Differences

This shows you the differences between two versions of the page.

Link to this comparison view

developer:sample_codes:php_xml_payments_with_3d_secure [2017/11/02 11:48]
developer:sample_codes:php_xml_payments_with_3d_secure [2022/07/15 15:23] (current)
Line 1: Line 1:
 +====== PHP XML Payments with 3D Secure ======
  
 +In this section, you can find sample code for the **3D Secure** redirect before the payment. ​
 +
 +Once you receive the response to the "MPI Receipt URL" you will have an MPIREF parameter. ​
 +You should then process a payment and include that parameter. The sample code for the **XML payment stage** is [[developer:​sample_codes:​php_xml_payments|here]].
 +
 +You should also use this [[developer:​integration_docs:​testing-guide|Testing Guide]] that also contains test card details.
 +
 +**Settings file (%gatewaySampleFileName_account.inc):​**
 +
 +<file php %gatewaySampleFileName_account.inc>​
 +
 +<?php
 +
 +# These values are used to identify and validate the account that you are using. They are mandatory.
 +$gateway = '';​ #​ This is the %Gateway payments gateway that you should use, assigned to the site by %Gateway.
 +$terminalId = ''; ​      # This is the Terminal ID assigned to the site by %Gateway.
 +$currency = '';​ #​ This is the 3 digit ISO currency code for the above Terminal ID.
 +$secret = '';​ #​ This shared secret is used when generating the hash validation strings. ​
 + # It must be set exactly as it is in the %Gateway %SelfCare system.
 +#​$testAccount = true;   # Commented out as there is no functional test MPI page
 +
 +# These are used only in the case where the response hash is incorrect, which should
 +# never happen in the live environment unless someone is attempting fraud.
 +$adminEmail = '';​
 +$adminPhone = '';​
 +
 +?>
 +
 +</​file>​
 +----
 +\\
 +
 +**3D Secure redirect (%gatewaySampleFileName_payment.php):​**
 +
 +<file php %gatewaySampleFileName_payment.php>​
 +
 +<?php
 +
 +# This is the file that contains the account settings for %Gateway.
 +require('​%gatewaySampleFileName_account.inc'​);​
 +
 +# This is a helper file for intgerating to the %Gateway HPP in PHP.
 +require('​%gatewaySampleFileName_hpp_functions.inc'​);​
 +
 +# These values are specific to the cardholder.
 +$cardNumber = '';​ #​ This is the full PAN (card number) of the credit card. It must be digits only (i.e. no spaces or other characters).
 +$cardType = '';​ #​ This can only be one of a set number of values (VISA,​DELTA,​MASTERCARD,​MAESTRO,​UK MAESTRO,​LASER,​AMEX,​DINERS,​JCB,​SECURECARD for example). Check with %Gateway what values you can send.
 +$cardExpiry = '';​ #​ The 4 digit expiry date (MMYY)
 +$cvv = '';​ #​ (optional) 3 digit (4 for AMEX cards) security digit on the back of the card.
 +
 +# These values are specific to the transaction.
 +$orderId = '';​ #​ This should be unique per transaction.
 +$amount = '';​ #​ This should include the decimal point.
 +$host = '';​ #​ This is your host eg. http://​localhost:​8000
 +$dateTime = requestDateTime();​
 +
 +# If there'​s no orderId set then generate a unique time-based order ID.
 +if(!isset($orderId) || $orderId == ''​) $orderId = generateUniqueOrderId();​
 +
 +# Verification string
 +
 +$requestHash = mpiRequestHash($orderId,​ $cardNumber,​ $cardExpiry,​ $cardType, $amount, $dateTime);
 +$requestURL = $host.'/​merchant/​mpi';​
 +
 +# Write the HTML of the submission form
 +echo "<​html><​body><​form id='​%gatewaySampleFileNamempiform'​ action='"​ . $requestURL . "'​ method='​post'>​\n";​
 +writeHiddenField("​TERMINALID",​ $terminalId);​
 +writeHiddenField("​CARDNUMBER",​ $cardNumber);​
 +writeHiddenField("​CARDTYPE",​ $cardType);
 +writeHiddenField("​CARDEXPIRY",​ $cardExpiry);​
 +writeHiddenField("​AMOUNT",​ $amount);
 +writeHiddenField("​CURRENCY",​ $currency);
 +writeHiddenField("​ORDERID",​ $orderId);
 +if(isset($cvv) && $cvv != ''​) writeHiddenField("​CVV",​ $cvv);
 +writeHiddenField("​DATETIME",​ $dateTime);
 +writeHiddenField("​HASH",​ $requestHash);​
 +
