MIGS 在线支付 SHA256 HMAC 错误
MIGS Online Payments SHA256 HMAC Error
Bendigo Bank 告诉我我们需要将 md5 更改为 SHA256。我已按照他们的说明进行操作,但出现此错误:
HTTP Status - 400
E5000: Cannot form a matching secure hash based on the merchant's request using either of the two merchant's secrets
他们的示例代码是这样的:
<?php foreach($_POST as $key => $value) {
if (strlen($value) > 0) { ?>
<input type="hidden" name="<?php echo($key); ?>" value="<?php echo($value); ?>"/><br>
<?php
if ((strlen($value) > 0) && ((substr($key, 0,4)=="vpc_") || (substr($key,0,5) =="user_"))) {
$hashinput .= $key . "=" . $value . "&";
}
}
}
$hashinput = rtrim($hashinput,"&");
?>
<!-- attach SecureHash -->
<input type="hidden" name="vpc_SecureHash" value="<?php echo(strtoupper(hash_hmac('SHA256', $hashinput, pack('H*',$securesecret)))); ?>"/>
<input type="hidden" name="vpc_SecureHashType" value="SHA256">
这是我的 post:
Array (
[AgainLink] => http://fallscreekcountryclub.com.au/make-a-booking/submit-booking.html
[b_terms] => 1
[chargetypeid] => 33
[deposit] => 580.00
[notes] => 4 Nights - 26/11/2016 to 30/11/2016
[propertyid] => 2
[total] => 580.00
[vpc_AccessCode] => 903876BC
[vpc_Amount] => 58000
[vpc_Command] => pay
[vpc_Locale] => en
[vpc_MerchTxnRef] => 1479746896
[vpc_Merchant] => BBL5800396
[vpc_OrderInfo] => Studio Deluxe
[vpc_ReturnURL] => http://fallscreekcountryclub.com.au/make-a-booking/booking-complete.html
[vpc_Version] => 1
)
这是我的代码:
$appendAmp = 0;
$isencoded = '';
$notencoded = '';
foreach($_POST as $key => $value) {
if (strlen($value) > 0) {
if ($appendAmp == 0) :
$notencoded .= $key . '=' . $value;
$isencoded .= urlencode($key) . '=' . urlencode($value);
$appendAmp = 1;
else :
$notencoded .= '&' . $key . '=' . $value;
$isencoded .= '&' . urlencode($key) . '=' . urlencode($value);
endif;
}
}
if (strlen($SECURE_SECRET) > 0) {
#$vpcURL .= "&vpc_SecureHash=" . strtoupper(md5($md5HashData));
$SecureHash = strtoupper(hash_hmac('SHA256',$notencoded,pack('H*',$SECURE_SECRET)));
$SecureHashType = 'SHA256';
}
$vpcURL .= $notencoded.'&vpc_SecureHash='.$SecureHash.'&vpc_SecureHashType='.$SecureHashType;
我有 "isencoded" 和 "notencoded" 因为我看到有人说 不要 对 vpc_ReturnURL 的字符串进行 urlencode 直到我构建vpcURL,但均无效。
vpcURL 的 urlencoded 版本是:
https://migs.mastercard.com.au/vpcpay?AgainLink=http%3A%2F%2Ffallscreekcountryclub.com.au%2Fmake-a-booking%2Fsubmit-booking.html&b_terms=1&chargetypeid=33&deposit=580.00¬es=4+Nights+-+26%2F11%2F2016+to+30%2F11%2F2016&propertyid=2&total=580.00&vpc_AccessCode=903876BC&vpc_Amount=58000&vpc_Command=pay&vpc_Locale=en&vpc_MerchTxnRef=1479746896&vpc_Merchant=BBL5800396&vpc_OrderInfo=Studio+Deluxe&vpc_ReturnURL=http%3A%2F%2Ffallscreekcountryclub.com.au%2Fmake-a-booking%2Fbooking-complete.html&vpc_Version=1&vpc_SecureHash=A5BA6503FC7A169A90C9AAC7039878F45D761180D874789172EB5A58298022E4&vpc_SecureHashType=SHA256
非urlencoded版本为:
https://migs.mastercard.com.au/vpcpay?AgainLink=http://fallscreekcountryclub.com.au/make-a-booking/submit-booking.html&b_terms=1&chargetypeid=33&deposit=580.00¬es=4 Nights - 26/11/2016 to 30/11/2016&propertyid=2&total=580.00&vpc_AccessCode=903876BC&vpc_Amount=58000&vpc_Command=pay&vpc_Locale=en&vpc_MerchTxnRef=1479746896&vpc_Merchant=BBL5800396&vpc_OrderInfo=Studio Deluxe&vpc_ReturnURL=http://fallscreekcountryclub.com.au/make-a-booking/booking-complete.html&vpc_Version=1&vpc_SecureHash=A5BA6503FC7A169A90C9AAC7039878F45D761180D874789172EB5A58298022E4&vpc_SecureHashType=SHA256
关于我做错了什么有什么想法吗??我打电话给银行,他们帮不了我,他们根本不知道我在说什么..
