CODEWITHSUNDEEP
phphashpayment-gatewaypayumoney
Sougata Bose
Sougata Bose

Reputation: 31749

PayUMoney integration - How to calculate hash for comparing with response?

Generating Hash for Post request

    $hashSequence = "key|txnid|amount|productinfo|firstname|email|udf1|"
                    ."udf2|udf3|udf4|udf5|udf6|udf7|udf8|udf9|udf10";
    $hashVarsSeq  = explode('|', $hashSequence);
    $hashString   = '';  
    foreach ($hashVarsSeq as $hashVar) {
        $hashString .= isset($payObject['params'][$hashVar]) ? $payObject['params'][$hashVar] : '';
        $hashString .= '|';
    }
    $hashString .= $salt;
    //generate hash
    $hash = strtolower(hash('sha512', $hashString));

After getting successful response generating Hash

$retHashSeq = $salt.'|'.$status.'||||||||'.$udf3.'|'.$udf2.'|'.$udf1.'|'.$email.'|||'.$amount.'|'.$txnid.'|'.$key;
$hash = hash("sha512", $retHashSeq);

But the generated Hash doesn't match with the returned Hash by the PayU server. what could be the problem?? any help would be appreciated.

Upvotes: 3

Views: 23578

Answers (4)

Abhay.Patil
Abhay.Patil

Reputation: 743

Hash Calculation in Request and Response in PayUMoney C# API

hashSequence =

key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||salt;

$hash = hash("sha512", $hashSequence);

Where salt is available on the PayUMoney dashboard.

Note: A blank udf field is to be used while computing hashSequence, even if a merchant is not passing any udf field in input request.

For the response hash, the sequence of variables is in reverse order as compared to payment request hash. Also, a status variable added between salt and udf1

Sequence

hashSequence = salt|status||||||udf5|udf4|udf3|udf2|udf1|email|firstname|productinfo|amount|txnid|key;

$hash = hash("sha512", $hashSequence);

Where salt is available on the PayUMoney dashboard.

Here is sample code for response hash calculation:-

                bool isCheckSum = false;
                var strhash = Request.Form["hash"];
                var strstatus = Request.Form["status"];
                var strfirstname = Request.Form["firstname"];
                var stramount = Request.Form["amount"];
                var strtxnid = Request.Form["txnid"];
                var strkey = Request.Form["key"];
                var strproductinfo = Request.Form["productinfo"];
                var stremail = Request.Form["email"];
                var stradditionalCharges = Request.Form["additionalCharges"];
                string strudf1 = Request.Form["udf1"];
                string strudf2 = Request.Form["udf2"];
                string strudf3 = Request.Form["udf3"];
                string strudf4 = Request.Form["udf4"];
                string strudf5 = Request.Form["udf5"];                   

                System.Security.Cryptography.SHA512Managed sha512 = new System.Security.Cryptography.SHA512Managed();
                byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(strSALT + "|" + strstatus + "||||||" + strudf5 + "|" + strudf4 + "|" + strudf3 + "|" + strudf2 + "|" + strudf1 + "|" + stremail + "|" + strfirstname + "|" + strproductinfo + "|" + stramount + "|" + strtxnid + "|" + strkey);
                byte[] hashBytes = sha512.ComputeHash(inputBytes);
                byte[] hashValue;
                string hex = "";
                hashValue = sha512.ComputeHash(inputBytes);
                foreach (byte x in hashValue)
                {
                    hex += String.Format("{0:x2}", x);
                }

                if(strhash == hex)
                {
                    isCheckSum = true;
                }

Upvotes: 2

SuperGEN Script
SuperGEN Script

Reputation: 25

I know its late to answer this question but this answer might help future searchers. Just download the latest PayUMoney Kit from the official website and put the SALT key in the success.php page too.

Here is my latest success.php

<?php
include'config/db.php'; // Your database connection file if needed
$status=$_POST["status"];
$firstname=$_POST["firstname"];
$amount=$_POST["amount"];
$txnid=$_POST["txnid"];
$posted_hash=$_POST["hash"];
$key=$_POST["key"];
$productinfo=$_POST["productinfo"];
$email=$_POST["email"];

$salt=""; // PLACE YOUR SALT KEY HERE

// Salt should be same Post Request
if(isset($_POST["additionalCharges"])){
  $additionalCharges=$_POST["additionalCharges"];
  $retHashSeq = $additionalCharges.'|'.$salt.'|'.$status.'|||||||||||'.$email.'|'.$firstname.'|'.$productinfo.'|'.$amount.'|'.$txnid.'|'.$key;
}else{
  $retHashSeq = $salt.'|'.$status.'|||||||||||'.$email.'|'.$firstname.'|'.$productinfo.'|'.$amount.'|'.$txnid.'|'.$key;
}

$hash = strtolower(hash('sha512', $retHashSeq)); // NOTE: THIS PART IN YOUR KIT MAY HAVE AN ERROR. THERE YOU MIGHT GET $hash_string instead of $retHashSeq. JUST REPLACE $hash_string with $retHashSeq.

if($hash != $posted_hash){
  // Transaction completed but is Invalid as Hash Values are not Matching. Notify Admin.
  //header('Location: fail.php');
  //exit();
}else{
  // Transaction is Valid. Process orders here.
  //header('Location: thanks.php');
  //exit();
}
?>

Upvotes: 0

Sudhakar Annadurai
Sudhakar Annadurai

Reputation: 136

This code is for android hashcodegeneration on your server side

   <?php

$key=$_POST["key"];

$salt="xxxxx"; #your payumoney salt
$txnId=$_POST["txnid"];
$amount=$_POST["amount"];
$productName=$_POST["productInfo"];
$firstName=$_POST["firstName"];
$email=$_POST["email"];
$udf1=$_POST["udf1"];
$udf2=$_POST["udf2"];
$udf3=$_POST["udf3"];
$udf4=$_POST["udf4"];
$udf5=$_POST["udf5"];

$payhash_str = $key . '|' . checkNull($txnId) . '|' .checkNull($amount)  . '|' .checkNull($productName)  . '|' . checkNull($firstName) . '|' . checkNull($email) . '|' . checkNull($udf1) . '|' . checkNull($udf2) . '|' . checkNull($udf3) . '|' . checkNull($udf4) . '|' . checkNull($udf5) . '|' . $salt;


function checkNull($value) {
            if ($value == null) {
                  return '';
            } else {
                  return $value;
            }
      }


$hash = strtolower(hash('sha512', $payhash_str));
$arr['result'] = $hash;
$arr['status']=0;
$arr['errorCode']=null;
$arr['responseCode']=null;
$arr['hashtest']=$payhash_str;
$output=$arr;


echo json_encode($output);

?>

Upvotes: 0

magnetik
magnetik

Reputation: 4431

It seems that you are trying to reimplement the PayU REST API. I can't find any reference to the pattern of your $hashSequence in the current version of the REST API.

Have you considered using the official SDK?

Upvotes: 1

Related Questions