# that we want to protect from hacking. If the value in the
 # POST does not match the value set during initialization,
 # the WebSession.finalize will fail
 # Your ID for this user
 $acct_id = new NameValuePair();
 $acct_id->setName("vin_Account_merchantAccountId");
 $acct_id->setValue($merchantAccountId);
 # Your ID for this PaymentMethod
 $paym_id = new NameValuePair();
 $paym_id->setName("vin_PaymentMethod_merchantPaymentMethodId");
 $paym_id->setValue($merchantPaymentMethodId);
 $pmt_type = new NameValuePair();
 $pmt_type->setName("vin_PaymentMethod_type");
 $pmt_type->setValue($paymentType);
 # Add the PrivateFormValues to the WebSession
 $webSession->setPrivateFormValues(array($acct_id, $paym_id, $pmt_type));
 #------------------------------------------------------------
 # Set any parameters specific for the Method we are
 # calling in the WebSession.
 #
 $nvp7 = new NameValuePair();
 $nvp7->setName('Account_updatePaymentMethod_updateBehavior');
 $nvp7->setValue('CatchUp');
 $nvp8 = new NameValuePair();
 $nvp8->setName('Account_updatePaymentMethod_replaceOnAllAutoBills');
 $nvp8->setValue('true');
 $nvp9 = new NameValuePair();
 $nvp9->setName('Account_updatePaymentMethod_ignoreAvsPolicy');
 $nvp9->setValue('false');
 $nvp10 = new NameValuePair();
 $nvp10->setName('Account_updatePaymentMethod_ignoreCvnPolicy');
function hoaAccountUpdatePaymentMethod($merchantAccountId = null, $merchantPaymentMethodId = null)
{
    $creditCardAccount = '5454541111111111';
    $paymentType = 'CreditCard';
    $cvn = '111';
    $exp = '201805';
    $email = get_unique_value() . '@nomail.com';
    $successUrl = 'http://good.com';
    $errorUrl = 'http://bad.com';
    $HOAmethod = 'Account_UpdatePaymentMethod';
    $HOAurl = str_replace("soap", "secure", VIN_SOAP_HOST) . "/vws.html";
    $HOAversion = '5.0';
    // VIN_SOAP_CLIENT_VERSION
    $ipAddress = '127.0.0.1';
    $name = 'John Vindicia';
    $addr1 = '303 Twin Dolphin Drive';
    $city = 'Redwood City';
    $district = 'CA';
    $postalCode = '94065';
    $country = 'US';
    # Create a new WebSession object
    $webSession = new WebSession();
    # Set the WebSession parameters
    $webSession->setReturnURL($successUrl);
    $webSession->setErrorURL($errorUrl);
    $webSession->setIpAddress($ipAddress);
    $webSession->setMethod($HOAmethod);
    $webSession->setVersion($HOAversion);
    if (is_null($merchantAccountId)) {
        $merchantAccountId = 'account-2015-02-10_02_55_50';
    }
    if (is_null($merchantPaymentMethodId)) {
        $merchantPaymentMethodId = 'pm-2015-02-10_02_55_50';
    }
    // Step 2: start configuring the WebSession with the parameters we want to have
    $nvp1 = new NameValuePair();
    $nvp1->setName('vin_Account_merchantAccountId');
    $nvp1->setValue($merchantAccountId);
    // so that we can use the existing account
    $nvp2 = new NameValuePair();
    $nvp2->setName('vin_PaymentMethod_merchantPaymentMethodId');
    $nvp2->setValue($merchantPaymentMethodId);
    $nvp3 = new NameValuePair();
    $nvp3->setName('vin_PaymentMethod_type');
    $nvp3->setValue($paymentType);
    $webSession->setPrivateFormValues(array($nvp1, $nvp2, $nvp3));
    $nvp7 = new NameValuePair();
    $nvp7->setName('Account_updatePaymentMethod_updateBehavior');
    $nvp7->setValue('CatchUp');
    $nvp8 = new NameValuePair();
    $nvp8->setName('Account_updatePaymentMethod_replaceOnAllAutoBills');
    $nvp8->setValue('false');
    $nvp9 = new NameValuePair();
    $nvp9->setName('Account_updatePaymentMethod_ignoreAvsPolicy');
    $nvp9->setValue('false');
    $nvp10 = new NameValuePair();
    $nvp10->setName('Account_updatePaymentMethod_ignoreCvnPolicy');
    $nvp10->setValue('false');
    $webSession->setMethodParamValues(array($nvp7, $nvp8, $nvp9, $nvp10));
    // now, create the session and generate it's session ID
    $response = $webSession->initialize();
    print_r($response);
    # Check to see that the initialize succeeded
    #
    if ($response['returnCode'] == 200) {
        # The VID of the WebSession object serves as session id
        #
        $vin_WebSession_vid = $response['data']->session->getVID();
    } else {
        print_r($response);
        return;
    }
    # populate accountHolderName with same value as on billingAddress:
    $post['vin_PaymentMethod_accountHolderName'] = $post['vin_PaymentMethod_billingAddress_name'] = $name;
    $post['vin_PaymentMethod_billingAddress_addr1'] = $addr1;
    $post['vin_PaymentMethod_billingAddress_city'] = $city;
    $post['vin_PaymentMethod_billingAddress_district'] = $district;
    $post['vin_PaymentMethod_billingAddress_postalCode'] = $postalCode;
    $post['vin_PaymentMethod_billingAddress_country'] = $country;
    $post['vin_Account_emailAddress'] = $email;
    $post['vin_PaymentMethod_creditCard_account'] = $creditCardAccount;
    $post['vin_PaymentMethod_creditCard_expirationDate'] = $exp;
    $post['vin_PaymentMethod_nameValues_cvn'] = $cvn;
    $post['vin_WebSession_vid'] = $vin_WebSession_vid;
