• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

COPYINGH A D19-Sep-200217.6 KiB341281

ChangesH A D30-Oct-20031.4 KiB4734

Junior.pmH A D03-May-202220 KiB670333

MANIFESTH A D19-Sep-200288 109

Makefile.PLH A D03-May-2022278 96

READMEH A D30-Oct-20038.7 KiB224163

get-rates.plH A D19-Sep-20023 KiB10160

mysql.schemaH A D17-Sep-20021.4 KiB5947

test.plH A D14-Mar-2003516 195

README

1Business::WorldPay::Junior version 1.07
2======================================================
3
4This module provides a simple way to handle transactions sent to WorldPay
5for payment when using the WorldPay Select Junior service.
6
7This module aims for simplicity. All it does is track the transaction and
8then verify the callback data supplied by WorldPay after a payment has been
9made. The module is designed with the requirement to immediately verify that
10a payment has been made and is as expected in mind.
11
12See the USAGE section below for details on how to integrate this module in
13your scripts.
14
15INSTALLATION
16
17To install this module type the following:
18
19   perl Makefile.PL
20   make
21   make install
22
23You will also need to create a couple of tables in a mysql database as per the
24mysql.schema file in this distribution.
25
26Optionally you can also set up cron to run the included get-rates.pl script
27each evening. This should be run between 18:00 and 23:59 (GMT/BST - ie UK
28time) and will obtain the exchange rates for the next working day.
29
30While this is not compulsory without it the module will not work where your
31customer has changed the currency for the transaction at WorldPay.
32
33DEPENDENCIES
34
35This module requires these other modules and libraries:
36
37  DBI
38  DBD::mysql
39
40This module requires MySQL in order to store the transaction details and is
41written to make use of MySQL specific functions.
42
43The module only requires one table - called "worldpay" so you can use an
44existing database if you need to although you should be careful to ensure
45that the permissions on the database you use are suitable given that it will
46contain financially sensitive data.
47
48The file mysql-schema included with the distribution of this details the
49schema for the MySQL "worldpay" table.
50
51The get-rates.pl script also depends upon the following:
52
53	LWP::UserAgent
54	Crypt::SSLeay
55
56USAGE
57
58In order to use this module you must register your transaction with the
59module before sending the user to WorldPay for payment.
60
61Then when WorldPay callback to your server with the transaction confirmation
62details you simply pass all of the CGI parameters to the module to confirm
63that the transaction is valid.
64
65Remember that you need to configure your WorldPay account (using the
66WorldPay Merchant Management pages at http://support.worldpay.com/admin/) to
67use the Callback facility which can be pointed at either a dedicated
68callback processing script or the script that originally sent the user to
69WorldPay for payment processing - or, indeed, any other script. As far as
70the module is concerned it does not matter what script handles the callback.
71
72Note that this module does not generate any output for either the user or
73WorldPay. That is the job of your script.
74
75To start using WorldPay::Junior you need to initialise the module in your
76script using the "new" method like so:
77
78use Business::WorldPay::Junior;
79
80my $wp = Business::WorldPay::Junior->new( db => 'worldpay',
81                                                  dbuser => 'worldpay',
82                                                  dbpass => 'wppass',
83                                                  host => 'localhost' );
84
85The db, dbuser and dbpass parameters are compulsory and should be the
86database that the worldpay table is located within and the mysql username
87and password with select, insert and update privileges on that table.
88
89Optionally you can specify a host parameter to point to the host where the
90database is located. If this is not specified it defaults to localhost.
91
92Do remember to test that the call to new succeeded as if you have not
93correctly passed the required details it will fail. This does the trick
94nicely:
95
96if ( ! $wp )
97    {
98    # deal with it. Note that there should be an error message in
99    # $Business::WorldPay::Junior::errstr detailing why it failed.
100    }
101
102Once you have initialised the module you can carry on to either register a
103new transaction, process a callback or check whether a given transaction has
104already been authorised.
105
106To register a new transaction you use the "register" method like so:
107
108my $cartId = $wp->register(\%transaction_details);
109
110As you can see the actual transaction details are passed as a reference to a
111hash. The hash typically looks like this:
112
113my %transaction_details = ( amount => 12.50,
