Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
developer:sample_codes:php_hosted_payment_with_secure_card_storage [2017/11/02 10:58]
127.0.0.1 external edit
developer:sample_codes:php_hosted_payment_with_secure_card_storage [2019/07/25 13:28] (current)
branko
Line 1: Line 1:
 +====== PHP HOSTED PAYMENTS WITH SECURECARD STORAGE ======
  
 +**Settings file (%gatewaySampleFileName_account.inc):​**
 +
 +<file php (%gatewaySampleFileName_account.inc>​
 +
 +<?php
 +
 +# These values are used to identify and validate the account that you are using. They are mandatory.
 +$gateway = '';​ #​ This is the %Gateway payments gateway that you should use, assigned to the site by %Gateway.
 +$terminalId = '';​ #​ This is the Terminal ID assigned to the site by %Gateway.
 +$currency = '';​ #​ This is the 3 digit ISO currency code for the above Terminal ID.
 +$secret = '';​ #​ This shared secret is used when generating the hash validation strings. ​
 +         # It must be set exactly as it is in the %Gateway %SelfCare system.
 +$testAccount = true;
 +$host = '';​ #​This should be your host eg. http://​localhost:​8000
 +
 +# This should contain the URL of the receipt page and validation page
 +$receiptPageURL = $host.'';​
 +$validationURL = $host.'';​
 +
 +# These are used only in the case where the response hash is incorrect, which should
 +# never happen in the live environment unless someone is attempting fraud.
 +$adminEmail = '';​
 +$adminPhone = '';​
 +
 +?>
 +
 +</​file>​
 +----
 +\\
 +
 +**Payment page (%gatewaySampleFileName_payment.php):​**
 +
 +<file php %gatewaySampleFileName_payment.php>​
 +
 +<?php
 +
 +# This is the file that contains the account settings for Gateway.
 +require('​%gatewaySampleFileName_account.inc'​);​
 +
 +# This is a helper file for intgerating to the GatewayHPP in PHP.
 +require('​%gatewaySampleFileName_hpp_functions.inc'​);​
 +
 +# These values are specific to the transaction.
 +$orderId = '';​  ​               # This should be unique per transaction.
 +$amount = ''; ​                  # This should include the decimal point.
 +$secureCardMerchantRef = ''; ​   # (mandatory in order to store card details) This should be a unique identifier for the card such as a DB id.
 +$dateTime = requestDateTime();​
 +
 +$autoReady = '';​ #​ (optional) Y or N. Automatically set the transaction to a status of Ready in the batch. If not present the terminal default will be used.
 +$description = '';​ #​ (optional) This is a decription for the transaction that will be available in the merchant notification e-mail and in the SelfCare system.
 +
 +$email = '';​ #​ (optional) If this is sent then Gatewaywill send a receipt to this e-mail address.
 +$cardholderName = ''; ​   # (optional) This is the cardholder'​s name if available
 +
 +$address1 = '';​ #​ (optional) This is the first line of the cardholders billing address.
 +$address2 = '';​ #​ (optional) This is the second line of the cardholders billing address.
 +$postcode = '';​ #​ (optional) This is the postcode of the cardholders billing address.
 +
 +
 +# If there'​s no orderId set then generate a unique time-based order ID.
 +if(!isset($orderId) || $orderId == ''​) $orderId = generateUniqueOrderId();​
 +
 +# ------ Add order to the local database here if using one ------
 +
 +# Verification string
 +$requestHash = authRequestHash($orderId,​ $amount, $dateTime);
 +
 +# Request URL for the gateway
 +$requestURL = $gateway.'/​merchant/​paymentpage';​
 +
 +# Write the HTML of the submission form
 +echo "<​html><​body><​form id='​gatewayform'​ action='"​ . $requestURL . "'​ method='​post'>​\n";​
 +writeHiddenField("​TERMINALID",​ $terminalId);​
 +writeHiddenField("​CURRENCY",​ $currency);
 +writeHiddenField("​ORDERID",​ $orderId);
 +writeHiddenField("​SECURECARDMERCHANTREF",​ $secureCardMerchantRef);​
 +writeHiddenField("​AMOUNT",​ $amount);
 +writeHiddenField("​DATETIME",​ $dateTime);
 +if(isset($cardholderName) && $cardholderName != ''​) writeHiddenField("​CARDHOLDERNAME",​ $cardholderName);​
 +if(isset($postcode) && $postcode != ''​) {
 + writeHiddenField("​ADDRESS1",​ $address1);
 + writeHiddenField("​ADDRESS2",​ $address2);
 + writeHiddenField("​POSTCODE",​ $postcode);
 +}
 +if(isset($email) && $email != ''​) writeHiddenField("​EMAIL",​ $email);
 +if(isset($description) && $description != ''​) writeHiddenField("​DESCRIPTION",​ $description);​
 +if(isset($autoReady) && $autoReady != ''​) writeHiddenField("​AUTOREADY",​ $autoReady);​
 +if($receiptPageURL != ''​) writeHiddenField("​RECEIPTPAGEURL",​ $receiptPageURL);​
 +if($validationURL != ''​) writeHiddenField("​VALIDATIONURL",​ $validationURL);​
 +writeHiddenField("​HASH",​ $requestHash);​
 +
 +# You can also include any other custom fields here. Their contents will for included in the response POST to the receipt page.
