2016-11-22 68 views
2

Bendigo銀行告訴我們需要將md5更改爲SHA256。我已經按照他們的指示,我得到這個錯誤:MIGS在線支付SHA256 HMAC錯誤

HTTP Status - 400 
E5000: Cannot form a matching secure hash based on the merchant's request using either of the two merchant's secrets 

他們例如代碼是這樣的:

<?php foreach($_POST as $key => $value) { 
    if (strlen($value) > 0) { ?> 
      <input type="hidden" name="<?php echo($key); ?>" value="<?php echo($value); ?>"/><br> 
    <?php   
     if ((strlen($value) > 0) && ((substr($key, 0,4)=="vpc_") || (substr($key,0,5) =="user_"))) { 
      $hashinput .= $key . "=" . $value . "&"; 
     } 
    } 
} 
$hashinput = rtrim($hashinput,"&"); 
?> 
<!-- attach SecureHash --> 
<input type="hidden" name="vpc_SecureHash" value="<?php echo(strtoupper(hash_hmac('SHA256', $hashinput, pack('H*',$securesecret)))); ?>"/> 
<input type="hidden" name="vpc_SecureHashType" value="SHA256"> 

這是我的帖子:

Array (
    [AgainLink] => http://fallscreekcountryclub.com.au/make-a-booking/submit-booking.html 
    [b_terms] => 1 
    [chargetypeid] => 33 
    [deposit] => 580.00 
    [notes] => 4 Nights - 26/11/2016 to 30/11/2016 
    [propertyid] => 2 
    [total] => 580.00 
    [vpc_AccessCode] => 903876BC 
    [vpc_Amount] => 58000 
    [vpc_Command] => pay 
    [vpc_Locale] => en 
    [vpc_MerchTxnRef] => 1479746896 
    [vpc_Merchant] => BBL5800396 
    [vpc_OrderInfo] => Studio Deluxe 
    [vpc_ReturnURL] => http://fallscreekcountryclub.com.au/make-a-booking/booking-complete.html 
    [vpc_Version] => 1 
) 

這是我的代碼:

 $appendAmp = 0; 
     $isencoded = ''; 
     $notencoded = ''; 
     foreach($_POST as $key => $value) { 
      if (strlen($value) > 0) { 
       if ($appendAmp == 0) : 
        $notencoded  .= $key . '=' . $value; 
        $isencoded  .= urlencode($key) . '=' . urlencode($value); 
        $appendAmp  = 1; 
       else : 
        $notencoded  .= '&' . $key . '=' . $value; 
        $isencoded  .= '&' . urlencode($key) . '=' . urlencode($value); 
       endif; 
      } 
     } 

     if (strlen($SECURE_SECRET) > 0) { 
      #$vpcURL .= "&vpc_SecureHash=" . strtoupper(md5($md5HashData)); 
      $SecureHash  = strtoupper(hash_hmac('SHA256',$notencoded,pack('H*',$SECURE_SECRET))); 
      $SecureHashType = 'SHA256'; 
     } 
     $vpcURL .= $notencoded.'&vpc_SecureHash='.$SecureHash.'&vpc_SecureHashType='.$SecureHashType; 

我已經「isencoded」和「notencoded」因爲我已經看到了人們進行urlencode的字符串vpc_ReturnURL說,直到我建vpcURL,但既不工程。

的vpcURL的urlencoded的版本是:

https://migs.mastercard.com.au/vpcpay?AgainLink=http%3A%2F%2Ffallscreekcountryclub.com.au%2Fmake-a-booking%2Fsubmit-booking.html&b_terms=1&chargetypeid=33&deposit=580.00&notes=4+Nights+-+26%2F11%2F2016+to+30%2F11%2F2016&propertyid=2&total=580.00&vpc_AccessCode=903876BC&vpc_Amount=58000&vpc_Command=pay&vpc_Locale=en&vpc_MerchTxnRef=1479746896&vpc_Merchant=BBL5800396&vpc_OrderInfo=Studio+Deluxe&vpc_ReturnURL=http%3A%2F%2Ffallscreekcountryclub.com.au%2Fmake-a-booking%2Fbooking-complete.html&vpc_Version=1&vpc_SecureHash=A5BA6503FC7A169A90C9AAC7039878F45D761180D874789172EB5A58298022E4&vpc_SecureHashType=SHA256 

