Checksum using sha512 formula

I am developing a script to post few fields to PG provider’s site to allow to make payments. All the fields are getting posted properly except checksum which is necessary. The PG provider provided a formula to calculate checksum and I am posting that below. What is need is code for this. PHP version is 5. I know how to post the generated checksum, but unable to generate the checksum. Help would be greatly appreciated. I am struck with this. Also, I am not regular php programmer.

sha512 (key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||)

I htink what you need to do is.

Make a mysql select query if its coming from a database to get these items from the database tables.
then add them together in a string I am guessing with the | as the modifier.

Then sha5 the string to get a sha5 key

so you will end up with something like this :

[php]
$result = mysql_query(SELECT * FROM mytable WHERE id=‘the id I want’);

while($row = mysql_fetch_array($result))
{
$sha = $row[‘key’] . “|” . $row[‘txnid’]."|" . $row[‘amount’]; // add more to it

echo "
sha5 :";
echo $sha
echo “
”;

$checksum = sha5($sha);
}
echo "
check sum :";
echo $checksum;
echo “
”;
[/php]

The below code is what Im trying to post. There is no mysql here.

[php]<?php
function xxx_config() {

$configarray = array(
 "FriendlyName" => array("Type" => "System", "Value"=>"XXX"),
 "alias" => array("FriendlyName" => "Merchant ID", "Type" => "text", "Size" => "20", ),
 "salt" => array("FriendlyName" => "SALT", "Type" => "text", "Size" => "20",),
 "mode" => array("FriendlyName" => "MODE", "Type" => "text", "Description" => "TEST or LIVE", ),

);
return $configarray;

}

function xxx_link($params) {

# Gateway Specific Variables
$key = $params['alias'];
$gatewaymode = $params['mode'];
$salt = $params['salt'];


# Invoice Variables
$txnid = $params['invoiceid'];
$productinfo = $params["description"];
$amount = $params['amount']; # Format: ##.##
$currency = $params['currency']; # Currency Code

# Client Variables
$firstname = $params['clientdetails']['firstname'];
$lastname = $params['clientdetails']['lastname'];
$email = $params['clientdetails']['email'];
$address1 = $params['clientdetails']['address1'];
$address2 = $params['clientdetails']['address2'];
$city = $params['clientdetails']['city'];
$state = $params['clientdetails']['state'];
$postcode = $params['clientdetails']['postcode'];
$country = $params['clientdetails']['country'];
$phone = $params['clientdetails']['phonenumber'];

# System Variables
$companyname = 'XXX';
$systemurl = $params['systemurl'];
$currency = $params['currency'];

    # Enter your code submit to the gateway...

$hashdata = ($key."|".$txnid."|".$amount."|".$productinfo."|".$firstname."|".$email."|"."|"."|"."|"."|"."|".$salt);

$hash = hash(“sha512”, $hashdata);

$code = ’

';

return $code;

}
?>
[/php]

But this hash thing does not work. The checksum being posted is not according to the formula provide above.

Not sure if it makes a difference to the array probably not but i noticed this to start with the arrays have an extra comma.

[php]“alias” => array(“FriendlyName” => “Merchant ID”, “Type” => “text”, “Size” => “20”, ),[/php]

[php]“alias” => array(“FriendlyName” => “Merchant ID”, “Type” => “text”, “Size” => “20”),[/php]

The second thing I notice is that you might want to check for whitespace in your post variables.

This is the only formular for the hash so if the vars are getting posted then this is right.
why all the blanks i do not understand this “|”."|"."|"."|"."|"."|" ?

are you supposed to add more to the hash or just these 7 variables?

[php]$hashdata = ($key."|".$txnid."|".$amount."|".$productinfo."|".$firstname."|".$email."|"."|"."|"."|"."|"."|".$salt); $hash = hash(“sha512”, $hashdata);[/php]

I have trying same for long time but it is giving error. I have tried the below code many times, it just dont work. The Payment gateway says checksum needs to be strictly as per formula. In the below code, the hash data is going with sha512 where as it should be something like this sha512($hash). This is possible in md5($hash), but this is not working here.

