Can any body help me about how to integrate migs (MasterCard Virtual Payment Client) in a php website !
I have read the reference guide but it's unhelpful!
//This value submited to the MIGS PAYMENT GATEWAY
$SECURE_SECRET = $signature; //value from migs payment gateway
$accessCode = $accesscode;//value from migs payment gateway
$merchantId = $merchantid;//value from migs payment gateway
$paymentdata = array(
"vpc_AccessCode" => $accessCode,
"vpc_Amount" => ($amount*100),//our product price , must multipy by 100
"vpc_Command" => 'pay',
"vpc_Locale" => 'en',// order id
"vpc_MerchTxnRef" => random_unique_value(like session),
"vpc_Merchant" => $merchantId,
"vpc_OrderInfo" => "Some Comment",
"vpc_ReturnURL" => "htps://yoursite.com/returnpoint",//here code for db updation, return variable here
"vpc_Version" => '1'
);
$actionurl = 'https://migs.mastercard.com.au/vpcpay' . "?";
$HashData = $SECURE_SECRET;
$str = 0;
foreach ($paymentdata as $key => $value) {
// create the md5 input and URL
if (strlen($value) > 0) {
// this ensures the first paramter of the URL is preceded by the '?' char
if ($appendAmp == 0) {
$actionurl .= urlencode($key) . '=' . urlencode($value);
$str = 1;
} else {
$actionurl .= '&' . urlencode($key) . "=" . urlencode($value);
}
$HashData .= $value;
}
}
if (strlen($SECURE_SECRET) > 0){$actionurl .= "&vpc_SecureHash=" . strtoupper(md5($HashData));}
header("Location: " . $actionurl);
}
/////////////////////RETURN VALUE/////////////////////////////////
the return url will be like
https://yoursite.com/returnpoint?vpc_TransactionNo="migs_transaction_number"&vpc_MerchTxnRef="random_unique_value(we post to migs)"&vpc_TxnResponseCode=value&vpc_Message="value"
if vpc_TxnResponseCode = 0 -- success ,vpc_Message = approved -- paymet is success , All other unsuccessfull payment
You could use the Omnipay PHP Library which has support for the MIGS gateway.
An example of the off-site payment processing (3-Party) looks like this:
use Omnipay\Omnipay;
$gateway = Omnipay::create('Migs_ThreeParty');
$gateway->setMerchantId('foo');
$gateway->setMerchantAccessCode('foo');
$gateway->setSecureHash('foo');
$response = $gateway->purchase(array('amount' => '10.00', 'currency' => 'AUD'))->send();
if ($response->isRedirect()) {
// redirect to offsite payment gateway
$response->redirect();
} else {
// payment failed: display message to customer
echo $response->getMessage();
}
implementing migs payment gateway in which we need to post some details to the
https://migs.mastercard.com.au/vpcpay? this url with the below datas
/*"vpc_AccessCode" the accesscode given by Migs
"vpc_Amount" Amount that is multiplied by 100
"vpc_Command" ='pay',default pay
"vpc_Locale" = 'en' // language
"vpc_MerchTxnRef" orderId // Should be Unique for each payment
"vpc_Merchant" // merchant ID
"vpc_OrderInfo" // Desc or and details of Product
"vpc_ReturnURL" // SuccessUrl
"vpc_Version" = '1'
&vpc_SecureHash = // create MD5 of all the values that are passed */
Creating Url
$SECURE_SECRET = "YEOCOEN29B0785F1FF1E3C0FA8A3FUJK";
$accessCode = '546484645';
$merchantId = '5465465288';
if($migs_testmode ==1) {
$SECURE_SECRET = "YEOCOEN29B0785F1FF1E3C0FA8A3FUJK";
$accessCode = '98989645';
$merchantId = '56456456489';
}
$amount ='10.00';
$unique_id = rand(999999,8988888888);//this is a sample random no
$postdata = array(
"vpc_AccessCode" => $accessCode,
"vpc_Amount" => ($amount*100),
"vpc_Command" => 'pay',
"vpc_Locale" => 'en',
"vpc_MerchTxnRef" => $unique_id,
"vpc_Merchant" => $merchantId,
"vpc_OrderInfo" => 'this is a product',
"vpc_ReturnURL" => "https://mywebsite.com/success.php",
"vpc_Version" => '1');
$vpcURL = 'https://migs.mastercard.com.au/vpcpay?';
$md5Hash = $SECURE_SECRET;
$appendAmp = 0;
foreach ($wpay_postdata as $key => $value) {
if (strlen($value) > 0) {
if ($appendAmp == 0) {
$vpcURL .= urlencode($key) . '=' . urlencode($value);
$appendAmp = 1;
} else {
$vpcURL .= '&' . urlencode($key) . "=" . urlencode($value);
}
$md5Hash .= $value;
}
}
if (strlen($SECURE_SECRET) > 0) {
$vpcURL .= "&vpc_SecureHash=" . strtoupper(md5($md5Hash));
}
header("Location: " . $vpcURL)
for detailed result is available here
I tried MIGS mastercard intergration in python django. I went through lot of problems. Here is my experience with integrating MIGS with My web application. I was using VPC Integration reference 3.1.21.1
While implementing Mode1 VPC: I got 400 Bad request. Which is due to Secure hash code for my case. This error occurs if user is sending wrong fields names or non sorted order.
