Commerce Mellat

Change your git clone command in the issue description for
git clone http://git.drupal.org/sandbox/mohamadaliakbari/1702928.git commerce_mellat
instead of
git clone --recursive --branch 7.x-1.x mohamadaliakbari@git.drupal.org:sandbox/mohamadaliakbari/1702928.git

Automatic review

Drupal Code Sniffer has found some issues with your code:
http://ventral.org/pareview/httpgitdrupalorgsandboxmohamadaliakbari17029...

Manual review

Your code seems good and follows Drupal standards.

Maybe you could use constants for urls like
- https://pgws.bpm.bankmellat.ir/pgwchannel/services/pgw?wsdl
- https://pgw.bpm.bankmellat.ir/pgwchannel/startpay.mellat
- http://interfaces.core.sw.bps.com/
It would be easier to maintain in case they change... but it's a detail.

I did not test the paiement as I don't have a account at Mellat Bank, but the administration UI works well.

no major issues pointed out, no need to set "needs work"

If it's been reviewed successfully with no blockers, and no needs work is needed ... then that makes it RTBC, then? No objections?

drupal_set_message(t('Fault code: !error', array('!error' => $result)), 'error');
watchdog('commerce_mellat', 'Fault result: ' . $result, array(), WATCHDOG_ERROR);

You should check_plain() everything that is not statically defined in your module and comes from outside the server. Therefore make sure that all results are save before passing them to drupal_set_message() or watchdog(). - Never trust foreign input / results
I highly recommend you to read the how to write secure code documentation: http://drupal.org/writing-secure-code

hook_redirect_form_validate() - Is this really a hook, or a custom form validation callback ?
I wasn't able to find anything about this

$result_code = $_POST['ResCode'];
  $result_ref_id = $_POST['RefId'];
  $sale_order_id = $_POST['SaleOrderId'];
  $sale_reference_id = $_POST['SaleReferenceId'];

  if (!isset($_POST['ResCode']) || !isset($_POST['RefId']) || !isset($_POST['SaleOrderId'])) {
    commerce_payment_redirect_pane_previous_page($order);
    return FALSE;
  }

Always use forms api -> always get values out of $form_state -> never use _POST global.
also you first try to get them and save them into variables and then you check whether these keys exist? that order makes no sense.

Automatic review

I checked out HEAD from git, and for me it seems like the issues from the automatic reviews has not yet been addressed: http://ventral.org/pareview/httpgitdrupalorgsandboxmohamadaliakbari17029...

Manual review

- The issue with $_POST as mentioned in #5 is still there. Use $form_state['values'] instead.

- DIRECTORY_SEPARATOR is not necessary , '/' works fine also on windows. (http://alanhogan.com/tips/php/directory-separator-not-necessary)

- When including the nusoap library you are using include_once, maybe require_once is a better choice since later code will crash if the library is not available, thus it is required and php should bail out if the include failed?

Otherwise it looks very nice, clean and well-structured code, good use of API etc. Good job!

Automatic review shows lots of errors: http://ventral.org/pareview/httpgitdrupalorgsandboxmohamadaliakbari17029...
You may configure your IDE to match Drupal coding standarts:

• Configuring Eclipse/Aptana
• Configuring NetBeans

Is there any documentation in English for this payment gateway? Its quite hard to review module without any documentation provided.

1. Use commerce_currency_amount_to_decimal() function instead of manual convertion ($wrapper->commerce_order_total->amount->value() / 100)

2. Your payment method has 'debug' setting which does nothing but sets the order amount to '1000'. You might rename or even remove it since it seems useless.

Closing due to lack of activity. Feel free to reopen if you are still working on this application.

I'm a robot and this is an automated message from Project Applications Scraper.

Change clone statement