Page is a not externally linkable
marianocr - 9:02 pm on Sep 18, 2012 (gmt 0)
Hi there. I'm trying to integrate with a payment gateway API, and as I'm fairly new to PHP, I'm having some trouble to proceed.
Basically, I have a form that goes to a specific URL (submitting URL). From the documentation: "Request information is submitted to payment platform with HttpsClient , and submitting mode is POST."
There is the customer-registration.php file, which requires the functions.php file that contains the information to md5-encrypt a string composed of several variables from the form. There is also a notify-url.php file which is the redirection page after registering a user.
Some variables are passed to the submitting URL on the payment server, but the XML response I get from there displays empty nodes for 3 variables that I should read back in order to complete the process (dateRegister, registerId and activationURL)
XML Response from the payment server:
<response><operation>90</operation><resultCode>0</resultCode><merNo>10157</merNo><email>me@gmail.com</email><cardNumber>4111111111111111</cardNumber><dateRegister/><registerId/><activationURL/><remark>Invalid MD5Info</remark><md5Info>FC0BB07DA01C551296054FBF167824B1</md5Info></response>
The customer-registration.php file looks like this:
<html>
<head>
<title>Customer Registration</title>
<?
require("functions.php");
//START SET VARIABLES
$merNo="10157";
$dateRequest="20120918073500";//AUTOMATE THIS!
$language="ENG";
$notifyURL="http://www.mydomain.com/notify-url.php";
//END SET VARIABLES
//START FORM FORCED VARIABLES
$email="me@gmail.com";
$cardNumber="4111111111111111";
$firstName="John";
$lastName="Smith";
$phone="9535658659";
$zipCode="98656";
$address="123 North Ave.";
$city="Geekytown";
$state="AZ";
$country="US";
//END FORM FORCED VARIABLES
$md5Key="44q9dn7WCUrLHgi8bPsdiBIlLi6WaHI0"; //MD5 key
$md5Info=MD5Encrypt($merNo,$email,$cardNumber,$dateRequest,$md5Key);
$crrurl="https://paymentdomain.com/xcp/register.jsp"; //Request submitting URL
?>
</head>
<body>
<form method="post" action="<?php echo $crrurl; ?>">
<input type=hidden name="merNo" value="<?php echo $merNo; ?>">
<input type=hidden name="dateRequest" value="<?php echo $dateRequest; ?>">
<input type=hidden name="language" value="<?php echo $language; ?>">
<input type=hidden name="notifyURL" value="<?php echo $notifyURL; ?>">
<input type=hidden name="md5Info" value="<?php echo $md5Info; ?>">
<!--START HIDDEN FORCED VARIABLES-->
<input type=hidden name="email" value="<?php echo $email; ?>">
<input type=hidden name="cardNumber" value="<?php echo $cardNumber; ?>">
<input type=hidden name="firstName" value="<?php echo $firstName; ?>">
<input type=hidden name="lastName" value="<?php echo $lastName; ?>">
<input type=hidden name="phone" value="<?php echo $phone; ?>">
<input type=hidden name="zipCode" value="<?php echo $zipCode; ?>">
<input type=hidden name="address" value="<?php echo $address; ?>">
<input type=hidden name="city" value="<?php echo $city; ?>">
<input type=hidden name="state" value="<?php echo $state; ?>">
<input type=hidden name="country" value="<?php echo $country; ?>">
<!--END HIDDEN FORCED VARIABLES-->
<INPUT TYPE="submit" value="submit">
</form>
</body>
</html>
Right now, I'm passing the pre-declared variables as hidden text inputs (later I'll change that so it's an actual user input form)
The functions.php file looks like this:
<?php
$merNo = $_POST["merNo"];
$email = $_POST["email"];
$cardNumber = $_POST["cardNumber"];
$dateRequest = $_POST["dateRequest"];
$md5Key="44q9dn7WCUrLHgi8bPsdiBIlLi6WaHI0"; //MD5 key
function MD5Encrypt($merNo,$email,$cardNumber,$dateRequest,$md5Key)
{
$str = "$merNo|$email|$cardNumber|$dateRequest|$md5Key";
$encryptedMD5 = md5($str);
return $encryptedMD5;
}
$completeurl = "https://paymentdomain.com/xcp/register.jsp";
$xml = simplexml_load_file($completeurl);
$operation = $xml->operation;
$resultCode = $xml->resultCode;
$merNo = $xml->merNo;
$email = $xml->email;
$cardNumber = $xml->cardNumber;
$dateRegister = $xml->dateRegister;
$registerId = $xml->registerId;
$activationURL = $xml->activationURL;
$remark = $xml->remark;
$md5Info = $xml->md5Info;
function verifyMD5($resultCode,$merNo,$email,$cardNumber,$registerId,$dateRegister,$activationURL,$md5Key, $md5Info)
{
$str = "$resultCode|$merNo|$email|$cardNumber|$registerId|$dateRegister|$activationURL|$md5Key";
$encryptedMD5 = md5($str);
//echo $str."<BR>";
//echo "Generated CheckSum: ".$encryptedMD5."<BR>";
//echo "Received Checksum: ".$md5Info."<BR>";
if($encryptedMD5 == $md5Info)
return "true" ;
else
return "false" ;
}
?>
I'm not sure if I'm retrieving the XML response correctly. As per the API docs: "Response information is returned to client’s platform as XML."
And lastly, the notify-url.php file looks like this:
<html>
<head>
<title>Notify URL</title>
</head>
<body>
<?php
require("functions.php");
$md5Key = "44q9dn7WCUrLHgi8bPsdiBIlLi6WaHI0" ; //put in the 32 bit alphanumeric key in the quotes provided here
$retval = verifyMD5 ($resultCode,$merNo,$email,$cardNumber,$registerId,$dateRegister,$activationURL,$md5Key);
if($retval == "true" && $resultCode == "1")
{
echo "Thank you for shopping with us. Your credit card has been charged and your transaction is successful. We will be shipping your order to you soon.";
//Here you need to put in the routines for a successful
//transaction such as sending an email to customer,
//setting database status, informing logistics etc etc
}
else if($retval == "true" && $resultCode == "0")
{
echo "Thank you for shopping with us. However it seems your credit card transaction failed.";
//Here you need to put in the routines for a failed
//transaction such as sending an email to customer
//setting database status etc etc
}
else if($retval == "true" && $resultCode == "2")
{
echo "Account was registered before, only Card Information has been added";
//Here you need to put in, the routines for a HIGH RISK
//transaction such as sending an email to customer and explaining him a procedure,
//setting database status etc etc
}
else
{
echo "Security Error. Illegal access detected";
//Here you need to simply ignore this and dont need
//to perform any operation in this condition
}
?>
</body>
</html>
So, basically I would like to see if the logic is right at this point and then figure out why does the response from the payment server is not complete. As stated there: "Invalid MD5Info"
Thank you very much for any assistance, it would be greatly appreciated!