Transaction Status API in PHP for Payment Gateway

Question

I am working on PayUMoney payment gateway. I have integrated it successfully. Now before undergoing through audit process by PayUMoney suddenly they told me that I have to integrate transaction status API on my portal. They have provided me API for it. I have integrated that also. Following is the code they have provided me.

$key = "gtKFFx";
$salt = "eCwWELxi";
$command = "verify_payment";
$var1 = "NPMM87334121";

//hash formaula
$hash_str = $key  . '|' . $command . '|' . $var1 . '|' . $salt ;
$hash = strtolower(hash('sha512', $hash_str));
$r = array('key' => $key , 'hash' =>$hash , 'var1' => $var1, 'command' => $command);
$qs= http_build_query($r);
$wsUrl = "https://test.payu.in/merchant/postservice.php?form=1";
//$wsUrl = "https://info.payu.in/merchant/postservice?form=1";

$c = curl_init();
curl_setopt($c, CURLOPT_URL, $wsUrl);
curl_setopt($c, CURLOPT_POST, 1);
curl_setopt($c, CURLOPT_POSTFIELDS, $qs);
curl_setopt($c, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
$o = curl_exec($c);
if (curl_errno($c)) {
  $sad = curl_error($c);
  throw new Exception($sad);
}
curl_close($c);

$valueSerialized = @unserialize($o);
if($o === 'b:0;' || $valueSerialized !== false) {
  print_r($valueSerialized);
}
print_r($o);

Above Code gives me response as follows :

Array
(
    [status] => 1
    [msg] => 1 out of 1 Transactions Fetched Successfully
    [transaction_details] => Array
        (
            [NPMM87334121] => Array
                (
                    [mihpayid] => 403993715517090502
                    [request_id] => 
                    [bank_ref_num] => 
                    [amt] => 100813.00
                    [transaction_amount] => 100813.00
                    [txnid] => TRANS-2011-01-05-11-05-00
                    [additional_charges] => 0.00
                    [productinfo] => Test
                    [firstname] => Test User
                    [bankcode] => CC
                    [udf1] => 
                    [udf3] => 
                    [udf4] => 
                    [udf5] => 
                    [field2] => 
                    [field9] => FSS0001-Authentication Not Available
                    [error_code] => E500
                    [payment_source] => payu
                    [card_type] => VISA
                    [error_Message] => Bank failed to authenticate the customer
                    [net_amount_debit] => 0.00
                    [disc] => 0.00
                    [mode] => CC
                    [PG_TYPE] => HDFCPG
                    [card_no] => 411111XXXXXX1111
                    [name_on_card] => Demo
                    [udf2] => 
                    [addedon] => 2018-01-05 11:21:36
                    [status] => failure
                    [unmappedstatus] => failed
                    [Merchant_UTR] => 
                    [Settled_At] => 
                )

        )

)

After this I have written following line to access above response.

$checkout_data = $o['transaction_details'][$var1];

But after this line it gives me following error.

Message: Illegal string offset 'transaction_details'
Message: Illegal string offset 'NPMM87334121'

I don't understand where I am doing the mistake. The response given by payu is in array so if I am accessing it as array, Still why it gives me error.

Check my answer! After print_r($o); you can do in foreach after json_decode.. — Amit Gupta, Jan 09 '18 at 11:12
**So you are working with other people's money now please tell my why do you turn off security? (`CURLOPT_SSL_VERIFYHOST, 0`...)** — Daniel W., Jan 09 '18 at 11:26
@DanFromGermany Code provided by PayU team only. OP not updated CURLOPT_SSL_VERIFYHOST — Amit Gupta, Jan 09 '18 at 11:31
@DanFromGermany Please check once :- https://documentation.payubiz.in/check-status-apis/ — Amit Gupta, Jan 09 '18 at 11:32

score 2 · Answer 1 · answered Aug 03 '19 at 06:40

2

Use this url for Payu Status Api

$wsUrl = "https://test.payu.in/merchant/postservice.php?form=2";

Note variable form=2 not 1
this url return json output while form=1 returns array output which is difficult to manipulate

answered Aug 03 '19 at 06:40

Manjot Singh Dhiman

66
1
5

Swarna Sekhar Dhar · Answer 2 · 2020-06-26T05:38:41.190

it is returning a print_r of the array within a pre tag . the response is not an array its a text as per manojit we have to use

