具有 php getChecksumFromString 功能的 paytm 支付网关不适用于本地
paytm payment gateway with php getChecksumFromString function not working with local
在 pg 重定向文件中,当我使用沙盒凭据调用付款时显示 500 并显示会话过期错误。
所有代码来自 https://github.com/Paytm-Payments/Paytm_Web_Sample_Kit_PHP
config_paytm.php
<?php
/*
- Use PAYTM_ENVIRONMENT as 'PROD' if you wanted to do transaction in production environment else 'TEST' for doing transaction in testing environment.
- Change the value of PAYTM_MERCHANT_KEY constant with details received from Paytm.
- Change the value of PAYTM_MERCHANT_MID constant with details received from Paytm.
- Change the value of PAYTM_MERCHANT_WEBSITE constant with details received from Paytm.
- Above details will be different for testing and production environment.
*/
define('PAYTM_ENVIRONMENT', 'TEST'); // PROD
define('PAYTM_MERCHANT_KEY', 'bKMfNxPPf_QdZppa'); //Change this constant's value with Merchant key downloaded from portal
define('PAYTM_MERCHANT_MID', 'DIY12386817555501617'); //Change this constant's value with MID (Merchant ID) received from Paytm
define('PAYTM_MERCHANT_WEBSITE', 'DIYtestingweb'); //Change this constant's value with Website name received from Paytm
$PAYTM_DOMAIN = "pguat.paytm.com";
if (PAYTM_ENVIRONMENT == 'PROD') {
$PAYTM_DOMAIN = 'secure.paytm.in';
}
define('PAYTM_REFUND_URL', 'https://'.$PAYTM_DOMAIN.'/oltp/HANDLER_INTERNAL/REFUND');
define('PAYTM_STATUS_QUERY_URL', 'https://'.$PAYTM_DOMAIN.'/oltp/HANDLER_INTERNAL/TXNSTATUS');
define('PAYTM_STATUS_QUERY_NEW_URL', 'https://'.$PAYTM_DOMAIN.'/oltp/HANDLER_INTERNAL/getTxnStatus');
define('PAYTM_TXN_URL', 'https://'.$PAYTM_DOMAIN.'/oltp-web/processTransaction');
?>
pg_redirect.php
<?php
header("Pragma: no-cache");
header("Cache-Control: no-cache");
header("Expires: 0");
// following files need to be included
require_once("./lib/config_paytm.php");
require_once("./lib/encdec_paytm.php");
$checkSum = "";
$paramList = array();
$ORDER_ID = $_POST["ORDER_ID"];
$CUST_ID = $_POST["CUST_ID"];
$INDUSTRY_TYPE_ID = $_POST["INDUSTRY_TYPE_ID"];
$CHANNEL_ID = $_POST["CHANNEL_ID"];
$TXN_AMOUNT = $_POST["TXN_AMOUNT"];
// Create an array having all required parameters for creating checksum.
$paramList["MID"] = PAYTM_MERCHANT_MID;
$paramList["ORDER_ID"] = $ORDER_ID;
$paramList["CUST_ID"] = $CUST_ID;
$paramList["INDUSTRY_TYPE_ID"] = $INDUSTRY_TYPE_ID;
$paramList["CHANNEL_ID"] = $CHANNEL_ID;
$paramList["TXN_AMOUNT"] = $TXN_AMOUNT;
$paramList["WEBSITE"] = PAYTM_MERCHANT_WEBSITE;
/*
$paramList["MSISDN"] = $MSISDN; //Mobile number of customer
$paramList["EMAIL"] = $EMAIL; //Email ID of customer
$paramList["VERIFIED_BY"] = "EMAIL"; //
$paramList["IS_USER_VERIFIED"] = "YES"; //
*/
//Here checksum string will return by getChecksumFromArray() function.
$checkSum = getChecksumFromString($paramList,PAYTM_MERCHANT_KEY);
//print_r($checkSum);
?>
<html>
<head>
<title>Merchant Check Out Page</title>
</head>
<body>
<center><h1>Please do not refresh this page...</h1></center>
<form method="post" action="<?php echo PAYTM_TXN_URL ?>" name="f1">
<table border="1">
<tbody>
<?php
foreach($paramList as $name => $value) {
echo '<input type="hidden" name="' . $name .'" value="' . $value . '">';
}
?>
<input type="hidden" name="CHECKSUMHASH" value="<?php echo $checkSum ?>">
</tbody>
</table>
<script type="text/javascript">
document.f1.submit();
</script>
</form>
</body>
</html>
encdec_paytm.php
<?php
function encrypt_e($input, $ky) {
$key = $ky;
$size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, 'cbc');
$input = pkcs5_pad_e($input, $size);
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', 'cbc', '');
$iv = "@@@@&&&&####$$$$";
mcrypt_generic_init($td, $key, $iv);
$data = mcrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$data = base64_encode($data);
return $data;
}
function decrypt_e($crypt, $ky) {
$crypt = base64_decode($crypt);
$key = $ky;
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', 'cbc', '');
$iv = "@@@@&&&&####$$$$";
mcrypt_generic_init($td, $key, $iv);
$decrypted_data = mdecrypt_generic($td, $crypt);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$decrypted_data = pkcs5_unpad_e($decrypted_data);
$decrypted_data = rtrim($decrypted_data);
return $decrypted_data;
}
function pkcs5_pad_e($text, $blocksize) {
$pad = $blocksize - (strlen($text) % $blocksize);
return $text . str_repeat(chr($pad), $pad);
}
function pkcs5_unpad_e($text) {
$pad = ord($text{strlen($text) - 1});
if ($pad > strlen($text))
return false;
return substr($text, 0, -1 * $pad);
}
function generateSalt_e($length) {
$random = "";
srand((double) microtime() * 1000000);
$data = "AbcDE123IJKLMN67QRSTUVWXYZ";
$data .= "aBCdefghijklmn123opq45rs67tuv89wxyz";
$data .= "0FGH45OP89";
for ($i = 0; $i < $length; $i++) {
$random .= substr($data, (rand() % (strlen($data))), 1);
}
return $random;
}
function checkString_e($value) {
$myvalue = ltrim($value);
$myvalue = rtrim($myvalue);
if ($myvalue == 'null')
$myvalue = '';
return $myvalue;
}
function getChecksumFromArray($arrayList, $key, $sort=1) {
if ($sort != 0) {
ksort($arrayList);
}
$str = getArray2Str($arrayList);
$salt = generateSalt_e(4);
$finalString = $str . "|" . $salt;
$hash = hash("sha256", $finalString);
$hashString = $hash . $salt;
$checksum = encrypt_e($hashString, $key);
return $checksum;
}
function getChecksumFromString($str, $key) {
$salt = generateSalt_e(4);
$finalString = $str . "|" . $salt;
$hash = hash("sha256", $finalString);
$hashString = $hash . $salt;
$checksum = encrypt_e($hashString, $key);
return $checksum;
}
function verifychecksum_e($arrayList, $key, $checksumvalue) {
$arrayList = removeCheckSumParam($arrayList);
ksort($arrayList);
$str = getArray2Str($arrayList);
$paytm_hash = decrypt_e($checksumvalue, $key);
$salt = substr($paytm_hash, -4);
$finalString = $str . "|" . $salt;
$website_hash = hash("sha256", $finalString);
$website_hash .= $salt;
$validFlag = "FALSE";
if ($website_hash == $paytm_hash) {
$validFlag = "TRUE";
} else {
$validFlag = "FALSE";
}
return $validFlag;
}
function verifychecksum_eFromStr($str, $key, $checksumvalue) {
$paytm_hash = decrypt_e($checksumvalue, $key);
$salt = substr($paytm_hash, -4);
$finalString = $str . "|" . $salt;
$website_hash = hash("sha256", $finalString);
$website_hash .= $salt;
$validFlag = "FALSE";
if ($website_hash == $paytm_hash) {
$validFlag = "TRUE";
} else {
$validFlag = "FALSE";
}
return $validFlag;
}
function getArray2Str($arrayList) {
$findme = 'REFUND';
$findmepipe = '|';
$paramStr = "";
$flag = 1;
foreach ($arrayList as $key => $value) {
$pos = strpos($value, $findme);
$pospipe = strpos($value, $findmepipe);
if ($pos !== false || $pospipe !== false)
{
continue;
}
if ($flag) {
$paramStr .= checkString_e($value);
$flag = 0;
} else {
$paramStr .= "|" . checkString_e($value);
}
}
return $paramStr;
}
function redirect2PG($paramList, $key) {
$hashString = getchecksumFromArray($paramList);
$checksum = encrypt_e($hashString, $key);
}
function removeCheckSumParam($arrayList) {
if (isset($arrayList["CHECKSUMHASH"])) {
unset($arrayList["CHECKSUMHASH"]);
}
return $arrayList;
}
function getTxnStatus($requestParamList) {
return callAPI(PAYTM_STATUS_QUERY_URL, $requestParamList);
}
function getTxnStatusNew($requestParamList) {
return callNewAPI(PAYTM_STATUS_QUERY_NEW_URL, $requestParamList);
}
function initiateTxnRefund($requestParamList) {
$CHECKSUM = getChecksumFromArray($requestParamList,PAYTM_MERCHANT_KEY);
$requestParamList["CHECKSUM"] = urlencode($CHECKSUM);
return callAPI(PAYTM_REFUND_URL, $requestParamList);
}
function callAPI($apiURL, $requestParamList) {
$jsonResponse = "";
$responseParamList = array();
$JsonData =json_encode($requestParamList);
$postData = 'JsonData='.$JsonData;
$ch = curl_init($apiURL);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: ' . strlen($postData))
);
$jsonResponse = curl_exec($ch);
$responseParamList = json_decode($jsonResponse,true);
return $responseParamList;
}
function callNewAPI($apiURL, $requestParamList) {
$jsonResponse = "";
$responseParamList = array();
$JsonData =json_encode($requestParamList);
$postData = 'JsonData='.urlencode($JsonData);
$ch = curl_init($apiURL);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: ' . strlen($postData))
);
$jsonResponse = curl_exec($ch);
$responseParamList = json_decode($jsonResponse,true);
return $responseParamList;
}
请检查您的服务器是否安装了mcrypt。在 90% 的情况下 – php-mcrypt 将已经安装并启用。
否则请在您的服务器中启用 mcrypt。
Unix 服务器:
鉴于每个服务器的配置都有些独特,因此很难为每个服务器提供说明,但是 – php-mcrypt 是一个 php 扩展,可以使用 apt-get 或 yum 安装安装(如果您使用的是 unix 服务器)。
CentOS:yum 安装 php-mcrypt 或 yum 安装 php5-mcrypt
Debian/Ubuntu:apt-get 安装 php-mcrypt 或 apt-get 安装 php5-mcrypt
安装后,确保重新启动 apache/web 服务器。
/etc/init.d/apache 重启或 httpd 服务重启
这应该会处理它。
在 pg 重定向文件中,当我使用沙盒凭据调用付款时显示 500 并显示会话过期错误。
所有代码来自 https://github.com/Paytm-Payments/Paytm_Web_Sample_Kit_PHP
config_paytm.php
<?php
/*
- Use PAYTM_ENVIRONMENT as 'PROD' if you wanted to do transaction in production environment else 'TEST' for doing transaction in testing environment.
- Change the value of PAYTM_MERCHANT_KEY constant with details received from Paytm.
- Change the value of PAYTM_MERCHANT_MID constant with details received from Paytm.
- Change the value of PAYTM_MERCHANT_WEBSITE constant with details received from Paytm.
- Above details will be different for testing and production environment.
*/
define('PAYTM_ENVIRONMENT', 'TEST'); // PROD
define('PAYTM_MERCHANT_KEY', 'bKMfNxPPf_QdZppa'); //Change this constant's value with Merchant key downloaded from portal
define('PAYTM_MERCHANT_MID', 'DIY12386817555501617'); //Change this constant's value with MID (Merchant ID) received from Paytm
define('PAYTM_MERCHANT_WEBSITE', 'DIYtestingweb'); //Change this constant's value with Website name received from Paytm
$PAYTM_DOMAIN = "pguat.paytm.com";
if (PAYTM_ENVIRONMENT == 'PROD') {
$PAYTM_DOMAIN = 'secure.paytm.in';
}
define('PAYTM_REFUND_URL', 'https://'.$PAYTM_DOMAIN.'/oltp/HANDLER_INTERNAL/REFUND');
define('PAYTM_STATUS_QUERY_URL', 'https://'.$PAYTM_DOMAIN.'/oltp/HANDLER_INTERNAL/TXNSTATUS');
define('PAYTM_STATUS_QUERY_NEW_URL', 'https://'.$PAYTM_DOMAIN.'/oltp/HANDLER_INTERNAL/getTxnStatus');
define('PAYTM_TXN_URL', 'https://'.$PAYTM_DOMAIN.'/oltp-web/processTransaction');
?>
pg_redirect.php
<?php
header("Pragma: no-cache");
header("Cache-Control: no-cache");
header("Expires: 0");
// following files need to be included
require_once("./lib/config_paytm.php");
require_once("./lib/encdec_paytm.php");
$checkSum = "";
$paramList = array();
$ORDER_ID = $_POST["ORDER_ID"];
$CUST_ID = $_POST["CUST_ID"];
$INDUSTRY_TYPE_ID = $_POST["INDUSTRY_TYPE_ID"];
$CHANNEL_ID = $_POST["CHANNEL_ID"];
$TXN_AMOUNT = $_POST["TXN_AMOUNT"];
// Create an array having all required parameters for creating checksum.
$paramList["MID"] = PAYTM_MERCHANT_MID;
$paramList["ORDER_ID"] = $ORDER_ID;
$paramList["CUST_ID"] = $CUST_ID;
$paramList["INDUSTRY_TYPE_ID"] = $INDUSTRY_TYPE_ID;
$paramList["CHANNEL_ID"] = $CHANNEL_ID;
$paramList["TXN_AMOUNT"] = $TXN_AMOUNT;
$paramList["WEBSITE"] = PAYTM_MERCHANT_WEBSITE;
/*
$paramList["MSISDN"] = $MSISDN; //Mobile number of customer
$paramList["EMAIL"] = $EMAIL; //Email ID of customer
$paramList["VERIFIED_BY"] = "EMAIL"; //
$paramList["IS_USER_VERIFIED"] = "YES"; //
*/
//Here checksum string will return by getChecksumFromArray() function.
$checkSum = getChecksumFromString($paramList,PAYTM_MERCHANT_KEY);
//print_r($checkSum);
?>
<html>
<head>
<title>Merchant Check Out Page</title>
</head>
<body>
<center><h1>Please do not refresh this page...</h1></center>
<form method="post" action="<?php echo PAYTM_TXN_URL ?>" name="f1">
<table border="1">
<tbody>
<?php
foreach($paramList as $name => $value) {
echo '<input type="hidden" name="' . $name .'" value="' . $value . '">';
}
?>
<input type="hidden" name="CHECKSUMHASH" value="<?php echo $checkSum ?>">
</tbody>
</table>
<script type="text/javascript">
document.f1.submit();
</script>
</form>
</body>
</html>
encdec_paytm.php
<?php
function encrypt_e($input, $ky) {
$key = $ky;
$size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, 'cbc');
$input = pkcs5_pad_e($input, $size);
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', 'cbc', '');
$iv = "@@@@&&&&####$$$$";
mcrypt_generic_init($td, $key, $iv);
$data = mcrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$data = base64_encode($data);
return $data;
}
function decrypt_e($crypt, $ky) {
$crypt = base64_decode($crypt);
$key = $ky;
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', 'cbc', '');
$iv = "@@@@&&&&####$$$$";
mcrypt_generic_init($td, $key, $iv);
$decrypted_data = mdecrypt_generic($td, $crypt);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$decrypted_data = pkcs5_unpad_e($decrypted_data);
$decrypted_data = rtrim($decrypted_data);
return $decrypted_data;
}
function pkcs5_pad_e($text, $blocksize) {
$pad = $blocksize - (strlen($text) % $blocksize);
return $text . str_repeat(chr($pad), $pad);
}
function pkcs5_unpad_e($text) {
$pad = ord($text{strlen($text) - 1});
if ($pad > strlen($text))
return false;
return substr($text, 0, -1 * $pad);
}
function generateSalt_e($length) {
$random = "";
srand((double) microtime() * 1000000);
$data = "AbcDE123IJKLMN67QRSTUVWXYZ";
$data .= "aBCdefghijklmn123opq45rs67tuv89wxyz";
$data .= "0FGH45OP89";
for ($i = 0; $i < $length; $i++) {
$random .= substr($data, (rand() % (strlen($data))), 1);
}
return $random;
}
function checkString_e($value) {
$myvalue = ltrim($value);
$myvalue = rtrim($myvalue);
if ($myvalue == 'null')
$myvalue = '';
return $myvalue;
}
function getChecksumFromArray($arrayList, $key, $sort=1) {
if ($sort != 0) {
ksort($arrayList);
}
$str = getArray2Str($arrayList);
$salt = generateSalt_e(4);
$finalString = $str . "|" . $salt;
$hash = hash("sha256", $finalString);
$hashString = $hash . $salt;
$checksum = encrypt_e($hashString, $key);
return $checksum;
}
function getChecksumFromString($str, $key) {
$salt = generateSalt_e(4);
$finalString = $str . "|" . $salt;
$hash = hash("sha256", $finalString);
$hashString = $hash . $salt;
$checksum = encrypt_e($hashString, $key);
return $checksum;
}
function verifychecksum_e($arrayList, $key, $checksumvalue) {
$arrayList = removeCheckSumParam($arrayList);
ksort($arrayList);
$str = getArray2Str($arrayList);
$paytm_hash = decrypt_e($checksumvalue, $key);
$salt = substr($paytm_hash, -4);
$finalString = $str . "|" . $salt;
$website_hash = hash("sha256", $finalString);
$website_hash .= $salt;
$validFlag = "FALSE";
if ($website_hash == $paytm_hash) {
$validFlag = "TRUE";
} else {
$validFlag = "FALSE";
}
return $validFlag;
}
function verifychecksum_eFromStr($str, $key, $checksumvalue) {
$paytm_hash = decrypt_e($checksumvalue, $key);
$salt = substr($paytm_hash, -4);
$finalString = $str . "|" . $salt;
$website_hash = hash("sha256", $finalString);
$website_hash .= $salt;
$validFlag = "FALSE";
if ($website_hash == $paytm_hash) {
$validFlag = "TRUE";
} else {
$validFlag = "FALSE";
}
return $validFlag;
}
function getArray2Str($arrayList) {
$findme = 'REFUND';
$findmepipe = '|';
$paramStr = "";
$flag = 1;
foreach ($arrayList as $key => $value) {
$pos = strpos($value, $findme);
$pospipe = strpos($value, $findmepipe);
if ($pos !== false || $pospipe !== false)
{
continue;
}
if ($flag) {
$paramStr .= checkString_e($value);
$flag = 0;
} else {
$paramStr .= "|" . checkString_e($value);
}
}
return $paramStr;
}
function redirect2PG($paramList, $key) {
$hashString = getchecksumFromArray($paramList);
$checksum = encrypt_e($hashString, $key);
}
function removeCheckSumParam($arrayList) {
if (isset($arrayList["CHECKSUMHASH"])) {
unset($arrayList["CHECKSUMHASH"]);
}
return $arrayList;
}
function getTxnStatus($requestParamList) {
return callAPI(PAYTM_STATUS_QUERY_URL, $requestParamList);
}
function getTxnStatusNew($requestParamList) {
return callNewAPI(PAYTM_STATUS_QUERY_NEW_URL, $requestParamList);
}
function initiateTxnRefund($requestParamList) {
$CHECKSUM = getChecksumFromArray($requestParamList,PAYTM_MERCHANT_KEY);
$requestParamList["CHECKSUM"] = urlencode($CHECKSUM);
return callAPI(PAYTM_REFUND_URL, $requestParamList);
}
function callAPI($apiURL, $requestParamList) {
$jsonResponse = "";
$responseParamList = array();
$JsonData =json_encode($requestParamList);
$postData = 'JsonData='.$JsonData;
$ch = curl_init($apiURL);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: ' . strlen($postData))
);
$jsonResponse = curl_exec($ch);
$responseParamList = json_decode($jsonResponse,true);
return $responseParamList;
}
function callNewAPI($apiURL, $requestParamList) {
$jsonResponse = "";
$responseParamList = array();
$JsonData =json_encode($requestParamList);
$postData = 'JsonData='.urlencode($JsonData);
$ch = curl_init($apiURL);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: ' . strlen($postData))
);
$jsonResponse = curl_exec($ch);
$responseParamList = json_decode($jsonResponse,true);
return $responseParamList;
}
请检查您的服务器是否安装了mcrypt。在 90% 的情况下 – php-mcrypt 将已经安装并启用。
否则请在您的服务器中启用 mcrypt。
Unix 服务器:
鉴于每个服务器的配置都有些独特,因此很难为每个服务器提供说明,但是 – php-mcrypt 是一个 php 扩展,可以使用 apt-get 或 yum 安装安装(如果您使用的是 unix 服务器)。
CentOS:yum 安装 php-mcrypt 或 yum 安装 php5-mcrypt
Debian/Ubuntu:apt-get 安装 php-mcrypt 或 apt-get 安装 php5-mcrypt
安装后,确保重新启动 apache/web 服务器。
/etc/init.d/apache 重启或 httpd 服务重启
这应该会处理它。