public static function validateTransactionResult_POST($szMerchantID, $szPassword, $szPreSharedKey, $szHashMethod, $aPostVariables, &$trTransactionResult, &$szValidateErrorMessage)
{
$boErrorOccurred = false;
$szValidateErrorMessage = "";
$trTransactionResult = null;
// read the transaction result variables from the post variable list
if (!PaymentFormHelper::getTransactionResultFromPostVariables($aPostVariables, $trTransactionResult, $szHashDigest, $szOutputMessage)) {
$boErrorOccurred = true;
$szValidateErrorMessage = $szOutputMessage;
} else {
// now need to validate the hash digest
$szStringToHash = PaymentFormHelper::generateStringToHash2($szMerchantID, $szPassword, $trTransactionResult, $szPreSharedKey, $szHashMethod);
$szCalculatedHashDigest = PaymentFormHelper::calculateHashDigest($szStringToHash, $szPreSharedKey, $szHashMethod);
// does the calculated hash match the one that was passed?
if (strToUpper($szHashDigest) != strToUpper($szCalculatedHashDigest)) {
$boErrorOccurred = true;
$szValidateErrorMessage = "Hash digests don't match - possible variable tampering";
} else {
$boErrorOccurred = false;
}
}
return !$boErrorOccurred;
}
