form element */
const form = document.getElementById('contact-form');
/* Create form data object from form element which contains post data */
let formData = new FormData(form);
/* Issue "ajax request" to server. Change /post-to-url to the appropriate
url on your server */
fetch('/contact.php', {
body: formData,
method: "post"
})
.then(function(response) {
if(!response.ok){
document.getElementById('form-no-success-message').style.display = 'block';
document.getElementById('contact-form').reset();
}else{
document.getElementById('form-success-message').style.display = 'block';
document.getElementById('contact-form').reset();
}
})
.catch(function(error) {
console.log('Error', error);
});
}
</script>
The file contact.php looked like this:
<?php
if(!isset($_POST['submit']))
{
//This page should not be accessed directly. Need to submit the form.
echo "error; you need to submit the form!";
}
//setting the variables
$name = $_POST['name'];
$visitor_email = $_POST['email'];
$message = $_POST['message'];
//Validate first
if(empty($name)||empty($visitor_email))
{
echo "Name and email are mandatory!";
exit;
}
if(IsInjected($visitor_email))
{
echo "Bad email value!";
exit;
}
//variables for the e-mail to client
$email_from = '***#******.tech';//<== update the email address
$email_subject = "New message via your website contact form";
$email_body = "You have received a new message from the following website visitor (name): $name.\n\nThe visitor used the e-mail address: $visitor_email\n\nThe content of the message is: \n\n $message.";
//variables for the confirmation e-mail to website user
$confirmation_email_subject = "We received your question!";
$confirmation_email_body = "We have received the following message from you via our contact form on our website *****.tech: \n\n Your name: $name.\n\n Your e-mail: $visitor_email\n\n Your message: \n\n $message. \n\nWe will get in contact as soon as possible! If you would not receive an answer in the coming 2 weeks, don't hesitate to contact us via:*****#*****.tech. \n\n This is an automated e-mail. We haven't read your question yet. This is merely a confirmation of the recieval.";
//e-mail of client
$to = "****#*******.tech";//<== update the email address
$headers = "From: $email_from \r\n";
//headers for confirmation
$confirmation_headers = "From: *****#******.tech"; //<== update the email address
//Send the email!
mail($to,$email_subject,$email_body,$headers);
mail($visitor_email,$confirmation_email_subject,$confirmation_email_body,$confirmation_headers);
// Function to validate against any email injection attempts
function IsInjected($str)
{
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
?>
After hosting on bluehost, things worked for 5 minutes. Then I started receiving errors. More specifically, on submitting the form, I received a 409 error, containing:
<script>document.cookie = "humans_21909=1"; document.location.reload(true)</script>
I did some research, and found this page: https://www.geminigeeks.com/bluehost-blocking-contact-form-7-submissions-409-conflict-error/
At the bottom of the page you will read:
This issue still exists. If visitor’s IP is blacklisted, URL with the word “contact” will give 409 error. The plugin author of Contact Form 7 could solve the issue by renaming folders/files and any API calls, from “contact” to “kontact”.
So I changed the PHP file to kontact.php.
And then changed in my script the reference:
<script>
// Function responsible for sending the e-mail via the message contact form.
// At the moment the message contact form is submitted, it tries to fetch a php function
// in case the php function is not working, it will return a response from which the ok is false.
// Otherwise, it should return a possitive ok.
// FYI: function does not return a inscanceof error for now.
//
// In case no errors are thrown, the website will display a form success message
// In case the ok response from the php form is negative, a form no success message is displayed.
function formSubmit(event) {
/* Prevent button causing default browser submit */
event.preventDefault();
/* Get form element */
const form = document.getElementById('contact-form');
/* Create form data object from form element which contains post data */
let formData = new FormData(form);
/* Issue "ajax request" to server. Change /post-to-url to the appropriate
url on your server */
fetch('/kontact.php', { *<===== changes here*
body: formData,
method: "post"
})
.then(function(response) {
if(!response.ok){
document.getElementById('form-no-success-message').style.display = 'block';
document.getElementById('contact-form').reset();
}else{
document.getElementById('form-success-message').style.display = 'block';
document.getElementById('contact-form').reset();
}
})
.catch(function(error) {
console.log('Error', error);
});
}
</script>
After that my contact form started working on bluehost.
