Showing posts with label hosted payment. Show all posts
Showing posts with label hosted payment. Show all posts

Sunday, July 16, 2017

PayWay Payment GateWay | Hosted Payment Page Setup | PayWay Hosted Payment | Hosted Payment

It's easy to integrate PayWay hosted payment system. First we need an account. If you have not any PayWay account yet, go to https://www.payway.com.au/core/LoginView and create an account first.

Now visit to https://www.payway.com.au/net/HostedPaymentPageSetupView and follow below screen:


Next step is to collect PayWay biller code:



Next step is to setup some notification configuration:



Below screen for notification panel, the marked url will be notified once a payment made via POST method:



I used "http://luckyorange.net/payway-hosted/callback.php?ThisPartWould0=&SecurityCheck=" as "Browser Return URL".

Where SecurityCheck field will be filled up when return to our working server.

Now from below page we will collect decryption key and security username and password. You have to add your server ip address here.



Now we will setup customer reference field as below:



Next we will setup minimum and maximum payment amount.



Next we will setup surcharge configuration:



And now finally we will do implementation.

First we will create a payment token and then redirect to PayWay payment page, below is a PHP script:


<?php
include_once "CurlExecutor.php";

$token_url = "https://www.payway.com.au/RequestToken";
$payment_url = "https://www.payway.com.au/MakePayment";
$redirect_uri = "http://luckyorange.net/payway-hosted/callback.php?ThisPartWould0=&SecurityCheck=";

define("BILLER_CODE", "10...6");
define("USERNAME", "T1...");
define("PASSWORD", "N........");

$post_data = "biller_code=" . BILLER_CODE;
$post_data = $post_data . "&username=" . USERNAME;
$post_data = $post_data . "&password=" . PASSWORD;

/* CUSTOMER INFORMATION */
$post_data = $post_data . "&information_fields=Name,InvoiceNO,Address";
$post_data = $post_data . "&Name=" . urlencode("Pritom Kumar");
$post_data = $post_data . "&InvoiceNO=" . strtoupper(substr(md5(time()), 0, 10));
$post_data = $post_data . "&Address=" . urlencode("Some Address");

/* HIDDEN FIELDS */
$post_data = $post_data . "&hidden_fields=SecurityCheck";
$post_data = $post_data . "&SecurityCheck=" . urlencode("SECURE TEXT");

/* PRODUCT DETAILS */
$post_data = $post_data . "&Shampoo=1,0.10";
$post_data = $post_data . "&Soap=2,0.20";

/* REQUEST HEADERS */
$headers[] = "Content-type: application/x-www-form-urlencoded";

$response = CurlExecutor::execute($token_url, "POST", $post_data, null, $headers);
if ($response["code"] == 200) {
    $token = substr($response["response"], 6);
    header("Refresh:0; url=$payment_url?biller_code=" . BILLER_CODE . "&token=" . $token);
}
CurlExecutor::prettyPrint($response);


Which will redirect to PayWay payment page as below screenshot:



After successful payment PayWay will make a redirection to our server (redirect url we provided) as below format:

http://luckyorange.net/payway-hosted/callback.php?EncryptedParameters=...&Signature=...

We will decrypt "EncryptedParameters" using AES 128 algorithm with PKCS7 padding. Key is "Encryption Key" on "Security Information" page.


<?php
function decrypt($key, $to_decrypt)
{
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
    $iv = substr($to_decrypt, 0, $iv_size);
    $to_decrypt = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, substr($to_decrypt, $iv_size), MCRYPT_MODE_CBC, $iv);
    $pad = ord($to_decrypt[strlen($to_decrypt) - 1]);
    return substr($to_decrypt, 0, -$pad);
}

$key = base64_decode("NI+YM.............ojAIQ==");
$params = decrypt($key, base64_decode($_GET["EncryptedParameters"]));
echo "<pre>";
print_r(explode("&", $params));
echo "</pre>";

And would be like below:


Array
(
    [0] => SecurityCheck=SECURE+TEXT
    [1] => payment_reference=E4DF550696
    [2] => payment_amount=0.50
    [3] => payment_date=20170717
    [4] => payment_time=17+Jul+2017+01%3A33%3A53
    [5] => payment_number=1979758473
    [6] => bank_reference=1979758473
    [7] => remote_ip=103.59.179.132
    [8] => card_type=VISA
    [9] => response_code=08
    [10] => summary_code=0
    [11] => response_text=Honour+with+identification
    [12] => payment_status=approved
)


And the payment in PayWay below screenshot:



So it's all now. Pure implementation. Step by step description. Simple coding. At last you can download PayWay hosted payment documentation from link next PayWay Hosted Payment Guide.

Monday, September 2, 2013

PayPal IPN/Hosted payment with PHP

Create a PayPal Sandbox Account

If you have not done so already, you should have a PayPal Sandbox account setup with two test accounts, one as a test buyer and one as a test seller. The sandbox allows you to test transactions and IPN processing without having to perform live transactions. Follow the instructions in the Sandbox User Guide to setup your accounts or view IPN Guid. 

Creating a Business test account:

The Sandbox automatically creates your first Business test account when you sign-up for a Developer account on developer.paypal.com. PayPal generates the test Business account name by appending -facilitator to your email name, and the account is assigned a set of Classic test API credentials that you can use to create mock PayPal transactions in the Sandbox.
To test Classic API calls, use test Business account values along with values from a Personal test account that you create (as described in Creating a Personal test account).
Some PayPal calls involve more than a single buyer and seller pair. In the testing phase, you need to create all the test accounts needed to fulfill the user entities that partake in your PayPal transactions. For example, parallel payment calls and Adaptive calls each require two different Business accounts, but for different reasons. In these cases, you need to create additional Business test accounts to play the roles of the entities in your transactions.
For more information on the different test account roles, see Planning your Test Accounts.

