[ic] Getting Worldpay Callback to trigger IC?

Lyn St George lyn at zolotek.net
Thu Mar 17 14:59:49 EST 2005

On Thu, 17 Mar 2005 10:54:25 -0700, interchange at tvcables.co.uk wrote:

>Quoting Jonathan Clark <jonc at webmaint.com>:
>> > I decided it was time to sort out Worldpay with callback, I have been all
>> > through the archives (many times) yet still cannot complete it. I have the
>> > notes from Lyn St George but there is too much missing for me to
>> > make it work.
>> >
>> > I have a basic callback working, where worldpay will call the
>> > callback page and
>> > display whether a transaction was good or cancelled with basic
>> > password check
>> > eg:-
>> >
>> > callback.html
>> >
>> > [if cgi transStatus eq Y]
>> > [if cgi callbackPW eq password]
>> > Payment sucessful
>> > [/if]
>> > [/if]
>> >
>> > That works fine, now I want to trigger IC to complete the order,
>> > in otherwords
>> > replace the above "Payment Sucessful" with the trigger code.
>> >
>> > I tried this code from the archives:-
>> >
>> > [seti url][area href=process form="
>> > mv_todo=submit
>> > mv_order_route=log main copy_user
>> > mv_order_report=ord/report
>> > mv_order_receipt=ord/receipt "]
>> > [/seti]
>> > [bounce href="[scratch url]"]
>> >
>> > When placed within the IF statement this code triggers the order
>> > just fine if I
>> > call the page myself from my server with the approprite cgi
>> > variables in the
>> > url, however when running it with a test transaction via the
>> > Worldpay server it
>> > fails with a 302 re-direction error, the order is not trigerred
>> > and I am left
>> > stranded on Worldpay, Worldpay flag it as a callback failure.
>> >
>> > So how can I get the callback page to trigger the order based on
>> > testing the
>> > transStatus and callbackPW cgi variables???
>> I don't understand how the above code can work.
>> You are having a remote client (WorldPay) request a page from your server
>> which will inevitably create a new session. This new session will not
>> contain any cart items, and is completely unconnected with your customer's
>> session as far as I can see. Added to this, you are assuming WorldPay's
>> systems would deal with a browser redirect. I don't know if they would, but
>> I would assume not.
>> Where I have dealt with this previously, I have altered the checkout process
>> to save a pending order to orderline and transactions prior to visiting the
>> PSP, and then used the callback to verify details stored in the database and
>> then update the order as appropriate and send out emails.

The version I used originally was a kludge, but worked. As far as I 
remember (and I only have some of my notes left), it worked by virtue
of the fact that the page WP used for their callback (residing on the
merchant's server but displayed on the WP server) retained the original
session id for that call, and so I had the page either include code to
log the transaction (as though the order route had been completed) or
bounce to the shop's home page, depending on whether the transaction
status was yes or cancelled. 

The code that you found for submitting an order has nothing to do with
what I had.  The callback page itself would finalise the order, and just let
the basket expire in the shadows somewhere. 

>> Your choice is to code something like this, or wait for Mike Heins to build
>> the PayPal payment module for IC and then base yours on that. Personally, I
>> would wait for Mike.

For myself, I consider Worldpay to be such poor value that it is simply not
worth putting in the serious time required to achieve a "proper" system. 
Either use this kludge as is, or get a proper merchant account. 

>> Coupled to this, with WorldPay, you need to hand inspect each payment on
>> WorldPay anyway as their fraud prevention is so poor, so you are not gaining
>> a huge amount anyway.

Agreed - they like to give the impression that they will take care of the
merchant (ie, their customers), that you can get a WP account without
a normal merchant account, and that they are generally better than 
any other option. None of this is true. Plus they legally consider all of
your customers to be their customers as soon as a transaction has been
made, and they will feel free to contact them directly. 

>> Jonathan
>Thanks for your comments, can you share any tips/code on how to implement your
>suggestion please?
>Regarding your comment on Worldpay's fraud prevention being poor, I am not sure
>quite what you mean, could you elaborate please?


More information about the interchange-users mailing list