I also got the same error, I was getting error code 409 conflicts and an error message :
<script> document.cookie = "humans_21909=1"; document.location.reload(true) </script>
So in my case issue was because my API name is register.php and it was giving an error on mac os, not on windows. So I renamed the API regsiter.php to registerApi.php and it solved the issue.
If you are also using any reserved name for your API name or any method try changing it. Hope it will help.
I already integrated JMSPaymentBundle, with paypal every thing works fine!
When I tried to change with stripe from this link for JMS
and using ruudk/PaymentStripeBundle from github, it's actually the same.
But there is a thing. I'm receiving this error: The source parameter is required
In the issues of the bundle, I found that I must use stripe form
<form action=""
method="POST">
<script
src="https://checkout.stripe.com/checkout.js" class="stripe-button"
data-key="MYPUBLISHEDKEY"
data-amount="999"
data-name="Demo Site"
data-description="Widget"
data-image="https://stripe.com/img/documentation/checkout/marketplace.png"
data-locale="auto">
</script>
</form>
This form generates a Token. What I need to know is :
1- Where to put that published token used by JMSPaymentBundle?
2- What action in the form should I do? Is it the same for paypal?
it's hard to say what's going on here but it seems like https://github.com/ruudk/PaymentStripeBundle/ is lacking some necessary documentation.
From what I can tell it's adding a token hidden field to your forms:
https://github.com/ruudk/PaymentStripeBundle/blob/master/src/Form/CheckoutType.php#L12
However, the Checkout embed code you're using won't save the token to that field. I don't see any additional Javascript embedded in this library, so you'll need to build your own using the custom Stripe Checkout integration:
https://stripe.com/docs/checkout#integration-custom
Something like this should work:
var handler = StripeCheckout.configure({
key: 'pk_test_6pRNASCoBOKtIshFeQd4XMUh',
image: 'https://stripe.com/img/documentation/checkout/marketplace.png',
locale: 'auto',
token: function(token) {
// NOTE: assuming that the field injected by the library has an ID of "token"--you'll have to check your DOM and possibly adjust this
var field = document.getElementById('token');
field.value = token.id;
// TODO: submit form and send to your backend
}
});
document.getElementById('customButton').addEventListener('click', function(e) {
// Open Checkout with further options:
handler.open({
name: 'Stripe.com',
description: '2 widgets',
zipCode: true,
amount: 2000
});
e.preventDefault();
});
// Close Checkout on page navigation:
window.addEventListener('popstate', function() {
handler.close();
});
When I log in to my app, and immediately go back when I enter it, and then try to log out, I get the error from the title, how can I fix that?
I was facing same issue with laravel 5.4 .. and then following command works for me :)
chmod 777 storage/framework/sessions/
before this, it was chmod 775 storage/framework/sessions/ ... hence I was facing the issue...
Happy coding
I solved this problem by editing the file config->session.php
'domain' => env('SESSION_DOMAIN', null),
and removing SESSION_DOMAIN from the file (.env)
and finally composer dumpautoload
From Laravel 5.3 docs
The Auth::routes method now registers a POST route for /logout instead of a GET route. This prevents other web applications from logging your users out of your application. To upgrade, you should either convert your logout requests to use the POST verb or register your own GET route for the /logout URI:
Option One:
Route::get('/logout', 'Auth\LoginController#logout');
For more about upgrade please have a look at this https://laravel.com/docs/5.3/upgrade
Option 2
//Insert this on your head section
<!-- CSRF Token -->
<meta name="csrf-token" content="{{ csrf_token() }}">
<!-- Scripts -->
<script>
window.Laravel = <?php echo json_encode([
'csrfToken' => csrf_token(),
]); ?>
</script>
Where you want you logout
<ul class="dropdown-menu" role="menu">
<li>
<a href="{{ url('/logout') }}" onclick="event.preventDefault();
document.getElementById('logout-form').submit();"> Logout
</a>
<form id="logout-form" action="{{ url('/logout') }}" method="POST" style="display: none;">
{{ csrf_field() }}
</form>
</li>
</ul>
Cheers
I faced this issue because I set 'secure' => env('SESSION_SECURE_COOKIE', false), to true for my localhost. The value is in the project-folder/config/session.php file. Since my localhost wasn't https that's why I was facing the issue. After making it false for my localhost the issue disappeared.