和非urlencoded的版本是:對我做了什麼錯

https://migs.mastercard.com.au/vpcpay?AgainLink=http://fallscreekcountryclub.com.au/make-a-booking/submit-booking.html&b_terms=1&chargetypeid=33&deposit=580.00&notes=4 Nights - 26/11/2016 to 30/11/2016&propertyid=2&total=580.00&vpc_AccessCode=903876BC&vpc_Amount=58000&vpc_Command=pay&vpc_Locale=en&vpc_MerchTxnRef=1479746896&vpc_Merchant=BBL5800396&vpc_OrderInfo=Studio Deluxe&vpc_ReturnURL=http://fallscreekcountryclub.com.au/make-a-booking/booking-complete.html&vpc_Version=1&vpc_SecureHash=A5BA6503FC7A169A90C9AAC7039878F45D761180D874789172EB5A58298022E4&vpc_SecureHashType=SHA256 

任何想法?我打電話給銀行,他們不能幫助我,他們不知道我在說甚麼。

我知道$ SECURE_SECRET號碼是正確的,因爲它與原始號碼相同md5散列。所以這個問題與sha256散列有關,我不知道爲什麼,或者如何解決它。

回答

1
  1. 使用ksort()鏈接到你的參數之前,你的數組排序。
  2. 請勿使用urlencode()來處理vpc_ReturnURL,這會導致SHA256哈希結果不正確。以下是我從官方的故障排除指南發現:

c) Make sure that the vpc_ReturnURL is not URL encoded (i.e. the "/" becomes %2f) You can use the following link to decode a URL - http://meyerweb.com/eric/tools/dencoder/ Sample sorted string based on this example as below: (Removed jsessionid, noheader, tdrid from output of 2b) i.e These elements can be removed prior to sorting the order

vpc_AccessCode=A837820A&vpc_Amount=100&vpc_Card=VC&vpc_CardNum=4222222222222&vpc_CardSecurityCode=100&vpc_Command=pay&vpc_Gateway=threeDSecure&vpc_Locale=en&vpc_MerchTxnRef=T2_7956&vpc_Merchant=TESTDIALECTTEST&vpc_ReturnURL=http://anjumpc:8080/dev-pg/payment/3dprocess.do&vpc_Version=1 
  • 不要發送/哈希的鍵的值不vpc_啓動,因爲沒有按軍事地理信息系統不關心這些值,也不會在散列檢查中使用這些值。和導向也提到這一點:
  • b) Remove unnecessary fields for Hash calculation such as vpc_SecureHashType, vpc_SecureHash and anything that does not begins with vpc_ or user_ - i.e fields highlighted in Bold in 2a above to be removed

  • +0

    好吧,我做了一些更改,我將我的字段更改爲user_,然後我又將AgainLink更改爲vpc_AgainLink,並且它工作正常。:) –

    +0

    您是否有官方故障排除指南的鏈接? – MohamedSanaulla

    +0

    @MohamedSanaulla對不起,該指南僅適用於銀行,恐怕我無法提供。 – KGGG

    6

    您好我正在共享(忽略這一點,SHA256可以在工作MIGS商家使用)與你我的工作代碼。 享受。

    $secretHash="xxxxxx"; 
        $accessCode='xxxxx'; 
        $merchantId='xxxxx';  
    
        $data = array(
         "vpc_AccessCode" => $accessCode, 
         "vpc_Amount" => '100', 
         "vpc_Command" => 'pay', 
         "vpc_Locale" => 'en', 
         "vpc_MerchTxnRef" => "REF_".time(), 
         "vpc_Merchant" => $merchantId, 
         "vpc_OrderInfo" => "Order_N_".time(), 
         "vpc_ReturnURL" => urlencode("yourReturnUrl"), 
         "vpc_Version" => '1', 
         'vpc_SecureHashType' => 'SHA256'  
        ); 
    
        ksort($data); 
        $hash = null; 
        foreach ($data as $k => $v) { 
         if (in_array($k, array('vpc_SecureHash', 'vpc_SecureHashType'))) { 
          continue; 
         } 
         if ((strlen($v) > 0) && ((substr($k, 0, 4)=="vpc_") || (substr($k, 0, 5) =="user_"))) { 
          $hash .= $k . "=" . $v . "&"; 
         } 
        } 
        $hash = rtrim($hash, "&"); 
    
        $secureHash = strtoupper(hash_hmac('SHA256', $hash, pack('H*', $secretHash))); 
        $paraFinale = array_merge($data, array('vpc_SecureHash' => $secureHash)); 
        $actionurl = 'https://migs.mastercard.com.au/vpcpay?'.http_build_query($paraFinale); 
    
        //print_r($actionurl); 
        header("Location:".$actionurl); 
    
    +0

    謝謝你:) –