I am using citruspay Payment gateway in my project, when return url hit the page
than TokenMismatchException in VerifyCsrfToken.php line 53: error show.
How can i match token .
route.php
Route::POST('ideas/paymentResponse',function(){
return View::make('ideas.paymentDone');
});
payment.php
<form method="post" action="https://sandbox.citruspay.com/qwer">
<input type="hidden" id="merchantTxnId" name="merchantTxnId" value="<?php echo $merchantTxnId; ?>" />
<input type="hidden" id="orderAmount" name="orderAmount" value="<?php echo $orderAmount; ?>" />
<input type="hidden" name="_token" id="_token" value="{{ csrf_token() }}">
<input type="hidden" id="currency" name="currency" value="<?php $currency ?>" />
<input type="hidden" name="returnUrl" value="http://local.ideabazaar.com/ideas/paymentResponse" />
<input type="hidden" id="notifyUrl" name="notifyUrl" value="http://local.ideabazaar.com/ideas/paidNotify" />
<input type="hidden" id="secSignature" name="secSignature" value="<?php echo $securitySignature ?>" />
<input type="Submit" class="redBtn" value="Pay Now"/>
paymentResponse.php
@extends('layouts.home')
@section('content')
<?php
set_include_path('../lib'.PATH_SEPARATOR.get_include_path());
//Replace this with your secret key from the citrus panel
$secret_key = "***************";
{{ csrf_token() }}
$data = "";
$flag = "true";
if(isset($_POST['TxId'])) {
$txnid = $_POST['TxId'];
$data .= $txnid;
}
if(isset($_POST['TxStatus'])) {
$txnstatus = $_POST['TxStatus'];
$data .= $txnstatus;
}
if(isset($_POST['amount'])) {
$amount = $_POST['amount'];
$data .= $amount;
}
if(isset($_POST['pgTxnNo'])) {
$pgtxnno = $_POST['pgTxnNo'];
$data .= $pgtxnno;
}
if(isset($_POST['issuerRefNo'])) {
$issuerrefno = $_POST['issuerRefNo'];
$data .= $issuerrefno;
}
if(isset($_POST['authIdCode'])) {
$authidcode = $_POST['authIdCode'];
$data .= $authidcode;
}
if(isset($_POST['firstName'])) {
$firstName = $_POST['firstName'];
$data .= $firstName;
}
if(isset($_POST['lastName'])) {
$lastName = $_POST['lastName'];
$data .= $lastName;
}
if(isset($_POST['pgRespCode'])) {
$pgrespcode = $_POST['pgRespCode'];
$data .= $pgrespcode;
}
if(isset($_POST['addressZip'])) {
$pincode = $_POST['addressZip'];
$data .= $pincode;
}
if(isset($_POST['signature'])) {
$signature = $_POST['signature'];
}
$respSignature = hash_hmac('sha1', $data, $secret_key);
if($signature != "" && strcmp($signature, $respSignature) != 0) {
$flag = "false";
}
?>
<html>
<head>
<meta HTTP-EQUIV="Content-Type" CONTENT="text/html;CHARSET=iso-8859-1">
</head>
<body>
<?php
if ($flag == "true") {
?>
Your Unique Transaction/Order Id : <?php echo $txnid ?>
Transaction Status : <?php echo $txnstatus ?>
<?php } else { ?>
Citrus Response Signature and Our (Merchant) Signature Mis-Mactch
<?php } ?>
</body>
</html>
@stop
Please help
If your payment gateway allows to specify a custom callback URL per request you could set the callback URL to include the current CSFR token. Something like this:
$callbackUrl = url('ideas/paymentResponse?_token=' . csrf_token());
If you can't customize the callback URL per request, the only option you have left is disabling CSFR protection for your callback URL. Something like this
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'ideas/paymentResponse',
];
}