Level 104
Are you accepting and processing credit card details on your server???
$token = Token::create([
'card' => [
'number' => $request->cardno,
'exp_month' => $month,
'exp_year' => $year,
'cvc' => $request->cvc,
],
]);
May 26, 2021
9
Level 2
Stripe is not deducting payment from card
using following stripe package
"stripe/stripe-php": "^4.4",
with code
use Stripe\Charge;
use Stripe\Stripe;
use Stripe\Token;
use Stripe\StripeInvalidRequestError;
use Stripe\Stripe_CardError;
$stripe =Stripe::setApiKey(Setting::get('stripe_secret_key'));
$token = Token::create([
'card' => [
'number' => $request->cardno,
'exp_month' => $month,
'exp_year' => $year,
'cvc' => $request->cvc,
],
]);
if ($request->total_price>14){
$Charge = Charge::create(array(
"amount" => round($request->total_price*100),
"currency" => "gbp",
"source" => $token,
"description" => "Payment Charge for ".$User->email,
"receipt_email" => $User->email,
));
no deduction is being made in live mode without any error
and stripe is log is as follows:
POST /v1/tokens
Status
200 OK
ID
req_rFUPj0Aw5kYkui
Time
5/18/21, 1:39:18 PM
IP address
199.188.200.224
API version
2018-05-21
Source
Stripe/v1 PhpBindings/4.13.0
Response body
{
"id": "tok_1IsT8kEsWwtF0krez5cw74gI",
"object": "token",
"card": {
"id": "card_1IsT8kEsWwtF0kre4Fq0ChK1",
"object": "card",
"address_city": null,
"address_country": null,
"address_line1": null,
"address_line1_check": null,
"address_line2": null,
"address_state": null,
"address_zip": null,
"address_zip_check": null,
"brand": "Visa",
"country": "PK",
"cvc_check": "unchecked",
"dynamic_last4": null,
"exp_month": 2,
"exp_year": 2023,
"fingerprint": "rLiMzo6zB4GQuv57",
"funding": "debit",
"last4": "0000",
"metadata": {
},
"name": null,
"tokenization_method": null
},
"client_ip": "199.188.200.224",
"created": 1621345158,
"livemode": true,
"type": "card",
"used": false
}
Request POST body
{
"card": {
"number": "**** **** **** 0000",
"exp_month": "02",
"exp_year": "2023",
"cvc": "***"
}
}
Level 2
yes I am passing following kind of detail
cardno":"**** **** **** 0000","expiry":"02 / 2023","cvc":"000"
Level 104
And your application is PCI compliant?
Level 2
how to check it?
Level 104
The fact that you have to ask...
As @martinbean says, the Stripe suite of solutions absolves you of the need to directly handle customers' credit card information. Use Stripe as it is intended and save yourself the dev headache and/or legal consequences of potentially mishandling credit card information
Level 80
@muazzamazaz No, no, no. Users should not be submitted card details to your server! This defeats the point of using something like Stripe, who handles PCI compliance for you.
You should be using Stripe Elements, where users enter their details into inputs that are iframes from Stripe’s servers, and working with tokens, not actual credit card details.
1 like
Level 54
@martinbean if I could add more hearts to your reply I would.
1 like
Level 2
changed this code to stripe element as given here:
But still no payment is being deducted
Level 75
Just suggestion, consider watching some videos on stripe and take some tutorials. One video that Jeffrey has fully explains the PCI compliance aspect.
Please or to participate in this conversation.