We found out that we can use Heartland, but we have to use each store’s merchant ID to access their individual Heartland accounts.

How to implement above functionality
Please suggest

Files:
/src/Abstractions/HpsConfigInterface.php
/src/Services/HpsServicesConfig.php
/src/Services/HpsCentinelConfig.php

public function setServiceUri(string $value);

Consider changing this as many of the merchants still use PHP 5.x

I need to get the batch numbers and status to integrate with "Quickbooks"

The latest version of curl available on a base CentOS 6.7 (using epel repo) is version 7.19.7. I am receiving an SSL error using curl from cli for the webserver.

Example:

# curl -v [redacted heartland api url]
* About to connect() to [redacted] port 443 (#0)
*   Trying [redacted]... connected
* Connected to [redacted] ([redacted]) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -5938
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error

This is causing an error when attempted to run a transaction:
HpsGatewayException in HpsGatewayServiceAbstract.php line 86: Unexpected response (SSL connect error).

Specifying the CUROPT_SSLVERSION to 6 (which equates to constant CURL_SSLVERSION_TLSv1_2) corrects the issue (in src/Abstractions/HpsGatewayServiceAbstract.php)

I understand that this is an issue with the version of curl provided in CentOS 6.7 (packages are all up to date at time of testing).

Would you prefer to not address this issue in the library for web hosts running CentOS 6.7 and have us fork this library (or require that web hosts using this build a newer version of curl/nss from source) or patch this PHP library to specify the TLS version?

Hello,

I am trying to Re-Auth the previously Auth transaction. Which function should I use for that. I am using HpsCreditService.

Thanks

I'm getting below error while using eCheck Payment.

Processor Configuration error. : Code : 51

Can any budy help me what is this error say and how can I fixed it ?

I'm passing test data in my form like below:

Array
(
[holder_firstname] => vids
[holder_lastname] => sinojiya
[holder_phone] => 8888888888
[holder_dobyear] => 1209
[holder_ssl4] => 8765
[holder_dlnumber] => ijij
[holder_dlstate] => AL
[holder_address_address] => ijioj
[holder_address_city] => fvgh
[holder_address_state] => AK
[holder_address_zip] => 78777
[payment_amount] => 10
[check_accountnumber] => 24413815
[check_routingnumber] => 490000018
)

Can anybudy help me please ?

Thanks

I need to see how much I've paid to Heartland for each "transaction". Now I need to access the https://infocentral.heartlandpaymentsystems.com and check manually each transaction.

If a details object is passed into the charge call I would expect those details to be returned in the HpsAuthorization however the HpsAuthorization returned from the certification gateway always contains NULL for the three values.

Example charge call:
$details = (object) array('memo' => 'My description', 'invoiceNumber' => 'IN_1234', 'customerId' => '9090');
$auth = $chargeService->charge(50, 'usd', $token], null, false, $details);

Returned auth object:
object(HpsAuthorization)#99 (19) {
["avsResultCode"]=> string(1) "0"
["avsResultText"]=> string(18) "AVS Not Requested."
["cvvResultCode"]=> string(1) "M"
["cvvResultText"]=> string(6) "Match."
["cpcIndicator"]=> NULL
["authorizationCode"]=> string(6) "27445A"
["authorizedAmount"]=> NULL
["cardType"]=> string(4) "Visa"
["description"]=> NULL
["invoiceNumber"]=> NULL
["customerId"]=> NULL
["descriptor"]=> NULL
["tokenData"]=> NULL
["transactionId"]=> string(10) "1011918135"
["clientTransactionId"]=> NULL
["responseCode"]=> string(2) "00"
["responseText"]=> string(8) "APPROVAL"
["referenceNumber"]=> string(12) "618712011447"
["_header":protected]=>
object(HpsTransactionHeader)#107 (4) {
["gatewayResponseCode"]=> string(1) "0"
["gatewayResponseMessage"]=> string(7) "Success"
["responseDt"]=> string(27) "2016-07-05T03:41:16.1065041"
["clientTxnId"]=> NULL
}
}

I believe the same goes for the 6th parameter $txnDescriptor also.

We are using your javascript from your tokenization demo. Then using this PHP SDK we are calling the charge method of the CreditService class.

Is it possible to get the payment card bin number as part of that request? Is there another way to get the payment card bin number with a different request?

Thank you

In HpsGatewayResponseValidation.php there are references to exception enums that do not exist. This makes it difficult to catch exceptions.

The check that is made for zero dollar transactions is using a '==' instead of '===' in HpsInputValidation.

Additionally, bypassing the check and sending to the gateway results in returning an invalid exception during the validation of a gateway response. I think this could also be due to a '==' not being a '==='

Reproducing this should be as simple as passing in '0' to a charge transaction.

We have gratuity, but appear to be missing Convenience Fees and Shipping.

Installed via composer.

heartland-php's composer.json :

{
  "autoload":{
    "files": [
      "Hps.php"
    ]
  }
}

As a result my site now loads 184 files associated with the heartland-php sdk on every request (regardless of whether or not the request will even use the sdk, and regardless of what features I need)

the Hps.php file should only be necessary / used when composer isn't being used

Is there a reason heartland-php's composer.json doesn't define classmap rather than files?

ie

{
    "autoload": {
        "classmap": ["src/"]
    }
}

https://getcomposer.org/doc/04-schema.md#classmap

Files

If you want to require certain files explicitly on every request then you can use the files autoloading mechanism. This is useful if your package includes PHP functions that cannot be autoloaded by PHP.