 +# writeHiddenField("​Customer ID", '​32856951'​);​
 +
 +# Write the JavaScript that will submit the form to Gateway.
 +echo '</​form>​Submitting order to Gateway for Payment...<​script language="​JavaScript">​document.getElementById("​gatewayform"​).submit();</​script></​body></​html>';​
 +
 +?>
 +
 +</​file>​
 +----
 +\\
 +
 +**Receipt page (%gatewaySampleFileName_receipt_page.php):​**
 +
 +<file php %gatewaySampleFileName_receipt_page.php>​
 +
 +<?php
 +
 +# This is the file that contains the account settings for Gateway.
 +require('​%gatewaySampleFileName_account.inc'​);​
 +
 +# This is a helper file for integrating to the Gateway HPP in PHP.
 +require('​%gatewaySampleFileName_hpp_functions.inc'​);​
 +
 +if(authResponseHashIsValid($_REQUEST["​ORDERID"​],​ $_REQUEST["​AMOUNT"​],​ $_REQUEST["​DATETIME"​],​ $_REQUEST["​RESPONSECODE"​],​ $_REQUEST["​RESPONSETEXT"​],​ $_REQUEST["​MERCHANTREF"​],​ $_REQUEST["​CARDREFERENCE"​],​ $_REQUEST["​CARDTYPE"​],​ $_REQUEST["​MASKEDCARDNUMBER"​],​ $_REQUEST["​CARDEXPIRY"​],​ $_REQUEST["​HASH"​])) {
 + # -- Do check to ensure that $_REQUEST["​ORDERID"​] is in the database
 + if($_REQUEST["​ORDERID"​]) {
 + switch($_REQUEST["​RESPONSECODE"​]) {
 + case "​A"​ : # -- If using local database, update order as Paid/​Successful
 + if($_REQUEST["​ISSTORED"​]="​true"​) {
 + # SecureCard registration suceeded. You should store the following details against the user account:
 + $secureCardMerchantRef = $_REQUEST["​MERCHANTREF"​];​
 + $secureCardCardRef = $_REQUEST["​CARDREFERENCE"​];​
 + $secureCardCardType = $_REQUEST["​CARDTYPE"​];​
 + $secureCardMaskedCardNumber = $_REQUEST["​MASKEDCARDNUMBER"​];​
 + $secureCardCardCardExpiry = $_REQUEST["​CARDEXPIRY"​];​
 + echo 'Card details have been securely stored with Gateway for future use on this site only.';​
 + } else {
 + echo 'Card details failed to be stored. Reason: $_REQUEST["​SCERROR"​].';​
 + }
 + echo '​Payment Processed successfully. Thanks you for your order.';​
 + break;
 + case "​R"​ :
 + case "​D"​ :
 + case "​C"​ :
 + case "​S"​ :
 + default ​ : # -- If using local database, update order as declined/​failed --
 + echo '​PAYMENT DECLINED! Please try again with another card. Bank response: ' . $_REQUEST["​RESPONSETEXT"​];​
 + }
 + } else {
 + echo 'Order ID: ' . $_REQUEST["​ORDERID"​] . ' not found. Please contact <a href="​mailto:'​ . $adminEmail . '">'​ . $adminEmail . '</​a>​ or call ' . $adminPhone . ' to clarify.';​
 + }
 +} else {
 + echo '​PAYMENT FAILED: INVALID RESPONSE HASH. Please contact <a href="​mailto:'​ . $adminEmail . '">'​ . $adminEmail . '</​a>​ or call ' . $adminPhone . ' to clarify if you will get charged for this order.';​
 + if(isset($_REQUEST["​ORDERID"​])) echo '​Please quote Gateway Terminal ID: ' . $terminalId . ', and Order ID: ' . $_REQUEST["​ORDERID"​] . ' when mailling or calling.';​
 +}
 +
 +?>
 +</​file>​
 +----
 +\\
 +
 +**
 +Helper file (%gatewaySampleFileName_hpp_functions.inc):​**
 +
 +<file php %gatewaySampleFileName_hpp_functions.inc)>​
 +
 +<?php
 +
 +# This simply reduces the PHP code required to build the form.
