Issuu on Google+

SHOPPING CART & QUICK PAY GATEWAY MANUAL

SHOPPING CART INTERFACE and PAYMENT GATEWAY (Quick Pay) (V1.2) (last updated 16 June 09)

Table of Contents The Shopping Cart Interface

Page

Introduction

1

All the SCI Fields and values

1

HTML Cart Codes and Examples1. Quick Pay Gateway Code without the Shopping Cart feature: How do I use the “Quick Pay” option?

6

Basic Form sample for a single item with “Quick Pay”

6

Basic Form (Donations) sample for donations or similar with “Quick Pay”

7

2. Multi Cart Code for Web Shops with Shopping Cart feature: Code for Payment for a single item sample

7

Code for Payment for multiple items sample

8

Code for Advanced Integration single item sample

8

Code for Advanced Integration multiple items sample

8

3. Single Open Cart Code with Shopping Cart feature: Single Open Cart Code for any type single item for email processing

9

Integrated Payment Notification (IPN) What is the Integrate Payment Notification (IPN) feature?

11

Verifying the IPN notification

12

Calculating the SHA1 hash

12

Sample PHP code

13

Further security considerations

14

Troubleshooting General questions

15

Help with site integration

15

1 Titan Financial Group Ltd. © 2008-2009


SHOPPING CART & QUICK PAY GATEWAY MANUAL

TITANMONEYEXPRESS SCI INTERFACE Introduction This manual will assist you to setup a Shopping Cart with Payment Gateway feature or just the Quick Pay without a Shopping Cart feature. Receiving payments from your website using TITANMONEYEXPRESS is very easy! All you need to do is create a standard HTML form that will post the following hidden fields to our secure SCI URL. The URL to post the SCI information is: https://www.titanmoneyexpress.com/sys/payment/xsci

SCI Fields The following table describes the fields required (and a few optional fields as well) to be posted to our SCI interface to process the payment. MERCHANT_ACCOUNT

Required

The merchant’s account number to which the payment is to be made. This is the email address on the account.

PAYER_ACCOUNT

Optional

If this input field is present, the account number from which the payment will be made is fixed to this number and cannot be edited/changed by the customer. Use it if you must be paid from a certain account number. The email address of the person making the payment.

MERCHANT_NAME

Optional

The name the merchant wishes to have displayed as the Payee on the payment form. An example field value is “High Tech Widgets, Inc.”. If not provided, your company name (if provided on your account) or your first name and last name will be shown. If provided, it shouldn't be longer than 100 characters.

PRODUCT_NAME

Required

A unique Product Name provided by you. Also the cart identifies each product with the unique name. The best way will be set a Product Name with name, model, and short description. After successful payment, the cart will return you this within an array. So, this should be unique for each product, and this shouldn't be longer than 100 characters.

AMOUNT

Required

The amount of payment required from the user in US Dollar. This is the unit price of a product. (For donation pages, you can put here the lowest amount you take for a donation. Any Donor than can increase the amount of the donation by increasing quantity).

2 Titan Financial Group Ltd. © 2008-2009


SHOPPING CART & QUICK PAY GATEWAY MANUAL PRODUCT_ID

Required

A unique Product ID provided by you to identify your products. Also the cart identifies each product with this unique ID. And after successful payment, the cart will return you this within an array. So, this should be unique for each product, and the ID shouldn't be longer than 20 characters. Note: If you don’t give each product item a unique PRODUCT_ID value it will not show up on the shopping cart!

STATUS_URL

Optional

Controls whether and how payment status is returned by our server to the merchant. No payment status is returned to the merchant if this field is not present. Otherwise the field value determines how and where the payment status is sent as described below. Payment status in e-mail: Payment status is sent in the form of e-mail when the value field is set to an e-mail address prefixed by “mailto:”. An example value field for this method is “mailto:sales@widgetsinc.com”. Note that “mailto:” must be specified in lower case, however case is unimportant for the e-mail address itself. Payment status in Form Post: Payment status is submitted as an HTML form if the URL is specified as the value of the STATUS_URL field. The form is submitted to the URL with the POST method by our server upon successful completion of a payment. Thus, the target URL would normally be that of a cgi program or other form processor. This URL can specify a secure protocol such as https. An example value for having the payment status sent as a form is: ”https://www.animalware.com/orderpayment.asp” The only legal URL types are “mailto:”, “http://”, and “https://”. Non-standard port numbers are not supported.

