Ok, I'm not sure why I cannot find any real answers to this. I've seen this asked before, and I know someone has to have coded an e-commerce system in PHP before that handles real time processing of CCs. So, with that said, I'd like to hear any ideas on how to do this, I may be doing this all wrong.
KEEP IN MIND --- The connection is SSL, so whatever means of doing this is, it must support SSL. The CC autorization server, like all others DOES NOT allow GET requests. It ONLY allows POSTS, no exceptions. If it allowed GETs this could have been coded in 5 minutes.
ALSO --- Yes, I know cURL can supposedly do POSTs. However, I have not found one person who has successfully used cURL to do this with SSL. If you have I'm all for hearing about it. BTW- are curl functions now a built in part of PHP4?
I found a class for http_post within PHP, though there is no support for SSL.
Ok,
I've inquired about this problem in a couple different threads and have found some new info, hopefully someone will be able to help me put together the pieces. I haven't been able to get any clear cut answers though, so I figure anyone who can help solve this will get to be the PHP God for the day, maybe two. =P
If anyone here has setup an e-commcerce script to handle real time credit card processing info you probably know how to do this, and I may be going about it wrong.
The process:
- User fills out a form with Name, Credit Card number, Exp. Date, etc.
- The form data is passed to a local PHP script where it takes the variables and adds variables that need to remain secret for obvious reasons. These include the iBill account number, iBill account password, and other required information for the authorization script (by iBill). So it is apparent I need to be passing these behind closed doors. Putting information like this in hidden fields would be outright idiotic.
- This information must then be POSTED (no, GET is not supported, if you GET, the transaction will be denied, erroring 'GET is not supported') to the transaction script ---> https://secure.ibill.com/cgi-win/ccard/tpcard.exe
- The iBill script replies with a string basically either saying the purchase was authorized or denied.
- The script takes the string iBill replies with, decrypts the SSL, and continues based on what the string told us about the transaction.
My first and foremost problem lies within the fact I have yet to find any way to POST information to a remote script from PHP. Say I get my variables from the user and add my variables, how in the heck do I POST those variables to the iBill script out of PHP? Can PHP even open a connection and send POST data? You would think this would be a common function.
Second, obviously I need to PHP to get the response, which of course will be encrpted with SSL.
So I need something like:
$returned_string = ' w3m-ssl -dump $post_function_return' ;
(as recommended by Joe Stump)
If I can get the data POSTed to a remote script and can take the string in SSL and get it into plain text everything else will be a sinch.
So, anyone have any crazy ideas on this? How have you guys/gals setup your scripts to work with the authorization company's software? Authorize.net, ccnow, ibill, they all pretty much use the same concept for authorizing CCs, so I'm open to suggestions. Some people have mentioned to look into $HTTP_POST_VARS[], but have no idea how to send it.
Thank you much.
