This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
developer:sample_codes:php_xml_payments_with_3d_secure [2017/11/01 15:08] tleite |
developer:sample_codes:php_xml_payments_with_3d_secure [2022/07/15 15:23] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== PHP XML Payments with 3D Secure ====== | ||
+ | In this section, you can find sample code for the **3D Secure** redirect before the payment. | ||
+ | |||
+ | Once you receive the response to the "MPI Receipt URL" you will have an MPIREF parameter. | ||
+ | You should then process a payment and include that parameter. The sample code for the **XML payment stage** is [[developer:sample_codes:php_xml_payments|here]]. | ||
+ | |||
+ | You should also use this [[developer:integration_docs:testing-guide|Testing Guide]] that also contains test card details. | ||
+ | |||
+ | **Settings file (%gatewaySampleFileName_account.inc):** | ||
+ | |||
+ | <file php %gatewaySampleFileName_account.inc> | ||
+ | |||
+ | <?php | ||
+ | |||
+ | # These values are used to identify and validate the account that you are using. They are mandatory. | ||
+ | $gateway = ''; # This is the %Gateway payments gateway that you should use, assigned to the site by %Gateway. | ||
+ | $terminalId = ''; # This is the Terminal ID assigned to the site by %Gateway. | ||
+ | $currency = ''; # This is the 3 digit ISO currency code for the above Terminal ID. | ||
+ | $secret = ''; # This shared secret is used when generating the hash validation strings. | ||
+ | # It must be set exactly as it is in the %Gateway %SelfCare system. | ||
+ | #$testAccount = true; # Commented out as there is no functional test MPI page | ||
+ | |||
+ | # These are used only in the case where the response hash is incorrect, which should | ||
+ | # never happen in the live environment unless someone is attempting fraud. | ||
+ | $adminEmail = ''; | ||
+ | $adminPhone = ''; | ||
+ | |||
+ | ?> | ||
+ | |||
+ | </file> | ||
+ | ---- | ||
+ | \\ | ||
+ | |||
+ | **3D Secure redirect (%gatewaySampleFileName_payment.php):** | ||
+ | |||
+ | <file php %gatewaySampleFileName_payment.php> | ||
+ | |||
+ | <?php | ||
+ | |||
+ | # This is the file that contains the account settings for %Gateway. | ||
+ | require('%gatewaySampleFileName_account.inc'); | ||
+ | |||
+ | # This is a helper file for intgerating to the %Gateway HPP in PHP. | ||
+ | require('%gatewaySampleFileName_hpp_functions.inc'); | ||
+ | |||
+ | # These values are specific to the cardholder. | ||
+ | $cardNumber = ''; # This is the full PAN (card number) of the credit card. It must be digits only (i.e. no spaces or other characters). | ||
+ | $cardType = ''; # This can only be one of a set number of values (VISA,DELTA,MASTERCARD,MAESTRO,UK MAESTRO,LASER,AMEX,DINERS,JCB,SECURECARD for example). Check with %Gateway what values you can send. | ||
+ | $cardExpiry = ''; # The 4 digit expiry date (MMYY) | ||
+ | $cvv = ''; # (optional) 3 digit (4 for AMEX cards) security digit on the back of the card. | ||
+ | |||
+ | # These values are specific to the transaction. | ||
+ | $orderId = ''; # This should be unique per transaction. | ||
+ | $amount = ''; # This should include the decimal point. | ||
+ | $host = ''; # This is your host eg. http://localhost:8000 | ||
+ | $dateTime = requestDateTime(); | ||
+ | |||
+ | # If there's no orderId set then generate a unique time-based order ID. | ||
+ | if(!isset($orderId) || $orderId == '') $orderId = generateUniqueOrderId(); | ||
+ | |||
+ | # Verification string | ||
+ | |||
+ | $requestHash = mpiRequestHash($orderId, $cardNumber, $cardExpiry, $cardType, $amount, $dateTime); | ||
+ | $requestURL = $host.'/merchant/mpi'; | ||
+ | |||
+ | # Write the HTML of the submission form | ||
+ | echo "<html><body><form id='%gatewaySampleFileNamempiform' action='" . $requestURL . "' method='post'>\n"; | ||
+ | writeHiddenField("TERMINALID", $terminalId); | ||
+ | writeHiddenField("CARDNUMBER", $cardNumber); | ||
+ | writeHiddenField("CARDTYPE", $cardType); | ||
+ | writeHiddenField("CARDEXPIRY", $cardExpiry); | ||
+ | writeHiddenField("AMOUNT", $amount); | ||
+ | writeHiddenField("CURRENCY", $currency); | ||
+ | writeHiddenField("ORDERID", $orderId); | ||
+ | if(isset($cvv) && $cvv != '') writeHiddenField("CVV", $cvv); | ||
+ | writeHiddenField("DATETIME", $dateTime); | ||
+ | writeHiddenField("HASH", $requestHash); | ||
+ | |||
