With more and more e-commerce sites popping up around the world, the amount
of transaction servers will need to grow to support them all. Many of the
newer e-comms providers have made life easier for us developers by developing
a web based environment to execute their transactions. Let me explain.
What do they do ?
While some providers make you install application on your servers to talk
to their servers a lot now avoid that situation by doing the following.
Setup an HTTPS server that is locked down to only your IP
Setup a page on that server that listens for a specific set of values
When you post to that server, it takes those values and does whatever it
has to do (talk to the bank, setup an account etc..)
Returns a page with the results in it.
What do I do?
There is a nifty little utilisty out there called cURL (http://curl.haxx.nu)
that is run via command line or the EXEC() function in PHP. Here is an
example of some PHP code that talks SSL.
The $URL is obviously the server which is waiting for you secure post.
The exec() function called the curl app and passed it the following parameters:
-m 120 - this is the timeout in seconds
-d $data - this is the data that willl be posted to the server, it is in "key=value&key=value" format.
-L comes AFTER the location you are posting to.
The data is returned into $return_message_array, each new line being a new element in the array.
$results ends up being a concatination of all the rows reutrned, just in case there was a line break in there
$res becomes an array containing all the results, this example assumes the results where a
comma seperated list, some other examples of common deliminators are "|" and ":".
This example relies on the first element in $res to be the "return code" from the bank,
each institution has a different rule for this, so make sure your check up.
What we have just succeeded in doing is simulating an HTTPS post, so imagine
you just filled out a form on the web and pressed submit.
There are tons of uses for this type of technology out there. For instance, I just had to
deal with a with the Australian wing of a company and they needed to use the US's central
database for adding new users and queries. The US have setup a page that listens for
specific data, including the UserID of the Australian wing and reutrns back a "0" on
pass and a negative code on fail, we were supplied with the list of error codes so we
could report back to the customer.
Here are a few things to note before you try to make this work.
cURL will need SSL libraries installed for it to talk SSL, I used open SSL 0.9.4
cURL can do HEAPS of other stuff and talk lots of different protocols, such as FTP,HTTP,TELNET,GOPHER,FILE & LDAP.
If you have and questions or comments, please forward them onto me at firstname.lastname@example.org.