Php Hosted Payment With Secure Card Storage

Knowledge Base

Get help for payment solutions. Search our articles or browse by category below.

PHP HOSTED PAYMENTS WITH SECURECARD STORAGE

Settings file (worldnet_account.inc):

(worldnet_account.inc
<?php
 
# These values are used to identify and validate the account that you are using. They are mandatory.
$gateway = '';			# This is the WorldNet payments gateway that you should use, assigned to the site by WorldNet. (WORLDNET/CASHFLOWS/PAYIUS)
$terminalId = '';		# This is the Terminal ID assigned to the site by WorldNet.
$currency = '';			# This is the 3 digit ISO currency code for the above Terminal ID.
$secret = '';			# This shared secret is used when generating the hash validation strings. 
				# It must be set exactly as it is in the WorldNet SelfCare system.
$testAccount = true;
 
# This should contain the URL of the receipt page and validation page
$receiptPageURL = 'https://www.yourdomain.com/path_to_receipt_file/worldnet_receipt_page.php';
$validationURL = 'https://www.yourdomain.com/path_to_validation_file/worldnet_validate.php';
 
# These are used only in the case where the response hash is incorrect, which should
# never happen in the live environment unless someone is attempting fraud.
$adminEmail = '';
$adminPhone = '';
 
?>

Payment page (worldnet_payment.php):

worldnet_payment.php
<?php
 
# This is the file that contains the account settings for WorldNet.
require('worldnet_account.inc');
 
# This is a helper file for intgerating to the WorldNet HPP in PHP.
require('worldnet_hpp_functions.inc');
 
# These values are specific to the transaction.
$orderId = '';			# This should be unique per transaction.
$amount = '';			# This should include the decimal point.
$secureCardMerchantRef = '';    # (mandatory in order to store card details) This should be a unique identifier for the card such as a DB id.

$email = '';			# (optional) If this is sent then WorldNet will send a receipt to this e-mail address.
$description = '';		# (optional) This can is a decription for the transaction that will be available in the merchant notification e-mail and in the SelfCare system.
$autoReady = '';		# (optional) Y or N. Automatically set the transaction to a status of Ready in the batch. If not present the terminal default will be used.

$cardholderName = '';		# (optional) If the cardholders name is available it should be populated here. If so it will be pre-populated on the payment page.
$address1 = '';			# (optional) This is the first line of the cardholders billing address.
$address2 = '';			# (optional) This is the second line of the cardholders billing address.
$postcode = '';			# (optional) This is the postcode of the cardholders billing address.

$dateTime = requestDateTime();
 
# If there's no orderId set then generate a unique time-based order ID.
if(!isset($orderId) || $orderId == '') $orderId = generateUniqueOrderId();
 
# ------ Add order to the local database here if using one ------

# Verification string
$requestHash = authRequestHash($orderId, $amount, $dateTime);
 
# Write the HTML of the submission form
echo "<html><body><form id='worldnetform' action='" . requestURL() . "' method='post'>\n";
writeHiddenField("TERMINALID", $terminalId);
writeHiddenField("CURRENCY", $currency);
writeHiddenField("ORDERID", $orderId);
writeHiddenField("SECURECARDMERCHANTREF", $secureCardMerchantRef);
writeHiddenField("AMOUNT", $amount);
writeHiddenField("DATETIME", $dateTime);
if(isset($cardholderName) && $cardholderName != '') writeHiddenField("CARDHOLDERNAME", $cardholderName);
if(isset($postcode) && $postcode != '') {
	writeHiddenField("ADDRESS1", $address1);
	writeHiddenField("ADDERSS2", $address2);
	writeHiddenField("POSTCODE", $postcode);
}
if(isset($email) && $email != '') writeHiddenField("EMAIL", $email);
if(isset($description) && $description != '') writeHiddenField("DESCRIPTION", $description);
if(isset($autoReady) && $autoReady != '') writeHiddenField("AUTOREADY", $autoReady);
writeHiddenField("RECEIPTPAGEURL", $receiptPageURL);
if($validationURL != '') writeHiddenField("VALIDATIONURL", $validationURL);
writeHiddenField("HASH", $requestHash);
 
# You can also include any other custom fields here. Their contents will for included in the response POST to the receipt page.
# writeHiddenField("Customer ID", '32856951');

# Write the JavaScript that will submit the form to WorldNet.
echo '</form>Submitting order to WorldNet for Payment...<script language="JavaScript">document.getElementById("worldnetform").submit();</script></body></html>';
 
?>

Receipt page (worldnet_receipt_page.php):

