Skip to main content

Paymentech Error in form submission x_fp_hash Could not validate the integrity of the payment

For those who use Chase paymentech hosted payment gateway might have gone through a rare error senario.

Here the user was shown a warning message and an email was also sent to user with error details.

-------------

Error in form submission

An error page was displayed to the customer.

x_fp_hash : Could not validate the integrity of the payment from the transaction

-------------


on the submission page to paymentech there is a field "x_fp_hash", the value in this field is a hash value which is generated using a combination of transaction key, x_fp_hash, x_fp_sequence, x_fp_timestamp, x_amount, and x_currency_code values of the request. This field values are passed through a PHP HASH_HMAC function.

The value of the x_fp_hash is cross checked with the hash string on paymentech side, if a match is found, the transaction is accepted, else the user is warned with a "x_fp_hash : Could not validate the integrity of the payment from the transaction" message.

Sometimes a hosting provider doesn't provide access to the Hash extension so the HASH_HMAC function may return a null value. So during submission the "x_fp_hash" field is empty, it will cause the above mention error.

Here is a clone of the hash_hmac function you can use in the event you need an HMAC generator and Hash is not available. It's only usable with MD5 and SHA1 encryption algorithms, but its output is identical to the official hash_hmac function

function custom_hmac($algo, $data, $key, $raw_output = false)
{
$algo = strtolower($algo);
$pack = 'H'.strlen($algo('TEST_CODE'));
$size = 64;
$opad = str_repeat(chr(0x5C), $size);
$ipad = str_repeat(chr(0x36), $size);

if (strlen($key) > $size) {
$key = str_pad(pack($pack, $algo($key)), $size, chr(0x00));
} else {
$key = str_pad($key, $size, chr(0x00));
}

for ($i = 0; $i < strlen($key) - 1; $i++) { $opad[$i] = $opad[$i] ^ $key[$i]; $ipad[$i] = $ipad[$i] ^ $key[$i]; } $output = $algo($opad.pack($pack, $algo($ipad.$data))); return ($raw_output) ? pack($pack, $output) : $output; }





Usage:
custom_hmac('md5', 'TEST STRING', 'SECRET_KEY', true);
custom_hmac('md5', 'TEST STRING', 'SECRET_KEY');


The following script will check whether the php built in HMAC hash generator return a hash key, else the custome function is called
-----use in paymentech script ------------------

// Generation of hash string for security check
$hashstr="$x_login^$x_fp_sequence^$x_fp_timestamp^$x_amount^$x_currency_code";
$x_fp_hash= hash_hmac('md5', $hashstr, $trans_key);
// if hash_hmac fails call custom hmac hash generator
if( $x_fp_hash == "" )
$x_fp_hash= trim( custom_hmac('md5', $hashstr, $trans_key) );

// assign the value of variable $x_fp_hash to "x_fp_hash" field of submission form.

--------------------------------



References:

hash_hmac — Generate a keyed hash value using the HMAC method
refer : http://php.net/manual/en/function.hash-hmac.php

*HMAC : hash message authentication code (HMAC)
refer: http://en.wikipedia.org/wiki/Hash-based_message_authentication_code

Hope this helps :)

Popular posts from this blog

Payback Points - How to redeem - How to merge multiple payback accounts - Block Payback card - Payback customer care

How to apply for a new ration card and what are the documents required?

List of documents required for new ration card application in Kerala and how to apply


Application for a new ration card should be addressed to Taluk Supply Officer (TSO) / City Rationing Officer (CRO) of applicant's residing area.

Primary document required are Residence certificate, Income certificate and incase the applicant's name is in another ration card then he/she should submit the reduction certificate ontained from previous TSO / CRO as proof for removing his/her name from old Ration card.

You can get the new application from your currently residing Taluk Supply Office.

Joomla and Forum Integration - Integrating Forums to Joomla

Joomla is one of the most popular CMS opensource packages. It is very easier to develop website's using Joomla. You just need to download Joomla package from Joomla's Official website www.joomla.org  and install it on your domain and later adding customizations to templates and feature and Your website is ready :). Now a days most websites provides a forum section for it users for discussing various article topics, gathering opinions etc.



Following are some best know forum opensource packages which can be integrated with Joomla and create a new forum experience for users


Urgent Openings for PHP trainees, Andriod / IOS developers and PHP developers in Kochi Trivandrum Calicut and Bangalore. Please Send Your updated resumes to recruit.vo@gmail.com   Read more »
Member
Search This Blog