Hi i'm currently trying to integrate worldpays payment gateway to a website.
However I can't seem to submit the form in a secure way.
This is an example form:
<form method="POST" name="BuyForm" action="https://secure- test.worldpay.com/wcc/purchase">
<input type="hidden" value="yourinstid" name="instId">
<input type="hidden" value="yourcartid" name="cartId">
<input type="hidden" value="GBP" name="currency">
<input type="hidden" value="100" name="amount">
<input type="hidden" value="Product 1" name="desc">
<input type="hidden" value="100" name="testMode">
<input type=submit value="Buy Now">
</form>
Is there anyway to submit this in php to stop end user being able to inspect and change amount ie Changing amount from £100.00 to £1.00 and submitting the order and paying £1 for £100's worth of goods?
I've tried curl however from what i've read you cant redirect the user to the page you've submitted the data to?
Thanks in advance, Jordan
With the architecture you have, no. Because the user is sending data from the page directly to worldpay.com without first going through your server, no you cannot stop the user from inspecting what's about to be sent or from changing values. Even if you locked down the browser with javascript, what's to stop me from loading a page, then copying the information and sending it directly to worldpay with a cURL request from my command line? This is a losing battle for you.
Look at WorldPay documentation for how to securely submit a transfer. Payment systems have usually worked this out. Here are some techniques I've seen.
I notice there is a cart ID. There may be an API whereby your server first sends a request to worldpay to create a cart or payment request and gets some token. Then a valid token must be submitted along with the form by the user. This would allow worldpay to compare the data that was used to create the token with the form submission and notice any change.
Other payment services require you to sign any submission with a secret token that you get from your merchant account. Basically the signature is a keyed hash of all the form values (keyed with the secret, which is never sent to the browser). If a customer changes the form and submits the changes, the new form inputs will not match the signature.
Other payment services allow you to create secure Pay buttons from within the merchant account. This is a pre-agreement of how much each product costs. Then in the browser, you don't even need to set amount, product ID etc... Just the Pay button ID that was created.
Finally, the simplest check is to create a record of the transaction on your server before you create the form for the user. Once you receive notice of payment, lookup the payment or transaction ID in your records and make sure that things line up before processing the order.
The bottom line is: you cannot stop a user from changing what she submits directly to worldpay, so if your security has this requirement, it will fail. Do your research into worldpay secure payment flows.