+ | # Write the JavaScript that will submit the form to %Gateway. | ||
+ | echo '</form>Submitting order to %Gateway for Payment...<script language="JavaScript">document.getElementById("%gatewaySampleFileNamempiform").submit();</script></body></html>'; | ||
+ | |||
+ | ?> | ||
+ | |||
+ | </file> | ||
+ | ---- | ||
+ | \\ | ||
+ | |||
+ | Response page (**%gatewaySampleFileName_mpi_response.php**) (URL for this page is setup as “MPI Receipt URL” through Terminal Setup in the %SelfCare): | ||
+ | |||
+ | <file php %gatewaySampleFileName_mpi_response.php> | ||
+ | |||
+ | <?php | ||
+ | |||
+ | # This is the file that contains the account settings for %Gateway. | ||
+ | require('%gatewaySampleFileName_account.inc'); | ||
+ | |||
+ | # This is a helper file for intgerating to the %Gateway HPP in PHP. | ||
+ | require('%gatewaySampleFileName_hpp_functions.inc'); | ||
+ | |||
+ | if(mpiResponseHashIsValid($_REQUEST["RESULT"], $_REQUEST["MPIREF"], $_REQUEST["ORDERID"], $_REQUEST["DATETIME"], $_REQUEST["HASH"])) { | ||
+ | switch($_REQUEST["RESULT"]) { | ||
+ | case "A" : # 3D Secure validation successfully attempted. Proceed with transaction including the below reference in the authorisation request: | ||
+ | $mpiRef = $_REQUEST["MPIREF"]; | ||
+ | break; | ||
+ | default : # 3D Secure validation failed. Do not proceed with the transaction. | ||
+ | echo '3D SECURE VALIDATION FAILED! Please try again with another card.'; | ||
+ | } | ||
+ | } else { | ||
+ | echo '3D SECURE VALIDATION FAILED: INVALID RESPONSE HASH. Please contact <a href="mailto:' . $adminEmail . '">' . $adminEmail . '</a> or call ' . $adminPhone . ' to inform them of this error.'; | ||
+ | if(isset($_REQUEST["ORDERID"])) echo 'Please quote %Gateway Terminal ID: ' . $terminalId . ', and Order ID: ' . $_REQUEST["ORDERID"] . ' when mailling or calling.'; | ||
+ | } | ||
+ | |||
+ | ?> | ||
+ | |||
+ | </file> | ||
+ | ---- | ||
+ | \\ | ||
+ | |||
+ | **Helper file (%gatewaySampleFileName_hpp_functions.inc):** | ||
+ | |||
+ | <file php %gatewaySampleFileName_hpp_functions.inc> | ||
+ | |||
+ | <?php | ||
+ | |||
+ | # This function returns the URL that should be used as the "action" for the form posting the %Gateway's servers. | ||
+ | function mpiURL() { | ||
+ | global $gateway, $testAccount; | ||
+ | $url = 'https://'; | ||
+ | # if($testAccount) $url .= 'test'; # Commented out as there is no functional test MPI page | ||
+ | switch (strtolower($gateway)) { | ||
+ | default : | ||
+ | case '%gatewaySampleFileName' : $url .= 'payments.%gatewayTestURL'; break; | ||
+ | case 'cashflows' : $url .= 'cashflows.%gatewayTestURL'; break; | ||
+ | case 'payius' : $url .= 'payments.payius.com'; break; | ||
+ | case 'pago' : $url .= 'payments.pagotechnology.com'; break; | ||
+ | } | ||
+ | $url .= '/merchant/mpi'; | ||
+ | return $url; | ||
+ | } | ||
+ | |||
+ | # This simply reduces the PHP code required to build the form. | ||
+ | function writeHiddenField($fieldName, $fieldValue) { | ||
+ | echo "<input type='hidden' name='" . $fieldName . "' value='" . $fieldValue . "' />\r"; | ||
+ | } | ||
+ | |||
+ | # This generates a DATETIME value in the correct format expected in the request. | ||
+ | function requestDateTime() { | ||
+ | return date('d-m-Y:H:i:s:000'); | ||
+ | } | ||
+ | |||
+ | # If you are not using your own Order ID's and need to use unique random ones, this function will generate one for you. | ||
+ | function generateUniqueOrderId() { | ||
+ | $seconds = date('H')*3600+date('i')*60+date('s'); | ||
+ | return date('zy') . $seconds; | ||
+ | } | ||
+ | |||
+ | # This is used to generate the Authorisation Request Hash. | ||
+ | function mpiRequestHash($orderId, $cardNumber, $cardExpiry, $cardType, $amount, $dateTime) { | ||
+ | global $terminalId, $secret; | ||
+ | return md5($terminalId . $orderId . $cardNumber . $cardExpiry . $cardType . $amount . $dateTime . $secret); | ||
+ | } | ||
+ | |||
+ | # This function is used to validate that the MPI Response Hash from the server is correct. | ||
+ | # If mpiResponseHashIsValid(...) != $_REQUEST["HASH"] then an error should be shown and the 3D Secure should not be validated. | ||
+ | function mpiResponseHashIsValid($result, $mpiRef, $orderId, $dateTime, $responseHash) { | ||
+ | global $secret; | ||
+ | return (md5($result . $mpiRef . $orderId . $dateTime . $secret)==$responseHash); | ||
+ | } | ||
+ | |||
+ | ?> | ||
+ | |||
+ | </file> |