Knowledge Base

Get help for payment solutions. Search our articles or browse by category below.

PHP Hosted Payments

Settings file (worldnet_account.inc):

worldnet_account.inc
<?php
 
# These values are used to identify and validate the account that you are using. They are mandatory.
$gateway = '';			# This is the WorldNet payments gateway that you should use, assigned to the site by WorldNet.
$terminalId = '';		# This is the Terminal ID assigned to the site by WorldNet.
$currency = '';			# This is the 3 digit ISO currency code for the above Terminal ID.
$secret = '';			# This shared secret is used when generating the hash validation strings. 
						# It must be set exactly as it is in the WorldNet Self Care system.
$testAccount = true;
$receiptPageURL = '';	# This should be Url to receipt php file eg. http://localhost:8000/testingPhpCode/PHPHostedPayments/worldnet_receipt_page.php

# These are used only in the case where the response hash is incorrect, which should
# never happen in the live environment unless someone is attempting fraud.
$adminEmail = '';
$adminPhone = '';
 
?>


Payment page (worldnet_payment.php):

worldnet_payment.php
<?php
 
# This is the file that contains the account settings for WorldNet.
require('worldnet_account.inc');
 
# This is a helper file for intgerating to the WorldNet HPP in PHP.
require('worldnet_hpp_functions.inc');
 
# These values are specific to the transaction.
$orderId = '';			# This should be unique per transaction.
$amount = '';			# This should include the decimal point.

$email = '';			# (optional) If this is sent then WorldNet will send a receipt to this e-mail address.
$description = '';		# (optional) This can is a decription for the transaction that will be available in the merchant notification e-mail and in the Self Care system.
$autoReady = 'Y';		# (optional) Y or N. Automatically set the transaction to a status of Ready in the batch. If not present the terminal default will be used.

$cardholderName = '';	# (optional) If the cardholders name is available it should be populated here. If so it will be pre-populated on the payment page.
$address1 = '';			# (optional) This is the first line of the cardholders billing address.
$address2 = '';			# (optional) This is the second line of the cardholders billing address.
$postcode = '';			# (optional) This is the postcode of the cardholders billing address.
$host = '';				# This should your host eg. http://localhost:8000
$dateTime = requestDateTime();
 
# If there's no orderId set then generate a unique time-based order ID.
if(!isset($orderId) || $orderId == '') $orderId = generateUniqueOrderId();
 
# ------ Add order to the local database here if using one ------

# Verification string
$requestHash = authRequestHash($orderId, $amount, $dateTime);
 
$requestURL = $host.'/merchant/paymentpage';
			# Write the HTML of the submission form
echo "<html><body><form id='worldnetform' action='" . $requestURL . "' method='post'>\n";
writeHiddenField("TERMINALID", $terminalId);
writeHiddenField("CURRENCY", $currency);
writeHiddenField("ORDERID", $orderId);
writeHiddenField("AMOUNT", $amount);
writeHiddenField("DATETIME", $dateTime);
if(isset($cardholderName) && $cardholderName != '') writeHiddenField("CARDHOLDERNAME", $cardholderName);
if(isset($postcode) && $postcode != '') {
	writeHiddenField("ADDRESS1", $address1);
	writeHiddenField("ADDERSS2", $address2);
	writeHiddenField("POSTCODE", $postcode);
}
if(isset($email) && $email != '') writeHiddenField("EMAIL", $email);
if(isset($description) && $description != '') writeHiddenField("DESCRIPTION", $description);
if(isset($autoReady) && $autoReady != '') writeHiddenField("AUTOREADY", $autoReady);
writeHiddenField("RECEIPTPAGEURL", $receiptPageURL);
if($validationURL != '') writeHiddenField("VALIDATIONURL", $validationURL);
writeHiddenField("HASH", $requestHash);
 
# You can also include any other custom fields here. Their contents will for included in the response POST to the receipt page.
# writeHiddenField("Customer ID", '32856951');

# Write the JavaScript that will submit the form to WorldNet.
echo '</form>Submitting order to WorldNet for Payment...<script language="JavaScript">document.getElementById("worldnetform").submit();</script></body></html>';
 
