Azericard example

1. <html>
2. <head>
3. <title>Authorization request</title>
4. <link rel="stylesheet" href="/ow/ow.css" type="text/css">
5. </head><body bgcolor="#f0f0f0" text="#000000" leftMargin=0 topMargin=0 marginheight=0 marginwidth=0>
6. <table width="100%" border="0" cellspacing="0" cellpadding="0" class="maintxt">
7.  
8.     <center><table border="0" cellpadding="5" cellspacing="5" width="590">
9.               <form ACTION="https://213.172.75.248/cgi-bin/cgi_link" METHOD="POST">
10.  
11.                 <tbody>
12.                 <tr>
13.                     <td colspan="3" valign="top"><center><font size="4">Order form.</font></center></td>
14.                 </tr>
15.                 <tr>
16.                     <td colspan="3" valign="top"><font size="3"></font></td>
17.                 </tr>
18.                 <tr bgcolor="#808080">
19.                     <td colspan="3" class="copybd" valign="top">Order Details</td>
20.                 </tr>
21.  
22. <?php
23.  
24. function hextTwoBin($hexdata) {
25.   $bindata="";
26.  
27.   for ($i=0;$i<strlen($hexdata);$i+=2) {
28.     $bindata.=chr(hexdec(substr($hexdata,$i,2)));
29.   }
30.  
31.   return $bindata;
32. }
33.  
34. // Getting required fields
35.  
36.     // These fields can change in every request
37.     $db_row['AMOUNT'] = '2.5';
38.     $db_row['CURRENCY'] = 'AZN';
39.     $db_row['ORDER'] = '000001';
40.    
41.     // These fields will be always static
42.     $db_row['DESC'] = 'Description of the sale';
43.     $db_row['MERCH_NAME'] = 'Some Shop';
44.     $db_row['MERCH_URL'] = 'Some shop\'s URL';
45.     $db_row['TERMINAL'] = '77777777';           // That is your personal ID in payment system
46.     $db_row['EMAIL'] = 'Some shop\'s E-mail';
47.     $db_row['TRTYPE'] = '1';                    // That is the type of operation, 1 - Authorization and checkout   
48.     $db_row['COUNTRY'] = 'AZ';
49.     $db_row['MERCH_GMT'] = '+4';
50.     $db_row['BACKREF'] = '<URL of script, reding callback information>';
51.    
52.     //These fields are generated automaticaly every request
53.         $oper_time=gmdate("YmdHis");            // Date and time UTC
54.         $nonce=substr(md5(rand()),0,16);        // Random data
55.    
56. // ------------------------------  
57.  
58.     foreach($db_row as $key => $value){
59.         echo "<tr><td>$key"." = "."$value</td></tr>\n";
60.         #echo "<input name=\"$key\" value=\"$value\" type=\"hidden\">";
61.     }
62.  
63. // Creating form hidden fields
64.  
65. echo "
66.     <input name=\"AMOUNT\" value=\"{$db_row['AMOUNT']}\" type=\"hidden\">
67.    <input name=\"CURRENCY\" value=\"{$db_row['CURRENCY']}\" type=\"hidden\">
68.     <input name=\"ORDER\" value=\"{$db_row['ORDER']}\" type=\"hidden\">
69.     <input name=\"DESC\" value=\"{$db_row['DESC']}\" type=\"hidden\">
70.    <input name=\"MERCH_NAME\" value=\"{$db_row['MERCH_NAME']}\" type=\"hidden\">
71.    <input name=\"MERCH_URL\" value=\"{$db_row['MERCH_URL']}\" type=\"hidden\">
72.    <input name=\"TERMINAL\" value=\"{$db_row['TERMINAL']}\" type=\"hidden\">
73.    <input name=\"EMAIL\" value=\"{$db_row['EMAIL']}\" type=\"hidden\">
74.    <input name=\"TRTYPE\" value=\"{$db_row['TRTYPE']}\" type=\"hidden\">    
75.    <input name=\"COUNTRY\" value=\"{$db_row['COUNTRY']}\" type=\"hidden\">
76.     <input name=\"MERCH_GMT\" value=\"{$db_row['MERCH_GMT']}\" type=\"hidden\">
77.     <input name=\"TIMESTAMP\" value=\"{$oper_time}\" type=\"hidden\">
78.     <input name=\"NONCE\" value=\"{$nonce}\" type=\"hidden\">
79.     <input name=\"BACKREF\" value=\"{$db_row['BACKREF']}\" type=\"hidden\">
80.     ";
81.  
82. // ------------------------------------------------
83.  
84. // Making P_SIGN (MAC)  -         Checksum of request
85. // All following fields must be equal with hidden fields above
86.    
87.     $to_sign = "".strlen($db_row['AMOUNT']).$db_row['AMOUNT']
88.                 .strlen($db_row['CURRENCY']).$db_row['CURRENCY']
89.                 .strlen($db_row['ORDER']).$db_row['ORDER']
90.                 .strlen($db_row['DESC']).$db_row['DESC']
91.                 .strlen($db_row['MERCH_NAME']).$db_row['MERCH_NAME']
92.                 .strlen($db_row['MERCH_URL']).$db_row['MERCH_URL']."-"
93.                 .strlen($db_row['TERMINAL']).$db_row['TERMINAL']
94.                 .strlen($db_row['EMAIL']).$db_row['EMAIL']
95.                 .strlen($db_row['TRTYPE']).$db_row['TRTYPE']
96.                 .strlen($db_row['COUNTRY']).$db_row['COUNTRY']
97.                 .strlen($db_row['MERCH_GMT']).$db_row['MERCH_GMT']
98.                 .strlen($oper_time).$oper_time
99.                 .strlen($nonce).$nonce
100.                 .strlen($db_row['BACKREF']).$db_row['BACKREF'];
101.  
102.     $key_for_sign="AZC#2018091710037399";               // Key for sign will change in production system
103.     $p_sign=hash_hmac('sha1',$to_sign, hextTwoBin($key_for_sign));
104.  
105.     echo "<input name=\"P_SIGN\" value=\"$p_sign\" type=\"hidden\">";
106. // ----------------------------------------------------
107.    
108. ?>
109.                
110.         <table border="0" cellpadding="5" cellspacing="5" width="590" align="center">
111.             <input alt="Submit" type="submit">
112.         </tbody>
113.     </table>
114. </form>
115.  
116. </table>
117. <br><center><hr WIDTH="100%"></center></body>
118. </html>