$hashdata = ($key."|".$txnid."|".$amount."|".$productinfo."|".$firstname."|".$email."|"."|"."|"."|"."|"."|".$salt); $hash = hash(“sha512”, $hashdata);

those seven variables are must, but we can add more if we want.

every pipe you add is going to make the hash different, so maybe take out the unneeded pipe = |

[php]
$hashdata = ($key."|".$txnid."|".$amount."|".$productinfo."|".$firstname."|".$email."|".$salt); $hash = hash(“sha512”, $hashdata);
[/php]

Do all the posted data values have to be in this formula ?
The second thing I notice is that you might want to check for whitespace in your post variables

Maybe there is a problem with your php version

Version 5.4.5
19-July-2012 ■Core
■Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)

I removed the white spaces and also upgraded to 5.4, but still the problem persists. Can you confirm that hash output that is going from the code that you posted in your previous reply is exactly according to the formula, i mean if it is decrypted by the server there, will it be getting according to the formula. If yes, then I can ask the PG guys to look into this problem. Please help out.

You have not given a formula more of a way to hash some txt in to sha512 this is not a formula.
Maybe give us the details the or how its work from your PG people what is PG I have no idea Person Group ?
Do they give you directions with what they have given you like a read me ?

There are millions of script and millions of companies doign things I do not know them all.

If you are using all the variables then maybe all the variables need ot be in the formula
These could all be part of the formula
[php]$key
$gatewaymode
$salt
$txnid
$productinfo
$amount
$currency
$firstname
$lastname
$email
$address1
$address2
$city
$state
$postcode
$country
$phone
$companyname
$systemurl
$currency [/php] You tell me the formula ?
And I will give you the right code.
Which fields are you using ?

What are the reason that it is giving back for failure ?

The read me is not very clear because it covers more than php version they are to lazy to make 1 for each type of language even though its only 15 pages long the relivant parts are only 3 pages of it to rewite.

Does it need a pipe for each of the 24 post values ?

What the formula looks like is it needs all the pipes but they seem to have left off some of them
(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||)

$hashdata = ($key."|".$txnid."|".$amount."|".$productinfo."|".$firstname."|".$email."|||||||||||||||||".$salt);

($key."|".$txnid."|".$amount."|".$productinfo."|".$firstname."|".$email."|".$gatewaymode."|".$currency."|".$lastname."|".$address1."|".$address2."|".$city."|".$state."|".$postcode."|".$country."|".$phone."|".$companyname."|".$systemurl."|".$currency."|".$salt)

There should only be 20 variables I had 23 the first time because i was looking at what was being posted rather than the 20 variables from the function I am not sure which it needs 20 23 or 24 they are not clear in there writing of the instructions.

I cannot test the code and you have not told me the error responce from the post to figure out the problem.

You post 24 inputs but they say not all are needed but so not tell you if you need to put a pipe for each input in the hash because its like an array but with pipes breaking the sections up.

$hashdata = ($key."|".$txnid."|".$amount."|".$productinfo."|".$firstname."|".$email."|||||||||||||".$salt);

I was reading the instructions again and it looks like you do not need the pipes if you look they miss out everything between firstname and email in the instructions, this is just off putting when they add pipes to the formula which are empty so it makes it look as if they are needed in the formula.

sha512 (key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||<SALT>)  

So it should be this

sha512 (key|txnid|amount|productinfo|firstname|email|<SALT>) 

Which is
[php]
$hashdata = ($key."|".$txnid."|".$amount."|".$productinfo."|".$firstname."|".$email."|".$salt);
[/php]

You are right, but it just does not work, just dont know what may be the reason, but PG guys have given me a php implementation of that, this is different from what Im looking at but in this file, you can see how they have implemented the sha512. This file does not show error. Check this.

