Initial Support for HPP

for use in testing

Author: securesubmit-buildmaster

examples/gp-api/hosted-payment-pages/Iframe_callback.php

@@ -0,0 +1,11 @@
+<?php
+    $PHP_input = file_get_contents('php://input');
+    $jsonData = json_decode($PHP_input, true);
+    error_log("iframe_callback.php file_get_contents('php://input')  data:" . print_r($jsonData, true));
+    if($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_POST)) {
+        
+        $jsonData = json_decode($_POST, true);
+
+        error_log("iframe_callback.php POST request received with data: " . print_r($jsonData, true));
+    }
+?>

examples/gp-api/hosted-payment-pages/cancel_url.php

@@ -0,0 +1,11 @@
+<?php
+    $PHP_input = file_get_contents('php://input');
+    $jsonData = json_decode($PHP_input, true);
+    error_log("cancel_url.php file_get_contents('php://input')  data:" . print_r($jsonData, true));
+    if($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_POST)) {
+        
+        $jsonData = json_decode($_POST, true);
+
+        error_log("cancel_url.php POST request received with data: " . print_r($jsonData, true));
+    }
+?>

examples/gp-api/hosted-payment-pages/error_log

@@ -0,0 +1,30 @@
+<h1>Transaction Results</h1>
+<?php
+function validate_request($gateway_response_json, $GP_signature) {
+    if (!$gateway_response_json || !$GP_signature) {
+        return false;
+    }
+    
+    $parsed_data = json_decode($gateway_response_json, true);
+    if (!$parsed_data) {
+        error_log("Failed to parse gateway response JSON");
+        return false;
+    }
+    if(isset($gateway_response_json['X-GP-Signature'])) {
+        unset($gateway_response_json['X-GP-Signature']);
+    }
+    $minified_input = json_encode($parsed_data, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
+    
+    return hash("sha512", $minified_input . "ALiN55xYMwbVsCla") === $GP_signature;
+}
+$validation_result = validate_request($_POST['gateway_response'] ?? '', $_POST['X-GP-Signature'] ?? false);
+
+if (!$validation_result) {
+    http_response_code(403);
+    die("Invalid Request");
+}
+$gateway_data = json_decode($_POST['gateway_response'] ?? '{}', true);
+echo "<h3>Gateway Response Data:</h3>";
+echo "<pre>" . print_r($gateway_data, true) . "</pre>";
+?>
+

examples/gp-api/hosted-payment-pages/final_page.php

@@ -0,0 +1,55 @@
+<?php
+
+$GP_signature = getallheaders()['X-GP-Signature'] ?? false;
+$raw_input = trim(file_get_contents('php://input')) ?? false;
+$input = json_decode($raw_input, true); 
+
+function validate_request($raw_input, $GP_signature) {
+    if (!$raw_input || !$GP_signature) {
+        error_log("X-GP-Signature header not found, or no post data");
+        return false;
+    }
+    $parsed_input = json_decode($raw_input, true);
+    if (!$parsed_input) {
+        error_log("Failed to parse JSON input");
+        return false;
+    }
+    $minified_input = json_encode($parsed_input, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
+    
+    return hash("sha512", $minified_input . "ALiN55xYMwbVsCla") === $GP_signature;
+}
+
+// Validate the request signature
+$is_valid_request = validate_request($raw_input, $GP_signature);
+
+if (!$is_valid_request) {
+    http_response_code(403);
+    die("Invalid Request");
+}
+
+//Please note that this javascript is rendered on the payment form page, 
+// any 404 405 errors will be down to the server configuration.
+?>
+<h1>Return URL</h1>
+<script>
+    const form = document.createElement("form");
+    form.method = "POST";
+    form.id = "paymentForm";
+    form.action = "https://dev.bee-online.com/gp-hpp-installments/examples/gp-api/hosted-payment-pages/final_page.php"; // Change this to your final processing URL
+
+    //Include the signature in the POST request, so it can be verified on the again final page.
+    const signatureKey = document.createElement("input");
+    signatureKey.type = "hidden";
+    signatureKey.name = "X-GP-Signature";
+    signatureKey.value = <?php echo json_encode($GP_signature, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP); ?>;
+    form.appendChild(signatureKey);
+
+    const gatewayResponse = document.createElement("input");
+    gatewayResponse.type = "hidden";
+    gatewayResponse.name = "gateway_response";
+    gatewayResponse.value = JSON.stringify(<?php echo json_encode($input, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); ?>);
+    form.appendChild(gatewayResponse);
+    
+    document.body.appendChild(form);
+    form.submit();
+</script>;

examples/gp-api/hosted-payment-pages/index.php

@@ -0,0 +1,11 @@
+<?php
+    $PHP_input = file_get_contents('php://input');
+    $jsonData = json_decode($PHP_input, true);
+    error_log("status_url.php file_get_contents('php://input')  data:" . print_r($jsonData, true));
+    if($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_POST)) {
+        
+        $jsonData = json_decode($_POST, true);
+
+        error_log("status_url.php POST request received with data: " . print_r($jsonData, true));
+    }
+?>