 +# Write the JavaScript that will submit the form to %Gateway.
 +echo '</​form>​Submitting order to %Gateway for Payment...<​script language="​JavaScript">​document.getElementById("​%gatewaySampleFileNamempiform"​).submit();</​script></​body></​html>';​
 +
 +?>
 +
 +</​file>​
 +----
 +\\
 +
 +Response page (**%gatewaySampleFileName_mpi_response.php**) (URL for this page is setup as “MPI Receipt URL” through Terminal Setup in the %SelfCare):
 +
 +<file php %gatewaySampleFileName_mpi_response.php>​
 +
 +<?php
 +
 +# This is the file that contains the account settings for %Gateway.
 +require('​%gatewaySampleFileName_account.inc'​);​
 +
 +# This is a helper file for intgerating to the %Gateway HPP in PHP.
 +require('​%gatewaySampleFileName_hpp_functions.inc'​);​
 +
 +if(mpiResponseHashIsValid($_REQUEST["​RESULT"​],​ $_REQUEST["​MPIREF"​],​ $_REQUEST["​ORDERID"​],​ $_REQUEST["​DATETIME"​],​ $_REQUEST["​HASH"​])) {
 + switch($_REQUEST["​RESULT"​]) {
 + case "​A"​ : # 3D Secure validation successfully attempted. Proceed with transaction including the below reference in the authorisation request:
 + $mpiRef = $_REQUEST["​MPIREF"​];​
 + break;
 + default ​ : # 3D Secure validation failed. Do not proceed with the transaction.
 + echo '3D SECURE VALIDATION FAILED! Please try again with another card.';​
 + }
 +} else {
 + echo '3D SECURE VALIDATION FAILED: INVALID RESPONSE HASH. Please contact <a href="​mailto:'​ . $adminEmail . '">'​ . $adminEmail . '</​a>​ or call ' . $adminPhone . ' to inform them of this error.';​
 + if(isset($_REQUEST["​ORDERID"​])) echo '​Please quote %Gateway Terminal ID: ' . $terminalId . ', and Order ID: ' . $_REQUEST["​ORDERID"​] . ' when mailling or calling.';​
 +}
 +
 +?>
 +
 +</​file>​
 +----
 +\\
 +
 +**Helper file (%gatewaySampleFileName_hpp_functions.inc):​**
 +
 +<file php %gatewaySampleFileName_hpp_functions.inc>​
 +
 +<?php
 +
 +# This function returns the URL that should be used as the "​action"​ for the form posting the %Gateway'​s servers.
 +function mpiURL() {
 + global $gateway, $testAccount;​
 + $url = '​https://';​
 + # if($testAccount) $url .= '​test'; ​      # Commented out as there is no functional test MPI page
 + switch (strtolower($gateway)) {
 + default :
 + case '​%gatewaySampleFileName' ​ : $url .= '​payments.%gatewayTestURL';​ break;
 + case '​cashflows'​ : $url .= '​cashflows.%gatewayTestURL';​ break;
 + case '​payius'​ : $url .= '​payments.payius.com';​ break;
 + case '​pago'​ : $url .= '​payments.pagotechnology.com';​ break;
 + }
 + $url .= '/​merchant/​mpi';​
 + return $url;
 +}
 +
 +# This simply reduces the PHP code required to build the form.
 +function writeHiddenField($fieldName,​ $fieldValue) {
 + echo "<​input type='​hidden'​ name='"​ . $fieldName . "'​ value='"​ . $fieldValue . "'​ />​\r";​
 +}
 +
 +# This generates a DATETIME value in the correct format expected in the request.
 +function requestDateTime() {
 + return date('​d-m-Y:​H:​i:​s:​000'​);​
 +}
 +
 +# If you are not using your own Order ID's and need to use unique random ones, this function will generate one for you.
 +function generateUniqueOrderId() {
 + $seconds = date('​H'​)*3600+date('​i'​)*60+date('​s'​);​
 + return date('​zy'​) . $seconds;
 +}
 +
 +# This is used to generate the Authorisation Request Hash.
 +function mpiRequestHash($orderId,​ $cardNumber,​ $cardExpiry,​ $cardType, $amount, $dateTime) {
 + global $terminalId,​ $secret;
 + return md5($terminalId . $orderId . $cardNumber . $cardExpiry . $cardType . $amount . $dateTime . $secret);
 +}
 +
 +# This function is used to validate that the MPI Response Hash from the server is correct.
 +#     If mpiResponseHashIsValid(...) != $_REQUEST["​HASH"​] then an error should be shown and the 3D Secure should not be validated.
 +function mpiResponseHashIsValid($result,​ $mpiRef, $orderId, $dateTime, $responseHash) {
 + global $secret;
 + return (md5($result . $mpiRef . $orderId . $dateTime . $secret)==$responseHash);​
 +}
 +
 +?>
 +
 +</​file>​
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International