CODEWITHSUNDEEP
phpmastercard
AS17
AS17

Reputation: 79

PHP mastercard integration using the 2-Party integration model

i am working on a MIGS integration with php using the 2-Party integration model..i have gone through some good pdf's downloaded online and except from giving a sketch on how the integration is to be done, none explains the integration in terms of code thereby making it quite difficult for beginner developers to follow or understand..

here is my form that collects credit card details from a customer and also additional billing information:

<form action="" method="post">

<table>
<tr>
<td>Cardholder's First Name:</td>
<td><input type="text" name="First_Name"></td>
</tr><tr>
<td>Cardholder's Last Name:</td>
<td><input type="text" name="Last_Name"></td>
</tr><tr>
<td>Credit Card Number:</td>
<td><input type="text" name="Card_Num"></td>
</tr><tr>
<td colspan="2" align="center">
<small>Please enter the expiration date as follows:
two digits of month and two digits of year.
For instance, January 2008 has to be entered as 0108:</small></td>
</tr><tr>
<td>Exp. date (mmyy):</td>
<td><input type="text" name="Exp_Date" maxlength="4"></td>
</tr><tr>
<td colspan="2" align="center">
<small>The Card Verification Code (Card ID or CVV2)
is required for American Express,Visa and MasterCard.
Please enter: for American Express - 4 digits on front of card;
for Visa and Mastercard - last 3 digits on back of card:</small>
</td>
</tr><tr>
<td>Card Number:</td>
<td><input type="text" name="Card_Code"></td>
</tr><tr>
<td colspan="2" align="center"><small>
Please enter the address at which the credit card bills are received:
</small></td>
</tr><tr>
<td>Street Address:</td>
<td><input type="text" name="Address"></td>
</tr><tr>
<td>City:</td>
<td><input type="text" name="City"></td>
</tr><tr>
<td>State/Province:</td>
<td><input type="text" name="State"></td>
</tr><tr>
<td>Zip/Postal Code:</td>
<td><input type="text" name="Zip"></td>
</tr><tr>
<td>Country:</td>
<td><input type="text" name="Country"></td>
</tr><tr>
<td colspan="2" align="center">
<input type="submit" value="Submit payment">
</td>
</tr>
</table>
</form>

and here is the php integration code:

$accessCode    =  "";//value from migs payment gateway
$merchantId    =  "";//value from migs payment gateway
$amount = 1000;
$unique_id = rand(999999,8988888888);//this is a sample random no
$order = rand(10,100);

$testarr = array(
"vpc_Amount" => $amount*100,//Final price should be multifly by 100
"vpc_Currency" => 'KES',
"vpc_AccessCode" => $accessCode,//Put your access code here
"vpc_Command"=> "pay",
"vpc_Locale"=> "en",
"vpc_MerchTxnRef"=> $unique_id , //This should be something unique number, i have used the session id for this
"vpc_Merchant"=> $merchantId,//Add your merchant number here
"vpc_OrderInfo"=> $order,//this also better to be a unique number
"vpc_ReturnURL"=> "http:/mydomain/mastercard/success.php",
"vpc_Version"=> "1");

ksort($testarr);

$SECURE_SECRET =  ""; //value from migs payment gateway

$securehash = $SECURE_SECRET;
$url = "";
foreach ($testarr as $key => $value)
{
$securehash .= $value;
$url .= $key."=".urlencode($value)."&";
}

$securehash = md5($securehash);//Encoding
$url .= "vpc_SecureHash=".$securehash;

header("location:https://migs.mastercard.com.au/vpcpay?$url");

i then do a dump on my return url var_dump($_GET); which returns the following :

mydomain/mastercard/success.php?vpc_Amount=100000&vpc_BatchNo=0&vpc_Command=pay&vpc_Locale=en&vpc_MerchTxnRef=5204024700&vpc_Merchant=$merchantId&vpc_Message=Merchant+[$merchantId]+does+not+exist&vpc_OrderInfo=97&vpc_TransactionNo=0&vpc_TxnResponseCode=7&vpc_Version=1

it returns a message saying the merchant doesn't exist..that's one of the issues i have.

so to put my questions numbered:

  1. which url do i put as my 'action' in the form where after a user enter their details, their details are processed by the payment server and how do i integrate the form with the payment server?

  2. why do i receive a 'merchant doesn't exist' response?

Upvotes: 2

Views: 5704

Answers (1)

Sam Dufel
Sam Dufel

Reputation: 17598

There a few things you need to change here:

Generating the transaction / order IDs

These number don't need to be random, but they should be unique. If you're using a mysql database to store orders, the easiest solution is to use the DB's autoincrement fields to generate the order and transaction IDs.

  • insert the order record to the database with a status of "pending" (in an orders table)
  • make note of the inserted ID
  • insert the transaction record to the database (in a transactions table) with a status of "pending"
  • make note of the inserted transaction ID

Then, use the order and transaction IDs for the rows you've just inserted for the request. Session IDs are not unique - they do repeat. Also, a random number between 10-100 is going to repeat very frequently.

Sending the payment information

You currently aren't sending the credit card info to the payment gateway - you'll need to include the credit card information in the data you're sending.

$testarr['vpc_CardNum'] = $_POST['Card_Num'];
$testarr['vpc_CardExp'] $_POST['Card_Exp'];

Transmitting the data:

The 2-party integration doesn't involve the client's browser - you're currently redirecting them to the MIGS site, which is incorrect for this integration method.

Instead, you'll want to use curl to transmit the data directly to the payment gateway.

$ch = curl_init("https://migs.mastercard.com.au/vpcpay");
curl_setopt_array($ch, array(
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => $testarr,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HEADER => false
));

$response = curl_exec($ch);
// process response here

With the 2-party authentication, the action of your payment form should point to your PHP script that you're using to send the payment information to the MIGS server.

You were most likely getting a "merchant not found" error because you were attempting to send the payment request via GET instead of POST.

Upvotes: 1

Related Questions