Introduction
PHP is being used more and more as a tool for building e-commerce
applications. A necessary part of most e-commerce applications is the
ability to accept credit card payment in real-time, and PHP handles this
facet of online shopping with ease --- with a little help.
This article will explain how to use PHP with Anacom. Anacom is a popular
online credit card processor with a fairly friendly interface. You can read
more about Anacom at http://www.anacom.com.
Requirements
The first thing you will need to do is install curl. Curl is a little
program that allows secure posting to web sites via the command line. This
is necessary because PHP allows unencrypted socket connections but has no
built-in functions for making encrypted connection (via SSL). This is where
curl comes in. Curl can be obtained at http://curl.haxx.se. Note that OpenSSL (http://www.openssl.org) will also need to
be installed for curl to post via SSL if no RPM or binary package of
SSL-enabled curl is available for your platform. Curl can be installed
anywhere and has been successfully tested on dedicated servers and virtual
servers. Either ask your hosting provider to install curl with SSL or
install it yourself. Documentation is readily available on the curl web
site.
Making the Connection
Once curl is installed, it's time to make the connection. Anacom offers
modules for direct connection via Perl, Java, and executables for Windows
NT, but not PHP --- so I wrote my own. Here is the function I use for
connecting to Anacom:
<XMP>
<?php
//////////////////////////////////////////////////////////
// PostAnacom.php
//
// a PHP function for connecting to Anacom and
// charging a credit card while returning the result
// to the calling script for reading and/or processng
//
//////////////////////////////////////////////////////////
// this function connects to Anacom and reads the result
function GetAnacomResult($fulltotal, $ordernumber,
$ccname, $baddress, $bcity,
$bstate, $bzip, $bcountry,
$bphone, $email, $trantype,
$username, $ccnumber, $month, $year)
{
// the UPGI version we are currently using
$version = "1.1";
// path to curl
$curl = "/usr/local/bin/curl";
// URL for posting to Anacom
$anacom_url
"https://www.payment-gateway.net/servlet/com.anacom.aai.Aai";
// build the data string that contains the
// credit card info and customer data
$data = "target_app=WebCharge_v6.00&";
$data .= "fulltotal=$fulltotal&";
$data .= "ordernumber=$ordernumber&";
$data .= "ccname=$ccname&";
$data .= "baddress=$baddress&";
$data .= "bcity=$bcity&";
$data .= "bstate=$bstate&";
$data .= "bzip=$bzip&";
$data .= "bcountry=$bcountry&";
$data .= "bphone=$bphone&";
$data .= "email=$email&";
$data .= "trantype=$trantype&";
$data .= "response_mode=simple&";
$data .= "username=$username&";
$data .= "ccnumber=$ccnumber&";
$data .= "month=$month&";
$data .= "year=$year&";
$data .= "connection_method=POST&";
$data .= "delimited_fmt_field_delimiter==&";
$data .= "delimited_fmt_include_fields=true&";
$data .= "delimited_fmt_value_delimiter=|&";
$data .= "delimitedresponse=Y&";
$data .= "include_extra_field_in_response=N&";
$data .= "last_used_response_num=5&";
$data .= "response_fmtÞlimited&";
$data .= "upg_auth=zxcvlkjh&";
$data .= "merch_ip=$REMOTE_ADDR&";
$data .= "upg_version=version&";
$data .= "yes=Y";
// replace all whitespace with a plus sign for the query string
$data = ereg_replace(" ", "+", $data);
// post the data
exec("$curl -d \"$data\" $anacom_url", $return_string);
// split up the results into name=value pairs
$tmp = explode("|", $return_string[0]);
for($i=0;$i<count($tmp);$i++)
{
$tmp2 = explode("=", $tmp[$i]);
$$tmp2[0] = $tmp2[1];
}
// check for approval or error
if($Approval)
{
$card_status[0] = "approved";
$card_status[1] = "$Approval";
}
elseif($Error)
{
$card_status[0] = "error";
$card_status[1] = "$Error";
}
// return the card status as an array
return $card_status;
}
?>
</XMP>
It's pretty simple, but it does the trick. Note this line:
<XMP>
exec("$curl -d \"$data\" $anacom_url", $return_string);
</XMP>
This is where the work is actually done. An exec call is made to curl and
the query string is passed to Anacom via the POST method. The result is read
in the variable $return_string. The variable $curl will need to point to the
location where curl lives.
Now, in most shopping carts or order forms, an routine will exist for
checking the credit card and either successfully completing the checkout
process or returning an error. In whatever file this processing occurs, the
Anacom function must be included:
<XMP>
<? include("PostAnacom.php"); ?>
and then called like this:
<?php
$result = PostAnacom("1.00",
"12345",
"Michael Reynolds",
"123 Lakeview Drive",
"New York",
"NY",
"12345",
"USA",
"555-555-1212",
"michael@spinweb.net",
"sale",
"testaccount",
"1111111111111111",
"01",
"2002");
?>
</XMP>
After the customer information is passed to the function, the variable
$result will be an array which contains some information. The first array
element ($result[0]) will contain either the string "approved" or "error".
Approved means that the card was successfully charged, and error means there
was a problem with the charge. The array elements that follow actually
contain more verbose information about the transaction, such as why the
charge was unsuccessful. If the credit card number was invalid or the charge
attempt was declined, this information will be contained in the additional
array elements. This is useful if visual feedback is desired to give some
information to the user regarding what happened. For instance, to return the
error message from Anacom to the browser in the event of a rejected
transaction, the following would work:
<XMP>
<?php
if($result[0] == "error")
{
// error, return the error message
echo "There was an error processing your credit card. ";
echo "The error was:";
echo "<P>";
// print out the error message
for($i=0;$<count($result);$i++)
{
echo "$result[$i]";
}
echo "</P>";
}
else
{
// success, do finishing stuff
}
?>
</XMP>
This is all that is needed to complete online credit card transactions using
PHP and Anacom.