How to Process the Decision Logic iFrame with PHP
I recently had the opportunity to program the iframe interface with Decision Logic for a client of mine. The process requires an account with Decision Logic. I also recommend you obtain the Starter Kit from Decision Logic. Decision Logic is a third party service used to verify a person based on their banking information. The approach is to present the Decision Logic iframe to the user which collects information from the user and performs a verification process.
You must white list and obtain a unique guid from Decision Logic for each URL that presents the Decision Logic iframe.
Once the user completes the Decision Logic iframe process you can have Decision Logic notify you with the results to a notification URL. This requires some setup within your Decision Logic account.
First we’ll start with presenting the iframe. In our case we may or may not already have the users bank account information. With the decision logic iframe if you can present it with the bank routing and bank account number up front you save the user from having to provide that information to the iframe process. The iframe works with or without the bank information. In our case we expect the user to reach this page through a link that includes the id and email address as part of the querystring. This helps us identify the user so we can pull their information from the database and also ensures the user reached the page correctly.
NOTE: We’re dealing with sensitive financial data – you should take precautions to protect bank account and routing numbers. Encryption and decryption have been removed for readability.
The Decision Logic webconfig.php file is included below. You should obtain a copy of the starter kit from Decision Logic. webconfig.php is included in the script below – so you’ll need it to make this script work.
<h5>Decision Logic</h5> <?php include_once("../includes/dbConn.php"); // database connection // id & email address parameters $id = 0; $email = ""; $valid = true; if (isset($_REQUEST['id'])) { $id = sanitize($_REQUEST['id']); } if (isset($_REQUEST['email'])) { $email = sanitize($_REQUEST['email']); } // verify id and email match to an applicant $pdoConnection = pdoConnection(); // from dbConn.php $query = "SELECT * FROM applications WHERE ID = :id AND email = :email"; $pdoStatement = $pdoConnection->prepare($query); $pdoStatement->bindParam(':id', $id); $pdoStatement->bindParam(':email', $email); $pdoStatement->execute(); $row_count = $pdoStatement->rowCount(); $result = $pdoStatement->fetch(); if ($row_count == 0) { $valid = false; echo "<p>You have reached this page in error.</p>"; echo "<p>You must follow a link provided to you from Example.com to complete the decision logic process.</p>"; } else { $fname = $result['fname']; $lname = $result['lname']; $bank_account = $result['bank_account']; // bank account number (this should be encrypted) $bank_routing = $result['bank_routing']; // bank routing number (this should be encrypted) $dl_completed = $result['dl_completed']; // Y/N field indicating the decision logic process has already been completed? $dl_requestcode = $result['dl_requestcode']; // unique request code created below - used on decision logic notification to match to applicant } // already completed? if ($dl_completed == "Y") { $valid = false; echo "<p>You have already completed the decision logic process</p>"; } // display the iframe if ($valid) { require_once("../dl/webconfig.php"); $profileGuid = "ad2f3c98-fea1-4219-91f5-9c9e74b6ef71"; // starter kit (you must obtain a unique profile guid - specific to each URL you present the iframe on) $customerId = uuid(); $contentServiceId = 0; // Turn off WSDL caching (during testing) $ini = ini_set("soap.wsdl_cache_enabled","0"); // SoapClient $client = new SoapClient($serviceWSDL); // string serviceKey, string siteUserGuid, string profileGuid, string customerId, string firstName, string lastName, string accountNumber, string routingNumber, int contentServiceId // Request $requestParms = array( 'serviceKey' => $serviceKey, 'siteUserGuid' => $siteUserGuid, 'profileGuid' => $profileGuid, 'customerId' => $customerId, 'firstName' => $fname, 'lastName' => $lname, 'accountNumber' => $bank_account, 'routingNumber' => $bank_routing, 'contentServiceId' => $contentServiceId ); // Call "CreateRequest" to get requestCode for the IFRAME src try { $requestCode = $client->CreateRequest($requestParms)->CreateRequestResult; // update the database with the request code so we can retrieve with Decision Logic's notification post $query = "UPDATE applications SET dl_requestcode = :requestCode WHERE id = :id"; $pdoStatement = $pdoConnection->prepare($query); $pdoStatement->bindParam(':id', $id); $pdoStatement->bindParam(':requestCode', $requestCode); $pdoStatement->execute(); echo "<p>Please complete the following information to verify your account.