Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ItinerisLtd/gf-worldpay
Gravity Forms Add-on for WorldPay
https://github.com/ItinerisLtd/gf-worldpay
gravityforms gravityforms-payment wordpress wordpress-plugin worldpay
Last synced: 3 months ago
JSON representation
Gravity Forms Add-on for WorldPay
- Host: GitHub
- URL: https://github.com/ItinerisLtd/gf-worldpay
- Owner: ItinerisLtd
- License: mit
- Created: 2018-08-10T11:51:04.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2023-01-23T20:33:20.000Z (almost 2 years ago)
- Last Synced: 2024-06-20T00:00:31.193Z (5 months ago)
- Topics: gravityforms, gravityforms-payment, wordpress, wordpress-plugin, worldpay
- Language: PHP
- Homepage:
- Size: 47.9 KB
- Stars: 1
- Watchers: 11
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
- awesome-gravity-forms - GF WorldPay - WorldPay payment gateway for Gravity Forms. (Third-Party Add-Ons)
README
# gf-worldpay
[](https://packagist.org/packages/itinerisltd/gf-worldpay)
[](https://packagist.org/packages/itinerisltd/gf-worldpay)
[](https://packagist.org/packages/itinerisltd/gf-worldpay)
[](https://github.com/ItinerisLtd/gf-worldpay/blob/master/LICENSE)
[](https://www.itineris.co.uk/contact/)
Gravity forms add-on for WorldPay.
- [Minimum Requirements](#minimum-requirements)
- [Installation](#installation)
- [Setup](#setup)
- [Security Concerns about WorldPay HTML API](#security-concerns-about-worldpay-html-api)
- [Not Issue](#not-issue)
- [Features](#features)
- [Not Supported / Not Implemented](#not-supported--not-implemented)
- [Best Practices](#best-practices)
- [HTTPS Everywhere](#https-everywhere)
- [Payment Status](#payment-status)
- [Test Sandbox](#test-sandbox)
- [FAQ](#faq)
- [GF WorldPay is Missing on Form Settings](#gf-worldpay-is-missing-on-form-settings)
- [Public API](#public-api)
- [Build URL for continuing confirmation](#build-url-for-continuing-confirmation)
- [Redirect URL Retrieval Failure Handling](#redirect-url-retrieval-failure-handling)
- [Preflight](#preflight)
- [Coding](#coding)
- [Required Reading List](#required-reading-list)
- [Gravity Forms](#gravity-forms)
- [Author Information](#author-information)
- [Feedback](#feedback)
- [Change log](#change-log)
- [License](#license)
## Minimum Requirements
- PHP v7.2
- php-curl
- WordPress v4.9.8
- Gravity Forms v2.3.3.2
## Installation
```bash
$ composer require itinerisltd/gf-worldpay
```
## Setup
[Payment response(redirection)](http://support.worldpay.com/support/kb/bg/htmlredirect/htmlredirect.htm#rhtml/Telling_your_shopper_about.htm#_Payment_Response_messages) and [Enhancing security with MD5](http://support.worldpay.com/support/kb/bg/htmlredirect/htmlredirect.htm#rhtml/Enhancing_security_with_MD5.htm%3FTocPath%3D_____10) are mandatory.
In the Integration Setup for your installation using [the Merchant Interface > Installations option](http://support.worldpay.com/support/kb/bg/customisingadvanced/custa6011.html):
1. Enable **Enable the Shopper Response**
1. Enable **Payment Response enabled?**
1. Enter `` as **Payment Response URL**
1. Enter a 25-char random passphrase as **Payment Response password**
1. Enter a 30-char random passphrase as **MD5 secret for transactions**
1. Enter `instId:amount:currency:cartId` as **SignatureFields**
Note that WorldPay truncate long **Payment Response password** without notices!
## Security Concerns about WorldPay HTML API
- Leaking **MD5 secret for transactions**
* Allow evil hackers to set up fake checkout pages, pretending to be the merchant
* WorldPay would accept these checkouts and charges the credit cards
* Money goes into the merchant's account
- Leaking **Payment Response password**
* Allow evil hackers to pretending to be WorldPay
* WordPress would accept evil hackers' payment callbacks and changes entries' payment statuses
## Not Issue
If **Payment Response password**(also known as`callbackPW`) is incorrect, `InvalidResponseException` is throw to *stop the world*.
Credit card holders see white screen of death or stuck in "wait for redirection" page in such case.
## Features
- [Enhancing security with MD5](http://support.worldpay.com/support/kb/bg/htmlredirect/htmlredirect.htm#rhtml/Enhancing_security_with_MD5.htm%3FTocPath%3D_____10)
- [Gravity Forms Logging](https://docs.gravityforms.com/logging-and-debugging/)
- [Gravity Forms Notification Events](https://docs.gravityforms.com/gravity-forms-notification-events/)
- [Gravity Forms Confirmation](https://docs.gravityforms.com/configuring-confirmations-in-gravity-forms/)
- [Gravity Forms Conditional Logic](https://docs.gravityforms.com/enable-conditional-logic/)
## Not Supported / Not Implemented
- Shipping address
- Reject according to fraud check results
- Token payment
- Recurring payment
- Refund
- Void
## Best Practices
### HTTPS Everywhere
Although WorldPay accepts insecure HTTP sites, you should **always use HTTPS** to protect all communication.
### Payment Status
Always double check payment status on WorldPay Merchant Interface.
## Test Sandbox
Use this [test credit card](http://support.worldpay.com/support/kb/bg/pdf/181450-test-transaction-f.pdf).
## FAQ
### GF WorldPay is Missing on Form Settings
Gravity Forms capabilities behave differently on multi-user sites and its documents are incomplete.
If GF WorldPay is missing on form settings, grant yourself `gf_worldpay` and `gf_worldpay_uninstall` capabilities.
See: [https://docs.gravityforms.com/role-management-guide/](https://docs.gravityforms.com/role-management-guide/)
## Public API
### Build URL for continuing confirmation
`ConfirmationHandler::buildUrlFor(Entry $entry, int $ttlInSeconds = 3600): string`
Usage:
```php