PayTM Payment Gateway Integration in CodeIgniter
In this example, I am going to show you how to integrate PayTM Payment Gatway in the CodeIgniter framework PHP.
Here, we are using 5 files for Payment Gateway Integration file:
Controller: Checkout.php application\controllers\Checkout.php
Views: checkout.php application\views\checkout.php
Views: redirect.php application\views\redirect.php
Helpers: encdec_paytm_helper.php application\helpers\encdec_paytm_helper.php
Constants: config_paytm.php application\config\config_paytm.phpFor Payment Gateway Sign up on Business with PayTM
application\views\checkout.php
<form method="post" action="<?php echo base_url('pay'); ?>">
<table border="1">
<tbody>
<tr>
<th>S.No</th>
<th>Label</th>
<th>Value</th>
</tr>
<tr>
<td>1</td>
<td>
<label>ORDER_ID::*</label>
</td>
<td>
<input id="ORDER_ID" tabindex="1" maxlength="20" size="20" name="ORDER_ID" autocomplete="off" value="<?php echo " ORDS " . rand(10000,99999999)?>">
</td>
</tr>
<tr>
<td>2</td>
<td>
<label>CUSTID ::*</label>
</td>
<td>
<input id="CUST_ID" tabindex="2" maxlength="12" size="12" name="CUST_ID" autocomplete="off" value="CUST001">
</td>
</tr>
<tr>
<td>3</td>
<td>
<label>INDUSTRY_TYPE_ID ::*</label>
</td>
<td>
<input id="INDUSTRY_TYPE_ID" tabindex="4" maxlength="12" size="12" name="INDUSTRY_TYPE_ID" autocomplete="off" value="Retail">
</td>
</tr>
<tr>
<td>4</td>
<td>
<label>Channel ::*</label>
</td>
<td>
<input id="CHANNEL_ID" tabindex="4" maxlength="12" size="12" name="CHANNEL_ID" autocomplete="off" value="WEB">
</td>
</tr>
<tr>
<td>5</td>
<td>
<label>txnAmount*</label>
</td>
<td>
<input title="TXN_AMOUNT" tabindex="10" type="text" name="TXN_AMOUNT" value="1">
</td>
</tr>
<tr>
<td></td>
<td></td>
<td>
<input value="CheckOut" type="submit" onclick="">
</td>
</tr>
</tbody>
</table>* - Mandatory Fields
</form>application\views\redirect.php
<html>
<head>
<title>Merchant Check Out Page</title>
</head>
<body>
<center><h1>Please do not refresh this page...</h1></center>
<form method="post" action="<?php echo PAYTM_TXN_URL ?>" name="f1">
<table border="1">
<tbody>
<?php
foreach($paramList as $name => $value) {
echo '<input type="hidden" name="' . $name .'" value="' . $value . '">';
}
?>
<input type="hidden" name="CHECKSUMHASH" value="<?php echo $checkSum ?>">
</tbody>
</table>
<script type="text/javascript">
document.f1.submit();
</script>
</form>
</body>
</html>application\config\config_paytm.php
Use PAYTM_ENVIRONMENT as 'PROD' if you wanted to do transaction in production environment else 'TEST' for doing transaction in testing environment.
- Change the value of PAYTM_MERCHANT_KEY constant with details received from Paytm.
- Change the value of PAYTM_MERCHANT_MID constant with details received from Paytm.
- Change the value of PAYTM_MERCHANT_WEBSITE constant with details received from Paytm.
- Above details will be different for testing and production environment.
<?php
define('PAYTM_ENVIRONMENT', 'PROD'); // PROD
define('PAYTM_MERCHANT_KEY', ''); //Change this constant's value with Merchant key received from Paytm.
define('PAYTM_MERCHANT_MID', ''); //Change this constant's value with MID (Merchant ID) received from Paytm.
define('PAYTM_MERCHANT_WEBSITE', 'DEFAULT'); //Change this constant's value with Website name received from Paytm.
