PHPackages                             itinerisltd/gf-worldpay - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Payment Processing](/categories/payments)
4. /
5. itinerisltd/gf-worldpay

ActiveWordpress-plugin[Payment Processing](/categories/payments)

itinerisltd/gf-worldpay
=======================

Gravity Forms Add-on for WorldPay

0.2.5(7y ago)11.1kMITPHPPHP ^7.2

Since Aug 11Pushed 3y ago10 watchersCompare

[ Source](https://github.com/ItinerisLtd/gf-worldpay)[ Packagist](https://packagist.org/packages/itinerisltd/gf-worldpay)[ Docs](https://github.com/ItinerisLtd/gf-worldpay)[ RSS](/packages/itinerisltd-gf-worldpay/feed)WikiDiscussions master Synced yesterday

READMEChangelogDependencies (6)Versions (9)Used By (0)

gf-worldpay
===========

[](#gf-worldpay)

[![Packagist Version](https://camo.githubusercontent.com/a09c8ac9662b45dddabf3856294140e27ef13de9e7a0844fc974d2b01ae50434/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6974696e657269736c74642f67662d776f726c647061792e737667)](https://packagist.org/packages/itinerisltd/gf-worldpay)[![PHP from Packagist](https://camo.githubusercontent.com/40a5d83275b300056671de2893ce6b94488b6430a8f76f4843f15eb01289f0b4/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6974696e657269736c74642f67662d776f726c647061792e737667)](https://packagist.org/packages/itinerisltd/gf-worldpay)[![Packagist Downloads](https://camo.githubusercontent.com/bca0d42495d99bfb3be872cfd072cc3ab4186d5609f1140cf603e408bb2f0b30/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6974696e657269736c74642f67662d776f726c647061792e737667)](https://packagist.org/packages/itinerisltd/gf-worldpay)[![GitHub License](https://camo.githubusercontent.com/02ccd003742acc57438d34fe5233de5cbf6963fcc7ff4790bacc3e7c27bfd2e2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f6974696e657269736c74642f67662d776f726c647061792e737667)](https://github.com/ItinerisLtd/gf-worldpay/blob/master/LICENSE)[![Hire Itineris](https://camo.githubusercontent.com/28070f6fe57ce0e650e45ceddf0f294c6ebb8e5248af50e801ed5d81026c076c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f486972652d4974696e657269732d6666363962342e737667)](https://www.itineris.co.uk/contact/)

Gravity forms add-on for WorldPay.

- [Minimum Requirements](#minimum-requirements)
- [Installation](#installation)
- [Setup](#setup)
- [Security Concerns about WorldPay HTML API](#security-concerns-about-worldpay-html-api)
- [Not Issue](#not-issue)
- [Features](#features)
- [Not Supported / Not Implemented](#not-supported--not-implemented)
- [Best Practices](#best-practices)
    - [HTTPS Everywhere](#https-everywhere)
    - [Payment Status](#payment-status)
- [Test Sandbox](#test-sandbox)
- [FAQ](#faq)
    - [GF WorldPay is Missing on Form Settings](#gf-worldpay-is-missing-on-form-settings)
- [Public API](#public-api)
    - [Build URL for continuing confirmation](#build-url-for-continuing-confirmation)
    - [Redirect URL Retrieval Failure Handling](#redirect-url-retrieval-failure-handling)
- [Preflight](#preflight)
- [Coding](#coding)
    - [Required Reading List](#required-reading-list)
    - [Gravity Forms](#gravity-forms)
- [Author Information](#author-information)
- [Feedback](#feedback)
- [Change log](#change-log)
- [License](#license)

Minimum Requirements
--------------------

[](#minimum-requirements)

- PHP v7.2
- php-curl
- WordPress v4.9.8
- Gravity Forms v2.3.3.2

Installation
------------

[](#installation)

```
$ composer require itinerisltd/gf-worldpay
```

Setup
-----

[](#setup)

[Payment response(redirection)](http://support.worldpay.com/support/kb/bg/htmlredirect/htmlredirect.htm#rhtml/Telling_your_shopper_about.htm#_Payment_Response_messages) and [Enhancing security with MD5](http://support.worldpay.com/support/kb/bg/htmlredirect/htmlredirect.htm#rhtml/Enhancing_security_with_MD5.htm%3FTocPath%3D_____10) are mandatory.

In the Integration Setup for your installation using [the Merchant Interface &gt; Installations option](http://support.worldpay.com/support/kb/bg/customisingadvanced/custa6011.html):

1. Enable **Enable the Shopper Response**
2. Enable **Payment Response enabled?**
3. Enter `` as **Payment Response URL**
4. Enter a 25-char random passphrase as **Payment Response password**
5. Enter a 30-char random passphrase as **MD5 secret for transactions**
6. Enter `instId:amount:currency:cartId` as **SignatureFields**

Note that WorldPay truncate long **Payment Response password** without notices!

Security Concerns about WorldPay HTML API
-----------------------------------------

[](#security-concerns-about-worldpay-html-api)

- Leaking **MD5 secret for transactions**
    - Allow evil hackers to set up fake checkout pages, pretending to be the merchant
    - WorldPay would accept these checkouts and charges the credit cards
    - Money goes into the merchant's account
- Leaking **Payment Response password**
    - Allow evil hackers to pretending to be WorldPay
    - WordPress would accept evil hackers' payment callbacks and changes entries' payment statuses

Not Issue
---------

[](#not-issue)

If **Payment Response password**(also known as`callbackPW`) is incorrect, `InvalidResponseException` is throw to *stop the world*. Credit card holders see white screen of death or stuck in "wait for redirection" page in such case.

Features
--------

[](#features)

- [Enhancing security with MD5](http://support.worldpay.com/support/kb/bg/htmlredirect/htmlredirect.htm#rhtml/Enhancing_security_with_MD5.htm%3FTocPath%3D_____10)
- [Gravity Forms Logging](https://docs.gravityforms.com/logging-and-debugging/)
- [Gravity Forms Notification Events](https://docs.gravityforms.com/gravity-forms-notification-events/)
- [Gravity Forms Confirmation](https://docs.gravityforms.com/configuring-confirmations-in-gravity-forms/)
- [Gravity Forms Conditional Logic](https://docs.gravityforms.com/enable-conditional-logic/)

Not Supported / Not Implemented
-------------------------------

[](#not-supported--not-implemented)

- Shipping address
- Reject according to fraud check results
- Token payment
- Recurring payment
- Refund
- Void

Best Practices
--------------

[](#best-practices)

### HTTPS Everywhere

[](#https-everywhere)

Although WorldPay accepts insecure HTTP sites, you should **always use HTTPS** to protect all communication.

### Payment Status

[](#payment-status)

Always double check payment status on WorldPay Merchant Interface.

Test Sandbox
------------

[](#test-sandbox)

Use this [test credit card](http://support.worldpay.com/support/kb/bg/pdf/181450-test-transaction-f.pdf).

FAQ
---

[](#faq)

### GF WorldPay is Missing on Form Settings

[](#gf-worldpay-is-missing-on-form-settings)

Gravity Forms capabilities behave differently on multi-user sites and its documents are incomplete. If GF WorldPay is missing on form settings, grant yourself `gf_worldpay` and `gf_worldpay_uninstall` capabilities. See:

Public API
----------

[](#public-api)

### Build URL for continuing confirmation

[](#build-url-for-continuing-confirmation)

`ConfirmationHandler::buildUrlFor(Entry $entry, int $ttlInSeconds = 3600): string`

Usage:

```