PAYMENT_URL

Required

The URL to which a form is submitted or to which a hypertext link is taken by the buyer’s browser upon

3 Titan Financial Group Ltd. © 2008-2009


SHOPPING CART & QUICK PAY GATEWAY MANUAL successful payment to the merchant. This is the buyer’s normal return path into the merchant’s shopping cart system. This URL can specify a secure protocol such as https. By default, this URL is assumed to be a target for a form POST operation; however other actions are possible when the optional PAYMENT_URL_METHOD field is specified (see below). PAYMENT_URL_METHOD

Optional

This field controls how the value for the PAYMENT_URL field is used. The PAYMENT_URL_METHOD field value can be “POST” or “GET” or “LINK”, and must be specified in upper case. The actions taken for each are as follows: “POST” – The payment status is sent to the PAYMENT URL in an HTML form using the POST method. “GET” - The payment status is sent to the PAYMENT URL in an HTML form using the GET method. “LINK” – When payment is made, a simple hypertext link is used to return to the PAYMENT_URL. This option allows merchants that are unable to host cgi's on their web site to have a clean link back to their sites html pages (avoiding http 405 errors). If not provided, it will default to “LINK”

NOPAYMENT_URL

Required

The URL to which a form is submitted or to which a hypertext link is taken by the buyer’s browser upon an unsuccessful or cancelled payment to the merchant. This is the buyer’s alternate return path into the merchant’s shopping cart system when an egold® payment cannot be made or is cancelled. Note that this URL can be the same as that provided for PAYMENT_URL, since status is provided on the form in hidden text fields to distinguish between the two payment outcomes. This URL can specify a secure protocol such as https. By default, this URL is assumed to be a target for a form POST operation, however other actions are possible when the optional NOPAYMENT_URL_METHOD field is specified (see below).

4 Titan Financial Group Ltd. © 2008-2009


SHOPPING CART & QUICK PAY GATEWAY MANUAL NOPAYMENT_URL_METHOD Optional

This field controls how the value for the NOPAYMENT_URL field is used. The NOPAYMENT_URL_METHOD field value can be “POST” or “GET” or “LINK”, and must be specified in upper case. The actions taken for each are as follows: “POST” – The unsuccessful status is sent to the NOPAYMENT URL in an HTML form using the POST method. “GET” - The unsuccessful status is sent to the NOPAYMENT URL in an HTML form using the GET method. “LINK” – upon an unsuccessful or cancelled payment to the merchant, a simple hypertext link is used to pass control to the NOPAYMENT_URL. This option allows merchants that are unable to host cgi's on their web site to have a clean link back to their sites html pages (avoiding http 405 errors). If not provided, it will default to “LINK”

MEMO

Optional

If this input field is present, the Memo area of the payment form is pre-filled in with its value. At most, 100 characters can be entered into the memo field. (The customer is free to edit the memo, so its content should not be relied upon to stay unchanged.) This Memo is returned to Merchant after every successful payment.

EF_ITEM

Optional

You can pass an extra hidden field that will be returned to you after payment. You can use these fields to further identify your payments. For the shopping cart each item must have a unique EF_ITEM value. If you sell 3 items the EF_ITEM values will be for example: Product1: 01 Product2: 02 Product3: 03

PAY_TYPE

Required Add <input type="hidden" name="PAY_TYPE" value="QUICK" />. This string will bypass the built-in for the “Quick Pay” shopping cart and go directly to the payment option gateway.