Once I resolved Mode1 error, I used external payment selection(EPS), Where I send VPC_card and VPC_gateway additional field with Mode1 VPC parameters. I got 400 Bad request. So after long discussion with MIGS support team. We resolve it by changing vpc_card to vpc_Card and vpc_Gateway. Which was document error.
Once I able to bypass card type page. I tried to complete Mode 2 VPC implementation.So, In this case I added vpc_CardNum,vpc_vpc_CardExp,vpc_CardSecurityCode additional fields with above point request. I send GET request. It didnot work. For card details or Mode2 we have to use POST request.
For mode2 VPC, we should use POST request with HTTPS not HTTP. Self-signed certificate will be fine. So, I send HTTPS POST request with additional parameter, But It still didnot work, I got 403 forbidden error. Because, Content-type is application/json for my ajax call. So after using default POST content-type. It worked fine.
Sample code for python developer: Here in migs.config.app I am adding system variable which nothing to do with Migs. So User can ignore it.
import hashlib
import urllib, urllib2
from migs.config.app_config import *
'''
This method is for sorting the fields and creating an MD5 secure hash.
#param fields is a map of all the incoming hey-value pairs from the VPC
#param buf is the hash being returned for comparison to the incoming hash
'''
class MigsClient(object):
def __init__(self, secure_token, vpc_url, server_name):
self.secure_secret = secure_token
self.vpcURL = vpc_url
self.server_name = server_name
def hash_all_fields(self,fields):
buf = ""
# create a list and sort it
fieldNames = fields.keys();
fieldNames.sort()
# create a buffer for the md5 input and add the secure secret first
buf = buf + self.secure_secret
for key in fieldNames:
print key,fields[key]
buf = buf + fields[key]
# iterate through the list and add the remaining field values
# create the md5 hash and UTF-8 encode it
try:
m = hashlib.md5()
m.update(buf)
ba = m.hexdigest()
ba = ba.upper()
return ba
except Exception,e:
import traceback
traceback.print_exc()
def setup(self, fields,additional_fields=None):
#The Page does a redirect to the Virtual Payment Client
#retrieve all the parameters into a hash map
# no need to send the vpc url, EnableAVSdata and submit button to the vpc
'''
Retrieve the order page URL from the incoming order page and add it to
the hash map. This is only here to give the user the easy ability to go
back to the Order page. This would not be required in a production system
NB. Other merchant application fields can be added in the same manner
'''
'''
Create MD5 secure hash and insert it into the hash map if it was created
created. Remember if self.secure_secret = "" it will not be created
'''
if self.secure_secret:
secureHash = self.hash_all_fields(fields);
fields["vpc_SecureHash"] = secureHash;
# Create a redirection URL
buf = self.vpcURL+'?';
if not additional_fields:
buf = buf + urllib.urlencode(fields)
else:
buf = buf + urllib.urlencode(fields)+"&"+urllib.urlencode(additional_fields)
return buf
#return fields["vpc_ReturnURL"], buf
def post_setup(self,fields, additional_fields=None):
try:
if self.secure_secret:
secureHash = self.hash_all_fields(fields);
fields["vpc_SecureHash"] = secureHash;
return self.vpcURL,fields
except:
import traceback
traceback.print_exc()
Above is sample code which user can use to sort and create Get request and POST request and post dictionary.
