/    Sign up×
Community /Pin to ProfileBookmark

PHP Form, XML response

Copy linkTweet thisAlerts:
Sep 18.2012

Hi there. I’m trying to integrate with a payment gateway API, and as I’m fairly new to PHP, I’m having some trouble to proceed.

Basically, I have a form that goes to a specific URL (submitting URL). From the documentation: “Request information is submitted to payment platform with HttpsClient , and submitting mode is POST.”

There is the customer-registration.php file, which requires the functions.php file that contains the information to md5-encrypt a string composed of several variables from the form. There is also a notify-url.php file which is the redirection page after registering a user.

Some variables are passed to the submitting URL on the payment server, but the XML response I get from there displays empty nodes for 3 variables that I should read back in order to complete the process (dateRegister, registerId and activationURL)

[b]XML Response[/b] from the payment server:

[code]<response>
<operation>90</operation>
<resultCode>0</resultCode>
<merNo>10157</merNo>
<email>[email protected]</email>
<cardNumber>4111111111111111</cardNumber>
<dateRegister/>
<registerId/>
<activationURL/>
<remark>Invalid MD5Info</remark>
<md5Info>FC0BB07DA01C551296054FBF167824B1</md5Info>
</response>[/code]

The [b]customer-registration.php[/b] file looks like this:

[code=php]
<html>
<head>
<title>Customer Registration</title>

<?
require(“functions.php”);

//START SET VARIABLES
$merNo=”10157″;
$dateRequest=”20120918073500″;//AUTOMATE THIS!
$language=”ENG”;
$notifyURL=”http://www.mydomain.com/notify-url.php”;
//END SET VARIABLES

//START FORM FORCED VARIABLES
$email=”[email protected]”;
$cardNumber=”4111111111111111″;
$firstName=”John”;
$lastName=”Smith”;
$phone=”9535658659″;
$zipCode=”98656″;
$address=”123 North Ave.”;
$city=”Geekytown”;
$state=”AZ”;
$country=”US”;
//END FORM FORCED VARIABLES

$md5Key=”44q9dn7WCUrLHgi8bPsdiBIlLi6WaHI0″; //MD5 key
$md5Info=MD5Encrypt($merNo,$email,$cardNumber,$dateRequest,$md5Key);
$crrurl=”https://paymentdomain.com/xcp/register.jsp”; //Request submitting URL
?>

</head>

<body>

<form method=”post” action=”<?php echo $crrurl; ?>”>

<input type=hidden name=”merNo” value=”<?php echo $merNo; ?>”>
<input type=hidden name=”dateRequest” value=”<?php echo $dateRequest; ?>”>
<input type=hidden name=”language” value=”<?php echo $language; ?>”>
<input type=hidden name=”notifyURL” value=”<?php echo $notifyURL; ?>”>
<input type=hidden name=”md5Info” value=”<?php echo $md5Info; ?>”>

<!–START HIDDEN FORCED VARIABLES–>
<input type=hidden name=”email” value=”<?php echo $email; ?>”>
<input type=hidden name=”cardNumber” value=”<?php echo $cardNumber; ?>”>
<input type=hidden name=”firstName” value=”<?php echo $firstName; ?>”>
<input type=hidden name=”lastName” value=”<?php echo $lastName; ?>”>
<input type=hidden name=”phone” value=”<?php echo $phone; ?>”>
<input type=hidden name=”zipCode” value=”<?php echo $zipCode; ?>”>
<input type=hidden name=”address” value=”<?php echo $address; ?>”>
<input type=hidden name=”city” value=”<?php echo $city; ?>”>
<input type=hidden name=”state” value=”<?php echo $state; ?>”>
<input type=hidden name=”country” value=”<?php echo $country; ?>”>
<!–END HIDDEN FORCED VARIABLES–>

<INPUT TYPE=”submit” value=”submit”>

</form>

</body>
</html>
[/code]

Right now, I’m passing the pre-declared variables as hidden text inputs (later I’ll change that so it’s an actual user input form)

The [b]functions.php[/b] file looks like this:

[code=php]<?php
$merNo = $_POST[“merNo”];
$email = $_POST[“email”];
$cardNumber = $_POST[“cardNumber”];
$dateRequest = $_POST[“dateRequest”];
$md5Key=”44q9dn7WCUrLHgi8bPsdiBIlLi6WaHI0″; //MD5 key

function MD5Encrypt($merNo,$email,$cardNumber,$dateRequest,$md5Key)
{
$str = “$merNo|$email|$cardNumber|$dateRequest|$md5Key”;
$encryptedMD5 = md5($str);
return $encryptedMD5;
}

$completeurl = “https://paymentdomain.com/xcp/register.jsp”;
$xml = simplexml_load_file($completeurl);

$operation = $xml->operation;
$resultCode = $xml->resultCode;
$merNo = $xml->merNo;
$email = $xml->email;
$cardNumber = $xml->cardNumber;
$dateRegister = $xml->dateRegister;
$registerId = $xml->registerId;
$activationURL = $xml->activationURL;
$remark = $xml->remark;
$md5Info = $xml->md5Info;

function verifyMD5($resultCode,$merNo,$email,$cardNumber,$registerId,$dateRegister,$activationURL,$md5Key, $md5Info)
{
$str = “$resultCode|$merNo|$email|$cardNumber|$registerId|$dateRegister|$activationURL|$md5Key”;
$encryptedMD5 = md5($str);
//echo $str.”<BR>”;
//echo “Generated CheckSum: “.$encryptedMD5.”<BR>”;
//echo “Received Checksum: “.$md5Info.”<BR>”;
if($encryptedMD5 == $md5Info)
return “true” ;
else
return “false” ;
}
?>[/code]

I’m not sure if I’m retrieving the XML response correctly. As per the API docs: “Response information is returned to client’s platform as XML.”

And lastly, the [b]notify-url.php[/b] file looks like this:

[code=php]<html>
<head>
<title>Notify URL</title>
</head>
<body>

<?php
require(“functions.php”);

$md5Key = “44q9dn7WCUrLHgi8bPsdiBIlLi6WaHI0” ; //put in the 32 bit alphanumeric key in the quotes provided here

$retval = verifyMD5 ($resultCode,$merNo,$email,$cardNumber,$registerId,$dateRegister,$activationURL,$md5Key);

if($retval == “true” && $resultCode == “1”)
{
echo “Thank you for shopping with us. Your credit card has been charged and your transaction is successful. We will be shipping your order to you soon.”;

//Here you need to put in the routines for a successful
//transaction such as sending an email to customer,
//setting database status, informing logistics etc etc

}
else if($retval == “true” && $resultCode == “0”)
{
echo “Thank you for shopping with us. However it seems your credit card transaction failed.”;

//Here you need to put in the routines for a failed
//transaction such as sending an email to customer
//setting database status etc etc

}
else if($retval == “true” && $resultCode == “2”)
{
echo “Account was registered before, only Card Information has been added”;

//Here you need to put in, the routines for a HIGH RISK
//transaction such as sending an email to customer and explaining him a procedure,
//setting database status etc etc

}
else
{
echo “Security Error. Illegal access detected”;

//Here you need to simply ignore this and dont need
//to perform any operation in this condition

}
?>
</body>
</html>[/code]

So, basically I would like to see if the logic is right at this point and then figure out why does the response from the payment server is not complete. As stated there: “Invalid MD5Info”

Thank you very much for any assistance, it would be greatly appreciated!

to post a comment
PHP

0Be the first to comment 😎

×

Success!

Help @marianocr spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.2,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...