System with URL friendly get return in query string

Question

System with URL friendly get return in query string

Asked 8 years, 1 month ago

Viewed 934 times

-1

I’m having a problem with the return url of Paypal, my system has the concept of URL friendly for example:

http://outros.local/vendas/carrinhos/finalizada

But with the return of Paypal the URL is getting like this:

http://outros.local/vendas/carrinhos/finalizada?token=myToken&PayerID=myID

So I’m not getting the attributes token and PayerID, my . htacess is like this:

DirectoryIndex index.php

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*?)$ index.php?url=$1
</IfModule>

I also have a file called Dispenser.php, its function is to take the url parameter and turn into controller, method and params:

<?php
/**
 * Created by PhpStorm.
 * User: Leonardo Vilarinho
 * Date: 09/07/2016
 * Time: 22:05
 */

/**
 * Resgata parametros da URL, separa controller de method, verificando também se o link
 * representa um alias, se representar pega o controlador e metodo do alias, se não pega
 * o padrao do link (site.com/controlador/metodo/parametros). Por fim resgata os demais parametros
 * colocando-o em array para serem usados no controlador.
 *
 * Exemplo:
 * URL -> site.com/pessoas/editar/51
 * Resultado do script será:
 *      $_GET['controller'] = 'pessoas'
 *      $_GET['method'] = 'editar'
 *      $_GET['params'] = array(0 => 51)
 *
 */
var_dump($_GET);
$url = isset($_GET['url']) ? $_GET['url'] : '';
unset($_GET['url']);

if(!empty($url))
{
    $params = explode('/', $url);
    $_GET['controller'] = isset($params[0]) ? $params[0] : '';
    $alias = Alias::check($_GET['controller']);
    if($alias != false)
    {
        $_GET['controller'] = explode('/', $alias)[0];
        $_GET['method'] =  explode('/', $alias)[1];
    }
    else
    {
        $_GET['method'] = isset($params[1]) ? $params[1] : '';
        unset($params[1]);
    }

    unset($params[0]);
    $get = array();
    foreach ($params as $value)
        array_push($get, $value);
    $_GET['params'] = $get;
}

Error already appears in var_dump, that is displayed:

/home/leonardo/www/outros/vendas/kernel/dispenser.php:23:
array (size=1)
  'url' => string 'carrinhos/finalizada' (length=20)

I noticed that the problem is the question mark in the return url (?), as it would look like this:

http://outros.local/vendas?url=carrinhos/finalizada?token=myToken&PayerID=myID

Soon I would take only the first parameter.

How do I get the rest of the URL?

It worked that way (in this case the Paypal returns with & and not ?):

http://outros.local/vendas?controller=carrinhos&method=finalizada&token=myToken&PayerID=myID

But my system would be exposed and with this url different from the others.. Another that worked was:

http://outros.local/vendas/carrinhos/finalizada&token=myToken&PayerID=myID

But when I put the return link to Paypal as http://outros.local/vendas/carrinhos/finalizada does not work because the Paypal system returns the query string starting with '?'.

How can I solve this problem?

Hello, Try adding this at the end of your rule: Rewriterule (.*?)$ index.php? url=$1 [QSA, NC, L]

– Mario Pacio

2017/04/13 at 19:02

1 answer

Browser other questions tagged php friendly-url

You are not signed in. Login or sign up in order to post.

by Daniel Omine • **19,666** points · Answer 1 · 2016-08-24T03:51:35+00:00

A simple way to solve is just to make a small change to the return URL

Your URL is like this:

http://outros.local/vendas/carrinhos/finalizada

Just do it:

http://outros.local/vendas/carrinhos/finalizada/?paypal

When you return from Paypal you will receive something like

http://outros.local/vendas/carrinhos/finalizada/?paypal&token=myToken&PayerID=myID

Of course, it depends on how your system handles the URL.

But basically can only read the global $_GET.

Normally process your URL in this user-friendly URL format and model on this page would do something like this:

if (isset($_GET['token'])) {
    // tchanranran
}

URL friendly provides security?

I noticed your concern with this passage

But my system would be exposed and with this url different from the others.. Another one that worked was:

The fact that the user sees or does not see the names of the parameters in a URL does not change the security. Therefore, it can be solved more easily without Friendly URL, make it that simple instead of complicating.

Optional

You can also ask for the return to be done by the POST method

The parameter name is "rm". Set to 2 to receive this data by the POST method.

Return method. The FORM METHOD used to send data to the URL specified by the Return variable. Allowable values are:

0 - all shopping Cart Payments use the GET method

1 - the Buyer’s browser is redirected to the Return URL by using the GET method, but no payment variables are included

2 - the Buyer’s browser is redirected to the Return URL by using the POST method, and all payment variables are included

https://developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/Appx_websitestandard_htmlvariables/

I vaguely remembered something I posted about friendly URL and parameter extraction so I found this, which by coincidence was a question of yours: Url friendly to MVC