php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #25349 PayFlow Pro requires explicit putenv()
Submitted: 2003-09-01 21:29 UTC Modified: 2003-09-01 21:50 UTC
From: kmsluder at optonline dot net Assigned:
Status: Not a bug Package: Verisign Payflow Pro related
PHP Version: 4.3.2 OS: Red Hat Linux 8/ 2.2 Kernel
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: kmsluder at optonline dot net
New email:
PHP Version: OS:

 

 [2003-09-01 21:29 UTC] kmsluder at optonline dot net 
Description:
------------
When using the PayFlow Pro extension on Linux (PHP compiled as Apache2 module), one must explicitly set the PFPRO_CERT_PATH environment variable using a putenv() call prior to calling pfpro_init(), else the extension will attempt to look in the certs/ subfolder of the working directory.  This occurs even if the PFPRO_CERT_PATH variable has been set by Apache via a SetEnv directive, or if the environment variable has been added through the shell.

This requires either placing certificates in the certs/ subfolder of where PHP scripts are stored (obviously not a good idea), or specifically adding PFPRO_ to the list of safe mode allowed environment variables.

Reproduce code:
---------------
<?php
// File name: /usr/local/apache/htdocs/test_pfpro.php

// Echo the value of PFPRO_CERT_PATH, just to prove its existence
echo 'The value of PFPRO_CERT_PATH is: ' . getenv('PFPRO_CERT_PATH');

// Removing this line will cause pfpro to look
// in /usr/local/apache/htdocs/certs for the certificate file
putenv('PFPRO_CERT_PATH=/usr/local/verisign/payflowpro/linux/certs');

// The rest of this code is taken from the documentation for pfpro_process()

pfpro_init();

$transaction = array('USER'    => 'mylogin',
                     'PWD'     => 'mypassword',
                     'PARTNER' => 'VeriSign',
                     'TRXTYPE' => 'S',
                     'TENDER'  => 'C',
                     'AMT'     => 1.50,
                     'ACCT'    => '4111111111111111',
                     'EXPDATE' => '0904'
                    );

$response = pfpro_process($transaction);

if (!$response) {
  die("Couldn't establish link to Verisign.\n");
}

echo "Verisign response code was ".$response['RESULT'];
echo ", which means: ".$response['RESPMSG']."\n";

pfpro_cleanup();
?>

Expected result:
----------------
The value of PFPRO_CERT_PATH is: /usr/local/verisign/payflowpro/linux/certs

Verisign response code was 0, which means: Approved

Actual result:
--------------
The value of PFPRO_CERT_PATH is: /usr/local/verisign/payflowpro/linux/certs

Verisign response code was -31, which means: Certficate chain did not validate; Local certificate not found

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-09-01 21:50 UTC] sniper@php.net 
If your environment is set correctly prior to starting Apache2, it will work just fine. 

FYI: SetEnv in apache is NOT for setting these variables.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Jan 05 08:01:28 2025 UTC