payment online domain validation

>> how should i code or let that site know that my system is coming from this domain?

This is determined by the IP address of the machine making the outbound connection. Check out what is my ip

hi,
thanks for replying!!

i tried it and still the same ..

what i did is just change the domain.. into an ip

<authentication mode="Forms">
<forms defaultUrl="site.com" domain="192.128.12.12" timeout="120" slidingExpiration="true" loginUrl="~\Login.aspx"/>
</authentication>

and not site.com?

or i should be posting my ip somewhere else?

You can't change the IP/domain you post from. Those configuration options are not what you are thinking they are.

You should be able to do something like:

Response.Redirect("https://site.com.enps.do?amount=xxx&txnRef=xxx&mid=xxx&merchantid=123465")

I made up the merchantid part but they need _some_ place for you to enter your merchant number so they can distinguish between different merchants. Consult their documentation, you are missing something...

Unless they're both using the source ip to determine a merchant (which is possible) then you just need to go to www.whatismyip.com on your webserver and email that merchant your IP address and domain and have them update their records.

ahh.. the merchantid is already the "mid"

Ok then you need to call the company and give them your IP address because the implementation is simple enough. Are you URL Encoding the values you are passing to the merchant? Some characters have to be encoded in the URL of a request, such as a space is encoded as %20. Here is a (bad) example of one of my applications posting to a merchant:

private string GetPostData()
    {

      // Instant Payment Notification ??

      string args =
       @"METHOD={0}&" +
       @"PAYMENTACTION={1}&" +
       @"AMT={2}&" +
       @"CREDITCARDTYPE={3}&" +
       @"ACCT={4}&" +
       @"EXPDATE={5}&" +
       @"CVV2={6}&" +
       @"FIRSTNAME={7}&" +
       @"LASTNAME={8}&" +
       @"STREET={9}&" +
       @"CITY={10}&" +
       @"STATE={11}&" +
       @"ZIP={12}&" +
       @"COUNTRYCODE={13}&" +
       @"CURRENCYCODE={14}&" +
       @"IPADDRESS={15}&" +
       @"USER={16}&" +
       @"PWD={17}&" +
       @"SIGNATURE={18}&" +
       @"VERSION={19}";

      if (Profile.SendEmailReceipt)
      {
        args += "&" +
          "EMAIL={20}&" +
          "SUBJECT={21}";
      }
       
      string result = string.Format(args,
       HttpUtility.UrlEncode(Method), //0
       HttpUtility.UrlEncode(PaymentAction), //1
       HttpUtility.UrlEncode(this.Amount.ToString("F2")), //2
       HttpUtility.UrlEncode(GetAPICardTypeName(this.CardType)), //3
       HttpUtility.UrlEncode(this.CardNumber), //4
       HttpUtility.UrlEncode(this.ExpirationDate.ToString("MMyyyy")), //5
       HttpUtility.UrlEncode(this.CVV2), //6
       HttpUtility.UrlEncode(this.FirstName), //7
       HttpUtility.UrlEncode(this.LastName), //8
       HttpUtility.UrlEncode(this.Street), //9
       HttpUtility.UrlEncode(this.City), //10
       HttpUtility.UrlEncode(this.State), //11
       HttpUtility.UrlEncode(this.Zip), //12
       HttpUtility.UrlEncode(CountryCode), //13
       HttpUtility.UrlEncode(CurrencyCode), //14
       HttpUtility.UrlEncode(this.IP), //15
       HttpUtility.UrlEncode(this.Profile.APIUsername), //16
       HttpUtility.UrlEncode(this.Profile.APIPassword), //17
       HttpUtility.UrlEncode(this.Profile.APISignature), //18
       HttpUtility.UrlEncode(Version), //19
       HttpUtility.UrlEncode(this.Email), //20
       HttpUtility.UrlEncode(this.Subject) //20
      );

      return result;
    }

You really shouldn't use string.Format() for this task but my code started out with like ~2 args so I decided to use it .. then it kept growing :)

this is coming from the documentation downloadable from their site:

Below is the sample code for a merchant’s shopping cart integrating with the eNETS UMAPI
Lite system.
Note: Only http post method is accepted.