I have added SESSION_DOMAIN=localhost in my .env file when my APP_URL is APP_URL=http://localhost. It works for me I use laravel 5.3
Actually i have the same issue in Laravel 5.4, when I upload a file using a form, I sent the token and the file uploads correctly. The issue appears when I upload a file that exceeds the max filesize upload. So, just add an exception in the VerifyCsrfToken.php for the route and the message disapears, but the file doesn't get upload.
use Closure;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier {
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
protected $except = [
'anexoSesion',
];
public function handle($request, Closure $next)
{
return parent::handle($request, $next);
}
}
I had the same problem.
I run Laravel / PHP on a Windows machine with IIS. If you do as well, please make sure, the user IUSR have modify rights on the project directories.
After permitting the user, the error was gone.
This issue will generally occur due to permissions. As Manish noted you can chmod 777 on your sessions folder, however, I would not recommend this ever. First check if you have the same issue with the app using artisan serve (as opposed to serving your app via Nginx or Apache). If you don't then it is a permissions issue and you can change the ownership of the folder accordingly. Most likely it is the www-data user that needs permissions to write to the folder, however, you will want to check your environment to make sure as the user will differ in some cases.
To solve this add those two lines in the route file (e.g web.php)
Route::get('/', 'HomeController#index');// so when you logged out it go back
Route::get('/home', 'HomeController#index');
This solved the problem for me. Hope that help.
Illuminate\Foundation\Http\Middleware\VerifyCsrfToken.php
use Closure; // import
protected $except = [
//
];
public function handle($request, Closure $next)
{
$response = $next($request);
if (last(explode('\\',get_class($response))) != 'RedirectResponse') {
$response->header('P3P', 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
}
return $response;
}
or
for all url
protected $except = [
'*'
];
or
If there is no use
Illuminate\Foundation\Http\Kernel.php
// \App\Http\Middleware\VerifyCsrfToken::class
this line add comment
Out of the box, Laravel comes with web and api middleware groups that contains common middleware you may want to apply to your web UI and API routes
If you check your app/Providers/RouteServiceProvider.php, you will find that by default, a web middleware group is applied to all your routes in routes/web.php.
protected function mapWebRoutes()
{
Route::group([
'middleware' => 'web',
'namespace' => $this->namespace,
], function ($router) {
require base_path('routes/web.php');
});
}
Now, if you go check your app/Http/Kernel.php and take a look at the $middlewareGroups property, you will find a new EncryptCookies middleware. You can read about it, but if you remove this middleware from the web middleware group, your app might not give the TokenMismatchException which you are getting currently.
I am also facing this problem when using laravel5.4 for rest API. Just add the route name to the app/Http/Middleware/VerifyCsrfToken.php file.
protected $except = [
'test/login',
];
After adding the line, then I run the API, it executes successfully.
I faced this kind of problem in version 5.3.29
The following method worked for me.
Just change the following line in your .env file.
APP_KEY=base64:aBCdeFghI+jKLMnOPqRSTuvw1xYzAbCDeFgHiJKL57+4= (example key)
remove the base64: part, and make it like following
APP_KEY=aBCdeFghI+jKLMnOPqRSTuvw1xYzAbCDeFgHiJKL57+4=
go to middleware -> verifycsrftoken.php -> add the urls in the array specified.
