[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] Using external online payment systems with minivend?
Hello.
>Can your visitor choose any payment methode?
>Maybe it is better, your visitor choose the payment methode first and
>after this, a normal checkout page or a special checkout page is to
>show on? After successfull bank process, redirect back to your shop and
>a special-ok-page finish the order process and display the receipt page.
Yup, I tried that method yesterday and it seemed to work best.
So the order process is something like this.
1.Customer goes to order basket
2.Customer selects the payment method, and gets the special payment page
3.The payment system (online bank, smartcard system, etc (we have some pretty
advanced stuff here :) retunrs the user to the checkout page
4.The user fills the address information (just like in the simple demo)
5.The minivend processes the order.
The only thing I have to figure out, is that can the minivend pages process
form input data.
Because the payment system gives form data to the page it is calling (all
payment information and
MD5 checksum), and I need to check the checksum that it is correct.
Otherwise someone might
try to pass the payment process by calling the /ord/checout page directly
with the session id.
And if the checkout page has no way of verifying the checksum, the 'hacker'
could order stuff
free as long as the minivend is concerned.
>Dear Jarno,
>
>it is not simple to give you a right answer, because i don't know about
>your bank side. I don't know about the interface between your sites and
>the bank sites.
The interface between the bank site and my site is POST calls (forms),
I give the control to the bank with form, and the bank calls my page
as a form, using the URL I give to it and put extra data (checksum) in
addition to that.
I have good documentation about the interface, but unfortunately it in
Finnish...
>You ask us, how can you use (or insert) another page between the
>checkout page and the receipt page.
Actually I want it between the basket and checkout (I got confuced about
the names previously)
>Did you get any informations from your bank site, if any process is
>successfull or not? Did you get a interface desription from your bank?
>Did you get any datas or information from your bank site via web? E.g.
The bank informs the success/failure by calling different addresses,
so I give it one URL for success and couple URLs for different error
conditions.
So I have one page to handle the OK result (checkout), and several error
message pages.
>This is the URL of your bank:
>https://verkkomaksu.leonia.fi/vema.nd/Verkkomaksu/pgTunnistus
>
>If your bank site use some variables like UID (user id), the url is e.g.
>
>https://verkkomaksu.leonia.fi/vema.nd/Verkkomaksu/pgTunnistus?UID=12345
>
I use a form which has information in hidden fields, and when the control
goes to the bank site, it asks the user information and other transaction
specific data.
Heres a example form
<FORM METHOD="POST"
ACTION="https://verkkomaksu.leonia.fi/vema.nd/Verkkomaksu/pgTunnistus">
<INPUT NAME="CUSTOMER_NT" TYPE="HIDDEN" VALUE="000000000000">
KNRO = 000000000000
<INPUT NAME="SUM" TYPE="HIDDEN" VALUE="100,00"> SUMMA =
100.00<BR>
<INPUT NAME="REFERENCE" TYPE="HIDDEN" VALUE="9861156"> VIITE =
9861156 <BR>
<INPUT NAME="CURRENCY" TYPE="HIDDEN" VALUE="FIM"> VALUUTTA =
FIM <BR>
<INPUT NAME="VERSION" TYPE="HIDDEN" VALUE="2"> VERSIO = 2<BR>
<P> <BR>
<INPUT NAME="OKURL" TYPE="HIDDEN" SIZE=40
VALUE="http://www.asiakas.fi/cgi/OK?">
OK-URL: http://www.asiakas.fi/cgi/ok?<BR>
<INPUT NAME="ERRORURL" TYPE="HIDDEN" SIZE=40
VALUE="http://www.asiakas.fi/cgi/ERROR?"> Virhe-URL:
http://www.asiakas.fi/cgi/virhe? <BR>
<INPUT NAME="CHECKSUM" TYPE="HIDDEN"
VALUE="b93fd1146a0e06ba59461ae8baa1fcf0"> MD5-Tarkiste =
b93fd1146a0e06ba59461ae8baa1fcf0 <BR>
<INPUT TYPE="IMAGE" NAME="Leonia"
SRC="https://verkkomaksu.leonia.fi/logoverkkomaksu.gif" ALT="Leonia"
BORDER=0></FORM></TD>
</FORM>
>to call this site right, you use this
>
>https://verkkomaksu.leonia.fi/vema.nd/Verkkomaksu/pgTunnistus?UID=[data
>session id]
>
>If you get any information from your bank site back, e.g.
>
>(bank form)
>https://www.yourdomain.com/cgi-bin/yourshop/your-ok-or-failure-page>
>
>with the variable e.g.
>
><INPUT TYPE="hidden" NAME="STATUS" value="OK-or-NOT-variable">
>
>and you must receive the information (STATUS) by fetching the cgi query
>string informations, whether the bank process was successfull or not (to
>show the visitor a success receipt page or not).
So how I can fetc the information that the bank returns to me, is it like
in normal perl? Or does minivend have special tools for that
>I believe, this maybe off topic, because it is a special problem.
>If this is off topic, i offer you to write a privat email to me, if you
>tell the list about your solutions later.
I think this is borderline (because there may be other people trying to
implement same kind of thing), I've heard that the online bank accounts are
becoming more popular also in other countries. By using the the customer
has all benefits of using credit cards, but none of the risks (as the customer
accepts every transaction before it happens).
But you can respond as private email, if you think I've wandered too off
topic for this mail group.
But you've already helped a lot, thanks.
>BTW: I am still learning english!
Don't worry English is not my native either, although it's better than
my German :)
Jarno Niemela.
