Hey all.
This is the problem and I’ll try to be as clear as possible. I am trying to incorporate a credit card acceptor/merchant account into a client’s website but the “developer’s guide” they offer for instituting the mechanism is leaving me lacking in one respect.
I’ll be dealing with Virtual Merchant and I will have to pass certain variables, e.g. all known variables not input — username, password, acct #, etc. through the php form used to collect customer information and to perform the transaction.
I have been unsuccessful in finding a good reference for doing something like this (probably because I don’t know what to search for). The bank’s developer guide suggests writing these values into server side code to truly keep them hidden/secure, but I am very new to this.
Any help/info would be greatly appreciated!!
1. This one is more out of curiosity than anything...why is the form part of a subroutine? what is that accomplishing exactly?[/QUOTE]
2. The whole "posts to itself" thing is something I've never really understood. I see that it does and I'm guess the line "require_once('../includes/auth.php'); is what is finishing the routine.?[/QUOTE]
3. I see you use curl in the second script.. is this a requirement when dealing with https posts? What function is curl performing? And, an even more dumb question, is curl really something to download and have on the server as well (the website I found for it says "for download" but doesn't explain it very well)?Curl is a package that manages HTTP[s] connections. You'll also see that the script attempts to use the [I]http_post_data()[/I] function first.
[/QUOTE]
4. The authorize.net.php... is this your creation for it or was it the bank's recommendation for the form? Combo I'm assuming...[/QUOTE]
So authorize.net.php is doing most of the work. Is it actually posting to the bank's own script as well? Reason I ask is that I don't think I will have the bank's script, mine will just send the data to it (herein lies the problem with the login information).[/QUOTE]
So I'm thinking if I do something similar here it may work. I'd like your thoughts on this:
Create the payment form on it's own (only thing in first script). If you can explain this part to me...have it post to itself and do the include of the second form.
Then the second script set all the variables/whatnot that have to be posted to the bank's script and have the login info coded within their own variables in this second script.???[/QUOTE]
So it appears that the global $_SETTINGS; contains all the sensitive info? So that's not a bad idea, where do you define it though? i.e. I assume this is itself an array that contains any and all info, but where did you define it to keep it hidden?[/QUOTE]
0.1.9 — BETA 5.21