<form name="cart" method="post" action="<https://www.enets.sg/enets2/enps.do>">
<input type="hidden" name="amount" value="xxx">
<input type="hidden" name="txnRef" value=" xxxxxxxxxx ">
<input type="hidden" name="mid" value=" xxxxxxxxxx ">
<input type="hidden" name="umapiType" value="lite">
</form>

i already tried creating webform1.aspx
under the form i did as what is stated, but regarding the umapiType=lite, if with then it returns an error..

they already got an existing php system, and i checked the php code, it doesn't really have that umapiType=lite.

but as for the "Only http post method is accepted."
response.redirect is still ok is it?

thanks for sticking up :)

No -- you need to post the data in that case. Just use an HTTP client and substitute in the values and set the .Method = "POST";

are you talking about webclient.uploaddata?

No, something more along the lines of this (This won't compile as-is and is not intended to):

string result;

      HttpWebRequest objRequest = (HttpWebRequest)WebRequest.Create(postURL);
      objRequest.Method = "POST";
      objRequest.Timeout = (Profile.Timeout * 1000);
      objRequest.ContentLength = postData.Length;
      using (StreamWriter myWriter = new StreamWriter(objRequest.GetRequestStream()))
      {
        myWriter.Write(postData);
        myWriter.Flush();
        myWriter.Close();
      }
      HttpWebResponse objResponse = (HttpWebResponse)objRequest.GetResponse();
      using (StreamReader sr = new StreamReader(objResponse.GetResponseStream()))
      {
        result = sr.ReadToEnd();
        sr.Close();
      }

      CcTxResponse resp = CcTxResponse.FromLine(result);
      _response = resp;
      return resp;

i can see that it really isn't :)

anyway, i'll try as you've suggested!

i'll get back at this if it works or not..

with regards to the domain..
they said that we should try submitting from the domain itself..
meaning the page that post to enets site should only be under domain.org/page.aspx and not domain.org/folder1/page.aspx

our current listing on iis server is:
domain.org > folder1 > registration.aspx
does the folder1 matter? this is ok right? right click on domain.org i just create new virtual directory "folder1" inside domain.org then place all aspx pages there, it still fall under domain.org so when we submit their payment site should treat it as coming from domain.org.. not from domain.org/folder1 ?

i apologize if i'm sounding like a first timer for posting for a payment online, which i really am :D !

They don't care about your page structure, they're probably giving you instructions for their site. Just point your webclient at "whatever.domain.com" and POST it.

Can you put the PHP code that does this on the thread? This shouldn't be that hard to get working :)

well.. a lot, as in lots of commented codes but.. they do sorta make some reference.. and also i think everything are scratch except for the form with their values..

this is the "register_confirmation.php"
there is also another page.. i'll post after this one.. the "register_process.php" though i believe this one isn't being used at all, this could be a test page before they came up the the confirmation page.

<?php
@session_start();
require_once("./lib/configuration.php");
require_once("./lib/database.php");
require_once("./lib/dlMember.class.php");
require_once("./lib/dlEvent.class.php");
require_once("./phpmailer/class.phpmailer.php");

$conn = db_get_connection();
$eventManager = new EventManager($conn);
$memberManager = new MemberManager($conn);

$member_id = fcStrGetRequest('register_xxxmemberno');
$event_id = fcStrGetRequest('register_event_id');
$payment_method = fcStrGetRequest('register_payment_method');
$eventinfo = $eventManager->getpublicEventInfo($event_id);

if($member_id!="") {
	
	$memberInfo = $memberManager->getOnlyMemberByUserId($member_id);

	if ($memberInfo === false)  {
  	$confirmation = "NON-MEMBER";
  	$eventcost = ($eventinfo['early_nonmember']=="0"? $eventinfo['normal_nonmember'] : $eventinfo['early_nonmember']);
	}
	else {
		$confirmation = "MEMBER";
		$eventcost = ($eventinfo['early_member']=="0"? $eventinfo['normal_member'] : $eventinfo['early_member']);
	}
}
else {
  $confirmation = "NON-MEMBER";
	$eventcost = ($eventinfo['early_nonmember']=="0"? $eventinfo['normal_nonmember'] : $eventinfo['early_nonmember']);
}

//save into dbase
if ($eventManager->saveNewRegistrant($eventcost))  {
  $_SESSION["ss_lastnotice"] = "Registrant info added.";
  $id = $eventManager->lastId;
  
  $sql = "SELECT registrant.* FROM registrant WHERE registrant.id = $id";
  $rs = mysql_query($sql, $conn);
  $regisInfo = mysql_fetch_assoc($rs);