Accepting credit cards in test transactions


To use a credit card as a payment method in your test transactions, you must configure a test Business account as a PayPal Payments Pro account:
  1. Create a test Business account.
  2. Navigate to the Profile page of the Business account and click the Upgrade to Pro link.
  3. Click Enable on the resulting screen.
Tip  Once you enable PayPal Payments Pro for a test Business account, the setting is permanent and you cannot undo the configuration for that account. We recommend you create multiple Business test accounts with various settings in order to test all the variations you might need to handle with your application.

Getting your API test credentials


All PayPal API requests require API credentials to verify the call is being made through a valid PayPal account. Calls to the Sandbox environment are no different, but they require that you use the test credentials assigned to one of your Sandbox Business accounts. For details on the credentials you need for a specific API call, refer to the API Reference for the PayPal operation(s) you’re using.
The Sandbox assigns each Business account a set of Classic API test credentials. Get your test credentials by navigating to the Profile > API credentials tab of the Business account you want to use in your request:














Create a html file to show form as follows:

<!-- LIVE URL=https://www.paypal.com/cgi-bin/webscr -->
<!-- TEST URL=https://www.sandbox.paypal.com/cgi-bin/webscr -->
<form method="post" action="https://www.sandbox.paypal.com/cgi-bin/webscr">
<input type="hidden" name="cmd" value="_xclick"/>
<input type="hidden" name="business" value="pritomkucse@gmail.com"/>
<input type="hidden" name="currency_code" value="USD"/>
<input type="hidden" name="item_name" value="Payment for Order100"/>
<input type="hidden" name="item_number" value="100"/>
<input type="hidden" name="amount" value="100.00"/>
<input type="hidden" name="zip" value="2102"/>
<input type="hidden" name="return" value="http://domain.com/return.php"/>
<input type="hidden" name="notify_url" value="http://domain.com/process.php"/>
<input type="submit" value="Pay"/>
</form>

Now create process.php as follows:
 

$TEST_MODE = true;

// STEP 1: read POST data
$myPost = array();
foreach ($_POST as $key => $val) {
  $myPost[$key] = $val;
}
if(count($myPost) > 0) {
    // read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
    $req = 'cmd=_notify-validate';
    if(function_exists('get_magic_quotes_gpc')) {
        $get_magic_quotes_exists = true;
    } 
    foreach ($myPost as $key => $value) {        
        if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) { 
            $value = urlencode(stripslashes($value)); 
        } else {
            $value = urlencode($value);
        }
        $req .= "&$key=$value";
    }
    // Step 2: POST IPN data back to PayPal to validate
    $ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
    curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
    /* Un-comment the following line when using in live mode */
    //curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
    /* Comment the following line when using in live mode */
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
    if( !($res = curl_exec($ch)) ) {
        echo ("Got " . curl_error($ch) . " when processing IPN data");
        curl_close($ch);
        exit;
    }
    curl_close($ch);
    // inspect IPN validation result and act accordingly
    if (strcmp ($res, "VERIFIED") == 0 || $TEST_MODE) {
        // The IPN is verified, process it:
        // check whether the payment_status is Completed
        // check that txn_id has not been previously processed
        // check that receiver_email is your Primary PayPal email
        // check that payment_amount/payment_currency are correct
        // process the notification
        // IPN message values depend upon the type of notification sent.
        // To loop through the &_POST array and print the NV pairs to the screen:
        foreach($_POST as $key => $value) {
          echo $key." = ". $value."<br>";
        }
    } else if (strcmp ($res, "INVALID") == 0) {
        // IPN invalid, log for manual investigation
        echo "The response from IPN was: <b>" .$res ."</b>";
    }
    return;
}

Output will be something like this if verified or use test mode


mc_gross = 100.00
protection_eligibility = Eligible
address_status = confirmed
payer_id = 2WA3LGLDXB2KQ
tax = 0.00
address_street = 1 Main St
payment_date = 06:19:41 Mar 31, 2014 PDT
payment_status = Completed
charset = windows-1252
address_zip = 95131
first_name = pritomkucse
mc_fee = 3.20
address_country_code = US
address_name = pritomkucse pritomkucse
notify_version = 3.7
custom = 
payer_status = verified
business = pritomkucse@gmail.com
address_country = United States
address_city = San Jose
quantity = 1
payer_email = pritomkucse200@gmail.com
verify_sign = AFcWxV21C7fd0v3bYYYRCpSSRl31AR242OK8FeXkiwjD5hZ5C9sCiKea
txn_id = 9W334245KE956841G
payment_type = instant
last_name = pritomkucse
address_state = CA
receiver_email = pritomkucse@gmail.com
payment_fee = 3.20
receiver_id = GMMFRVHKPYGGG
txn_type = web_accept
item_name = Payment for Order100
mc_currency = USD
item_number = 100
residence_country = US
test_ipn = 1
handling_amount = 0.00
transaction_subject = 
payment_gross = 100.00
shipping = 0.00
auth = Adp..e2JobuposYLNuFxaf24yXSCLj65T4NRjjTYGlW4NwGsFhhT6buQBNhlJyh1RDz6rCb-zHxuG-eEiDlR8Og