集成支付网关时我应该注意哪些安全因素 [英] What security factors I should aware about when integrating payment gateway
问题描述
我对支付网关集成更加新鲜。
我想在我用PHP设计的网站中使用支付网关。
请帮助我了解要记住的安全因素和问题以及如何。
我从支付网关提供商处获得以下表格..
我尝试过:
$ Merchant_Id =your_merchantid; //
$ Amount =amount;
$ Order_Id =orderid; //应该传递给支付网关的唯一ID
$ WorkingKey =working_key ; //由ccavenue给予商家
$ Redirect_Url =sucessurl;
$ Checksum = getCheckSum($ Merchant_Id,$ Amount,$ Order_Id,$ Redirect_Url,$ WorkingKey); //验证所有值
//出于安全原因使用给定的详细信息创建签名
function getchecksum($ MerchantId,$ Amount,$ OrderId,$ URL,$ WorkingKey )
{
$ str =$ MerchantId | $ OrderId | $ Amount | $ URL | $ WorkingKey;
$ adler = 1 ;
$ adler = adler32($ adler,$ str);
返回$ adler;
}
//功能
函数adler32($ adler,$ str)
{
$ BASE = 65521;
$ s1 = $ adler& 0xffff;
$ s2 =($ adler>> 16)& 0xffff;
for($ i = 0; $ i< strlen($ str); $ i ++)
{
$ s1 = ($ s1 + Ord($ str [$ i]))%$ BASE;
$ s2 =($ s2 + $ s1)%$ BASE;
}
返回leftshift($ s2,16)+ $ s1;
}
// leftshift函数
函数leftshift ($ str,$ num)
{
$ str = DecBin($ str);
for($ i = 0; $ i <(64 - strlen($ str)); $ i ++)
$ str =0。$ str;
for($ i = 0; $ i < $ num; $ i ++)
{
$ str = $ str。0;
$ str = substr($ str ,1);
}
返回cdec($ str);
}
// cdec函数
函数cdec($ num)
{
for($ n = 0; $ n< strlen($ num); $ n ++)
{
$ temp = $ num [$ n];
$ dec = $ dec + $ temp * pow(2,strlen( $ num) - $ n - 1);
}
返回$ dec;
}
?> ;
< form id =ccavenuemethod =postaction = https://www.ccavenue.com/shopzone/cc_details.jsp\">
< input type = hidden name =Merchant_Idvalue =Merchant_Id>
< input type =hiddenname =Amountvalue =Amount>
< input type =hiddenname =Order_Idvalue =Order_Id>
< input type =hiddenname =Redirect_Urlvalue =success url>
< input type =hiddenname =TxnType value =A>
< input type =hiddenname =ActionIDvalue =TXN>
< input type =hidden name =Checksumvalue =>
< input type =hiddenname =billing_cust_namevalue =用户名>
< input type =hiddenname =billing_cust_addressvalue =用户地址>
< input type =hiddenname =billing_cust_countryvalue =user country> ;
< input type =hiddenname =billing_cust_stateval ue =用户状态>
< input type =hiddenname =billing_cust_cityvalue =city>
< input type = hiddenname =billing_zipvalue =zip / pin code>
< input type =hiddenname =billing_cust_telvalue =telphone no>
< input type =hiddenname =billing_cust_emailvalue =emailid>
< input type =hiddenname =delivery_cust_namevalue =user名称>
< input type =hiddenname =delivery_cust_addressvalue =发送地址>
< input type =hiddenname =delivery_cust_countryvalue =交付国家/地区>
< input type =hiddenname =delivery_cust_statevalue =交付状态>
< ; input type =hiddenname =delivery_cust_telvalue =telphone no>
< input type =hiddenname =delivery_cust_notesvalue =这是一个测试& gt;
< input type =hiddenname =Merchant_Paramvalue =>
< input type =hiddenname =billing_zip_code value =zip / pin>
< input type =hiddenname =delivery_cust_cityvalue =city>
< input type = submitvalue =立即购买/>
< / form>
I am completely fresher for payment gateway integration.