  $eventorder_id = "E".str_pad($id, 8, "0", STR_PAD_LEFT);
  
  $amsg = "<div>You have received a new event application from ".$regisInfo['name'].",<br><br>".
					"Application online payment status: PENDING<br>".
          "(You may want to contact the registrant on his / her preferred payment mode)".
          "<br><br>".
					"Here are the registrant details:<br><br>".
					"Name: ".$regisInfo['name']."<br>\n".
					"NRIC/Passport No: ".$regisInfo['nric']."<br>\n".
					"Company: ".$regisInfo['company']."<br>\n".
					"Address: ".$regisInfo['address']."<br>\n".
					"Designation: ".$regisInfo['designation']."<br>\n".
					"Postal: ".$regisInfo['postcode']."<br>\n".
					"Telephone: ".$regisInfo['tel']."<br>\n".
					"Email: ".$regisInfo['email']."<br>\n".
					"Member ID: ".$regisInfo['memberid']."<br>\n".
					"PE No: ".$regisInfo['pe_number']."<br><br>\n".
					"Remarks: ".fcStrGetRequest('register_special')."<br><br>\n".
					"Contact Information<br>\n".
					"Contact Person: ".$regisInfo['contact_person']."<br>\n".
					"Tel(O): ".$regisInfo['contact_phone']."<br>\n".
					"Fax(O): ".$regisInfo['contact_fax']."<br>\n".
					"Email: ".$regisInfo['contact_email']."<br><br><br>\n".
					"You may view the prospectus details when you login at admin page.<br>".
					"Browse to <b>Event Management > List Events > Event :: ".$eventinfo['title']."</b> to view the latest registrant(s).<br><br><br></div>";			 	
					
  $mail = new PHPMailer();
  $mail->From = "no-reply@xxx.org";
  $mail->Sender = "no-reply@xxx.org";
  $mail->FromName = "no-reply@xxx.org";
  $mail->Mailer = "mail";
  $mail->IsHTML(true);
  $mail->Subject = "New Event Registration -- OrderID :: $eventorder_id Payment Status :: PENDING";
  $mail->Body = $amsg;
  $mail->AddAddress($eventinfo['email']);
  $mail->Send();
}
else  {
  $_SESSION["ss_lasterror"] = $eventManager->lastError;
  $objForm->postback("register_", "register.php", 1);
}


if ($event_id != "") {
  
  //Retrieve information from database 
  $eventinfo = $eventManager->getpublicEventInfo($event_id);
  if ($eventinfo === false)  {
    echo("<div style='color:#cc0000'>Event information not found</div>\n");
    include("footer_pop.inc");
    exit();  
  }

}
else  {
	echo("<div style='color:#cc0000'>No Event was selected</div>\n");
  include("footer_pop.inc");
  exit();  
}    

if($id!="") 
	$particapant = $eventManager->getParticipantInfo($id);
	

$order_id = "E".str_pad($id, 8, "0", STR_PAD_LEFT);

include("header_pop.inc");
?>
<center>
<!--<form name="cart" action="<?=$g_url_normal?>enets.php">
<input type="hidden" name="amount" value="<?=$eventcost?>">
<input type="hidden" name="txnRef" value="<?=$order_id?>">
<input type="hidden" name="mid" value="763"> 
</form>-->
                           
