Home   Best Sellers   Blogging   Coding & Design   Technology   SEO   Travel & living   Career   Videos   Tips   Calculators     
Home  »     »     »     »  Paymentech Error in form submission x_fp_hash Could not validate the integrity of the payment

Paymentech Error in form submission x_fp_hash Could not validate the integrity of the payment

Friday, January 17, 2014

For those who use Chase paymentech hosted payment gateway might have gone through a rare error senario.

Here the user was shown a warning message and an email was also sent to user with error details.

-------------

Error in form submission

An error page was displayed to the customer.

x_fp_hash : Could not validate the integrity of the payment from the transaction

-------------


on the submission page to paymentech there is a field "x_fp_hash", the value in this field is a hash value which is generated using a combination of transaction key, x_fp_hash, x_fp_sequence, x_fp_timestamp, x_amount, and x_currency_code values of the request. This field values are passed through a PHP HASH_HMAC function.

The value of the x_fp_hash is cross checked with the hash string on paymentech side, if a match is found, the transaction is accepted, else the user is warned with a "x_fp_hash : Could not validate the integrity of the payment from the transaction" message.

Sometimes a hosting provider doesn't provide access to the Hash extension so the HASH_HMAC function may return a null value. So during submission the "x_fp_hash" field is empty, it will cause the above mention error.

Here is a clone of the hash_hmac function you can use in the event you need an HMAC generator and Hash is not available. It's only usable with MD5 and SHA1 encryption algorithms, but its output is identical to the official hash_hmac function

function custom_hmac($algo, $data, $key, $raw_output = false)
{
$algo = strtolower($algo);
$pack = 'H'.strlen($algo('TEST_CODE'));
$size = 64;
$opad = str_repeat(chr(0x5C), $size);
$ipad = str_repeat(chr(0x36), $size);

if (strlen($key) > $size) {
$key = str_pad(pack($pack, $algo($key)), $size, chr(0x00));
} else {
$key = str_pad($key, $size, chr(0x00));
}

for ($i = 0; $i < strlen($key) - 1; $i++) { $opad[$i] = $opad[$i] ^ $key[$i]; $ipad[$i] = $ipad[$i] ^ $key[$i]; } $output = $algo($opad.pack($pack, $algo($ipad.$data))); return ($raw_output) ? pack($pack, $output) : $output; }





Usage:
custom_hmac('md5', 'TEST STRING', 'SECRET_KEY', true);
custom_hmac('md5', 'TEST STRING', 'SECRET_KEY');


The following script will check whether the php built in HMAC hash generator return a hash key, else the custome function is called
-----use in paymentech script ------------------

// Generation of hash string for security check
$hashstr="$x_login^$x_fp_sequence^$x_fp_timestamp^$x_amount^$x_currency_code";
$x_fp_hash= hash_hmac('md5', $hashstr, $trans_key);
// if hash_hmac fails call custom hmac hash generator
if( $x_fp_hash == "" )
$x_fp_hash= trim( custom_hmac('md5', $hashstr, $trans_key) );

// assign the value of variable $x_fp_hash to "x_fp_hash" field of submission form.

--------------------------------



References:

hash_hmac — Generate a keyed hash value using the HMAC method
refer : http://php.net/manual/en/function.hash-hmac.php

*HMAC : hash message authentication code (HMAC)
refer: http://en.wikipedia.org/wiki/Hash-based_message_authentication_code

Hope this helps :)



How to link to this page?
If you wish to link to this page from your website, simply Copy and paste the above HTML code to your web page. It will appear on your page as:
Paymentech Error in form submission x_fp_hash Could not validate the integrity of the payment.




Share this!




comments powered by Disqus

This Weeks 7 Popular Posts


Subscribe to Recent Posts by Email
Stay connected to CROZOOM with regular Email notices of new Techie articles and IT Jobs. Updates will be delivered to your Inbox as soon as they are posted online.

Enter Your Email Address:  

Delivered by FeedBurner   RSS Feed

Search this Blog   



Urgent Openings for PHP trainees, Andriod / IOS developers and PHP developers in Kochi Trivandrum Calicut and Bangalore. Please Send Your updated resumes to recruit.vo@gmail.com   Read more »