Click here to Skip to main content
13,052,900 members (62,835 online)
Click here to Skip to main content
Add your own
alternative version

Stats

23.9K views
281 downloads
14 bookmarked
Posted 30 Mar 2006

GoldMoney Online Merchant Interface

, 30 Mar 2006
Rate this:
Please Sign up or sign in to vote.
Implementation of GoldMoney OMI in C#/ASP.NET

Sample Image - examplepage.png

Introduction

GoldMoney is a payment system in which customers and merchants exchange grams of gold (gg) with in the GoldMoney system. This method of payment, although not widely used in the United States, offers some advantages over credit card systems: It does not have a charge-back system, so sales are final. Denominating purchases in gold grams eliminates the hassle of unsupported currencies, and the transaction costs are minimal.

In this article I will set out to explain how to implement the GoldMoney Online Merchant Interface (OMI) using ASP.NET and C#. The OMI interface allows you to automatically submit and receive notification of successful payments.

Using the code

The OMI interface implementation shown here has 3 parts:

  1. Collection of user information.
  2. Posting of data to GoldMoney for user purchase authorization.
  3. Receiving notification of successful payment.

Collect User Information

The first part is just a page, GMCollect.aspx, to collect user information such as name and email address. GoldMoney does not require any user information from the merchant this is only to allow the merchant to fulfill the order. The purchase button on the collection page calls the redirection page with the item ID and any data that was collected on this page.

private void btnPurchase_Click(object sender, System.EventArgs e)
{
    // Create and entry in DB, and a new order
    int itemID = 1;
    int orderID = 100;    // hardcoded for example but pull from DB

    // Pass to redirection for posting
    string url = string.Format("GMRedirect.aspx?ITEM={0}&EMAIL={1}&FIRST={2}&LAST={3}&ORDERID={4}"
        ,itemID
        ,TextEmailGold.Text
        ,HttpUtility.UrlEncode(TextGoldFirstName.Text)
        ,HttpUtility.UrlEncode(TextGoldLastName.Text)
        ,orderID
        );

    Response.Redirect(url);
}

Send Information to GoldMoney

The second part is the posting of data to the GoldMoney website. As many have found out when using ASP.NET you cannot simple put a form button within the code-behind and expect it to work. What I’ve done here is take the easiest route and created a redirection page, GMRedirect.aspx.  When GMRedirect.aspx is called it will post to the GoldMoney site.

The redirection page is responsible for taking the collected data along with the items purchase price and putting it in the variables to be posted to the GoldMoney site.

private void Page_Load(object sender, System.EventArgs e)
{
    try
    {
        string memo = string.Empty;

        // Test Mode value for GoldMoney Requests
        // Uncomment to make a test purchase
        //SIMMODE.Value = "1";

        string tmp = Request.Params["ITEM"];
        if (null != tmp && tmp.Length > 0)
        {
            int id = int.Parse(tmp);

            int orderID = 0;
            tmp = Request.Params["ORDERID"];
            if (null != tmp && tmp.Length > 0)
            {
                orderID = int.Parse(tmp);
            }
            OMI_MERCHANT_REF_NO.Value = orderID.ToString();

            // Look up Item information from DB
            // In this example it is hardcoded
            string itemName = "Widget";
            double itemCost = 42.42;
            double itemShipping = 1.00;

            // User will see this in Memo box on GoldMoney purchase page
            memo = "Payment for " + itemName;

            // Storage for additional merchant information
            // Item identification stored here in this example but could be anything.
            MERCHANT_FIELD_1.Value = id.ToString();

            OMI_CURRENCY_AMT.Value = string.Format("{0:0.00}",itemCost + itemShipping);
        }

        string emailStr = Request.Params["EMAIL"];
        if (null != emailStr)
        {
            MERCHANT_FIELD_EMAIL.Value = emailStr;
        }

        string firstName = Request.Params["FIRST"];
        if (null != firstName)
        {
            firstName = HttpUtility.UrlDecode(firstName);
            MERCHANT_FIELD_FIRSTNAME.Value = firstName;
        }

        string lastName = Request.Params["LAST"];
        if (null != lastName)
        {
            firstName = HttpUtility.UrlDecode(lastName);
            MERCHANT_FIELD_LASTNAME.Value = lastName;
        }

