I am in quandary as do not have developer. I am using the SIM method and MDHash5 want to upgrade to the accepted host and signature key but not sure how to do. My site is built on php/mysql. If I cannot find someone I am going to have to disable the Authorize.net payment option.
Not sure if will let me post email here or can reply or message me please. Thank you.
Solved! Go to Solution.
03-03-2019 12:11 PM
@RenaissanceYou are the best! You were the only one who was able to help me update the Hash to Signature key with my website. Thanks!
03-08-2019 10:50 AM
Hi @govirtual1
I can refer you to myself. Send me a PM. Click on my name and it will let you send me a message.
03-03-2019 04:20 PM
@RenaissanceYou are the best! You were the only one who was able to help me update the Hash to Signature key with my website. Thanks!
03-08-2019 10:50 AM
I have this procedural code that has been working fine for years. Its simple, straight forward and works. Now with the migration to HSA512 I wonder how I can upgrade, or if I need to. I tried to test it in a sandbox but sandboxes do not generate asignature key. Well here is the code:
function authorize_cc ($cc,$exp,$cvv,$amount,$first_name,$last_name,$login='',$tranKey='',$signatureKey=''){
$post_string = 'x_login=' . $login;
$post_string .= '&x_tran_key=' . $tranKey;
$post_string .= '&x_delim_data=TRUE';
$post_string .= '&x_url=FALSE';
$post_string .= '&x_type=AUTH_CAPTURE';
$post_string .= '&x_method=CC';
$post_string .= '&x_relay_response=FALSE';
$post_string .= '&x_card_num=' . $cc;
$post_string .= '&x_exp_date=' . $exp;
$post_string .= '&x_amount=' . $amount;
$post_string .= '&x_address=';
$post_string .= '&x_zip=';
$post_string .= '&x_card_code=' . $cvv;
$post_string .= '&x_name=' . $first_name . ' ' . $last_name;
//# New SHA512 hash
if ($signatureKey != '') {
$textToHash="^". $login."^". $tranKey ."^". $amount."^";
$sig = hash_hmac('sha512', $textToHash, hex2bin($signatureKey));
}
//# Now what do we do with $sig? Do we include the rest of the fields in the hash?
$test_url = 'https://test.authorize.net/gateway/transact.dll';
$production_url = 'https://secure2.authorize.net/gateway/transact.dll';
$curl_request = curl_init( $test_url );
curl_setopt( $curl_request, CURLOPT_POSTFIELDS, $post_string );
curl_setopt( $curl_request, CURLOPT_HEADER, 0 );
curl_setopt( $curl_request, CURLOPT_TIMEOUT, 45 );
curl_setopt( $curl_request, CURLOPT_RETURNTRANSFER, 1 );
curl_setopt( $curl_request, CURLOPT_SSL_VERIFYHOST, 2 );
curl_setopt( $curl_request, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2 );
curl_setopt( $curl_request, CURLOPT_SSL_VERIFYPEER, false );
$response = curl_exec( $curl_request );
curl_close( $curl_request );
$results = explode(',',$response);
return $results;
}
Could anyone give some point on what to do next?
03-14-2019 06:33 PM
You're using the wrong string in your fingerprint. More pressing than the fingerprint is the validation of the response. You will need to implement a sha512 response validation or you will have to disable response validation completely once the md5 is gone.
03-16-2019 01:00 PM
That is my question. How can I implement SHA512 in my routine? I am using a sand box to test it but the sand box does not gives you a way to generate a key, the only thing you get is the id and the transaction id. I have gone through the SDK, which is very cumbersome to follow, and I have not been able to pinpoint where SHA512 is used to connect through CURD. My function works well in production and also with the sandbox. All I need if a way to authorize credit cards and capture the transaction. I wish Authorize.net would give you points without refereing you to a cumbersome SDK.
03-17-2019 07:53 AM
03-17-2019 08:17 AM