Jump to content
Larry Ullman's Book Forums

$Token Doesn't Seem To Be Getting Picked Up


Recommended Posts

I'm using Stripe (in test mode) and on my payment page I'm getting the error:

 
Error!The following error(s) occurred:
  • The order cannot be processed. Please make sure you have JavaScript enabled and try again.

 

 

 

On the payment page:

// Need a payment token:
if (isset($_POST['stripeToken']))
{
   $token = $_POST['stripeToken'];

   // Check for a duplicate submission, just in case:
   // Uses sessions, you could use a cookie instead.
   if (isset($_SESSION['token']) && ($_SESSION['token'] == $token))
       {
           $errors['token'] = 'You have apparently resubmitted the form. Please do not do that.';
       }
       else
       {    // New submission.
            $_SESSION['token'] = $token;
       }
}
else
{
    $errors['token'] = 'The order cannot be processed. Please make sure you have JavaScript enabled and try again.';
}

My form is on another page and is sent to my payment page (what would be your buy.php page). I have buy.js set in the header of the payment page and I'm calling it on the form page as well. I have the Strip php library installed and correctly pointed to. My form page is regular http while my payment page is https. I have a SSL certificate. Javascript is not disabled.

 

What would be the reason that the stripe token isn't being submitted or picked up?

 

Thanks.

Link to comment
Share on other sites

There are many possible reasons, but it's almost certainly a programmer error. I'd check your logs in Stripe to confirm that tokens are being requested and returned. Then, you can stop the submission of the payment form to your server side page and check the source code for the existence of the token.

 

Also, you need to make the form page be served over SSL. 

Link to comment
Share on other sites

My Stripe logs do not have anything listed. Both my form page and payment processor page are https.

 

Here's my form:

<form id='payment-form' action='https://www.mydomain.com/members/credit-pay.php' method='post'>
<fieldset>

<span class='help-block'>You can pay using: Mastercard, Visa, American Express, JCB, Discover, and Diners Club.</span>
<div class='alert alert-info'><h4>JavaScript Required!</h4>For security purposes, JavaScript must be enabled on your computer or device in order to complete your order.</div>

<legend>Pay with Credit or Debit Card</legend>
<input name='latefees' type='hidden' value='$latefees'>
<input name='total' type='hidden' value='$totalpayment'>

<div class='form-group'>
<label>Your Email</label>
<input type='text' size='25' name='youremail' maxlength='65' placeholder='Email'>
</div>

<div class='form-group'>
<label>Card Number</label>
<input type='text' size='25' autocomplete='off' placeholder='Card Number'><br>
<span class='help-bloc'>Enter the number without spaces or hyphens.</span>
</div>

<div class='form-group'>
<label>CVC - (3-4 digit number on credit card)</label>
<input type='text' size='4' autocomplete='off' placeholder='CVV' class='card-cvc input-mini'>
</div>

<div class='form-group'>
<label>Expiration (MM / YYYY)</label>
<input type='text' size='2' placeholder='MM' class='card-expiry-month input-mini'>
<span> / </span>
<input type='text' size='4' placeholder='YYYY' class='card-expiry-year input-mini'>
</div>

<div class='control-group'>
<button type='submit' class='btn btn-success' id='submitBtn'>Submit Payment</button>
</div>
</fieldset>
</form>

My payment processor page:

 <?php
include('includes/config.inc.php');
include('functionsbuy.php');
require(MYSQLGENES);

if (!isset($_SESSION['rid']))
{
    header("Location: login.php");
    exit();
}
else
{
    $page_title = "Rental Payment";
    top($page_title);


    // Today's date with date()
    $now = date('Y-m-d');
    $today = strtotime($now);
    $y = date('Y', $today);
    $m = date('n', $today); // month as 2
    $mm = date('m', $today); // month as 02
    $mmm = date('M', $today); // month as Feb
    $d = date('j', $today); // day as 3
    $dd = date('d', $today); // day as 03

    $thisdate = $d .$mmm . ", " . $y;



    $sessemail = $_SESSION['email'];

