#
#
#   This script demonstrates getting and validating SCI
#   payment confirmation data from Perfectmoney server
#
#
#   !!! WARNING !!!
#   This sample Perl-script is provided AS IS and you should
#   use it at your own risk.
#   The only purpose of this script is to demonstarate main
#   principles of SCI-payment validation proccess.
#   You MUST modify it before using with your particular
#   PerfectMoney account.
#
#


# Constant below contains md5-hashed alternate passhrase in upper case.
#   You can generate it like this:
#     use Digest::MD5 qw/md5/;
#     uc(md5('your_passphrase'));
#   Where `your_passphrase' is Alternate Passphrase you entered
#   in your PerfectMoney account.

#   !!! WARNING !!!
#   We strongly recommend NOT to include plain Alternate Passphrase in
#   this script and use its pre-generated hashed version instead (just
#   like we did in this scipt below).
#   This is the best way to keep it secure. 

$ALTERNATE_PHRASE_HASH = "80F632EBFE5295A9F8933E360EB382DF";

# Path to directory to save logs. Make sure it has write permissions.
$PATH_TO_LOG = "/somewhere/out/of/document_root/";

use Digest::MD5 qw/md5/;
use POSIX qw/strftime/;
use CGI qw/:standard/;

$string =
      param('PAYMENT_ID') . ':' . param('PAYEE_ACCOUNT').':' .
      param('PAYMENT_AMOUNT') . ':' . param('PAYMENT_UNITS').':' .
      param('PAYMENT_BATCH_NUM') . ':' . param('PAYER_ACCOUNT'). ':' .
      $ALTERNATE_PHRASE_HASH . ':' . param('TIMESTAMPGMT');

$hash = uc(md5($string));

if ($hash == param('V2_HASH')){ # proccessing payment if only hash is valid

  # In section below you must implement comparing of data you recieved
  # with data you sent. This means to check if $_POST['PAYMENT_AMOUNT'] is
  # particular amount you billed to client and so on. */

  if (param('PAYMENT_AMOUNT') == '15.95' && param('PAYEE_ACCOUNT') == 'U1234567' && param('PAYMENT_UNITS') =='USD') {

    # ...insert some code to proccess valid payments here... */

    # uncomment code below if you want to log successfull payments
    # open(oFILE,">>$PATH_TO_LOG.good.log");
    # print oFILE strftime('%d-%b-%Y %H:%M',localtime) . "; POST: " . param() . "; STRING: $string; HASH: $hash\n";
    # close(oFILE); 

  } else { # you can also save invalid payments for debug purposes

    # uncomment code below if you want to log requests with fake data
    # open(oFILE,">>$PATH_TO_LOG.bad.log");
    # print oFILE strftime('%d-%b-%Y %H:%M',localtime) . "; REASON: fake data; POST: " . param() ."; STRING: $string; HASH: $hash\n";
    # close(oFILE);
  }
} else { # you can also save invalid payments for debug purposes

  # uncomment code below if you want to log requests with bad hash
    # open(oFILE,">>$PATH_TO_LOG.bad.log");
    # print oFILE strftime('%d-%b-%Y %H:%M',localtime) . "; REASON: bad hash; POST: " . param() . "; STRING: $string; HASH: $hash\n";
    # close(oFILE);
}