topic Re: PHP - MD5 - Depreciated Stuff - Confusing Docs - What should I do next ... in Integration and Testing

PHP - MD5 - Depreciated Stuff - Confusing Docs - What should I do next ...

LesMizzell — Sun, 03 Mar 2019 20:12:10 GMT

OK, I'm one of those "confused" folks mentioned in another thread.

1. My client sends me a panic email - OMG our payment portal is going down, and a copy of the "MD5 Hash End of Life & Signature Key Replacement Update" email.

2. I start to research this. And I research some more. Then even more.

3. OK, I'm confused. There seems to be conflicting stuff in different docs, and different docs telling me I need to be doing different things. What I need is for somebody to point me to "THE COMPLETE IDIOTS GUILD TO GETTING THIS RIGHT WITH NO CONFLICTING INFORMATION".

4. I'm using a relay response method. Current code is below. From what I can tell, in addition to the HD5 end of life, this method has been depreciated and is near end of life too (don't remember ever getting a notice about that), so at some point it will go away. While I'm trying to figure out the HD5 issue, I might as well rewrite the whole thing to whatever the current acceptable method is.
- One place tells me (I think) I should be using Webhooks
- Somewhere else says Authorize.Net API

OK questions ...
1. Exactly what method should I start using?
This is an insurance application, so all I need to send to autho, other then the credit card info, is a transaction number and the amount (see code below). Nothing complicated at all. One time payment per application and done.

2.What will actually happen on March ~~14,~~ no, 28.
If I want to be lazy (I don't), I can just comment the MD5 lines out a skip any type of hash verification completely at the moment. I'm not saying that's a smart thing to do, but it can be done. There's other security already built into the app. If I did than, would payments would keep processing without me changing anything other than killing the MD5 lines, or will it go down completely until I've rewritten things?

Question one above is the important thing. Considering what I'm doing now, point me to the correct replacement for that. Sheesh, I may be an idiot. Thanks in advance.

Current Stuff: PAYMENT PAGE

require_once 'anet_php_sdk/AuthorizeNet.php'; 
$relay_response_url = "https://www.MYWEBSITE.com/processing.php?id=".$enrollmentID; 
$api_login_id = 'My APD ID';
$transaction_key = 'xxxxxxxxxxxxxxxx';
$amount = "$totaltoCARD;";
$fp_sequence = $enrollmentID
echo AuthorizeNetDPM::getCreditCardForm($amount, $fp_sequence, $relay_response_url, $api_login_id, $transaction_key );

Current Stuff: RESPONSE PAGE

require_once 'anet_php_sdk/AuthorizeNet.php'; // The SDK

$api_login_id = 'My API LOGIN';
$md5_setting = "xxxxxx"; // MD5 Setting
$response = new AuthorizeNetSIM($api_login_id, $md5_setting);
$enrID = $_GET['enrid'];
$transID = $response->transaction_id;
//$transID = htmlentities($_GET['transaction_id']);
$responseC = $_GET['response_code'];

$payDATE = date('Y-m-d');

if ($response->isAuthorizeNet())
	{

// ALL MY PROCESSING GOES HERE ....

Re: PHP - MD5 - Depreciated Stuff - Confusing Docs - What should I do next ...

Renaissance — Mon, 04 Mar 2019 00:19:00 GMT

Hi @LesMizzell

I do not use DPM/SIM, but have helped many people on this forum who do. I have working code for SIM that I will be posting. I will also post working code for DPM when I have the chance, and you could greatly help me by posting a sample DPM form to submit in a sandbox. Here is what another user posted for SIM:

If you could post a sample request like this for DPM that will work (even if only works in md5 right now), I can test for validation and response in sha512. Also answer this question, in DPM you get the response through a silent post URL? I don't need your md5 setting values, ID, none of it. I just need a generic form like this with info populated. I will enter my own credentials.

Re: PHP - MD5 - Depreciated Stuff - Confusing Docs - What should I do next ...

Renaissance — Mon, 04 Mar 2019 17:47:43 GMT

@LesMizzell

See my latest post in this thread. The verification is a little different than how you have been doing it. It is just something I put together that works. Hope this helps you.

https://community.developer.authorize.net/t5/Integration-and-Testing/Working-php-hash-verification/m-p/66731#M40242

Re: PHP - MD5 - Depreciated Stuff - Confusing Docs - What should I do next ...

LesMizzell — Wed, 06 Mar 2019 14:29:15 GMT

Afternoon,

The code posted in my first message is exactly what I'm using now.
It's using the SDK to generate the credit card form. Here's the generated hidden fields for that...

<form method="post" action="https://secure.authorize.net/gateway/transact.dll">
<input type="hidden" name="x_amount" value="1.5225;">
<input type="hidden" name="x_delim_data" value="TRUE">
<input type="hidden" name="x_fp_hash" value="HashNumberHere">
<input type="hidden" name="x_fp_sequence" value="1111111">
<input type="hidden" name="x_fp_timestamp" value="1551882250">
<input type="hidden" name="x_login" value="MyLogIn">
<input type="hidden" name="x_relay_response" value="TRUE">
<input type="hidden" name="x_relay_url" value="https://www.MySite.com/account/relay_response.php?enrid=1111111">
<input type="hidden" name="x_version" value="3.1">
<input type="hidden" name="x_delim_char" value=",">

2nd block of code in my first message takes care of the rest.
That's pretty much it.

Re: PHP - MD5 - Depreciated Stuff - Confusing Docs - What should I do next ...

Renaissance — Wed, 06 Mar 2019 16:11:04 GMT

Check out what I just linked. I have tested and working DPM code on page 6 of the thread (link should take you straight to page 6, I think at current it is the very last post on page 6). Try that for your validation and if you still have issues post them here.