Am I using this PHP code wrong? (working with Stripe)

4
votes

I'm using Stripe for a payment gateway. I can successfully obtain a card's "token" as Stripe calls it, which is explained here: https://stripe.com/docs/checkout#api Good to go with that. I successfully receive the token in my stripe dashboard. Now what I need to do is actually charge that card(token). Here is how they put it: "You've got your user's credit card details, now what? Now you charge them money. This happens on your server, and the fastest way to do it is by using one of our client libraries." Well they supply the php needed right on that page:

        // Set your secret key: remember to change this to your live secret key in          production
       // See your keys here https://manage.stripe.com/account
        Stripe::setApiKey("sk_test_68YYnDTKPzcxxRZbkxEJtOVq");

        // Get the credit card details submitted by the form
        $token = $_POST['stripeToken'];

        // Create the charge on Stripe's servers - this will charge the user's card
         try {
          $charge = Stripe_Charge::create(array(
           "amount" => 1000, // amount in cents, again
             "currency" => "usd",
             "card" => $token,
              "description" => "[email protected]")
               );
                } catch(Stripe_CardError $e) {
               // The card has been declined
                }

You can see exactly how they explain it here: https://stripe.com/docs/tutorials/charges

Here is where things go wrong. 1) Where in this code actually pinpoints what card to charge?! I have the card's token ID number in my private dashboard. I now need to charge it, but this code doesn't say anything about the card. The only spot I see is:

          $token = $_POST['stripeToken'];

'stripeToken' do I put in the card's ID number here?

2)I've created a simple page to run this with:

 <div id="payment">


    <form action="charge-cards.php">
        <?php require 'Stripe.php';?>

        <input type="submit">
</form>


</div><!--end payment-->

"charge-cards.php" is the code at the top provided by Stripe. When I click submit, I get the follow error:

    Fatal error: Class 'Stripe' not found in /home/preemin/public_html/fun.dit       /testing/charge-cards.php on line 5

Can anyone see what I"m doing wrong? Thanks!

2
phpstripe-payments
may be you are missing some "include" !internals-in
have you red stripe.com/docs/checkout/guides/php ? where they said "Let’s create a file called config.php, where we’re going to set up some initial configuration." have you downloaded "Stripe PHP library"internals-in
Thanks for your reply! Yeah, I have uploaded Stripe.php to my server, and in the form above, I have included: "<?php require 'Stripe.php';?>Anthony Myers
oops! i have answered ! Have a thumbs ! if i am right !internals-in
Have a look at this blog larryullman.com/2012/11/07/…. This blog explains each steps in detail for charging payment.Chirag B

2 Answers

18
votes

I think it's worthwhile to take a step back and review the basics. First, in order to provide a secure credit card transaction, and to ensure PCI compliance, Stripe has provided a javascript library that encrypts and transmits the sensitive credit card data. They provide an example form

Make careful note of the fact that the form has no submit action. Also pay special attention to the fact that none of the sensitive card fields have a name attribute. This form should never be submitted via any way other than the secure method they have provided. To try to do so opens you up to liability.

When you submit that form, using the js class they have provided (see Step 2), it gives you back a card token, which you say you already have. You can store that card token in your database without any security issues -- it's just an arbitrary number that means nothing to a hacker.

Once you have that token, you have two options:

  1. use it immediately to make a one-time charge, or
  2. store it and create a customer object that you can charge multiple times.

What you need to realize is that Stripe does NOT store that card token! If you lose it, you can't get it back. You have to generate a new one. Also, the only way you can use it for multiple charges is to create a customer object. In other words, UNLESS you store it on a customer object, it's only good for a single charge. So if you charge against it before attaching it to a customer object, it's no longer valid.

Now back to the basics again, as IOIO MAD described, there are two things you must do at the top of any php file that you want to call a Stripe method from:

  1. include the Stripe php library
  2. set the secret key

The only time the public key is used is when you're making that javascript call to submit the card form.

