Reply
Member
Posts: 2
Registered: ‎03-03-2019
Accepted Solution

Can anyone refer me to developer for MD5Hash update?

I am in quandary as do not have developer. I am using the SIM method and MDHash5 want to upgrade to the accepted host and signature key but not sure how to do. My site is built on php/mysql. If I cannot find someone I am going to have to disable the Authorize.net payment option.

 

Not sure if will let me post email here or can reply or message me please. Thank you.


Accepted Solutions
Solution
Accepted by topic author govirtual1
‎03-08-2019 11:19 AM
Member
Posts: 2
Registered: ‎03-03-2019

Re: Can anyone refer me to developer for MD5Hash update?

@RenaissanceYou are the best! You were the only one who was able to help me update the Hash to Signature key with my website. Thanks!

View solution in original post


All Replies
All Star
Posts: 685
Registered: ‎11-05-2018

Re: Can anyone refer me to developer for MD5Hash update?

Hi @govirtual1

 

I can refer you to myself. Send me a PM. Click on my name and it will let you send me a message.  

Solution
Accepted by topic author govirtual1
‎03-08-2019 11:19 AM
Member
Posts: 2
Registered: ‎03-03-2019

Re: Can anyone refer me to developer for MD5Hash update?

@RenaissanceYou are the best! You were the only one who was able to help me update the Hash to Signature key with my website. Thanks!

Member
Posts: 3
Registered: ‎03-14-2019

Re: Can anyone refer me to developer for MD5Hash update?

I have this procedural code that has been working fine for years. Its simple, straight forward and works.  Now with the migration to HSA512 I wonder how I can upgrade, or if I need to.  I tried to test it in a sandbox but sandboxes do not generate asignature key.  Well here is the code:

 

function authorize_cc ($cc,$exp,$cvv,$amount,$first_name,$last_name,$login='',$tranKey='',$signatureKey=''){

 

$post_string = 'x_login=' . $login;
$post_string .= '&x_tran_key=' . $tranKey;
$post_string .= '&x_delim_data=TRUE';
$post_string .= '&x_url=FALSE';
$post_string .= '&x_type=AUTH_CAPTURE';
$post_string .= '&x_method=CC';
$post_string .= '&x_relay_response=FALSE';
$post_string .= '&x_card_num=' . $cc;
$post_string .= '&x_exp_date=' . $exp;
$post_string .= '&x_amount=' . $amount;
$post_string .= '&x_address=';
$post_string .= '&x_zip=';
$post_string .= '&x_card_code=' . $cvv;
$post_string .= '&x_name=' . $first_name . ' ' . $last_name;

 

//# New SHA512 hash

 

if ($signatureKey != '') {
$textToHash="^". $login."^". $tranKey ."^". $amount."^";
$sig = hash_hmac('sha512', $textToHash, hex2bin($signatureKey));

}
//# Now what do we do with $sig? Do we include the rest of the fields in the hash?

 

$test_url = 'https://test.authorize.net/gateway/transact.dll';
$production_url = 'https://secure2.authorize.net/gateway/transact.dll';

 

$curl_request = curl_init( $test_url );

curl_setopt( $curl_request, CURLOPT_POSTFIELDS, $post_string );
curl_setopt( $curl_request, CURLOPT_HEADER, 0 );
curl_setopt( $curl_request, CURLOPT_TIMEOUT, 45 );
curl_setopt( $curl_request, CURLOPT_RETURNTRANSFER, 1 );
curl_setopt( $curl_request, CURLOPT_SSL_VERIFYHOST, 2 );
curl_setopt( $curl_request, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2 );
curl_setopt( $curl_request, CURLOPT_SSL_VERIFYPEER, false );

$response = curl_exec( $curl_request );

curl_close( $curl_request );

$results = explode(',',$response);

return $results;

}

 

Could anyone give some point on what to do next?

All Star
Posts: 685
Registered: ‎11-05-2018

Re: Can anyone refer me to developer for MD5Hash update?

@Villawinery 

 

You're using the wrong string in your fingerprint. More pressing than the fingerprint is the validation of the response. You will need to implement a sha512 response validation or you will have to disable response validation completely once the md5 is gone. 

Member
Posts: 3
Registered: ‎03-14-2019

Re: Can anyone refer me to developer for MD5Hash update?

That is my question.  How can I implement SHA512 in my routine?  I am using a sand box to test it but the sand box does not gives you a way to generate a key, the only thing you get is the id and the transaction id. I have gone through the SDK, which is very cumbersome to follow, and I have not been able to pinpoint where SHA512 is used to connect through CURD.  My function works well in production and also with the sandbox.  All I need if a way to authorize credit cards and capture the transaction.  I wish Authorize.net would give you points without refereing you to a cumbersome SDK.

Highlighted
All Star
Posts: 685
Registered: ‎11-05-2018

Re: Can anyone refer me to developer for MD5Hash update?

You can generate a signature key in the sandbox. Just go to your API credentials page and select “generate a new signature key”. That’s the first thing you need. The signature key is not something that is unique to each transaction. It is a credential that is tied to you and only changes when you cancel it and get a new one. It is similar to a transaction key in that way.

https://community.developer.authorize.net/t5/Integration-and-Testing/Working-php-hash-verification/m...

Message 58 in that post has 100% tested and working code for SIM/DPM. Go generate a signature key. Copy and paste in that code. There is a fingerprint piece and a separate response verification piece. The code has comments for where each piece is.