public static function validateTransactionResult_SERVER_PULL($szMerchantID, $szPassword, $szPreSharedKey, $szHashMethod, $aQueryStringVariables, $szPaymentFormResultHandlerURL, &$trTransactionResult, &$szValidateErrorMessage)
{
$boErrorOccurred = false;
$szValidateErrorMessage = "";
$trTransactionResult = null;
// read the transaction reference variables from the query string variable list
if (!PaymentFormHelper::getTransactionReferenceFromQueryString($aQueryStringVariables, $szCrossReference, $szOrderID, $szHashDigest, $szOutputMessage)) {
$boErrorOccurred = true;
$szValidateErrorMessage = $szOutputMessage;
} else {
// now need to validate the hash digest
$szStringToHash = PaymentFormHelper::generateStringToHash3($szMerchantID, $szPassword, $szCrossReference, $szOrderID, $szPreSharedKey, $szHashMethod);
$szCalculatedHashDigest = PaymentFormHelper::calculateHashDigest($szStringToHash, $szPreSharedKey, $szHashMethod);
// does the calculated hash match the one that was passed?
if (strToUpper($szHashDigest) != strToUpper($szCalculatedHashDigest)) {
$boErrorOccurred = true;
$szValidateErrorMessage = "Hash digests don't match - possible variable tampering";
} else {
// use the cross reference and/or the order ID to pull the
// transaction results out of storage
if (!PaymentFormHelper::getTransactionResultFromPaymentFormHandler($szPaymentFormResultHandlerURL, $szMerchantID, $szPassword, $szCrossReference, $trTransactionResult, $szOutputMessage)) {
$szValidateErrorMessage = "Error querying transaction result [" . $szCrossReference . "] from [" . $szPaymentFormResultHandlerURL . "]: " . $szOutputMessage;
$boErrorOccurred = true;
} else {
$boErrorOccurred = false;
}
}
}
return !$boErrorOccurred;
}
function m_CardSave_Hosted($orderId)
{
require_once SITE_PATH . "modules/ecom/classes/main/PaymentFormHelper.php";
$MerchantID = CSr_MERCHANT_ID;
$Password = CSr_MERCHANT_PASS;
$PaymentProcessorDomain = CSr_DOMAIN;
$HashMethod = "MD5";
$PreSharedKey = CSr_KEY;
$ResultDeliveryMethod = "SERVER";
$FormAction = "https://mms." . $PaymentProcessorDomain . "/Pages/PublicPages/PaymentForm.aspx";
// the amount in *minor* currency (i.e. £10.00 passed as "1000")
$szAmount = strval(100 * floatval($_SESSION['grandTotal']));
// the currency - ISO 4217 3-digit numeric (e.g. GBP = 826)
$szCurrencyCode = strval(CSr_CURRENCY);
// order ID
$szOrderID = strval($orderId);
// the transaction type - can be SALE or PREAUTH
$szTransactionType = "SALE";
$szTransactionDateTime = date('Y-m-d H:i:s P');
$szOrderDescription = "Order From " . SITE_URL . " - Invoice Number:" . $orderId;
// these variables allow the payment form to be "seeded" with initial values
$szCustomerName = $_SESSION['first_name'] . " " . $_SESSION['last_name'];
$szAddress1 = $_SESSION['address1'];
$szAddress2 = $_SESSION['address2'];
$szAddress3 = "";
$szAddress4 = "";
$szCity = $_SESSION['city'];
$this->obDb->query = "SELECT vStateName FROM " . STATES . " where iStateId_PK = '" . $_SESSION['bill_state_id'] . "'";
$row_state = $this->obDb->fetchQuery();
$szState = $row_state[0]->vStateName;
$szPostCode = $_SESSION['zip'];
$this->obDb->query = "SELECT vCountryCode FROM " . COUNTRY . " where iCountryId_PK = '" . $_SESSION['bill_country_id'] . "'";
$row_country = $this->obDb->fetchQuery();
$szCountryCode = $row_country[0]->vCountryCode;
// use these to control which fields on the hosted payment form are
// mandatory
$szCV2Mandatory = PaymentFormHelper::boolToString(CSr_CV2_MANDATORY);
$szAddress1Mandatory = PaymentFormHelper::boolToString(true);
$szCityMandatory = PaymentFormHelper::boolToString(true);
$szPostCodeMandatory = PaymentFormHelper::boolToString(true);
$szStateMandatory = PaymentFormHelper::boolToString(true);
$szCountryMandatory = PaymentFormHelper::boolToString(true);
// the URL on this system that the payment form will push the results to (only applicable for
// ResultDeliveryMethod = "SERVER")
if ($ResultDeliveryMethod != "SERVER") {
$szServerResultURL = "";
} else {
$szServerResultURL = SITE_SAFEURL . "ecom/index.php?action=checkout.cshcb";
}
// set this to true if you want the hosted payment form to display the transaction result
// to the customer (only applicable for ResultDeliveryMethod = "SERVER")