<!--<form name="cart" action="http://ezpayd.consumerconnect.com.sg/masterMerchant/collectionPage.jsp">-->
<!--<form name="cart" action="https://www.enetspayments.com.sg/masterMerchant/collectionPage.jsp">-->
<form name="cart" action="https://www.enets.sg/enets2/enps.do">
<input type="hidden" name="amount" value="<?=$eventcost?>">
<input type="hidden" name="txnRef" value="<?=$order_id?>">
<input type="hidden" name="mid" value="1127"> 
</form>  
<!--<table cellspacing='0' border='0' class='inputform' style='width:100%'>
<tr><td>&nbsp;</td><td colspan='2'><b><?=$eventinfo['category']?> :: <?=$eventinfo['title']?></b></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>Date  :</td><td><?=($eventinfo["startdate"]==$eventinfo["enddate"]? $eventinfo["FROMDATE"] : $eventinfo["FROMDATE"]." to ".$eventinfo["ENDDATE"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>Time  :</td><td><?=($eventinfo["time"]==""? "Not Applicable" : $eventinfo["time"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>Name  :</td><td><?=($particapant["name"]==""? "-" : $particapant["name"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>NRIC/Passport No :</td><td><?=($particapant["nric"]==""? "-" : $particapant["nric"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>Designation :</td><td><?=($particapant["designation"]==""? "-" : $particapant["designation"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>Company :</td><td><?=($particapant["company"]==""? "-" : $particapant["company"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>Address :</td><td><?=($particapant["address"]==""? "-" : $particapant["address"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>Postal Code :</td><td><?=($particapant["postcode"]==""? "-" : $particapant["postcode"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>Tel :</td><td><?=($particapant["tel"]==""? "-" : $particapant["tel"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>Fax :</td><td><?=($particapant["fax"]==""? "-" : $particapant["fax"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>Email :</td><td><?=($particapant["email"]==""? "-" : $particapant["email"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>PE Number :</td><td><?=($particapant["pe_number"]==""? "-" : $particapant["pe_number"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>Membership ID :</td><td><?=($particapant["memberid"]=="0"? "Non-Member" : $particapant["memberid"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>Duration  :</td><td><?=($eventinfo["duration"]==""? "Not Applicable" : $eventinfo["duration"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>Venue :</td><td><?=($eventinfo["venue"]==""? "Not Applicable" : $eventinfo["venue"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>CPD Programme :</td><td><?=($eventinfo["cpdprogramme"]==""? "Not Applicable" : $eventinfo["cpdprogramme"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>Organiser :</td><td><?=($eventinfo["organiser"]==""? "Not Applicable" : $eventinfo["organiser"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>Coordinator :</td><td><?=($eventinfo["coordinator"]==""? "Not Applicable" : $eventinfo["coordinator"])?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td>Remarks :</td><td><?=($eventinfo["remarks"]==""? "Not Applicable" : str_replace("\n", "<br>", $eventinfo["remarks"]))?></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td> Total Cost :</td><td><b><?=number_format($eventcost,'2','.',',')?></b></td><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td> Order Id   :</td><td><b><?=$order_id?></b></td><td>&nbsp;</td></tr>
<tr><td colspan='4'><br><br>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td colspan='2' style='color:#007D29;text-align:center'>Your registration details has been submitted to xxx<br>We will be in contact with you shortly.</td><td>&nbsp;</td></tr>
<tr><td colspan='4'>&nbsp;</td></tr>
<tr><td>&nbsp;</td><td colspan='2'><center><input type="button" value="Cash/Cheque Payment" onclick="redirect2()">&nbsp;&nbsp;<input type="button" value="Proceed to online payment" onclick="redirect()"></center></td><td>&nbsp;</td></tr>
</table>--></center>

<?
if($payment_method == "ENETS") {

 echo("<script language='javascript'>\n");
 echo("document.cart.submit(); \n");
 echo("</script>\n");
}
else if ($payment_method == "CASH") {

  $_SESSION["ss_lastnotice"] = "<div style='width:100%;font-size:16px'><center>Thank you for registering with us. We will contact you shortly.</center></div>";
  echo("<script language='javascript'>\n");
  echo("location.href = 'payment_sccess.php?txnRef=$order_id&status=Cash' \n");
  echo("</script>\n");  
}
else {
  exit("ERROR");
}
?>
<script language='javascript'>
/*function redirect() {
	if (confirm("Please click to proceed your online payment with secured eNets payment gateway.")) {
		document.cart.submit();
	}
	
}

function redirect2() {
	<?
	  @session_start();
	  $_SESSION["ss_lastnotice"] = "<div style='width:100%;font-size:16px'><center>Thank you for registering with us. We will contact you shortly.</center></div>";
	?>
		location.href = 'payment_sccess.php?txnRef=<?=$order_id?>&status=Cash';
}*/
  //   document.cart.submit(); 
  // location.href = "enets.php?id=<?=$id ?>";
      
    </script>    
</body>
</html>
<?
include("footer_pop.inc"); ?>

here is the register_process.php

<?php
require_once("./lib/configuration.php");
require_once("./lib/database.php");
require_once("./lib/dlMember.class.php");
require_once("./lib/dlEvent.class.php");

$conn = db_get_connection();
$eventManager = new EventManager($conn);
$memberManager = new MemberManager($conn);

