PHP Hosted Subscriptions

Settings file (
# These values are used to identify and validate the account that you are using. They are mandatory.
$gateway = '';          # This is the Gateway payments URL that you should use, assigned to the site.
$terminalId = '';       # This is the Terminal ID assigned to the site by Gateway.
$currency = '';         # This is the 3 digit ISO currency code for the above Terminal ID.
$secret = '';           # This shared secret is used when generating the hash validation strings. 
                        # It must be set exactly as it is in the Gateway SelfCare system.

# This should contain the URL of the receipt page and validation page
$host = '';	                   # This should be your host eg. http://localhost:8000
$receiptPageURL = $host.'';    # This should be the path to your receipt page
$validationURL = $host.'';     # This should be the path to your validation page

# These are used only in the case where the response hash is incorrect, which should
# never happen in the live environment unless someone is attempting fraud.
$adminEmail = '';
$adminPhone = '';

Subscription redirect (worldnet_subscription.php):

# This is the file that contains the account settings for Gateway.
# This is a helper file for integrating to the Gateway HPP in PHP.
$subscriptionAction = '';             # "register" or "update".
$subscriptionMerchantRef = '';        # Unique Merchant Reference for this subscription. Length is limited to 48 chars.
$storedSubscriptionMerchantRef = '';  # The Merchant Reference for the Stored Subscription (Subscription template/payment plan) that you would like this subscription to run under.
$secureCardMerchantRef = '';          # The Merchant Reference of the SecureCard that the Subscription is to be set up on.
$startDate = '';                      # The date the Subscription is to start on (note the setup payment will still be taken immediately if it is >0). Format: DD-MM-YYYY
$dateTime = requestDateTime();
# Verification string
$requestHash = subscriptionRequestHash($subscriptionMerchantRef,$secureCardMerchantRef, $dateTime, $startDate);
# Request URL for the Gateway
$requestURL = $gateway."/merchant/subscriptionpage/".$subscriptionAction;
# Write the HTML of the submission form
echo "<html><body><form id='gatewaysubscriptionform' action='" . $requestURL . "' method='post'>\n";
writeHiddenField("TERMINALID", $terminalId);
writeHiddenField("MERCHANTREF", $subscriptionMerchantRef);
writeHiddenField("STOREDSUBSCRIPTIONREF", $storedSubscriptionMerchantRef);
writeHiddenField("SECURECARDMERCHANTREF", $secureCardMerchantRef);
writeHiddenField("DATETIME", $dateTime);
writeHiddenField("STARTDATE", $startDate);
writeHiddenField("HASH", $requestHash);
# Write the JavaScript that will submit the form to Gateway.
echo '</form>Submitting Subscription setup request to Gateway...<script language="JavaScript">document.getElementById("gatewaysubscriptionform").submit();</script></body></html>';

Subscription URL (worldnet_subscription_response.php) (URL for this page is setup as “Subscription URL” through Terminal Setup in the SelfCare ):

# This is the file that contains the account settings for Gateway.
# This is a helper file for integrating to the Gateway HPP in PHP.
if($_REQUEST["RESPONSECODE"] != "A") echo 'AN ERROR OCCURED! Your Subscription setup request failed. Error message: ' . $_REQUEST["RESPONSETEXT"];
		case "A" :	# Subscription setup suceeded. You should store the following details against the user account:
				$subscriptionMerchantRef = $_REQUEST["MERCHANTREF"];
				echo "Subscription successfully registered.";
		default  :	# Subscription registration failed.
				echo 'SUBSCRIPTION REGISTRATION FAILED! Error Code: ' . $_REQUEST["RESPONSECODE"] . ', Response text: ' . $_REQUEST["RESPONSETEXT"] . '.';
} else {
	echo 'SUBSCRIPTION REGISTRATION FAILED: INVALID RESPONSE HASH. Please contact ' . $adminEmail . ' or call ' . $adminPhone . ' to inform them of this error.';
	if(isset($_REQUEST["ORDERID"])) echo 'Please quote Gateway Terminal ID: ' . $terminalId . ', and Subscription Merchant Reference: ' . $_REQUEST["MERCHANTREF"] . ' when mailling or calling.';

Helper file (
# This simply reduces the PHP code required to build the form.
function writeHiddenField($fieldName, $fieldValue) {
	echo "<input type='hidden' name='" . $fieldName . "' value='" . $fieldValue . "' />";
# This generates a DATETIME value in the correct format expected in the request.
function requestDateTime() {
	return date('d-m-Y:H:i:s:000');
# This is used to generate the Authorisation Request Hash.
function subscriptionRequestHash($merchantRef, $secureCardMerchantRef, $dateTime, $startDate) {
	global $terminalId, $secret;
	return md5($terminalId . $merchantRef . $secureCardMerchantRef . $dateTime . $startDate . $secret);
# This function is used to validate that the MPI Response Hash from the server is correct.
#     If subscriptionResponseHashIsValid(...) != $_REQUEST["HASH"] then an error should be shown and the Subscription registration should fail.
function subscriptionResponseHashIsValid($responseCode, $responseText, $subscriptionMerchantRef, $dateTime, $responseHash) {
	global $terminalId, $secret;
	return (md5($terminalId . $responseCode . $responseText . $subscriptionMerchantRef . $dateTime . $secret)==$responseHash);
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International