$wsUrl = "https://test.payu.in/merchant/postservice.php?form=2";

form=2 to get json format

Array
(
[status] => 1
[msg] => 1 out of 1 Transactions Fetched Successfully
[transaction_details] => Array
(
[0345b17744cc6e0bab66] => Array
(
[mihpayid] => 403993715521192567
[request_id] =>
[bank_ref_num] =>
[amt] => 1.00
[transaction_amount] => 1.00
[txnid] => 0345b17744cc6e0bab66
[additional_charges] => 0.00
[productinfo] =>    quot CartItemId quot   quot 28729 quot   quot CartId quot   quot 1423 quot   quot ProductId quot
[firstname] => ss dhar
[bankcode] => CC
[udf1] => [{"CartItemId":"28729","CartId":"1423","ProductId":"58","BasePrice":"890.00","Quantity":"1","ItemPromoId":null,"ItemPromoDiscount":null
[udf3] => 9007291400
[udf4] => 12 md road gorabazar
[udf5] => 0345b17744cc6e0bab66
[field2] =>
[field9] => FSS0001-Authentication Not Available.
[error_code] => E501
[addedon] => 2020-06-26 10:49:43
[payment_source] => payu
[card_type] => VISA
[error_Message] => Bank was unable to authenticate.
[net_amount_debit] => 0.00
[disc] => 0.00
[mode] => CC
[PG_TYPE] => HDFCPG
[card_no] => 401200XXXXXX1112
[name_on_card] => swarna sekhar dhar
[udf2] => xyx.9@gmail.com
[status] => failure
[unmappedstatus] => failed
[Merchant_UTR] =>
[Settled_At] =>
)
        )

)
</pre>

Amit Gupta · Answer 3 · 2018-01-09T11:21:38.690

0

Update Curl part of your code like below:

$wsUrl = "https://info.payu.in/merchant/postservice?form=2";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $wsUrl);
curl_setopt($c, CURLOPT_POST, 1);
curl_setopt($c, CURLOPT_POSTFIELDS, $qs);
curl_setopt($c, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
$o = curl_exec($c);
if (curl_errno($c)) {
  $sad = curl_error($c);
  throw new Exception($sad);
}
curl_close($c);

$valueSerialized = @unserialize($o);
if($o === 'b:0;' || $valueSerialized !== false) {
  print_r($valueSerialized);
} 
//print_r($o);

$o = json_decode($o);

foreach($o->transaction_details as $key => $val){
    if(($val->status=="success")&&($val->unmappedstatus=="captured")){
        // Update
    }
}

edited Jan 09 '18 at 11:21

answered Jan 09 '18 at 11:11

Amit Gupta

2,771
2
17
31

After foreach it give me following error : Severity: Notice Message: Trying to get property of non-object – Yogesh k Jan 09 '18 at 11:18
Have you added this $o = json_decode($o); before foreach – Amit Gupta Jan 09 '18 at 11:19
I done it in many of my websites and its working fine. I updated my answer with more code. Check once! – Amit Gupta Jan 09 '18 at 11:22
first add $o = json_decode($o); and then foreach($o->transaction_details as $key => $val){ – Amit Gupta Jan 09 '18 at 11:26
in foreach you can get your all response variables like $val->mihpayid; – Amit Gupta Jan 09 '18 at 11:27
yes. But it gives me error on foreach line : Trying to get property of non-object. – Yogesh k Jan 09 '18 at 11:45
Please debug like this before foreach: echo "
```
"; print_r($o->transaction_details); die;
```
– Amit Gupta Jan 09 '18 at 11:55
its coming in array or json object; if coming in array then do like this: $val['mihpayid'] and if inside NPMM87334121 then $val['NPMM87334121']['mihpayid']. And if object then do like $val->mihpayid; or $val->NPMM87334121->mihpayid; depends upon what is coming. – Amit Gupta Jan 09 '18 at 11:58

score -1 · Answer 4 · answered Jan 09 '18 at 11:33

$valueSerialized = @unserialize($o);
if($o === 'b:0;' || $valueSerialized !== false) {
  print_r($valueSerialized);
}
print_r($o);

$checkout_data = $o['transaction_details'][$var1];

You are accessing the (serialized) string $o instead of the unserialized object $valueSerialized;

So it should be

$checkout_data = $valueSerialized['transaction_details'][$var1];

Huge problems in your script:

You turned off security and you should REMOVE the lines

curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 0);

curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
Variable names are missleading (like unserialized values in a variable called serialized)
You have no error checking regarding the HTTP response status code and you are suppressing errors in @unserialize($o). Do not use @.

Actually whatever written in curl is everything provided by PayUMoney to me. So I dont have any idea about it. I just used it the way they provided me. — Yogesh k, Jan 09 '18 at 11:38
That is not an excuse for poor security. And the answer did not solve your problem? I guess you didn't try. — Daniel W., Jan 09 '18 at 11:39

Transaction Status API in PHP for Payment Gateway

4 Answers4

Linked