DengiOnline

2018-04-26 03:00:15

User or Order ID verification

User or Order ID verification ensures that the invoice and subsequent payment are tied to the correct account in the Project system.

Keep in mind that the User or Order ID verification in case of Simplified Integration happens twice: when the User goes to the payment page and when the User selects pay mode.

Project needs:

  • user or order ID verification URL (specify in the Technical settings in the Merchant's personal account);
  • the handler to accept and recognize requests from the System and reply, how the System expects.

If User or Order ID verification fails before invoice creation, the invoice will not be created and the customer will be redirected to a special fail description page (specified by return_url_fail parametr or in the Technical settings) on the Project side. If the Project settings at the System do not include the result_url_fail page, then the user will be redirected to a similar page on the System side.

In either case the err_msg[] parameter with the value "There is no such account" is automatically sent to the page using GET method.

Parameters of User or Order ID Verification Request

The System sends the request to the user or order ID verification URL provided by the Project  in the Technical settings during integration.

The System uses the following rules:

  • method - POST;
  • encoding - UTF-8.
Parameter Description Format Mandatory

userid

Account ID — payment recipient identifier (is equal to "nickname" value in the invoice request)

string(256)

Yes

userid_extra

Additional information required for payment identification within the Project system (coincides with nick_extra value in the invoice request)

string(500)

No

key

Request signature. Formed as hash using md5 algorithm. Consists of the following parameters (concatenated):

  • 0

  • userid

  • 0

  • secret key

md5(0userid0secret key)

Yes

amount

СHECK request verification. The parameter is always null (amount = 0)

0

Yes

paymentid

СHECK request verification. The parameter is always null (amount = 0)

0

Yes

orderid

Payment ID in the Project system (equals to the order_id value from the invoice request if provided in the request)

varchar(64)

No

Parameters of the response

Every User or Order ID verification request from the System should be answered.

To send the response use the following rules:

  • format - XML;
  • encoding - UTF-8.

Parameter

Description

Format

Mandatory

code

Response code

YES — notification accepted, 

NO — ID does not exist

YES/NO

(case-sensitive)

Yes

comment

Response code details
Sample text:

  • Verification for the userid parameter failed.

  • Verification for the orderid parameter failed.

  • Verification for the key parameter failed

string (400)

No

Response example

<?xml version="1.0" encoding="UTF-8"?>
<result> 
  <code>YES</code> 
</result>

Example code for a minimal request handler (PHP)

//Response generation 
function sendResponse($status, $message = ''){
	$response = '<?xml version="1.0" encoding="UTF-8"?>'."\n";
	$response .= '<result>'."\n"; 
		$response .= '<code>'.$status.'</code>'."\n"; 
	$response .= '<comment>'.$message.'</comment>'."\n";
	$response .= '</result>';
	die($response); 
} 

//User or order ID verification  
function checkUser($userID){ 
	$sql = "SELECT login FROM users WHERE usr_id = ".intval($userID); 
	$query = mysql_query($sql); 
	if(mysql_error()){ 
		return FALSE; 
	} 
	if(mysql_num_rows($query) == 0){ 
	return FALSE; 
	} 
	return TRUE; 
} 

$secretKey = 'IT\'S_A_PROJECT_SECRET_WORD'; 
$projectHash = md5($_POST['amount'].$_POST['userid'].$_POST['paymentid'].$secretKey); 
if($projectHash != $_POST['key']){ 
	sendResponse('NO', 'Incorrect security signature');
} 
if(floatval($_POST['amount']) == 0 && intval($_POST['paymentid']) == 0){ 
	//User or order ID verification request  
	if(checkUser($_POST['userid'])){ 
		sendResponse('YES', 'ID already exists'); 
	} 
	else{ 
		sendResponse('NO', 'ID does not exist');
	} 
}