GT::Payment::Remote::2CheckOut - 2CheckOut payment handling
2CheckOut has a pretty weak automated payment system - the security of the entire automated payment process hinges on your ``Secret Word'' (Admin -> Account Details -> Return -> Secret Word (near the bottom of the page)) - without it, there is no security at all. Another weakness in the system is that if your server is not reachable for whatever reason, the payment information would be lost. Payment providers like 2CheckOut and WorldPay would do well to learn from payment systems like that of PayPal - whatever can be said about other aspects of PayPal, they do have one of the nicest payment systems around - both from a developer and user's point of view.
Because of the security issue with not using the ``Secret Word'', this module requires that the secret word be used, even if other 2CheckOut systems may not. Additionally, the default secret word of ``tango'' is not allowed.
use GT::Payment::Remote::2CheckOut;
use GT::CGI;
my $in = new GT::CGI;
GT::Payment::Remote::2CheckOut->process(
param => $in,
on_valid => \&valid,
sellerid => "1234",
password => "Some Good Secret Word"
);
sub valid {
# Update database - the payment has been made successfully.
}
This module is designed to handle 2CheckOut payment processing.
GT::CGI and GT::MD5.
This module has only two functions. process() does the work of actually
figuring out what to do with a postback, and md5_signature() is used to
generate an MD5 signature for payment verification and security purposes. Both
functions can be imported into your package, and can be called as either method
or function.
process() is the main function provided by this module. It can be called as
either a function or class method, and takes a hash (not hash reference) of
arguments as described below.
process() should be called for 2CheckOut initiated postbacks. This can be set
up in your main .cgi by looking for 2CheckOut-specific CGI parameters
('cart_order_id' is a good one to look for) or by making a seperate .cgi file
exclusively for handling 2CheckOut postbacks.
Additionally, it is strongly advised that database connection, authenticate,
etc. be performed before calling process() to ensure that the payment is
recorded successfully. 2CheckOut will not attempt to repost the form data if
your script produces an error, and the error will be shown to the customer.
cart_order_id CGI variable will have whatever cart_order_id you provided.
To implement 2CheckOut payment processing, there are a number of steps required in addition to this module. Basically, this module handles only the postback stage of the 2CheckOut payment process.
This is done by creating a web form containing the following variables. Your
form, first of all, should post to
https://www.2checkout.com/cgi-bin/sbuyers/cartpurchase.2c.
Required fields are as follows:
Your 2CheckOut account number
The following parameters *may* be passed in, and will be available in the postback:
In the postback CGI, you'll get back all of the billing and shipping variables listed above, plus:
Before 2CheckOut postback notification can occur, you must set up the postback (in 2CheckOut terminology, ``Routine''). This can be set from the Admin -> Shopping Cart -> Cart Details. You need to enable the payment routine, and set it to a CGI that you manage.
The typical way to implement all of this is as follows:
on_valid callback. If using a dedicated
CGI script for 2CheckOut callbacks, it should just call process(); otherwise,
check for the CGI parameter 'cart_order_id' and if present, call process().
http://www.2checkout.com - 2CheckOut website.
http://www.support.2checkout.com/deskpro/faq.php - 2CheckOut knowledgebase
Jason Rhinelander
Copyright (c) 2004 Gossamer Threads Inc. All Rights Reserved. http://www.gossamer-threads.com/
Revision: $Id: 2CheckOut.pm,v 1.3 2004/01/13 01:35:18 jagerman Exp $