        OMI_MERCHANT_MEMO.Value = memo;
    }
    catch (Exception ex)
    {
        // Log and handle exception
    }
}

GoldMoney Notifications

The third part is the magic automation. GoldMoney will post to this page, GMNotify.aspx, with all the parameters of a successful payment and the merchant variables you passed up to it. This example assumes that GoldMoney is posting to an SSL secure page so the variables cannot be intercepted. The notification page validates that the message came from GoldMoney by checking a shared secret key between your website and GoldMoney. This secret key and the URL to this page is set in the OMI settings of your GoldMoney account. After validating the order, place in any code you need to fulfill the order.

private void Page_Load(object sender, System.EventArgs e)
{
    string    _secretKey = "verybadsecretkey";
    string    holdingNo = "12-34-56-A";

    try
    {
        // Check if valid transaction
        if (Request.Form["OMI_SECRET_KEY"].CompareTo(_secretKey) == 0)
        {
            if (Request.Form["MERCHANT_FIELD_EMAIL"].Length > 0)
            {
                string email = Request.Form["MERCHANT_FIELD_EMAIL"];

                // verify that payment is proper amount
                if (Request.Form["OMI_MERCHANT_HLD_NO"].CompareTo(holdingNo) == 0)
                {
                    int orderID = int.Parse(Request.Form["OMI_MERCHANT_REF_NO"]);
                    int itemID = int.Parse(Request.Form["MERCHANT_FIELD_1"]);

                    int currencyCode = int.Parse(Request.Form["OMI_CURRENCY_CODE"]);
                    double amount = double.Parse(Request.Form["OMI_CURRENCY_AMT"]);

                    // Validate orderID with amounts and itemID.

                    string firstName = Request.Form["MERCHANT_FIELD_FIRSTNAME"];
                    string lastName = Request.Form["MERCHANT_FIELD_LASTNAME"];

                    // Mail out reciept and fullfill order
                }
            }
            else
            {
                    // no email to send reciept too log it
            }
        }
        else
        {
            // possible fraud, shared secret key with GoldMoney doesn't match.
        }
    }
    catch //(Exception ex)
    {
        // Something bad happened log it.
    }
}

Security Concerns

I abbreviated a number of security checks in this code for clarity. It should be noted that the transfer of data from GMCollect.aspx to GMRedirect.aspx can be intercepted and changed by the user. A safer method, such as session variables or hash checks is recommended.

Another security issue is to validate that the order information and the price being sent from GoldMoney match. It might be possible, although unlikely, for the customer to adjust the price of the transaction from GoldMoney but retain the same order ID.

More Information

To setup a free GoldMoney account visit GoldMoney.com . GoldMoney OMI implementation documentation is located here.

Disclaimer

This documentation and the accompanying files are provided "as is" with no expressed or implied warranty. No responsibilities for possible damages, or side effects in its functionality. The user must assume the entire risk of using this code. The author and Screaming Bee LLC accepts no liability if it causes any damage to your computer, website, software, reputation or your love life. Use at your own risk.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Shawn Pourchot
Web Developer
United States United States
Shawn is President and co-founder of Screaming Bee LLC.

He has been developing software for more years then he cares to remember. One of his ealiest projects, AutoGreet, written in 6502 assembly won him the affection and hatred of a multiline BBS community (remember those?).

Currently his projects involve ASP.NET/C# and driver development at Screaming Bee.

Screaming Bee is a leader in voice changing software and solutions for online games and messenger applications.

For more information please visit: http://www.screamingbee.com

You may also be interested in...

Comments and Discussions

 
-- There are no messages in this forum --
Permalink | Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.170713.1 | Last Updated 30 Mar 2006
Article Copyright 2006 by Shawn Pourchot
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid