Location: PHPKode > scripts > Payflow Pro Frontend > payflow-pro-frontend/documentation.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>PFPro - A Payflow Pro binary frontend</title>

<h2>PFPro: A Payflow Pro frontend</h2>
<p>The class PFPro is a frontend to VeriSign's binary Payflow Pro client, pfpro, which comes bundled in their Payflow Pro SDK. Before you read any further, I'll say that this currently a very platform-specific class. If you aren't running your site on a Linux server (other *nix variants should work too, though I haven't tested on them), you won't be able to use this class. If anybody wants to write a port for IIS, be my guest! Maybe I will if I can figure out how PHP's COM components work.</p>
<p>Anyhoo, you'll need the following to use this class.</p>
  <li>As I said, a *nix server. <strong>You cannot run this class if you are using IIS.</strong> Sorry.</li>
  <li> A copy of PHP that is NOT running in safe mode. The class runs the pfpro client on the command line, so you need to be able to make calls to the putenv() and system() functions.</li>
  <li>A copy of VeriSign's Payflow Pro SDK. <a href="http://manager.verisign.com" target="_blank">You can get it from here if you don't have it</a> (you need an account with VeriSign first, though). Please do NOT ask me for copies of the SDK, if I gave that out VeriSign would nail my ass to the wall. Be sure to keep the SDK files in their original directory structure on your server, the class currently depends on this (I'll remove this limitation soon).</li>
<p>If you're all set with that stuff, let's rock.</p>
<p>The class will let you execute a simple sale, void or credit (refund) transaction through VeriSign's Payflow servers in less than 20 lines of code. It provides a great amount of flexibility in deciding how you want to handle transaction results</p>
<p>So, without further ado, here's a simple sample script, which I will explain line-by-line.</p>
$p = new PFPro(&quot;/path/to/directory/containing/pfpro/binary&quot;, &quot;yourUsername&quot;, &quot;yourPassword&quot;, &quot;yourPartner&quot;, &quot;yourVendorName&quot;);
$p-&gt;setCustomerInfo(&quot;1 Beacon Hill&quot;, &quot;02115&quot;);
$p-&gt;setPaymentInfo(&quot;4111111111111111&quot;, &quot;0305&quot;, &quot;123&quot;, &quot;10&quot;);

if(!$p-&gt;process()) {
	die(&quot;Transaction &quot; . $p-&gt;getPNREF() . &quot; failed because: &quot; . $p-&gt;getLastMessage());
else {
		$p-&gt;setSecurity(&quot;medium&quot;, &quot;medium&quot;);
				echo &quot;Error voiding transaction (tried to void due to AVS/CVV mismatch)!&quot;;
			else {
				echo &quot;Voided transaction because AVS/CVV didn't match&quot;;
		else {
			echo &quot;Transaction approved, you will now be refunded!&quot;;

