picture of Michael Reynolds

Introduction

PHP is being used more and more as a tool for building e-commerce applications. A necessary part of most e-commerce applications is the ability to accept credit card payment in real-time, and PHP handles this facet of online shopping with ease --- with a little help.
This article will explain how to use PHP with Anacom. Anacom is a popular online credit card processor with a fairly friendly interface. You can read more about Anacom at http://www.anacom.com.

Requirements

The first thing you will need to do is install curl. Curl is a little program that allows secure posting to web sites via the command line. This is necessary because PHP allows unencrypted socket connections but has no built-in functions for making encrypted connection (via SSL). This is where curl comes in. Curl can be obtained at http://curl.haxx.se. Note that OpenSSL (http://www.openssl.org) will also need to be installed for curl to post via SSL if no RPM or binary package of SSL-enabled curl is available for your platform. Curl can be installed anywhere and has been successfully tested on dedicated servers and virtual servers. Either ask your hosting provider to install curl with SSL or install it yourself. Documentation is readily available on the curl web site.

Making the Connection

Once curl is installed, it's time to make the connection. Anacom offers modules for direct connection via Perl, Java, and executables for Windows NT, but not PHP --- so I wrote my own. Here is the function I use for connecting to Anacom:
<XMP>
<?php
//////////////////////////////////////////////////////////
// PostAnacom.php
//
// a PHP function for connecting to Anacom and
// charging a credit card while returning the result
// to the calling script for reading and/or processng
//
//////////////////////////////////////////////////////////

// this function connects to Anacom and reads the result
function GetAnacomResult($fulltotal$ordernumber,
$ccname$baddress$bcity,
$bstate$bzip$bcountry,
$bphone$email$trantype,
$username$ccnumber$month$year)
{
// the UPGI version we are currently using
$version "1.1";

// path to curl
$curl "/usr/local/bin/curl";

// URL for posting to Anacom
$anacom_url 
"https://www.payment-gateway.net/servlet/com.anacom.aai.Aai";


// build the data string that contains the
// credit card info and customer data

$data  "target_app=WebCharge_v6.00&";
$data .= "fulltotal=$fulltotal&";
$data .= "ordernumber=$ordernumber&";
$data .= "ccname=$ccname&";
$data .= "baddress=$baddress&";
$data .= "bcity=$bcity&";
$data .= "bstate=$bstate&";
$data .= "bzip=$bzip&";
$data .= "bcountry=$bcountry&";
$data .= "bphone=$bphone&";
$data .= "email=$email&";
$data .= "trantype=$trantype&";
$data .= "response_mode=simple&";
$data .= "username=$username&";
$data .= "ccnumber=$ccnumber&";
$data .= "month=$month&";
$data .= "year=$year&";
$data .= "connection_method=POST&";
$data .= "delimited_fmt_field_delimiter==&";
$data .= "delimited_fmt_include_fields=true&";
$data .= "delimited_fmt_value_delimiter=|&";
$data .= "delimitedresponse=Y&";
$data .= "include_extra_field_in_response=N&";
$data .= "last_used_response_num=5&";
$data .= "response_fmt├×limited&";
$data .= "upg_auth=zxcvlkjh&";
$data .= "merch_ip=$REMOTE_ADDR&";
$data .= "upg_version=version&";
$data .= "yes=Y";


// replace all whitespace with a plus sign for the query string
$data ereg_replace(" ""+"$data);

// post the data
exec("$curl -d \"$data\" $anacom_url"$return_string);

// split up the results into name=value pairs
$tmp explode("|"$return_string[0]);
for(
$i=0;$i<count($tmp);$i++)
{
$tmp2 explode("="$tmp[$i]);
$
$tmp2[0] = $tmp2[1];
}

// check for approval or error
if($Approval)
{
$card_status[0] = "approved";
$card_status[1] = "$Approval";
}
elseif(
$Error)
{
$card_status[0] = "error";
$card_status[1] = "$Error";
}

// return the card status as an array
return $card_status;
}
?>
</XMP>
It's pretty simple, but it does the trick. Note this line:
<XMP>
exec("$curl -d \"$data\" $anacom_url", $return_string);
</XMP>
This is where the work is actually done. An exec call is made to curl and the query string is passed to Anacom via the POST method. The result is read in the variable $return_string. The variable $curl will need to point to the location where curl lives.
Now, in most shopping carts or order forms, an routine will exist for checking the credit card and either successfully completing the checkout process or returning an error. In whatever file this processing occurs, the Anacom function must be included:
<XMP> <? include("PostAnacom.php"); ?>
and then called like this:

<?php

$result 
PostAnacom("1.00",
"12345",
"Michael Reynolds",
"123 Lakeview Drive",
"New York",
"NY",
"12345",
"USA",
"555-555-1212",
"michael@spinweb.net",
"sale",
"testaccount",
"1111111111111111",
"01",
"2002");
?>
</XMP>
After the customer information is passed to the function, the variable $result will be an array which contains some information. The first array element ($result[0]) will contain either the string "approved" or "error". Approved means that the card was successfully charged, and error means there was a problem with the charge. The array elements that follow actually contain more verbose information about the transaction, such as why the charge was unsuccessful. If the credit card number was invalid or the charge attempt was declined, this information will be contained in the additional array elements. This is useful if visual feedback is desired to give some information to the user regarding what happened. For instance, to return the error message from Anacom to the browser in the event of a rejected transaction, the following would work:
<XMP>
<?php

if($result[0] == "error")
{
// error, return the error message
echo "There was an error processing your credit card. ";
echo 
"The error was:";
echo 
"<P>";

// print out the error message
for($i=0;$<count($result);$i++)
{
echo 
"$result[$i]";
}

echo 
"</P>";   
}
else
{
// success, do finishing stuff
}
?>
</XMP>
This is all that is needed to complete online credit card transactions using PHP and Anacom.