prowebinteractiveinc
asked on
web application to accept and return XML
I need build a web application in PHP to receive and reply in XML
Basically, I need to build a payment gateway
website accepting credit cards or .NET App => GATEWAY (ME) => Financial institution => GATEWAY (ME) => website accepting credit cards or .NET App
Website or .NET app processing credit card payments sends XML to Gateway
Gateway Receives XML
Financial inst. receives XML and then replies back in XML to Gateway
Gateway sends same XML response string from financial inst. to web .NET app
Basically, I need to build a payment gateway
website accepting credit cards or .NET App => GATEWAY (ME) => Financial institution => GATEWAY (ME) => website accepting credit cards or .NET App
Website or .NET app processing credit card payments sends XML to Gateway
Gateway Receives XML
Financial inst. receives XML and then replies back in XML to Gateway
Gateway sends same XML response string from financial inst. to web .NET app
ASKER
Hi Ray
as for PCI compliance, Im fine, Im aware.
I already have everything setup on an actual website to send payments, in XML
The problem is Im creating a .NET application. and sending right to the bank is working right now except the bank accepts XML string Posts from only one IP on the merchant account for security purposes - so what I need to do, is from the .NET application send it to my website as a gateway that already sends requests to the bank, and then take the same request from the bank and send it back to the .NET application. this way I am taking out the IP filter issue I have with the bank and make my own filters on my website / gateway.
this is an example of the XML im sending directly to the financial institution from my .NET app and I get a response back from the server saying that im sending requests from invalid IP: so I know everythig is work to this point. maybe with the xml Im showing you below you will have an idea of what I need to do in PHP to read the info, parse put in db and then send to bank. retrieve from bank, save results in db then send back to .NET app
as for PCI compliance, Im fine, Im aware.
I already have everything setup on an actual website to send payments, in XML
The problem is Im creating a .NET application. and sending right to the bank is working right now except the bank accepts XML string Posts from only one IP on the merchant account for security purposes - so what I need to do, is from the .NET application send it to my website as a gateway that already sends requests to the bank, and then take the same request from the bank and send it back to the .NET application. this way I am taking out the IP filter issue I have with the bank and make my own filters on my website / gateway.
this is an example of the XML im sending directly to the financial institution from my .NET app and I get a response back from the server saying that im sending requests from invalid IP: so I know everythig is work to this point. maybe with the xml Im showing you below you will have an idea of what I need to do in PHP to read the info, parse put in db and then send to bank. retrieve from bank, save results in db then send back to .NET app
xxxRequestMode=X&xxxRequestData=<?xml version='1.0' encoding='UTF-8'?><TranxRequest><MerchantNumber>11111111</MerchantNumber><Products>299.95::1::100::Test Product 1::{TEST}</Products><xxxName>Jason Trudeau</xxxName><xxxCompany>ABC Corp</xxxCompany><xxxAddress>4 Corporate Sq</xxxAddress><xxxCity>TestVille</xxxCity><xxxState>NY</xxxState><xxxZipCode>123456</xxxZipCode><xxxCountry>US</xxxCountry><xxxPhone>800-555-1234</xxxPhone><xxxEmail>merchant@website.com</xxxEmail><xxxCard_Number>4505530000000000</xxxCard_Number><xxxCCMonth>09</xxxCCMonth><xxxCCYear>2009</xxxCCYear><CVV2>123</CVV2><xxxTransType>00</xxxTransType><xxxAuthentication>Y</xxxAuthentication></TranxRequest>
How you send it to the bank would be part of the question. Is it a POST-method request?
Here is a code sample showing how PHP can process the XML and extract elements for storage in a data base.
http://www.laprbass.com/RAY_temp_prowebinteractive.php
Here is a code sample showing how PHP can process the XML and extract elements for storage in a data base.
