I am bit confused about the way you should calculate the hash. The integration guide and some integration kits calculates from all sorted parameters (PHP kit has got this part of the code commented out). However the PHP integration kit and some online tutorials calculates the request hash only from several of them (secret key,account id, amount, order, return url and mode) and actually works.
I am looking for an explanations of this state.
Also I am experiencing some difficulties with calculating the response hash.
$data = $config['secretKey'];
$hash = $params['SecureHash'];
unset($params['SecureHash']);
ksort($params);
foreach ($params as $param) {
if (strlen($param) > 0) {
$data .= '|' . $param;
};
}
$data = hash($config['hashAlgoritm'], $data); // The same hash algorithm used for request
return $data == $hash;
Also the response does not seem to contain the AccountID.
ResponseCode = '0'
ResponseMessage = 'Transaction Successful'
DateCreated = '2015-09-23 00:18:15'
PaymentID = '42609232'
MerchantRefNo = '223'
Amount = '1.00'
Mode = 'TEST'
BillingName = 'John Raj'
BillingAddress = 'Arcot Road'
BillingCity = 'Chennai'
BillingState = 'Tamil Nadu'
BillingPostalCode = '600001'
BillingCountry = 'IND'
BillingPhone = '04423452345'
BillingEmail = 'test@40test.test'
DeliveryName = 'John Esak'
DeliveryAddress = 'Arcot Road'
DeliveryCity = 'Chennai'
DeliveryState = 'Tamil Nadu'
DeliveryPostalCode = '600001'
DeliveryCountry = 'IND'
DeliveryPhone = '04423452345'
Description = 'Test Order Description'
IsFlagged = 'NO'
TransactionID = '110978476'
PaymentMethod = '1001'
RequestID = '7331147'
SecureHash = 'f9101f3cbf53be4da75e51c208775953'
So far, the calculating the request hash from the secret key, account id, amount, reference number, return url and mode seems as the right way.
$hashData = 'The secret key';
$hashType = 'md5'; // md5|sha1|sha250
$hash .= "|" . urlencode($params['account_id']) . "|"
. urlencode($params['amount']) . "|"
. urlencode($params['reference_no']) . "|"
. $params['return_url'] . "|"
. urlencode($params['mode']);
return hash($hashType, $hashData);
As for the response I was unable to reconstruct the way the secure hash should be calculated or even if the secure hash should be used for the verification at all. So I have switched to using the encrypted version of the response.
EBS does not specify what sort of algorithm should be used but it seams that it is some sort of RC4 cipher.
To use the encrypted response the return url must complain the following format as specified in knowledgebase: 'http://www.yourdomainname.com/response.extension?DR={DR}'
$DR = preg_replace("/\s/","+",$_GET['DR']);
$rc4 = new Crypt_RC4($secret_key);
$QueryString = base64_decode($DR);
$rc4->decrypt($QueryString);
$QueryString = explode('&',$QueryString);
$response = array();
foreach($QueryString as $param){
$param = explode('=',$param);
$response[$param[0]] = urldecode($param[1]);
}
return $response
The Crypt_RC43 class is then provided by EBS inside of Rc43 file which is part of the integration kits.
Note: The Rc43 file is not part of every integration kit. Some kits even includes the Crypt_RC43 class as private inner class of the controller. For mine implementation I have used the Rc43 file contained in Wordpress-3.7.x Donate integration kit.