I want to use payment gateway in my website designed in PHP.
Please help me to know the security factors and issues to keep in mind and how.
I got the below form from payment gateway provider..
What I have tried:
$Merchant_Id = "your_merchantid";//
$Amount = "amount";
$Order_Id ="orderid";//unique Id that should be passed to payment gateway
$WorkingKey = "working_key";//Given to merchant by ccavenue
$Redirect_Url ="sucessurl";
$Checksum = getCheckSum($Merchant_Id,$Amount,$Order_Id ,$Redirect_Url,$WorkingKey); // Validate All value
//creating a signature using the given details for security reasons
function getchecksum($MerchantId,$Amount,$OrderId ,$URL,$WorkingKey)
{
$str ="$MerchantId|$OrderId|$Amount|$URL|$WorkingKey";
$adler = 1;
$adler = adler32($adler,$str);
return $adler;
}
//functions
function adler32($adler , $str)
{
$BASE = 65521 ;
$s1 = $adler & 0xffff ;
$s2 = ($adler >> 16) & 0xffff;
for($i = 0 ; $i < strlen($str) ; $i++)
{
$s1 = ($s1 + Ord($str[$i])) % $BASE ;
$s2 = ($s2 + $s1) % $BASE ;
}
return leftshift($s2 , 16) + $s1;
}
//leftshift function
function leftshift($str , $num)
{
$str = DecBin($str);
for( $i = 0 ; $i < (64 – strlen($str)) ; $i++)
$str = "0″.$str ;
for($i = 0 ; $i < $num ; $i++)
{
$str = $str."0″;
$str = substr($str , 1 ) ;
}
return cdec($str) ;
}
//cdec function
function cdec($num)
{
for ($n = 0 ; $n < strlen($num) ; $n++)
{
$temp = $num[$n] ;
$dec = $dec + $temp*pow(2 , strlen($num) – $n – 1);
}
return $dec;
}
?>
<form id="ccavenue" method="post" action="https://www.ccavenue.com/shopzone/cc_details.jsp">
<input type=hidden name="Merchant_Id" value="Merchant_Id">
<input type="hidden" name="Amount" value="Amount">
<input type="hidden" name="Order_Id" value="Order_Id">
<input type="hidden" name="Redirect_Url" value="success url">
<input type="hidden" name="TxnType" value="A">
<input type="hidden" name="ActionID" value="TXN">
<input type="hidden" name="Checksum" value="">
<input type="hidden" name="billing_cust_name" value="name of user">
<input type="hidden" name="billing_cust_address" value="address of user">
<input type="hidden" name="billing_cust_country" value="user country">
<input type="hidden" name="billing_cust_state" value="state of user">
<input type="hidden" name="billing_cust_city" value="city">
<input type="hidden" name="billing_zip" value="zip/pin code">
<input type="hidden" name="billing_cust_tel" value="telphone no">
<input type="hidden" name="billing_cust_email" value="emailid">
<input type="hidden" name="delivery_cust_name" value="user name">
<input type="hidden" name="delivery_cust_address" value="delivering address">
<input type="hidden" name="delivery_cust_country" value="delivering country">
<input type="hidden" name="delivery_cust_state" value="delivering state">
<input type="hidden" name="delivery_cust_tel" value="telphone no">
<input type="hidden" name="delivery_cust_notes" value="this is a test">
<input type="hidden" name="Merchant_Param" value="">
<input type="hidden" name="billing_zip_code" value="zip/pin">
<input type="hidden" name="delivery_cust_city" value="city">
<input type="submit" value="Buy Now" />
</form>
推荐答案
Merchant_Id =your_merchantid; //
Merchant_Id = "your_merchantid";//
Amount =amount;
Amount = "amount";
Order_Id =orderid; //应传递的唯一ID到支付网关
Order_Id ="orderid";//unique Id that should be passed to payment gateway
这篇关于集成支付网关时我应该注意哪些安全因素的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!