 +function writeHiddenField($fieldName,​ $fieldValue) {
 + echo "<​input type='​hidden'​ name='"​ . $fieldName . "'​ value='"​ . $fieldValue . "'​ />";​
 +}
 +
 +# This generates a DATETIME value in the correct format expected in the request.
 +function requestDateTime() {
 + return date('​d-m-Y:​H:​i:​s:​000'​);​
 +}
 +
 +# If you are not using your own Order ID's and need to use unique random ones, this function will generate one for you.
 +function generateUniqueOrderId() {
 + $seconds = date('​H'​)*3600+date('​i'​)*60+date('​s'​);​
 + return date('​zy'​) . $seconds;
 +}
 +
 +# This is used to generate the Authorisation Request Hash.
 +function authRequestHash($orderId,​ $amount, $dateTime) {
 + global $terminalId,​ $secret, $receiptPageURL,​ $validationURL;​
 + return md5($terminalId . $orderId . $amount . $dateTime . $receiptPageURL . $validationURL . $secret);
 +}
 +
 +# This function is used to validate that the Authorisation Response Hash from the server is correct.
 +#     If authResponseHashIsValid(...) != $_REQUEST["​HASH"​] then an error should be shown and the transaction should not be approved.
 +function authResponseHashIsValid($orderId,​ $amount, $dateTime, $responseCode,​ $responseText,​ $merchantRef,​ $secureCardCardRef,​ $cardType, $maskedCardNumber,​ $cardExpiry,​ $responseHash) {
 + global $terminalId,​ $secret;
 + return (md5($terminalId . $orderId . $amount . $dateTime . $responseCode . $responseText . $merchantRef . $secureCardCardRef . $cardType . $maskedCardNumber . $cardExpiry . $secret)==$responseHash);​
 +}
 +
 +?>
 +</​file>​
 +----
 +\\
 +
 +**Background Validation page (%gatewaySampleFileName_validate.php):​**
 +
 +<file php %gatewaySampleFileName_validate.php>​
 +
 +<?php
 +
 +# This is the file that contains the account settings for Gateway.
 +require('​%gatewaySampleFileName_account.inc'​);​
 +
 +# This is a helper file for intgerating to the Gateway HPP in PHP.
 +require('​%gatewaySampleFileName_hpp_functions.inc'​);​
 +
 +if(authResponseHashIsValid($_REQUEST["​UNIQUEREF"​],​ $_REQUEST["​AMOUNT"​],​ $_REQUEST["​DATETIME"​],​ $_REQUEST["​RESPONSECODE"​],​ $_REQUEST["​RESPONSETEXT"​],​ $_REQUEST["​MERCHANTREF"​],​ $_REQUEST["​CARDREFERENCE"​],​ $_REQUEST["​CARDTYPE"​],​ $_REQUEST["​MASKEDCARDNUMBER"​],​ $_REQUEST["​CARDEXPIRY"​],​ $_REQUEST["​HASH"​])){
 + # -- Do check to ensure that $_REQUEST["​ORDERID"​] is in the database
 + if($_REQUEST["​ORDERID"​]) {
 + switch($_REQUEST["​RESPONSECODE"​]) {
 + case "​A"​ : # -- Update order in database as paid/​sucessful
 + if($_REQUEST["​ISSTORED"​]="​true"​) { 
 + # SecureCard registration suceeded. You should store the following details against the user account:
 + $secureCardMerchantRef = $_REQUEST["​MERCHANTREF"​];​
 + $secureCardCardRef = $_REQUEST["​CARDREFERENCE"​];​
 + $secureCardCardType = $_REQUEST["​CARDTYPE"​];​
 + $secureCardMaskedCardNumber = $_REQUEST["​MASKEDCARDNUMBER"​];​
 + $secureCardCardCardExpiry = $_REQUEST["​CARDEXPIRY"​];​
 + }
 + echo '​OK';​
 + break;
 + case "​R"​ :
 + case "​D"​ :
 + case "​C"​ :
 + default ​ : # -- Update order in database as declined/​failed --
 + echo '​OK';​
 + }
 + } else {
 + echo 'Order ID: ' . $_REQUEST["​ORDERID"​] . ' not found in database.';​
 + }
 +} else {
 + echo '​Background validation hash incorrect.';​
 +}
 +
 +?>
 +
 +
 +</​file>​
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International