PHP Hosted SecureCards

Settings file (nuvei_account.inc):

nuvei_account.inc
<?php
 
# These values are used to identify and validate the account that you are using. They are mandatory.
$gateway = '';			# This is the Nuvei payments gateway that you should use, assigned to the site by Nuvei.
$terminalId = '';		# This is the Terminal ID assigned to the site by Nuvei.
$currency = '';			# This is the 3 digit ISO currency code for the above Terminal ID.
$secret = '';			# This shared secret is used when generating the hash validation strings. 
						# It must be set exactly as it is in the Nuvei SelfCare  system.
$testAccount = true;
 
# These are used only in the case where the response hash is incorrect, which should
# never happen in the live environment unless someone is attempting fraud.
$adminEmail = '';
$adminPhone = '';
 
?>


SecureCard redirect (nuvei_securecard.php):

nuvei_securecard.php
<?php
 
# This is the file that contains the account settings for Nuvei.
require('nuvei_account.inc');
 
# This is a helper file for integrating to the Nuvei HPP in PHP.
require('nuvei_securecard_functions.inc');
 
$secureCardAction = '';			# "register" or "update".
$secureCardMerchantRef = '';	# Unique Merchant Reference for this card. Length is limited to 48 chars.
$host = '';						# This is your host eg. http://localhost:8000
$dateTime = requestDateTime();
 
# Verification string
$requestHash = secureCardRequestHash($secureCardMerchantRef, $dateTime, $secureCardAction);
$requestURL = $host."/merchant/securecardpage";
# Write the HTML of the submission form
echo "<html><body><form id='nuveisecurecardform' action='" . $requestURL . "' method='post'>\n";
writeHiddenField("ACTION", $secureCardAction);
writeHiddenField("TERMINALID", $terminalId);
writeHiddenField("MERCHANTREF", $secureCardMerchantRef);
writeHiddenField("DATETIME", $dateTime);
writeHiddenField("HASH", $requestHash);
 
# Write the JavaScript that will submit the form to Nuvei.
echo '</form>Submitting SecureCard request to Nuvei...<script language="JavaScript">document.getElementById("nuveisecurecardform").submit();</script></body></html>';
 
?>


Secure Card URL (nuvei_securecard_response.php) (URL for this page is setup as “Secure Card URL” through Terminal Setup in the SelfCare ):

nuvei_securecard_response.php
<?php
 
 
# This is the file that contains the account settings for Nuvei.
require('nuvei_account.inc');
 
# This is a helper file for integrating to the Nuvei HPP in PHP.
require('nuvei_securecard_functions.inc');
 
$secureCardAction = '';            # "register" or "update".
$secureCardMerchantRef = '';    # Unique Merchant Reference for this card. Length is limited to 48 chars.
$dateTime = requestDateTime();
 
# Verification string
$requestHash = secureCardRequestHash($secureCardMerchantRef, $dateTime, $secureCardAction);
$requestURL = $gateway."/merchant/securecardpage";
# Write the HTML of the submission form
echo "<html><body><form id='nuveisecurecardform' action='" . $requestURL . "' method='post'>\n";
writeHiddenField("ACTION", $secureCardAction);
writeHiddenField("TERMINALID", $terminalId);
writeHiddenField("MERCHANTREF", $secureCardMerchantRef);
writeHiddenField("DATETIME", $dateTime);
writeHiddenField("HASH", $requestHash);
 
# Write the JavaScript that will submit the form to Nuvei.
echo '</form>Submitting SecureCard request to Nuvei...<script language="JavaScript">document.getElementById("nuveisecurecardform").submit();</script></body></html>';
 
?>


Helper file (nuvei_securecard_functions.inc):

nuvei_securecard_functions.inc
<?php
 
# This function returns the URL that should be used as the "action" for the form posting the Nuvei's servers.
function secureCardURL() {
	global $gateway, $testAccount;
	$url = 'https://';
	if($testAccount) $url .= 'test';
	switch (strtolower($gateway)) {
		default :
		case 'nuvei'  : $url .= 'payments'; break;
		case 'cashflows' : $url .= 'cashflows'; break;
	}
	$url .= '.nuvei.com/merchant/securecardpage';
	return $url;
}
 
# This simply reduces the PHP code required to build the form.
function writeHiddenField($fieldName, $fieldValue) {
	echo "<input type='hidden' name='" . $fieldName . "' value='" . $fieldValue . "' />\r";
}
 
# This generates a DATETIME value in the correct format expected in the request.
function requestDateTime() {
	return date('d-m-Y:H:i:s:000');
}
 
# This is used to generate the Authorisation Request Hash.
function secureCardRequestHash($secureCardMerchantRef, $dateTime, $secureCardAction) {
	global $terminalId, $secret;
	return md5($terminalId . $secureCardMerchantRef . $dateTime . $secureCardAction . $secret);
}
 
# This function is used to validate that the MPI Response Hash from the server is correct.
#     If secureCardResponseHashIsValid(...) != $_REQUEST["HASH"] then an error should be shown and the SecureCard registration should fail.
function secureCardResponseHashIsValid($responseCode, $responseText, $secureCardMerchantRef, $secureCardCardRef, $dateTime, $responseHash) {
	global $terminalId, $secret;
	return (md5($terminalId . $responseCode . $responseText . $secureCardMerchantRef . $secureCardCardRef . $dateTime . $secret)==$responseHash);
}
 
?>