public static function validateTransactionResult_SERVER_PULL($szMerchantID, $szPassword, $szPreSharedKey, $szHashMethod, $aQueryStringVariables, $szPaymentFormResultHandlerURL, &$trTransactionResult, &$szValidateErrorMessage) { $boErrorOccurred = false; $szValidateErrorMessage = ""; $trTransactionResult = null; // read the transaction reference variables from the query string variable list if (!PaymentFormHelper::getTransactionReferenceFromQueryString($aQueryStringVariables, $szCrossReference, $szOrderID, $szHashDigest, $szOutputMessage)) { $boErrorOccurred = true; $szValidateErrorMessage = $szOutputMessage; } else { // now need to validate the hash digest $szStringToHash = PaymentFormHelper::generateStringToHash3($szMerchantID, $szPassword, $szCrossReference, $szOrderID, $szPreSharedKey, $szHashMethod); $szCalculatedHashDigest = PaymentFormHelper::calculateHashDigest($szStringToHash, $szPreSharedKey, $szHashMethod); // does the calculated hash match the one that was passed? if (strToUpper($szHashDigest) != strToUpper($szCalculatedHashDigest)) { $boErrorOccurred = true; $szValidateErrorMessage = "Hash digests don't match - possible variable tampering"; } else { // use the cross reference and/or the order ID to pull the // transaction results out of storage if (!PaymentFormHelper::getTransactionResultFromPaymentFormHandler($szPaymentFormResultHandlerURL, $szMerchantID, $szPassword, $szCrossReference, $trTransactionResult, $szOutputMessage)) { $szValidateErrorMessage = "Error querying transaction result [" . $szCrossReference . "] from [" . $szPaymentFormResultHandlerURL . "]: " . $szOutputMessage; $boErrorOccurred = true; } else { $boErrorOccurred = false; } } } return !$boErrorOccurred; }
function m_CardSave_Hosted($orderId) { require_once SITE_PATH . "modules/ecom/classes/main/PaymentFormHelper.php"; $MerchantID = CSr_MERCHANT_ID; $Password = CSr_MERCHANT_PASS; $PaymentProcessorDomain = CSr_DOMAIN; $HashMethod = "MD5"; $PreSharedKey = CSr_KEY; $ResultDeliveryMethod = "SERVER"; $FormAction = "https://mms." . $PaymentProcessorDomain . "/Pages/PublicPages/PaymentForm.aspx"; // the amount in *minor* currency (i.e. £10.00 passed as "1000") $szAmount = strval(100 * floatval($_SESSION['grandTotal'])); // the currency - ISO 4217 3-digit numeric (e.g. GBP = 826) $szCurrencyCode = strval(CSr_CURRENCY); // order ID $szOrderID = strval($orderId); // the transaction type - can be SALE or PREAUTH $szTransactionType = "SALE"; $szTransactionDateTime = date('Y-m-d H:i:s P'); $szOrderDescription = "Order From " . SITE_URL . " - Invoice Number:" . $orderId; // these variables allow the payment form to be "seeded" with initial values $szCustomerName = $_SESSION['first_name'] . " " . $_SESSION['last_name']; $szAddress1 = $_SESSION['address1']; $szAddress2 = $_SESSION['address2']; $szAddress3 = ""; $szAddress4 = ""; $szCity = $_SESSION['city']; $this->obDb->query = "SELECT vStateName FROM " . STATES . " where iStateId_PK = '" . $_SESSION['bill_state_id'] . "'"; $row_state = $this->obDb->fetchQuery(); $szState = $row_state[0]->vStateName; $szPostCode = $_SESSION['zip']; $this->obDb->query = "SELECT vCountryCode FROM " . COUNTRY . " where iCountryId_PK = '" . $_SESSION['bill_country_id'] . "'"; $row_country = $this->obDb->fetchQuery(); $szCountryCode = $row_country[0]->vCountryCode; // use these to control which fields on the hosted payment form are // mandatory $szCV2Mandatory = PaymentFormHelper::boolToString(CSr_CV2_MANDATORY); $szAddress1Mandatory = PaymentFormHelper::boolToString(true); $szCityMandatory = PaymentFormHelper::boolToString(true); $szPostCodeMandatory = PaymentFormHelper::boolToString(true); $szStateMandatory = PaymentFormHelper::boolToString(true); $szCountryMandatory = PaymentFormHelper::boolToString(true); // the URL on this system that the payment form will push the results to (only applicable for // ResultDeliveryMethod = "SERVER") if ($ResultDeliveryMethod != "SERVER") { $szServerResultURL = ""; } else { $szServerResultURL = SITE_SAFEURL . "ecom/index.php?action=checkout.cshcb"; } // set this to true if you want the hosted payment form to display the transaction result // to the customer (only applicable for ResultDeliveryMethod = "SERVER") if ($ResultDeliveryMethod != "SERVER") { $szPaymentFormDisplaysResult = ""; } else { $szPaymentFormDisplaysResult = PaymentFormHelper::boolToString(CSr_RESULTS_DISPLAY); } // the callback URL on this site that will display the transaction result to the customer // (always required unless ResultDeliveryMethod = "SERVER" and PaymentFormDisplaysResult = "true") if ($ResultDeliveryMethod == "SERVER" && PaymentFormHelper::stringToBool($szPaymentFormDisplaysResult) == false) { $szCallbackURL = SITE_SAFEURL . "ecom/index.php?action=checkout.cshcb2"; } else { $szCallbackURL = SITE_SAFEURL . "ecom/index.php?action=checkout.cshcb2"; } // get the string to be hashed $szStringToHash = PaymentFormHelper::generateStringToHash($MerchantID, $Password, $szAmount, $szCurrencyCode, $szOrderID, $szTransactionType, $szTransactionDateTime, $szCallbackURL, $szOrderDescription, $szCustomerName, $szAddress1, $szAddress2, $szAddress3, $szAddress4, $szCity, $szState, $szPostCode, $szCountryCode, $szCV2Mandatory, $szAddress1Mandatory, $szCityMandatory, $szPostCodeMandatory, $szStateMandatory, $szCountryMandatory, $ResultDeliveryMethod, $szServerResultURL, $szPaymentFormDisplaysResult, $PreSharedKey, $HashMethod); // pass this string into the hash function to create the hash digest $szHashDigest = PaymentFormHelper::calculateHashDigest($szStringToHash, $PreSharedKey, $HashMethod); //$this->obTpl->set_var("TPL_VAR_BREDCRUMBS"," » Checkout"); //$this->obTpl->set_var("TPL_VAR_BODY",' echo '<html><head><script language="JavaScript" type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.js"></script></head><body> <p>Please wait while your are transferred to CardSave to complete your payment.</p> <form id="psrsubmit" action="' . $FormAction . '" method="post"> <input type="hidden" name="HashDigest" value="' . $szHashDigest . '" /> <input type="hidden" name="MerchantID" value="' . $MerchantID . '" /> <input type="hidden" name="Amount" value="' . $szAmount . '" /> <input type="hidden" name="CurrencyCode" value="' . $szCurrencyCode . '" /> <input type="hidden" name="OrderID" value="' . $szOrderID . '" /> <input type="hidden" name="TransactionType" value="' . $szTransactionType . '" /> <input type="hidden" name="TransactionDateTime" value="' . $szTransactionDateTime . '" /> <input type="hidden" name="CallbackURL" value="' . $szCallbackURL . '" /> <input type="hidden" name="OrderDescription" value="' . $szOrderDescription . '" /> <input type="hidden" name="CustomerName" value="' . $szCustomerName . '" /> <input type="hidden" name="Address1" value="' . $szAddress1 . '" /> <input type="hidden" name="Address2" value="' . $szAddress2 . '" /> <input type="hidden" name="Address3" value="' . $szAddress3 . '" /> <input type="hidden" name="Address4" value="' . $szAddress4 . '" /> <input type="hidden" name="City" value="' . $szCity . '" /> <input type="hidden" name="State" value="' . $szState . '" /> <input type="hidden" name="PostCode" value="' . $szPostCode . '" /> <input type="hidden" name="CountryCode" value="' . $szCountryCode . '" /> <input type="hidden" name="CV2Mandatory" value="' . $szCV2Mandatory . '" /> <input type="hidden" name="Address1Mandatory" value="' . $szAddress1Mandatory . '" /> <input type="hidden" name="CityMandatory" value="' . $szCityMandatory . '" /> <input type="hidden" name="PostCodeMandatory" value="' . $szPostCodeMandatory . '" /> <input type="hidden" name="StateMandatory" value="' . $szStateMandatory . '" /> <input type="hidden" name="CountryMandatory" value="' . $szCountryMandatory . '" /> <input type="hidden" name="ResultDeliveryMethod" value="' . $ResultDeliveryMethod . '" /> <input type="hidden" name="ServerResultURL" value="' . $szServerResultURL . '" /> <input type="hidden" name="PaymentFormDisplaysResult" value="' . $szPaymentFormDisplaysResult . '" /> <input type="hidden" name="ServerResultURLCookieVariables" value="" /> <input type="hidden" name="ServerResultURLFormVariables" value="" /> <input type="hidden" name="ServerResultURLQueryStringVariables" value="" /> </form> <script type="text/javascript"> jQuery(document).ready(function(){ jQuery("#psrsubmit").submit(); }); </script></body></html>'; }