[ic] WorldPay server payment - the 'proper' solution

[Lyn St George]

Well it seems that I did have a mental block on this problem, and 
big thanks are due to Joachim Leidinger for blowing a hole in it 
and letting the light shine through again. 

[cgi other_server's_var] is the magic elixir.

I've written up my notes into reasonably sensible shape, and 
here it all is:

The preferred method when using WorldPay or a similar system which
requires you to transfer to their server to authenticate, is to finalise
the logging and email part of the order once you have made the callback
to your own server. For WP, this callback takes a page from your
server and displays it on their own server, but this is sufficient to
touch Interchange and trigger some (but not all) functions.

The secret is the [cgi other_server's_var] tag on your callback page.
For example, if on the last page on your server before going to WP you
set <input type=hidden name="MC_salestax" value="[salestax]"> as part
of the form input to send, then on your callback page you could read
the salestax value with [cgi MC_salestax] (and set it back to the
original name with [seti salestax][cgi MC_salestax][/seti] if you wanted).

This is the process:
on the penultimate page on your server, create a unique basket id
with [seti mybasketid][fcounter etc/basket.number][/seti] - creating
'basket.number' after the same style as the existing 'order.number'.
This is the 'checkout' page where all info is collected. The customer
then goes to the final page (before going to WorldPay) where he is
asked to "verify his details", and all of the Interchange values are
mapped to WorldPay values. Among those values, include
<input type=hidden name="cartId" value="[scratch mybasketid]"> and
this will then be used by WorldPay as the "Merchant's ref". Also do
a fail-safe backup log of the order thus:

[tag op=log file=logs/baskets.log interpolate=1 hide=1]
Basket number: [scratch mybasketid]
 other stuff to log
[/tag]
then if it goes down the pan later on you have the order with a reference
number.

Once you have all the values remapped and logged, the customer will go
to the WorldPay server to enter the credit card details and complete the
order. If the order fails, eg his card is empty, then WP will keep the
customer on their site and offer the customer the chance of making
payment some other way.

Only if the order is succesful will WP invoke the 'callback URL' to
call your callback page onto their server, so this page only has to deal
with successful transactions.

Right at the top of the callback page, raise an order number with
[seti myordernumber][fcounter etc/order.number][/seti]. This allows
you to use the order number immediately afterwards, like this:
<center>Order: [scratch myordernumber]<p>
<b>Please print this as a tax receipt for your records</b></center>

After this, you can display all of the values passed to WP, choosing
whether to do so with their syntax of <WPDISPLAY ITEM=name>, or using
the Interchange syntax of [cgi MC_name]. Both will display on the page.

Now you can write the order to the logs, with:
[tag op=log file="orders/Order_[scratch myordernumber]" interpolate=1 hide=1]
Order number: [scratch myordernumber]
Basket number: [cgi cartId]
 other stuff
[/tag]

In case of accidents, you can correlate the order number to the basket
number and still make sense of partial information.

Then you can send yourself an email of the order, with:
[set name=mail1 interpolate=1]
[email 		to="sales@zolotek.net"
		subject="Order no: [scratch myordernumber]"
		from="admin@zolotek.net"
		reply="admin@zolotek.net"]
Order number: [scratch myordernumber]
Basket number: [cgi cartId]
  other stuff
[/email]
[/set]

Note: if you set 'name=email' above, then you may find trouble with
sendmail breaking the mail up into 3 components and leaving these in
the mail queue for some time before finally sending.

Also send an email of the order to your customer, with:
[set name=mail2 interpolate=1]
[email 		to="[cgi email]"
		subject="Order no: [scratch myordernumber]"
		from="admin@zolotek.net"
		reply="admin@zolotek.net"]
Order number: [scratch myordernumber]
  other stuff
[/email]
[/set]

And that should be it. Smooth as silk.



Cheers
Lyn St George
+---------------------------------------------------------------------------------
+ http://www.zolotek.net .. eCommerce hosting, consulting
+ http://www.os2docs.org .. some 'How To' stuff ...
+----------------------------------------------------------------------------------