Initial Commit

.gitignore

@@ -0,0 +1,8 @@
+.idea
+.settings
+.buildpath
+.project
+/**/._*
+/**/.DS_Store
+/**/[Tt]humbs.db
+/**/*~

PHP/TOTP.php

@@ -0,0 +1,69 @@
+<?php
+/*
+    TOTP v0.2.1 - a simple TOTP (RFC 6238) class using the SHA1 default
+    (c) 2014 Robin Leffmann <djinn at stolendata dot net>
+    https://github.com/stolendata/totp/
+    Licensed under CC BY-NC-SA 4.0 - http://creativecommons.org/licenses/by-nc-sa/4.0/
+*/
+class TOTP
+{
+    private static $base32Map = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
+    private static function base32Decode( $in )
+    {
+        $out = "";
+        $l = strlen( $in );
+        $n = $bs = 0;
+        for( $i = 0; $i < $l; $i++ )
+        {
+            $n <<= 5;
+            $n += stripos( self::$base32Map, $in[$i] );
+            $bs = ( $bs + 5 ) % 8;
+            $out .= $bs < 5 ? chr( ($n & (255 << $bs)) >> $bs ) : null;
+        }
+        return $out;
+    }
+    public static function getOTP( $secret, $digits = 6, $period = 30, $offset = 0 )
+    {
+        if( strlen($secret) < 16 || strlen($secret) % 8 != 0 )
+            return [ 'err'=>'length of secret must be a multiple of 8, and at least 16 characters' ];
+        if( preg_match('/[^a-z2-7]/i', $secret) === 1 )
+            return [ 'err'=>'secret contains non-base32 characters' ];
+        $digits = intval( $digits );
+        if( $digits < 6 || $digits > 8 )
+            return [ 'err'=>'digits must be 6, 7 or 8' ];
+        $seed = self::base32Decode( $secret );
+        $time = str_pad( pack('N', intval($offset + time() / $period)), 8, "\x00", STR_PAD_LEFT );
+        $hash = hash_hmac( 'sha1', $time, $seed, false );
+        $otp = ( hexdec(substr($hash, hexdec($hash[39]) * 2, 8)) & 0x7fffffff ) % pow( 10, $digits );
+        return [ 'otp'=>sprintf("%'0{$digits}u", $otp) ];
+    }
+    public static function genSecret( $length = 24 )
+    {
+        if( $length < 16 || $length % 8 !== 0 )
+            return [ 'err'=>'length must be a multiple of 8, and at least 16' ];
+        $secret = "";
+        while( $length-- )
+        {
+            $c = @gettimeofday()['usec'] % 53;
+            while( $c-- )
+                mt_rand();
+            $secret .= self::$base32Map[mt_rand(0, 31)];
+        }
+        return [ 'secret'=>$secret ];
+    }
+    public static function genURI( $account, $secret, $digits = null, $period = null, $issuer = null )
+    {
+        if( empty($account) || empty($secret) )
+            return [ 'err'=>'you must provide at least an account and a secret' ];
+        if( mb_strpos($account . $issuer, ':') !== false )
+            return [ 'err'=>'neither account nor issuer can contain a colon (:) character' ];
+        $account = rawurlencode( $account );
+        $issuer = rawurlencode( $issuer );
+        $label = empty( $issuer ) ? $account : "$issuer:$account";
+        return [ 'uri'=>'otpauth://totp/' . $label . "?secret=$secret" .
+            (is_null($digits) ? '' : "&digits=$digits") .
+            (is_null($period) ? '' : "&period=$period") .
+            (empty($issuer) ? '' : "&issuer=$issuer") ];
+    }
+}
+?>

PHP/dancecampsPayment.class.php

@@ -0,0 +1,89 @@
+<?php
+namespace DANCECAMPS;
+include_once 'TOTP.php';
+
+class dancecampsPayment {
+    private $postdata = array();
+    private $url = "";
+    private $response = "";
+    private $lastError;
+
+    public function __construct($CampURL)
+    {
+        // Set the URL
+        $this->url=$CampURL."/payment-receive.php";
+    }
+
+    public function getLastError()
+    {
+        return $this->lastError;
+    }
+
+    public function sendPaymentToDanceCamps($BookingID, $APIToken, $Secret, $Result, $Amount, $Fee, $Currency, $TxnID, $Notes, $EmailNotes) {
+
+        // Get the token
+        $token=\TOTP::getOTP($Secret);
+
+        if (isset($token['error'])){
+            $this->setLastError("The secret is not valid");
+            return false;
+        }
+        if (!isset($token['otp']))
+        {
+            $this->setLastError("An error occurred getting the TOTP token");
+            return false;
+        }
+        else $token=$token['otp'];
+        
+        // Set the post data
+        
+        $this->postdata["BookingID"]=$BookingID;
+        $this->postdata["APIToken"]=$APIToken;
+        $this->postdata["Token"]=$token;
+        $this->postdata["Status"]=$Result;
+        $this->postdata["Amount"]=$Amount;
+        $this->postdata["Currency"]=$Currency;
+        $this->postdata["TxnID"]=$TxnID;
+        $this->postdata["FeeAmount"]=$Fee;
+        $this->postdata["Notes"]=$Notes;
+        $this->postdata["EmailNotes"]=$EmailNotes;
+
+        // Send
+        return $this->sendWithCURL();
+
+    }
+
+    public function getResponse()
+    {
+        return $this->response;
+    }
+
+    private function sendWithCURL() {
+        $ch = curl_init();
+
+        //curl_setopt($ch, CURLOPT_HEADER, true);
+        curl_setopt($ch, CURLOPT_URL,$this->url);
+        curl_setopt($ch, CURLOPT_POST, true);
+        curl_setopt($ch, CURLOPT_POSTFIELDS,http_build_query($this->postdata));
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+
+        $this->response = curl_exec($ch);
+        $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+
+
+        curl_close ($ch);
+        
+        if ($httpcode!=200) return false;
+        else {
+            $arr=json_decode($this->response, true);
+            if (isset($arr['status']) && $arr['status']==="success") return true;
+            else return false;
+        }
+    }
+
+    private function setLastError($msg)
+    {
+        $this->lastError=$msg;
+    }
+}
+?>

