您最新评论的答案。由于哈希不匹配而发生校验和错误。将表单提交到 payu/checkout.php 后,checkout.php 将提交表单到 https://test.payu.in/_payment(测试 url)。
在您的 payu/checkout.php 中
function checkout() {
$MERCHANT_KEY = "enter your test merchant key here";
$SALT = "enter your test salt here";
$txnid = substr(hash('sha256', mt_rand() . microtime()), 0, 20);
$udf1='';
$udf2='';
$udf3='';
$udf4='';
$udf5='';
$hashstring = $MERCHANT_KEY . '|' . $txnid . '|' . $grandtotal . '|' . $productinfo . '|'. $fname . '|' . $email .'|'.$udf1.'|' .$udf2.'|' .$udf3.'|'.$udf4.'|'.$udf5.'||||||'. $SALT;
$hash = strtolower(hash('sha512', $hashstring));
$data['hash'] = $hash;
//Loading checkout view
$this->load->view('checkout.php');
}
在 checkout.php 中,您必须向 https://test.payu.in/_payment提交一个表单,其中包含我在哈希生成中使用的所有字段,除了盐。哈希字段也是这种形式。
<form method="post" name="payuForm" action="https://test.payu.in/_payment">
<input name="key" type="hidden" value="<?php echo $mkey ?>" />
<input name="txnid" type="hidden" value="<?php echo $tid ?>" />
<input type="hidden" name="hash" value="<?php echo $hash ?>"/>
<input name="amount" type="hidden" value="<?php echo $grandtotal; ?>" />
<input name="productinfo" type="hidden" value="<?php echo $pinfo;?>">
<input type="hidden" name="service_provider" value="payu_paisa" size="64" />
<input name="udf1" type="hidden" value="">
<input name="udf2" type="hidden" value="">
<input name="udf3" type="hidden" value="">
<input name="udf4" type="hidden" value="">
<input name="udf5" type="hidden" value="">
<input name="firstname" id="firstname" type="hidden" value="<?php echo $name; ?>"/>
<input name="email" id="email" type="hidden" value='<?php echo $mailid;?>'>
<input name="phone" type="hidden" value="<?php echo $phoneno; ?>">
<input name="surl" type="hidden" value="<?php echo base_url('payu/success'); ?>" size="64" />
<input name="furl" type="hidden" value="<?php echo base_url('payu/fail'); ?>" size="64" />
<input name="curl" type="hidden" value="<?php echo base_url('payu/cancel'); ?>" />
<?php
}
?>
<input type="submit" name="submit_form" value="Click Here for Payment" class="btn btn-info btn-block" >
</form>
有关额外信息,请记住创建一个包含交易 ID、金额、时间戳、状态和所有用户信息字段等字段的交易表。在交易开始之前,即在支付/结帐功能中,您需要插入此表并启动状态。如果您关心黑客攻击,在检查返回哈希后,此交易的成功交易状态字段更新为成功(我检查返回哈希,因为我入侵了 payumoney 网站进行测试并发现如果我不检查返回哈希,我的假交易将成功的。 )
public function success()
{
//print_r($_REQUEST);
$status= $this->input->post('status');
if($status =='success')
{
$txnid = $this->input->post('txnid');
$amount = $this->input->post('amount');
$productinfo = $this->input->post('productinfo');
$firstname = $this->input->post('firstname');
$hash = $this->input->post('hash');
$email = $this->input->post('email');
$udf1 = $this->input->post('udf1');
$udf2 = $this->input->post('udf2');
$udf3 = $this->input->post('udf3');
$udf4 = $this->input->post('udf4');
$udf5 = $this->input->post('udf5');
$key = $this->input->post('key');
$SALT ="Your salt";
If (isset($_POST["additionalCharges"]))
{
$additionalCharges=$_POST["additionalCharges"];
$retHashSeq = $additionalCharges.'|'.$SALT . '|' . $status . '|||||||||||' . $email . '|' . $firstname . '|' . $productinfo . '|' . $amount . '|' . $txnid . '|' . $key;
}else{
$retHashSeq = $SALT . '|' . $status . '|||||||||||' .$udf5.'|'.$udf4.'|'.$udf3.'|'.$udf2.'|'.$udf1.'|'. $email . '|' . $firstname . '|' . $productinfo . '|' . $amount . '|' . $txnid . '|' . $key;
}
$rethash = hash("sha512", $retHashSeq);
if ($rethash != $hash)
{
$data['errmsg'] = " Invalid Transaction . Error Occured";
//echo "Return Hash failed";
redirect('payu/err',$data);
}
// now begin your custome code if a transaction is success
}