How to integrate Cyberbit payment gateway to a PHP Website

I could not find a guide to integrate cyberbit payment gateway to a website. So I thought to write one.

First you need a merchant account with cybernet . When you start an account you will receive a test account with user name and password. Also you will receive some documents. It explains almost everything – how to integrate it. They also give you hash key for you to use in the code.

On the programming side, you have to create a form, so that the customers can enter  card holder details and shipping details. Then POST the data to cyberbit payment gateway.

Following is an example of Form  (taken from the document provided by Cyberbit)

<form method=”POST” action=”https://test.xxxxx.xx/xxxx.php”>
<input type=”hidden” value=”1″ name=”transtype”>
<input type=”hidden” value=”sdf6a6yr3f3df33″ name=”secret”>
<input type=”hidden” value=”https://www.cyberbit.eu/bjarne_test/accept.php”
name=”accepturl”>
<input type=”hidden” value=”CyberTest” name=”merchantid”>
<input type=”hidden” value=”test3″ name=”InternalorderId”>
<input type=”hidden” value=”978″ name=”currencycode”>
<input type=”hidden” value=”100″ name=”amountcleared”>
<input type=”hidden” value=”28006f49d5ffc3a60adbe4898594e749ee34b055″
name=”hash”>
<input type=”hidden” value=”cardholder@email.com” name=”owneremail”>
<input type=”hidden” value=”some street” name=”owneraddress”>
<input type=”hidden” value=”123″ name=”owneraddressnumber”>
<input type=”hidden” value=”London” name=”ownercity”>
<input type=”hidden” value=”OO” name=”ownerstate”>
<input type=”hidden” value=”GB” name=”ownercountry”>
<input type=”hidden” value=”Larry” name=”ownerfirstname”>
<input type=”hidden” value=”Smith” name=”ownerlastname”>
<input type=”hidden” value=”123456″ name=”ownerzip”>
<input type=”hidden” value=”xxxx” name=”ownerphone”>
<input type=”hidden” value='”Item Number”;”Item Description”;”Amount”;”Price”‘
name=”header”>
<input type=”hidden” value='”1″;”Blue car”;”1″;”1.000,00″‘ name=”orderline1″>
<input type=”hidden” value='”2″;”Red bike”;”2″;”250,00″‘ name=”orderline2″>
<input type=”hidden” value='”Shipping”;”150,00″‘ name=”shipping”>
<input type=”hidden” value='”Total”;”1.650,00″‘ name=”total”>
<input type=”submit” value=”Make Payment”>
</form>

All the variables are well defined in cyberbit document. In the above example all the values are defined. In real situation you have to take the input values.

Once the transaction is made cyberbit sends some data back to merchant’s server.  To receive that data we need to create a file. The URL of that file is called callback URL.

For safety ( I guess) in the test account, we don’t have the option to set callback URL. If we send the callback URL to cyberbit, they will update the callback URL info.

The server sends an xml file with all the relevant details of transaction  held. It also sends a fingerprint. we can calculate the fingerprint on our side and can match both fingerprints.

Some web servers, like Apache, will add slashes to all characters that could break communication. These are characters like “, ‘, `, etc. And since the XML sent in the xml post parameter does contain double-quotes it is possible that your web server added an escape character to the double-quote to  sanitize the string, so it would look like this \” instead of just “. This would result in a totally different SHA1 hash result as your XML string is slightly different than the one cyberbit used when they calculated the SHA1 code.

To avoid this, you can try stripping slashes form the XML string before you try an calculate the hash. In PHP this is very simply, simply do stripslashes($_POST[‘xml’]);

If both matches, we can parse the xml and take the data we need and use it.

There are 2 other pages, called Accept URL and Decline URL.

Accept URL is the URL of the file we create to direct the customer upon successful completion of payment.

Decline URl is the URL of the file we create to direct the customer if the payment is declined.

We can set both Accept URL and Decline URL in cyberbet account.

An interesting thing is the shipping –> name, phone and email is not yet used for the payment form, so we can’t send those data. They said they have plans to add them to the payment form.

I will try to add some more notes, when I get time.

Leave a Reply