Hi there. I'm trying to integrate with a payment gateway API, and as I'm fairly new to PHP, I'm having some trouble to proceed.

Basically, I have a form that goes to a specific URL (submitting URL). From the documentation: "Request information is submitted to payment platform with HttpsClient , and submitting mode is POST."

There is the customer-registration.php file, which requires the functions.php file that contains the information to md5-encrypt a string composed of several variables from the form. There is also a notify-url.php file which is the redirection page after registering a user.

Some variables are passed to the submitting URL on the payment server, but the XML response I get from there displays empty nodes for 3 variables that I should read back in order to complete the process (dateRegister, registerId and activationURL)

XML Response from the payment server:

<response>
    <operation>90</operation>
    <resultCode>0</resultCode>
    <merNo>10157</merNo>
    <email>me@gmail.com</email>
    <cardNumber>4111111111111111</cardNumber>
    <dateRegister/>
    <registerId/>
    <activationURL/>
    <remark>Invalid MD5Info</remark>
    <md5Info>FC0BB07DA01C551296054FBF167824B1</md5Info>
</response>

The customer-registration.php file looks like this:

<html>
<head>
<title>Customer Registration</title>

<?
require("functions.php");

//START SET VARIABLES
$merNo="10157";
$dateRequest="20120918073500";//AUTOMATE THIS!
$language="ENG";
$notifyURL="http://www.mydomain.com/notify-url.php";
//END SET VARIABLES

//START FORM FORCED VARIABLES
$email="me@gmail.com";
$cardNumber="4111111111111111";
$firstName="John";
$lastName="Smith";
$phone="9535658659";
$zipCode="98656";
$address="123 North Ave.";
$city="Geekytown";
$state="AZ";
$country="US";
//END FORM FORCED VARIABLES

$md5Key="44q9dn7WCUrLHgi8bPsdiBIlLi6WaHI0"; //MD5 key
$md5Info=MD5Encrypt($merNo,$email,$cardNumber,$dateRequest,$md5Key);
$crrurl="https://paymentdomain.com/xcp/register.jsp"; //Request submitting URL
?>

</head>

<body>

<form method="post" action="<?php echo $crrurl; ?>">

<input type=hidden name="merNo" value="<?php echo $merNo; ?>">
<input type=hidden name="dateRequest" value="<?php echo $dateRequest; ?>">
<input type=hidden name="language" value="<?php echo $language; ?>">
<input type=hidden name="notifyURL" value="<?php echo $notifyURL; ?>">
<input type=hidden name="md5Info" value="<?php echo $md5Info; ?>">

<!--START HIDDEN FORCED VARIABLES-->
<input type=hidden name="email" value="<?php echo $email; ?>">
<input type=hidden name="cardNumber" value="<?php echo $cardNumber; ?>">
<input type=hidden name="firstName" value="<?php echo $firstName; ?>">
<input type=hidden name="lastName" value="<?php echo $lastName; ?>">
<input type=hidden name="phone" value="<?php echo $phone; ?>">
<input type=hidden name="zipCode" value="<?php echo $zipCode; ?>">
<input type=hidden name="address" value="<?php echo $address; ?>">
<input type=hidden name="city" value="<?php echo $city; ?>">
<input type=hidden name="state" value="<?php echo $state; ?>">
<input type=hidden name="country" value="<?php echo $country; ?>">
<!--END HIDDEN FORCED VARIABLES-->

<INPUT TYPE="submit" value="submit">

</form>

</body>
</html>

Right now, I'm passing the pre-declared variables as hidden text inputs (later I'll change that so it's an actual user input form)

The functions.php file looks like this:

<?php
$merNo = $_POST["merNo"];
$email = $_POST["email"];
$cardNumber = $_POST["cardNumber"];
$dateRequest = $_POST["dateRequest"];
$md5Key="44q9dn7WCUrLHgi8bPsdiBIlLi6WaHI0"; //MD5 key

function MD5Encrypt($merNo,$email,$cardNumber,$dateRequest,$md5Key)
{
$str = "$merNo|$email|$cardNumber|$dateRequest|$md5Key";
$encryptedMD5 = md5($str);
return $encryptedMD5;
}