Related
I'm building a PHP based webpage. I want to use REST APIs to store, read and update data in an AZURE Cosmos DB.
First challenge is to generate the authentication token with the masterkey. I used the Microsoft documentation: https://learn.microsoft.com/de-de/rest/api/cosmos-db/access-control-on-cosmosdb-resources
and a postman collection* as a reference to build the code below.
*see
https://www.youtube.com/watch?v=2ndj_-zp82Y
https://github.com/MicrosoftCSA/documentdb-postman-collection
I used the console log from postman to compare each step and figured out that there are different results** but I have no clue how to get the same results from my PHP like from Postman
**
key64 PHP:
WUtDMFF5VWZkZ1NsTFp5UmU5ZVBMbW9jV3ZSN.....==
key64 Postman:
60a0b443251f7604a52d9c917bd78f2e6a1c5af4790d3f67dc7dbd513d173418... NO == at the end
authstring PHP:
type%253Dmaster%2526ver%253D1.0%2526sig%.....
authstring POSTMAN:
type%3Dmaster%26ver%3D1.0%26sig%3.....
POSTMAN (JS)
// store our master key for documentdb
var mastKey = postman.getEnvironmentVariable("DocumentDBMasterKey");
console.log("mastKey = " + mastKey);
// store our date as RFC1123 format for the request
var today = new Date();
var UTCstring = today.toUTCString();
postman.setEnvironmentVariable("RFC1123time", UTCstring);
// Grab the request url
var url = request.url.trim();
console.log("request url = " + url);
// strip the url of the hostname up and leading slash
var strippedurl = url.replace(new RegExp('^https?://[^/]+/'),'/');
console.log ("stripped Url = " + strippedurl);
// push the parts down into an array so we can determine if the call is on a specific item
// or if it is on a resource (odd would mean a resource, even would mean an item)
var strippedparts = strippedurl.split("/");
var truestrippedcount = (strippedparts.length - 1);
console.log(truestrippedcount);
// define resourceId/Type now so we can assign based on the amount of levels
var resourceId = "";
var resType = "";
// its odd (resource request)
if (truestrippedcount % 2)
{
console.log("odd");
// assign resource type to the last part we found.
resType = strippedparts[truestrippedcount];
console.log("resType");
console.log(resType);
if (truestrippedcount > 1)
{
// now pull out the resource id by searching for the last slash and substringing to it.
var lastPart = strippedurl.lastIndexOf("/");
resourceId = strippedurl.substring(1,lastPart);
console.log(resourceId);
}
}
else // its even (item request on resource)
{
console.log("even");
// assign resource type to the part before the last we found (last is resource id)
resType = strippedparts[truestrippedcount - 1];
console.log("resType");
// finally remove the leading slash which we used to find the resource if it was
// only one level deep.
strippedurl = strippedurl.substring(1);
console.log("strippedurl");
// assign our resourceId
resourceId = strippedurl;
console.log("resourceId");
console.log(resourceId);
}
// assign our verb
var verb = request.method.toLowerCase();
// assign our RFC 1123 date
var date = UTCstring.toLowerCase();
// parse our master key out as base64 encoding
var key = CryptoJS.enc.Base64.parse(mastKey);
console.log("key = " + key);
// build up the request text for the signature so can sign it along with the key
var text = (verb || "").toLowerCase() + "\n" +
(resType || "").toLowerCase() + "\n" +
(resourceId || "") + "\n" +
(date || "").toLowerCase() + "\n" +
"" + "\n";
console.log("text = " + text);
// create the signature from build up request text
var signature = CryptoJS.HmacSHA256(text, key);
console.log("sig = " + signature);
// back to base 64 bits
var base64Bits = CryptoJS.enc.Base64.stringify(signature);
console.log("base64bits = " + base64Bits);
// format our authentication token and URI encode it.
