Reputation: 107
Perform a Stripe transaction without JS to retrieve token
I am trying to perform a stripe transaction without the use of Javascript. Possibly cURL but I cannot figure out the header using the v2 api.
<form action="" method="POST" id="payment-form">
<span class="payment-errors"></span>
<div class="form-row">
<label>
<span>Card Number</span>
<input type="text" size="20" data-stripe="number"/>
</label>
</div>
<div class="form-row">
<label>
<span>CVC</span>
<input type="text" size="4" data-stripe="cvc"/>
</label>
</div>
<div class="form-row">
<label>
<span>Expiration (MM/YYYY)</span>
<input type="text" size="2" data-stripe="exp-month"/>
</label>
<span> / </span>
<input type="text" size="4" data-stripe="exp-year"/>
</div>
<button type="submit">Submit Payment</button>
</form>
<?php
require '../stripe-php/init.php';
//this next line is very wrong
$post = 'client_secret=['sk_07C5ukIdqx'].'&grant_type=authorization_code&code='.$_GET['code'];
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, $system['stipe']['token_url']);
curl_setopt($ch,CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
curl_close($ch);
$decode = json_decode($result);
\Stripe\Stripe::setApiKey("my_secret");
\Stripe\Charge::create(array(
"amount" => 500,
"currency" => "usd",
"source" => $decode[2], // I am totally guessing the value will be in element #2
"description" => "Charge for [email protected]"
));
?>
Most of my issue is getting the token. All of the stripe docs are only using stripe.js and I am not using javascript.
How do I get the stripe token into a PHP variable without the use of Javascript so I can use it for a basic transaction?
Upvotes: 0
Views: 4755
Answers (1)
Reputation: 35360
Stripe doesn't require your server to be PCI compliant when using stripe.js.
If you have a web form to accept credit card data, you want the card token to be created by Stripe. The credit card info is never intended to be sent over the wire to your sever. This is why the form fields in your code have no name attribute (name-less fields are not submitted). This is a good thing.
If you insist on not using stripe.js, the API docs on creating a charge clearly state
the source you provide must either be a token, like the ones returned by Stripe.js, or a associative array containing a user's credit card details
'amount' => 200, // $2.00,
'currency' => 'usd',
'source' => [
'object' => 'card',
'number' => '...'
'exp_month' => '...',
'exp_year' => '...',
'cvc' => '...',
]
Remove stripe.js, put some name attributes on your form, and use the Charge::create() method without all the preceeding curl stuff.
I have to mention, if I was unclear about the basics of an API that makes credit card processing dead simple, I would be very worried about how much I am exposing myself to a potential lawsuit by letting credit card data touch my servers.
Upvotes: 5
Related Questions
- Executing Curl in PHP to do a Stripe subscription
- Stripe payment APIs -- without using Stripe UI
- integrate stripe payment gateway using php
- How to obtain a client-side token without using Stripe's UI layer?
- Stripe connect with Auth and Capture retrieving Charge in Php
- How to withdraw Stripe balance to own bank account using API?
- Basic Curl to PHP Conversion
- stripe curl command line POST
- Get the Access Token in Stripe payment gateway in PHP
- Integrating stripe subscription in php api