    # Copy the BillingAddress to the ShippingAddress to improve
    # Chargeback dispute success. Visa will deny disputed Chargeback
    # for many reasons. A missing ShippingAddress, even though there
    # is nothing being shipped, is commonly one of those reasons.
    # This can be done with JavaScript on the checkout form.
    #
    $post['vin_Account_name'] = $post['vin_PaymentMethod_billingAddress_name'];
    $post['vin_Account_shippingAddress_name'] = $post['vin_PaymentMethod_billingAddress_name'];
    $post['vin_Account_shippingAddress_addr1'] = $post['vin_PaymentMethod_billingAddress_addr1'];
    $post['vin_Account_shippingAddress_city'] = $post['vin_PaymentMethod_billingAddress_city'];
    $post['vin_Account_shippingAddress_district'] = $post['vin_PaymentMethod_billingAddress_district'];
    $post['vin_Account_shippingAddress_county'] = $post['vin_PaymentMethod_billingAddress_county'];
    $post['vin_Account_shippingAddress_postalCode'] = $post['vin_PaymentMethod_billingAddress_postalCode'];
    $post['vin_Account_shippingAddress_country'] = $post['vin_PaymentMethod_billingAddress_country'];
    $post['vin_Account_shippingAddress_phone'] = $post['vin_PaymentMethod_billingAddress_phone'];
    # Create the curl command line for exec by looping through the
    # $post array
    #
    $curlopts = "";
    foreach ($post as $name => $value) {
        $curlopts .= " --data-urlencode {$name}=\"{$value}\"";
    }
    print "<b><i>SOAP URL</i></b>: " . VIN_SOAP_HOST . PHP_EOL;
    # Do the POST
    #
    print "Posting to <b>HOA URL</b>: " . $HOAurl . PHP_EOL;
    print PHP_EOL;
    exec("curl -s {$curlopts} " . $HOAurl, $curlout, $curlret);
    # this line is only here to support testing with a single PHP file:
    $_GET = simulate_get($curlout);