?>


Receipt page (worldnet_receipt_page.php):

worldnet_receipt_page.php
<?php
 
# This is the file that contains the account settings for WorldNet.
require('worldnet_account.inc');
 
# This is a helper file for intgerating to the WorldNet HPP in PHP.
require('worldnet_hpp_functions.inc');
 
if(authResponseHashIsValid($_REQUEST["ORDERID"], $_REQUEST["AMOUNT"], $_REQUEST["DATETIME"], $_REQUEST["RESPONSECODE"], $_REQUEST["RESPONSETEXT"], $_REQUEST["HASH"])) {
	switch($_REQUEST["RESPONSECODE"]) {
		case "A" :	# -- If using local database, update order as Paid/Successful
				echo 'Payment Processed successfully. Thanks you for your order.';
				break;
		case "R" :
		case "D" :
		case "C" :
		case "S" :
		default  :	# -- If using local database, update order as declined/failed --
				echo 'PAYMENT DECLINED! Please try again with another card. Bank response: ' . $_REQUEST["RESPONSETEXT"];
	}
} else {
	echo 'PAYMENT FAILED: INVALID RESPONSE HASH. Please contact <a href="mailto:' . $adminEmail . '">' . $adminEmail . '</a> or call ' . $adminPhone . ' to clarify if you will get charged for this order.';
	if(isset($_REQUEST["ORDERID"])) echo 'Please quote WorldNet Terminal ID: ' . $terminalId . ', and Order ID: ' . $_REQUEST["ORDERID"] . ' when mailling or calling.';
}
 
?>


Helper file (worldnet_hpp_functions.inc):

worldnet_hpp_functions.inc
<?php
 
# This function returns the URL that should be used as the "action" for the form posting the WorldNet's servers.
function requestURL() {
	global $gateway, $testAccount;
	$url = 'https://';
	if($testAccount) $url .= 'test';
	switch (strtolower($gateway)) {
		case 'cashflows' : $url .= 'cashflows.worldnettps.com'; break;
		case 'payius' : $url .= 'payments.payius.com'; break;
		default :
		case 'worldnet'  : $url .= 'payments.worldnettps.com'; break;
	}
	$url .= '/merchant/paymentpage';
	return $url;
}
 
# This simply reduces the PHP code required to build the form.
function writeHiddenField($fieldName, $fieldValue) {
	echo "<input type='hidden' name='" . $fieldName . "' value='" . $fieldValue . "' />\r";
}
 
# This generates a DATETIME value in the correct format expected in the request.
function requestDateTime() {
	return date('d-m-Y:H:i:s:000');
}
 
# If you are not using your own Order ID's and need to use unique random ones, this function will generate one for you.
function generateUniqueOrderId() {
	$seconds = date('H')*3600+date('i')*60+date('s');
	return date('zy') . $seconds;
}
 
# This is used to generate the Authorisation Request Hash.
function authRequestHash($orderId, $amount, $dateTime) {
	global $terminalId, $secret, $receiptPageURL, $validationURL;
	return md5($terminalId . $orderId . $amount . $dateTime . $receiptPageURL . $validationURL . $secret);
}
 
# This function is used to validate that the Authorisation Response Hash from the server is correct.
#     If authResponseHashIsValid(...) != $_REQUEST["HASH"] then an error should be shown and the transaction should not be approved.
function authResponseHashIsValid($orderId, $amount, $dateTime, $responseCode, $responseText, $responseHash) {
	global $terminalId, $secret;
	return (md5($terminalId . $orderId . $amount . $dateTime . $responseCode . $responseText . $secret)==$responseHash);
}
 
?>


Background Validation page (worldnet_validate.php):

worldnet_validate.php
<?php
 
# This is the file that contains the account settings for WorldNet.
require('worldnet_account.inc');
 
# This is a helper file for intgerating to the WorldNet HPP in PHP.
require('worldnet_hpp_functions.inc');
 
if(authResponseHashIsValid($_REQUEST["ORDERID"], $_REQUEST["AMOUNT"], $_REQUEST["DATETIME"], $_REQUEST["RESPONSECODE"], $_REQUEST["RESPONSETEXT"], $_REQUEST["HASH"])) {
	if( ) {                                    # -- Do check to ensure that $_REQUEST["ORDERID"] is in the database
		switch($_REQUEST["RESPONSECODE"]) {
			case "A" :	# -- Update order in database as paid/sucessful --
					echo 'OK';
					break;
			case "R" :
			case "D" :
			case "C" :
			default  :	# -- Update order in database as declined/failed --
					echo 'OK';
		}
	} else {
		echo 'Order ID: ' . $_REQUEST["ORDERID"] . ' not found.';
	}
} else {
	echo 'Background validation hash incorrect.';
}
 
?>
Copyright © 2017 Worldnet Knowledge Base | Powered by DokuWiki
developer/sample_codes/php_hosted_payments.txt · Last modified: 2017/11/02 08:41 by tleite