Generate Signature

Use this helper class to generate signature and validate signed response parameters.

1. Create file Signature.php

<?php
namespace Ipsp;
/**
 * Class Signature
 * @package Ipsp
 */
class Signature {
    /**
     * @var
     */
    private static $password;
    /**
     * @var
     */
    private static $merchant;

    /**
     * Set merchant password
     * @param String $password
     * @return mixed
     */
    public static function password($password){
        self::$password = $password;
    }
    /**
     * Set merchant id
     * @param String $merchant
     * @return mixed
     */
    public static function merchant( $merchant ){
        self::$merchant = $merchant;
    }
    /**
     * Generate request params signature
     * @param array $params
     * @return string
     */
    public static function generate(Array $params){
        $params['merchant_id'] = self::$merchant;
        $params = array_filter($params,'strlen');
        ksort($params);
        $params = array_values($params);
        array_unshift( $params , self::$password );
        $params = join('|',$params);
        return(sha1($params));
    }

    /**
     * Sign params with signature
     * @param array $params
     * @return array
     */
    public static function sign(Array $params){
        if(array_key_exists('signature',$params)) return $params;
        $params['signature'] = self::generate($params);
        return $params;
    }
    /**
     * Clean array params
     * @param array $data
     * @return array
     */
    public static function clean(Array $data){
        if( array_key_exists('response_signature_string',$data) )
            unset( $data['response_signature_string'] );
        unset( $data['signature'] );
        return $data;
    }
    /**
     * Check response params signature
     * @param array $response
     * @return bool
     */
    public static function check(Array $response){
        if(!array_key_exists('signature',$response)) return FALSE;
        $signature = $response['signature'];
        $response  = self::clean($response);
        return $signature == self::generate($response);
    }
}

2. Sign request parameters with signature hash.

<?php
require_once 'Signature.php';
# import Signature class from namespace
use Ipsp\Signature;
# setup merchant id and password 
Signature::merchant(1396424);
Signature::password('test');
# request parameters passing to gateway api
$params = array(
    'order_id'     => 'order_1496920426',
    'order_desc'   => 'IPSP PHP Order Description'
    'currency'     => 'USD',
    'amount'       => '2000',
    'response_url' => 'https://merchant.site/response/url',
    'server_callback_url' => 'https://merchant.site/callback/url'
);
# finally sign parameters
$params = Signature::sign($params);

3. Validate response parameters handled by response_url or server_callback_url page.

<?php
require_once 'Signature.php';
# import Signature class from namespace 
use Ipsp\Signature;
# setup merchant id and password
Signature::merchant(1396424);
Signature::password('test');
# response example stored in $_POST variable   
# in this example empty parameters already cleaned up
$response = array(
    'masked_card': '444455XXXXXX1111',
    'response_status': 'success',
    'reversal_amount': '0',
    'settlement_amount': '0',
    'actual_amount': '2000',
    'order_status': 'approved',
    'order_time': '08.06.2017 14:13:46',
    'actual_currency': 'USD',
    'order_id': 'order_1496920426',
    'tran_type': 'purchase',
    'eci': '06',
    'payment_system': 'card',
    'approval_code': '123456',
    'merchant_id': '1396424',
    'payment_id': '47748989',
    'currency': 'USD',
    'card_bin': '444455',
    'card_type': 'VISA',
    'amount': '2000',
    'signature': '8f30c61a1ee7a917f72a762405f8182dcaa5ce2e'
);
# validate response parameters
if(Signature::check($response)){
    echo 'signature is valid. Now we can complete purchase';
} else{
    echo 'bad signature throw error'
}