- Authorize.Net Developer Community
- :
- Authorize.Net Developer Blog
- :
- The Authorize.Net Developer Blog
- :
- Handling Online Payments Part 5 - Processing Payme...
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Email to a Friend
- Printer Friendly Page
- Report Inappropriate Content
Handling Online Payments Part 5 - Processing Payment and Handling the Response
This is part five of a multi-part series on handling online payments.
In Part 1 of this series we identified our goals (creating a payment form that was usable, accessible, and secure) and began by creating the form we will use to capture payment information. In Part 2 of this series we continued this process by exploring how we will handle the data submitted by that form. In Part 3 of this series we took the data received and sanitized in Part 2 and validated that it was in a format we required. In Part 4 of this series we took the errors we found in Part 3 and displayed them in a user-friendly format to minimize cart abandonment. In this installment we will process the payment using the PHP SDK and handle the response in an appropriate manner.
Picking Up Where We Left Off
In part 4 of this series we helped our users who submitted erroneous information to find where they made an error and correct it. Once a user has submitted their payment without any errors it is time to process their payment. When a payment is submitted there are three potential scenarios that can occur:
- The payment is approved
- The payment is declined
- An error occurs somewhere during the payment process
Each of these three scenarios require us to deliver custom responses to our users. How we handle the information submitted to us also will vary depending on your business needs. Let's look at how you might want to handle each of these scenarios one at a time.
- The Payment Is Approved
Once the payment is approved we do not need anything else from our user. At this point we just want to complete the transaction and hand it off to whoever will be doing order fulfillment.
Our responsibilities will be to:
- Tell the user that hey have successfully completed the checkout process
- Provide them with a receipt and/or payment confirmation
- Record the transaction
- The Payment Is Declined
If a payment is declined we cannot complete the transaction as we do not have payment yet. However, the user is still present when this happens so all is not lost.
Our responsibilities will be to:
- Present the user with the payment form again
- Let them know their credit card was declined by their bank
- Ask them to try another credit card
- An Error Occurs Somewhere During The Payment Process
If an error occurs during the payment process, whether due to connectivity or server issues, things can become a bit complicated. Do we try again? Do we ask the user to try again? How do we handle this from a customer service point of view? Exactly how you want to handle this is a business decision you need to make.
In this example, our responsibilities will be to:
- Present the user with the form again
- Let them know an error occurred
- Let the know their credit card was not charged
- Ask the user to try again or
- Ask the user to contact customer service to complete their order
Let's Write The Code To Do This
Once we have finished validating our user's data we need to check to see if there where any errors. We can do this by checking to see if there are any values in the $errors array. If there are we know not to process the transaction and display our error message to the user. If there are none we can attempt to process the transaction.
If you haven't done so already you will need to download the PHP SDK as we will use it in our example.
// If there are no errors let's process the payment
if (count($errors) === 0)
{
// Format the expiration date
$expiration_date = sprintf("%04d-%02d", $expiration_year, $expiration_month);
// Include the SDK
require_once('./config.php');
// Process the transaction using the AIM API
$transaction = new AuthorizeNetAIM;
$transaction->setSandbox(AUTHORIZENET_SANDBOX);
$transaction->setFields(
array(
'amount' => '1.00',
'card_num' => $credit_card,
'exp_date' => $expiration_date,
'first_name' => $cardholder_first_name,
'last_name' => $cardholder_last_name,
'address' => $billing_address,
'city' => $billing_city,
'state' => $billing_state,
'zip' => $billing_zip,
'email' => $email,
'card_code' => $cvv,
'ship_to_first_name' => $recipient_first_name,
'ship_to_last_name' => $recipient_last_name,
'ship_to_address' => $shipping_address,
'ship_to_city' => $shipping_city,
'ship_to_state' => $shipping_state,
'ship_to_zip' => $shipping_zip,
)
);
$response = $transaction->authorizeAndCapture();
if ($response->approved)
{
// Transaction approved. Collect pertinent transaction information for saving in the database.
$transaction_id = $response->transaction_id;
$authorization_code = $response->authorization_code;
$avs_response = $response->avs_response;
$cavv_response = $response->cavv_response;
// Put everything in a database for later review and order processing
// How you do this depends on how your application is designed
// and your business needs.
// Once we're finished let's redirect the user to a receipt page
header('Location: thank-you-page.php');
exit;
}
else if ($response->declined)
{
// Transaction declined. Set our error message.
$errors['declined'] = 'Your credit card was declined by your bank. Please try another form of payment.';
}
else
{
// And error has occurred. Set our error message.
$errors['error'] = 'We encountered an error while processing your payment. Your credit card was not charged. Please try again or contact customer service to place your order.';
// Collect transaction response information for possible troubleshooting
// Since our application won't be doing this we'll comment this out for now.
//
// $response_subcode = $response->response_subcode;
// $response_reason_code = $response->response_reason_code;
}
}
You can see we start of by checking the size of the $errors array and if it is zero we prepare to process the payment. We start by formatting the expiration date in a format the Authorize.Net will accept. In this case we choose to use the four digit year, a dash, and the two digit month. We follow that up by including the config file from the PHP SDK and initializing our the class that uses the AIM API. We set the code to use the development server so we don't incur any fees for our testing and then we provide the parameters needed to process the transaction.