PHP/payment-test.php

@@ -0,0 +1,77 @@
+<?php
+    /*
+     * This is a script for testing payments.
+     * Users will arrive here after having completed a booking.
+     * Depending on the config, this will simulate a completed or a failed payment
+     * and then return the user to their booking.
+     */
+
+    if ($_POST['Result'])
+    {
+
+        // This is the API key from the main setup page
+        define('API_TOKEN', '[paste your payment api token here]');
+
+        // This is the secret key from the payments API setup page on dancecamps.org
+        define('SECRET', '[paste your secret key here]');
+
+        // Include the PHP SDK
+        include_once 'dancecampsPayment.class.php';
+
+        $BookingID=$_POST['BookingID'];
+        $Amount=$_POST['Amount'];
+        $CampURL=$_POST['CampURL'];
+
+        // This is where a real payment would be made.
+        // Here will we just simulate the results
+        $Result=$_POST['Result'];
+        $Currency=$_POST['Currency'];
+        $TxnID=$_POST['TxnID'];
+        $Fee=$_POST['FeeAmount'];
+
+        // The payment was made, send the info to dancecamps.org
+        $obj = new \DANCECAMPS\dancecampsPayment($CampURL);
+        $apiSendResult = $obj->sendPaymentToDanceCamps($BookingID, API_TOKEN, SECRET, $Result, $Amount, $Fee, $Currency, $TxnID, "This is a simulated payment", "Your payment has been processed");
+
+        // Was the payment successful and was it succesfully sent to dancecamps.org?
+        // If so, send the user on to the success page. If not, send them to the fail
+        // page. In a real application, if the payment send to dancecamps.org failed,
+        // you may want to also send yourself an alert
+        if ($Result==="Completed" && $apiSendResult) header("Location: ".$CampURL."/payment-success.php");
+        else
+        {
+            // Maybe send an email to let me know something went wrong and let me fix it manually!
+            header("Location: ".$CampURL."/payment-fail.php?message=Simulated-Payment+Failed");
+        }
+        exit();
+    }
+    else
+    {
+        ?>
+<html>
+    <head>
+        <title>Test dancecamps payment via API</title>
+        <style>
+            label {
+                display: inline-block;
+                width: 130px;
+            }
+            </style>
+    </head>
+    <body>
+        <h1>Test dancecamps payment via API</h1>
+        <form action='payment-test.php' method='post'>
+            <input type="hidden" name="CampURL" value="<?php echo htmlentities($_POST['CampURL']); ?>">
+            <input type="hidden" name="BookingID" value="<?php echo $_POST['BookingID']; ?>">
+            <label for="Result">Result : </label><input name="Result" id="Result" value="Completed"><br>
+            <label for="Currency">Currency : </label><input name="Currency" id="Currency" value="USD"><br>
+            <label for="Amount">Amount : </label><input name="Amount" id="Amount" value="<?php echo $_POST["Amount"]; ?>"><br>
+            <label for="FeeAmount">Fee : </label><input name="FeeAmount" id="FeeAmount" value="<?php echo $_POST["Amount"]*0.02; ?>"><br>
+            <label for="TxnID">Transaction ID : </label><input name="TxnID" id="TxnID" value="<?php echo substr(base64_encode(hash("sha256", mt_rand(0,99999).microtime())), 0, 16); ?>"><br>
+            <input type="submit" value="Simulate Transaction">
+        </form>
+    </body>
+</html>
+<?php
+    }
+?>

readme.md

@@ -0,0 +1,9 @@
+# dancecamps.org Payment API
+
+This repository contains SDKs and sample code for developers who wish to integrate new payment systems with dancecamps.org via the payment API.
+
+The repository is divided by language, currently PHP is the only language with an SDK and example. If you create SDKs in other langauges, please contribute to this repository to help other events. Make sure you don't include any tokens, keys or secrets!
+
+Additionally, please contribute any code that you create for specific payment processors. This should be placed in a folder with the processor name, within the relevant language folder. Make sure you don't include any tokens, keys or secrets!
+
+Integration instructions can be found on the Payment API setup page for your event.