Question

这是主页，

<?php
// Merchant key here as provided by Payu
$MERCHANT_KEY = "gtKFFx"; //Please change this value with live key for production
$hash_string  = '';
// Merchant Salt as provided by Payu
$SALT = "eCwWELxi"; //Please change this value with live salt for production
// End point - change to https://secure.payu.in for LIVE mode
$PAYU_BASE_URL = "https://test.payu.in";
$action        = '';
$posted        = array();
if (!empty($_POST)) {
    //print_r($_POST);
    foreach ($_POST as $key => $value) {
        $posted[$key] = $value;
    }
}
$formError = 0;
if (empty($posted['txnid'])) {
    // Generate random transaction id
    $txnid = substr(hash('sha256', mt_rand() . microtime()), 0, 20);
} else {
    $txnid = $posted['txnid'];
}
$hash = '';
// Hash Sequence
$hashSequence = "key|txnid|amount|productinfo|firstname|email|phone|udf2|udf3|udf4|udf5|udf6|udf7|udf8|udf9|udf10||||||SALT";
if (empty($posted['hash']) && sizeof($posted) > 0) {
    if (
        empty($posted['key'])
        || empty($posted['txnid'])
        || empty($posted['amount'])
        || empty($posted['firstname'])
        || empty($posted['email'])
        || empty($posted['phone'])
        || empty($posted['productinfo'])
    ) {
        $formError = 1;
    } else {
        $hashVarsSeq = explode('|', $hashSequence);
        foreach ($hashVarsSeq as $hash_var) {
            $hash_string .= isset($posted[$hash_var]) ? $posted[$hash_var] : '';
            $hash_string .= '|';
        }
        $hash_string .= $SALT;
        $hash   = strtolower(hash('sha512', $hash_string));
        $action = $PAYU_BASE_URL . '/_payment';
    }
} elseif (!empty($posted['hash'])) {
    $hash   = $posted['hash'];
    $action = $PAYU_BASE_URL . '/_payment';
}
?>

<html>
    <head>
        <script>
            var hash = '<?php echo $hash ?>';
            function submitPayuForm() {
                if (hash == '') {
                    return;
                }
                var payuForm = document.forms.payuForm;
                payuForm.submit();
            }
        </script>
    </head>
    <body onload="submitPayuForm()">
        <h2>PayU Form</h2>
        <br/>
        <?php if ($formError) { ?>
            <span style="color:red">Please fill all mandatory fields.</span>
            <br/>
            <br/>
        <?php } ?>
        <form action="<?php echo $action; ?>" method="post" name="payuForm" >
            <input type="hidden" name="key" value="<?php echo $MERCHANT_KEY ?>" />
            <input type="hidden" name="hash" value="<?php echo $hash ?>"/>
            <input type="hidden" name="txnid" value="<?php echo $txnid ?>" />

            <input type="hidden" name="surl" value="http://localhost/response.php" />   <!--Please change this parameter value with your success page absolute url like http://mywebsite.com/response.php. -->
            <input type="hidden" name="furl" value="http://localhost/failure.php" /><!--Please change this parameter value with your failure page absolute url like http://mywebsite.com/response.php. -->

            <table>
                <tr>
                    <td><b>Mandatory Parameters</b></td>
                </tr>
                <tr>
                    <td>Amount: </td>
                    <td><input name="amount" value="<?php echo (empty($posted['amount'])) ? '' : $posted['amount'] ?>" /></td>
                    <td>First Name: </td>
                    <td><input name="firstname" id="firstname" value="<?php echo (empty($posted['firstname'])) ? '' : $posted['firstname']; ?>" /></td>
                </tr>
                <tr>
                    <td>Email: </td>
                    <td><input name="email" id="email" value="<?php echo (empty($posted['email'])) ? '' : $posted['email']; ?>" /></td>
                    <td>Phone: </td>
                    <td><input name="phone" value="<?php echo (empty($posted['phone'])) ? '' : $posted['phone']; ?>" /></td>
                </tr>
                <tr>
                    <td>Operator: </td>
                    <td colspan="3"><textarea name="productinfo"><?php echo (empty($posted['productinfo'])) ? '' : $posted['productinfo'] ?></textarea></td>
                </tr>
                <?php if (!$hash) { ?>
                    <td colspan="4"><input type="submit" value="Submit" /></td>
                <?php } ?>
                </tr>
            </table>
        </form>
    </body>
</html>

我正在努力更好地理解算法，因为我是一个基本的开发人员而不是专业人士，这是一个用户定义的手机变量，我从之前的表格中得到。

这里是响应php哪里出错导向朋友如果你想要给出负面标记，但帮助我理解这个算法。

<?php
$status      = $_POST["status"];
$firstname   = $_POST["firstname"];
$amount      = $_POST["amount"]; //Please use the amount value from database
$txnid       = $_POST["txnid"];
$posted_hash = $_POST["hash"];
$key         = $_POST["key"];
$productinfo = $_POST["productinfo"];
$email       = $_POST["email"];
$salt        = "eCwWELxi"; //Please change the value with the live salt for production environment
$phone       = "phone";
//Validating the reverse hash
if (isset($_POST["additionalCharges"])) {
    $additionalCharges = $_POST["additionalCharges"];
    $retHashSeq        = $additionalCharges . '|' . $salt . '|' . $status . '|' . $phone . '|||||||||||' . $email . '|' . $firstname . '|' . $productinfo . '|' . $amount . '|' . $txnid . '|' . $key;
} else {
    $retHashSeq = $salt . '|' . $status . '|' . $phone . '|||||||||||' . $email . '|' . $firstname . '|' . $productinfo . '|' . $amount . '|' . $txnid . '|' . $key;
}
$hash = hash("sha512", $retHashSeq);
if ($hash != $posted_hash) {
    echo "Transaction has been tampered. Please try again";
} else {
    echo "<h3>Thank You, " . $firstname . ".Your order status is " . $status . ".</h3>";
    echo "<h4>Your Transaction ID for this transaction is " . $txnid . ".</h4>";
}

所以请帮我纠正这个算法，以便更好地理解这个payubiz。他们收取订阅费，但是没有适当的支持可以帮助我解决这个问题。

谁能帮助我在payubiz中解决这个sha256 512

0 个答案: