picture of Matt Allen
With more and more e-commerce sites popping up around the world, the amount of transaction servers will need to grow to support them all. Many of the newer e-comms providers have made life easier for us developers by developing a web based environment to execute their transactions. Let me explain.
What do they do ?
While some providers make you install application on your servers to talk to their servers a lot now avoid that situation by doing the following.
  1. Setup an HTTPS server that is locked down to only your IP
  2. Setup a page on that server that listens for a specific set of values
  3. When you post to that server, it takes those values and does whatever it
  4. has to do (talk to the bank, setup an account etc..)
  5. Returns a page with the results in it.
What do I do?
There is a nifty little utilisty out there called cURL (http://curl.haxx.nu) that is run via command line or the EXEC() function in PHP. Here is an example of some PHP code that talks SSL.



exec("/usr/local/bin/curl -m 120 -d \"$data\" https://$URL -L",$return_message_array$return_number);

for (
$i 0$i count($return_message_array); $i++) {
$results $results.$return_message_array[$i];

$res explode(",",$results);

if (
$res[0]=="0") {
"Passed !!";
} else {
"Failed :-(";

Let's run though this code.
The $URL is obviously the server which is waiting for you secure post. The exec() function called the curl app and passed it the following parameters:
  1. -m 120 - this is the timeout in seconds
  2. -d $data - this is the data that willl be posted to the server, it is in "key=value&key=value" format.
  3. -L comes AFTER the location you are posting to.
The data is returned into $return_message_array, each new line being a new element in the array. $results ends up being a concatination of all the rows reutrned, just in case there was a line break in there $res becomes an array containing all the results, this example assumes the results where a comma seperated list, some other examples of common deliminators are "|" and ":".
This example relies on the first element in $res to be the "return code" from the bank, each institution has a different rule for this, so make sure your check up.
What we have just succeeded in doing is simulating an HTTPS post, so imagine you just filled out a form on the web and pressed submit.
There are tons of uses for this type of technology out there. For instance, I just had to deal with a with the Australian wing of a company and they needed to use the US's central database for adding new users and queries. The US have setup a page that listens for specific data, including the UserID of the Australian wing and reutrns back a "0" on pass and a negative code on fail, we were supplied with the list of error codes so we could report back to the customer.
Here are a few things to note before you try to make this work.
  1. cURL will need SSL libraries installed for it to talk SSL, I used open SSL 0.9.4
  2. cURL can do HEAPS of other stuff and talk lots of different protocols, such as FTP,HTTP,TELNET,GOPHER,FILE & LDAP.
If you have and questions or comments, please forward them onto me at matt@yourweb.com.au.
Matt Allen