(this isn't the case... the heartland-php sdk doesn't define any global functions. it only defines classes (and classes can be autoloaded)

Classmap

The classmap references are all combined, during install/update, into a single key => value array which may be found in the generated file vendor/composer/autoload_classmap.php. This map is built by scanning for classes in all .php and .inc files in the given directories/files.

You can use the classmap generation support to define autoloading for all libraries that do not follow PSR-0/4. To configure this you specify all directories or files to search for classes.

Hello,

Thanks for this great work. I am trying to pass gratuity by using HpsCreditService capture function. But it looking like not working. can you please add and example of tip on process and tip on settlement process.

Regards

Hello:
I found a Reflected XSS vulnerability in this sdk.

The vulnerability exists due to directly output user-supplied data in HTTP GET parameter, this happended in the file "heartland-php-master\examples\consumer-authentication\cruise.php". The infected source code is line 27, there is no protection on $_GET;

if $_GET contains evil js code, line 27 will trigger untrusted code to be excuted on the browser side.

So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/heartland-php-master/examples/consumer-authentication/cruise.php?cavv="><script>alert(1);</script><"

The follow scrrenshot is the result to click the upper url ( win7 sp1 x64 + firefox 51.0.1 32bit ):

Discoverer: ADLab of Venustech

Where can I see all the transactionsStatus? What is the transactionsStatus after "Authorization" and what is after a capture? An authorization could be capture twice?

It looks like there's no support for Apple Pay in this library, correct?

I'm assuming that if we obtain a payment token on the iOS device and send to our server, we can decrypt outside of the Heartland libs using something like: https://github.com/etsy/applepay-php

But then once we have that decrypted payment info, do we just pass it in like any other card? I haven't done this, so I'm not positive of the actual decrypted payment token format. I'm assuming it's not the original PAN, but some kind of tokenized / alias PAN that Apple gets and stores when you first add your card to Apple Pay. In that case, I'm assuming Heartland doesn't care whether it originated with Apple Pay or somewhere else, correct?

Obviously, it would be far superior to be able to push the encrypted token all the way to Heartland and have you decrypt it, instead of doing so on our server, the way that other processors / gateways offer. Do you have plans to offer that? Any timeline?

I am Yohit, the lead developer of J2Store.
We have a payment plugin for Heartland, which uses the PHP SDK 2.8.2 release.

Here is the J2Store plugin for heartland : https://www.dropbox.com/s/z7x4nus8r1kp8ps/plg_j2store_payment_heartland.zip?dl=0
Here is the complete details of the error .

Unexpected responseHpsGatewayException Object
(
    [code] => 6
    [details] => 
    [innerException] => 
    [message:protected] => Unexpected response
    [string:Exception:private] => 
    [file:protected] => /homepages/42/d508524250/htdocs/laposta-upgrade-final/plugins/j2store/payment_heartland
/library/src/Abstractions/HpsGatewayServiceAbstract.php
    [line:protected] => 83
    [trace:Exception:private] => Array
        (
            [0] => Array
                (
                    [file] => /homepages/42/d508524250/htdocs/laposta-upgrade-final/plugins/j2store/payment_heartland
/library/src/Services/Gateway/HpsSoapGatewayService.php
                    [line] => 55
                    [function] => submitRequest
                    [class] => HpsGatewayServiceAbstract
                    [type] => ->
                    [args] => Array
                        (
                            [0] => https://cert.api2.heartlandportico.com/Hps.Exchange.PosGateway/PosGatewayService
.asmx
                            [1] => Array
                                (
                                    [0] => Content-type: text/xml;charset="utf-8"
                                    [1] => Accept: text/xml
                                    [2] => SOAPAction: ""
                                    [3] => Content-length: 1300
                                )

                            [2] => <?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:hps="http://Hps.Exchange
.PosGateway"><soapenv:Body><hps:PosRequest><hps:Ver1.0><hps:Header><hps:SecretAPIKey>skapi_cert_MfaWAQBjeV4Ax1_PyAlUWvt0fVnhT4sFlgX-K6_V0Q
</hps:SecretAPIKey><hps:DeveloperID>002914</hps:DeveloperID><hps:VersionNbr>1929</hps:VersionNbr><hps
:SiteTrace></hps:SiteTrace></hps:Header><hps:Transaction><hps:CreditSale><hps:Block1><hps:AllowDup>Y
</hps:AllowDup><hps:AllowPartialAuth>N</hps:AllowPartialAuth><hps:Amt>19.45</hps:Amt><hps:CardHolderData
><hps:CardHolderFirstName>Ramesh</hps:CardHolderFirstName><hps:CardHolderLastName>Elamathi</hps:CardHolderLastName
><hps:CardHolderEmail>[email protected]</hps:CardHolderEmail><hps:CardHolderPhone></hps:CardHolderPhone
><hps:CardHolderAddr>22, East Street</hps:CardHolderAddr><hps:CardHolderCity>San Jose</hps:CardHolderCity
><hps:CardHolderState>California</hps:CardHolderState><hps:CardHolderZip>95101</hps:CardHolderZip></hps
:CardHolderData><hps:CardData><hps:TokenData><hps:TokenValue>supt_rJE3dHeWDS192DMENgPxk7kY</hps:TokenValue
></hps:TokenData><hps:TokenRequest>N</hps:TokenRequest></hps:CardData></hps:Block1></hps:CreditSale>
</hps:Transaction></hps:Ver1.0></hps:PosRequest></soapenv:Body></soapenv:Envelope>

                        )

                )