checkout confirm, result and thankyou pages

[jaguar]

Hi everyone,

I you browse the source files, you find that some payment methods have their own confirm and result pages. How can I configure VM to use my own? What is the required funtionality of those pages? In particular, what is the result page for?

thank you.

[Soeren]

When I implemented the danish payment modules I needed this unusual solution, because the danish payment providers have a worldwide-unique way of processing webpayments. The Store's websites for the credit card details form are fetched by the payment provider's server and presented in a secure environment on their server. Very curious.

The files have this meaning:

checkout.*_cc_form.php: Provides the CC Form for putting in all needed details plus hidden form values.

checkout.*_result.php: Receives the GET variables from the payment provider's server when the customer is redirected after payment. The result page checks if the transaction was successful or not - if yes, it updates the order status.

ciao, Soeren

[jaguar]

Thanks Soeren, its just what I needed to know. But still I have a few more questions.

I'm supposing that the checkout.*_cc_form.php is the page presented when the user must confirm the order. And that the checkout.*_result.php page is never seen by the user.

I also suppose that the asterisc is where my payment method name or code goes, but I can't see when they are used. I am not presented with a different confirmation page. Not even when I use Dankort / PBS or iKobo.

Am I missing something to make VM use my checkout and result pages?

My payment provider uses POST to send back the variables after payment. Is there a special reason why the result page uses GET?

[Soeren]

No,
it doesn't matter if GET or POST. The page can handle both. But to redirect the customer to that result page or cc_form page you must use the "return to" parameters posted to the payment gateway using the "page" variable in the URL:

Code Select Expand

index.php?option=com_virtuemart&page=checkout.XXX_result.php

ciao, Soeren

[jaguar]

I can't find where the checkout.confirm.php page is used. There is no occurance of it in checkout.index.php.

I thought it would be used in step CHECK_OUT_GET_FINAL_CONFIRMATION as an included page or something.

Pablo

[jaguar]

In the checkout.thankyou page there is a query that retrieves the Order & Payment Info. In the query you need the value of the user_id that comes out of an array called $auth.

Why do I need the user_id? isn't it sufficient to have the order_id for the query?

Pablo

[pacochin]

Hi Guys,

The payment gateway i am using in my part of the world is not supported by VM..So I will be the first one customizing it...If I am successful, I will post the payment module files here to help others.
But in the mean time I NEED HELP...i am no programmer...

I have spent until now about 50 hours...to figuring out how to customize the payment module for my payment gateway (Commerce Payment)...thanks to jaguar helping me to point me in to this thread....i am almost there...but i got this error about

Failure in Processing the Payment (MD5 Check Failure)

What i did
======
1. I created a payment module from scratch based on the little knowledge i have by copying one of the payment module which is "paypal related" and rename it to my own.
2. Done the ps_XX.php and ps_XX.cfg.php files accordingly. Works perfect.
3. Added a Payment Extra Info where I POST the information to my payment Gateway
4. The Return URL is pointed to my checkout.XX_result.php.
5. I have modified checkout.XX_result.php base on checkout.dandomain_result.php.
6. I get this error "Failure in Processing the Payment (MD5 Check Failure)"

Environment of testing
==============
I am using JSAS local development to test my script connecting to Commerce Payment using internet. Is it the reason

What's Next
========
If I am successfully seeing a Success Page, order_status updated...do I still need a notify.php file
I really want to get to the bottom of this....

Questions
======
I really like the workflow to have the Button to ask my customer to "Click HERE to COMPLETE ORDER in our SECURE PAYMENT SERVER"...currently i dont have this page...what can i do ?

Sorry to have so many questions.....thanks guys !

[jaguar]

I had the same problem while implementing a payment method. What I found out was that $submitted_hashbase and $mosConfig_secret were empty strings.

I posted a question about checking a valid session but got no reply. I really didn't look more into it and just removed all the code. Try the same thing so that you can go foward, and later you can improve your code.

You might find useful the payment method I did.

Pablo

[w_d_o_a]

sampipe has created a couple of payment modules for DPS processor in New Zealand, perhaps they would help

http://virtuemart.net/index.php?option=com_smf&Itemid=71&topic=15269.0

[pacochin]

Hi Pablo,

Thanks ! I got it working finally, but i have a security question below.