	else {
		echo &quot;Didn't check your AVS/CVV because you're a foreigner :) Transaction approved&quot;;
<p><strong>require(&quot;pfpro.class.php&quot;);<br />
</strong>Easy ;) Just includes the class.</p>
<p><strong>$p = new PFPro(&quot;/path/to/directory/containing/pfpro/binary&quot;, &quot;yourUsername&quot;, &quot;yourPassword&quot;, &quot;yourPartner&quot;, &quot;yourVendorName&quot;); <br />
</strong>Initialize the class with by passing it the path to the directory containing the pfpro binary so it can set environment varibles. The login information is the same as the information you use to login to the VeriSign Manager (for vendor name, I just use the username, and it seems to work OK)</p>
<p><strong>$p-&gt;setCustomerInfo(&quot;1 Beacon Hill&quot;, &quot;02115&quot;);</strong><br />
  Set the customer's address information for checking AVS. VeriSign only checks the first three characters of the billing address, I'm told, so you can just use the first line of the billing address, plus the customer's full zip/postal code.</p>
<p><strong>$p-&gt;setPaymentInfo(&quot;4111111111111111&quot;, &quot;0305&quot;, &quot;123&quot;, &quot;10&quot;); <br />
</strong>Set the customer's credit card, expiration date (MMYY format), CVV code, and the amount of the payment, in that order. The card number 4111111111111111 will force the class to use VeriSign's test servers to process the transaction.</p>
<p><strong> if(!$p-&gt;process()) { <br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</strong><strong>die(&quot;Transaction &quot; . $p-&gt;getPNREF() . &quot; failed because: &quot; . $p-&gt;getLastMessage()); <br />
}<br />
</strong>Run the process() function to connect to the Payflow server and process the transaction. If the transaction is approved (regardless of the AVS or CVV results), process() returns true. If an error of some kind occurred, process() will return false. To get the reference number associated with the transaction, just call getPNREF(), which returns the VeriSign reference number of the last transaction. To get the error which caused the transaction to fail, call getLastMessage(), which is the most recent error message to be returned from pfpro.</p>
<p><strong>else { <br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if(!isInternational())<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{</strong><br />
isInternational() will check the last transaction's AVS result to see if the transaction was processed through an international bank. If it was, the function returns true. If not, it'll return false. The reason this is important is because foreign (that is, non-U.S.) banks are very spotty in their support for AVS or CVV tests. It's advisable to adjust your AVS or CVV strictness levels depending on whether or not the transaction was processed overseas (I'll explain AVS/CVV strictness in a moment).</p>
<p><strong> $p-&gt;setSecurity(&quot;medium&quot;, &quot;medium&quot;); <br />
</strong>setSecurity sets the level of strictness when testing the AVS and CVV results. The first parameter is the AVS strictness level, and the second parameter is the CVV strictness level. For AVS, you can set the following levels:</p>
  <li>none - AVS won't be tested at all</li>
  <li>light - If both the address and the zip code test negative, the test fails</li>
  <li>medium - If either the zip code or address tested negative, the test fails</li>
  <li>full - If either address or zip don't come back positive, the test fails</li>
<p>And for CVV, the following levels exist:</p>
  <li>none - CVV is not tested</li>
  <li>medium - If CVV comes back negative, the test fails</li>
  <li>full - If the CVV doesn't come back positive, the test fails </li>
<p>Any AVS or CVV  test can have three possible results from VeriSign: Y (tested positive), X (couldn't be tested, most likely because it was an international bank), or N (tested negative).</p>
<p><strong>if(!$p-&gt;fraudCheck()) <br />
{ <br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if(!$p-&gt;void()) <br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{ <br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;echo &quot;Error voiding transaction (tried to void due to AVS/CVV mismatch)!&quot;;<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;} <br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;else <br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{ <br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;echo &quot;Voided transaction because AVS/CVV didn't match&quot;; <br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;} <br />
}<br />
</strong>The fraudCheck() function will test the last transaction's AVS and CVV results, based on your security settings. If the tests fail, the function returns false. If they pass, it returns true. Normally, if a transaction fails the fraud checks, it's a good idea to protect your ass by voiding the transaction. To do that, run the void() function with no arguments -- this voids the last transaction. If you wanted to void a specific transaction, you could pass a PNREF to the void() function -- but if nothing is passed, it defaults to the last transaction. If the void operation fails for some reason, void() will return false (you can get the error by calling getLastMessage()). Otherwise, it it will return true.</p>
<p>That's really all there is to know about this class. Take a look at the example script if you want to see are more &quot;solid&quot; example of how to use the class. There is also a function to refund a payment -- however there is no point documenting it in detail because it is EXACTLY like the void() function in its usage. To refund the last transaction, simply call the credit() function with no arguments -- to refund an earlier transaction, pass the transaction's PNREF to the function. If the operation fails, credit() returns false. Otherwise, it returns true.</p>
<p>That's REALLY all there is to know :) I hope you find this class useful. If you're a Windows person and you want this class, I urge you to either port it or pester me to do it :-p</p>
<p>Adam G-H<br />
<a href="mailto:hide@address.com">hide@address.com </a></p>
Return current item: Payflow Pro Frontend