http://www.laprbass.com/RAY_temp_prowebinteractive.php
<?php // RAY_temp_prowebinteractive.php
error_reporting(E_ALL);
echo "<pre>";
$xml = <<<ENDXML
<?xml version='1.0' encoding='UTF-8'?>
<TranxRequest>
<MerchantNumber>11111111</MerchantNumber>
<Products>299.95::1::100::Test Product 1::{TEST}</Products>
<xxxName>Jason Trudeau</xxxName>
<xxxCompany>ABC Corp</xxxCompany>
<xxxAddress>4 Corporate Sq</xxxAddress>
<xxxCity>TestVille</xxxCity>
<xxxState>NY</xxxState>
<xxxZipCode>123456</xxxZipCode>
<xxxCountry>US</xxxCountry>
<xxxPhone>800-555-1234</xxxPhone>
<xxxEmail>merchant@website.com</xxxEmail>
<xxxCard_Number>4505530000000000</xxxCard_Number>
<xxxCCMonth>09</xxxCCMonth>
<xxxCCYear>2009</xxxCCYear>
<CVV2>123</CVV2>
<xxxTransType>00</xxxTransType>
<xxxAuthentication>Y</xxxAuthentication>
</TranxRequest>
ENDXML;
// MAKE AN OBJECT
$obj = SimpleXML_Load_String($xml);
// VISUALIZE THE OBJECT
var_dump($obj);
// USE OOP NOTATION TO GET DATA FROM THE OBJECT
$n = (string)$obj->xxxName;
$c = (string)$obj->xxxCompany;
$e = (string)$obj->xxxEmail;
echo PHP_EOL . "<b>$n</b> WORKS AT <i>$c</i> AND USES EMAIL <u>$e</u>";
HTH, ~Ray
ASKER
Yes its a POST
and I built the.NET to POST as well, but like I said, I want it to POST to me instead, then I (website) will post to bank
Below is my PHP file POSTing to the bank
and I built the.NET to POST as well, but like I said, I want it to POST to me instead, then I (website) will post to bank
Below is my PHP file POSTing to the bank
function sendrequest($transId, $transTypeId, $myCardNumber, $myExpMth, $myExpYr, $myCVV, $paymentAmount, $customerId)
{
$method = "POST";
$url = transactionPostUrl($transTypeId);
$vars = "xxxRequestMode=X&xxxRequestData=" . urlencode(buildRequest($transId, $transTypeId, $myCardNumber, $myExpMth, $myExpYr, $myCVV, $paymentAmount, $customerId)); //sendrequest($transactionId, 1, $varTransTypeId, $cardNumber, $expMonth, $expYear, $cvv);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: text/xml"));
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
if ($method == 'POST') {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $vars);
}
$data = curl_exec($ch);
curl_close($ch);
$fileName = $transId ."_" . date('Ymd_His') . ".xml";
$filePath = $_SERVER['DOCUMENT_ROOT'] . "/trans_response_xml_format/" . $fileName;
// echo $filePath;
if(!$fp = fopen($filePath, "w"))
{
echo "file not created";
}
else
{
fwrite($fp, $data);
fclose($fp);
chmod ($filePath, 0755);
}
$xml = simplexml_load_string($data);
@mysql_query("UPDATE is_transactions SET trans_Type='" . $xml->xxxTransType . "',
ip_address='" . $xml->xxxMerchantIPAddress . "',
ip_host='" . gethostbyaddr($xml->xxxMerchantIPAddress) . "',
cardHolderName='" . $xml->xxxName . "',
trans_amount='" . $xml->TotalAmount . "',
card_type='" . $xml->CardType . "',
receipt_number='" . $xml->ReceiptNumber . "',
approval_code='" . $xml->Page . "',
verbiage='" . $xml->Verbiage . "',
token='" . $xml->Token . "',
xmlFile='" . $fileName . "'
WHERE transId=" . $xml->YourVariableName);
return $xml->YourVariableName;
}
so basically I want to be accepting and breaking down XML the exact same way the bank is in PHP
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
no issue, I have changed the POST to my sever, Im parsing the information, works great... now! how do I send info back to .NET application ?
how do I send info back to .NET application ?You would make a GET or POST request to the URL of a script on the .NET server.
ASKER
Ok im know the bank is posting back to me but how do they know the URL to send back to ?
how do they know the URL to send back to ?Uhh, you would probably tell them, right?
Ok im know the bank is posting back to me but how do they know the URL to send back to ?If I am understanding you correctly, what you meant was "...how do they know where to send the response to".
From what you described, since your .Net app goes to your website, then the bank is only seeing the website script. So it will only respond to requests originating from your website (due to the IP restriction you described). So if you deploy you app to 10 machines, and all of them send request simultaneously, your website sees 10 different clients, but since your website routes the requests to the bank, the bank sees one client only (making 10 requests).
how do I send info back to .NET application ?@Ray: I believe his "confusion" arises from the fact that when he sends the post request using his sendrequest() function, the function returns just a "node" from the xml result that the bank sends him -- return $xml->YourVariableName;
Most likely his application needs the entire XML.
@prowebinteractiveinc: If in fact I am right about you needing/wanting the entire xml response, then I would suggest that in sendrequest() function you change
...
$data = curl_exec($ch);
curl_close($ch);
...
to:
...
$data = curl_exec($ch);
$_POST['bankData']=$data;
curl_close($ch);
...
That way the full xml response from the bank is available outside your function. Now, let's say that your .Net app is POSTing to http://site.com/payment.php. In payment.php you are probably doing something similar to:
<?php
//do some pre-processing
//iterate through $_POST and extract values to pre-fill variables.
//Perhaps emit a db transaction so you get a transaction id
...
//send the request:
echo sendrequest($transId, $transTypeId, $myCardNumber, $myExpMth, $myExpYr, $myCVV, $paymentAmount, $customerId);
?>
After the suggestion I made earlier, you would now need:
...
//send the request:
sendrequest($transId, $transTypeId, $myCardNumber, $myExpMth, $myExpYr, $myCVV, $paymentAmount, $customerId);
echo $_POST['bankData'];
exit;
?>
http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
The general design of a web service looks something like this. In the example, there is a GET method request (you will need to use POST) and the query is sent in clear text, not XML, but the principles are still the same.
Open in new window
The PHP processing of XML is often done with the SimpleXML extension. You make an object from the XML and use iterators to access each of the parts. For an example, see:http://www.laprbass.com/RAY_xml_example_131.php
Open in new window
HTH, ~Ray