[thelist] Accepting Credit Cards online

Anthony Baratta Anthony at Baratta.com
Wed Aug 28 00:56:01 CDT 2002


Adt 09:30 PM 8/27/2002, Sam Richardson wrote:
>It will be subscription based, although it won't be time based, but usage
>based. The code for this is written already though. I'm using PHP.

Piece of pie. Depending upon the Gateway System you want to use, you'll
either have some "components" to integrate or will have to roll your own.

For the baseline setup, you'll need to have OpenSSL (
http://www.openssl.org/ ) available to make SSL connections directly with
the gateway (unless the authorization company has it's own component to
encrypt the transmission). You'll also want to install mod_ssl (
http://www.modssl.org/ ) for Apache after that. Then recompile OpenSSL
support into PHP ( --with-openssl[=DIR] ).

Don't forget to order an SSL cert for your server from Thawte or Verisign
or someone else (I prefer Thawte), and install that for your Virtual
Service in Apache. Remember that each SSL cert requires a unique IP, unless
you get a catch-all cert that will with *.domain.com. But those are expensive.

Your gateway provider will have instructions on how to communicate with
them. Basically you use the fopen function (
http://www.php.net/manual/en/function.fopen.php ) with the https: and pass
the collected credit card info to the gateway. The gateway will respond
with some information (yes/no, authorization code, error messages et.al.)

Take that info and fork appropriately: e.g. pass/fail.

Remember that the SSL encrypted transaction I'm discussing is between your
server and the credit card gateway. You should have had a separate SSL
encrypted transaction between the user's browser and your server when you
collected the credit card information.

Hope that helps.
---
Anthony Baratta
President
Keyboard Jockeys

"Conformity is the refuge of the unimaginative."




More information about the thelist mailing list