    // Set the Stripe key:
    // Uses STRIPE_PUBLIC_KEY from the config file.
    echo '<script type="text/javascript">Stripe.setPublishableKey("' . STRIPE_PUBLIC_KEY . '");</script>';

    // Check for a form submission:
    if ($_SERVER['REQUEST_METHOD'] == 'POST')
    {
        // Stores errors:
        $errors = array();
    
        // Need a payment token:
        if (isset($_POST['stripeToken']))
        {
            $token = $_POST['stripeToken'];
        
            // Check for a duplicate submission, just in case:
            // Uses sessions, you could use a cookie instead.
            if (isset($_SESSION['token']) && ($_SESSION['token'] == $token))
            {
                $errors['token'] = 'You have apparently resubmitted the form. Please do not do that.';
            }
            else
            {    // New submission.
                $_SESSION['token'] = $token;
            }        
        
        }
        else
        {
            $errors['token'] = 'The order cannot be processed. Please make sure you have JavaScript enabled and try again.';
        }
    
        // Set the order amount:

        $total = stripslashes(trim($_POST['total']));
        $total = escape_data(htmlspecialchars($total));
        $total = $total * 100;
        $amount = $total; // in cents

        // Validate other form data!
        $latefees = stripslashes(trim($_POST['latefees']));
        $latefees = escape_data(htmlspecialchars($latefees));

        $name = $_SESSION['name'];
        $unit = $_SESSION['unit'];

        if (!empty($_POST['youremail']))
        {
            if (preg_match('/^[[:alnum:]][a-z0-9_\.\-]*@[a-z0-9\.\-]+\.[a-z]{2,4}$/', stripslashes(trim($_POST['youremail']))))
            {
                $youremail = escape_data($_POST['youremail']);
            }
            else
            {
                $youremail = FALSE;
                $errors['youremail'] = 'Please enter a valid email address.';
                // echo "<p><span class='error'>ERROR!</span> Please enter a valid email address.</p>";
            }
        }
        else
        {
            $youremail = FALSE;
            $errors['youremail'] = 'Please enter your email address.';
        }


        // If no errors, process the order:
        if (empty($errors))
        {
            // create the charge on Stripe's servers - this will charge the user's card
            try {
                // Include the Stripe library:
                require_once('includes/stripe/lib/Stripe.php');

                $descrip = "Rental Payment on unit# ". $unit . ". Amount: " . $total . ". Paid on: " . $thisdate . ". Thank You!";

                // set your secret key: remember to change this to your live secret key in production
                // see your keys here https://manage.stripe.com/account
                Stripe::setApiKey(STRIPE_PRIVATE_KEY);

                // Charge the order:
                $charge = Stripe_Charge::create(array(
                "amount" => $total, // amount in cents, again
                "currency" => "usd",
                "card" => $token,
                "description" => $descrip,
                "receipt_email" => $youremail
                )
                );

                // Check that it was paid:
                if ($charge->paid == true)
                {                
                    // Store the order in the database.
                    // Send the email.
                    // Celebrate!

                    echo 'Thank you! Your payment has been recieved. A receipt has been emailed to the address you provided.';

                    $chargeid = $charge->id;
                    $paymentbrand = $charge->card->brand;
                    $paymenttype = $charge->card->funding;
                    $paymentgross = $charge->amount;
                    $status = "Paid";


                    $qin = "INSERT INTO payment_history (phid, rid, pay_date, pay_day, pay_month, pay_year, amount_paid, late_fees, pay_method, pay_brand, pay_type, pay_gross, checknum, status) VALUES ('', '".$_SESSION['rid']."', '".$_SESSION['unit']."', NOW(), '$d', '$mmm', '$y', '".$_SESSION['totalpayment']."', '".$_SESSION['latefees']."', '', '$paymentbrand', '$paymenttype', 'paymentgross', '', '$status')";
                    $rin = mysqli_query ($dbc, $qin) or trigger_error("Query: $qin\n<br>MySQL Error: " . mysqli_error($dbc));
                    if (mysqli_affected_rows($dbc) == 1)
                    {
                        mail("payments@mydomain.com", "Storage Payment Made", "Storage Payment Made.", "From: postmaster@mydomain.com");
                    }
                    else
                    {
                        mail("admin@mydomain.com", "Payment table failed to update", "Payment table failed to update.", "From: postmaster@mydomain.com");
                    }