    # the above function established the $_GET array to be the same as
    # what PHP by default populates in the $_GET array when the returnURL
    # page is a separate PHP file, and is here to support testing with
    # a single PHP file.
    #---------------------------------------------------------------------------
    #
    #	PHP specific code handling of HOA WebSession Method finalize processing
    #	------------------------------------------------------------------------
    #
    # The finalize call returns an updated WebSession object.  This
    # is correct in that it refers to the WebSession.finalize soap request and the
    # WebSession.finalizeResponse soap response as defined in the WSDL and Online
    # Soap Documentation at:
    #
    #	http://developer.vindicia.com/docs/soap/index.html?ver=9.0
    #
    # However, specific to the CashBox PHP Client library, this translates into
    # the mapping into the PHP API method to invoke the WebSession.finalize soap
    # request, and the WebSession.finalizeResponse object containing the returned
    # WebSession object may be accessed from the response:
    #
    # 1) PHP API method to invoke the WebSession.finalize soap request:
    #
    #	$response = WebSession->finalize()
    #
    # 2) WebSession.finalizeResponse soap response object containing WebSession:
    #
    #	Following a successful call to finalize(), the values from $response, the
    #	WebSession.finalizeResponse soap response, are then accessible by referencing
    #	the nested objects in the response corresponding to the hierarchy in the WSDL.
    #
    # Note that the WebSession data members from the WSDL are documented in the
    # Online Soap documentation for the WebSession datatype below:
    #
    #	http://developer.vindicia.com/docs/soap/AllDataTypes.html?pf=1&ver=9.0&type=WebSession
    #
    # ---
    #
    # HOA uses the following 3 steps:
    #		1. WebSession.initialize (initialize & obtain a sessionId for the WebSession)
    #		2. HOA Form Post (Present Form to buyer with hidden sessionId, buyer posts to HOA)
    #		3. Redirect to HOA success page (sessionId from redirect for WebSession.finalize)
    #
    # Below describes the handling of Step 3, HOA success page,
    # where the sessionId from the redirect URL is passed to the finalize() method below:
    #
    # 6.	Upon payment form submission if customer’s browser is redirected to the Return URL
    #      hosted by you and specified in the WebSession object. On this page finalize the
    #      WebSession object as follows:
    #
    # 		a.	The redirect URL string contains WebSession’s VID as the value associated with
    #			name ‘session_id’.  Use the VID to make the finalize() call below:
    #
    # ---
    #
    #	HOA WebSession Method: Account_UpdatePaymentMethod
    #
    #---------------------------------------------------------------------------
    #
    # HOA Success Page:  Need to call WebSession.finalize() to invoke internal
    # soap call to Account.updatePaymentMethod() as indicated by the value of
    # WebSession Method (Account_UpdatePaymentMethod), using the parameters already
    # contained in the WebSession object stored in the database (on the HOA/CashBox server).
    #
    #
    # Documentation of Soap Objects returned in PHP code (displayed by print_r($response)):
    #
    # To see the data members in the WebSession (& all other CashBox Soap objects),
    # please review the Online Soap Documentation at the link below:
    #
    #	http://developer.vindicia.com/docs/soap/index.html?ver=9.0
    #
    #	Within the Online Soap Documentation, the following links are pertinent:
    #
    #	All Data Types that are returned by PHP (as seen by print_r($response) are found at:
    #		http://developer.vindicia.com/docs/soap/AllDataTypes.html?ver=9.0
    #
    #	The WebSession methods (including WebSession.initialize() & WebSession.finalize():
    #		http://developer.vindicia.com/docs/soap/WebSession.html?ver=9.0
    #
    #	Specifically for the code below, the WebSession Data Type definition:
    #		http://developer.vindicia.com/docs/soap/AllDataTypes.html?pf=1&ver=9.0&type=WebSession
    #
    # With the above Documentation of the CashBox Soap Objects in mind, the source code
    # of the PHP library itself reveals the actual syntax of the PHP methods involved in
    # setting data members on the CashBox Soap Objects represented in PHP Objects created
    # & used in this sample code.
    #
    # The source code for the WebSession Object in the PHP library is found under
    # 		Vindicia/Soap/WebSession.php within the PHP library for example.
    #
    #-Step 3-----------------------------------------------------
    #-Step 3-
    #-Step 3- This code should be on the returnURL page
    #-Step 3-
    #-Step 3- Nothing has been committed until the WebSession gets
    #-Step 3- finalized. This is done in the returnURL page code. For
    #-Step 3- example, the returnURL is a confirmation page and when
    #-Step 3- the user clicks a confirmation button the form action
    #-Step 3- is a page that performs all the actual finalize steps.
    #-Step 3-
    print "Parameters from redirect URL:" . PHP_EOL;
    print_r($_GET);
    $session_id = $_GET['session_id'];
    $webSession = new WebSession();
    $webSession->setVid($session_id);
    # initialize call timestamp in case of error for support information below:
    date_default_timezone_set("America/Los_Angeles");
    $call_timestamp = date("c");
    // c - The ISO-8601 date (e.g. 2015-06-17T16:34:42+00:00)
    $response = $webSession->finalize();
    print_r($response);
    $session = $response['data']->session;
    # WebSession.finalizeResponse.return.returnCode
    $returnCode = $response['returnCode'];
    # WebSession.finalizeResponse.return.returnString
    $returnString = $response['returnString'];
    # WebSession.finalizeResponse.return.soapId
    $finalize_soapId = $response['data']->return->soapId;
    print $call_timestamp . " WebSession.finalize soapId: " . $finalize_soapId . "\n";
    # log soap id if available in the return values of this call
    # WebSession.apiReturn.returnCode
    $apiReturnCode = $session->apiReturn->returnCode;
    # WebSession.apiReturn.returnString
    $apiReturnString = $session->apiReturn->returnString;
    # WebSession.apiReturnValues
    $apiReturnValues = $session->apiReturnValues;
    # WebSession.apiReturnValues.accountUpdatePaymentMethod
    $accountUpdatePaymentMethod = $apiReturnValues->accountUpdatePaymentMethod;
