How do you correctly validate worldpay's callback response

Question

I am having trouble validating callbacks from WorldPay for an e-commerce website.

According to the documentation WorldPay should POST a parameter named "transStatus" with a value of "Y" for successful transactions.

This seems straightforward enough so I have written a simple validation function that looks for this value:

private function validateRequest() {
    if ($_POST['transStatus'] == "Y"){
            return true;
        } else {
            throw new Exception("Transaction failed");
            die();
        }
    }
}

And when the callback page is run this function is called with a try like so:

 try {$this->validateRequest()}
    catch (Exception $e) {
        mail("email@address.com", $e->getMessage(), $e->getTraceAsString());
        throw new Exception("Could not validate payment.")
        die();
    }

Unfortunately when I test this WorldPay processes the payment successfully but the order is not completed by the rest of my code. I have checked my log files but am unable to see any exceptions or errors.

What is the best approach to take from here? How should I proceed in resolving this issue?

Answer 1

Here's how I resolved this in case anyone encounters a similar problem and stumbles across this in the future:

When I checked the contents of $_POST I realized that it was receiving "Y\n" instead of simply "Y", which it was expecting. Here's what I replaced the code with

if (strpos($_POST['transStatus'], 'Y') !== FALSE) { /* Order is verified */ } else { /* Order is not verified */ } 

As you can, now the code checks if 'Y' is found anywhere in the response. This works because there are only three possible responses worldpay will send: 'Y', 'N', 'C'.