$member_id = fcStrGetRequest('register_xxxmemberno');
$event_id = fcStrGetRequest('register_event_id');

if($member_id!="") {
	
	$memberInfo = $memberManager->getMemberByUserId($member_id);

	if ($memberInfo === false)  {
  	echo("<script language='javascript'>alert('Wrong Member ID'); location.href='member_forgetpwd.php';</script>\n");
  	exit();  
	}
	else {
		$eventinfo = $eventManager->getpublicEventInfo($event_id);
		$eventcost = $eventinfo['normal_member'];
	}
}
else {
	$eventinfo = $eventManager->getpublicEventInfo($event_id);
	$eventcost = $eventinfo['normal_nonmember'];
}

//save into dbase
if ($eventManager->saveNewRegistrant($eventcost))  {
      $_SESSION["ss_lastnotice"] = "Registrant info added.";
      $id = $eventManager->lastId;
    }
    else  {
      $_SESSION["ss_lasterror"] = $eventManager->lastError;
      $objForm->postback("register_", "register_process.php", 1);
    }
    
//$id = mysql_insert_id($link);
//$cost_in_sing = number_format($cost_in_sing,2);
?>

<form name="cart" action="<?=$g_url_normal?>enets.php">
<input type="hidden" name="amount" value="<?=$eventcost?>">
<input type="hidden" name="txnRef" value="<?=$id?>">
<input type="hidden" name="mid" value="700"> 
</form>

<!--<form name="cart" action="http://ezpayd.consumerconnect.com.sg/masterMerchant/collectionPage.jsp">
<input type="hidden" name="amount" value="<?=$cost_in_sing ?>">
<input type="hidden" name="txnRef" value="<?=$id ?>">
<input type="hidden" name="mid" value="521"> 
</form>  -->

    <script language='javascript'>
     document.cart.submit(); 
  // location.href = "enets.php?id=<?=$id ?>";
      
    </script>    
</body>
</html>

hi, i tried the httpwebrequest.. it seems that it isn't what i'm looking for?

i found this interesting link that happen to be the same thing i need to do, but still quite blurry i believe, no clear answer..
http://forums.asp.net/t/1243288.aspx
says there that:

"The problem was that HttpWebRequest doesn't do what you think it does. It's purpose is not to redirect the browser, but to submit a request to a Web server and then receive the response. It would them be up to the application that called the GetResponse method to process the information returned from the Web server. This cannot be simply redirected to the browser in your example such that it looks like they went to that page on their own."

but i'm still left w/ a javascript solution although i cannot seem to make it work.. please do refer to that link and if you can, guys.. please provide me a clearer solution :( thanks thanks..

hi,
we currently have a php system residing in 1 domain server, it is an online registration that accepts credit card payment w/c redirects to enets page, whether the payment is success, fail, enets will throw back some query strings back to our page, ( our side need to do the success/fail page)
this system was done by other developer.

now i am currently developing a new registration system w/c do the same thing as the php, except, when i try to redirect to the enets page, it accepts our domain and all strings, the user can input credit card bills, then click submit, this is where the problem arises.
The problem is, from enets it is opening the php success/fail page, how can i redirect it to my aspx page?

Get asp.net dll from your credit card processing company.

Hi,

I have an aspx page that redirect to an e-payment service website, my code is:

Response.Redirect("https://www.enets.sg/enets2/enps.do?amount=xx&txnRef=xxxx&mid=xx")

this is actually successful, and when i try to submit my billing information, i can actually get my credit card deducted XD hehe.

the problem is that, the enets site needs a success/fail/cancel page from me, and i don't know how to do this.. below is how i see it on other samples i taken from internet.. is this the only thing i need??

<body>

    <form id="form1" runat="server">

    <div>

    <%

        Dim amount As String = Page.Request.QueryString("amount")

        Dim txnDate As String = Page.Request.QueryString("txnDate")

        Dim Status As String = Page.Request.QueryString("Status")

        Dim errorCode As String = Page.Request.QueryString("errorCode")

        Dim payment As String = Page.Request.QueryString("payment")

        Dim txnTime As String = Page.Request.QueryString("txnTime")

        Page.Response.Write("</br>Amount: " & amount & "</br>Date: " & txnDate)

                %>

            </div>

    </form>

</body>

so basically my page should look like: domain.com/webform1.aspx?amount=x&txnDate=x&status=x and so on..

all those strings are passed back by enets website after i submit my billing information.

please help me :\ thanks!!