cancel
Showing results for 
Search instead for 
Did you mean: 

Working php sha512 Verification for Accented Characters

I wasn't looking to give this out on a pro bono basis, as it took me 4 hours to create and test. However, this issue has came up repeatedly on this forum and I figured I would go ahead and help everyone out. This applies to SIM/DPM responses with Accented Characters (aka Diacritics). 

 

There is one small catch- I have deleted all the files from the remote server I was using to test this script. I had made many modifications to the script that have been stripped out for users here, as you will not need them. I have not retested since I made these changes. I do believe it should still work. I ask  that the first few testers give a report on their results to help everyone else. If it doesn't work (note that hex2bin is not supported in earlier versions of php 5. Please do not post that it is not working if you are using of of those, unless you have substituted hex2bin with a pack or other substitute function that you know works elsewhere) I will test it when I have time.

 

The code below has an array that is used to modify the raw post data. The last key=>value pair should be removed in most cases.  If your customers are likely to enter a period anywhere except the email field, it will break your validation. I did not find a way to distinguish between that character and a period. 

 

 

//the below code goes on your relay response/silent post endpoint

require 'validateResponse.php';
$signatureKey = "copy and paste your signature key here";

$anetResponse = file_get_contents('php://input');

if(validateResponse($anetResponse,$signatureKey)){
    
 //here is where the updates for your responses go 
};