If you want to charge the card immediately, you have to turn right around and make a call back to the server, sending the card hash that you just got back. You might do this with ajax, or by sticking it in a form field that you then post. Step 3 shows you one way you might do this.

But lets assume that you want to do other things before actually charging the card. To expand on your example, lets say I have collected my customer's card on one page, then on my checkout page, I want to submit the charge:

<?php
require('path/to/Stripe.php'); // MUST be done before any Stripe:: call
Stripe::setApiKey("sk_test_mkGsLqEW6SLnZa487HYfJVLf");

// retrieve stored card hash. Could have got it to this page in any number of
// ways, including: stored in cookie, stored in session, stored in database.
// Let's assume stored in session for sake of simplicity of example

$cardHash = $_SESSION['stripeToken'];
?>
<div id="payment">
    <form action="charge-cards.php">
        <?php require 'Stripe.php';?>
        <input name="stripeToken" type="hidden" value="<?= $cardHash ?>" />
        <input type="submit">
    </form>
</div>

When this form is submitted, charge-cards.php will get the $cardHash from the $_POST variable, whereupon you're going to follow the example given by Stripe:

<?php
require('path/to/Stripe.php'); // MUST be done before any Stripe:: call
Stripe::setApiKey("sk_test_mkGsLqEW6SLnZa487HYfJVLf");

// Get the credit card details submitted by the form
$token = $_POST['stripeToken'];

// Create the charge on Stripe's servers - this will charge the user's card
try {
    $charge = Stripe_Charge::create(array(
    "amount" => 1000, // amount in cents, again
    "currency" => "usd",
    "card" => $token,
    "description" => "[email protected]")
    );
} catch(Stripe_CardError $e) {
    // The card has been declined
}
?>

If you're still having problems, employ proper debugging skills to check whether or not your $_POST variable contains a card hash. If all else fails, contact Stripe customer support. Their API is top-notch, as is their documentation and support.

EDIT 4/15/13 OP is using the quick checkout method and using custom buttons. Most of the above still applies.

The code outlined in the Custom Buttons section assigns a click handler to the custom button, which returns a callback function that when executed, appends a hidden input to a form, assigns the stripeToken to that field, and submits the form. Just before the form is submitted, console.log or alert the stripeToken to make sure you have a legitimate value:

$('#customButton').click(function(){
  var token = function(res){
    var $input = $('<input type=hidden name=stripeToken />').val(res.id);

    // alert the value of stripeToken
    alert('stripeToken = ' + res.id);

    $('form').append($input).submit();
};

This would be used in conjunction with this:

<form action="/charge" method="post">
  <script src="https://checkout.stripe.com/v2/checkout.js" class="stripe-button"
      data-key="pk_test_yourprivatekeyhere"></script>
</form>

So what should happen is after the user presses the checkout button, the form should have a hidden input field named 'stripeToken' which contains the token value. You can get that token from the form and submit it later. Alternatively, you can listen on the 'token' event, which will be bound to your button:

jQuery(function($){
  var $button = $('#customButton');

  $button.on('token', function(e, token){
    $button.after('<hr /><p>Your Stripe token is: <strong>' + token.id + '</strong></p>');
  });
});

DISCLAIMER: I haven't used the simple checkout method yet. This code is not tested

3
votes

i think may be you are missing some "include" , Class 'Stripe' not found means that the PHP File consisting of Class 'Stripe' haven't included before the call@

Note : A PHP >= 5.2 environment is required

Download The Stripe PHP library

Extract it to your HOME!

Let’s create a file called config.php, where we’re going to set up some initial configuration.

<?php
require_once('./lib/Stripe.php');

$stripe = array(
  "secret_key"      => "sk_test_mkGsLqEW6SLnZa487HYfJVLf",
  "publishable_key" => "pk_test_czwzkTp2tactuLOEOqbMTRzG"
);

Stripe::setApiKey($stripe['secret_key']);
?>

Then at your Code file ABOVE (assumes yours.php)

  include "config.php";
 // Get the credit card details submitted by the form
  $token = $_POST['stripeToken'];
 //rest as you go!