    # WebSession.apiReturnValues.accountUpdatePaymentMethod.validated
    $validated = $accountUpdatePaymentMethod->validated;
    if ($response['returnCode'] != '200') {
        print $response['returnCode'] . PHP_EOL;
        print $returnString . PHP_EOL;
        print $apiReturnCode . PHP_EOL;
        print $apiReturnString . PHP_EOL;
    } else {
        print $apiReturnCode . PHP_EOL;
        print $apiReturnString . PHP_EOL;
        if ($apiReturnCode == "200") {
            print PHP_EOL . 'Updated Credit Card. Account=' . $merchantAccountId . ' PaymentMethod=' . $merchantPaymentMethodId . PHP_EOL;
        } else {
            if ($apiReturnCode = "261") {
                print "All active AutoBills were updated. AutoBills which are both expired and Suspended cannot be updated.\n";
            } else {
                if ($apiReturnCode == "400") {
                    print "One of the following:\n• Invalid Payment Method Type. (You cannot change the Payment Method Type on an existing Payment Method.)\n• No PaymentMethod specified in arguments.\n• Data validation error Failed to create Payment-Type-Specific Payment Record: Credit Card conversion failed: Credit Card failed Luhn check.\n";
                } else {
                    if ($apiReturnCode == "402") {
                        print "One of the following:\n• PaymentMethod failed validation.\n• Error attempting to authorize card.\n• Unable to authorize card.\n";
                    } else {
                        if ($apiReturnCode = "404") {
                            print "No match found error-description.\n Returned if CashBox cannot find an account that matches the input in the Vindicia database.\n";
                        } else {
                            if ($apiReturnCode = "407") {
                                print "Transaction cannot be processed due to Failed AVS policy evaluation\n";
                            } else {
                                if ($apiReturnCode = "408") {
                                    print "Transaction cannot be processed due to Failed CVN policy evaluation\n";
                                } else {
                                    if ($apiReturnCode = "409") {
                                        print "AutoBill creation failed: due to AVS and CVV Check Failed\n";
                                    } else {
                                        if ($apiReturnCode = "410") {
                                            print "AutoBill creation failed: due to AVS and CVV Check not being able to be performed\n";
                                        } else {
                                            print "Error while making call to Vindicia CashBox\n";
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    return array('apiReturnCode' => $apiReturnCode, 'validated' => $validated);
}
function hoaAutoBill()
{
    # Set the data members from the arg values
    #
    $uniqueValue = get_unique_value();
    $merchantAutoBillId = 'ab-' . $uniqueValue;
    $merchantAccountId = 'account-' . $uniqueValue;
    $merchantPaymentMethodId = 'pm-' . $uniqueValue;
    $merchantProductId = 'Video';
    $merchantBillingPlanId = 'OneMonthSubOneMonthRecurring';
    $creditCardAccount = '5454541111111111';
    $paymentType = 'CreditCard';
    $cvn = '111';
    $exp = '201501';
    $email = get_unique_value() . '@nomail.com';
    $successUrl = 'http://good.com';
    $errorUrl = 'http://bad.com';
    $HOAmethod = 'AutoBill_Update';
    $HOAurl = 'https://secure.prodtest.sj.vindicia.com/vws';
    $HOAversion = '5.0';
    $ipAddress = '127.0.0.1';
    $name = 'John Vindicia';
    $addr1 = '303 Twin Dolphin Drive';
    $city = 'Redwood City';
    $district = 'CA';
    $postalCode = '94065';
    $country = 'US';
    #------------------------------------------------------------
    #-Step 1-
    #-Step 1- Initialize the WebSession before the PaymentMethod
    #-Step 1- form is displayed to the user
    #-Step 1-
    #
    # Create a new WebSession object
    $webSession = new WebSession();
    # Set the WebSession parameters
    $webSession->setReturnURL($successUrl);
    $webSession->setErrorURL($errorUrl);
    $webSession->setIpAddress($ipAddress);
    $webSession->setMethod($HOAmethod);
    $webSession->setVersion($HOAversion);
    #------------------------------------------------------------
    # Set PrivateFormValues. These are hidden fields in the POST
    # that we want to protect from hacking. If the value in the
    # POST does not match the value set during initialization,
    # the WebSession.finalize will fail
    # Your ID for this AutoBill
    $ab_id = new NameValuePair();
    $ab_id->setName("vin_AutoBill_merchantAutoBillId");
    $ab_id->setValue($merchantAutoBillId);
    # Your ID for this user
    $acct_id = new NameValuePair();
    $acct_id->setName("vin_Account_merchantAccountId");
    $acct_id->setValue($merchantAccountId);
    # Permissible values for the Product that is going to be purchased
    //    $prod_id = new NameValuePair();
    //    $prod_id->setName("vin_Product_merchantProductId");
    //    $prod_id->setValue($merchantProductId);
    # Permissible values for the Product that is going to be purchased
    $prod_id = new NameValuePair();
    $prod_id->setName("vin_AutoBill_items_0_Product_merchantProductId");
    $prod_id->setValue($merchantProductId);
    # Permissible values for BillingPlan to be used
    $plan_id = new NameValuePair();
    $plan_id->setName("vin_BillingPlan_merchantBillingPlanId");
    $plan_id->setValue($merchantBillingPlanId);
    # Your ID for this PaymentMethod
    $paym_id = new NameValuePair();
    $paym_id->setName("vin_PaymentMethod_merchantPaymentMethodId");
    $paym_id->setValue($merchantPaymentMethodId);
    $pmt_type = new NameValuePair();
    $pmt_type->setName("vin_PaymentMethod_type");
    $pmt_type->setValue($paymentType);
    # Add the PrivateFormValues to the WebSession
    $webSession->setPrivateFormValues(array($ab_id, $acct_id, $prod_id, $plan_id, $paym_id, $pmt_type));
    #------------------------------------------------------------
    # Set any parameters specific for the Method we are
    # calling in the WebSession.
    #
    $validate = new NameValuePair();
    $validate->setName("AutoBill_Update_validatePaymentMethod");
    //    $validate->setName("AutoBill_Update_validate");
    $validate->setValue("true");
    $minChargebackProbability = new NameValuePair();
    $minChargebackProbability->setName("AutoBill_Update_minChargebackProbability");
    // Value of 100 turns off fraud checking.
