Generate Signature
Use this helper class to generate signature and validate signed response parameters.
1. Create file Signature.php
<?php
namespace Ipsp;
/**
* Class Signature
* @package Ipsp
*/
class Signature {
/**
* @var
*/
private static $password;
/**
* @var
*/
private static $merchant;
/**
* Set merchant password
* @param String $password
* @return mixed
*/
public static function password($password){
self::$password = $password;
}
/**
* Set merchant id
* @param String $merchant
* @return mixed
*/
public static function merchant( $merchant ){
self::$merchant = $merchant;
}
/**
* Generate request params signature
* @param array $params
* @return string
*/
public static function generate(Array $params){
$params['merchant_id'] = self::$merchant;
$params = array_filter($params,'strlen');
ksort($params);
$params = array_values($params);
array_unshift( $params , self::$password );
$params = join('|',$params);
return(sha1($params));
}
/**
* Sign params with signature
* @param array $params
* @return array
*/
public static function sign(Array $params){
if(array_key_exists('signature',$params)) return $params;
$params['signature'] = self::generate($params);
return $params;
}
/**
* Clean array params
* @param array $data
* @return array
*/
public static function clean(Array $data){
if( array_key_exists('response_signature_string',$data) )
unset( $data['response_signature_string'] );
unset( $data['signature'] );
return $data;
}
/**
* Check response params signature
* @param array $response
* @return bool
*/
public static function check(Array $response){
if(!array_key_exists('signature',$response)) return FALSE;
$signature = $response['signature'];
$response = self::clean($response);
return $signature == self::generate($response);
}
}
2. Sign request parameters with signature hash.
<?php
require_once 'Signature.php';
# import Signature class from namespace
use Ipsp\Signature;
# setup merchant id and password
Signature::merchant(1396424);
Signature::password('test');
# request parameters passing to gateway api
$params = array(
'order_id' => 'order_1496920426',
'order_desc' => 'IPSP PHP Order Description'
'currency' => 'USD',
'amount' => '2000',
'response_url' => 'https://merchant.site/response/url',
'server_callback_url' => 'https://merchant.site/callback/url'
);
# finally sign parameters
$params = Signature::sign($params);
3. Validate response parameters handled by response_url or server_callback_url page.
<?php
require_once 'Signature.php';
# import Signature class from namespace
use Ipsp\Signature;
# setup merchant id and password
Signature::merchant(1396424);
Signature::password('test');
# response example stored in $_POST variable
# in this example empty parameters already cleaned up
$response = array(
'masked_card': '444455XXXXXX1111',
'response_status': 'success',
'reversal_amount': '0',
'settlement_amount': '0',
'actual_amount': '2000',
'order_status': 'approved',
'order_time': '08.06.2017 14:13:46',
'actual_currency': 'USD',
'order_id': 'order_1496920426',
'tran_type': 'purchase',
'eci': '06',
'payment_system': 'card',
'approval_code': '123456',
'merchant_id': '1396424',
'payment_id': '47748989',
'currency': 'USD',
'card_bin': '444455',
'card_type': 'VISA',
'amount': '2000',
'signature': '8f30c61a1ee7a917f72a762405f8182dcaa5ce2e'
);
# validate response parameters
if(Signature::check($response)){
echo 'signature is valid. Now we can complete purchase';
} else{
echo 'bad signature throw error'
}