How to integrate MoneyBookers in Web application in PHP?

I cover this topic in detail on a recent blog post of mine: How to automate Moneybookers (Skrill) using status_url (IPN). There is example code for PHP and C# and pictures illustrating the points:

  1. Signup for a Moneybookers test account
  2. Create a “secret word”
  3. Create your own payment form (with your logo on the Moneybookers checkout page)
  4. Verify the Moneybookers order

I won't cover every step here, because if I did my answer would take up several pages. However I will cover the 4th topic (verifying the Moneybookers order) because the answer currently on this page is riddled with problems (SQL injections, etc.). If you want in-detail instructions for every step then read my article.

Simple payment form on your website

I go into this in more detail in the article, but here's a simple payment form. Replace the bold values with your correct prices, app name, and Moneybookers email:


<form action="https://www.moneybookers.com/app/payment.pl" method="post">
  <input type="hidden" name="pay_to_email" value="[email protected]"/>
  <input type="hidden" name="status_url" value="http://example.com/verify.php"/> 
  <input type="hidden" name="language" value="EN"/>
  <input type="hidden" name="amount" value="Total amount (e.g. 39.60)"/>
  <input type="hidden" name="currency" value="Currency code (e.g. USD)"/>
  <input type="hidden" name="detail1_description" value="YourApp"/>
  <input type="hidden" name="detail1_text" value="License"/>
  <input type="submit" value="Pay!"/>
</form>

Verifying the Moneybookers order

After a user has paid for your software, eBook, or other digital content you'll want to automatically verify the order and send what they ordered to their email address. In this example I mention creating a product key using LimeLM, but you can really do anything.

In the example form above you set the location of script that will verify the Moneybookers orders:


<input type="hidden" name="status_url" value="http://example.com/verify.php"/> 

The relevant part of the script is this:


// Validate the Moneybookers signature
$concatFields = $_POST['merchant_id']
    .$_POST['transaction_id']
    .strtoupper(md5('Paste your secret word here'))
    .$_POST['mb_amount']
    .$_POST['mb_currency']
    .$_POST['status'];

$MBEmail = '[email protected]';

// Ensure the signature is valid, the status code == 2,
// and that the money is going to you
if (strtoupper(md5($concatFields)) == $_POST['md5sig']
    && $_POST['status'] == 2
    && $_POST['pay_to_email'] == $MBEmail)
{
    // Valid transaction.

    //TODO: generate the product keys and
    //      send them to your customer.
}
else
{
    // Invalid transaction. Bail out
    exit;
}

If you don't know how to set your secret word in Moneybookers, I explain how to do this in the " How to automate Moneybookers (Skrill) using status_url (IPN)" article.

Full payment example

If you're not keen on writing this code yourself then we have a fully built payment form for our LimeLM customers. It's written for PHP, C#, and VB.NET and it's free for all our customers (even our free-users). So you can download it, integrate it into your site, and use it without paying us a cent.

Here's what the payment selection page looks like:

enter image description here