    $minChargebackProbability->setValue("100");
    $ignoreCvnPolicy = new NameValuePair();
    $ignoreCvnPolicy->setName("AutoBill_Update_ignoreCvnPolicy");
    $ignoreCvnPolicy->setValue("false");
    $ignoreAvsPolicy = new NameValuePair();
    $ignoreAvsPolicy->setName("AutoBill_Update_ignoreAvsPolicy");
    $ignoreAvsPolicy->setValue("false");
    $dryRun = new NameValuePair();
    $dryRun->setName("AutoBill_Update_dryRun");
    $dryRun->setValue("false");
    // AutoBill_Update takes in one more parameter - campaignCode
    // We will collect campaign code from the payment form
    $webSession->setMethodParamValues(array($validate, $minChargebackProbability, $ignoreCvnPolicy, $ignoreAvsPolicy, $dryRun));
    # Initialize the WebSession
    #
    $response = $webSession->initialize();
    # Check to see that the initialize succeeded
    #
    if ($response['returnCode'] == 200) {
        # The VID of the WebSession object serves as session id
        #
        $vin_WebSession_vid = $response['data']->session->getVID();
    } else {
        print $response;
        return;
    }
    #------------------------------------------------------------
    #-Step 2-
    #-Step 2- This is the payment method FORM and the HOA POST
    #-Step 2-
    # TODO: Parameterize these from $_POST or $argv
    # Fields on the checkout FORM
    # User supplied input
    //    $post['vin_PaymentMethod_merchantPaymentMethodId'] =
    //                $merchantPaymentMethodId;
    $post['vin_PaymentMethod_accountHolderName'] = $post['vin_PaymentMethod_billingAddress_name'] = $name;
    $post['vin_PaymentMethod_billingAddress_addr1'] = $addr1;
    $post['vin_PaymentMethod_billingAddress_city'] = $city;
    $post['vin_PaymentMethod_billingAddress_district'] = $district;
    $post['vin_PaymentMethod_billingAddress_postalCode'] = $postalCode;
    $post['vin_PaymentMethod_billingAddress_country'] = $country;
    $post['vin_Account_emailAddress'] = $email;
    $post['vin_PaymentMethod_creditCard_account'] = $creditCardAccount;
    $post['vin_PaymentMethod_creditCard_expirationDate'] = $exp;
    $post['vin_PaymentMethod_nameValues_cvn'] = $cvn;
    # Hidden fields in the checkout FORM
    #
    $post['vin_WebSession_vid'] = $vin_WebSession_vid;
    // If you have a Campaign Code form value...
    //$post['AutoBill_Update_campaignCode'] = 'XYZ';
    # Copy the BillingAddress to the ShippingAddress to improve
    # Chargeback dispute success. Visa will deny disputed Chargeback
    # for many reasons. A missing ShippingAddress, even though there
    # is nothing being shipped, is commonly one of those reasons.
    # This can be done with JavaScript on the checkout form.
    #
    $post['vin_Account_name'] = $post['vin_PaymentMethod_billingAddress_name'];
    $post['vin_Account_shippingAddress_name'] = $post['vin_PaymentMethod_billingAddress_name'];
    $post['vin_Account_shippingAddress_addr1'] = $post['vin_PaymentMethod_billingAddress_addr1'];
    $post['vin_Account_shippingAddress_city'] = $post['vin_PaymentMethod_billingAddress_city'];
    $post['vin_Account_shippingAddress_district'] = $post['vin_PaymentMethod_billingAddress_district'];
    $post['vin_Account_shippingAddress_county'] = $post['vin_PaymentMethod_billingAddress_county'];
    $post['vin_Account_shippingAddress_postalCode'] = $post['vin_PaymentMethod_billingAddress_postalCode'];
    $post['vin_Account_shippingAddress_country'] = $post['vin_PaymentMethod_billingAddress_country'];
    $post['vin_Account_shippingAddress_phone'] = $post['vin_PaymentMethod_billingAddress_phone'];
    # Create the curl command line for exec by looping through the
    # $post array
    #
    $curlopts = "";
    foreach ($post as $name => $value) {
        $curlopts .= " --data-urlencode {$name}=\"{$value}\"";
    }
    # Do the POST
    #
    exec("curl -s {$curlopts} " . $HOAurl, $curlout, $curlret);
    #-Step 3-----------------------------------------------------
    #-Step 3-
    #-Step 3- This code should be on the returnURL page
    #-Step 3-
    #-Step 3- Nothing has been committed until the WebSession gets
    #-Step 3- finalized. This is done in the returnURL page code. For
    #-Step 3- example, the returnURL is a confirmation page and when
    #-Step 3- the user clicks a confirmation button the form action
    #-Step 3- is a page that performs all the actual finalize steps.
    #-Step 3-
    #------------------------------------------------------------
    # This is only necessary for this CLI implementation.
    #
    # Flatten the output from exec so we can search it. The response
    # from a successful HOA POST should be a 302 page that contains
    # our returnURL with the WebSessionVID as the query string.
    #
    if (php_sapi_name() == "cli") {
        $curlresp = implode("\n", $curlout);
    }
    #
    #------------------------------------------------------------
    # For CLI, use the WebSessionId we stored in the POST values
    # for curl. For everything else, retrieve the WebSessionId
    # from the URL query string on the redirect to the returnURL
    #
    if (php_sapi_name() == "cli") {
        $session_id = $post['vin_WebSession_vid'];
    } else {
        $session_id = $_GET['session_id'];
    }
    $webSession = new WebSession();
    $webSession->setVid($session_id);
    $response = $webSession->finalize();
    if ($response['returnCode'] != '200') {
        print $response;
    }
    # Note, finalize almost always returns a 200 returnCode. The real
    # test for success of the underlying API call is inspection of
    # the apiReturn and apiReturnValues objects
    # Parse out the return object from the method call
    #
    $apiReturnValues = $response['data']->session->apiReturnValues;
