Skip to main content

Paymentech Error in form submission x_fp_hash Could not validate the integrity of the payment

For those who use Chase paymentech hosted payment gateway might have gone through a rare error senario.

Here the user was shown a warning message and an email was also sent to user with error details.

-------------

Error in form submission

An error page was displayed to the customer.

x_fp_hash : Could not validate the integrity of the payment from the transaction

-------------


on the submission page to paymentech there is a field "x_fp_hash", the value in this field is a hash value which is generated using a combination of transaction key, x_fp_hash, x_fp_sequence, x_fp_timestamp, x_amount, and x_currency_code values of the request. This field values are passed through a PHP HASH_HMAC function.

The value of the x_fp_hash is cross checked with the hash string on paymentech side, if a match is found, the transaction is accepted, else the user is warned with a "x_fp_hash : Could not validate the integrity of the payment from the transaction" message.

Sometimes a hosting provider doesn't provide access to the Hash extension so the HASH_HMAC function may return a null value. So during submission the "x_fp_hash" field is empty, it will cause the above mention error.

Here is a clone of the hash_hmac function you can use in the event you need an HMAC generator and Hash is not available. It's only usable with MD5 and SHA1 encryption algorithms, but its output is identical to the official hash_hmac function

function custom_hmac($algo, $data, $key, $raw_output = false)
{
$algo = strtolower($algo);
$pack = 'H'.strlen($algo('TEST_CODE'));
$size = 64;
$opad = str_repeat(chr(0x5C), $size);
$ipad = str_repeat(chr(0x36), $size);

if (strlen($key) > $size) {
$key = str_pad(pack($pack, $algo($key)), $size, chr(0x00));
} else {
$key = str_pad($key, $size, chr(0x00));
}

for ($i = 0; $i < strlen($key) - 1; $i++) { $opad[$i] = $opad[$i] ^ $key[$i]; $ipad[$i] = $ipad[$i] ^ $key[$i]; } $output = $algo($opad.pack($pack, $algo($ipad.$data))); return ($raw_output) ? pack($pack, $output) : $output; }





Usage:
custom_hmac('md5', 'TEST STRING', 'SECRET_KEY', true);
custom_hmac('md5', 'TEST STRING', 'SECRET_KEY');


The following script will check whether the php built in HMAC hash generator return a hash key, else the custome function is called
-----use in paymentech script ------------------

// Generation of hash string for security check
$hashstr="$x_login^$x_fp_sequence^$x_fp_timestamp^$x_amount^$x_currency_code";
$x_fp_hash= hash_hmac('md5', $hashstr, $trans_key);
// if hash_hmac fails call custom hmac hash generator
if( $x_fp_hash == "" )
$x_fp_hash= trim( custom_hmac('md5', $hashstr, $trans_key) );

// assign the value of variable $x_fp_hash to "x_fp_hash" field of submission form.

--------------------------------



References:

hash_hmac — Generate a keyed hash value using the HMAC method
refer : http://php.net/manual/en/function.hash-hmac.php

*HMAC : hash message authentication code (HMAC)
refer: http://en.wikipedia.org/wiki/Hash-based_message_authentication_code

Hope this helps :)

Comments

Popular posts from this blog

Strange problem occured while trying to create a CSV file using PHP Script - The file is not seen on FTP but can download using file's absolute path url

Strange problem occured while trying to create a CSV file - The file is not seen on FTP but can download using file's absolute path url Last day I came across a strange problem when I tried to create a csv file on therver using a PHP script. the script was simply writing a given content as a csv file. The file will be created runtime. What happened was, The script executed fine, file handler for new file was created and contents was wrote into the file using fwrite and it returned the number of bytes that was written.

How to get the Query string of a URL using the Javascript (JS)?

JS function get the Query string of a URL or value of each parameter using the Javascript(JS)? If you want to get your current page's url var my_url=document.location; to get the query string part of the url use like this: var my_qry_str= location.search; this will return the part of the url starting from "?" following by query string Lets assume that your current page url is http://www.crozoom.com/2013/page.html?qry1=A&qry2=B then the location.search function will return " ?qry1=A&qry2=B " to exclue "?", do like this:


Urgent Openings for PHP trainees, Andriod / IOS developers and PHP developers in Kochi Trivandrum Calicut and Bangalore. Please Send Your updated resumes to recruit.vo@gmail.com   Read more »
Member
Search This Blog