PayUMoney: PHP payment gateway integration

Posted on May 7, 2017 by Suresh Kamrushi in PHP

Today i have integrated PayUMoney to my website, thought of sharing. Here i am sharing how a developer can integrate PayUMoney payment getway to the website.

View More:Payumoney integration using Codeigniter

Step 1: Login to PayUMoney.com as an merchant and get activated your account. Be ready with your PAN card and Bank account details for registration. After completion you will get merchant key and salt which we need while integration.

Step 2: Create a file with “securepayment.php” and post your date on this page. So that we can bind the information and send it to PayUMoney payment gateway page.
Notes: I have created constants for configuration values (first 3 lines), you can create a different file and include it, so that all constants are available and accessible on this page.This page collect your cart information and pass to payment getway. You need to submit (using post method) your cart on this page and pass values “email”, “mobile”, “firstname”, “lastname” and “totalcost”. This page will collect information and create a hash string and pass it with other information to PayUMoney page.

<?php  
define('MERCHANT_KEY', 'gtKFFx');
define('SALT', 'eCwWELxi');
define('PAYU_BASE_URL', 'https://test.payu.in');    //Testing url
//define('PAYU_BASE_URL', 'https://secure.payu.in');  //actual URL
define('SUCCESS_URL', 'order-success.php');  //have complete url
define('FAIL_URL', 'order-fail.php');    //add complete url 
$txnid = substr(hash('sha256', mt_rand() . microtime()), 0, 20);
$email = $_POST['email'];
$mobile = $_POST['mobile'];
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$totalCost = $_POST['totalCost'];
$hash         = '';
//Below is the required format need to hash it and send it across payumoney page. UDF means User Define Fields.
//$hashSequence = "key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5|udf6|udf7|udf8|udf9|udf10";
$hash_string = MERCHANT_KEY."|".$txnid."|".$totalCost."|"."productinfo|".$firstName."|".$email."|||||||||||".SALT;
$hash = strtolower(hash('sha512', $hash_string));
$action = PAYU_BASE_URL . '/_payment'; 

?>
<form action="<?php echo $action; ?>" method="post" name="payuForm" id="payuForm" style="display: none">
    <input type="hidden" name="key" value="<?php echo MERCHANT_KEY ?>" />
    <input type="hidden" name="hash" value="<?php echo $hash ?>"/>
    <input type="hidden" name="txnid" value="<?php echo $txnid ?>" />
    <input name="amount" type="number" value="<?php echo $totalCost; ?>" />
    <input type="text" name="firstname" id="firstname" value="<?php echo $firstName; ?>" />
    <input type="email" name="email" id="email" value="<?php echo $email; ?>" />
    <input type="text" name="phone" value="<?php echo $mobile; ?>" />
    <textarea name="productinfo"><?php echo "productinfo"; ?></textarea>
    <input type="text" name="surl" value="<?php echo SUCCESS_URL; ?>" />
    <input type="text" name="furl" value="<?php echo  FAIL_URL?>"/>
    <input type="text" name="service_provider" value="payu_paisa"/>
    <input type="text" name="lastname" id="lastname" value="<?php echo $lastName ?>" />
</form>
<script type="text/javascript">
    var payuForm = document.forms.payuForm;
    payuForm.submit();
</script>

Step 3: Create a “order-fail.php” file and add below code:
If transaction fails somehow, it will return to this page with “status”,”txnid” and “hash”. Here I am not storing failed transactions in any of my tables, but it is recommendation to insert information into the table for future reference. This transaction is also being track in PayUMoney account.