5 Titan Financial Group Ltd. © 2008-2009


SHOPPING CART & QUICK PAY GATEWAY MANUAL

HTML Form examplesHow do I use the “Quick Pay” option? Option 1: You can use the Quick Pay option on ANY of our cart codes by just adding the string: <input type="hidden" name="PAY_TYPE" value="QUICK" /> into the form code. This removes the Shopping Cart feature and links direct to the payment page. Option 2: To add the code to an external shopping cart you will have to integrate the below html code into your existing cart checkout process: <form action="https://www.titanmoneyexpress.com/sys/payment/xsci" method="POST" /> <input type="hidden" name="MERCHANT_ACCOUNT" value="merchant@yoursite.com" />//add your merchant email address at titanmoneyexpress <input type="hidden" name="MERCHANT_NAME" value="Widget's Co." />//add merchant name <input type="hidden" name="PRODUCT_NAME" value="Total Cart Value" />// give it any name you wish <input type="hidden" name="AMOUNT" value="0.00" />//import this value from your cart <input type="hidden" name="PRODUCT_ID" value="0001" />// add any id or session value <input type="hidden" name="PAYMENT_URL" value="http://www.yoursite.com/thankyou.html" /> <input type="hidden" name="NOPAYMENT_URL" value="http://www.yoursite.com/nopayment.html" /> <input type="hidden" name="MEMO" value="????" /> //import the order number or details <input type="hidden" name="PAY_TYPE" value="QUICK" /> <input type="submit" name="submit" value="add to cart" /> </form>

Note: Your existing cart developers must integrate the code. The amount values in red above must be drawn from your current shopping cart checkout page with a customized script! Delete all the //notes

Basic Form (with Quick Pay) The following is an example of a minimalist form to process a quick payment on your website. Note that only the required fields have been passed to our API interface. If payment has been completed successfully, the user will be redirected to the URL indicated by the “PAYMENT_URL” field. Since in this basic example we haven't specified if data should be returned to the merchant's website, the user will be redirected to the merchant's success page through a simple link. Conversely, if the users cancel payment in the middle of the process, or the payment fails for any other reason, the user will be redirected to the merchant's “Payment Failure” page as indicated by the field “NOPAYMENT_URL”. Replace the field values in red with your product/service/site details <form action="https://www.titanmoneyexpress.com/sys/payment/xsci" method="POST" /> <input type="hidden" name="MERCHANT_ACCOUNT" value="merchant@yoursite.com" /> <input type="hidden" name="MERCHANT_NAME" value="Widget's Co." /> <input type="hidden" name="PRODUCT_NAME" value="Television Sony Model- 2008" /> <input type="hidden" name="AMOUNT" value="82" /> <input type="hidden" name="PRODUCT_ID" value="6662" /> <input type="hidden" name="PAYMENT_URL" value="http://www.yoursite.com/thankyou.html" /> <input type="hidden" name="NOPAYMENT_URL" value="http://www.yoursite.com/nopayment.html" /> <input type="hidden" name="PAY_TYPE" value="QUICK" /> <input type="submit" name="submit" value="add to cart" /> </form>

6 Titan Financial Group Ltd. © 2008-2009


SHOPPING CART & QUICK PAY GATEWAY MANUAL

Basic Form for Donations or other (with Quick Pay) Replace the field values in red with your product/service/site details <form action="https://www.titanmoneyexpress.com/sys/payment/xsci" method="POST" /> <input type="hidden" name="MERCHANT_ACCOUNT" value="merchant@yoursite.com" /> <input type="hidden" name="MERCHANT_NAME" value="Widget's Co." /> <input type="hidden" name="PRODUCT_NAME" value="Donation" /> <input type="" name="AMOUNT" value="" /> <input type="hidden" name="PRODUCT_ID" value="101" /> <input type="hidden" name="PAYMENT_URL" value="http://www.yoursite.com/thankyou.html" /> <input type="hidden" name="NOPAYMENT_URL" value="http://www.yoursite.com/nopayment.html" <input type="hidden" name="PAY_TYPE" value="QUICK" /> /> <input type="" name="MEMO" value="" /> <input type="submit" name="submit" value="Donate!" /> </form>