</p>"; echo "<iframe id='iframe1' src='https://widget.decisionlogic.com/Service.aspx?requestCode=$requestCode' frameborder='0' width='870' height='500' />\n"; } catch (Exception $ex) { // var_dump($ex); echo "<p>An error occurred while processing the decision logic request</p>"; } } $pdoConnection = null; ?>
The webconfig.php file from the Decision Logic starter kit:
<?php // https://localhost/dlphp // Credentials $serviceWSDL = 'https://www.decisionlogic.com/integration.asmx?WSDL'; $serviceKey = '78HGNN5PTJH2'; $siteUserGuid = 'f90a1b4e-ad32-42e4-9c29-49b267c38744'; $defaultProfileId = 'ad2f3c98-fea1-4219-91f5-9c9e74b6ef71'; function uuid() { // The field names refer to RFC 4122 section 4.1.2 return sprintf('%04x%04x-%04x-%03x4-%04x-%04x%04x%04x', mt_rand(0, 65535), mt_rand(0, 65535), // 32 bits for "time_low" mt_rand(0, 65535), // 16 bits for "time_mid" mt_rand(0, 4095), // 12 bits before the 0100 of (version) 4 for "time_hi_and_version" bindec(substr_replace(sprintf('%016b', mt_rand(0, 65535)), '01', 6, 2)), // 8 bits, the last two of which (positions 6 and 7) are 01, for "clk_seq_hi_res" // (hence, the 2nd hex digit after the 3rd hyphen can only be 1, 5, 9 or d) // 8 bits for "clk_seq_low" mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535) // 48 bits for "node" ); } ?>
The script to process the Decision Logic notification post:
<?php include_once("../includes/dbConn.php"); // database connection // parameters $rc = ""; // request code $fn = ""; // first name $ln = ""; // last name $an = ""; // account number $rn = ""; // routing number $csid = ""; // content service id $s = ""; // status $pg = ""; // profile guid $sug = ""; // site user guid $cid = ""; // customer id if (isset($_REQUEST['rc'])) { $rc = sanitize($_REQUEST['rc']); } if (isset($_REQUEST['fn'])) { $fn = sanitize($_REQUEST['fn']); } if (isset($_REQUEST['ln'])) { $ln = sanitize($_REQUEST['ln']); } if (isset($_REQUEST['an'])) { $an = sanitize($_REQUEST['an']); } if (isset($_REQUEST['rn'])) { $rn = sanitize($_REQUEST['rn']); } if (isset($_REQUEST['csid'])) { $csid = sanitize($_REQUEST['csid']); } if (isset($_REQUEST['s'])) { $s = sanitize($_REQUEST['s']); } if (isset($_REQUEST['pg'])) { $pg = sanitize($_REQUEST['pg']); } if (isset($_REQUEST['sug'])) { $sug = sanitize($_REQUEST['sug']); } if (isset($_REQUEST['cid'])) { $cid = sanitize($_REQUEST['cid']); } // locate application if ($rc != "") { $query = "SELECT * FROM applications WHERE dl_requestcode = :requestCode"; $pdoStatement = $pdoConnection->prepare($query); $pdoStatement->bindParam(':requestCode', $rc); $pdoStatement->execute(); $row_count = $pdoStatement->rowCount(); $result = $pdoStatement->fetch(); if ($row_count > 0) { $id = $result["id"]; // translate result status $dl_result = $s; if ($s == "0") { $dl_result = "0 – Not Stated"; } if ($s == "1") { $dl_result = "1 – Account Error"; } if ($s == "2") { $dl_result = "2 – Bank Error"; } if ($s == "3") { $dl_result = "3 – Login Verified"; } $dl_completed = 'Y'; $query = "UPDATE applications"; $query .= " SET dl_requestcode = :requestCode"; $query .= ", dl_completed = :dl_completed"; $query .= ", dl_result = :dl_result"; $query .= ", dl_routing = :rn"; // bank routing number (this should be encrypted) $query .= ", dl_account = :an"; // bank account number (this should be encrypted) $query .= " WHERE id = :id"; $pdoStatement = $pdoConnection->prepare($query); $pdoStatement->bindParam(':requestcode ', $requestcode); $pdoStatement->bindParam(':dl_completed ', $dl_completed); $pdoStatement->bindParam(':dl_result ', $dl_result); $pdoStatement->bindParam(':dl_routing ', $rn); $pdoStatement->bindParam(':dl_account ', $an); $pdoStatement->bindParam(':id', $id); $pdoStatement->execute(); } } ?>
References
PHP Include
PHP Isset
PHP if
PHP echo
PHP count
PHP ini_set
PHP PDO Prepared Statements
PHP $_REQUEST
PHP Arrays