var MasterToken = "master";
var TokenVersion = "1.0";
auth = encodeURIComponent("type=" + MasterToken + "&ver=" + TokenVersion + "&sig=" + base64Bits);
console.log("auth = " + auth);
// set our auth token enviornmental variable.
postman.setEnvironmentVariable("authToken", auth);
PHP CODE
#PHP Script
function generateAuthKey($url, $method){
$key = "****************";
$date = new DateTime('');
$date = $date->format('D, d M Y H:i:s O');
$ressourcetype = "";
$strippedurl = parse_url($url, PHP_URL_PATH);
$strippedparts = explode("/", $strippedurl);
$strippedurlcount = sizeof($strippedparts)-1;
#GET RESSOURCE TYPE
if ($strippedurlcount % 2){
$resType = $strippedparts[$strippedurlcount];
if ($strippedurlcount > 1){
$ressourcetype = $strippedparts[$strippedurlcount];
}
}
else{
$ressourcetype = $strippedparts[$strippedurlcount-1];
}
$sig = nl2br(strtolower($method)."\n".strtolower($ressourcetype)."\n".$strippedurl."\n".strtolower($date)."\n".""."\n");
$sig = utf8_encode($sig);
$key64 = base64_encode($key);
echo $key64."\n";
$hmac = hash_hmac('sha256',$sig,$key64);
$token = "type=master&ver=1.0&sig=".$hmac;
return urlencode($token);
}
How can I change the PHP script to provide the same output as Postman (JS)?
I believe the issue is with the following line of code:
$key64 = base64_encode($key);
As per the REST API documentation, you should be doing a base64_decode of your key as the key is already base64 encoded.
Please try by changing your code to:
$key64 = base64_decode($key);
While this is an old question, I'll note a couple issues with the author's code:
It was not necessary to utf8_encode() -- trying to utf8 encode a string that is already valid ISO-8859-1 can produce unexpected results. Also note that this method is deprecated as of PHP 8.2.0.
The author was returning the string output of hash_hmac(), rather than binary.
Here is how you correctly generate a signature in PHP. Bear in mind that all requests to the Cosmos REST API, needs to include an x-ms-date header, which matches the same date used to generate the token. It's up to you how to want to handle that, but in my case, I chose to return the date and token as an array from the function. You could also consider making the function return the entire header array all at once.
I am using Carbon and Guzzle in this example.
private function cosmosAuth(string $method, string $resourceType, string $resourceLink)
{
$date = Carbon::now()->toRfc7231String();
// alternatively: gmdate('D, d M Y H:i:s T')
$key = base64_decode(MY_COSMOS_KEY);
$body = $method . "\n" .
$resourceType . "\n" .
$resourceLink . "\n" .
$date . "\n" .
"\n";
$hash = hash_hmac('sha256', strtolower($body), $key, true);
$signature = base64_encode($hash);
$tokenType = "master";
$tokenVersion = "1.0";
$token = urlencode("type={$tokenType}&ver={$tokenVersion}&sig={$signature}");
return [
'date' => $date,
'token' => $token
];
}
Here is an example of a request to update a document. Note if you created your collection with a partition key, you also must pass the partition key value in the x-ms-documentdb-partitionkey header. The format here is a little janky, with Microsoft expecting a string representation of an array containing the value.
$resource = "dbs/{$database}/colls/{$collection}/docs/{$documentId}";
$auth = $this->cosmosAuth("PUT", "docs", $resource);
try {
$client = new \GuzzleHttp\Client();
$client->request("PUT", "https://{$account}.documents.azure.com/{$resource}", [
'headers' => [
'authorization' => $auth['token'],
'x-ms-date' => $auth['date'],
'x-ms-documentdb-partitionkey' => '["'.$documentId.'"]',
],
'json' => $documentData
]);
}
catch (Exception $e) {
$this->log("error: {$e->getMessage()}");
}
Microsoft resources:
Constructing a hashed token
Replace a document
Trying to integrate tranzila payment gateway in my php project and testing with dummy credit card numbers on localhost before go live.I get php code from tranzila official document.
