Skip to main content

Paymentech Error in form submission x_fp_hash Could not validate the integrity of the payment

For those who use Chase paymentech hosted payment gateway might have gone through a rare error senario.

Here the user was shown a warning message and an email was also sent to user with error details.

-------------

Error in form submission

An error page was displayed to the customer.

x_fp_hash : Could not validate the integrity of the payment from the transaction

-------------


on the submission page to paymentech there is a field "x_fp_hash", the value in this field is a hash value which is generated using a combination of transaction key, x_fp_hash, x_fp_sequence, x_fp_timestamp, x_amount, and x_currency_code values of the request. This field values are passed through a PHP HASH_HMAC function.

The value of the x_fp_hash is cross checked with the hash string on paymentech side, if a match is found, the transaction is accepted, else the user is warned with a "x_fp_hash : Could not validate the integrity of the payment from the transaction" message.

Sometimes a hosting provider doesn't provide access to the Hash extension so the HASH_HMAC function may return a null value. So during submission the "x_fp_hash" field is empty, it will cause the above mention error.

Here is a clone of the hash_hmac function you can use in the event you need an HMAC generator and Hash is not available. It's only usable with MD5 and SHA1 encryption algorithms, but its output is identical to the official hash_hmac function

function custom_hmac($algo, $data, $key, $raw_output = false)
{
$algo = strtolower($algo);
$pack = 'H'.strlen($algo('TEST_CODE'));
$size = 64;
$opad = str_repeat(chr(0x5C), $size);
$ipad = str_repeat(chr(0x36), $size);

if (strlen($key) > $size) {
$key = str_pad(pack($pack, $algo($key)), $size, chr(0x00));
} else {
$key = str_pad($key, $size, chr(0x00));
}

for ($i = 0; $i < strlen($key) - 1; $i++) { $opad[$i] = $opad[$i] ^ $key[$i]; $ipad[$i] = $ipad[$i] ^ $key[$i]; } $output = $algo($opad.pack($pack, $algo($ipad.$data))); return ($raw_output) ? pack($pack, $output) : $output; }





Usage:
custom_hmac('md5', 'TEST STRING', 'SECRET_KEY', true);
custom_hmac('md5', 'TEST STRING', 'SECRET_KEY');


The following script will check whether the php built in HMAC hash generator return a hash key, else the custome function is called
-----use in paymentech script ------------------

// Generation of hash string for security check
$hashstr="$x_login^$x_fp_sequence^$x_fp_timestamp^$x_amount^$x_currency_code";
$x_fp_hash= hash_hmac('md5', $hashstr, $trans_key);
// if hash_hmac fails call custom hmac hash generator
if( $x_fp_hash == "" )
$x_fp_hash= trim( custom_hmac('md5', $hashstr, $trans_key) );

// assign the value of variable $x_fp_hash to "x_fp_hash" field of submission form.

--------------------------------



References:

hash_hmac — Generate a keyed hash value using the HMAC method
refer : http://php.net/manual/en/function.hash-hmac.php

*HMAC : hash message authentication code (HMAC)
refer: http://en.wikipedia.org/wiki/Hash-based_message_authentication_code

Hope this helps :)

Comments

Popular posts from this blog

Payback Points - How to redeem - How to merge multiple payback accounts - Block Payback card - Payback customer care

Your SBI Debit card ending with XX0000 is deactivated only for Internet txn.

SBI account holders may have received an SMS with following message, supposed to be from State Bank of India (SBI).

Your SBI Debit card ending with XX0000  is deactivated only for Internet txn. To activate send SMS "SWON ECOM 0000" to 09223966666. No change for ATM/POS usage
** Replace the four Zeros with last 4 digits of your debit card number

Recently many of the SBI account holder has losed their money due to a hi-tech ATM robbery which happened in Thiruvananthapuram, capital city of Kerala.

Joomla and Forum Integration - Integrating Forums to Joomla

Joomla is one of the most popular CMS opensource packages. It is very easier to develop website's using Joomla. You just need to download Joomla package from Joomla's Official website www.joomla.org  and install it on your domain and later adding customizations to templates and feature and Your website is ready :). Now a days most websites provides a forum section for it users for discussing various article topics, gathering opinions etc.



Following are some best know forum opensource packages which can be integrated with Joomla and create a new forum experience for users


Urgent Openings for PHP trainees, Andriod / IOS developers and PHP developers in Kochi Trivandrum Calicut and Bangalore. Please Send Your updated resumes to recruit.vo@gmail.com   Read more »
Member
Search This Blog