* You can change the “Pay” button to “Donate” or “Buy Now” or any other as you may need. * Note: The Amount and Memo fields are left empty for Payer completion

Example of payment for a single and multiple items. In this example, we are implementing an HTML form to sell items from our website which is added to a Shopping Cart for check out purposes. We setup a memo field with the message for each item of payment, and we send a client field by the name of “EF_ITEM”. Also there is an “MEMO” field which shows MEMO of each different item. Finally, we instruct the SCI system to send us an email to the address merchant@sample.site upon successful completion of the payment. We do this by filling the “STATUS_URL” field with a mailto: URL. ¾ Product / Item Nr 1 Replace the field values in red with your product/service/site details <form action="https://www.titanmoneyexpress.com/sys/payment/xsci" method="POST" /> <input type="hidden" name="MERCHANT_ACCOUNT" value="merchant@sample.site" /> <input type="hidden" name="MERCHANT_NAME" value="Widget's Co." /> <input type="hidden" name="PRODUCT_NAME" value="Product1" /> <input type="hidden" name="AMOUNT" value="4.25" /> <input type="hidden" name="PRODUCT_ID" value="966" /> <input type="hidden" name="STATUS_URL" value="mailto:merchant@yoursite.com" /> <input type="hidden" name="PAYMENT_URL" value="http://www.yoursite.com/thankyou.html" /> <input type="hidden" name="NOPAYMENT_URL" value="http://www.yoursite.com/nopayment.html" /> <input type="hidden" name="MEMO" value="Thank you for your purchase of 1FRTE widget!" /> <input type="hidden" name="EF_ITEM" value="10" /> <input type="submit" name="submit" value="add to cart" /> </form>

* This will create a “add to cart” button on your site for this 1st Item

¾ Product / Item Nr 2 Now copy the above code and replace only the field values in red with your 2nd product/service/site details- example below <form action="https://www.titanmoneyexpress.com/sys/payment/xsci" method="POST" /> <input type="hidden" name="MERCHANT_ACCOUNT" value="merchant@sample.site" />

7 Titan Financial Group Ltd. © 2008-2009


SHOPPING CART & QUICK PAY GATEWAY MANUAL <input <input <input <input <input <input <input

type="hidden" type="hidden" type="hidden" type="hidden" type="hidden" type="hidden" type="hidden"

name="MERCHANT_NAME" value="Widget's Co." /> name="PRODUCT_NAME" value="Product2" /> name="AMOUNT" value="29.50" /> name="PRODUCT_ID" value="966" /> name="STATUS_URL" value="mailto:merchant@yoursite.com" /> name="PAYMENT_URL" value="http://www.yoursite.com/thankyou.html" /> name="NOPAYMENT_URL" value="http://www.yoursite.com/nopayment.html"

/> <input type="hidden" name="MEMO" value="Thank you for your purchase of 1FRTE widget!" /> <input type="hidden" name="EF_ITEM" value="11" /> <input type="submit" name="submit" value="add to cart" /> </form>

… and so you copy this code for Product/Item nr 3 etc. * This will create a 2nd “add to cart” button on your site for this 2nd Item * You can change the “Pay” button to “Donate” or “Buy Now” or any other as you may need. * If you want the User to add a note to you, leave MEMO field above empty like this <input type="" name="MEMO" value="" />

