Secure API does not return purchase status

Asked

Viewed 2,514 times

0

Previously I had opened an error question in the pagseguro API, well, I managed to solve it. Now my problem is another... I can’t get paid notifications. I already set up the URL in the pay-as-you-go panel only I don’t get anything after shopping. I tested the direct notification file in the browser and it sent me an email (which is what I want to do), but by pagseguro it does not return anything. This is my code:

<?php
if(isset($_POST['notificationType']) && $_POST['notificationType'] == 'transaction'){



    $email = '[email protected]';
    $token = 'MEU-TOKEN-PAGSEGURO';

    $url = 'https://ws.pagseguro.uol.com.br/v2/transactions/notifications/' . $_POST['notificationCode'] . '?email=' . $email . '&token=' . $token;

    $curl = curl_init($url);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    $transaction= curl_exec($curl);
    curl_close($curl);

    if($transaction == 'Unauthorized'){


        exit;
    }

    $transaction = new SimpleXMLElement($transaction);

    $Ref    = $transaction->{'reference'};
    $Status = $transaction->{'status'};

    $headers  = "MIME-Version: 1.0\r\n";
    $headers .= "Content-type: text/html;charset=utf-8\r\n";
    $headers .= "From: ABC <[email protected]>\r\n";

   mail('[email protected]', 'Teste', 'Testando', $headers);


}


?>
  • You accessed the pagseguro in the transaction to see if notification was sent ? If you have a sending code other than 200 there is something wrong, probably the url, passed from notification to pagseguro

5 answers

1

It is good to check if the email and tokens are correct:

Since nothing can be printed on the screen because Pagseguro sends this data via POST in another session, create a txt file (error.txt) and put an alert code within the authorization condition:

if($transaction == 'Unauthorized'){
    //Insira seu código avisando que o sistema está com problemas, sugiro enviar um e-mail avisando para alguém fazer a manutenção
    $name = 'erro.txt';
    $text = "Transação não foi validada!" . "\r\n";
    $file = fopen($name, 'a+');
    fwrite($file, $text);
    fclose($file);
    exit;//Mantenha essa linha
}

can still check what is receiving from pagseguro with:

$name = 'erro.txt';
$text = var_export($transaction, true) . "\r\n";
$file = fopen($name, 'a+');
fwrite($file, $text);
fclose($file);

1

You didn’t fully understand the workings of the payback so you are having problems.

At the end of the purchase the pagseguro sends to the return link but does not send any data as POST, just identify it and do the proper treatment:

<?php
if(isset($_POST['notificationType']) && $_POST['notificationType'] == 'transaction'){

// Post recebido, confirmar o código de notificação e processar o retorno para obter o status atual da transação.


    $email = '[email protected]';
    $token = 'MEU-TOKEN-PAGSEGURO';
...   
...   
...   

} else {

// POST não recebido, indica que a requisição é o retorno do Checkout PagSeguro.
// No término do checkout o usuário é redirecionado para este bloco.

    // redirecione para uma pagina de confirmação por ex.:
    header("Location: index.php?pag=fatura&retorno=pagseguro");

    // ou inclua aqui mesmo a mensagem, por ex:

    echo '<h4>Pagamento em Processamento</h4>
    <p>Seu pagamento será processado pelo PagSeguro e o recibo será emitido automaticamente.</p>
    <p>Obrigado.</p>
    <p><strong>Empresa XYz.</strong></p>';
}
?>

The sending of the POST is done by automatic returns, which are triggered when a customer makes a billet payment (the other day), or when the purchase on the card is effective and confirmed by the carrier (a few minutes later)and these events do not occur at the exact moment the customer finalizes the purchase at the gateway...

0

Look what I saw, it must be what my friend William said because I’m using a code that looks like yours and mine worked. but it’s simple only works if you get the Uol post. has the Uol test environment also in it has a return in a log file there for you to see which error is giving.

0

Check if Mod_security is enabled and blocking the answers of the pagseguro. On my site this was the problem and solves by doing the following:

  • Goes to the logs of your apacha, usually in the folder /usr/local/apache/logs/error_log and research by pagseguro.
  • When finding, look in the same row for the id of that transaction, usually [id=xxxxxx] (a random number).
  • Then go to the settings of Mod_security (if you have access) which is usually in /usr/local/apache/modsecurity-xxx/xxx.conf and add a line with this in the configuration: SecRuleRemoveById xxxxxx

Save, re-start the httpd and testing. The locations may be different because I use Centos Web Panel, but from what I saw the location of error_log is usually the same, but mod_security is not... ai you have to find.

0

To receive the automatic return of Pagseguro, it is necessary that the server where your application is located is with Modsecurity switched off.

Modsecurity is a firewall for web application that functions as an intrusion detection and prevention tool. Turning it off can be a risk for the application. But it is the only way to receive the data from Pagseguro.

Here’s an example of setting up in a Kinghost hosting environment http://prntscr.com/4oa41h

  • 3

    If you have access to modified rules, just edit and delete only the rule(s) that are filtering out the pagseguro, no need to disable the whole module. (it is possible to identify the rules in the logs) and the return of the checkout that he refers to is done by the client’s browser without POST, so it does not fall under modsecurity rules...

  • Rarely do shared hosting companies (Locaweb, Kinghost, etc.) allow such modifications to the firewall. Only if you are using a client-managed cloud solution.

  • Well so I started the sentence with: "If you have access" in case someone with dedicated server falls here, see that you have alternative and not simply disable the module...

  • 1

    Kind of radical turning off Modsecurity. It would be wiser to set it up for the desired application instead of turning it off. Remembering that you can do this in local setup, not just global. Recommended reading (en)

Browser other questions tagged

You are not signed in. Login or sign up in order to post.