I directed my returnurl from my payment server to checkout.mypayment_result.php, below is the file

================checkout.mypayment_result.php==================


<?php
defined('_VALID_MOS') or die( "Direct access to this location is not allowed.");   

require_once(  CLASSPATH ."payment/ps_commercepayment2.cfg.php");

/**
    * Read post from Commerce Payment system and create reply
    * starting with: 'cmd=_notify-validate'...
    * then repeating all values sent: that's our VALIDATION.
    **/

    $workstring = 'cmd=_notify-validate'; // Notify validate
    $i = 1;
   
     foreach ($_POST as $ipnkey => $ipnval) {
        if (get_magic_quotes_gpc())
            // Fix issue with magic quotes
            $ipnval = stripslashes ($ipnval);
           
        if (!eregi("^[_0-9a-z-]{1,30}$",$ipnkey)  || !strcasecmp ($ipnkey, 'cmd'))  {
            // ^ Antidote to potential variable injection and poisoning
            unset ($ipnkey);
            unset ($ipnval);
        }
        // Eliminate the above
        // Remove empty keys (not values)
        if (@$ipnkey != '') {
          //unset ($_POST); // Destroy the original ipn post array, sniff...
          $workstring.='&'.@$ipnkey.'='.urlencode(@$ipnval);
        }
        $post_msg .= "key ".$i++.": $ipnkey, value: $ipnval<br />";
    } // Notify string
   
   
   $error_code = trim(stripslashes($_GET['ERR_CODE']));
   $error_desc = trim(stripslashes($_GET['ERR_DESC']));
   $merchant_trx_id = trim(stripslashes($_GET['MERCHANT_TRANID'])); /*Merchant's own assigned trx id' */
   $trx_id = trim(stripslashes($_GET['TRANSACTIONID'])); /* Commerce payment assigned trx id */
   $trx_date = trim(stripslashes($_GET['TRANDATE']));
   $trx_status = trim(stripslashes($_GET['TXN_STATUS']));
   $item_name = trim(stripslashes($_GET['DESCRIPTION']));
   $amount = trim(stripslashes($_GET['AMOUNT']));
   $remoteip = trim(stripslashes($_GET['REMOTEIP']));
/* Print out the result */
$html = "
<html>
<head>
<title>Direct Payment Solutions: Secure Payments Page PHP Results</title>
</head>
<body>
<h1>Commerce Payment Solutions: Secure Payments Page PHP Results</h1>
<p>$result</p>
<table>                       
<tr><th>Element</th>          <th>Value</th> </tr>
<tr><td>Error Code</td>          <td>$error_code</td></tr>
<tr><td>Error Desc</td>            <td>$error_desc</td></tr>
<tr><td>Merchant ID</td>   <td>$merchant_trx_id</td></tr>
<tr><td>Commerce Payment Transaction ID</td> <td>$trx_id</td></tr>
<tr><td>Transaction Date</td>         <td>$trx_date</td></tr>
<tr><td>Transaction Status</td>         <td>$trx_status</td></tr>
<tr><td>Description</td>         <td>$item_name</td></tr>
<tr><td>Amount</td>         <td>$amount</td></tr>
</table>
</body>
</html>";

echo $html;   
   
   

/*Next, once disecting the URL parameters, we check the status and decide what to do */   


$qv = "SELECT order_id, order_number FROM #__{vm}_orders ";
$qv .= "WHERE order_id='".$merchant_trx_id."' AND user_id='".$my->id."'";
$dbo = new ps_DB;
$dbo->query($qv);
if( $dbo->next_record() )
{
   // valid order.
   $d['order_id'] = $dbo->f("order_id");
       
   if( $trx_status=="A" && $error_code=="00" )
   {   echo "updating....";
       // order successful.
      // UPDATE THE ORDER STATUS to 'VALID'
      $d['order_status'] = COMMERCEPAYMENT2_VERIFIED_STATUS;
      // Setting this to "Y" = yes is required
      $d['notify_customer'] = "Y";
      $d['include_comment'] = "Y";
      // Notifying the customer about the transaction key and
      // the order Status Update
      $d['order_comment'] = "
         The Payment Transaction was approved by Commerce Payment. \n
         The Transaction has received the following Order Number:\n\n
         Order Number: ".urldecode($merchant_trx_id)."\n";
               
      require_once ( CLASSPATH . 'ps_order.php' );
      $ps_order= new ps_order;
      $ps_order->order_status_update($d);
              
       ?>
            <img src="<?php echo IMAGEURL ?>ps_image/button_ok.png" align="center" alt="Success" border="0" />
            <h2><?php echo $VM_LANG->_PHPSHOP_PAYMENT_TRANSACTION_SUCCESS ?></h2>
        <?php
   }
   elseif( $error_code!=="00" )
   {
      // the Payment wasn't successful. Maybe the Payment couldn't
      // be verified and is pending
      // UPDATE THE ORDER STATUS to 'INVALID'
      $d['order_status'] = COMMERCEPAYMENT2_INVALID_STATUS;
      // Setting this to "Y" = yes is required by Danish Law
      $d['notify_customer'] = "Y";
      $d['include_comment'] = "Y";
      // Notifying the customer about the transaction key and
      // the order Status Update
      $d['order_comment'] = "
         The Payment Transaction was not approved by Commerce Payment and therefore has not been completed.";
      require_once ( CLASSPATH . 'ps_order.php' );
      $ps_order= new ps_order;
      $ps_order->order_status_update($d);
           
      ?>
            <img src="<?php echo IMAGEURL ?>ps_image/button_cancel.png" align="center" alt="Failure" border="0" />
            <h2><?php echo $VM_LANG->_PHPSHOP_PAYMENT_ERROR ?></h2>
        <?php
         echo "Error: Transaction declined";
        ?>
           <br />
           <p><a href="<?php @$sess->purl( SECUREURL."index.php?option=com_virtuemart&page=account.order_details&order_id=$order_id" ) ?>">
              <?php echo $VM_LANG->_PHPSHOP_ORDER_LINK ?></a>
           </p>
        <?php
   }
   else
   {
      ?>
      <img src="<?php echo IMAGEURL ?>ps_image/button_cancel.png" align="center" alt="Failure" border="0" />
      <span class="message"><? echo $VM_LANG->_PHPSHOP_PAYMENT_ERROR ?></span>
      <?php
   }
}
else
{
   ?>
   <img src="<?php echo IMAGEURL ?>ps_image/button_cancel.png" align="center" alt="Failure" border="0" />
   <span class="message"><? echo $VM_LANG->_PHPSHOP_PAYMENT_ERROR ?> (Order not found)</span><?php
}
=======================END====================================

It works perfectly !
But questions about security

1. As you can see above, i use $_GET['FieldName'] instead of $_POST['FieldName']. Is there anything wrong with it ? When i use Post, i cant get the value. But when i use Get, its ok.

2. I manaully changed the URL paramenters and i can foul play my payment status. How do i overcome it ? Is it thats why notify.php is created to extract the url parameters value and then redirect to checkout.mypayment_result.php to process it ? So to PREVENT user to modify the url parameters manually and upset the payment status ?

Thank you for helping me and guiding me into the right direction !!!!!
Greatly appreciated !
pacochin

[pacochin]

Hi guys,

Another question...

Can anyone advise me what is the variable name for product name ? I need to extract this value to post to my payment gateway....i see some example using order_id, address...etc...

===========My extra payment info=====
"MERCHANTID" => COMMERCEPAYMENT2_MERCHANTID,
"MERCHANT_TRANID" => $db->f("order_id"),
"TRANSACTIONTYPE"=> COMMERCEPAYMENT2_TRANSACTIONTYPE,
"AMOUNT"=> round( $db->f("order_subtotal")+$tax_total-$discount_total, 2),
"NEWTRANSACTION"=> COMMERCEPAYMENT2_NEWTRANSACTION,
"DESCRIPTION"=> $db->f("product_name"),
"REMOTEIP"=> $_SERVER['REMOTE_ADDR'],
....
===============END=============
But i dont get the value for product name...to pass to my payment server, can anyone advise.
thks

[aramil]

Hi all!

Im looking for a solution like this, my gateway have their own results page then i must go back to the shop.

Those checkout_xx_cc_form.php are part of some payment module or just part of VM? Where are those files in order to be edited?

I used paypal extra info, edited to send the user to my gateway to chosse their credit card type (with hidden data like the order id and the total amount) when the user click on CONFIRM ORDER, and that work fine. I only need to go back to VM from the results page of my gateway and see the Thanks u page (order info).

The data sended from my gateway is just the order id, amount and a confirmation number (succesfull or failed).

I can do this with the checkout_xx_cc_checkout and results.php pages?

I`ll like to integrate this, instead of place the order and then the user choose to pay or not, just to keep a automated and clean proccess. Please i need some advice from you guys.

[pacochin]

Hi Aramil,

Let me understand you better...

You re-direct your customer to an external payment gateway pages (similar to PayPal style) and when customer done with the credit card submission, your gateway re-direct the user back to your website to show a thank you page.

Is this what you want ? Let me know, i can share my 2cents worth, becos i just got one going !

thks

[pacochin]

Hi aramil,

I am working on a tutorial document for this thread. I am half way there, but i need to rush home from office now. but i promise you i will get it done for you tonite.

So once its uploaded here, it will benefits the rest.

So, this is just a note to tell u that i am working on it...hang on buddy.

P.s
My whole afternoon had been wasted for formatting my laptop due to trojan !$#%%%&&@#
anyway. time to clean up my c drive...

[aramil]

Hi pacochin!

Nice to have a tutorial about this!! I`ll waiting for your work! I love open source!

Aramil