    # Check the returnCode of the method called.
    # See Returns for update method of AutoBill object in the API
    # Reference for possible returnCodes.
    #
    if ($response['data']->session->apiReturn->returnCode != "200") {
        //408 - AutoBill creation failed: CVV check failed
        //407 - AutoBill creation failed: AVS Check Failed
        //409 - AutoBill creation failed: AVS and CVV Check Failed
        //410 - AutoBill creation failed: AVS and CVV check could not be performed
        //402 - AutoBill creation failed: Card authorization failed
        //400 - AutoBill creation failed
        print $apiReturnValues;
    }
    print 'success';
    print $response['data']->session->apiReturn->soapId . " AutoBill >" . $merchantAutoBillId . "< created for Account >" . $merchantAccountId . "< using PaymentMethod >" . $merchantPaymentMethodId . "<  AuthCode->" . $response['data']->session->apiReturnValues->autoBillUpdate->authStatus->creditCardStatus->getAuthCode() . "<  AVS->" . $response['data']->session->apiReturnValues->autoBillUpdate->authStatus->creditCardStatus->getAvsCode() . "<  CVN->" . $response['data']->session->apiReturnValues->autoBillUpdate->authStatus->creditCardStatus->getCvnCode() . "<";
}
function hoaTransactionAuthThenCapture()
{
    $uniqueValue = get_unique_value();
    $merchantAccountId = 'account-' . $uniqueValue;
    $merchantTransactionId = 't-' . $uniqueValue;
    if (fail_if_merchant_transaction_id_too_long($merchantTransactionId)) {
        return;
    }
    $merchantPaymentMethodId = 'pm-' . $uniqueValue;
    $creditCardAccount = '5454541111111111';
    $paymentType = 'CreditCard';
    $cvn = '111';
    $exp = '201801';
    $email = get_unique_value() . '@nomail.com';
    $successUrl = 'http://good.com';
    $errorUrl = 'http://bad.com';
    $HOAmethod = 'Transaction_Auth';
    $HOAurl = 'https://secure.prodtest.sj.vindicia.com/vws';
    $HOAversion = '5.0';
    $ipAddress = '127.0.0.1';
    $name = 'John Vindicia';
    $addr1 = '303 Twin Dolphin Drive';
    $city = 'Redwood City';
    $district = 'CA';
    $postalCode = '94065';
    $country = 'US';
    #------------------------------------------------------------
    #-Step 1-
    #-Step 1- Initialize the WebSession before the PaymentMethod
    #-Step 1- form is displayed to the user
    #-Step 1-
    #
    # Create a new WebSession object
    $webSession = new WebSession();
    # Set the WebSession parameters
    $webSession->setReturnURL($successUrl);
    $webSession->setErrorURL($errorUrl);
    $webSession->setIpAddress($ipAddress);
    $webSession->setMethod($HOAmethod);
    $webSession->setVersion($HOAversion);
    #------------------------------------------------------------
    # Set PrivateFormValues. These are hidden fields in the POST
    # that we want to protect from hacking. If the value in the
    # POST does not match the value set during initialization,
    # the WebSession.finalize will fail
    //    $account_VID = $account->VID;
    //
    //    $nameVals[0] = new NameValuePair();
    //    $nameVals[0]->setName('Account_VID');
    //    $nameVals[0]->setValue($account_VID); // so that we can use the existing account
    $tx_id = new NameValuePair();
    $tx_id->setName('vin_Transaction_merchantTransactionId');
    $tx_id->setValue($merchantTransactionId);
    // so that we can use the existing account
    # Your ID for this user
    $acct_id = new NameValuePair();
    $acct_id->setName("vin_Account_merchantAccountId");
    $acct_id->setValue($merchantAccountId);
    # Your ID for this PaymentMethod
    $paym_id = new NameValuePair();
    $paym_id->setName("vin_PaymentMethod_merchantPaymentMethodId");
    $paym_id->setValue($merchantPaymentMethodId);
    $pmt_type = new NameValuePair();
    $pmt_type->setName("vin_PaymentMethod_type");
    $pmt_type->setValue($paymentType);
    # Add the PrivateFormValues to the WebSession
    $webSession->setPrivateFormValues(array($tx_id, $acct_id, $paym_id, $pmt_type));
    #------------------------------------------------------------
    # Set any parameters specific for the Method we are
    # calling in the WebSession.
    #
    $minChargebackProbability = new NameValuePair();
    $minChargebackProbability->setName("Transaction_Auth_minChargebackProbability");
    $minChargebackProbability->setValue("70");
    $dryRun = new NameValuePair();
    $dryRun->setName("Transaction_Auth_dryRun");
    $dryRun->setValue("false");
    $sendEmailNotification = new NameValuePair();
    $sendEmailNotification->setName("Transaction_Auth_sendEmailNotification");
    $sendEmailNotification->setValue("true");
    // Transaction_Auth takes in one more parameter - campaignCode
    // We can collect campaign code from the payment form and set
    // prior to WebSession.Finalize, or pass it in here prior to WebSession.Initialize.
