PHP Hosted SecureCards

Settings file (worldnet_account.inc):

worldnet_account.inc
<?php
 
# These values are used to identify and validate the account that you are using. They are mandatory.
$gateway = '';			# This is the Worldnet payments gateway that you should use, assigned to the site by Worldnet.
$terminalId = '';		# This is the Terminal ID assigned to the site by Worldnet.
$currency = '';			# This is the 3 digit ISO currency code for the above Terminal ID.
$secret = '';			# This shared secret is used when generating the hash validation strings. 
						# It must be set exactly as it is in the Worldnet Selfcare system.
$testAccount = true;
 
# These are used only in the case where the response hash is incorrect, which should
# never happen in the live environment unless someone is attempting fraud.
$adminEmail = '';
$adminPhone = '';
 
?>


SecureCard redirect (worldnet_securetokens.php):

worldnet_securetokens.php
<?php
 
# This is the file that contains the account settings for Gateway.
require('worldnet_account.inc');
 
# This is a helper file for integrating to the Gateway HPP in PHP.
require('worldnet_securetokens_functions.inc');
 
$secureCardAction = '';			# "register" or "update".
$secureCardMerchantRef = '';	# Unique Merchant Reference for this card. Length is limited to 48 chars.
$dateTime = requestDateTime();
 
# Verification string
$requestHash = secureCardRequestHash($secureCardMerchantRef, $dateTime, $secureCardAction);
 
# Request URL for the gateway
$requestURL = $gateway."/merchant/securecardpage";
 
# Write the HTML of the submission form
echo "<html><body><form id='gatewaysecuretokensform' action='" . $requestURL . "' method='post'>\n";
writeHiddenField("ACTION", $secureCardAction);
writeHiddenField("TERMINALID", $terminalId);
writeHiddenField("MERCHANTREF", $secureCardMerchantRef);
writeHiddenField("DATETIME", $dateTime);
writeHiddenField("HASH", $requestHash);
 
# Write the JavaScript that will submit the form to Gateway.
echo '</form>Submitting SecureCard request to Gateway...<script language="JavaScript">document.getElementById("gatewaysecuretokensform").submit();</script></body></html>';
 
?>


Secure Tokens URL (worldnet_securetokens_response.php) (URL for this page is setup as “Secure Tokens URL” through Terminal Setup in the Selfcare ):

worldnet_securetokens_response.php
<?php
 
# This is the file that contains the account settings for Gateway.
require('worldnet_account.inc');
 
# This is a helper file for integrating to the Gateway HPP in PHP.
require('worldnet_securetokens_functions.inc');
 
if($_REQUEST["RESPONSECODE"] != "A") echo 'AN ERROR OCCURED! Your SecureCard request failed. Error message: ' . $_REQUEST["RESPONSETEXT"];
 
if(secureCardResponseHashIsValid($_REQUEST["RESPONSECODE"], $_REQUEST["RESPONSETEXT"], $_REQUEST["MERCHANTREF"], $_REQUEST["CARDREFERENCE"], $_REQUEST["DATETIME"], $_REQUEST["HASH"])) {
	switch($_REQUEST["RESPONSECODE"]) {
		case "A" :	# SecureCard registration suceeded. You should store the following details against the user account:
				$secureCardMerchantRef = $_REQUEST["MERCHANTREF"];
				$secureCardCardRef = $_REQUEST["CARDREFERENCE"];
				$secureCardCardType = $_REQUEST["CARDTYPE"];
				$secureCardMaskedCardNumber = $_REQUEST["MASKEDCARDNUMBER"];
				$secureCardCardCardExpiry = $_REQUEST["CARDEXPIRY"];
				echo "Success! Card Type: " . $secureCardCardType . ", Masked Card number: " . $secureCardMaskedCardNumber . ", expires (MMYY): " . $secureCardCardCardExpiry;
				break;
		default  :	# SecureCard registration failed.
				echo 'SECURECARD REGISTRATION FAILED! Error Code: ' . $_REQUEST["RESPONSECODE"] . ', Response text: ' . $_REQUEST["RESPONSETEXT"] . '.';
	}
} else {
	echo 'SECURECARD REGISTRATION FAILED: INVALID RESPONSE HASH. Please contact ' . $adminEmail . ' or call ' . $adminPhone . ' to inform them of this error.';
	if(isset($_REQUEST["ORDERID"])) echo 'Please quote Gateway Terminal ID: ' . $terminalId . ', and SecureCard Merchant Reference: ' . $_REQUEST["MERCHANTREF"] . ' when mailling or calling.';
}
 
?>


Helper file (worldnet_securetokens_functions.inc):

worldnet_securetokens_functions.inc
<?php
 
# This simply reduces the PHP code required to build the form.
function writeHiddenField($fieldName, $fieldValue) {
	echo "<input type='hidden' name='" . $fieldName . "' value='" . $fieldValue . "' />";
}
 
# This generates a DATETIME value in the correct format expected in the request.
function requestDateTime() {
	return date('d-m-Y:H:i:s:000');
}
 
# This is used to generate the Authorisation Request Hash.
function secureCardRequestHash($secureCardMerchantRef, $dateTime, $secureCardAction) {
	global $terminalId, $secret;
	return md5($terminalId . $secureCardMerchantRef . $dateTime . $secureCardAction . $secret);
}
 
# This function is used to validate that the MPI Response Hash from the server is correct.
#     If secureCardResponseHashIsValid(...) != $_REQUEST["HASH"] then an error should be shown and the SecureCard registration should fail.
function secureCardResponseHashIsValid($responseCode, $responseText, $secureCardMerchantRef, $secureCardCardRef, $dateTime, $responseHash) {
	global $terminalId, $secret;
	return (md5($terminalId . $responseCode . $responseText . $secureCardMerchantRef . $secureCardCardRef . $dateTime . $secret)==$responseHash);
}
 
?>