====== PHP Hosted SecureCards ======

**Settings file (%gatewaySampleFileName_account.inc):**

<file php %gatewaySampleFileName_account.inc>

<?php

# These values are used to identify and validate the account that you are using. They are mandatory.
$gateway = '';			# This is the %Gateway payments gateway that you should use, assigned to the site by %Gateway.
$terminalId = '';		# This is the Terminal ID assigned to the site by %Gateway.
$currency = '';			# This is the 3 digit ISO currency code for the above Terminal ID.
$secret = '';			# This shared secret is used when generating the hash validation strings. 
						# It must be set exactly as it is in the %Gateway %SelfCare system.
$testAccount = true;

# These are used only in the case where the response hash is incorrect, which should
# never happen in the live environment unless someone is attempting fraud.
$adminEmail = '';
$adminPhone = '';

?>

</file>
----
\\
**SecureCard redirect (%gatewaySampleFileName_securecard.php):**

<file php %gatewaySampleFileName_securecard.php>

<?php

# This is the file that contains the account settings for Gateway.
require('%gatewaySampleFileName_account.inc');

# This is a helper file for integrating to the Gateway HPP in PHP.
require('%gatewaySampleFileName_securecard_functions.inc');

$secureCardAction = '';			# "register" or "update".
$secureCardMerchantRef = '';	# Unique Merchant Reference for this card. Length is limited to 48 chars.
$dateTime = requestDateTime();

# Verification string
$requestHash = secureCardRequestHash($secureCardMerchantRef, $dateTime, $secureCardAction);

# Request URL for the gateway
$requestURL = $gateway."/merchant/securecardpage";

# Write the HTML of the submission form
echo "<html><body><form id='gatewaysecurecardform' action='" . $requestURL . "' method='post'>\n";
writeHiddenField("ACTION", $secureCardAction);
writeHiddenField("TERMINALID", $terminalId);
writeHiddenField("MERCHANTREF", $secureCardMerchantRef);
writeHiddenField("DATETIME", $dateTime);
writeHiddenField("HASH", $requestHash);

# Write the JavaScript that will submit the form to Gateway.
echo '</form>Submitting SecureCard request to Gateway...<script language="JavaScript">document.getElementById("gatewaysecurecardform").submit();</script></body></html>';

?>
</file>


----
\\
Secure Token URL (**%gatewaySampleFileName_securecard_response.php**) (URL for this page is setup as “**Secure Token URL**” through Terminal Setup in the %SelfCare ):

<file php %gatewaySampleFileName_securecard_response.php>

<?php

# This is the file that contains the account settings for Gateway.
require('%gatewaySampleFileName_account.inc');

# This is a helper file for integrating to the Gateway HPP in PHP.
require('%gatewaySampleFileName_securecard_functions.inc');

if($_REQUEST["RESPONSECODE"] != "A") echo 'AN ERROR OCCURED! Your SecureCard request failed. Error message: ' . $_REQUEST["RESPONSETEXT"];

if(secureCardResponseHashIsValid($_REQUEST["RESPONSECODE"], $_REQUEST["RESPONSETEXT"], $_REQUEST["MERCHANTREF"], $_REQUEST["CARDREFERENCE"], $_REQUEST["DATETIME"], $_REQUEST["HASH"])) {
	switch($_REQUEST["RESPONSECODE"]) {
		case "A" :	# SecureCard registration suceeded. You should store the following details against the user account:
				$secureCardMerchantRef = $_REQUEST["MERCHANTREF"];
				$secureCardCardRef = $_REQUEST["CARDREFERENCE"];
				$secureCardCardType = $_REQUEST["CARDTYPE"];
				$secureCardMaskedCardNumber = $_REQUEST["MASKEDCARDNUMBER"];
				$secureCardCardCardExpiry = $_REQUEST["CARDEXPIRY"];
				echo "Success! Card Type: " . $secureCardCardType . ", Masked Card number: " . $secureCardMaskedCardNumber . ", expires (MMYY): " . $secureCardCardCardExpiry;
				break;
		default  :	# SecureCard registration failed.
				echo 'SECURECARD REGISTRATION FAILED! Error Code: ' . $_REQUEST["RESPONSECODE"] . ', Response text: ' . $_REQUEST["RESPONSETEXT"] . '.';
	}
} else {
	echo 'SECURECARD REGISTRATION FAILED: INVALID RESPONSE HASH. Please contact ' . $adminEmail . ' or call ' . $adminPhone . ' to inform them of this error.';
	if(isset($_REQUEST["ORDERID"])) echo 'Please quote Gateway Terminal ID: ' . $terminalId . ', and SecureCard Merchant Reference: ' . $_REQUEST["MERCHANTREF"] . ' when mailling or calling.';
}

?>


</file>

----
\\
**Helper file (%gatewaySampleFileName_securecard_functions.inc):**

<file php %gatewaySampleFileName_securecard_functions.inc>

<?php

# This simply reduces the PHP code required to build the form.
function writeHiddenField($fieldName, $fieldValue) {
	echo "<input type='hidden' name='" . $fieldName . "' value='" . $fieldValue . "' />";
}

# This generates a DATETIME value in the correct format expected in the request.
function requestDateTime() {
	return date('d-m-Y:H:i:s:000');
}

# This is used to generate the Authorisation Request Hash.
function secureCardRequestHash($secureCardMerchantRef, $dateTime, $secureCardAction) {
	global $terminalId, $secret;
	return md5($terminalId . $secureCardMerchantRef . $dateTime . $secureCardAction . $secret);
}

# This function is used to validate that the MPI Response Hash from the server is correct.
#     If secureCardResponseHashIsValid(...) != $_REQUEST["HASH"] then an error should be shown and the SecureCard registration should fail.
function secureCardResponseHashIsValid($responseCode, $responseText, $secureCardMerchantRef, $secureCardCardRef, $dateTime, $responseHash) {
	global $terminalId, $secret;
	return (md5($terminalId . $responseCode . $responseText . $secureCardMerchantRef . $secureCardCardRef . $dateTime . $secret)==$responseHash);
}

?>

</file>