All geek questions in one place

Master Card Redirects md5 to SHA-256 HMAC php

I have a gateway from migs, but they change md5 to SHA-256 HMAC, how can I change it in my code, I tried too many times, but I get error 400, I think there are some problems in my code

existing code

<?php $db1 = new ps_DB(); $q = "SELECT country_2_code FROM #__vm_country WHERE country_3_code='".$user->country."' ORDER BY country_2_code ASC"; $db1->query($q); $url = "https://migs.mastercard.com.au/vpcpay"; $SECURE_SECRET = MIGS_SS; $vpcURL = $url . "?"; $md5HashData = $SECURE_SECRET; $tax_total = $db->f("order_tax") + $db->f("order_shipping_tax"); $discount_total = $db->f("coupon_discount") + $db->f("order_discount"); if( MIGS_TEST == 1) $amt123 = MIGS_TESTMODEAMT*100; else $amt123 = round(($db->f("order_total")+$tax_total-$discount_total)*100,2); $post_variables = Array( "vpc_Version" => "1", "vpc_Command" => "pay", "vpc_AccessCode" => MIGS_ACCESSCODE, "vpc_MerchTxnRef" => $db->f("order_id").'_'.$db->f("order_number"), "vpc_Merchant" => MIGS_MID, "vpc_OrderInfo" => $VM_LANG->_('PHPSHOP_ORDER_PRINT_PO_NUMBER')."_". $db->f("order_id"), "vpc_Amount" => $amt123, "vpc_Locale" => 'en', "vpc_ReturnURL" => SECUREURL ."index.php?option=com_virtuemart& page=checkout.migs&order_id=".$db->f("order_id") ); ksort ($post_variables); if( $page == "checkout.thankyou" ) { $query_string = "?"; foreach( $post_variables as $name => $value ) { $query_string .= urlencode($name). "=" . urlencode($value) ."&"; //$vpcURL .= urlencode($name). "=" . urlencode($value) ."&"; $md5HashData .= $value; } if (strlen($SECURE_SECRET) > 0) { $query_string .= "vpc_SecureHash=" . strtoupper(md5($md5HashData)); //$vpcURL .= "vpc_SecureHash=" . strtoupper(md5($md5HashData)); } //die( $url.' pppppppp '.$query_string); vmRedirect( $url . $query_string ); } else { echo '<form action="'.$url.'" method="post" target="_blank">'; echo '<input type="image" name="submit" src="https://www.paypal.com/en_US /i/btn/x-click-but6.gif" alt="Click to pay with PayPal - it is fast, free and secure!" />'; foreach( $post_variables as $name => $value ) { echo '<input type="hidden" name="'.$name.'" value="'.htmlspecialchars($value).'" />'; } echo '</form>'; } ?>

new code i got from migs

  foreach($_POST as $key => $value) { // create the hash input and URL leaving out any fields that have no value if (strlen($value) > 0) { ?> <input type="hidden" name="<?php echo($key); ?>" value="<?php echo($value); ?>"/><br> <?php if ((strlen($value) > 0) && ((substr($key, 0,4)=="vpc_") || (substr($key,0,5) =="user_"))) { $hashinput .= $key . "=" . $value . "&"; } } } $hashinput = rtrim($hashinput, "&"); ?> <!-- attach SecureHash --> <input type="hidden" name="vpc_SecureHash" value="<?php echo(strtoupper(hash_hmac('SHA256', $hashinput, pack('H*',$securesecret)))); ?>"/> <input type="hidden" name="vpc_SecureHashType" value="SHA256">

how can i use it in my code? md5-based code works fine, but when I convert it to sha, error 400 occurs after reaching the gateway. I deleted the migs secret codes due to security issues.

+5
source share
3 answers

Try https://github.com/kareem3d/merchant-sample-code

I have only one problem in this code example, In https://github.com/kareem3d/merchant-sample-code/blob/master/functions.php you need to remove urlencode.

line: $ secureHash. = $ key. "=". $ value. "&";

+1
source

400 is probably an invalid hash

what you are trying to do is ascii sort and join with '&' the pairs of vpc values โ€‹โ€‹that will make the request (minus vpc_SecureHash and vpc_SecureHashType). Not a vpc_ReturnURL encoding url yet. Skip this line in hmac to create vpc_SecureHashSecret. Encode the return URL and create your request including vpc_SecureHash and vpc_SecureHashType

0
source

Since you did not indicate that your code after adapting to SHA256, I cannot be sure of your problem. But I think this is the problem of using urlencode() , because I met the same problem and fixed it that way.

0
source

Source: https://habr.com/ru/post/1259064/

More articles:


All Articles