我知道 $SECURE_SECRET 数字是正确的,因为它与我用于原始 md5 哈希的数字相同。所以问题出在 sha256 哈希上,我不确定为什么,也不知道如何解决它。
尝试从哈希处理的字符串中排除 vpc_SecureHash 和 vpc_SecureHashType。这是代码片段
https://gist.github.com/lucasnetau/bcacb528d664f0ad1339086c1a585021
让我知道它是否有效..
- 在链接参数之前使用
ksort() 对数组进行排序。
- 不要使用
urlencode()处理vpc_ReturnURL,这会使SHA256哈希结果不正确。以下是我从官方故障排除指南中找到的内容:
c) Make sure that the vpc_ReturnURL is not URL encoded (i.e. the "/" becomes %2f)
You can use the following link to decode a URL - http://meyerweb.com/eric/tools/dencoder/
Sample sorted string based on this example as below: (Removed jsessionid, noheader, tdrid from output of 2b) i.e These elements can be removed prior to sorting the order
vpc_AccessCode=A837820A&vpc_Amount=100&vpc_Card=VC&vpc_CardNum=4222222222222&vpc_CardSecurityCode=100&vpc_Command=pay&vpc_Gateway=threeDSecure&vpc_Locale=en&vpc_MerchTxnRef=T2_7956&vpc_Merchant=TESTDIALECTTEST&vpc_ReturnURL=http://anjumpc:8080/dev-pg/payment/3dprocess.do&vpc_Version=1
- 不要 send/hash 键不以
vpc_ 开头的值,因为 MGIS 不关心这些值并且不会在哈希检查中使用这些值。指南也提到了这一点:
b) Remove unnecessary fields for Hash calculation such as vpc_SecureHashType, vpc_SecureHash and anything that does not begins with vpc_ or user_ - i.e fields highlighted in Bold in 2a above to be removed
- (忽略这个,SHA256可以用在工作的MIGS商户上)
您好,我正在与您分享我的工作代码。
享受。
$secretHash="xxxxxx";
$accessCode='xxxxx';
$merchantId='xxxxx';
$data = array(
"vpc_AccessCode" => $accessCode,
"vpc_Amount" => '100',
"vpc_Command" => 'pay',
"vpc_Locale" => 'en',
"vpc_MerchTxnRef" => "REF_".time(),
"vpc_Merchant" => $merchantId,
"vpc_OrderInfo" => "Order_N_".time(),
"vpc_ReturnURL" => urlencode("yourReturnUrl"),
"vpc_Version" => '1',
'vpc_SecureHashType' => 'SHA256'
);
ksort($data);
$hash = null;
foreach ($data as $k => $v) {
if (in_array($k, array('vpc_SecureHash', 'vpc_SecureHashType'))) {
continue;
}
if ((strlen($v) > 0) && ((substr($k, 0, 4)=="vpc_") || (substr($k, 0, 5) =="user_"))) {
$hash .= $k . "=" . $v . "&";
}
}
$hash = rtrim($hash, "&");
$secureHash = strtoupper(hash_hmac('SHA256', $hash, pack('H*', $secretHash)));
$paraFinale = array_merge($data, array('vpc_SecureHash' => $secureHash));
$actionurl = 'https://migs.mastercard.com.au/vpcpay?'.http_build_query($paraFinale);
//print_r($actionurl);
header("Location:".$actionurl);
Bendigo Bank 告诉我我们需要将 md5 更改为 SHA256。我已按照他们的说明进行操作,但出现此错误:
HTTP Status - 400
E5000: Cannot form a matching secure hash based on the merchant's request using either of the two merchant's secrets
他们的示例代码是这样的:
<?php foreach($_POST as $key => $value) {
if (strlen($value) > 0) { ?>
<input type="hidden" name="<?php echo($key); ?>" value="<?php echo($value); ?>"/><br>
<?php
if ((strlen($value) > 0) && ((substr($key, 0,4)=="vpc_") || (substr($key,0,5) =="user_"))) {
$hashinput .= $key . "=" . $value . "&";
}
}
}
$hashinput = rtrim($hashinput,"&");
?>
<!-- attach SecureHash -->
<input type="hidden" name="vpc_SecureHash" value="<?php echo(strtoupper(hash_hmac('SHA256', $hashinput, pack('H*',$securesecret)))); ?>"/>
<input type="hidden" name="vpc_SecureHashType" value="SHA256">
这是我的 post:
Array (
[AgainLink] => http://fallscreekcountryclub.com.au/make-a-booking/submit-booking.html
[b_terms] => 1
[chargetypeid] => 33
[deposit] => 580.00
[notes] => 4 Nights - 26/11/2016 to 30/11/2016
[propertyid] => 2
[total] => 580.00
[vpc_AccessCode] => 903876BC
[vpc_Amount] => 58000
[vpc_Command] => pay
[vpc_Locale] => en
[vpc_MerchTxnRef] => 1479746896
[vpc_Merchant] => BBL5800396
[vpc_OrderInfo] => Studio Deluxe
[vpc_ReturnURL] => http://fallscreekcountryclub.com.au/make-a-booking/booking-complete.html
[vpc_Version] => 1
)
这是我的代码:
$appendAmp = 0;
$isencoded = '';
$notencoded = '';
foreach($_POST as $key => $value) {
if (strlen($value) > 0) {
if ($appendAmp == 0) :
$notencoded .= $key . '=' . $value;
$isencoded .= urlencode($key) . '=' . urlencode($value);
$appendAmp = 1;
else :
$notencoded .= '&' . $key . '=' . $value;
$isencoded .= '&' . urlencode($key) . '=' . urlencode($value);
endif;
}
}
if (strlen($SECURE_SECRET) > 0) {
#$vpcURL .= "&vpc_SecureHash=" . strtoupper(md5($md5HashData));
$SecureHash = strtoupper(hash_hmac('SHA256',$notencoded,pack('H*',$SECURE_SECRET)));
$SecureHashType = 'SHA256';
}
$vpcURL .= $notencoded.'&vpc_SecureHash='.$SecureHash.'&vpc_SecureHashType='.$SecureHashType;
我有 "isencoded" 和 "notencoded" 因为我看到有人说 不要 对 vpc_ReturnURL 的字符串进行 urlencode 直到我构建vpcURL,但均无效。
vpcURL 的 urlencoded 版本是:
https://migs.mastercard.com.au/vpcpay?AgainLink=http%3A%2F%2Ffallscreekcountryclub.com.au%2Fmake-a-booking%2Fsubmit-booking.html&b_terms=1&chargetypeid=33&deposit=580.00¬es=4+Nights+-+26%2F11%2F2016+to+30%2F11%2F2016&propertyid=2&total=580.00&vpc_AccessCode=903876BC&vpc_Amount=58000&vpc_Command=pay&vpc_Locale=en&vpc_MerchTxnRef=1479746896&vpc_Merchant=BBL5800396&vpc_OrderInfo=Studio+Deluxe&vpc_ReturnURL=http%3A%2F%2Ffallscreekcountryclub.com.au%2Fmake-a-booking%2Fbooking-complete.html&vpc_Version=1&vpc_SecureHash=A5BA6503FC7A169A90C9AAC7039878F45D761180D874789172EB5A58298022E4&vpc_SecureHashType=SHA256
非urlencoded版本为:
https://migs.mastercard.com.au/vpcpay?AgainLink=http://fallscreekcountryclub.com.au/make-a-booking/submit-booking.html&b_terms=1&chargetypeid=33&deposit=580.00¬es=4 Nights - 26/11/2016 to 30/11/2016&propertyid=2&total=580.00&vpc_AccessCode=903876BC&vpc_Amount=58000&vpc_Command=pay&vpc_Locale=en&vpc_MerchTxnRef=1479746896&vpc_Merchant=BBL5800396&vpc_OrderInfo=Studio Deluxe&vpc_ReturnURL=http://fallscreekcountryclub.com.au/make-a-booking/booking-complete.html&vpc_Version=1&vpc_SecureHash=A5BA6503FC7A169A90C9AAC7039878F45D761180D874789172EB5A58298022E4&vpc_SecureHashType=SHA256
关于我做错了什么有什么想法吗??我打电话给银行,他们帮不了我,他们根本不知道我在说什么..
我知道 $SECURE_SECRET 数字是正确的,因为它与我用于原始 md5 哈希的数字相同。所以问题出在 sha256 哈希上,我不确定为什么,也不知道如何解决它。
尝试从哈希处理的字符串中排除 vpc_SecureHash 和 vpc_SecureHashType。这是代码片段
https://gist.github.com/lucasnetau/bcacb528d664f0ad1339086c1a585021
让我知道它是否有效..
- 在链接参数之前使用
ksort()对数组进行排序。 - 不要使用
urlencode()处理vpc_ReturnURL,这会使SHA256哈希结果不正确。以下是我从官方故障排除指南中找到的内容:
c) Make sure that the vpc_ReturnURL is not URL encoded (i.e. the "/" becomes %2f) You can use the following link to decode a URL - http://meyerweb.com/eric/tools/dencoder/ Sample sorted string based on this example as below: (Removed jsessionid, noheader, tdrid from output of 2b) i.e These elements can be removed prior to sorting the order
vpc_AccessCode=A837820A&vpc_Amount=100&vpc_Card=VC&vpc_CardNum=4222222222222&vpc_CardSecurityCode=100&vpc_Command=pay&vpc_Gateway=threeDSecure&vpc_Locale=en&vpc_MerchTxnRef=T2_7956&vpc_Merchant=TESTDIALECTTEST&vpc_ReturnURL=http://anjumpc:8080/dev-pg/payment/3dprocess.do&vpc_Version=1
- 不要 send/hash 键不以
vpc_开头的值,因为 MGIS 不关心这些值并且不会在哈希检查中使用这些值。指南也提到了这一点:
b) Remove unnecessary fields for Hash calculation such as vpc_SecureHashType, vpc_SecureHash and anything that does not begins with vpc_ or user_ - i.e fields highlighted in Bold in 2a above to be removed
- (忽略这个,SHA256可以用在工作的MIGS商户上)
您好,我正在与您分享我的工作代码。 享受。
$secretHash="xxxxxx";
$accessCode='xxxxx';
$merchantId='xxxxx';
$data = array(
"vpc_AccessCode" => $accessCode,
"vpc_Amount" => '100',
"vpc_Command" => 'pay',
"vpc_Locale" => 'en',
"vpc_MerchTxnRef" => "REF_".time(),
"vpc_Merchant" => $merchantId,
"vpc_OrderInfo" => "Order_N_".time(),
"vpc_ReturnURL" => urlencode("yourReturnUrl"),
"vpc_Version" => '1',
'vpc_SecureHashType' => 'SHA256'
);
ksort($data);
$hash = null;
foreach ($data as $k => $v) {
if (in_array($k, array('vpc_SecureHash', 'vpc_SecureHashType'))) {
continue;
}
if ((strlen($v) > 0) && ((substr($k, 0, 4)=="vpc_") || (substr($k, 0, 5) =="user_"))) {
$hash .= $k . "=" . $v . "&";
}
}
$hash = rtrim($hash, "&");
$secureHash = strtoupper(hash_hmac('SHA256', $hash, pack('H*', $secretHash)));
$paraFinale = array_merge($data, array('vpc_SecureHash' => $secureHash));
$actionurl = 'https://migs.mastercard.com.au/vpcpay?'.http_build_query($paraFinale);
//print_r($actionurl);
header("Location:".$actionurl);