    $campaign = 'CampaignXYZ';
    //    $campaignCodeNVP = new NameValuePair();
    //    $campaignCodeNVP->setName("Transaction_Auth_campaignCode");
    //    $campaignCodeNVP->setValue($campaign);
    $webSession->setMethodParamValues(array($sendEmailNotification, $minChargebackProbability, $dryRun));
    # Initialize the WebSession
    #
    $response = $webSession->initialize();
    # Check to see that the initialize succeeded
    #
    if ($response['returnCode'] == 200) {
        # The VID of the WebSession object serves as session id
        #
        $vin_WebSession_vid = $response['data']->session->getVID();
    } else {
        print $response;
        return;
    }
    #------------------------------------------------------------
    #-Step 2-
    #-Step 2- This is the payment method FORM and the HOA POST
    #-Step 2-
    # Fields on the checkout FORM
    # User supplied input
    //    $post['vin_PaymentMethod_merchantPaymentMethodId'] =
    //                $merchantPaymentMethodId;
    $post['vin_PaymentMethod_accountHolderName'] = $post['vin_PaymentMethod_billingAddress_name'] = $name;
    $post['vin_PaymentMethod_billingAddress_addr1'] = $addr1;
    $post['vin_PaymentMethod_billingAddress_city'] = $city;
    $post['vin_PaymentMethod_billingAddress_district'] = $district;
    $post['vin_PaymentMethod_billingAddress_postalCode'] = $postalCode;
    $post['vin_PaymentMethod_billingAddress_country'] = $country;
    $post['vin_Account_emailAddress'] = $email;
    $post['vin_PaymentMethod_creditCard_account'] = $creditCardAccount;
    $post['vin_PaymentMethod_creditCard_expirationDate'] = $exp;
    $post['vin_PaymentMethod_nameValues_cvn'] = $cvn;
    $post['vin_Transaction_transactionItems_0_sku'] = 'Item 1';
    $post['vin_Transaction_transactionItems_0_name'] = 'Item 1 Description';
    $post['vin_Transaction_transactionItems_0_price'] = '99';
    $post['vin_Transaction_transactionItems_0_quantity'] = '1';
    # Hidden fields in the checkout FORM
    #
    $post['vin_WebSession_vid'] = $vin_WebSession_vid;
    # Copy the BillingAddress to the ShippingAddress to improve
    # Chargeback dispute success. Visa will deny disputed Chargeback
    # for many reasons. A missing ShippingAddress, even though there
    # is nothing being shipped, is commonly one of those reasons.
    # This can be done with JavaScript on the checkout form.
    #
    $post['vin_Account_name'] = $post['vin_PaymentMethod_billingAddress_name'];
    $post['vin_Account_shippingAddress_name'] = $post['vin_PaymentMethod_billingAddress_name'];
    $post['vin_Account_shippingAddress_addr1'] = $post['vin_PaymentMethod_billingAddress_addr1'];
    $post['vin_Account_shippingAddress_city'] = $post['vin_PaymentMethod_billingAddress_city'];
    $post['vin_Account_shippingAddress_district'] = $post['vin_PaymentMethod_billingAddress_district'];
    $post['vin_Account_shippingAddress_county'] = $post['vin_PaymentMethod_billingAddress_county'];
    $post['vin_Account_shippingAddress_postalCode'] = $post['vin_PaymentMethod_billingAddress_postalCode'];
    $post['vin_Account_shippingAddress_country'] = $post['vin_PaymentMethod_billingAddress_country'];
    $post['vin_Account_shippingAddress_phone'] = $post['vin_PaymentMethod_billingAddress_phone'];
    // If you have a Campaign Code form value...
    //$post['Transaction_Auth_campaignCode'] = $campaign;
    # Create the curl command line for exec by looping through the
    # $post array
    #
    $curlopts = "";
    foreach ($post as $name => $value) {
        $curlopts .= " --data-urlencode {$name}=\"{$value}\"";
    }
    # Do the POST
    #
    exec("curl -s {$curlopts} " . $HOAurl, $curlout, $curlret);
    #-Step 3-----------------------------------------------------
    #-Step 3-
    #-Step 3- This code should be on the returnURL page
    #-Step 3-
    #-Step 3- Nothing has been committed until the WebSession gets
    #-Step 3- finalized. This is done in the returnURL page code. For
    #-Step 3- example, the returnURL is a confirmation page and when
    #-Step 3- the user clicks a confirmation button the form action
    #-Step 3- is a page that performs all the actual finalize steps.