<?php
$status=$_POST["status"];
$firstname=$_POST["firstname"];
$amount=$_POST["amount"];
$txnid=$_POST["txnid"];
$posted_hash=$_POST["hash"];
$key=$_POST["key"];
$productinfo=$_POST["productinfo"];
$email=$_POST["email"];
$salt="fGxoywOg8S";
If (isset($_POST["additionalCharges"])) {
    $additionalCharges=$_POST["additionalCharges"];
    $retHashSeq = $additionalCharges.'|'.$salt.'|'.$status.'|||||||||||'.$email.'|'.$firstname.'|'.$productinfo.'|'.$amount.'|'.$txnid.'|'.$key;        
 } else {      
    $retHashSeq = $salt.'|'.$status.'|||||||||||'.$email.'|'.$firstname.'|'.$productinfo.'|'.$amount.'|'.$txnid.'|'.$key;
}
$hash = hash("sha512", $retHashSeq);  
if ($hash != $posted_hash) {
    echo "Invalid Transaction. Please try again";
} else {
    echo "<h3>Your order status is ". $status .".</h3>";
    echo "<h4>Your transaction id for this transaction is ".$txnid.". You may try making the payment by clicking the link below.</h4>";
} 
?>
<!--Please enter your website homepagge URL -->
<p><a href=http://sforsuresh.in/> Try Again</a></p>

Step 4: Create a success page as “order-success.php” and add below code:
Once user pay the money, he will redirected to this page with other information. Here we are verifying the posted “hash” value with return “hash” value. if it is same transaction is success else error in processing.
It is good to store the transaction details like “txnid” and “hash” in table after transaction is successful.

<?php
$status = $_POST["status"];
$firstname = $_POST["firstname"];
$amount = $_POST["amount"];
$txnid = $_POST["txnid"];
$posted_hash = $_POST["hash"];
$key = $_POST["key"];
$productinfo = $_POST["productinfo"];
$email = $_POST["email"];
$salt = "GQs7yium";

If (isset($_POST["additionalCharges"])) {
    $additionalCharges = $_POST["additionalCharges"];
    $retHashSeq = $additionalCharges . '|' . $salt . '|' . $status . '|||||||||||' . $email . '|' . $firstname . '|' . $productinfo . '|' . $amount . '|' . $txnid . '|' . $key;
} else {

    $retHashSeq = $salt . '|' . $status . '|||||||||||' . $email . '|' . $firstname . '|' . $productinfo . '|' . $amount . '|' . $txnid . '|' . $key;
}
$hash = hash("sha512", $retHashSeq);

if ($hash != $posted_hash) {
    echo "Invalid Transaction. Please try again";
} else {

    echo "<h3>Thank You. Your order status is " . $status . ".</h3>";
    echo "<h4>Your Transaction ID for this transaction is " . $txnid . ".</h4>";
    echo "<h4>We have received a payment of Rs. " . $amount . ". Your order will soon be shipped.</h4>";
}
?> 

That’s all!!!

A detail explanation of the mandatory fields that you need to send along with your request, please double check before you make a request that all fields are map correctly or not:

  1. key:  This is Merchant Key, you can get this once you register with PayUMoney.
  2. txnid: An alphanumeric Transaction ID, uniquely identify each transaction, it should be retain every time we make a retquest.
  3. amount: Total amount (it should be float value) that need to process.
  4. productinfo : Description of the Product .
  5. firstname: First Name of the user who is paying money.
  6. email: Email Id of the user.
  7. phone : Contact number of the user it can be a mobile or landline number.
  8. surl : Success page URL where PayUMoney will redirect after successful payment. In our case it is “order-success.php”.
  9. furl : Failure URL where PayUMoney will redirect after failed payment. In our example it is “order-fail.php”
  10. hash: This is an encrypted value generated to protect against data tampering during transaction. PayUmoney uses SHA-512 hash function which belong to SHA-2 Familty of Cryptographic functions. hash = sha512(key|txnid|amount|productinfo|firstname|email|u df1|udf2|udf3|udf4|udf5||||||salt) (SALT will be provided by PayUMoney)
  11. service_provider : It must always be ‘payu_paisa’.

For More reff you can refer to offical documentation of PayUMoney.

  Comments or questions are welcome  
Tagged as , ,