[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

How to integrate an online payment service (DIBS) into a custom website using PHP?

Posted on 2009-12-23
4
Medium Priority
?
1,331 Views
Last Modified: 2013-11-18
Hi experts,

I have a website that uses WordPress. It's in need of a shopping cart/payment service and I have been looking into the DIBS Payment Processor (http://www.dibspayment.com/). The API seems well documented, but as usual I have problems understanding and comprehending it all.

I've created some code (attached), but I'm not sure how to continue developing this. The database updating part requires me to know the order number and if the payment has been accepted or declined. I think I have the "accepted or declined" part fixed, but I have no idea how they would send me the other bit(s). The best thing would be seeing what the DIBS functions require and what they return - but I cannot seem to find any of that in the API.

I did try downloading Drupal - but I do not know how to use it. (Yes, I feel stupid now)

Anyone have any experience on the area?
eX.
<?php
global $wpdb;
global $current_user;
get_currentuserinfo();

if ($_REQUEST['dibs_status'] == '') {
	$dibs_status = $_REQUEST['status'];
} else {
	$dibs_status = 'DECLINED';
}

if ($dibs_status == 'ACCEPTED') {
// TODO: run database stuff
	?>
    [hide 2]
	<h2>Thank you</h2>
	<p>Thank you for your order. Further information has been mailed to you at: <?php echo $current_user->user_email; ?>. Should you require further assistance please do not hesitate contacting us.</p>       
	[hide 2]
	<?php
} else {
	?>
    [hide 2]
	<h2>Order Canceled</h2>
    <p>Your order was canceled or declined by our payment processor. If you still wish to order one of our products, please contact us using the contact form.</p>
	[hide 2]
	<?php
}
?>

Open in new window

0
Comment
Question by:Gaute Rønningen
  • 2
  • 2
4 Comments
 
LVL 11

Assisted Solution

by:asafadis
asafadis earned 2000 total points
ID: 26111522
Have you downloaded their PHP functions file? If so, you don't look like you're using (including/requiring) it.
The API seems as well as the PHP functions seems pretty straight forward.  As far as I can tell, you're not even using there services.  Nowhere are you posting any information to them or calling any function that does.

I found that the auth.cgi page in their site told me all I needed to know.

Bellow, I'm going to explain some of what you're doing.

<?php
// Setting global variables... but where are these variables coming from?
// Again... no include() or require()
global $wpdb;
global $current_user;
get_currentuserinfo();

// Someone has submitted a form in which two of the fields are 'dibs_status' and 'status'.
if ($_REQUEST['dibs_status'] == '') {

        // If the 'dibs_status' field is empty, then set 'dibs_status' variable
        // to the value of the 'status' field.
	$dibs_status = $_REQUEST['status'];
} else {

        // Otherwise, set 'dibs_status' variable to 'DECLINED'.
	$dibs_status = 'DECLINED';
}

if ($dibs_status == 'ACCEPTED') {
        // You've got keys to the entire kingdom.
}

/**
 * Notice how you're not using the service at all?
 * In fact, all your logic is driven by values entered in a form.
 * In other words, all anyone has to do is find this 'status' field
 * in the form, end enter the word 'ACCEPTED'.
 *
 * Doesn't take the most sophisticated hacker to break your cart.
 **/

?>

Open in new window

DIBSFunctions.php
0
 
LVL 11

Accepted Solution

by:
asafadis earned 2000 total points
ID: 26111540
Your code should look more something like:

<?php
global $wpdb;
global $current_user;
get_currentuserinfo();
require('DIBSFunctions.php');

// Some logic to define your MerchantID, the total of you cart, your currency, orderID, etc.

$ccAuth = DIBSAuth($yourMerchantID, $price, $currency, $_REQUEST['CardNo'], $_REQUEST['ExpMon'], $_REQUEST['ExpYear'], $_REQUEST['CVC'], $orderID);

if ($ccAuth['status'] && $ccAuth['status'] == 'ACCEPTED') {
	// Go ahead and do stuff!
} else {
	// DENIED!
}
?>

Open in new window

0
 

Author Comment

by:Gaute Rønningen
ID: 26112133
The global variables are coming from WordPress, this code is a part of a page in WordPress. So I'm using WordPress functions to access the database/userdata/etc. (see: http://codex.wordpress.org/Function_Reference)

Thanks for helping me understand it - big blocks of text aren't my strongest side...
0
 

Author Closing Comment

by:Gaute Rønningen
ID: 31669346
Thanks. :)
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
By following these Magento e-commerce development tips, you can increase your website's conversion and profitability. Read this post for more details.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
Suggested Courses

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question