We then process the payment and get the response object which we will use to determine the status of our payment. This is where we have to include some logic to handle the possible outcomes of the transaction. If the transaction is approved we collect the pertinent data returned to us by the merchant account provide: AVS results, CVV results, transaction ID, and authorization number. At this point you probably will want to store the order in the database and send the customer an email receipt for their order. In our example we send the user to a thank you page which probably should also include an order confirmation and printable receipt.
If the transaction is declined we really don't have to do much. We can add the notice to our $errors array and display it to the user when the page reloads.
If the transaction results in an error things can get dicey from a business perspective. In our example handling it with code is no different then a declined transaction except we are displaying a different message. Naturally an error at this point in the payment process to encounter an error is unexpected and definitely unwanted. You almost certainly should include some code to help you troubleshoot the error and attempt to prevent it from happening again. How you choose to do that is up to you.
Our Form Page So Far
Now that we have some more code written, let's see our how our page looks now:
<?php
$errors = array();
if ('POST' === $_SERVER['REQUEST_METHOD'])
{
$credit_card = sanitize($_POST['credit_card']);
$expiration_month = (int) sanitize($_POST['expiration_month']);
$expiration_year = (int) sanitize($_POST['expiration_year']);
$cvv = sanitize($_POST['cvv']);
$cardholder_first_name = sanitize($_POST['cardholder_first_name']);
$cardholder_last_name = sanitize($_POST['cardholder_last_name']);
$billing_address = sanitize($_POST['billing_address']);
$billing_address2 = sanitize($_POST['billing_address2']);
$billing_city = sanitize($_POST['billing_city']);
$billing_state = sanitize($_POST['billing_state']);
$billing_zip = sanitize($_POST['billing_zip']);
$telephone = sanitize($_POST['telephone']);
$email = sanitize($_POST['email']);
$recipient_first_name = sanitize($_POST['recipient_first_name']);
$recipient_last_name = sanitize($_POST['recipient_last_name']);
$shipping_address = sanitize($_POST['shipping_address']);
$shipping_address2 = sanitize($_POST['shipping_address2']);
$shipping_city = sanitize($_POST['shipping_city']);
$shipping_state = sanitize($_POST['shipping_state']);
$shipping_zip = sanitize($_POST['shipping_zip']);
if (!validateCreditcard_number($credit_card))
{
$errors['credit_card'] = "Please enter a valid credit card number";
}
if (!validateCreditCardExpirationDate($expiration_mon
What's Next?
At this point we have a fully functional checkout form that's usable and secure. But that doesn't mean we can't improve upon it. In the remaining posts in this series we are going to make incremental improvements to our form and payment process. We'll begin by preventing a page refresh from resubmitting the form again.
The Handling Online Payments Series
- Part 1 - Basic Information and Our Form
- Part 2 - Reading In And Sanitizing Submitted Data
- Part 3 - Data Validation
- Part 4 - Handling Validation Errors
- Part 5 - Processing Payment and Handling the Response
- Part 6 - Preventing Duplicate Submissions with POST/REDIRECT/GET
- Part 7 - Preventing Automated Form Submissions
- Part 8 - Using JavaScript To Increase Usability
- Part 9 - HTML and CSS Enhancements
- Part 10 - A Little Bit More PHP
John Conde is a certified Authorize.Net developer
You must be a registered user to add a comment here. If you've already registered, please log in. If you haven't registered yet, please register and log in.
Watch the new developer training videos, ramp up your knowledge about payments as you build your Authorize.Net integrations.
Looking for work? Check out Authorize.Net-related jobs on Elance.
-
Considerin
g Mobile Payments? These PCI DSS guideli... -
PCI SSC releases E-commerce Guidelines Informatio
n... - Choosing a Recurring Billing Solution by Rodger Yo...
-
Is Mobile an Opportunit
y for Developers ? -
Protecting Corporate Networks to Avoid a Nightmare.
.. - New CIM Hosted Form Field Added to API
-
Help Authorize.
Net Improve our Developer Documenta. .. -
Authorize.
Net Developer Community Announceme nt -
Connecting Authorize.
Net’s Payment Gateway to Pres... -
Internatio
nal Affiliate Partners
-
RichardH
on:
PCI SSC releases E-commerce Guidelines Information... -
compsdoc
on:
Is Mobile an Opportunit
y for Developers ? - RaynorC1emen7 on: New CIM Hosted Form Field Added to API
-
RichardH
on:
Help Authorize.
Net Improve our Developer Documenta. .. -
stymiee
on:
Authorize.Net Developer Community Announceme nt -
Joy
on:
International Affiliate Partners -
Sreejith_5
on:
Authorize.
Net Exhibiting at Internet Retailer This... -
gautam
on:
How To Integrate The Authorize.
Net Payment Gateway... -
Authorizeme1
on:
Tokenizati
on 101 with CIM and CRE Secure - calsailingclub on: The New Visa Developer Center
All rights reserved.