//the below is the code on the validateResponse.php file that is 
//required on the endpoint function validateResponse($anetResponse,$signatureKey){ $binaryKey = hex2bin($signatureKey); $response = array( 'x_trans_id'=>'', 'x_test_request'=>'', 'x_response_code'=>'', 'x_auth_code'=>'', 'x_cvv2_resp_code'=>'', 'x_cavv_response'=>'', 'x_avs_code'=>'', 'x_method'=>'', 'x_account_number'=>'', 'x_amount'=>'', 'x_company'=>'', 'x_first_name'=>'', 'x_last_name'=>'', 'x_address'=>'', 'x_city'=>'', 'x_state'=>'', 'x_zip'=>'', 'x_country'=>'', 'x_phone'=>'', 'x_fax'=>'', 'x_email'=>'', 'x_ship_to_company'=>'', 'x_ship_to_first_name'=>'', 'x_ship_to_last_name'=>'', 'x_ship_to_address'=>'', 'x_ship_to_city'=>'', 'x_ship_to_state'=>'', 'x_ship_to_zip'=>'', 'x_ship_to_country'=>'', 'x_invoice_num'=>''); $responseCheck = urlencode($anetResponse); $verify = array (
'%25C1' => 'Á',
'%25C0' => 'À',
'%25C2' => 'Â',
'%25C3' => 'Ã',
'%25C4' => 'Ä',
'%2502' => 'Ă',
'%2500' => 'Ā',
'%25C5' => 'Å',
'%2504' => 'Ą',
'%25C6' => 'Æ',
'%25C9' => 'É',
'%25C8' => 'È',
'%25CA' => 'Ê',
'%25CB' => 'Ë',
'%251A' => 'Ě',
'%2512' => 'Ē',
'%2516' => 'Ė',
'%2518' => 'Ę',
'%25CD' => 'Í',
'%25CC' => 'Ì',
'%25CE' => 'Î',
'%25CF' => 'Ï',
'%252A' => 'Ī',
'%252F' => 'į',
'%25D3' => 'Ó',
'%25D2' => 'Ò',
'%25D4' => 'Ô',
'%25D5' => 'Õ',
'%25D6' => 'Ö',
'%2550' => 'Ő',
'%25D8' => 'Ø',
'%2552' => 'Œ',
'%25DA' => 'Ú',
'%25D9' => 'Ù',
'%25DB' => 'Û',
'%25DC' => 'Ü',
'%2570' => 'Ű',
'%256A' => 'Ū',
'%256F' => 'ů',
'%25DD' => 'Ý',
'%2506' => 'Ć',
'%250C' => 'Č',
'%25E7' => 'ç',
'%250E' => 'Ď',
'%2510' => 'Đ',
'%2522' => 'Ģ',
'%251E' => 'Ğ',
'%2536' => 'Ķ',
'%2541' => 'Ł',
'%253B' => 'Ļ',
'%2543' => 'Ń',
'%25D1' => 'Ñ',
'%2547' => 'Ň',
'%2545' => 'Ņ',
'%254A' => 'Ŋ',
'%2558' => 'Ř',
'%255A' => 'Ś',
'%2560' => 'Š',
'%255E' => 'Ş',
'%25DF' => 'ß',
'%2564' => 'Ť',
'%2566' => 'Ŧ',
'%25DE' => 'Þ',
'%2562' => 'Ţ',
'%257B' => 'Ż',
'%2579' => 'Ź',
'%257D' => 'Ž',
'%25E1' => 'á',
'%25E0' => 'à',
'%25E2' => 'â',
'%25E3' => 'ã',
'%25E4' => 'ä',
'%2503' => 'ă',
'%2501' => 'ā',
'%25E5' => 'å',
'%2505' => 'ą',
'%25E6' => 'æ',
'%25E9' => 'é',
'%25E8' => 'è',
'%25EA' => 'ê',
'%25EB' => 'ë',
'%251B' => 'ě',
'%2513' => 'ē',
'%2517' => 'ė',
'%2519' => 'ę',
'%25ED' => 'í',
'%25EC' => 'ì',
'%25EE' => 'î',
'%25EF' => 'ï',
'%252B' => 'ī',
'%2531' => 'ı',
'%25F3' => 'ó',
'%25F2' => 'ò',
'%25F4' => 'ô',
'%25F5' => 'õ',
'%25F6' => 'ö',
'%2551' => 'ő',
'%25F8' => 'ø',
'%2553' => 'œ',
'%25FA' => 'ú',
'%25F9' => 'ù',
'%25FB' => 'û',
'%25FC' => 'ü',
'%2571' => 'ű',
'%256B' => 'ū',
'%2507' => 'ć',
'%250D' => 'č',
'%250F' => 'ď',
'%2511' => 'đ',
'%25F0' => 'Ðð',
'%2523' => 'ģ',
'%251F' => 'ğ',
'%2537' => 'ķ',
'%2542' => 'ł',
'%253C' => 'ļ',
'%2544' => 'ń',
'%25F1' => 'ñ',
'%2548' => 'ň',
'%2546' => 'ņ',
'%254B' => 'ŋ',
'%2559' => 'ř',
'%255B' => 'ś',
'%2561' => 'š',
'%255F' => 'ş',
'%2565' => 'ť',
'%2567' => 'ŧ',
'%25FE' => 'þ',
'%2563' => 'ţ',
'%257C' => 'ż',
'%257E' => 'ž',
'%257Ad' => 'ź',
'%25FD' => 'd',
'%25D0' => 'ý',
'%2573' => 'ų',
'%252E'=>'Į'); //^^^^the key %252E and its value (an uppercase Lithuanian I)
//are recommended to be removed, as it will break validation
//if your customer uses a period on the payment form (function
//catches period entered as a necessary part of email address) foreach($verify as $key=>$value){ $responseCheck = str_replace($key,$value,$responseCheck); } $responseCheck = explode('%26',$responseCheck); foreach($responseCheck as $key=> $value){ $newKey = strstr($value,'%3D',true); $newVal = strstr($value,'%3D'); $newVal = str_replace('%3D','',$newVal); $newVal = str_replace('%2540','@',$newVal); $newVal = urldecode($newVal); $newVal = urldecode($newVal); if($newKey == 'x_email') $newVal = str_replace('Įcom','.com',$newVal); if( $newKey == 'x_amount') $newVal = str_replace('Į','.',$newVal); if(array_key_exists($newKey,$response)) $response[$newKey]= $newVal; if($newKey=="x_SHA2_Hash") $hash = $newVal; } $string = '^'; foreach($response as $key => $value){ $string .= $value .='^'; } $validation = strtoupper(HASH_HMAC('sha512',$string,$binaryKey)); if(!hash_equals($hash,$validation)) return false; return true; }

 

Renaissance
All Star
1 ACCEPTED SOLUTION

Accepted Solutions
Renaissance
All Star
1 REPLY 1

@nathanmungia  @adzisko @maninder 

 

Here you go my friends. 

Renaissance
All Star