Advanced Integration for a single and multiple items This example is similar to the one before, except that we are utilizing all the options available on the SCI, and we are asking the SCI system to issue a notification to our web server when a payment has been completed successfully. We are also forcing the user to pay using his account associated to the email sent on “PAYER_ACCOUNT”, and instructing the SCI engine to replace our Merchant's name with the value set on the “MERCHANT_NAME” field. This could be useful to change the default merchant's name as set on our account temporarily for this payment in the case we are, for example, receiving payments from different websites using the same account. Finally, we are instructing the SCI engine to return the user to our website through a form post using the GET method. This way, with a little coding on the merchant's website, the merchant will be able to display information about the payment (or why the payment has failed if that is the case). Here is example ¾ Product / Item Nr 1 Replace the field values in red with your product/service/site details <form action="https://www.titanmoneyexpress.com/sys/payment/xsci" method="POST" /> <input type="hidden" name="MERCHANT_ACCOUNT" value="merchant@sample.site" /> <input type="hidden" name="PAYER_ACCOUNT" value="client@some.site" /> <input type="hidden" name="MERCHANT_NAME" value="Widget's Co." /> <input type="hidden" name="PRODUCT_NAME" value="DVD Rock Star 5" /> <input type="hidden" name="AMOUNT" value="40.75" /> <input type="hidden" name="PRODUCT_ID" value="966" /> <input type="hidden" name="STATUS_URL" value="http://www.sample.site/status.php" /> <input type="hidden" name="PAYMENT_URL" value="http://www.sample.site/thankyou.html" /> <input type="hidden" name="PAYMENT_URL_METHOD" value="POST" /> <input type="hidden" name="NOPAYMENT_URL" value="http://www.sample.site/nopayment.html" /> <input type="hidden" name="PAYMENT_URL_METHOD" value="GET" /> <input type="hidden" name="MEMO" value="Thank you for your purchase of 1FRTE widget!" /> <input type="hidden" name="EF_ITEM" value="10" /> <input type="submit" name="submit" value="add to cart" /> </form>

* This will create a “add to cart” button on your site for this 1st Item

8 Titan Financial Group Ltd. © 2008-2009


SHOPPING CART & QUICK PAY GATEWAY MANUAL ¾ Product / Item Nr 2 Now copy the above code and replace only the field values in red with your 2nd product/service/site details <form action="https://www.titanmoneyexpress.com/sys/payment/xsci" method="POST" /> <input type="hidden" name="MERCHANT_ACCOUNT" value="merchant@sample.site" /> <input type="hidden" name="PAYER_ACCOUNT" value="client@some.site" /> <input type="hidden" name="MERCHANT_NAME" value="Widget's Co." /> <input type="hidden" name="PRODUCT_NAME" value="Electric Shaver GS3000" /> <input type="hidden" name="AMOUNT" value="10.50" /> <input type="hidden" name="PRODUCT_ID" value="1255" /> <input type="hidden" name="STATUS_URL" value="http://www.sample.site/status.php" /> <input type="hidden" name="PAYMENT_URL" value="http://www.sample.site/thankyou.html" /> <input type="hidden" name="PAYMENT_URL_METHOD" value="POST" /> <input type="hidden" name="NOPAYMENT_URL" value="http://www.sample.site/nopayment.html" /> <input type="hidden" name="PAYMENT_URL_METHOD" value="GET" /> <input type="hidden" name="MEMO" value="Thank you for your purchase of 1FRTE widget!" /> <input type="hidden" name="EF_ITEM" value="11" /> <input type="submit" name="submit" value="add to cart" /> </form>

* This will create a 2nd “add to cart” button on your site for this 2nd Item * You can change the “Pay” button to “Donate” or “Buy Now” or any other as you may need. * If you want the User to add a note to you, leave MEMO field above empty like this <input type="" name="MEMO" value="" />

