I’m unable to find a solution to this question, although I am aware it may be because it is a pretty simple one.. Nevertheless, I’d really appreciate some help.
I have a custom-built payment processing plugin (for CCBill) on a client’s WordPress site. After an initial membership payment, users can choose to make additional donations in any amount, which are directed through CCBill’s ChargeByPreviousTransactionID system, so they don’t have to enter their card details again.
The plugin checks to see if the user has an existing transaction and pulls the relevant data from the database. Then when they enter an amount and submit the form it constructs a query string, and then loads this as the url of a pop up window.
This causes two specific problems for us:
- most browsers block the pop up, &
- the IP address submitting the query must be whitelisted at the payment processor for the payment to go through – this should be the IP of the site, but with the pop-up window it appears to be the user’s IP, which we can’t whitelist
Is there a way to pass this data to the script, without opening a pop up, or having users leave our site?
I can’t get the original developer to fix this issue, and I would really like to improve my programming skills by being able to fix it myself.
Here are the relevant parts of the code:
function shortcode_function( )
{
$detailsid='';
if(is_user_logged_in())
{
global $current_user;
$detailsid = get_user_meta( $current_user->ID, 'get_donate_details_id', true );
$detailsmoney = get_user_meta( $current_user->ID, 'get_donate_details_price', true );
if($detailsid!=''&& isset($_POST['wq_re_donate_now']))
{
?>
<script type="text/javascript">
var url="https://bill.ccbill.com/jpost/billingApi.cgi?clientAccnum=900000&username=test123&password=test123&action=chargeByPreviousTransactionId&newClientAccnum=900000&newClientSubacc=0000&sharedAuthentication=1&initialPrice=<?php echo number_format($_POST['wq_amount']); ?>&initialPeriod=365&recurringPrice=0&recurringPeriod=0&rebills=0&subscriptionId=<?php echo $detailsid; ?>¤cyCode=840";
var myWindow =window.open(url, "myWindow", "width=200, height=100");
</script>
<?php
}
}
if($detailsid!='')
{
?>
<div class="donateholder">
<div class="donateheader"><h4>Make Donation</h4></div>
<form method="post" action="">
<div class="donatediv" align="left">
<h3>Amount: $<input maxlength="4" onkeypress="return isNumberKey(event)" type="text" size="5" class="amount" name="wq_amount" id="randomnumber" />
<input type="submit" name="wq_re_donate_now" value="Submit" />
</h3></div>
</form>
</div>
<?php
}
}
Thanks!
The
ChargeByPreviousTransactionIDis not meant to be invoked from the JavaScript side. You need to have a back-end server which accepts a JavaScript call done from the front-end with the necessary user-related information and then, this back-end server needs to callbill.ccbill.com.This way, you can tell the CCBill Merchant Support to whitelist the IP address of your back-end server, so that you will be able to do this HTTP call. Make sure your back-end server has a static IP so that it will never change.
Remember, when you have URLs on front-end where you’re hard-coding your username and password in them, that means that they need to be placed at the back-end. Like this, everyone will be able to see your username and password by inspecting the JavaScript in their browser.