[php]<?php
// Merchant key here as provided by Payu
$MERCHANT_KEY = “C0Dr8m”;

// Merchant Salt as provided by Payu
$SALT = “3sf0jURk”;

// End point - change to https://secure.payu.in for LIVE mode
$PAYU_BASE_URL = “https://test.payu.in”;

$action = ‘’;

$posted = array();
if(!empty($_POST)) {
//print_r($_POST);
foreach($_POST as $key => $value) {

$posted[$key] = htmlentities($value, ENT_QUOTES);

}
}
/foreach ($posted as $key => $value) {
echo “posted[”.$key."]=".$value."
";
}/
//echo $posted;
$formError = 0;

if(empty($posted[‘txnid’])) {
// Generate random transaction id
$txnid = substr(hash(‘sha256’, mt_rand() . microtime()), 0, 20);
} else {
$txnid = $posted[‘txnid’];
}

$hash = ‘’;
// Hash Sequence
$hashSequence = “key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5|udf6|udf7|udf8|udf9|udf10”;
if(empty($posted[‘hash’]) && sizeof($posted) > 0) {
if(
empty($posted[‘key’])
|| empty($posted[‘txnid’])
|| empty($posted[‘amount’])
|| empty($posted[‘firstname’])
|| empty($posted[‘email’])
|| empty($posted[‘phone’])
|| empty($posted[‘productinfo’])
|| empty($posted[‘surl’])
|| empty($posted[‘furl’])
) {
$formError = 1;
} else {
$hashVarsSeq = explode(’|’, $hashSequence);
$hash_string = ‘’;
foreach($hashVarsSeq as $hash_var) {
$hash_string .= isset($posted[$hash_var]) ? $posted[$hash_var] : ‘’;
$hash_string .= ‘|’;
}
$hash_string .= $SALT;
$hash = strtolower(hash(‘sha512’, $hash_string));
$action = $PAYU_BASE_URL . ‘/_payment’;
}
} elseif(!empty($posted[‘hash’])) {
$hash = $posted[‘hash’];
$action = $PAYU_BASE_URL . ‘/_payment’;
}
?>

PayU Form

<?php if($formError) { ?> Please fill all mandatory fields.

<?php } ?> <?php if(!$hash) { ?> <?php } ?>

Mandatory Parameters
Amount:		First Name:
Email:		Phone:
Product Info:
Success URI:
Failure URI:
Optional Parameters
Last Name:		Cancel URI:
Address1:		Address2:
City:		State:
Country:		Zipcode:
UDF1:		UDF2:
UDF3:		UDF4:
UDF5:		PG:
COD URL:		TOUT URL:
Drop Category:		Custom Note:
Note Category:

[/php]

ok

this is how the hash should look before you send it

nsalt = C0Dr8m|948ebd15d03b99eeb82b|3|caps|james|[email protected]|||||||||||3sf0jURk

can you get what you are trying to send please and take away the values make them xxx for the senitive parts if they are right

They also make everything into lowercase after hashing maybe yours is in capitals ?
[php]
$hash = strtolower(hash(‘sha512’, $hash_string));
[/php]

So this would be the formular for yours you need to use there form names udf1 udf2 instead of your own ones you can only add 10 values all from udf1 to udf10.

[php]
$hashdata = ($key."|".$txnid."|".$amount."|".$productinfo."|".$firstname."|".$email."|".$udf1."|".$udf2."|".$udf3."|".$udf4."|".$udf5."||||||".$salt)
[/php]

[size=12pt]I am sure this is the one you need[/size]Or you could try it with out any extra fields

[php]
$hashdata = ($key."|".$txnid."|".$amount."|".$productinfo."|".$firstname."|".$email."|||||||||||".$salt)
[/php]

I have checked it so they match now

This is their code result

salt = C0Dr8m|5d056e1a435b0168b3a2|3|cap|james|[email protected]|||||||||||3sf0jURk hashed =636300519a5d96c2682fc102db4fff2e2dff7fd392fc926f08aaab22ba9649e89ea891134d80b18e10672503cf8b8a5832b530be218b036df52530d30c888d99

This is my version

my hash data = C0Dr8m|5d056e1a435b0168b3a2|3|cap|james|[email protected]|||||||||||3sf0jURk my hashed data = 636300519a5d96c2682fc102db4fff2e2dff7fd392fc926f08aaab22ba9649e89ea891134d80b18e10672503cf8b8a5832b530be218b036df52530d30c888d99

Another thing i noticed was they use
[php]htmlentities($value, ENT_QUOTES);[/php]

so you would also have to do this to yours in case of special chars use it on your post[‘value’]