    #-Step 3-
    #------------------------------------------------------------
    # This is only necessary for this CLI implementation.
    #
    # Flatten the output from exec so we can search it. The response
    # from a successful HOA POST should be a 302 page that contains
    # our returnURL with the WebSessionVID as the query string.
    #
    if (php_sapi_name() == "cli") {
        $curlresp = implode("\n", $curlout);
    }
    #
    #------------------------------------------------------------
    # For CLI, use the WebSessionId we stored in the POST values
    # for curl. For everything else, retrieve the WebSessionId
    # from the URL query string on the redirect to the returnURL
    #
    if (php_sapi_name() == "cli") {
        $session_id = $post['vin_WebSession_vid'];
    } else {
        $session_id = $_GET['session_id'];
    }
    $campaignCode = $post['Transaction_Auth_campaignCode'];
    if ($campaignCode != null) {
        $fetchedWebSession = new WebSession();
        $response = $fetchedWebSession->fetchByVid($session_id);
        $response_object = $response['data'];
        $return_code = $response['returnCode'];
        $websession = $response_object->session;
        if ($return_code != "200" || $websession->apiReturn->returnCode != "200") {
            print $response;
        }
    }
    $webSession = new WebSession();
    $webSession->setVid($session_id);
    if ($campaignCode != null) {
        $campaignCodeNVP = new NameValuePair();
        $campaignCodeNVP->setName("Transaction_Auth_campaignCode");
        $campaignCodeNVP->setValue($campaignCode);
        $webSession->setMethodParamValues(array($campaignCodeNVP));
    }
    $response = $webSession->finalize();
    if ($response['returnCode'] != '200') {
        print $response['data']->session->apiReturn->returnCode . PHP_EOL;
        print $response['data']->session->apiReturn->returnString . PHP_EOL;
    } else {
        print "returnCode=" . $response['data']->session->apiReturn->returnCode . PHP_EOL;
        print "returnString=" . $response['data']->session->apiReturn->returnString . PHP_EOL;
        if ($response['data']->session->apiReturn->returnCode == "200") {
            $returnTransaction = $response['data']->session->apiReturnValues->transactionAuth->transaction;
            if ($returnTransaction->statusLog[0]->status == 'Authorized') {
                print "Transaction approved\n";
                $captureTransaction = new Transaction();
                $response = $captureTransaction->capture(array($returnTransaction));
                print "returnCode=" . $response['returnCode'] . PHP_EOL;
                print "returnString=" . $response['returnString'] . PHP_EOL;
                if ($response['returnCode'] == 200) {
                    $captureResults = $response['data']->results;
                    foreach ($captureResults as $captureResult) {
                        if ($captureResult->returnCode == 200) {
                            print "Transaction with id " . $captureResult->merchantTransactionId . " was successfully captured";
                        } else {
                            print "Transaction was not successfully captured. ReturnCode=" . $captureResult->returnCode;
                        }
                    }
                } else {
                    print "Transactions were not successfully captured. ReturnCode=" . $response['returnCode'];
                }
            } else {
                if ($returnTransaction->statusLog[0]->status == 'Cancelled') {
                    print "Transaction not approved \n";
                    print "Reason code is: ";
                    print $returnTransaction->statusLog[0]->creditCardStatus->authCode;
                    print "\n";
                } else {
                    print "Error: Unexpected transaction status\n";
                }
            }
        } else {
            if ($response['data']->session->apiReturn->returnCode = "202") {
                print "Transaction cannot be processed due to taxes being temporarily unavailable\n";
            } else {
                if ($response['data']->session->apiReturn->returnCode == "400") {
                    print "Transaction cannot be processed due to data validation error\n";
                } else {
                    if ($response['data']->session->apiReturn->returnCode == "402") {
                        print "Transaction cannot be processed due to transaction error\n";
                    } else {
                        if ($response['data']->session->apiReturn->returnCode = "403") {
                            print "Transaction cannot be processed due to high fraud potential\n";
                        } else {
                            if ($response['data']->session->apiReturn->returnCode = "406") {
                                print "Transaction cannot be processed due to Chargeback risk score being higher than minChargebackProbability\n";
                            } else {
                                if ($response['data']->session->apiReturn->returnCode = "407") {
                                    print "Transaction cannot be processed due to Failed AVS policy evaluation\n";
                                } else {
                                    if ($response['data']->session->apiReturn->returnCode = "408") {
                                        print "Transaction cannot be processed due to Failed CVN policy evaluation\n";
                                    } else {
                                        print "Error while making call to Vindicia CashBox\n";
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
}
Example #5
0
define("HOA_POST_URL", "https://secure.prodtest.sj.vindicia.com/vws.html");
// for staging set it as 'https://secure.staging.sj.vindicia.com/vws'
//define("HOA_POST_URL","https://secure.staging.sj.vindicia.com/vws.html");
// get the merchantPaymentMethodId we will updating from the post
$merchantPmId = $_POST['merchantPmId'];
// ok, now we're ready to get the new card info. Step 1: create the WebSession object
$websession = new WebSession();
$websession->setMethod('PaymentMethod_Update');
$websession->setReturnURL(HOA_RETURN_URL);
$websession->setErrorURL(HOA_CANCEL_URL);
$websession->setIpAddress(IP_ADDRESS);
// Step 2: start configuring the WebSession with the parameters we want to have
$nvp1 = new NameValuePair();
$nvp1->setName('vin_PaymentMethod_merchantPaymentMethodId');
$nvp1->setValue($merchantPmId);
$websession->setPrivateFormValues(array($nvp1));
$nvp6 = new NameValuePair();
$nvp6->setName('PaymentMethod_Update_validate');
$nvp6->setValue(1);
//needs to be less than 100 to get a score.  100 is used to ignore fraud scoring
$nvp7 = new NameValuePair();
$nvp7->setName('PaymentMethod_Update_minchargebackprobability');
$nvp7->setValue('99');
$nvp8 = new NameValuePair();
$nvp8->setName('PaymentMethod_Update_replaceOnAllAutoBills');
$nvp8->setValue(1);
$nvp9 = new NameValuePair();
$nvp9->setName('PaymentMethod_Update_sourceIp');
$nvp9->setValue(IP_ADDRESS);
$nvp10 = new NameValuePair();
$nvp10->setName('PaymentMethod_Update_replaceOnAllChildAutoBills');