Reply
Highlighted
Member
Posts: 6
Registered: ‎05-31-2011

PHP - MD5 - Depreciated Stuff - Confusing Docs - What should I do next ...

OK, I'm one of those "confused" folks mentioned in another thread.

1. My client sends me a panic email - OMG our payment portal is going down, and a copy of the "MD5 Hash End of Life & Signature Key Replacement Update" email. 

2. I start to research this. And I research some more. Then even more.

3. OK, I'm confused. There seems to be conflicting stuff in different docs, and different docs telling me I need to be doing different things. What I need is for somebody to point me to "THE COMPLETE IDIOTS GUILD TO GETTING THIS RIGHT WITH NO CONFLICTING INFORMATION".

4. I'm using a relay response method. Current code is below. From what I can tell, in addition to the HD5 end of life, this method has been depreciated and is near end of life too (don't remember ever getting a notice about that), so at some point it will go away. While I'm trying to figure out the HD5 issue, I might as well rewrite the whole thing to whatever the current acceptable method is.
 - One place tells me (I think) I should be using Webhooks
 - Somewhere else says Authorize.Net API 

OK questions ...
1. Exactly what method should I start using?
This is an insurance application, so all I need to send to autho, other then the credit card info, is a transaction number and the amount (see code below). Nothing complicated at all. One time payment per application and done.

2.What will actually happen on March 14, no, 28. 
If I want to be lazy (I don't), I can just comment the MD5 lines out a skip any type of hash verification completely at the moment. I'm not saying that's a smart thing to do, but it can be done. There's other security already built into the app. If I did than, would payments would keep processing without me changing anything other than killing the MD5 lines, or will it go down completely until I've rewritten things?

Question one above is the important thing. Considering what I'm doing now, point me to the correct replacement for that. Sheesh, I may be an idiot. Thanks in advance.

 

 

 

Current Stuff: PAYMENT PAGE

require_once 'anet_php_sdk/AuthorizeNet.php'; 
$relay_response_url = "https://www.MYWEBSITE.com/processing.php?id=".$enrollmentID;
$api_login_id = 'My APD ID';
$transaction_key = 'xxxxxxxxxxxxxxxx';
$amount = "$totaltoCARD;";
$fp_sequence = $enrollmentID
echo AuthorizeNetDPM::getCreditCardForm($amount, $fp_sequence, $relay_response_url, $api_login_id, $transaction_key );

Current Stuff: RESPONSE PAGE

 

require_once 'anet_php_sdk/AuthorizeNet.php'; // The SDK

$api_login_id = 'My API LOGIN';
$md5_setting = "xxxxxx"; // MD5 Setting
$response = new AuthorizeNetSIM($api_login_id, $md5_setting);
$enrID = $_GET['enrid'];
$transID = $response->transaction_id;
//$transID = htmlentities($_GET['transaction_id']);
$responseC = $_GET['response_code'];

$payDATE = date('Y-m-d');

if ($response->isAuthorizeNet())
	{

// ALL MY PROCESSING GOES HERE ....
Highlighted
All Star
Posts: 733
Registered: ‎11-05-2018

Re: PHP - MD5 - Depreciated Stuff - Confusing Docs - What should I do next ...

Hi @LesMizzell 

 

I do not use DPM/SIM, but have helped many people on this forum who do. I have working code for SIM that I will be posting.  I will also post working code for DPM when I have the chance, and you could greatly help me by posting a sample DPM form to submit in a sandbox.  Here is what another user posted for SIM:

 

