MD5 hash php verification code for AuthorizeNet
Gerald V. Livingston II
gerald.freeside at sysmatrix.net
Fri Dec 10 01:21:50 PST 2004
Here's the code ripped from our php signup/cc change pages. The wrapping
sucks but each set of lines separated by a CRLF is actually a single line
in the code on our site.
// Verify the response came from an authorized payment gateway using MD5
Hash
unset($md5_hash_code);
$md5_hash_code = "BIGSECRET" . $transaction_data['x_Login'] .
$response_array[TRANSACTION_ID] .
preg_replace("|\,|","",$transaction_data['x_Amount']);
$md5_hash_code = strtoupper(md5( $md5_hash_code));
echo "<br>full response ---->",$response;
echo "<br>response_array[MD5_HASH_CODE] ---->
",$response_array[MD5_HASH_CODE];
echo "<br>md5_hash_code ----> ",$md5_hash_code;
if (strcmp($response_array[MD5_HASH_CODE],$md5_hash_code)) {
print_error_msg_and_exit ("<h3>There was an error processing your
order</h3> The MD5 Hash processed by the Authorizenet Payment Gateway did
not match.");
"BIGSECRET" is a hash value that is set in your AuthorizeNet control panel.
TRANSACTION_ID is provided by AuthorizeNet in the same section of the
control panel.
The full explanation of how it all works together is in the AIM
documentation at http://www.authorize.net/support/AIM_guide.pdf. They've
copy protected the .pdf and I don't have a full copy of Acrobat so I can't
cut/paste the relevant bits here.
The info is in Appendix E
I looked around and Ivan is correct. Plain username/password should still
work but since they've removed that info from the documentation there's no
telling how long it will continue to work.
Now may be a good time for someone to look into implementing this in
Business::OnlinePayment::AuthorizeNet
Gerald
More information about the freeside-users
mailing list