code given below
`
$tranzila_api_host = 'secure5.tranzila.com';
$tranzila_api_path = '/cgi-bin/tranzila71u.cgi';
// Prepare transaction parameters
$query_parameters['supplier'] = 'TERMINAL_NAME'; // 'TERMINAL_NAME' should be replaced by actual terminal name
$query_parameters['sum'] = '45'; // Transaction sum
$query_parameters['currency'] = '1'; // Type of currency 1 NIS, 2 USD, 978 EUR, 826 GBP, 392 JPY
$query_parameters['ccno'] = '12312312'; // Test card number
$query_parameters['expdate']= '0820'; // Card expiry date: mmyy
$query_parameters['myid'] = '12312312'; // ID number if required
$query_parameters['mycvv'] = '123'; // number if required
$query_parameters['cred_type'] = '1'; // This field specifies the type of transaction, 1 - normal transaction, 6 - credit, 8 - payments
// $query_parameters['TranzilaPW'] = 'TranzilaPW' ;
$query_string = '' ;
foreach($query_parameters as $name => $value) {
$query_string .= $name.'='.$value.'&' ;
}
$query_string = substr($query_string , 0 , - 1 ) ; // Remove trailing '&'
// Initiate CURL
$cr = curl_init();
curl_setopt($cr,CURLOPT_URL ,"https://$tranzila_api_host$tranzila_api_path");
curl_setopt($cr,CURLOPT_POST,1);
curl_setopt($cr,CURLOPT_FAILONERROR,true);
curl_setopt($cr,CURLOPT_POSTFIELDS,$query_string) ;
curl_setopt($cr,CURLOPT_RETURNTRANSFER,1);
curl_setopt($cr,CURLOPT_SSL_VERIFYPEER,0);
// Execute request
$result = curl_exec($cr);
$error = curl_error($cr);
if(!empty($error)){
die( $error );
}
curl_close ($cr);
// Preparing associative array with response data
$response_array = explode('&',$result);
$response_assoc = array();
if(count($response_array) > 1){
foreach($response_array as $value){
$tmp = explode('=',$value);
if (count($tmp) > 1 ){
$response_assoc [$tmp[0]] = $tmp[1];
}
}
}
// Analyze the result string
if(!isset($response_assoc['Response'])){
die($result."\n");
/**
* When there is no 'Response' parameter it either means
* that some pre-transaction error happened (like authentication
* problems), in which case the result string will be in HTML format,
* explaining the error, or the request was made for generate token only
* (in this case the response string will only contain 'TranzilaTK'
* parameter)
*/
}else if($response_assoc['Response'] !== '000'){
die($response_assoc['Response']."\n");
// Any other than '000' code means transaction failure
// (bad card, expiry, etc ..)
}else{
die("Success \n");
}
`
Here i replaced supplier with my original supplier name which i can't show here for security reasons.When run this code with actual supplier i got 'Not Authorized' error.
I am using mastercard payment gateway .
All works fine if I hardcode the data or string of the hash_hmac sha256.
the working version:
$vpcURL = 'https://migs.mastercard.com.au/vpcpay?';
$secret = strtoupper("MYSECRET CODE");
$data ="vpc_AccessCode=0E5AC9E6&vpc_Amount=1000&vpc_Command=pay&vpc_Locale=en&vpc_MerchTxnRef=TEST_TRN&vpc_Merchant=TESTSITE&vpc_OrderInfo=123&vpc_ReturnURL=https://www.examplesite.com/payment-confirmation/&vpc_Version=1";
$sha256_hmac = strtoupper(hash_hmac('sha256', $data, pack('H*', $secret)));
header("Location: " . $vpcURL . "&" . $data . "&vpc_SecureHash=" . $sha256_hmac."&vpc_SecureHashType=SHA256");
but I can not pass the hardcoded value to the vpc_Amount
I am getting the amount from a form where user can input the amount they wish.
So I am getting the amount from:
$totalAmount = $_POST['totalAmount'];
Now I want to pass this $totalAmount to the $data.
So I change the $data to this:
$data ="vpc_AccessCode=0E5AC9E6&vpc_Amount=$totalAmount&vpc_Command=pay&vpc_Locale=en&vpc_MerchTxnRef=TEST_TRN&vpc_Merchant=TESTSITE&vpc_OrderInfo=123&vpc_ReturnURL=https://www.examplesite.com/payment-confirmation/&vpc_Version=1";
When I use this the payment gateway directly goes to the confirmation page : https://www.examplesite.com/payment-confirmation/ and the all the values are empty.
