I'm using Paytm payment gateway in my Codeigniter project, I'm sending parameters according to Paytm and everything works fine but after make payment when Paytm redirect back to my callback URL (which is a function in my home controller) with response I'm getting "The action you have requested is not allowed." error. I also tried to send a parameter of csrf token to paytm but they refuesd it.
Please help me how can i get that paytm response.
{
header("Pragma: no-cache");
header("Cache-Control: no-cache");
header("Expires: 0");
// following files need to be included
require_once(APPPATH . "/libraries/config_paytm.php");
require_once(APPPATH . "/libraries/encdec_paytm.php");
$checkSum = "";
$paramList = array();
$ORDER_ID = time().mt_rand().$this->session->userdata('inf_ses_id');
$CUST_ID = $this->session->userdata('inf_ses_id')."_thebell";
$INDUSTRY_TYPE_ID = "Retail"; //$_POST["INDUSTRY_TYPE_ID"];
$CHANNEL_ID = "WEB"; //$_POST["CHANNEL_ID"];
$TXN_AMOUNT = $this->session->userdata('plan_price');
// Create an array having all required parameters for creating checksum.
$paramList["MID"] = PAYTM_MERCHANT_MID;
$paramList["ORDER_ID"] = $ORDER_ID;
$paramList["CUST_ID"] = $CUST_ID;
$paramList["INDUSTRY_TYPE_ID"] = $INDUSTRY_TYPE_ID;
$paramList["CHANNEL_ID"] = $CHANNEL_ID;
$paramList["TXN_AMOUNT"] = $TXN_AMOUNT;
$paramList["WEBSITE"] = PAYTM_MERCHANT_WEBSITE;
$paramList["CALLBACK_URL"] = "http://localhost/my_project/home/paytm_response";
//Here checksum string will return by getChecksumFromArray() function.
$checkSum = getChecksumFromArray($paramList,PAYTM_MERCHANT_KEY);
echo "<html>
<head>
<title>Merchant Check Out Page</title>
</head>
<body>
<center><h1>Please do not refresh this page...</h1></center>
<form method='post' action='".PAYTM_TXN_URL."' name='f1'>
<table border='1'>
<tbody>";
foreach($paramList as $name => $value) {
echo '<input type="hidden" name="' . $name .'" value="' . $value . '">';
}
echo "<input type='hidden' name='CHECKSUMHASH' value='". $checkSum . "'>
</tbody>
</table>
<script type='text/javascript'>
document.f1.submit();
</script>
</form>
</body>
</html>";
}
Here is my callback function in the same controller
public function paytm_response(){
var_dump($_POST); }
An Error Was Encountered The action you have requested is not allowed.
On some ocassions, like when you're getting a POST from an external site, you can't rely on the external site to be able to provide a CSRF token.
One way to work around this is to grant the specific controller/method that's getting the POST from the external site an excepcion to CSRF checks.
On your main config.php find a variable called $config['csrf_exclude_uris'] (should be an empty array if you've never used it). Just add the controller/method pair like this:
$config['csrf_exclude_uris'] = array('yourcontroller/yourmethod');
Since it's an array, if you need to exclude more than one controller/method pair, just add it at the end:
$config['csrf_exclude_uris'] = array('yourcontroller/your_first_method', 'yourcontroller/your_second_method');
hope that helps