<form action="https://test.authorize.net/gateway/transact.dll" method="post">
<input type="HIDDEN" name="x_fp_sequence" value="28897">
<input type="HIDDEN" name="x_fp_timestamp" value="1551197199">
<input type="HIDDEN" name="x_fp_hash" value="1F654DD87486F5F5314E9E03428762B7">
<input type="HIDDEN" name="x_login" value="3Ac2GnPa9X9b">
<input type="HIDDEN" name="x_show_form" value="PAYMENT_FORM">
<input type="HIDDEN" name="x_amount" value="80.00">
<input type="HIDDEN" name="x_method" value="CC">
<input type="HIDDEN" name="x_type" value="AUTH_CAPTURE">
<input type="HIDDEN" name="x_invoice_num" value="28897">
<input type="HIDDEN" name="x_description" value="this is a test">
<input type="HIDDEN" name="x_cust_id" value="12234">
<input type="HIDDEN" name="x_company" value="Testing">
<input type="HIDDEN" name="x_first_name" value="tfn">
<input type="HIDDEN" name="x_last_name" value="fln">
<input type="HIDDEN" name="x_address" value="123 test">
<input type="HIDDEN" name="x_city" value="somewhere">
<input type="HIDDEN" name="x_state" value="mn">
<input type="HIDDEN" name="x_zip" value="55744">
<input type="HIDDEN" name="x_phone" value="111-111-1111">
<input type="HIDDEN" name="x_email" value="test@testing.com">
<input type="HIDDEN" name="x_po_num" value="">
<input type="HIDDEN" name="x_duplicate_window" value="28800">
<input type="HIDDEN" name="x_country" value="US">
<input type="HIDDEN" name="x_currency_code" value="USD">

<input type="HIDDEN" name="x_header_html_payment_form" value="">
<input type="HIDDEN" name="x_footer_html_payment_form" value="If you have any difficulty or questions please call customer support at ">
<input type="HIDDEN" name="x_customer_ip" value="10.1.1.136">
<input type="HIDDEN" name="header_html" value="">
<input type="HIDDEN" name="return_url" value="">
<input type="hidden" name="x_test_request" value="TRUE">
<input type="SUBMIT" value="Click here to pay with a credit card securely on-line">
</form>

 

 

If you could post a sample request like this for DPM that will work (even if only works in md5 right now), I can test for validation and response in sha512. Also answer this question, in DPM you get the response through a silent post URL? I don't need your md5 setting values, ID, none of it. I just need a generic form like this with info populated. I will enter my own credentials.

Highlighted
All Star
Posts: 733
Registered: ‎11-05-2018

Re: PHP - MD5 - Depreciated Stuff - Confusing Docs - What should I do next ...

@LesMizzell 

 

See my latest post in this thread. The verification is a little different than how you have been doing it. It is just something I put together that works. Hope this helps you.

 

https://community.developer.authorize.net/t5/Integration-and-Testing/Working-php-hash-verification/m...

Highlighted
Member
Posts: 6
Registered: ‎05-31-2011

Re: PHP - MD5 - Depreciated Stuff - Confusing Docs - What should I do next ...

Afternoon,

The code posted in my first message is exactly what I'm using now.
It's using the SDK to generate the credit card form. Here's the generated hidden fields for that...

 

<form method="post" action="https://secure.authorize.net/gateway/transact.dll">
<input type="hidden" name="x_amount" value="1.5225;">
<input type="hidden" name="x_delim_data" value="TRUE">
<input type="hidden" name="x_fp_hash" value="HashNumberHere">
<input type="hidden" name="x_fp_sequence" value="1111111">
<input type="hidden" name="x_fp_timestamp" value="1551882250">
<input type="hidden" name="x_login" value="MyLogIn">
<input type="hidden" name="x_relay_response" value="TRUE">
<input type="hidden" name="x_relay_url" value="https://www.MySite.com/account/relay_response.php?enrid=1111111">
<input type="hidden" name="x_version" value="3.1">
<input type="hidden" name="x_delim_char" value=",">

2nd block of code in my first message takes care of the rest. 
That's pretty much it.

Highlighted
All Star
Posts: 733
Registered: ‎11-05-2018

Re: PHP - MD5 - Depreciated Stuff - Confusing Docs - What should I do next ...

Check out what I just linked. I have tested and working DPM code on page 6 of the thread (link should take you straight to page 6, I think at current it is the very last post on page 6). Try that for your validation and if you still have issues post them here.