114                            desc => "A Test Transaction",
115                            instId => '99999',
116                            currency => 'GBP',
117                          );
118
119The details above are the only ones that are necessary to register a new
120transaction and all correspond to the standard WorldPay parameters - do
121note that they are case sensetive.
122
123The $cartId variable returned should be used for the WorldPay cartId
124parameter. It is generated by an auto-incrementing field in the database so
125it's pretty much guaranteed to be unique for that database.
126
127Once you have registered your transaction you should send the user to the
128WorldPay website for payment - I usually just print a simple page to the
129user informing them of the amount owing and what it is for with a simple
130"Click here to pay" button. It's a simple HTML form.
131
132The Callback
133
134WorldPay offer a facility whereby they will connect to a designated URL on
135your website (configured via the Merchant Management Pages) and immediately
136confirm to you whether the payment was completed successfully or was
137cancelled (you'll never be told of a declined transaction - see the WorldPay
138website for details) and the full details of a completed transaction.
139
140Web forms, as used in the Select Junior system, are not safe from users
141tampering with them so it is important to verify that the authorised payment
142details are correct before acting upon them.
143
144To do this you use the "callback" method.
145
146Before you actually verify the callback data, however, you need to ensure
147that the callback is authentic - ie that it originates from the WorldPay
148callback servers and, optionally, that the callback password is correct.
149
150To check that the source of the callback is authentic you simply call the
151"valid_callback_host" method like this:
152
153if ( ! $wp->valid_callback_host($cgi->remote_host) )
154    {
155    # Invalid callback host - handle the error.
156    # You should probably bring this security violation to the attention of
157    # a real person within your organisation.
158    }
159
160Note that remote_host is the CGI method so you need to have the CGI module
161loaded for this, which I've assumed you will as you are handling data
162provided by that means anyway.
163
164Also note that this module assumes that you are not carrying out reverse
165resolution on connections to your web site so it expects a standard IPv4
166address - ie something like 192.168.234.12.
167
168If you have specified that there should be a callback password check this in
169your script.
170
171Assuming that the callback source is authentic and, optionally, that the
172callback password is valid you can carry on to process the actual callback
173data.
174
175Like the "register" method, detailed above, the "callback" method expects
176you to pass the details via a reference to a hash. If you tell the CGI
177module that you want to use the functionality of cgi-lib - by using CGI with
178qw (:cgi-lib) as an arguement - you can make use of the CGI "Vars" method
179which is the easiest way to this this:
180
181my %callback_data = $cgi->Vars;
182if ( ! $wp->callback(\%callback_data) )
183    {
184    # The data supplied in the callback is not valid
185    # You can get more information about the problem by calling
186    # $wp->errstr which will return an error string
187    }
188
189The "callback" method only verifies that the data in the callback is correct
190and matches a registered transaction. It does not tell you whether the
191transaction was authorised or not.
192
193To check whether a transaction was authorised by WorldPay use the
194"authorised" method like so:
195
196my $cartId = $cgi->param('cartId);
197if ( ! $wp->authorised($cartId) )
198    {
199    # This transaction was NOT authorised
200    }
201
202That is all there is to using this module.
203
204Note that the "callback" method stores all the relevant information about
205the transaction in the worldpay table in the database so you can check this
206any time you wish to verify the cardholder details, etc.
207
208COPYRIGHT AND LICENCE
209
210Copyright (C) 2002 Jason Clifford <jason@jasonclifford.com>
211
212    This program is free software; you can redistribute it and/or modify
213    it under the terms of the GNU General Public License as published by
214    the Free Software Foundation; either version 2 of the License, or
215    (at your option) any later version.
216
217    This program is distributed in the hope that it will be useful,
218    but WITHOUT ANY WARRANTY; without even the implied warranty of
219    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
220    GNU General Public License for more details.
221
222    A copy of the GNU General Public License is in the accompanying
223    COPYING file.
224