<?php
// Example of how ANY application can communicate
// with ANY Payment Service Provider (PSP) using the
// standardized payment interface (PSPI).
require_once dirname(__FILE__) . "/../../PSPInterface.php";
$orderId = "1041";
$amount = 10;
$currency = "DKK";
// Notice: URL parameters are not allowed.
// TransactionId, OrderId, Amount, and Currency is passed to CustomCallback.php via POST.
$continueUrl = PSP::GetProviderUrl("DIBS") . "/Test/ThanksPage.php";
$callbackUrl = PSP::GetProviderUrl("DIBS") . "/Test/CustomCallback.php";
$p = PSP::GetPaymentProvider("DIBS");
$p->RedirectToPaymentForm($orderId, $amount, $currency, $continueUrl, $callbackUrl);
<?php
// This file is responsible for receiving the response from DIBS
// and forward it to the application in a standardized way.
require_once dirname(__FILE__) . "/../PSPInterface.php";
// Callback is called directly by Payment Service Provider, so we need to include PSPInterface.php
if ($_SERVER["REMOTE_ADDR"] === "85.236.67.1") {
$config = PSP::GetConfig("DIBS");
// Checksum (if keys are configured)
$checksum = "";
if (isset($config["Encryption Key 1"]) && $config["Encryption Key 1"] !== "" && isset($config["Encryption Key 2"]) && $config["Encryption Key 2"] !== "") {
$k1 = $config["Encryption Key 1"];
$k2 = $config["Encryption Key 2"];
$checksum = md5($k2 . md5($k1 . "transact=" . $_POST["transact"] . "&amount=" . $_POST["amount"] . "¤cy=" . $_POST["currency"]));
if ($checksum !== $_POST["authkey"]) {
throw new Exception("SecurityException: Integrity check failed - mismatching checksums");
}
}
// Invoke applicaton callback specified in RedirectToPaymentForm(..).
// Using PSP::InvokeCallback(..) which implements security measures
// to prevent man-in-the-middle attacks.
PSP::Log("DIBS - invoking callback:\nTransactionId: " . $_POST["transact"] . "\nOrderId: " . $_POST["orderid"] . "\nAmount: " . $_POST["amount"] . "\nCurrency: " . $_POST["currency"]);
PSP::InvokeCallback($_POST["CUSTOM_Callback"], $_POST["transact"] . ";" . $_POST["orderid"], $_POST["orderid"], (int) $_POST["amount"], $_POST["currency"]);
} else {
if (isset($_POST["CUSTOM_ContinueUrl"]) === true) {
PSP::RedirectToContinueUrl($_POST["CUSTOM_ContinueUrl"]);
}
}
private static function ensureCurrencies()
{
if (self::$currencies === null) {
require_once dirname(__FILE__) . "/Currencies.php";
self::$currencies = $currencies;
self::$numCurrencies = array();
foreach ($currencies as $key => $value) {
self::$numCurrencies[$value] = $key;
}
}
}
if ($order["State"] !== "Initial") {
header("HTTP/1.1 500 Internal Server Error");
echo "Order with ID '" . $orderId . "' has already been processed";
exit;
}
$amount = (int) round(((double) $order["Price"] + (double) $order["Vat"]) * 100);
// Amount in smallest possible unit (e.g. USD 10095 = USD 100.95)
$currency = $order["Currency"];
$continueUrl = SMEnvironment::GetExternalUrl();
$continueUrl .= SMAttributes::GetAttribute("SMShopReceiptPage") !== null && SMAttributes::GetAttribute("SMShopReceiptPage") !== "" ? "/" . SMAttributes::GetAttribute("SMShopReceiptPage") : "";
$callbackUrl = SMEnvironment::GetExternalUrl() . "/" . SMExtensionManager::GetCallbackUrl(SMExtensionManager::GetExecutingExtension(), "Callbacks/Payment") . "&PaymentOperation=Auth";
$p = PSP::GetPaymentProvider($order["PaymentMethod"]);
$p->RedirectToPaymentForm($orderId, $amount, $currency, $continueUrl, $callbackUrl);
} else {
if ($operation === "Auth") {
$data = PSP::GetCallbackData();
// Securely obtain data passed to callback
$transactionId = $data["TransactionId"];
// String
$orderId = $data["OrderId"];
// String
//$amount = $data["Amount"]; // Integer
//$currency = $data["Currency"]; // String
$order = getOrder($orderId);
$order["TransactionId"] = $transactionId;
$order["State"] = "Authorized";
$ds = new SMDataSource("SMShopOrders");
$ds->Lock();
$ds->Update($order, "Id = '" . $ds->Escape($order["Id"]) . "'");
$ds->Commit();
}
private function apiCall($type, $transactionId, $amount = -1)
{
$transactionInfo = explode(";", $transactionId);
$transactionId = $transactionInfo[0];
$orderId = $transactionInfo[1];
$cfg = PSP::GetConfig("DIBS");
$checksum = "";
if (isset($cfg["Encryption Key 1"]) && $cfg["Encryption Key 1"] !== "" && isset($cfg["Encryption Key 2"]) && $cfg["Encryption Key 2"] !== "") {
$check = "";
$check .= "merchant=" . $cfg["Merchant ID"];
$check .= "&orderid=" . $orderId;
$check .= "&transact=" . $transactionId;
if ($type === "Capture") {
$check .= "&amount=" . $amount;
}
$checksum = md5($cfg["Encryption Key 2"] . md5($cfg["Encryption Key 1"] . $check));
}
$data = array("merchant" => $cfg["Merchant ID"], "transact" => $transactionId, "orderid" => $orderId, "md5key" => $checksum);
if ($type === "Capture") {
$data["amount"] = (string) $amount;
}
$url = null;
if ($type === "Capture") {
$url = "https://payment.architrade.com/cgi-bin/capture.cgi";
} else {
if ($type === "Cancel") {
$url = "https://" . $cfg["API User: Username"] . ":" . $cfg["API User: Password"] . "@payment.architrade.com/cgi-adm/cancel.cgi";
}
}
$response = PSP::Post($url, $data);
$result = strpos($response, "status=ACCEPTED") !== false;
PSP::Log("DIBS - API call result: " . "\nType: " . $type . "\nSuccess: " . ($result === true ? "true" : "false") . "\nResponse: " . $response);
return $result;
}
