It’s a running joke PHP programmers aren’t real software developers. From my recent anecdotal evidence, that jest isn’t far from fiction.

Australian payment gateway eWAY gives sample PHP for using their API via SOAP, REST/JSON, POST, and RPC. You must register as a partner to get access to this sample code. Then they’ll harass you with unsolicited phone calls and email.

A PHP namespacing problem in eWAY sample code

Rather than a proper MVC solution, their sample pretends we live in 2001 by using single files of procedural PHP. Rapid3.0.php has eleven PHP class definitions with generic names including “Customer”, “Option”, and “Items”. Your e-commerce CMS also uses these class names for its internal model? Have fun resolving namespace conflicts. I renamed them Eway_Customer, Eway_Option, etc.

Potential PHP fatal error for WSDL queries

What if the SOAP service is unavailable or credentials are incorrect? Their sample code echoes a <h2> error message and invokes die(). This isn’t 2001. Instead recover gracefully.

PHP’s SoapClient has a bug where a PHP fatal notice triggers even with an error handler registered beforehand. From bug report WSDL error in SoapClient causes Fatal Error I found a workaround to this problem. Wrap the SoapClient constructor invocation with xdebug_disable() and xdebug_enable() to suppress this notice.

Make the following changes to methods CreateAccessCodeSOAP() and GetAccessCodeResultSOAP(). When CreateAccessCode($request) fails, just catch the generic Exception to recover. Then add the exception message to error_log() and display a more generic message to the customer. And please don’t print HTTP authorisation errors to a public page.

(I had to oddly structure this Exception code because PHP 5.4 and below don’t offer finally for try / catch blocks. You can instead attempt a __construct() / __destruct() workaround.)

Fixed sample code for eWAY access codes