Our authorize.net processing is done in some OLD perl cgi code - any perl programmers out there?
We are trying to convert to the SHA-512 hashing. Our current processing uses MD5, via the perl module Digest::MD5.
I use LWP::UserAgent to POST directly to the secure.authorize.net gateway transact dll URL.
What I get returned is an array of values. The MD5 hash is currently in the 38th array element. Authorize.net has been unable to tell me where I can find the returned SHA-512 hash value to compare to what I am generating in the program.
For my test:
I changed it to use Digest::SHA for the hashing. I generated the signature key and have it stored in hex in our database.
my $sha512_string = '^' . $auth_net_login_id . '^' . $tranid . '^' . $grandtotal . '^';
my $key = pack 'H*', $sig_key; ##to convert the store hex value to binary - as recommended here
my $sha512 = Digest::SHA->new;
my $sent_sha512_hash = $sha512->hmac_sha512($sha512_string, $key);
When I display that value, it just shows a bunch of weird characters on the screen - I don't know if that's expected or not. I am only displaying it to compare to what comes from authorize.net.
When the values are returned from Authorize.net (in the array), I display all the elements. There is a value in element 68 that looks like a hex value but that isn't what is in the hash that I generated.
So, isn't the hash returned from Authorize.net in the array? If not, then how do I obtain it using the methods we currently have in place? I don't consider this as using the API. Or is the problem that I am hashing it wrong on my end?
I obtained the perl code for our current processing via Authorize.net MANY years ago from one of their perl customers. It has worked fine ever since. I do not have the knowledge, experience or brain power to change the whole process, unless someone could provide all the perl code (I know that's asking a lot). I also have a general knowlege of php but unfortunately the examples on this forum are too different from our perl process to be able to correlate the two.
I hope someone can help! Thanks in advance!
Solved! Go to Solution.
โ01-16-2019 11:07 AM
โ01-21-2019 09:55 AM
Here is my solution. I'm posting this again. Did not see me first post. Sorry if I didn't post correctly (newbie).
Here are the changes I made when posting to authorize.net:
#use Digest::HMAC_MD5 qw(hmac_md5_hex); # commented out use Digest::SHA qw(hmac_sha512_hex); # added this line $hmac_data = $x_login."^".$x_fp_sequence."^".$x_fp_timestamp."^".$x_amount."^"; # no change ### assigned my new transaction key from authorize.net to $transaction_key here $transaction_key = pack("H*", $transaction_key); # added this line # $x_fp_hash = hmac_md5_hex($hmac_data, $transaction_key); # commented out MD5 hash $x_fp_hash = hmac_sha512_hex($hmac_data,$transaction_key); # added this line
Processing response from authorize.net:
I Did not change the following method of processing variables:
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); ### Note: do not load "use CGI" @pairs = split(/&/, $buffer); %response=(); $x=0; foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $response{$name}=$value; }
Commented out the following old md5 lines below...
# use Digest::MD5 qw(md5 md5_hex md5_base64); # $data = $md5_key.$api_login_id.$response{x_trans_id}.$response{x_amount}; # $loc_MD5_hash = md5_hex($data); # $loc_MD5_hash = uc($loc_MD5_hash);
Added the following...
use Digest::SHA qw(hmac_sha512_hex); # assigned my new transaction key from authorize.net to $transaction_key here $keyx = pack("H*", $transaction_key); $data=qq~^$response{x_trans_id}^$response{x_test_request}^$response{x_response_code}^$response{x_auth_code}^$response{x_cvv2_resp_code}^$response{x_cavv_response}^$response{x_avs_code}^$response{x_method}^$response{x_account_number}^$response{x_amount}^$response{x_company}^$response{x_first_name}^$response{x_last_name}^$response{x_address}^$response{x_city}^$response{x_state}^$response{x_zip}^$response{x_country}^$response{x_phone}^$response{x_fax}^$response{x_email}^$response{x_ship_to_company}^$response{x_ship_to_first_name}^$response{x_ship_to_last_name}^$response{x_ship_to_address}^$response{x_ship_to_city}^$response{x_ship_to_state}^$response{x_ship_to_zip}^$response{x_ship_to_country}^$response{x_invoice_num}^~; $hash = hmac_sha512_hex($data,$transaction_key); $hash = uc($hash);
Finished processing as before...
Hope this helps.
โ01-21-2019 11:10 AM
I am just now starting to work on it after taking the weekend off.
I am trying to determine how to access the specific field names/values that are needed for hashing - since the current script accesses them as an array. Since I don't know where all the hashing fields are located within the array, I have to figure out how to access them another way. I'm not sure I have access to them as a params, when using the LWP::UserAgent that's in my script. I'm just not familiar enough with how all of this works, having gotten that code from someone else many moons ago.
But I'm plugging along, playing around with different ways of obtaining the values and just displaying them on the screen to try to figure this out. Right now I'm trying to deal with the dreaded 500 Internal Server error so am investigating in the error log to find out why.
I'll let you know if I need more help. Thanks for checking in!