I think it is a simple syntex error..
How can I fix this?
how to pass the $totalAmount to $data correctly?
print_r ($data); gives this:
vpc_AccessCode=0E5AC9E6&vpc_Amount=58,258.00&vpc_Command=pay&vpc_Locale=en&vpc_MerchTxnRef=TEST_TRN&vpc_Merchant=TESTSITE&vpc_OrderInfo=123&vpc_ReturnURL=https://www.examplesite.com/payment-confirmation/?vpc_Version=1
UPDATE
if I update the code to
$real_integer_amount = filter_var($totalAmount, FILTER_SANITIZE_NUMBER_INT);
$data ="vpc_AccessCode=0E5BC9E7&vpc_Amount={$real_integer_amount}&vpc_Command=pay&vpc_Locale=en&vpc_MerchTxnRef=TEST_TRN&vpc_Merchant=TESTSITE&vpc_OrderInfo=123&vpc_ReturnURL=https://www.examplesite.com/payment-confirmation/?vpc_Version=1";
in confirmation page it shows the real amount and others are empty but still not going to the payment gateway where user can input their card details
I can't imagine the receiving server wants commas in the value. Also, you should build a query string like this to avoid problems with unescaped values:
<?php
$vpcURL = 'https://migs.mastercard.com.au/vpcpay?';
$secret = strtoupper("MYSECRET CODE");
$totalAmount = str_replace(",", "", $_POST["totalAmount"]);
$data = [
"vpc_AccessCode" => "0E5AC9E6",
"vpc_Amount" => $totalAmount,
"vpc_Command" => "pay",
"vpc_Locale" => "en",
"vpc_MerchTxnRef" => "TEST_TRN",
"vpc_Merchant" => "TESTSITE",
"vpc_OrderInfo" => "123",
"vpc_ReturnURL" => "https://www.examplesite.com/payment-confirmation/",
"vpc_Version" => "1",
];
$data = http_build_query($data);
$sha256_hmac = strtoupper(hash_hmac('sha256', $data, pack('H*', $secret)));
header("Location: " . $vpcURL . "&" . $data . "&vpc_SecureHash=" . $sha256_hmac."&vpc_SecureHashType=SHA256");
what I posted in first works very fine..
if I change vpc_amount to any (hardcoded) values that works..
the problem was when I assign the $totalAmount to vpc_amount the variable ($totalAmount) holds decimal points and thousand separators..
that makes this issue..
I just wanted to sanitize the variable before passing this totalAmount to the datato make it works..
so I've updated it as:
$real_integer_amount = filter_var($totalAmount, FILTER_SANITIZE_NUMBER_INT);
and now this works fine..
so the final working code is :
$vpcURL = 'https://migs.mastercard.com.au/vpcpay?';
$secret = strtoupper("My Secret Code");
$real_integer_amount = filter_var($totalAmount, FILTER_SANITIZE_NUMBER_INT);
$data ="vpc_AccessCode=0E5AC9E6&vpc_Amount=$real_integer_amount&vpc_Command=pay&vpc_Locale=en&vpc_MerchTxnRef=TEST_TRN&vpc_Merchant=TESTSITE&vpc_OrderInfo=123&vpc_ReturnURL=https://www.trinitycollege.lk/payment-confirmation/&vpc_Version=1";
$sha256_hmac = strtoupper(hash_hmac('sha256', $data, pack('H*', $secret)));
header("Location: " . $vpcURL . "&" . $data . "&vpc_SecureHash=" . $sha256_hmac."&vpc_SecureHashType=SHA256");
#MagnusEriksson : thanks for the time and suggestions.. URL encoding did nothing with this issue.
#pvg there was no any spelling mistakes.. if I just use {$totalAmount} in the $data it did not work.. but this needed this : FILTER_SANITIZE_NUMBER_INT
#miken32 thank you for your answer. I've tried to use your code just by replacing the params with my actual detail.. but it gave me this error "HTTP Status - 400 E5000: Cannot form a matching secure hash based on the merchant's request using either of the two merchant's secrets"
I've double checked the spelling and values/params
This may help someone else in future..
