PHP + JS结帐,谢谢页面
[英]php + js checkout and thank you page
问题描述
i am build a stripe checkout for my ecommerce on my current project. 
我正在当前项目中为电子商务建立条纹结帐。
everything working good, but i have few question which is confuse me. 一切工作正常,但我有几个问题让我感到困惑。
- is good idea to use ajax for checkout? 用ajax结帐是个好主意吗?
i am using stripe.js to checkout, when customer click on checkout button, which will get the token from strips, and then i use ajax to submit the token to php, php will charge the customer, and do the rest of job. 我正在使用stripe.js进行结帐,当客户单击结帐按钮时,这将从条带中获取令牌,然后我使用ajax将令牌提交给php,php将向客户收费,并完成其余工作。 is this safe? 这样安全吗? do i have to use all php code on page to checkout? 我是否必须使用页面上的所有php代码才能结帐?
i am also using localstorage to store the shipping cart information, is localstorage safe than cookie? 我也在使用localstorage来存储运输车信息,localstorage是否比cookie安全? if not, is cookie enough for shopping cart information? 如果不是,cookie是否足以满足购物车信息?
- about thank you page. 关于“谢谢”页面。
i already create a thank you page, but this page every user can go to this page, like customer didn't buy anything still can go this page. 我已经创建了一个“谢谢”页面,但是每个用户都可以转到该页面,就像客户什么都没买一样,仍然可以转到此页面。 www.example.com/checkout/thankyou.php www.example.com/checkout/thankyou.php
for stander checkout thank you page, should i create something to prevent non checkout user to view this page? 对于标准结帐感谢页面,我应该创建一些内容来防止非结帐用户查看此页面吗? or i just make thank you page and checkout into one page? 还是我只是将“谢谢”页面和结帐页面分成一页? like when customer click checkout button, ajax return 1, then popout a modal, show order number, and redirect to other page in 5 sec. 例如当客户单击结帐按钮时,ajax返回1,然后弹出一个模式,显示订单号,并在5秒钟内重定向到其他页面。
1 个解决方案
解决方案1
1 已采纳 2016-07-08 02:12:45
Yes, this is safe, since the Stripe's token is a reference to their system and cannot be used or read by anyone else but your PHP script, using the private API key. 是的,这是安全的,因为Stripe的token是对其系统的引用,除您的PHP脚本之外,其他任何人都无法使用私有API密钥来使用或读取Stripe的token 。
This token is created to ensure no credit card info ends on an unprotected server. 创建此令牌是为了确保没有信用卡信息在不受保护的服务器上结束。
But as they say in their tutorial , you should enable HTTPS to protect the other transaction values of your customer. 但是正如他们在教程中所说,您应该启用HTTPS以保护客户的其他交易价值。
They have a real effective tech support that you can reach on https://webchat.freenode.net/ using the #stripe channel. 他们提供了真正有效的技术支持,您可以使用#stripe频道在https://webchat.freenode.net/上获得这些#stripe 。
And about the thank you page... You could use a $_session variable to prevent the access from users who didn't succeded a charge. 关于“感谢页面” ...您可以使用$_session变量来阻止未成功收费的用户的访问。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.