By Andrew211 on

Hi,

Hoping someone can shed some light.

I'm currently developing a payment module for Suncorp Bank Virtual POS.

It's a requirement that only certain data is sent to their server + a hash must be created based on the form data so I need to modify the data before it is submitted to their server.

Is there anyway to manipulate the data after the payment form is submitted and before it get's sent to the 3rd Party Server (Suncorp)?

Looks like the process goes:
CALLBACK_commerce_payment_method_redirect_form
which submits directly to the payment server then upon return from the 3rd Party Payment server:
CALLBACK_commerce_payment_method_redirect_form_validate gets called.

At the moment I modify the data by submitting to a custom menu item then use drupal_goto to send the data as get variables to the payment server, however CALLBACK_commerce_payment_method_redirect_form_validate is not getting called on return.

Surely you must be able to manipulate user submitted data on the server side before sending to a hosted payment provider?

Any advice appreciated.

Comments

jaypan’s picture

jaypan
Location Victoria, BC
commented

It depends, often modules will provide an _alter() hook for you to alter data before something happens to it. Look inside the functions for a call to drupal_alter('some_key', $some_variable), this will be a call to hook_some_key_alter($some_variable), and you can modify your data there. If you can't find anything, you should open a ticket in the module issue queue, and request this hook to be added to the module.

Contact me to contract me for D7 -> D10/11 migrations.

Andrew211’s picture

Andrew211 commented

Thanks or your reply, unfortunatly I'm a bit pushed for time so had to do a work around solution.

Other's out there may find it useful, however I've looked at serveral hosted payment solution modules and they all seem to post the data directly to the payment provider. Which is OK if the payment provider doesn't mind receiving drupal fields such as form_build_id, form_id and form_token.

I had to remove those fields, then create a form where the form keys are ordered alphabetically. (a requirement of Suncorp).

Then hash the data on the server side and add the hash to the submit button value. Rename the submit button to vpc_SecureHash.

Then a nasty css hack to remove the submit button value as this is the hashed data (must be the LAST value submitted to Suncorp, yay)

This is by no means a work of art, in fact a bit of a hack/workaround, I'd love to hear a better solution if someone can provide it.

Just want to modify the data server side however then submit to the payment gateway however drupal_goto seems to stop the form validation and submit flow.

    function commerce_suncorp_virtual_pos_3_party_redirect_form($form, &$form_state, $order, $payment_method) {
 
		$settings = $payment_method['settings'];

		//$return = url('checkout/' . $order->order_id . '/payment/return/' . $order->data['payment_redirect_key'], array('query' => array('payment_amount' => '', 'bank_reference' => '', 'payment_number' => ''), 'absolute' => TRUE));
		$return = url('checkout/' . $order->order_id . '/payment/return/' . $order->data['payment_redirect_key'], array('absolute' => TRUE));

		$vpcURL =  trim($settings['commerce_suncorp_payment_url']) . '?';

		// Set up the initial form.
		
		$form['#action'] = $vpcURL;
		$form['#method'] = 'get';

		$data['vpc_Merchant'] = trim($settings['commerce_suncorp_merchant_id']);
		$data['vpc_AccessCode'] = trim($settings['commerce_suncorp_merchant_access_code']);
		$data['vpc_Version'] = '1';
		$data['vpc_Command'] = 'pay';
		$data['vpc_Locale'] = 'en';
		$data['vpc_MerchTxnRef'] = trim($setting['vpc_MerchTxnRef']);
		$data['vpc_Amount'] = $order->commerce_order_total['und'][0]['amount'];
		$data['vpc_MerchTxnRef'] = $order->order_number . '-' . time(); 
		$data['vpc_ReturnURL'] = trim($settings['url']);
		
		
		// Create the request to the Virtual Payment Client which is a URL encoded data
		// request. Since we are looping through all the data we may as well sort it in
		// case we want to create a secure hash and add it to the VPC data if the
		// merchant secret has been provided.
		$md5HashData = trim($settings['commerce_suncorp_secure_hash']);
		ksort($data);
		

		foreach($data as $key => $value) {

			// create the form elements in alphabetical order
			if (strlen($value) > 0) {
				
				$form[$key] = array(
					'#type' => 'hidden',
					'#value' => $value
				);
				
				//add values to the data to be hasheddrupal drupal 
				$md5HashData .= $value;
			}
			
			
		}
		
		// Create the secure hash and apply it to the submit button as this form can't be manipulated after submit
		$form['submit'] = array(
			'#name' => 'vpc_SecureHash',
			'#type' => 'submit',
			'#value' => strtoupper(md5($md5HashData)),
		);
		
		$form['#token'] = false;
		$form['#pre_render'][] = 'suncorp_virtual_pos_3_party_unset_default_form_elements';
		dpm($form);
		return $form;
    }


	function suncorp_virtual_pos_3_party_unset_default_form_elements($form){
		unset($form['form_token']);
		unset($form['form_build_id']);
		unset($form['form_id']);
		return $form;
    }