In July, 2011, I wrote a PHP module to use Intuit Payment Solutions (IPS Hosted PayPage) within WebsiteBaker. I plan to release the module soon because it started with Christoph Marti's GPL code, and thus my code will be GPL.
I'm going to start with pointers for creating an IPS test environment and pointing the Hosted PayPage (HPP) return link to the right place. (There's a reason I'm starting with this.)
Here is the code, v0.3.0.
Most of the original Intuit developer links are broken. I'm going to very quickly try to get close to the current ones. I'll list the original links below. I may leave placeholders, too, rather than broken links.
See the IPS "Get Set Up" process needed to test an application. Note that when you "create an application" (step 2--this should more precisely be called "register your application"), you'll choose the "desktop model" to use my module and NOT the "Hosted Security Model (hosted / web app)." That verbiage is very confusing. The Hosted Security Model assumes that your server has HTTPS certificates verified by a certificate authority. (It probably also assumes one of the older, more expensive CA's.) Even though it seems for all the world that we can't be dealing with a "desktop" model, we are indeed using the desktop model on a web server.
The (encrypted text of the) Connection Ticket you get in Step 4 goes in the value_3 field of mod_bakery_payment_methods. (There is a GUI equivalent of this that I'll look up eventually.)
There are two Intuit accounts involved in creating a test app. One is the developer account and one is the simulated
merchant account. Previously, you've used the dev account. To set up the Hosted PayPage and what I'm calling the
"backlink" from HPP back to your app, log in as the simulated
merchant. Once you log in, "Hosted PayPage" is under "Account" to the lower left, probably off your screen until you
scroll. Under "Transaction Results Settings," choose "send the results to the web address below" which will be something
like
http://example.com/bakerySite/modules/bakery/payment_methods/qbms/check_payment.php
From "modules" on, the path is fixed unless you've changed something within Bakery or Bakery Payment Methods.
Click "Save Changes," of course.
I use these fields a bit differently than Marti:
active | directory | value_1 | value_2 | value_3 | value_4 | value_5 |
---|---|---|---|---|---|---|
1 | qbms | base URL | App Name | (enc) Ticket | page id on success | page id on failure |
Notes:
I based my code in part based on Add a new payment method plugin to Bakery (PDF), document version 0.4. This almost certainly isn't the latest document. I post it to give you some idea of what I was thinking.
My code is based on and partially integrates with Christoph Marti's 2010-dated "Bakery Payment Methods" sub-modules for a number of other payment systems. I'll try to elaborate on "partially."
My files are intended to "live in" <your WebsiteBaker-made site>/modules/bakery/payment_methods/qbms Some of my file names are based on Marti's code and the PDF above:
The mkdec PHP script takes the Connection Ticket as a command line argument within single quotes ('): e.g.
$ ./mkdec 'TGT-67-xvjrJ5ngwHLmxB3pDYmh4g'
The single quotes are needed because some tickets have a $ in them. This will be interpreted by PHP as a variable without the single quotes. (And there are other special characters that could cause problems, too.)
The script will give you the SQL needed to put the encrypted ticket in the database and will create the decrypt.php with the necessary key. The ticket should be encrypted per Intuit Security Guidelines.
I created a table to do a security check between the first two calls to Intuit and the return confirmation. Here is the
definition:
CREATE TABLE IF NOT EXISTS mod_bakery_order_security (
OpId VARCHAR(60) UNIQUE NOT NULL,
order_id INT(6) NOT NULL,
order_total DECIMAL(9,2) NOT NULL,
secret VARCHAR(32) NOT NULL,
timestamp TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
During the project, I was referring to the Intuit Payment System as the QuickBooks Merchant Services (QBMS) payment system. Intuit's naming seems a bit inconsistent. I do see references to "qbms" in some places on Intuit's site. That's how my folder got the name "qbms." Perhaps it should be called "IntuitHPP," but I think I'll leave it at qbms.
As of August 11, 2011, before any GPL changes, I list my code as version 0.2.0 on my client's test database. That code should probably be at least 0.2.1 because I made the security modifications after that, as I recall. I'll probably call my first GPL release 0.3.0, in any event.
In report.php: // KB 2011/07/12 3:22am - probably v0.2.0 - with extra security checks
In geturl.php: // KB 2011/07/11 6:40am - baseURL error_log entry removed; calling this v0.1.2
This is documentation to GPL code, so please copy it, re-post it, edit it, and package it with the code as needed. Give me credit, and refer back to this page if it still exists. If you modify this, say so. If you totally rewrite this, give me credit for writing the code.
2016/12/05 10:52pm - fixing links
Page started August 11, 2011 ca. 3:30pm EDT (15:30, USA, GMT -4). Posted perhaps 08/12 1:15am. I plan to release the code later tonight.