                    // Clear the session:
                    unset ($_SESSION['sessemail']);
                    unset ($_SESSION['total']);
                    unset ($_SESSION['latefees']);
                    unset ($_SESSION['unit']);
                    unset ($_SESSION['youremail']);

                    footer();
                    exit();

                }
                else
                {    // Charge was not paid!    
                    echo '<div class="alert alert-error"><h4>Payment System Error!</h4>Your payment could NOT be processed (i.e., you have not been charged) because the payment system rejected the transaction. You can try again or use another credit or debit card.</div>';
                }
            
            }
            catch (Stripe_CardError $e)
            {
                    // Card was declined.
                $e_json = $e->getJsonBody();
                $err = $e_json['error'];
                $errors['stripe'] = $err['message'];
            }
            catch (Stripe_ApiConnectionError $e)
            {
                    // Network problem, perhaps try again.
            }
            catch (Stripe_InvalidRequestError $e)
            {
                // You screwed up in your programming. Shouldn't happen!
            }
            catch (Stripe_ApiError $e)
            {
                // Stripe's servers are down!
            }
            catch (Stripe_CardError $e)
            {
                // Something else that's not the customer's fault.
            }

        } // A user form submission error occurred, handled below.
    
    } // Form submission.




    // Show PHP errors, if they exist:
    if (isset($errors) && !empty($errors) && is_array($errors))
    {
        echo '<div class="alert alert-error"><h4>Error!</h4>The following error(s) occurred:<ul>';
    
        foreach ($errors as $e)
        {
            echo "<li>$e</li>";
        }
        echo '</ul></div>';    
    }

    echo "<div id='payment-errors'></div>";
}

footer();
?>

I have no doubt that it's a programming error on my part, but I've been looking at it for so long I can't see the mistake/problem. Is there anything that jumps out at you that would prevent this from working?

 

Thanks.

Link to comment
Share on other sites

You’re looking at the wrong script. The issue is with the form script/page where your javascript makes a request to Stripe for a token which it then appends to the form before a post request is made to your payment processor script.

Link to comment
Share on other sites

Thanks for the reply.

 

I am making an online payment script for a storage rental company with 700+ units. Right now the estimate is that between two and four hundred renters will pay their monthly storage rent online. The way they do it is that whatever day of the month someone rents a unit, that day is their monthly due date. If they're five days late on making their payment a $10 late fee is added to their payment due amount. If one month late another $10 late fee is added and so on until they are four months past due and the account is closed and legal proceedings are put into action.

 

When a renter logs in, my script checks to see when they last made a successful payment and then goes through a series of if - elseif clauses to determine their rent payment and late fees. I had the Stripe payment form in each elseif clause that went to the payment processor page. This didn't work, so I removed the Stripe payment forms from the elseif clauses and just put a "Pay Now" link using "r=$rentdue&l=$latefees" that sent the information to the payment processor page that now contained the Stripe payment form. Having the payment form on the same page as the processing magic fixed the problem and it's working in test mode at least. I still have to test for card errors and such but at least I'm making progress.

 

Thanks again for all the help.

Link to comment
Share on other sites

I'm Just curious, but is there a reason you've decided not to offer subscription billing. Getting users to log in monthly and make a payment is tedious for them. Why not automatically charge each month and give them the option to cancel at any time?

Link to comment
Share on other sites

I haven't learned how to do subscription billing. I haven't even used Stripe live for single payment yet. But I like the idea. In fact, the storage company I'm doing this for manually charges customer's credit cards each month that they have on file (not digitally but in a real locked file).

Link to comment
Share on other sites

There's not that much difference (at least, initially) between creating a single charge and creating a subscription in Stripe. Instead of doing Stripe_Charge::create(), you'd do Stripe_Customer::create(), providing the token as the card, and the plan to subscribe them to. 

 

I would strongly advocate for using subscriptions here. 

Link to comment
Share on other sites

 Share

×
×
  • Create New...