$completeurl = "https://paymentdomain.com/xcp/register.jsp";
$xml = simplexml_load_file($completeurl);

$operation = $xml->operation;
$resultCode = $xml->resultCode;
$merNo = $xml->merNo;
$email = $xml->email;
$cardNumber = $xml->cardNumber;
$dateRegister = $xml->dateRegister;
$registerId = $xml->registerId;
$activationURL = $xml->activationURL;
$remark = $xml->remark;
$md5Info = $xml->md5Info;

function verifyMD5($resultCode,$merNo,$email,$cardNumber,$registerId,$dateRegister,$activationURL,$md5Key, $md5Info)
{
$str = "$resultCode|$merNo|$email|$cardNumber|$registerId|$dateRegister|$activationURL|$md5Key";
  $encryptedMD5 = md5($str);
//echo $str."<BR>";
//echo "Generated CheckSum: ".$encryptedMD5."<BR>";
//echo "Received Checksum: ".$md5Info."<BR>";
  if($encryptedMD5 == $md5Info)
return "true" ;
  else
return "false" ;
}
?>

I'm not sure if I'm retrieving the XML response correctly. As per the API docs: "Response information is returned to client’s platform as XML."

And lastly, the notify-url.php file looks like this:

<html>
<head>
<title>Notify URL</title>
</head>
<body>

<?php
require("functions.php");

$md5Key = "44q9dn7WCUrLHgi8bPsdiBIlLi6WaHI0" ; //put in the 32 bit alphanumeric key in the quotes provided here

$retval = verifyMD5 ($resultCode,$merNo,$email,$cardNumber,$registerId,$dateRegister,$activationURL,$md5Key);

if($retval == "true" && $resultCode == "1")
{
echo "Thank you for shopping with us. Your credit card has been charged and your transaction is successful. We will be shipping your order to you soon.";

//Here you need to put in the routines for a successful 
//transaction such as sending an email to customer,
//setting database status, informing logistics etc etc

}
else if($retval == "true" && $resultCode == "0")
{
echo "Thank you for shopping with us. However it seems your credit card transaction failed.";

//Here you need to put in the routines for a failed
//transaction such as sending an email to customer
//setting database status etc etc

}
else if($retval == "true" && $resultCode == "2")
{
echo "Account was registered before, only Card Information has been added";

//Here you need to put in, the routines for a HIGH RISK 
//transaction such as sending an email to customer and explaining him a procedure,
//setting database status etc etc

}
else
{
echo "Security Error. Illegal access detected";

//Here you need to simply ignore this and dont need
//to perform any operation in this condition

}
?>
</body>
</html>

So, basically I would like to see if the logic is right at this point and then figure out why does the response from the payment server is not complete. As stated there: "Invalid MD5Info"

Thank you very much for any assistance, it would be greatly appreciated!

Maybe is the $md5Key, in your code:

$md5Key="44q9dn7WCUrLHgi8bPsdiBIlLi6WaHI0"; //MD5 key

but this doesn't seem a valid hash, for two reasons:

  • it's not lower case
  • there are invalid characters, an md5 hash is composed by hexadecimal numbers only, so: 0-9 a-f.

Now I'm wondering if this key is saved in the remote service and used to check data. If yes then it is probably giving an error.

Thansk, cereal.

Actually, the correct md5Key is 010264D416CA35BDA176004E3F72C06D. I just put the other one on the example as dummy text, sorry for the confussion. I tried to change it to lower case, but it still produces the same error.

Well running the parmaters you've provided through the MD5Encrypt function, using the MD5 key above, in both lower and uppercase provides MD5 info values of:

0db46e59925d21ca6dd57cdb0d81d616    // Lowercase
ef3e31841e34a8b0ea8907aec77b6375    // Uppercase

Neither of these seem to match the MD5 value returned by the server, which to me would suggest either the MD5 value or one of the posted parameters is incorrect.

Have you double checked that the correct value is being generated? No parameters are overwritten between being used in the function and included in the hidden form fields?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.