Open mintplugins opened 5 years ago
The transHashSHA2 should be checked here in order to confirm there wasn't a man-in-the-middle attack:
https://github.com/AuthorizeNet/sample-code-php/blob/master/PaymentTransactions/charge-credit-card.php#L97
Something like this:
$authorize_hash = $tresponse->getTransHashSha2(); $string = '^' . \SampleCodeConstants::MERCHANT_LOGIN_ID . '^' . $tresponse->getTransId(). '^' . $amount . '^'; $key = hex2bin( \SampleCodeConstants::MERCHANT_SIGNATURE_KEY ); $my_hash = strtoupper( hash_hmac( 'sha512', $string, $key ) ); if( hash_equals ( $authorize_hash, $my_hash ) ) { echo " Successfully created transaction with Transaction ID: " . $tresponse->getTransId() . "\n"; echo " Transaction Response Code: " . $tresponse->getResponseCode() . "\n"; echo " Message Code: " . $tresponse->getMessages()[0]->getCode() . "\n"; echo " Auth Code: " . $tresponse->getAuthCode() . "\n"; echo " Description: " . $tresponse->getMessages()[0]->getDescription() . "\n"; }
The transHashSHA2 should be checked here in order to confirm there wasn't a man-in-the-middle attack:
https://github.com/AuthorizeNet/sample-code-php/blob/master/PaymentTransactions/charge-credit-card.php#L97
Something like this: