From Md5 To Sha256

Hello,

the bank informed us that we should migrate our payment gateway from Md5 to SHA256, could you please help us to do it? we are using the following code:

if ( !defined(‘AREA’) ) { die(‘Access denied’); }

if (defined(‘PAYMENT_NOTIFICATION’)) {

$payment_id = db_get_field("SELECT payment_id FROM ?:orders WHERE order_id = ?i", $_REQUEST['order_id']);
$processor_data = fn_get_payment_method_data($payment_id);

switch ($_REQUEST['vpc_TxnResponseCode']) {
	case '0':
		$pp_response['order_status'] = 'P';
		break;
	case 'C':
		$pp_response['order_status'] = 'C';
		break;
	case '7':
		$pp_response['order_status'] = 'F';
		break;
	default:
		$pp_response['order_status'] = 'D';
		break;
}

$pp_response['reason_text'] = $_REQUEST['vpc_Message'];
$pp_response['transaction_id'] = $_REQUEST['vpc_TransactionNo'];

if (fn_check_payment_script('zienthbank.php', $_REQUEST['order_id'])) {
	fn_finish_payment($_REQUEST['order_id'], $pp_response, false);
	fn_order_placement_routines('route', $_REQUEST['order_id']);
}

exit;

} else {
$current_location = Registry::get(‘config.current_location’);
$total = $order_info[‘total’] * 100;

$post['vpc_Version'] = '1';
$post['vpc_Command'] = 'pay';
$post['vpc_MerchTxnRef'] = $order_id;
$post['vpc_AccessCode'] = $processor_data['processor_params']['accesscode'];
$post['vpc_Merchant'] = $processor_data['processor_params']['merchant'];
$post['vpc_OrderInfo'] = $order_id;
$post['vpc_Amount'] = $total;
$post['vpc_Locale'] = "en_EN";
$post['vpc_ReturnURL'] = "$current_location/$index_script?dispatch=payment_notification.finish&payment=zienthbank&order_id=$order_id";

ksort($post);

$md5hash = $processor_data['processor_params']['securehashsecret'];

foreach ($post as $k => $v) {
	$md5hash .= $v;
}

$post['vpc_SecureHash'] = strtoupper(md5($md5hash));

// MasterCard Payment Gateway
echo << EOT;

foreach ($post as $name => $value) {
echo “\n”;
}

$msg = fn_get_lang_var(‘text_cc_processor_connection’);
$msg = str_replace(‘[processor]’, ‘migs.mastercard.com.au’, $msg);
echo <<

{$msg}

EOT;

}

exit;
?>

Try to replace

$post['vpc_SecureHash'] = strtoupper(md5($md5hash));

with

$post['vpc_SecureHash'] = strtoupper(hash('sha256', $md5hash));

and check the result

Try to replace

$post['vpc_SecureHash'] = strtoupper(md5($md5hash));

with

$post['vpc_SecureHash'] = strtoupper(hash('sha256', $md5hash));

and check the result

i got this error:

HTTP Status - 400

E5000: Cannot form a matching secure hash based on the merchant's request using either of the two merchant's secrets

i got this error:
HTTP Status - 400
E5000: Cannot form a matching secure hash based on the merchant's request using either of the two merchant's secrets

In this case it is required to request more details from the bank

In this case it is required to request more details from the bank

Hello,

i have received the following detailed from the bank:

Example
An example using PHP coding language to change from MD5 Hash to SHA 256 is shown below:

Step 1: Create string with transaction data via the merchant application.

Example PHP Code:
foreach($_POST as $key => $value) {
// create the hash input and URL leaving out any fields that have no value
if (strlen($value) > 0) {

?>

0) && ((substr($key, 0,4)=="vpc_") || (substr($key,0,5) =="user_"))) { $hashinput .= $key . "=" . $value . "&"; } } Example String Code Generated: user_SessionId=567890&vpc_AccessCode=75A6GH9&vpc_Amount=1000&vpc_CardExp=1305&vpc_CardNum=345678901234564&vpc_Command=pay&vpc_MerchTxnRef=txn1&vpc_Merchant=MasterCard ITESTMERCHANT&vpc_Version=1 Step 2: Create SHA-256 HMAC • Obtain Secure Hash Secret either from existing MD5 calculation or from Merchant Administration • Calculate SHA-256 HMAC using the secret as a key to produce the secure hash • Add the hash to the request string to send to the gateway Example PHP Code: } $hashinput = rtrim($hashinput, "&"); ?>


Example SHA-256 HMAC Generated:
The Secure Hash Secret obtained from Merchant Administration/ Existing MD5 calculation :
3812B7C7D21726AAC9633E1D42BD43A73A329F8906C248EFAF9CEC354F8B0C08

Calculate SHA256 HMAC using the secret as a key to produce the secure hash:
7C6866D0B1DF14FE03FA4168F3328C2D33E192E7 CA5D08F5D4533F044A866D41

Add the hash to the request string to send to the gateway:
user_SessionId=567890&vpc_AccessCode=75A6GH9&vpc_Amount=1000&vpc_CardExp=1305&vpc_CardNum=345678901234564&vpc_Command=pay&vpc_MerchTxnRef=txn1&vpc_Merchant=MasterCardITESTMERCHANT&vpc_Version=1&vpc_SecureHash=7C6866D0B1DF14FE03FA4168F3328C2D33E192E7 CA5D08F5D4533F044A866D41&vpc_SecureHashType=SHA256

so i modified the code as below:

if ( !defined(‘AREA’) ) { die(‘Access denied’); }

if (defined(‘PAYMENT_NOTIFICATION’)) {

$payment_id = db_get_field("SELECT payment_id FROM ?:orders WHERE order_id = ?i", $_REQUEST['order_id']);
$processor_data = fn_get_payment_method_data($payment_id);

switch ($_REQUEST['vpc_TxnResponseCode']) {
	case '0':
		$pp_response['order_status'] = 'P';
		break;
	case 'C':
		$pp_response['order_status'] = 'C';
		break;
	case '7':
		$pp_response['order_status'] = 'F';
		break;
	default:
		$pp_response['order_status'] = 'D';
		break;
}

$pp_response['reason_text'] = $_REQUEST['vpc_Message'];
$pp_response['transaction_id'] = $_REQUEST['vpc_TransactionNo'];

if (fn_check_payment_script('zienthbank.php', $_REQUEST['order_id'])) {
	fn_finish_payment($_REQUEST['order_id'], $pp_response, false);
	fn_order_placement_routines('route', $_REQUEST['order_id']);
}

exit;

} else {
$current_location = Registry::get(‘config.current_location’);
$total = $order_info[‘total’] * 100;

$post['vpc_Version'] = '1';
$post['vpc_Command'] = 'pay';
$post['vpc_MerchTxnRef'] = $order_id;
$post['vpc_AccessCode'] = $processor_data['processor_params']['accesscode'];
$post['vpc_Merchant'] = $processor_data['processor_params']['merchant'];
$post['vpc_OrderInfo'] = $order_id;
$post['vpc_Amount'] = $total;
$post['vpc_Locale'] = "en_EN";
$post['vpc_ReturnURL'] = "$current_location/$index_script?dispatch=payment_notification.finish&payment=zienthbank&order_id=$order_id";

ksort($post);

//$hashinput = $processor_data['processor_params']['securehashsecret'];
$secureSecret = $processor_data['processor_params']['securehashsecret'];

//foreach ($post as $k => $v) {
//	$md5hash .= $v;
//}

foreach ($post as $k => $v) {
// create the hash input and URL leaving out any fields that have no value
if (strlen($v) > 0) {

?>

0) && ((substr($k, 0,4)=="vpc_") || (substr($k,0,5) =="user_"))) { $hashinput .= $k . "=" . $v . "&"; } } $hashinput = rtrim($hashinput, "&"); ?>


$value) { // echo "\n"; //} $msg = fn_get_lang_var('text_cc_processor_connection'); $msg = str_replace('[processor]', 'migs.mastercard.com.au', $msg); echo <<{$msg}
EOT; } exit; ?>

but still getting the same error.