PHP Hosted Subscriptions

Settings file (
# These values are used to identify and validate the account that you are using. They are mandatory.
$gateway = '';			# This is the WorldNet payments gateway that you should use, assigned to the site by WorldNet.
$terminalId = '';		# This is the Terminal ID assigned to the site by WorldNet.
$currency = '';			# This is the 3 digit ISO currency code for the above Terminal ID.
$secret = '';			# This shared secret is used when generating the hash validation strings. 
				# It must be set exactly as it is in the WorldNet Self Care system.
$testAccount = true;
# These are used only in the case where the response hash is incorrect, which should
# never happen in the live environment unless someone is attempting fraud.
$adminEmail = '';
$adminPhone = '';

Subscription redirect (worldnet_subscription.php):

# This is the file that contains the account settings for WorldNet.
# This is a helper file for integrating to the WorldNet HPP in PHP.
$subscriptionAction = '';		# "register" or "update".
$subscriptionMerchantRef = '';	     # Unique Merchant Reference for this subscription. Length is limited to 48 chars.
$storedSubscriptionMerchantRef = '';	     # The Merchant Reference for the Stored Subscription (Subscription template/payment plan) that you would like this subscription to run under.
$secureCardMerchantRef = '';	     # The Merchant Reference of the SecureCard that the Subscription is to be set up on.
$startDate = '';	         # The date the Subscription is to start on (note the setup payment will still be taken immediately if it is >0). Format: DD-MM-YYYY
$host ='';			# This is your host eg. http://localhost:8000
$dateTime = requestDateTime();
# Verification string
$requestHash = subscriptionRequestHash($subscriptionMerchantRef,$secureCardMerchantRef, $dateTime, $startDate);
$requestURL = $host."/merchant/subscriptionpage/".$subscriptionAction;
# Write the HTML of the submission form
echo "<html><body><form id='worldnetsubscriptionform' action='" . $requestURL . "' method='post'>\n";
writeHiddenField("TERMINALID", $terminalId);
writeHiddenField("MERCHANTREF", $subscriptionMerchantRef);
writeHiddenField("STOREDSUBSCRIPTIONREF", $storedSubscriptionMerchantRef);
writeHiddenField("SECURECARDMERCHANTREF", $secureCardMerchantRef);
writeHiddenField("DATETIME", $dateTime);
writeHiddenField("STARTDATE", $startDate);
writeHiddenField("HASH", $requestHash);
# Write the JavaScript that will submit the form to WorldNet.
echo '</form>Submitting Subscription setup request to WorldNet...<script language="JavaScript">document.getElementById("worldnetsubscriptionform").submit();</script></body></html>';

Subscription URL (worldnet_subscription_response.php) (URL for this page is setup as “Subscription URL” through Terminal Setup in the Self Care ):

# This is the file that contains the account settings for WorldNet.
# This is a helper file for integrating to the WorldNet HPP in PHP.
if($_REQUEST["RESPONSECODE"] != "A") echo 'AN ERROR OCCURED! Your Subscription setup request failed. Error message: ' . $_REQUEST["RESPONSETEXT"];
		case "A" :	# Subscription setup suceeded. You should store the following details against the user account:
				$subscriptionMerchantRef = $_REQUEST["MERCHANTREF"];
				echo "Subscription successfully registered.";
		default  :	# Subscription registration failed.
				echo 'SUBSCRIPTION REGISTRATION FAILED! Error Code: ' . $_REQUEST["RESPONSECODE"] . ', Response text: ' . $_REQUEST["RESPONSETEXT"] . '.';
} else {
	echo 'SUBSCRIPTION REGISTRATION FAILED: INVALID RESPONSE HASH. Please contact ' . $adminEmail . ' or call ' . $adminPhone . ' to inform them of this error.';
	if(isset($_REQUEST["ORDERID"])) echo 'Please quote WorldNet Terminal ID: ' . $terminalId . ', and Subscription Merchant Reference: ' . $_REQUEST["MERCHANTREF"] . ' when mailling or calling.';

Helper file (
# This function returns the URL that should be used as the "action" for the form posting the WorldNet's servers.
function subscriptionURL($subscriptionAction) {
	global $gateway, $testAccount;
	$url = 'https://';
	if($testAccount) $url .= 'test';
	switch (strtolower($gateway)) {
		default :
		case 'worldnet'  : $url .= 'payments'; break;
		case 'cashflows' : $url .= 'cashflows'; break;
	$url .= ''.$subscriptionAction;
	return $url;
# This simply reduces the PHP code required to build the form.
function writeHiddenField($fieldName, $fieldValue) {
	echo "<input type='hidden' name='" . $fieldName . "' value='" . $fieldValue . "' />\r";
# This generates a DATETIME value in the correct format expected in the request.
function requestDateTime() {
	return date('d-m-Y:H:i:s:000');
# This is used to generate the Authorisation Request Hash.
function subscriptionRequestHash($merchantRef, $secureCardMerchantRef, $dateTime, $startDate) {
	global $terminalId, $secret;
	return md5($terminalId . $merchantRef . $secureCardMerchantRef . $dateTime . $startDate . $secret);
# This function is used to validate that the MPI Response Hash from the server is correct.
#     If subscriptionResponseHashIsValid(...) != $_REQUEST["HASH"] then an error should be shown and the Subscription registration should fail.
function subscriptionResponseHashIsValid($responseCode, $responseText, $subscriptionMerchantRef, $dateTime, $responseHash) {
	global $terminalId, $secret;
	return (md5($terminalId . $responseCode . $responseText . $subscriptionMerchantRef . $dateTime . $secret)==$responseHash);
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International