简体繁体 English

付款后处理用户注册/数据？

[英]Processing user registration/data after payment is made?

原文 2010-11-12 22:12:00 2 1 php/ payment-gateway/ payment

I have a <textarea> along with user registration information that I only want to be processed (inserted to the database) after payment (I want to keep my database clear unnecessary registrations or things like people that register but change their mind about paying for the site services) 我有一个<textarea>以及用户注册信息，我只想在付款后进行处理（将其插入数据库）（我想使我的数据库清除不必要的注册或类似注册的人之类的事情，但是他们改变了主意为之付款）现场服务）

I mean, I could use sessions but are there any other ways? 我的意思是，我可以使用会话，但是还有其他方法吗？

I was looking for a gateway that'll pass these variables back to me after purchase. 我一直在寻找一个网关，将在购买后将这些变量传递回给我。

Or perhaps just having the gateway API. 或者，也许只有网关API。

Now, I know gateways such as paypal allow advanced processes like these but I don't want to apply to their credit checks just in case they have a reason to reject me. 现在，我知道诸如Paypal之类的网关允许此类高级流程，但我不想将其应用于信用检查，以防万一他们有理由拒绝我。 I don't want to depend on one gateway, is there any other gateways that guarantee not to reject my gateway needs and allow me to make advanced processes like the ones mentioned above? 我不想依赖一个网关，是否有其他网关可以保证不拒绝我的网关需求，并允许我进行如上所述的高级流程？ If anyone knows about gateways that don't need credit-type checks to be accepted I would appreciate if one could be suggested. 如果有人知道不需要信用类型检查的网关，那么如果可以提出建议，我将不胜感激。

Note: I know some people will suggest to keep the registration data since it's only a few kilobytes even if people won't use the site or pay for the services. 注意：我知道有人会建议保留注册数据，因为它只有几千字节，即使人们不会使用该网站或为服务付费。 Call me OCD but I like my database clean and to only have relevant users/data. 称我为OCD，但我喜欢我的数据库干净并且只包含相关的用户/数据。 I will end up doing this in the end if I don't find a solution that suits my needs, so please, don't suggest it. 如果找不到适合我需要的解决方案，我最终会这样做，所以请不要提出建议。 Thanks. 谢谢。

1 个解决方案

If you want to use simple form based integration, you aren't going to get around having rows in your table before the users has been processed, unless you want people stealing your service. 如果要使用基于表单的简单集成，除非您希望人们窃取您的服务，否则您将无法在处理用户之前在表中添加行。 The fact you want your "database clean" is naive. 您想要“数据库干净”的事实是幼稚的。 Just put a registered flag and delete periodically if you are really that OCD. 如果您确实是OCD，只需放置一个已注册标志并定期删除。

You must create a auth token (random unique string), and update the database of the current user that that token belongs to that user. 您必须创建一个auth令牌（随机唯一字符串），并更新该令牌所属的当前用户的数据库。 You then pass the user to the payment gateway and also pass along the token you have assigned to that user. 然后，您将用户传递到支付网关，还传递您已分配给该用户的令牌。

The gateway will send the user back to a url of your choosing, along with the token you have assigned to that user. 网关会将用户以及您分配给该用户的令牌发送回您选择的URL。 At this point you update the table for that user with that token. 此时，您将使用该令牌更新该用户的表。

Only you and the gateway know about the token, the user only sees it if they get a successful charge. 只有您和网关知道令牌，用户只有在成功收取费用后才能看到令牌。

If you don't do this, anyone can find the url the gateway sends on successful charge, and just load it themselves, giving them free service. 如果您不这样做，那么任何人都可以找到网关发送成功收取费用的网址，然后自己加载即可，为他们提供免费服务。

Alternatively, you can use deeper integration, were you do a web service call to the payment gateway, if it succeeds, you update your row, if it fails, you don't. 另外，您可以使用更深层的集成，例如对支付网关进行Web服务调用，如果成功，则更新行，如果失败，则不行。 This subjects you to onerous PCI compliance regulations. 这使您必须遵守繁琐的PCI合规性法规。 Trust me you don't want to delve into that. 相信我，你不想钻研它。 Just avoid it and do not let your systems see any CC information. 只是避免它，不要让您的系统看到任何抄送信息。