[英]php + js checkout and thank you page
i am build a stripe checkout for my ecommerce on my current project. 我正在当前项目中为电子商务建立条纹结帐。
everything working good, but i have few question which is confuse me. 一切工作正常,但我有几个问题让我感到困惑。
i am using stripe.js to checkout, when customer click on checkout button, which will get the token from strips, and then i use ajax to submit the token to php, php will charge the customer, and do the rest of job. 我正在使用stripe.js进行结帐,当客户单击结帐按钮时,这将从条带中获取令牌,然后我使用ajax将令牌提交给php,php将向客户收费,并完成其余工作。 is this safe?
这样安全吗? do i have to use all php code on page to checkout?
我是否必须使用页面上的所有php代码才能结帐?
i am also using localstorage to store the shipping cart information, is localstorage safe than cookie? 我也在使用localstorage来存储运输车信息,localstorage是否比cookie安全? if not, is cookie enough for shopping cart information?
如果不是,cookie是否足以满足购物车信息?
i already create a thank you page, but this page every user can go to this page, like customer didn't buy anything still can go this page. 我已经创建了一个“谢谢”页面,但是每个用户都可以转到该页面,就像客户什么都没买一样,仍然可以转到此页面。 www.example.com/checkout/thankyou.php
www.example.com/checkout/thankyou.php
for stander checkout thank you page, should i create something to prevent non checkout user to view this page? 对于标准结帐感谢页面,我应该创建一些内容来防止非结帐用户查看此页面吗? or i just make thank you page and checkout into one page?
还是我只是将“谢谢”页面和结帐页面分成一页? like when customer click checkout button, ajax return 1, then popout a modal, show order number, and redirect to other page in 5 sec.
例如当客户单击结帐按钮时,ajax返回1,然后弹出一个模式,显示订单号,并在5秒钟内重定向到其他页面。
Yes, this is safe, since the Stripe's token
is a reference to their system and cannot be used or read by anyone else but your PHP script, using the private API key. 是的,这是安全的,因为Stripe的
token
是对其系统的引用,除您的PHP脚本之外,其他任何人都无法使用私有API密钥来使用或读取Stripe的token
。
This token is created to ensure no credit card info ends on an unprotected server. 创建此令牌是为了确保没有信用卡信息在不受保护的服务器上结束。
But as they say in their tutorial , you should enable HTTPS to protect the other transaction values of your customer. 但是正如他们在教程中所说,您应该启用HTTPS以保护客户的其他交易价值。
They have a real effective tech support that you can reach on https://webchat.freenode.net/ using the #stripe
channel. 他们提供了真正有效的技术支持,您可以使用
#stripe
频道在https://webchat.freenode.net/上获得这些#stripe
。
And about the thank you page... You could use a $_session
variable to prevent the access from users who didn't succeded a charge. 关于“感谢页面” ...您可以使用
$_session
变量来阻止未成功收费的用户的访问。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.