worldnet_receipt_page.php
<?php
 
# This is the file that contains the account settings for WorldNet.
require('worldnet_account.inc');
 
# This is a helper file for intgerating to the WorldNet HPP in PHP.
require('worldnet_hpp_functions.inc');
 
if(authResponseHashIsValid($_REQUEST["ORDERID"], $_REQUEST["AMOUNT"], $_REQUEST["DATETIME"], $_REQUEST["RESPONSECODE"], $_REQUEST["RESPONSETEXT"], $_REQUEST["MERCHANTREF"], $_REQUEST["CARDREFERENCE"], $_REQUEST["CARDTYPE"], $_REQUEST["MASKEDCARDNUMBER"], $_REQUEST["CARDEXPIRY"], $_REQUEST["HASH"])) {
	switch($_REQUEST["RESPONSECODE"]) {
		case "A" :	# -- If using local database, update order as Paid/Successful
				if($_REQUEST["ISSTORED"]="true") {
					# Also Store SecureCard token details: 
					$_REQUEST["MERCHANTREF"];	# The Merchant Reference of the card stored (same as sent to us above)
					$_REQUEST["CARDREFERENCE"];	# The 16 digit SecureCard Card Reference used for processing payments
					$_REQUEST["CARDTYPE"];
					$_REQUEST["MASKEDCARDNUMBER"];
					$_REQUEST["CARDEXPIRY"];
					echo 'Card details have been securely stored with WorldNet for future use on this site only.';
				} else {
					echo 'Card details failed to be stored. Reason: $_REQUEST["SCERROR"].';
				}
				echo 'Payment Processed successfully. Thanks you for your order.';
				break;
		case "R" :
		case "D" :
		case "C" :
		case "S" :
		default  :	# -- If using local database, update order as declined/failed --
				echo 'PAYMENT DECLINED! Please try again with another card. Bank response: ' . $_REQUEST["RESPONSETEXT"];
	}
} else {
	echo 'PAYMENT FAILED: INVALID RESPONSE HASH. Please contact <a href="mailto:' . $adminEmail . '">' . $adminEmail . '</a> or call ' . $adminPhone . ' to clarify if you will get charged for this order.';
	if(isset($_REQUEST["ORDERID"])) echo 'Please quote WorldNet Terminal ID: ' . $terminalId . ', and Order ID: ' . $_REQUEST["ORDERID"] . ' when mailling or calling.';
}
 
?>

Helper file (worldnet_hpp_functions.inc):

worldnet_hpp_functions.inc)
<?php
 
# This function returns the URL that should be used as the "action" for the form posting the WorldNet's servers.
function requestURL() {
	global $gateway, $testAccount;
	$url = 'https://';
	if($testAccount) $url .= 'test';
	switch (strtolower($gateway)) {
		case 'cashflows' : $url .= 'cashflows.worldnettps.com'; break;
		case 'payius' : $url .= 'payments.payius.com'; break;
		default :
		case 'worldnet'  : $url .= 'payments.worldnettps.com'; break;
	}
	$url .= '/merchant/paymentpage';
	return $url;
}
 
# This simply reduces the PHP code required to build the form.
function writeHiddenField($fieldName, $fieldValue) {
	echo "<input type='hidden' name='" . $fieldName . "' value='" . $fieldValue . "' />\r";
}
 
# This generates a DATETIME value in the correct format expected in the request.
function requestDateTime() {
	return date('d-m-Y:H:i:s:000');
}
 
# If you are not using your own Order ID's and need to use unique random ones, this function will generate one for you.
function generateUniqueOrderId() {
	$seconds = date('H')*3600+date('i')*60+date('s');
	return date('zy') . $seconds;
}
 
# This is used to generate the Authorisation Request Hash.
function authRequestHash($orderId, $amount, $dateTime) {
	global $terminalId, $secret, $receiptPageURL, $validationURL;
	return md5($terminalId . $orderId . $amount . $dateTime . $receiptPageURL . $validationURL . $secret);
}
 
# This function is used to validate that the Authorisation Response Hash from the server is correct.
#     If authResponseHashIsValid(...) != $_REQUEST["HASH"] then an error should be shown and the transaction should not be approved.
function authResponseHashIsValid($orderId, $amount, $dateTime, $responseCode, $responseText, $merchantRef, $secureCardCardRef, $cardType, $maskedCardNumber, $cardExpiry, $responseHash) {
	global $terminalId, $secret;
	return (md5($terminalId . $orderId . $amount . $dateTime . $responseCode . $responseText . $merchantRef . $secureCardCardRef . $cardType . $maskedCardNumber . $cardExpiry . $secret)==$responseHash);
}
 
?>

Background Validation page (worldnet_validate.php):

worldnet_validate.php
<?php
 
# This is the file that contains the account settings for WorldNet.
require('worldnet_account.inc');
 
# This is a helper file for intgerating to the WorldNet HPP in PHP.
require('worldnet_hpp_functions.inc');
 
if(authResponseHashIsValid($_REQUEST["ORDERID"], $_REQUEST["AMOUNT"], $_REQUEST["DATETIME"], $_REQUEST["RESPONSECODE"], $_REQUEST["RESPONSETEXT"], $_REQUEST["MERCHANTREF"], $_REQUEST["CARDREFERENCE"], $_REQUEST["CARDTYPE"], $_REQUEST["MASKEDCARDNUMBER"], $_REQUEST["CARDEXPIRY"], $_REQUEST["HASH"])) {
	if( ) {                                    # -- Do check to ensure that $_REQUEST["ORDERID"] is in the database
		switch($_REQUEST["RESPONSECODE"]) {
			case "A" :	# -- Update order in database as paid/sucessful
					if($_REQUEST["ISSTORED"]="true") {
						# Also Store SecureCard token details: 
						$_REQUEST["MERCHANTREF"];	# The Merchant Reference of the card stored (same as sent to us above)
						$_REQUEST["CARDREFERENCE"];	# The 16 digit SecureCard Card Reference used for processing payments
						$_REQUEST["CARDTYPE"];
						$_REQUEST["MASKEDCARDNUMBER"];
						$_REQUEST["CARDEXPIRY"];
					}
					echo 'OK';
					break;
			case "R" :
			case "D" :
			case "C" :
			default  :	# -- Update order in database as declined/failed --
					echo 'OK';
		}
	} else {
		echo 'Order ID: ' . $_REQUEST["ORDERID"] . ' not found in database.';
	}
} else {
	echo 'Background validation hash incorrect.';
}
 
?>
0
Copyright © 2017 Worldnet Knowledge Base | Powered by DokuWiki
developer/sample_codes/php_hosted_payment_with_secure_card_storage.txt · Last modified: 2016/07/26 10:55 (external edit)