I am having trouble validating callbacks from WorldPay for an e-commerce website.
According to the documentation WorldPay should POST a parameter named "transStatus" with a value of "Y" for successful transactions.
This seems straightforward enough so I have written a simple validation function that looks for this value:
private function validateRequest() {
if ($_POST['transStatus'] == "Y"){
return true;
} else {
throw new Exception("Transaction failed");
die();
}
}
}
And when the callback page is run this function is called with a try like so:
try {$this->validateRequest()}
catch (Exception $e) {
mail("[email protected]", $e->getMessage(), $e->getTraceAsString());
throw new Exception("Could not validate payment.")
die();
}
Unfortunately when I test this WorldPay processes the payment successfully but the order is not completed by the rest of my code. I have checked my log files but am unable to see any exceptions or errors.
What is the best approach to take from here? How should I proceed in resolving this issue?
Here's how I resolved this in case anyone encounters a similar problem and stumbles across this in the future:
When I checked the contents of $_POST I realized that it was receiving "Y\n" instead of simply "Y", which it was expecting. Here's what I replaced the code with
if (strpos($_POST['transStatus'], 'Y') !== FALSE) { /* Order is verified */ } else { /* Order is not verified */ }
As you can, now the code checks if 'Y' is found anywhere in the response. This works because there are only three possible responses worldpay will send: 'Y', 'N', 'C'.