I am trying to integrate citrus payment gateway to my application which is written in zend. I am using citrus hostel checkout. I am generating signature in controller and then pass these values to view where a form is created. Controller code:
$formPostUrl = "https://sandbox.citruspay.com/sslperf/your-vanityUrlPart";
$secret_key = "xxxxxx"; // your secret key
$vanityUrl = "xxx"; // your vanity url
$merchantTxnId = uniqid();
$orderAmount = "1.00";
$currency = "INR";
$TransactionData= $vanityUrl.$orderAmount.$merchantTxnId.$currency;
$securitySignature = hash_hmac('sha1', $TransactionData, $secret_key);
$data = [
'formPostUrl' => $formPostUrl,
'vanityUrl' => $vanityUrl,
'merchantTxnId' => $merchantTxnId,
'orderAmount' => $orderAmount,
'currency' => $currency,
'securitySignature' => $securitySignature,
'returnUrl' => $this->hostName.'/'.'paymentResponse'
];
return new ViewModel ( $data );
View Code:
<form align="center" method="post" action="<?php echo $formPostUrl;?>">
<input ng-model="amount" type="number"class="form-control" id="orderAmount" name="orderAmount" placeholder="Enter the amount here.." required min="1" />
<input type="hidden" id="merchantTxnId" name="merchantTxnId" value="<?php echo $merchantTxnId;?>" />
<input type="hidden" id="currency" name="currency" value="<?php echo $currency;?>" />
<input type="hidden" name="returnUrl" value="<?php echo $returnUrl;?>" />
<input type="hidden" id="secSignature" name="secSignature" value="<?php echo $securitySignature;?>" />
<input type="Submit" value="Pay Now"/>
</form>
But the problem here is that securitySignature is created using amount and that code is written in controller but I have to take amount from user like a form which should be in view. I can't create securitySignature in view because it requires security_key which I can't write in view for security reasons. Is there any way from view I could send amount to controller and then in controller make a POST request to formPostUrl which also redirect me to formPostUrl just like in form we make a post request which also redirect to that url.
Try out the steps below,
P.S: You may need to store the state of the second request in logs or db or something just in case, for audit.
Hope it helps!