All the code for this example can be found at: https://github.com/raisenow/HMACExample
Not that this is just an example and should not be used as is. First we implement a Class that can be used to calculate hmac signatures.
<?php
class RaiseNowSignature {
private static $defaultSignParameters = array(
'EPP_TRANSACTION_ID', // response only
'HMAC', // response only
'AMOUNT',
'CURRENCY',
'TEST_MODE',
'EPAYMENT_STATUS', // response only
'STORED_CUSTOMER*', // * will be replaced with a regex below
'STORED_PRODUCT*', // * will be replaced with a regex below
'STORED_TRANSACTION_TIME',
);
/**
*@param string $secret
*/
private $secret;
/**
* @param string $algorithm
*/
private $algorithm;
/**
* @param array $signature_parameters
* The names of the parameters that are be used to generate the signature.
*/
private $signParameters;
public function __construct($secret, $algorithm) {
$this->secret = $secret;
$this->algorithm = $algorithm;
$this->signParameters = self::$defaultSignParameters;
}
public function getSignParameters() {
return $this->signParameters;
}
public function setSignParameters($signParameters) {
$this->signParameters = $signParameters;
}
/**
* Signs payment message data.
*
* @param array $data
* Keys are POST parameter names, values are values.
*
* @return string
* The signature.
*/
function signData(array $data) {
// Filter parameters that are not needed for the signature.
ksort($data); // note that the parameters need to be sorted alphabetically
$signature_data_string = '';
foreach ($this->signParameters as $parameter) {
$signature_parameter_pattern = '/^' . str_replace('*', '\d+?', $parameter) . '$/i';
foreach ($data as $data_parameter => $value) {
if (strlen($value) && preg_match($signature_parameter_pattern, $data_parameter)) {
$signature_data_string .= $value;
}
}
}
return hash_hmac($this->algorithm, $signature_data_string, $this->secret);
}
}
Now let’s include that in our checkout process.
checkout.php
<?php
include('./RaiseNowSignature.php');
$algorithm = "sha256";
$secret = "secretyoumustbe";
// handle post request
if (count($_POST) > 0) {
$signature = new RaiseNowSignature($secret, $algorithm);
$hmac = $signature->signData($_POST);
$order = $_POST;
$order['hmac'] = $hmac;
include ('./reviewOrder.php');
exit();
} else {
// default order
$order = array(
'hmac' => '',
'payment_method' => 'VIS',
'amount' => '5000',
'currency' => 'chf',
'test_mode' => 'true',
'stored_product_name' => 'A book',
'stored_product_id' => '125',
'stored_customer_name' => 'John Tester',
'stored_transaction_time' => (new DateTime('now'))->format('U')
);
}
?>
<!-- render form -->
<html>
<head>
<title>RaiseNow Example Checkout with HMAC</title>
</head>
<body>
<h2>Make your order</h2>
<form action="./checkout.php" method="POST">
<input type="hidden" name="hmac" value="<?php echo $order['hmac'] ?>" />
<input type="hidden" name="stored_transaction_time" value="<?php echo $order['stored_transaction_time'] ?>" />
<label for="payment_method">Payment Method</label>
<input type="text" name="payment_method" value="<?php echo $order['payment_method'] ?>" />
<br />
<label for="amount">Amount</label>
<input type="text" name="amount" value="<?php echo $order['amount'] ?>" />
<br />
<label for="currency">Currency</label>
<input type="text" name="currency" value="<?php echo $order['currency'] ?>" />
<br />
<label for="test_mode">TestMode</label>
<input type="text" name="test_mode" value="<?php echo $order['test_mode'] ?>" />
<br />
<label for="stored_product_name">Product Name</label>
<input type="text" name="stored_product_name" value="<?php echo $order['stored_product_name'] ?>" />
<br />
<label for="stored_product_id">Product Id</label>
<input type="text" name="stored_product_id" value="<?php echo $order['stored_product_id'] ?>" />
<br />
<label for="stored_customer_name">Customer Name</label>
<input type="text" name="stored_customer_name" value="<?php echo $order['stored_customer_name'] ?>" />
<br />
<input type="submit" value="Order Now" />
</form>
</body>
</html>
reviewOrder.php
<html>
<head>
<title>RaiseNow Example Checkout with HMAC</title>
<body>
<h2>Review your order</h2>
<form action="<?php echo $submitUrl; ?>" method="POST">
<input type="hidden" name="hmac" value="<?php echo $order['hmac']; ?>" />
<input type="hidden" name="success_url" value="<?php echo $returnUrl; ?>" />
<input type="hidden" name="error_url" value="<?php echo $returnUrl; ?>" />
<input type="hidden" name="cancel_url" value="<?php echo $returnUrl; ?>" />
<!-- test card -->
<input type="hidden" name="cardno" value="4242424242424242" />
<input type="hidden" name="expy" value="15" />
<input type="hidden" name="expm" value="12" />
<input type="hidden" name="cvv" value="123" />
<input type="hidden" name="card_holder_name" value="test" />
<input type="hidden" name="reqtype" value="CAA" />
<input type="hidden" name="stored_transaction_time" value="<?php echo $order['stored_transaction_time'] ?>" />
<label for="payment_method">Payment Method: <?php echo $order['payment_method']; ?></label>
<input type="hidden" name="payment_method" value="<?php echo $order['payment_method'] ?>" />
<br />
<label for="amount">Amount: <?php echo $order['amount'] ?></label>
<input type="hidden" name="amount" value="<?php echo $order['amount'] ?>" />
<br />
<label for="currency">Currency: <?php echo $order['currency'] ?></label>
<input type="hidden" name="currency" value="<?php echo $order['currency'] ?>" />
<br />
<label for="test_mode">TestMode: <?php echo $order['test_mode'] ?></label>
<input type="hidden" name="test_mode" value="<?php echo $order['test_mode'] ?>" />
<br />
<label for="stored_product_name">Product Name: <?php echo $order['stored_product_name'] ?></label>
<input type="hidden" name="stored_product_name" value="<?php echo $order['stored_product_name'] ?>" />
<br />
<label for="stored_product_id">Product Id: <?php echo $order['stored_product_id'] ?></label>
<input type="hidden" name="stored_product_id" value="<?php echo $order['stored_product_id'] ?>" />
<br />
<label for="stored_customer_name">Customer Name: <?php echo $order['stored_customer_name'] ?></label>
<input type="hidden" name="stored_customer_name" value="<?php echo $order['stored_customer_name'] ?>" />
<br />
<input type="submit" value="Order Now" />
</form>
</body>
</html>
Now lets add a return.php that we can use as return url.
return.php
<?php
include('./RaiseNowSignature.php');
$algorithm = "sha256";
$secret = "secretyoumustbe";
$signature = new RaiseNowSignature($secret, $algorithm);
$hmac = $signature->signData($_GET);
$validationResult = ($hmac === $_GET['response_hmac'])? 'passed' : 'failed';
echo "<h1>HMAC Validation: " . $validationResult ."</h1>";
echo "</p>returned hmac: " .$_GET['response_hmac'];
echo "<br />calculated hmac: " .$hmac ."</p>";
echo "<br /><p>Payment Response:";
foreach ($_GET as $name => $value) {
echo "<br />" .$name .": " .$value;
}
echo "</p>";
?>
Comments
0 comments
Please sign in to leave a comment.