How can i post an interactive post on google+ stream?
I am trying to post some custom data on google stream from asp.net web application.
This is the code iam using.
this is .aspx page:
Tell your friends
this is the script i am using:
var moment = {
"name": "sample",
"Description": "Hi sample post",
"Thumbnail": "logo",
"image": "http://prayati.com/Images/PrayatiLogo.jpg"
};
gapi.auth.init(signinCallback);
function signinCallback(authResult) {
if (authResult['access_token']) {
gapi.interactivepost.render('inter', options);
//gapi.interactivepost.render(moment, authResult['access_token'])
gapi.interactivepost.go(moment)
document.getElementById('myBtn').setAttribute('style', 'display: none');
} else if (authResult['error']) {
alert(authResult['error']);
}
}
var options = {
contenturl: 'https://plus.google.com/pages/',
contentdeeplinkid: '/pages',
clientid: '263087742134.apps.googleusercontent.com',
cookiepolicy: 'single_host_origin',
prefilltext: 'Create your Google+ Page too!',
calltoactionlabel: 'SHARE',
calltoactionurl: 'http://plus.google.com/pages/create',
calltoactiondeeplinkid: '/pages/create'
};
The first and probably most important problem is that you have a domain mismatch between your data-calltoactionurl and your data-contenturl. These must be the same domain, see the data-contenturl documentation.
I believe that is your major problem, there are other problems in your example too:
You appear to be confusing two different features: app activities (aka moments) and interactive posts. Also, it looks like you are trying to do authentication, the interactive post button is also a sign-in button, notice its data-callback parameter. You wouldn't need to do a separate call to gapi.auth.init()
The most simple approach is to use the HTML button and remove the calls to gapi.interactivepost.* unless you have a dynamic application that needs to insert buttons with great control.
You didn't post the code for your JavaScript API include, ensure that it is loading the API script as https://apis.google.com/js/client:plusone.js.
Here is a correct and simplified button:
<button class="g-interactivepost"
data-clientid="xxxxxxxxxx.apps.googleusercontent.com"
data-contenturl="http://localhost:52022/Jaswanth"
data-cookiepolicy="single_host_origin"
data-calltoactionlabel="INVITE"
data-calltoactionurl="http://localhost:52022/create"
data-prefilltext="Best site EVER!"
data-callback="signinCallback"
data-requestvisibleactions="http://schemas.google.com/AddActivity"
data-scope="https://www.googleapis.com/auth/plus.login">
Tell your friends
</button>
I've asked this before, but in a different way, so I'm hoping asking it like this could get an answer :)
What API call results in this following dialog appearing:
http://dl.dropbox.com/u/222489/publishdialog.png
By using the FB.ui({method: 'stream.publish' ... function all I get is a "Post to Your Wall" dialog, and all great Facebook games get the dialog in the screenshot. So I must be using the wrong function.
I don't understand how you've missed it, it's the first snippet of code in the FB.ui documentation:
FB.ui(
{
method: 'feed',
name: 'Facebook Dialogs',
link: 'http://developers.facebook.com/docs/reference/dialogs/',
picture: 'http://fbrell.com/f8.jpg',
caption: 'Reference Documentation',
description: 'Dialogs provide a simple, consistent interface for applications to interface with users.',
message: 'Facebook Dialogs are easy!'
},
function(response) {
if (response && response.post_id) {
alert('Post was published.');
} else {
alert('Post was not published.');
}
}
);
Result in my test app:
Its known as a Feed Dialogue.. its one of the Three Facebook Dialogues that use user interaction for doing some work...
ItI dosent need a API call (It was possible with Facebook.showFeedDialog but now facebook dosent support it) instead u redirect the user to the Url for these dialogues.
http://www.facebook.com/dialog/feed?<your different attributes as quesry string>
For having this in your own page you Can open it in an iFrameby setting attribute display=iframe but you need an access token for that..
Here is a complete description..
http://developers.facebook.com/docs/reference/dialogs/feed/