Single Open Cart Code for processing ANY single Product or Item This code allows the merchant to process any item with users. Code can be placed on any htm or html page. ¾ Add the code below to your site somewhere and email the page link with the applicable product details that the user should enter for order completion and check out! ¾ See a sample of this cart form code here>>   Copy and Paste this code into any htm or html page:   <start>  <br><h1>Add the Product or Item details and Check Out!</h1><br>  *values required<br>  <form action="https://www.titanmoneyexpress.com/sys/payment/xsci" method="POST" /> <input type="hidden" name="MERCHANT_ACCOUNT" value="paul@sample.com" /> <input type="hidden" name="MERCHANT_NAME" value="" /> <span class="p">Add the Product Name<input type="text" name="PRODUCT_NAME" value="" />*<br> <span class="p">Add the Product ID<input type="text" name="PRODUCT_ID" value="" />*<br> <input type="hidden" name="STATUS_URL" value="" /> <input type="hidden" name="PAYMENT_URL" value="http://www.sample.com" /> <input type="hidden" name="NOPAYMENT_URL" value="http://www.sample.com" /> <input type="hidden" name="PAYMENT_URL_METHOD" value="POST" /> <input type="hidden" name="NOPAYMENT_URL_METHOD" value="GET" /> <span class="p">Add the Amount in $<input type="text" name="AMOUNT" value="" />*<br> <span class="p">Add the EF Item code<input type="text" name="EF_ITEM" value="" /><br> <span class="p">Add any Memo<input type="text" name="MEMO" value="" /><br> <input type="submit" name="submit" value="process order" /> </form>

9 Titan Financial Group Ltd. © 2008-2009


SHOPPING CART & QUICK PAY GATEWAY MANUAL <hr>  <h3>User details required :</h3>  1. User credit card name, number and cvv number;<br>  2. Date of birth;<br>  3. User email address;<br>  4. User correct address<br>  <br><b><u>Important Notes:</b></u><br>  1. If you registered any of the above details on the moneybookers.com system the system will  require you to login to the moneybookers system to finish the transaction. This is additional  security offered to all existing moneybookers Users against online payment and identity  fraud.<br>  Alternative Solution: Use details not registered on the moneybookers system!<br>  *Non moneybookers Users are not affected by this.<br>  <end> 

10 Titan Financial Group Ltd. © 2008-2009


SHOPPING CART & QUICK PAY GATEWAY MANUAL

Integrated Payment Notification (IPN) If a value is passed on the “STATUS_URL” field, the SCI engine will send a notification to the merchant after a successful payment is completed. Depending on the value of the field (please check the fields chart above to understand how to use this field), the SCI engine will either send the merchant an email, or make a Form Post to the merchant's website with the successful payment information. All the extra fields passed by the merchant are returned on the notification (those fields with names beginning with “EF_”), plus some additional fields with information about the payment. The following table lists and explains the additional fields passed by the SCI engine after a successful payment:

Field Name

Description

TRANSACTION_ID

A unique transaction ID for this payment as recorded on our system.

MERCHANT_ACCOUNT

The merchant’s account email to which the payment was made. This is the email address on the account.

PAYER_ACCOUNT

The email address for the customer making the payment.

MEMO

Either the memo passed by the merchant to the SCI OR a memo message inserted by the payer.

AMOUNT

The full amount paid.

FEE

The fee charged for this payment. If you subtract the fee from the amount that is the total amount that was credited to your account.

DATE

The time-stamp for the payment (date and time) in RFC2822 format. This will look something like this: Thu, 21 Dec 2008 16:01:07 +0200

CONTROL

The control field contains an SHA1 hash that should be used to the merchant to verify that this IPN notification in fact comes from our SCI engine and is not a forgery. Please see below on how to calculate this string. The control field is not passed on email notifications.

PRODUCT_ARRAY

An Array of Products containing the individual product information. Each element of the Array contains PRODUCT_NAME, AMOUNT, EF_ITEM, QUANTITY and MEMO.

11 Titan Financial Group Ltd. © 2008-2009


SHOPPING CART & QUICK PAY GATEWAY MANUAL

Verifying the IPN notification As described on the previous topic, among the fields returned back after a successful purchase to the status URL indicated by the merchant, there is a field called CONTROL which consist of an SHA1 string that the merchant can use to certify the validity of the data passed, as well as the origin of the data (meaning, the data truly comes from our servers and is not a forgery). Because SHA1 is basically a one way digest algorithm, you need to recalculate the hash with the information provided below, separating each field with a colon. Then you can compare your calculated hash with the one passed on the CONTROL field.

