Elgg external access to action

How i access a action from a external page? I need pass some parameters for my elgg action. how  do it? i configure the action with "public" but i am redirected

init:

elgg_register_action('retorno',     "$action_base/retorno.php", "public");    

  • You don't. Actions are secured against CSRF attacks and will prevent exactly what you're trying to do. You should code your own "action" using page handler and secure it on your own, or you could create web service for it.

  • The webservice is a good idea for what i need? I posted a topic about Paypal integration. I want a return page for the result token send from paypal.

     

    https://community.elgg.org/discussion/view/1847551/elgg-paypal-integration

  • Is there a particular reason why you would had wanted to use an action instead of a regular page? (I'm not familiar with the Paypal plugin.)

  • No, @Juho. I'm only thinking this is a way to do what i need.

  • I assume we're talking about something different than IPN endpoint? Some reference would help.

  • I create a advertisement area in my elgg site and the users should pay for show AD. 

    In my form, i have:


    $total = 100.00;

    $nvp = array(
        'PAYMENTREQUEST_0_AMT'              => $total,
        'PAYMENTREQUEST_0_CURRENCYCODE'     => 'BRL',
        'PAYMENTREQUEST_0_PAYMENTACTION'    => 'Sale',
        'RETURNURL'                         => 'url_return',
        'CANCELURL'                         => 'url_cancel',
        'METHOD'                            => 'SetExpressCheckout',
        'VERSION'                           => '64',
        'PWD'                               => '',
        'USER'                              => '',
        'SIGNATURE'                         => ''
    );

    $curl = curl_init();

    curl_setopt( $curl , CURLOPT_URL , 'https://api-3t.sandbox.paypal.com/nvp' );
    curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER , false );
    curl_setopt( $curl , CURLOPT_RETURNTRANSFER , 1 );
    curl_setopt( $curl , CURLOPT_POST , 1 );
    curl_setopt( $curl , CURLOPT_POSTFIELDS , http_build_query( $nvp ) );

    $response = urldecode( curl_exec( $curl ) );
    $responseNvp = array();

    curl_close( $curl );

    if ( preg_match_all( '/(?<name>[^\=]+)\=(?<value>[^&]+)&?/' , $response , $matches ) ) {
        foreach ( $matches[ 'name' ] as $offset => $name ) {
            $responseNvp[ $name ] = $matches[ 'value' ][ $offset ];
        }
    }

    if ( isset( $responseNvp[ 'ACK' ] ) && $responseNvp[ 'ACK' ] == 'Success' ) {
        $paypalURL = 'https://www.sandbox.paypal.com/cgi-bin/webscr&#39;;
        $query = array(
            'cmd'    => '_express-checkout',
            'token'    => $responseNvp[ 'TOKEN' ]
        );

        forward($paypalURL . '?' . http_build_query( $query ) );
    } else {
        echo 'Falha na transação';

     

    return page:

        $nvp = array(
            'TOKEN'                             => $token,
            'METHOD'                            => 'GetExpressCheckoutDetails',
            'VERSION'                            => '64',
            'PWD'                                => '',
            'USER'                                => '',
            'SIGNATURE'                            => ''
        );

        $curl = curl_init();

        curl_setopt( $curl , CURLOPT_URL , 'https://api-3t.sandbox.paypal.com/nvp&#39; );
        curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER , false );
        curl_setopt( $curl , CURLOPT_RETURNTRANSFER , 1 );
        curl_setopt( $curl , CURLOPT_POST , 1 );
        curl_setopt( $curl , CURLOPT_POSTFIELDS , http_build_query( $nvp ) );

        $response = urldecode( curl_exec( $curl ) );
        $responseNvp = array();

        if ( preg_match_all( '/(?<name>[^\=]+)\=(?<value>[^&]+)&?/' , $response , $matches ) ) {
            foreach ( $matches[ 'name' ] as $offset => $name ) {
                $responseNvp[ $name ] = $matches[ 'value' ][ $offset ];
            }
        }

        if ( isset( $responseNvp[ 'TOKEN' ] ) && isset( $responseNvp[ 'ACK' ] ) ) {
            if ( $responseNvp[ 'TOKEN' ] == $token && $responseNvp[ 'ACK' ] == 'Success' ) {
                $nvp[ 'PAYERID' ]                            = $responseNvp[ 'PAYERID' ];
                $nvp[ 'PAYMENTREQUEST_0_AMT' ]                = $responseNvp[ 'PAYMENTREQUEST_0_AMT' ];
                $nvp[ 'PAYMENTREQUEST_0_CURRENCYCODE' ]        = $responseNvp[ 'PAYMENTREQUEST_0_CURRENCYCODE' ];
                $nvp[ 'METHOD' ]                            = 'DoExpressCheckoutPayment';
                $nvp[ 'PAYMENTREQUEST_0_PAYMENTACTION' ]    = 'Sale';

                curl_setopt( $curl , CURLOPT_POSTFIELDS , http_build_query( $nvp ) );

                $response = urldecode( curl_exec( $curl ) );
                $responseNvp = array();

                if ( preg_match_all( '/(?<name>[^\=]+)\=(?<value>[^&]+)&?/' , $response , $matches ) ) {
                    foreach ( $matches[ 'name' ] as $offset => $name ) {
                        $responseNvp[ $name ] = $matches[ 'value' ][ $offset ];
                    }
                }

                if ( $responseNvp[ 'PAYMENTINFO_0_PAYMENTSTATUS' ] == 'Completed' ) {
                    echo 'Parabéns, sua compra foi concluída com sucesso';
                } else {
                    echo 'Não foi possível concluir a transação';
                }
            } else {
                echo 'Não foi possível concluir a transação';
            }
        } else {
            echo 'Não foi possível concluir a transação';
        }

        curl_close( $curl );

    var_dump($responseNvp);