โ01-21-2019 12:04 PM
If you want to try it without LWP (using raw processing) try this test script as your "x_relay_response_url" :
Note: You do not need or want to use "use CGI" in the same script with this method
#!/usr/bin/perl
MAIN:
{
#
# Read all responses from authorize.net
#
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
%response = ();
$x = 0;
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$response{$name}=$value;
}
#
# create a string of all required variables for the hash
#
$data = qq~^$response{x_trans_id}^$response{x_test_request}^$response{x_response_code}^$response{x_auth_code}^$response{x_cvv2_resp_code}^$response{x_cavv_response}^$response{x_avs_code}^$response{x_method}^$response{x_account_number}^$response{x_amount}^$response{x_company}^$response{x_first_name}^$response{x_last_name}^$response{x_address}^$response{x_city}^$response{x_state}^$response{x_zip}^$response{x_country}^$response{x_phone}^$response{x_fax}^$response{x_email}^$response{x_ship_to_company}^$response{x_ship_to_first_name}^$response{x_ship_to_last_name}^$response{x_ship_to_address}^$response{x_ship_to_city}^$response{x_ship_to_state}^$response{x_ship_to_zip}^$response{x_ship_to_country}^$response{x_invoice_num}^~;
#
# Display results
#
print qq~Content-type: text/html\n\n
<html>$data</html>~;
exit;
}
โ01-21-2019 12:57 PM
Thanks @airman81, but this is a bit greek to me and I AM using CGI in the same script, since it's used for the entire payment process, not just the authorization piece.
I am getting a response back, but can't figure out how to reference the field names and values. Here's the code I have:
my $useragent = LWP::UserAgent->new( protocols_allowed => ["https"] ); my $url = $merchant->{Payment_URL}; #secure.authorize.net/gateway/transact.dll my $request = POST( $url, $request_values ); #request values above is the name/value pairs being sent TO authorize.net my $response = $useragent->request( $request ); my @responses = split( /\Q|/, $response->content ); if( $response->is_success ) { $apiresponse = $response->content; foreach $pair(@responses) { # The next statement splits based on the pipe character: | # not sure what this accomplishes since it isn't referenced by name or val ($name,$val) = split(/\Q|/,$pair); } # split the words using the pipe character (|) as the delimiter. @words = split /\Q|/, $apiresponse; $response_code = $words[0]; #additional processing; check response code, hashing, checking hash, etc. }
The code (written by someone else) uses the @words array to find the values by element number. The documentation I found says not to do it that way because the order can change. So, I would like to reference them by name "x_trans_id", "x_SHA2_hash", etc. I just don't know HOW to do that. There is no $Query->param to work with. So, the names are probably in $responses or $apiresponses or SOMEWHERE. This is what I can't figure out - where/how do I access the field names and get the values - what syntax do I use?
It's been way too long since I've worked on these scripts!!!
โ01-21-2019 01:28 PM
โ01-21-2019 01:29 PM
โ01-21-2019 02:06 PM
If your just running test payments consider the following.
A way to debug is to insert the follwoing code and have the script just exit/abort while at the same time showing the results of what is assigned to $debug.
print qq~Content-type: text/html\n\n <html>$debug</html>~; exit;
After you place the above code into a test location of your choice just run a test payment and see what prints out.
example1:
foreach $pair(@responses) { # The next statement splits based on the pipe character: | # not sure what this accomplishes since it isn't referenced by name or val ($name,$val) = split(/\Q|/,$pair); $debug.="$name = $val<br>"; ### See what each name=val is } print qq~Content-type: text/html\n\n <html>$debug</html>~; exit; # split the words using the pipe character (|) as the delimiter.
example2:
@words = split /\Q|/, $apiresponse; $response_code = $words[0]; foreach (@words) { $debug.= "$_<br>"; } ### See what is in @words print qq~Content-type: text/html\n\n <html>$debug</html>~; exit;
example3:
foreach $pair(@responses) { # The next statement splits based on the pipe character: | # not sure what this accomplishes since it isn't referenced by name or val ($name,$val) = split(/\Q|/,$pair); $namedresponses{$name}=$val; ### Place values into a hash which you can reference by name } while (($k,$d) = each(%namedresponses)) { $debug.="$k = $d<br>"; } print qq~Content-type: text/html\n\n <html>$debug</html>~; exit; # split the words using the pipe character (|) as the delimiter.
โ01-21-2019 02:17 PM
I think the name, value is what I need, too, but the code that's there doesn't even USE those fields! I have no idea what it's doing. And it's splitting the individual pairs by using the pipe character rather than the equals. Should I expect an equals sign? I think the name/value pairs are separated by pipes but within each pair is there an equals sign that I should be splitting on?
All I'm doing at this point (I'm not even AT the point of creating the hash to compare to the one they're sending) is trying to figure out how I can access the individual values that have been returned by specific name. The existing code is just pulling out the values, and turning them into an array, then certain fields used later are extracted based on array element number. But the instructions for creating this hash says that they have to be in this specific order to generate the hash. I don't know where all those values ARE in the array.
So, I'm back to needing to figure out how to get the value associated with a specific field name x_trans_id, etc. I've got some other responses - so I'll check them and see where they take me and also check to see if splitting on the equals sign would help with the name/value pairs.
Sorry I'm not explaining myself very well. I've been away from serious programming for long enough that I can't "talk the language" anymore!!
Thanks.
โ01-21-2019 02:22 PM
I already have the program displaying test values and then exiting - and I just keep going back and forth to try different things. I LOVE the idea of creating the hash and then referencing them that way. I will probably try that.
HOWEVER, as I alluded in my other post - my code splits the response using the pipe character to get the separate name/value pairs, and then for whatever reason, splits the name from the value also using a pipe value. I previously tried to print out a value based on "if $name eq 'x_response_code'" but it didn't find that. SO, should I be splitting on the equals sign? I'm going to give it a try - but our error log is so huge and my speed is so slow, if I get a 500 internal server error, it takes me 15 minutes to download the error log to see what happened!
Thanks for sticking with me. Really appreciate it!!
โ01-21-2019 02:29 PM