Just struggled through the md5
redirect hash calc with .net 6 (asp.net) as I wasn't exactly sure if the redirection url was just the querystring or the absolute path, including the querystring. (even after reading the docs, it wasn't exactly clear for those of us who are not PHP devs)
A bit of clarification may help:
The hash is calc'd off the the fully qualified url, excluding the &hash=<val>
parameter. So, if the redirect url is:
https://example.com/e-junkie?payer_email=joe.dirt%40hash.fyi&txn_id=jg-2LIVRB-RX2WAW5FB112F9C&first_name=Joe&last_name=dir&payment_status=Completed¤cy=USD&client_id=123456&gross=99.00&hash=ef548cb791f36319940520fb31b45b4f
Then the hash is based off:
https://example.com/e-junkie?payer_email=joe.dirt%40hash.fyi&txn_id=jg-2LIVRB-RX2WAW5FB112F9C&first_name=Joe&last_name=dir&payment_status=Completed¤cy=USD&client_id=123456&gross=99.00
In the .net world, the process of calc'ing the hash is:
string expectedHash = Request.Query.TryGetValue( "hash", out var val ) ? val : "";
string url = Request.GetDisplayUrl().Replace( $"&hash={expectedHash}", "" );
string ourHash = Utils.CalcMd5( EJunkieClientId + Utils.CalcMd5( EJunkieLoginPassword ) + url );
bool valid = string.Equals( expectedHash, ourHash, StringComparison.Ordinal );
Where the Utils.CalcMd5
method is an implementation of calc'ing the md5
hash.
HTH's