I am trying to implement CommWeb on my PHP site. It isn't working. I am getting following error message:
HTTP Status - 400
E5000: Required field vpc_AccessCode was not present in the request
How can I fix this? I haven't found anything helpful in the documentation.
Here is my code:
<?php
//Merchant Admin URL: https://migs.mastercard.com.au/ma/CBA
//Merchant ID: TEST
//Operator ID: Admin
//Password: d#test
// Access Code AEFTEST 1A22FTESTTEST
$session_id = 1;
$finalprice = 50;
$testarr = array(
"vpc_Amount" => $finalprice*100,//Final price should be multifly by 100
"vpc_AccessCode" => "AEFTEST",//Put your access code here
"vpc_Command"=> "pay",
"vpc_Locale"=> "en",
"vpc_MerchTxnRef"=> "CLI".$session_id, //This should be something unique number, i have used the session id for this
"vpc_Merchant"=> "TEST",//Add your merchant number here
"vpc_OrderInfo"=> "1A22FTESTTEST",//this also better to be a unique number
"vpc_ReturnURL"=> "http://localhost/test1/index.php/commweb/",//Add the return url here so you have to code here to capture whether the payment done successfully or not
"vpc_Version"=> "1");
ksort($testarr); // You have to ksort the arry to make it according to the order that it needs
$SECURE_SECRET = "d#test";//Add the secure secret you have get
$securehash = $SECURE_SECRET;
$url = "https://migs.mastercard.com.au/ma/CBA";
foreach ($testarr as $key => $value)
{
$securehash .= $value;
$url .= $key."=".urlencode($value)."&";
}
$securehash = md5($securehash);//Encoding
$url .= "vpc_SecureHash=".$securehash;
header("location:https://migs.mastercard.com.au/vpcpay?$url");
?>
I am using the following code to work, but it is not working
require('DIBSFunctions.php');
//Define input variables (here simply static variables)
$Merchant = "123456";
$OrderID = "AHJ798123AH-BH";
$Currency = "208"; //DKK
$Amount = "30000"; //In smallest possible unit 30000 Øre = DKK 300
$CardNo = "5019100000000000"; //DIBS test Dankort values
$ExpMon = "06"; //DIBS test Dankort value
$ExpYear = "13"; //DIBS test Dankort value
$CVC = "684"; //DIBS test Dankort value
$MD5['K1'] = "~.(S96%u|(UV,~ifxTt.DAKSNb&SKAHD"; //K1 and K2 MUST be gathered through
$MD5['K2'] = "qJuH6vjXHLSDB*%¤&/hbnkjlBHGhjJKJ"; //ones DIBS admin-webinterface.
//Call function DIBSAuth to authorise payment
$RES = DIBSAuth($Merchant,$Amount,$Currency,$CardNo,$ExpMon,$ExpYear,$CVC,$OrderID,$MD5);
echo '<pre>';
print_r($RES);
//Check the response (the DIBS API returns the variable transact on success)
if ( $RES['transact'] != "" )
{
printf ("Authorisation successful! TransaktionID = %s",$RES['transact']);
//Call function DIBSCapt to capture payment
$RES2 = DIBSCapt($Merchant, $Amount, $RES['transact'], $OrderID);
if ( $RES2['status'] == "ACCEPTED" )
{
printf ("Transaction completed");
} else {
printf ("Capture failed!");
}
} else {
printf ("Authorisation failed");
}
This is the code output
Array
(
[reason] => 2
[status] => DECLINED
)
Authorisation failed
require('DIBSFunctions.php');
this file contains the username and password, I am providing it. e.g.
function http_post($host, $path, $data, $auth="") {
$auth['username'] = '123456';
$auth['password'] = '987656656';
//rest of the code
}
if someone wants to see the file 'DIBSFunctions.php' it can be downloadable from here http://tech.dibspayment.com/toolbox/downloads/dibs_php_functions/
i contact to the technical support and got the answer below:
The problem you are experiencing is due to the fact that you are trying to send us real card numbers (test or live). This form of integration requires a PCI certification of your systems.
Most customers use a so called hosted solution, where you use our payment windows. Please refer to tech.dibs.dk for documentation.