Calculating the SHA1 hash The SHA1 hash can be calculated by concatenating the following data into a string: z

The Unique payment ID for the transaction (as passed on the TRANSACTION_ID field)

z

Merchant's email (MERCHANT_ACCOUNT field).

z

Payment Amount (AMOUNT).

z

Fee Amount (FEE).

z

Unique Payment ID (Even if it is empty, field PAYMENT_ID).

z

Time-stamp of the payment (DATE field).

z

Your TITANMONEYEXPRESS security pin.

For example, if your PIN for your TITANMONEYEXPRESS merchant account were 3342, and we were to use the data from the advance integration, your concatenated string would look like this: merchant@sample.site-payer@client@some.site-12.22:0.05:982734-Thu, 21 Dec 2008 16:01:07 +0200- 3342

All that is left to do is obtain an SHA1 signature of this string and compare it to the CONTROL field to make sure the IPN notification is indeed valid.

12 Titan Financial Group Ltd. Š 2008-2009


SHOPPING CART & QUICK PAY GATEWAY MANUAL

Sample PHP code the following is an example of how to calculate the CONTROL SHA1 hash using PHP: <? /** * Sample IPN notification verification for TITANMONEYEXPRESS * * This should be executed on the script indicated as the STATUS_URL of the * SCI form. * */ //You might want to pull this values out of a database in a real production environment. $code = "enter our four digit TITANMONEYEXPRESS security code here."; //Build the string. $vstr = $_POST['TRANSACTION_ID'] .”-”. $_POST['MERCHANT_ACCOUNT'] .”-”. $_POST['PAYER_ACCOUNT'] .”-”. $_POST['AMOUNT'] .”-”. $_POST['FEE'] .”-”. $_POST['PAYMENT_ID'] .”-”. $_POST['PAYMENT_DATE_TIME'] .”-”. $code; //Calculate the SHA1 $control = sha1($vstr); //Compare. Obviously your business logic for a successful payment or error must go here. if($control==$_POST['CONTROL']') { print "Payment successful"; } else { print "Payment failed!"; } // Calculate the product array $PRODUCT_ARRAY = unserialize(rawurldecode($_POST['PRODUCT_ARRAY'])); // Print the array to check the array Print_r{$PRODUCT_ARRAY}; ?>

13 Titan Financial Group Ltd. © 2008-2009


SHOPPING CART & QUICK PAY GATEWAY MANUAL

Further security considerations Besides validating the CONTROL hash, other security measures must be taken at your side to assure the legitimacy of the payment. Though the changes of some of the following hacking attempts are extremely unlikely, you should make your business logic as secure as possible. Some of these considerations are: z

Make sure that TRANSACTION_ID for the payment received is unique on the database to avoid having somebody simulate a post from our server and keep crediting payments by reposting always the same information.

Make sure that the MERCHANT_ACCOUNT corresponds to you, and the hacker is not posting a payment made

14 Titan Financial Group Ltd. Š 2008-2009


SHOPPING CART & QUICK PAY GATEWAY MANUAL

Troubleshooting 1. My cart does not accept the changes I made on the code? This is due to the previous session still active on the transaction. Sessions are about 15 minutes. Step 1: Clear your pc/system browsing history files. History, Temp files AND clear Cookies. Try again and it should work. If not go to step 2. Step 2: If your pc still does not respond due to the current session, tick the “remove item” box on the cart and update the cart. You might get a Validation error page. Just open the website again and do the purchase again. It should work fine. 2. My cart does not show my second and other items? Change the value of the EF_ITEM to match the amount of items you list in the cart. Example: If you have 3 items you want to add to you cart Item1= ef_item value 1 Item2= ef_item value 2 Item3= ef_item value 3 This will show all three your items in the cart. 3. I want to accept donations? How See Basic Form code for Donations above in page 6 4. I get a validation error: Your account cannot accept SCI payments? Only merchant accounts can receive SCI payments. Contact us to upgrade your account to merchant status or open a new merchant account online 5. Where can I get Help with site integration? Go online here and complete the form for Support to email you the code. Paste the code into your web html form and upload to server.

15 Titan Financial Group Ltd. © 2008-2009


dfgsdfg