     Start.php

    <?php

    elgg_register_event_handler("init", "system", "sociotecaAdvertisement_init");
        
    function sociotecaAdvertisement_init(){

        elgg_register_page_handler("sociotecaAdvertisement", "sociotecaAdvertisement_page_handler");

        $action_base = elgg_get_plugins_path() . 'sociotecaAdvertisement/actions';

        elgg_register_action('add',     "$action_base/add.php");    
        elgg_register_action('cancelamento',     "$action_base/cancelamento.php", "public");    

    }

    function sociotecaAdvertisement_page_handler($page){

        $file_dir = elgg_get_plugins_path() . 'sociotecaAdvertisement';

        switch ($page[0]) {
            
            case 'add':
                $content = elgg_view_form("add", array("id" => "form-add-advertisement"));
            break;

            case 'retorno':
                set_input('token', $page[1]);
                include "$file_dir/pages/retorno.php";
                break;    

            default:
                $content = elgg_view("index");
            break;
        }

        $body = elgg_view_layout('content', array(
            'content' => $content,
        ));

        echo elgg_view_page('', $body);

        return true;
    }

  • I try with a button too but i dont get result

    <script type="text/javascript">

        jQuery(document).ready(function(){

            //Pegamos o formulário do botão

            var wpsBn = jQuery('#wps-bn');

            //Interceptamos o clique no botão

            wpsBn.click(function(e){

            //Evitamos o comportamento padrão, de submeter o formulário

                e.preventDefault();

                //Mostramos a mensagem de redirecionamento

                jQuery('<div class="sa_payPal_overlay" style="visibility:visible;position:fixed; width:100%; height:100%; filter:progid:DXImageTransform.Microsoft.Gradient(GradientType=1, StartColorStr=\'#88ffffff\', EndColorStr=\'#88ffffff\'); background: rgba(255,255,255,0.8); top:0; left:0; z-index: 999999;"><div style=" background: #FFF; background-image: linear-gradient(top, #FFFFFF 45%, #E9ECEF 80%);background-image: -o-linear-gradient(top, #FFFFFF 45%, #E9ECEF 80%);background-image: -moz-linear-gradient(top, #FFFFFF 45%, #E9ECEF 80%);background-image: -webkit-linear-gradient(top, #FFFFFF 45%, #E9ECEF 80%);background-image: -ms-linear-gradient(top, #FFFFFF 45%, #E9ECEF 80%);background-image: -webkit-gradient(linear, left top,left bottom,color-stop(0.45, #FFFFFF),color-stop(0.8, #E9ECEF));display: block;margin: auto;position: fixed; margin-left:-220px; left:45%;top: 40%;text-align: center;color: #2F6395;font-family: Arial;padding: 15px;font-size: 15px;font-weight: bold;width: 530px;-webkit-box-shadow: 3px 2px 13px rgba(50, 50, 49, 0.25);box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px 5px;border: 1px solid #CFCFCF;border-radius: 6px;"><img style="display:block;margin:0 auto 10px" src="https://www.paypalobjects.com/en_US/i/icon/icon_animated_prog_dkgy_42wx42h.gif"><h2>Aguarde alguns segundos.</h2> <p style="font-size:13px; color: #003171; font-weight:400">Você está sendo redirecionado para um ambiente seguro do PayPal<br /> para finalizar seu pagamento.</p><div style="margin:30px auto 0;"><img src="https://www.paypal-brasil.com.br/logocenter/util/img/logo_paypal.png"/></div></div></div>&#39;).appendTo('body');

                //Submetemos o formulário após a exibição da mensagem

                wpsBn.submit();

            });

        });

    </script>

    <form id="wps-bn" action="https://www.sandbox.paypal.com/cgi-bin/webscr&quot; method="post" >

        <!--Tipo do botão-->

        <input type="hidden" name="cmd" value="_xclick" />

        <!--Vendedor e URL de retorno, cancelamento e notificação-->

        <input type="hidden" name="business" value="atendimento-facilitator@socioteca.com" />

        <input type="hidden" name="return" value="http://beta.socioteca2014.com/sociotecaAdvertisement/retorno&quot; />

        <input type="hidden" name="cancel" value="http://beta.socioteca2014.com/action/cancelamento&quot; />

        <input type="hidden" name="notify_url" value="http://loja.com.br/notificacao&quot; />

        <!--Internacionalização e localização da página de pagamento-->

        <input type="hidden" name="charset" value="utf-8" />

        <input type="hidden" name="lc" value="BR" />

        <input type="hidden" name="country_code" value="BR" />

        <input type="hidden" name="currency_code" value="BRL" />

        <!--Informações sobre o produto e seu valor-->

        <input type="hidden" name="amount" value="10.00" />

        <input type="hidden" name="item_name" value="Servico" />

        <input type="hidden" name="quantity" value="1" />

        <!--Botão para submissão do formulário-->

        <input type="image" src="https://www.paypalobjects.com/pt_BR/BR/i/btn/btn_buynowCC_LG.gif&quot; border="0" />

    </form>

     

  • Sounds like you should be using my plugin after all, that's exactly what it does, only it also includes the Paypal PHP sdk

  • Matt,

    I'm studying your plugin for use, i'm trying implementing the paypal without him for knowledge.