PayUMoney integration - How to calculate hash for comparing with response?

Question

Generating Hash for Post request

    $hashSequence = "key|txnid|amount|productinfo|firstname|email|udf1|"
                    ."udf2|udf3|udf4|udf5|udf6|udf7|udf8|udf9|udf10";
    $hashVarsSeq  = explode('|', $hashSequence);
    $hashString   = '';  
    foreach ($hashVarsSeq as $hashVar) {
        $hashString .= isset($payObject['params'][$hashVar]) ? $payObject['params'][$hashVar] : '';
        $hashString .= '|';
    }
    $hashString .= $salt;
    //generate hash
    $hash = strtolower(hash('sha512', $hashString));

After getting successful response generating Hash

$retHashSeq = $salt.'|'.$status.'||||||||'.$udf3.'|'.$udf2.'|'.$udf1.'|'.$email.'|||'.$amount.'|'.$txnid.'|'.$key;
$hash = hash("sha512", $retHashSeq);

But the generated Hash doesn't match with the returned Hash by the PayU server. what could be the problem?? any help would be appreciated.

You are referring to PayU, but I can't find anything about what it should be. — magnetik, Nov 03 '14 at 13:06

score 2 · Answer 1 · edited Jun 20 '20 at 09:12

Hash Calculation in Request and Response in PayUMoney C# API

hashSequence =

key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||salt;

$hash = hash("sha512", $hashSequence);

Where salt is available on the PayUMoney dashboard.

Note: A blank udf field is to be used while computing hashSequence, even if a merchant is not passing any udf field in input request.

For the response hash, the sequence of variables is in reverse order as compared to payment request hash. Also, a status variable added between salt and udf1

Sequence

hashSequence = salt|status||||||udf5|udf4|udf3|udf2|udf1|email|firstname|productinfo|amount|txnid|key;

$hash = hash("sha512", $hashSequence);

Where salt is available on the PayUMoney dashboard.

Here is sample code for response hash calculation:-

                bool isCheckSum = false;
                var strhash = Request.Form["hash"];
                var strstatus = Request.Form["status"];
                var strfirstname = Request.Form["firstname"];
                var stramount = Request.Form["amount"];
                var strtxnid = Request.Form["txnid"];
                var strkey = Request.Form["key"];
                var strproductinfo = Request.Form["productinfo"];
                var stremail = Request.Form["email"];
                var stradditionalCharges = Request.Form["additionalCharges"];
                string strudf1 = Request.Form["udf1"];
                string strudf2 = Request.Form["udf2"];
                string strudf3 = Request.Form["udf3"];
                string strudf4 = Request.Form["udf4"];
                string strudf5 = Request.Form["udf5"];                   

                System.Security.Cryptography.SHA512Managed sha512 = new System.Security.Cryptography.SHA512Managed();
                byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(strSALT + "|" + strstatus + "||||||" + strudf5 + "|" + strudf4 + "|" + strudf3 + "|" + strudf2 + "|" + strudf1 + "|" + stremail + "|" + strfirstname + "|" + strproductinfo + "|" + stramount + "|" + strtxnid + "|" + strkey);
                byte[] hashBytes = sha512.ComputeHash(inputBytes);
                byte[] hashValue;
                string hex = "";
                hashValue = sha512.ComputeHash(inputBytes);
                foreach (byte x in hashValue)
                {
                    hex += String.Format("{0:x2}", x);
                }

                if(strhash == hex)
                {
                    isCheckSum = true;
                }

score 1 · Accepted Answer · answered Nov 03 '14 at 13:15

1

It seems that you are trying to reimplement the PayU REST API. I can't find any reference to the pattern of your $hashSequence in the current version of the REST API.

Have you considered using the official SDK?

answered Nov 03 '14 at 13:15

magnetik

4,351
41
58

so did it work for you ? what's the problem you had ? how you resolved it ? – Kamalakannan J Jul 20 '16 at 19:13

score 0 · Answer 3 · answered Nov 20 '17 at 18:28

This code is for android hashcodegeneration on your server side

   <?php

$key=$_POST["key"];

$salt="xxxxx"; #your payumoney salt
$txnId=$_POST["txnid"];
$amount=$_POST["amount"];
$productName=$_POST["productInfo"];
$firstName=$_POST["firstName"];
$email=$_POST["email"];
$udf1=$_POST["udf1"];
$udf2=$_POST["udf2"];
$udf3=$_POST["udf3"];
$udf4=$_POST["udf4"];
$udf5=$_POST["udf5"];

$payhash_str = $key . '|' . checkNull($txnId) . '|' .checkNull($amount)  . '|' .checkNull($productName)  . '|' . checkNull($firstName) . '|' . checkNull($email) . '|' . checkNull($udf1) . '|' . checkNull($udf2) . '|' . checkNull($udf3) . '|' . checkNull($udf4) . '|' . checkNull($udf5) . '|' . $salt;


function checkNull($value) {
            if ($value == null) {
                  return '';
            } else {
                  return $value;
            }
      }


$hash = strtolower(hash('sha512', $payhash_str));
$arr['result'] = $hash;
$arr['status']=0;
$arr['errorCode']=null;
$arr['responseCode']=null;
$arr['hashtest']=$payhash_str;
$output=$arr;


echo json_encode($output);

?>

score 0 · Answer 4 · answered Feb 08 '18 at 21:55

I know its late to answer this question but this answer might help future searchers. Just download the latest PayUMoney Kit from the official website and put the SALT key in the success.php page too.

Here is my latest success.php

<?php
include'config/db.php'; // Your database connection file if needed
$status=$_POST["status"];
$firstname=$_POST["firstname"];
$amount=$_POST["amount"];
$txnid=$_POST["txnid"];
$posted_hash=$_POST["hash"];
$key=$_POST["key"];
$productinfo=$_POST["productinfo"];
$email=$_POST["email"];

$salt=""; // PLACE YOUR SALT KEY HERE

// Salt should be same Post Request
if(isset($_POST["additionalCharges"])){
  $additionalCharges=$_POST["additionalCharges"];
  $retHashSeq = $additionalCharges.'|'.$salt.'|'.$status.'|||||||||||'.$email.'|'.$firstname.'|'.$productinfo.'|'.$amount.'|'.$txnid.'|'.$key;
}else{
  $retHashSeq = $salt.'|'.$status.'|||||||||||'.$email.'|'.$firstname.'|'.$productinfo.'|'.$amount.'|'.$txnid.'|'.$key;
}

$hash = strtolower(hash('sha512', $retHashSeq)); // NOTE: THIS PART IN YOUR KIT MAY HAVE AN ERROR. THERE YOU MIGHT GET $hash_string instead of $retHashSeq. JUST REPLACE $hash_string with $retHashSeq.

if($hash != $posted_hash){
  // Transaction completed but is Invalid as Hash Values are not Matching. Notify Admin.
  //header('Location: fail.php');
  //exit();
}else{
  // Transaction is Valid. Process orders here.
  //header('Location: thanks.php');
  //exit();
}
?>

PayUMoney integration - How to calculate hash for comparing with response?

4 Answers4

Where salt is available on the PayUMoney dashboard.

Sequence

Where salt is available on the PayUMoney dashboard.

Linked