Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
developer:sample_codes:php_hosted_payments [2019/07/25 12:59]
branko
developer:sample_codes:php_hosted_payments [2019/07/25 14:06]
127.0.0.1 external edit
Line 1: Line 1:
 +====== PHP Hosted Payments ======
  
 +**Settings file (%gatewaySampleFileName_account.inc):​**
 +
 +<file php %gatewaySampleFileName_account.inc>​
 +
 +<?php
 +
 +# These values are used to identify and validate the account that you are using. They are mandatory.
 +$gateway = ''; ​         # This is the Gateway payments URL that you should use, assigned to the site.
 +$terminalId = ''; ​      # This is the Terminal ID assigned to the site by Gateway.
 +$currency = ''; ​        # This is the 3 digit ISO currency code for the above Terminal ID.
 +$secret = ''; ​          # This shared secret is used when generating the hash validation strings. ​
 +                        # It must be set exactly as it is in the Gateway SelfCare system.
 +
 +# This should contain the URL of the receipt page and validation page
 +$host = '';​  ​                  # This should be your host eg. http://​localhost:​8000
 +$receiptPageURL = $host.''; ​   # This should be the path to your receipt page
 +$validationURL = $host.''; ​    # This should be the path to your validation page
 +
 +# These are used only in the case where the response hash is incorrect, which should
 +# never happen in the live environment unless someone is attempting fraud.
 +$adminEmail = '';​
 +$adminPhone = '';​
 +
 +?>
 +
 +</​file>​
 +----
 +\\
 +**Payment page (%gatewaySampleFileName_payment.php):​**
 +
 +<file php %gatewaySampleFileName_payment.php>​
 +
 +<?php
 +
 +# This is the file that contains the account settings for Gateway.
 +require('​%gatewaySampleFileName_account.inc'​);​
 +
 +# This is a helper file for intgerating to the GatewayHPP in PHP.
 +require('​%gatewaySampleFileName_hpp_functions.inc'​);​
 +
 +# These values are specific to the transaction.
 +$orderId = '';​ #​ This should be unique per transaction.
 +$amount = '';​ #​ This should include the decimal point.
 +$dateTime = requestDateTime();​
 +
 +$autoReady = '';​ #​ (optional) Y or N. Automatically set the transaction to a status of Ready in the batch. If not present the terminal default will be used.
 +$description = '';​ #​ (optional) This is a decription for the transaction that will be available in the merchant notification e-mail and in the SelfCare system.
 +
 +$email = '';​ #​ (optional) If this is sent then Gatewaywill send a receipt to this e-mail address.
 +$cardholderName = ''; ​   # (optional) This is the cardholder'​s name if available
 +
 +$address1 = '';​ #​ (optional) This is the first line of the cardholders billing address.
 +$address2 = '';​ #​ (optional) This is the second line of the cardholders billing address.
 +$postcode = '';​ #​ (optional) This is the postcode of the cardholders billing address.
 +
 +
 +# If there'​s no orderId set then generate a unique time-based order ID.
 +if(!isset($orderId) || $orderId == ''​) $orderId = generateUniqueOrderId();​
 +
 +# ------ Add order to the local database here if using one ------
 +
 +# Verification string
 +$requestHash = authRequestHash($orderId,​ $amount, $dateTime);
 +
 +# Request URL for the gateway
 +$requestURL = $gateway.'/​merchant/​paymentpage';​
 +
 +# Write the HTML of the submission form
 +echo "<​html><​body><​form id='​gatewayform'​ action='"​ . $requestURL . "'​ method='​post'>​\n";​
 +writeHiddenField("​TERMINALID",​ $terminalId);​
 +writeHiddenField("​CURRENCY",​ $currency);
 +writeHiddenField("​ORDERID",​ $orderId);
 +writeHiddenField("​AMOUNT",​ $amount);
 +writeHiddenField("​DATETIME",​ $dateTime);
 +if(isset($cardholderName) && $cardholderName != ''​) writeHiddenField("​CARDHOLDERNAME",​ $cardholderName);​
 +if(isset($postcode) && $postcode != ''​) {
 + writeHiddenField("​ADDRESS1",​ $address1);
 + writeHiddenField("​ADDRESS2",​ $address2);
 + writeHiddenField("​POSTCODE",​ $postcode);
 +}
 +if(isset($email) && $email != ''​) writeHiddenField("​EMAIL",​ $email);
 +if(isset($description) && $description != ''​) writeHiddenField("​DESCRIPTION",​ $description);​
 +if(isset($autoReady) && $autoReady != ''​) writeHiddenField("​AUTOREADY",​ $autoReady);​
 +if($receiptPageURL != ''​) writeHiddenField("​RECEIPTPAGEURL",​ $receiptPageURL);​
 +if($validationURL != ''​) writeHiddenField("​VALIDATIONURL",​ $validationURL);​
 +writeHiddenField("​HASH",​ $requestHash);​
 +
 +# You can also include any other custom fields here. Their contents will for included in the response POST to the receipt page.
 +# writeHiddenField("​Customer ID", '​32856951'​);​
 +
 +# Write the JavaScript that will submit the form to Gateway.
 +echo '</​form>​Submitting order to Gateway for Payment...<​script language="​JavaScript">​document.getElementById("​gatewayform"​).submit();</​script></​body></​html>';​
 +
 +?>
 +
 +</​file>​
 +----
 +\\
 +**Receipt page (%gatewaySampleFileName_receipt_page.php):​**
 +
 +<file php %gatewaySampleFileName_receipt_page.php>​
 +
 +<?php
 +
 +# This is the file that contains the account settings for Gateway.
 +require('​%gatewaySampleFileName_account.inc'​);​
 +
 +# This is a helper file for intgerating to the Gateway HPP in PHP.
 +require('​%gatewaySampleFileName_hpp_functions.inc'​);​
 +
 +if(authResponseHashIsValid($_REQUEST["​UNIQUEREF"​],​ $_REQUEST["​AMOUNT"​],​ $_REQUEST["​DATETIME"​],​ $_REQUEST["​RESPONSECODE"​],​ $_REQUEST["​RESPONSETEXT"​],​ $_REQUEST["​HASH"​])) {
 + # -- Do check to ensure that $_REQUEST["​ORDERID"​] is in the database
 + if($_REQUEST["​ORDERID"​]) {
 + switch($_REQUEST["​RESPONSECODE"​]) {
 + case "​A"​ : # -- If using local database, update order as Paid/​Successful
 + echo '​Payment Processed successfully. Thanks you for your order.';​
 + break;
 + case "​R"​ :
 + case "​D"​ :
 + case "​C"​ :
 + case "​S"​ :
 + default ​ : # -- If using local database, update order as declined/​failed --
 + echo '​PAYMENT DECLINED! Please try again with another card. Bank response: ' . $_REQUEST["​RESPONSETEXT"​];​
 + }
 + } else {
 + echo 'Order ID: ' . $_REQUEST["​ORDERID"​] . ' not found. Please contact <a href="​mailto:'​ . $adminEmail . '">'​ . $adminEmail . '</​a>​ or call ' . $adminPhone . ' to clarify.';​
 + }
 +} else {
 + echo '​PAYMENT FAILED: INVALID RESPONSE HASH. Please contact <a href="​mailto:'​ . $adminEmail . '">'​ . $adminEmail . '</​a>​ or call ' . $adminPhone . ' to clarify if you will get charged for this order.';​
 + if(isset($_REQUEST["​ORDERID"​])) echo '​Please quote Gateway Terminal ID: ' . $terminalId . ', and Order ID: ' . $_REQUEST["​ORDERID"​] . ' when mailling or calling.';​
 +}
 +
 +?>
 +
 +</​file>​
 +----
 +\\
 +**Helper file (%gatewaySampleFileName_hpp_functions.inc):​**
 +
 +<file php %gatewaySampleFileName_hpp_functions.inc>​
 +
 +<?php
 +
 +# This simply reduces the PHP code required to build the form.
 +function writeHiddenField($fieldName,​ $fieldValue) {
 + echo "<​input type='​hidden'​ name='"​ . $fieldName . "'​ value='"​ . $fieldValue . "'​ />";​
 +}
 +
 +# This generates a DATETIME value in the correct format expected in the request.
 +function requestDateTime() {
 + return date('​d-m-Y:​H:​i:​s:​000'​);​
 +}
 +
 +# If you are not using your own Order ID's and need to use unique random ones, this function will generate one for you.
 +function generateUniqueOrderId() {
 + $seconds = date('​H'​)*3600+date('​i'​)*60+date('​s'​);​
 + return date('​zy'​) . $seconds;
 +}
 +
 +# This is used to generate the Authorisation Request Hash.
 +function authRequestHash($orderId,​ $amount, $dateTime) {
 + global $terminalId,​ $secret, $receiptPageURL,​ $validationURL;​
 + return md5($terminalId . $orderId . $amount . $dateTime . $receiptPageURL . $validationURL . $secret);
 +}
 +
 +# This function is used to validate that the Authorisation Response Hash from the server is correct.
 +#     If authResponseHashIsValid(...) != $_REQUEST["​HASH"​] then an error should be shown and the transaction should not be approved.
 +function authResponseHashIsValid($orderId,​ $amount, $dateTime, $responseCode,​ $responseText,​ $responseHash) {
 + global $terminalId,​ $secret;
 + return (md5($terminalId . $orderId . $amount . $dateTime . $responseCode . $responseText . $secret)==$responseHash);​
 +}
 +
 +?>
 +
 +</​file>​
 +----
 +\\
 +**Background Validation page (%gatewaySampleFileName_validate.php):​**
 +
 +<file php %gatewaySampleFileName_validate.php>​
 +
 +<?php
 +
 +# This is the file that contains the account settings for Gateway.
 +require('​%gatewaySampleFileName_account.inc'​);​
 +
 +# This is a helper file for intgerating to the Gateway HPP in PHP.
 +require('​%gatewaySampleFileName_hpp_functions.inc'​);​
 +
 +if(authResponseHashIsValid($_REQUEST["​UNIQUEREF"​],​ $_REQUEST["​AMOUNT"​],​ $_REQUEST["​DATETIME"​],​ $_REQUEST["​RESPONSECODE"​],​ $_REQUEST["​RESPONSETEXT"​],​ $_REQUEST["​HASH"​])) {
 + # -- Do check to ensure that $_REQUEST["​ORDERID"​] is in the database
 + if($_REQUEST["​ORDERID"​]) {
 + switch($_REQUEST["​RESPONSECODE"​]) {
 + case "​A"​ : # -- Update order in database as paid/​sucessful --
 + echo '​OK';​
 + break;
 + case "​R"​ :
 + case "​D"​ :
 + case "​C"​ :
 + case "​S"​ :
 + default ​ : # -- Update order in database as declined/​failed --
 + echo '​OK';​
 + }
 + } else {
 + echo 'Order ID: ' . $_REQUEST["​ORDERID"​] . ' not found.';​
 + }
 +} else {
 + echo '​Background validation hash incorrect.';​
 +}
 +
 +?>
 +
 +
 +</​file>​
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International