Search code examples
phprazorpay

Unable to verify razorpay signature in hosted checkout PHP

i have add razorpay test version and payment flow works, but when i try to verify signature i get following error

Notice: Undefined index: razorpay_order_id in C:\Users\Amin\Documents\NetBeansProjects\OLX\payment\verify.php on line 24 Your payment failed

Razorpay Error : Invalid signature passed

i followed code structure form here https://github.com/razorpay/razorpay-php-testapp and am trying to achieve https://razorpay.com/docs/payment-gateway/web-integration/hosted/#step-2---paste-hosted-checkout-options.

can someone point what wrong am going. here is verify.php

require('config.php');

session_start();

require('razorpay-php/Razorpay.php');

use Razorpay\Api\Api;
use Razorpay\Api\Errors\SignatureVerificationError;

$success = true;

$error = "Payment Failed";

if (empty($_POST['razorpay_payment_id']) === false) {
    $api = new Api($keyId, $keySecret);

    try {
        // Please note that the razorpay order ID must
        // come from a trusted source (session here, but
        // could be database or something else)
        $attributes = array(
            'razorpay_order_id' => $_SESSION['razorpay_order_id'],
            'razorpay_payment_id' => $_POST['razorpay_payment_id'],
            'razorpay_signature' => $_POST['razorpay_signature']
        );

        $api->utility->verifyPaymentSignature($attributes);
    } catch (SignatureVerificationError $e) {
        $success = false;
        $error = 'Razorpay Error : ' . $e->getMessage();
    }
}

if ($success === true) {
    $html = "<p>Your payment was successful</p>
             <p>Payment ID: {$_POST['razorpay_payment_id']}</p>";
} else {
    $html = "<p>Your payment failed</p>
             <p>{$error}</p>";
}

echo $html;

here if form post details

<form method="POST" action="https://api.razorpay.com/v1/checkout/embedded">
    <input type="hidden" name="key_id" value="<?= $data['key']?>">
    <input type="hidden" name="order_id" value="<?= $data['order_id']?>">
    <input type="hidden" name="name" value="<?= $data['name']?>">
    <input type="hidden" name="description" value="<?= $data['description']?>">
    <input type="hidden" name="image" value="<?= $data['image']?>">
    <input type="hidden" name="prefill[name]" value="<?= $data['prefill']['name']?>">
    <input type="hidden" name="prefill[contact]" value="<?= $data['prefill']['contact']?>">
    <input type="hidden" name="prefill[email]" value="<?= $data['prefill']['email']?>">
    <input type="hidden" name="notes[shipping address]" value="L-16, The Business Centre, 61 Wellfield Road, New Delhi - 110001">
    <input type="hidden" name="callback_url" value="http://localhost:8000/payment/verify.php">
    <input type="hidden" name="cancel_url" value="https://example.com/payment-cancel">
    <button>Submit</button>
</form>

pay.php

require('config.php');
require('razorpay-php/Razorpay.php');
session_start();

// Create the Razorpay Order

use Razorpay\Api\Api;

$api = new Api($keyId, $keySecret);

//
// We create an razorpay order using orders api
// Docs: https://docs.razorpay.com/docs/orders
//
$orderData = [
    'receipt'         => 4563,
    'amount'          => 2000 * 100, // 2000 rupees in paise
    'currency'        => 'INR',
    'payment_capture' => 1 // auto capture
];

$razorpayOrder = $api->order->create($orderData);

$razorpayOrderId = $razorpayOrder['id'];

$_SESSION['razorpay_order_id'] = $razorpayOrderId;

$displayAmount = $amount = $orderData['amount'];

if ($displayCurrency !== 'INR'){
    $url = "https://api.fixer.io/latest?symbols=$displayCurrency&base=INR";
    $exchange = json_decode(file_get_contents($url), true);

    $displayAmount = $exchange['rates'][$displayCurrency] * $amount / 100;
}

$checkout = 'automatic';

if (isset($_GET['checkout']) and in_array($_GET['checkout'], ['automatic', 'manual'], true))
{
    $checkout = $_GET['checkout'];
}

$data = [
    "key"               => $keyId,
    "amount"            => $amount,
    "name"              => "Sanoj Lawrence",
    "description"       => "safebrowser.tk",
    "image"             => "https://demo-cdn.sirv.com/chair.jpg",
    "prefill"           => [
    "name"              => "",
    "email"             => "[email protected]",
    "contact"           => "6381211774",
    ],
    "notes"             => [
    "address"           => "Hello World",
    "merchant_order_id" => "12312321",
    ],
    "theme"             => [
    "color"             => "#red"
    ],
    "order_id"          => $razorpayOrderId,
];

if ($displayCurrency !== 'INR'){
    $data['display_currency']  = $displayCurrency;
    $data['display_amount']    = $displayAmount;
}

$json = json_encode($data);

require("checkout/{$checkout}.php");

enter image description here

Solution

  • I do not think the session exists in this flow. Or point out where was it stored in session.

    Otherwise, use the same you would use for getting data out of a callback URL.

    Have you tried

            $attributes = array(
            'razorpay_order_id' => $_POST['razorpay_order_id'],
            'razorpay_payment_id' => $_POST['razorpay_payment_id'],
            'razorpay_signature' => $_POST['razorpay_signature']
        );