if ($ResultDeliveryMethod != "SERVER") {
$szPaymentFormDisplaysResult = "";
} else {
$szPaymentFormDisplaysResult = PaymentFormHelper::boolToString(CSr_RESULTS_DISPLAY);
}
// the callback URL on this site that will display the transaction result to the customer
// (always required unless ResultDeliveryMethod = "SERVER" and PaymentFormDisplaysResult = "true")
if ($ResultDeliveryMethod == "SERVER" && PaymentFormHelper::stringToBool($szPaymentFormDisplaysResult) == false) {
$szCallbackURL = SITE_SAFEURL . "ecom/index.php?action=checkout.cshcb2";
} else {
$szCallbackURL = SITE_SAFEURL . "ecom/index.php?action=checkout.cshcb2";
}
// get the string to be hashed
$szStringToHash = PaymentFormHelper::generateStringToHash($MerchantID, $Password, $szAmount, $szCurrencyCode, $szOrderID, $szTransactionType, $szTransactionDateTime, $szCallbackURL, $szOrderDescription, $szCustomerName, $szAddress1, $szAddress2, $szAddress3, $szAddress4, $szCity, $szState, $szPostCode, $szCountryCode, $szCV2Mandatory, $szAddress1Mandatory, $szCityMandatory, $szPostCodeMandatory, $szStateMandatory, $szCountryMandatory, $ResultDeliveryMethod, $szServerResultURL, $szPaymentFormDisplaysResult, $PreSharedKey, $HashMethod);
// pass this string into the hash function to create the hash digest
$szHashDigest = PaymentFormHelper::calculateHashDigest($szStringToHash, $PreSharedKey, $HashMethod);
//$this->obTpl->set_var("TPL_VAR_BREDCRUMBS"," » Checkout");
//$this->obTpl->set_var("TPL_VAR_BODY",'
echo '<html><head><script language="JavaScript" type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.js"></script></head><body>
<p>Please wait while your are transferred to CardSave to complete your payment.</p>
<form id="psrsubmit" action="' . $FormAction . '" method="post">
<input type="hidden" name="HashDigest" value="' . $szHashDigest . '" />
<input type="hidden" name="MerchantID" value="' . $MerchantID . '" />
<input type="hidden" name="Amount" value="' . $szAmount . '" />
<input type="hidden" name="CurrencyCode" value="' . $szCurrencyCode . '" />
<input type="hidden" name="OrderID" value="' . $szOrderID . '" />
<input type="hidden" name="TransactionType" value="' . $szTransactionType . '" />
<input type="hidden" name="TransactionDateTime" value="' . $szTransactionDateTime . '" />
<input type="hidden" name="CallbackURL" value="' . $szCallbackURL . '" />
<input type="hidden" name="OrderDescription" value="' . $szOrderDescription . '" />
<input type="hidden" name="CustomerName" value="' . $szCustomerName . '" />
<input type="hidden" name="Address1" value="' . $szAddress1 . '" />
<input type="hidden" name="Address2" value="' . $szAddress2 . '" />
<input type="hidden" name="Address3" value="' . $szAddress3 . '" />
<input type="hidden" name="Address4" value="' . $szAddress4 . '" />
<input type="hidden" name="City" value="' . $szCity . '" />
<input type="hidden" name="State" value="' . $szState . '" />
<input type="hidden" name="PostCode" value="' . $szPostCode . '" />
<input type="hidden" name="CountryCode" value="' . $szCountryCode . '" />
<input type="hidden" name="CV2Mandatory" value="' . $szCV2Mandatory . '" />
<input type="hidden" name="Address1Mandatory" value="' . $szAddress1Mandatory . '" />
<input type="hidden" name="CityMandatory" value="' . $szCityMandatory . '" />
<input type="hidden" name="PostCodeMandatory" value="' . $szPostCodeMandatory . '" />
<input type="hidden" name="StateMandatory" value="' . $szStateMandatory . '" />
<input type="hidden" name="CountryMandatory" value="' . $szCountryMandatory . '" />
<input type="hidden" name="ResultDeliveryMethod" value="' . $ResultDeliveryMethod . '" />
<input type="hidden" name="ServerResultURL" value="' . $szServerResultURL . '" />
<input type="hidden" name="PaymentFormDisplaysResult" value="' . $szPaymentFormDisplaysResult . '" />
<input type="hidden" name="ServerResultURLCookieVariables" value="" />
<input type="hidden" name="ServerResultURLFormVariables" value="" />
<input type="hidden" name="ServerResultURLQueryStringVariables" value="" />
</form>
<script type="text/javascript">
jQuery(document).ready(function(){
jQuery("#psrsubmit").submit();
});
</script></body></html>';
}
