PHP Session is not recognized after a response from the CCNow server

Question

I'm using the CCNow payment gateway with my custom PHP cart. My code works perfectly excepts that the cart session is not being recognized when the CCNow server responds back to my page.

In that response, CCNow sends order details with order status, and my code is supposed to save or update the order at this stage.

I tested the page by typing it directly to my browser and it works fine. I also made sure that the CCNow response takes place by storing the order id in a log file.

Any thoughts? My code is below:

<?php
session_start();
include('includes/config.php');
include('includes/db.php');

$status = 0;
$x_status = '';
$x_orderid = '';
$x_orderdate = '';
$key = '12345';

if(isset($_REQUEST['x_status'])){
    $x_status = strtolower($_REQUEST['x_status']);
}

if(isset($_REQUEST['x_orderid'])){
    $x_orderid = $_REQUEST['x_orderid'];
}

if(isset($_REQUEST['x_orderdate'])){
    $x_orderdate = $_REQUEST['x_orderdate'];
}

$str = $x_orderid . '^' . $x_status . '^' . $x_orderdate . '^' . $key;
$hash = md5($str);

if(($x_status == 'pending') || ($x_status == 'test')){
    $status = 1;
}

$order_exists = false;

$sql = "SELECT id FROM orders WHERE method = 'CCNow' and x_orderid = '" . $x_orderid . "' LIMIT 1";
$result = mysql_query($sql);
while ( $value = mysql_fetch_array($result) ){
    $order_exists = true;
}

if($order_exists){ // update order
    $sql = "UPDATE orders SET status = " . $status . " WHERE method = 'CCNow' and x_orderid = '" . $x_orderid . "'";
    $result = mysql_query($sql);
}
else{ // add new order
    if(isset($_SESSION["products"])){
        $customer_id = $_SESSION['customer_id'];
        $net = $_SESSION['cart_net'];
        $shipping_cost = $_SESSION['cart_shipping_cost'];
        $date = date("Y-m-d");
        // save order
        $sql = "INSERT INTO orders(customer_id, date, method, status, net, shipping_cost, x_orderid) ";
        $sql.= "VALUES($customer_id, '$date', 'CCNow', $status, $net, $shipping_cost, '$x_orderid')";
        $result = mysql_query($sql);
        $order_id = mysql_insert_id($GLOBALS['connection']);
        // save order details
        foreach ($_SESSION["products"] as $cart_itm){
            $product_id = $cart_itm["ID"];
            $product_code = $cart_itm["code"];
            $product_qty = $cart_itm["qty"];
            $product_price = $cart_itm["price"];
            $subtotal = ($cart_itm["price"]*$cart_itm["qty"]);
            $sql = "INSERT INTO order_details(order_id, product_id, price, qty, net) ";
            $sql.= "VALUES($order_id, $product_id, $product_price, $product_qty, $subtotal)";
            $result = mysql_query($sql);
        }
        // unset cart sessions and redirect to success page
        unset($_SESSION['cart_net']);
        unset($_SESSION['cart_shipping_cost']);
        unset($_SESSION['products']);
    }
    else{
        file_put_contents('ccnowlog.txt', date('Y-m-d h s i') . 'Not seeing the session!!!', FILE_APPEND);
    }
}

// This is an OK response to CCNow IMPORTANT
echo 'ok';

?>

Answer 1

Your Problem is an logical problem!

You communicate with CCNow and send a transaction. But the Server von CCNow will answer you seperatly - Logically that the "customer session" will not accessible.

You must work with an Order-ID to get the Data. Additional you can modify the parameters. Here is a little example from a Plugin:

 $data['x_fp_sequence']             = $sessionid
 $data['x_invoice_num']             = $sessionid;

You see, the session-ID will be passed with x_fp_sequence and x_invoice_num. On your response-script you must use this to get the user session. Otherwise you can get the userdata directly from the Database.