$PAYTM_STATUS_QUERY_NEW_URL='https://securegw-stage.paytm.in/merchant-status/getTxnStatus';
$PAYTM_TXN_URL='https://securegw-stage.paytm.in/theia/processTransaction';
if (PAYTM_ENVIRONMENT == 'PROD') {
$PAYTM_STATUS_QUERY_NEW_URL='https://securegw.paytm.in/merchant-status/getTxnStatus';
$PAYTM_TXN_URL='https://securegw.paytm.in/theia/processTransaction';
}
define('PAYTM_REFUND_URL', '');
define('PAYTM_STATUS_QUERY_URL', $PAYTM_STATUS_QUERY_NEW_URL);
define('PAYTM_STATUS_QUERY_NEW_URL', $PAYTM_STATUS_QUERY_NEW_URL);
define('PAYTM_TXN_URL', $PAYTM_TXN_URL);
?>application\controllers\Checkout.php
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class Checkout extends CI_Controller {
public function __construct() {
parent::__construct();
}
public function checkout() {
$this->load->view('checkout');
}
public function pay() {
$checkSum = "";
$paramList = array();
$ORDER_ID = $this->input->post("order_id");
$CUST_ID = $this->input->post("user_id");
$INDUSTRY_TYPE_ID = $this->input->post("industry_type_id");
$CHANNEL_ID = $this->input->post("channel_id");
$TXN_AMOUNT = $this->input->post("amount");
// Create an array having all required parameters for creating checksum.
$paramList["MID"] = PAYTM_MERCHANT_MID;
$paramList["ORDER_ID"] = $ORDER_ID;
$paramList["CUST_ID"] = $CUST_ID;
$paramList["INDUSTRY_TYPE_ID"] = $INDUSTRY_TYPE_ID;
$paramList["CHANNEL_ID"] = $CHANNEL_ID;
$paramList["TXN_AMOUNT"] = $TXN_AMOUNT;
$paramList["WEBSITE"] = PAYTM_MERCHANT_WEBSITE;
$paramList["CALLBACK_URL"] = base_url('response');
//Here checksum string will return by getChecksumFromArray() function.
$data['checkSum'] = getChecksumFromArray($paramList, PAYTM_MERCHANT_KEY);
$data['paramList'] = $paramList;
$this->load->view('redirect', $data);
}
public function response() {
$paytmChecksum = "";
$paramList = array();
$isValidChecksum = "FALSE";
$paramList = $_POST;
$paytmChecksum = isset($_POST["CHECKSUMHASH"]) ? $_POST["CHECKSUMHASH"] : ""; //Sent by Paytm pg
$isValidChecksum = verifychecksum_e($paramList, PAYTM_MERCHANT_KEY, $paytmChecksum); //will return TRUE or FALSE string.
if($isValidChecksum == "TRUE") {
if ($_POST["STATUS"] == "TXN_SUCCESS") {
echo "<b>Transaction status is success</b>" . "<br/>";
} else {
echo "<b>Transaction status is failure</b>" . "<br/>";
}
if (isset($_POST) && count($_POST)>0 ) {
foreach($_POST as $paramName => $paramValue) {
echo "<br/>" . $paramName . " = " . $paramValue;
}
}
} else {
echo "<b>Checksum mismatched.</b>";
}
}
}Verify all parameters received from Paytm pg to your application. Like MID received from paytm pg is same as your application’s MID, TXN_AMOUNT and ORDER_ID are same as what was sent by you to Paytm PG for initiating transaction etc.
application\helpers\encdec_paytm_helper.php
<?php
function encrypt_e($input, $ky) {
$key = html_entity_decode($ky);
$iv = "@@@@&&&&####$$$$";
$data = openssl_encrypt ( $input , "AES-128-CBC" , $key, 0, $iv );
return $data;
}
function decrypt_e($crypt, $ky) {
$key = html_entity_decode($ky);
$iv = "@@@@&&&&####$$$$";
$data = openssl_decrypt ( $crypt , "AES-128-CBC" , $key, 0, $iv );
return $data;
}
function generateSalt_e($length) {
$random = "";
srand((double) microtime() * 1000000);
$data = "AbcDE123IJKLMN67QRSTUVWXYZ";
$data .= "aBCdefghijklmn123opq45rs67tuv89wxyz";
$data .= "0FGH45OP89";
for ($i = 0; $i < $length; $i++) {
$random .= substr($data, (rand() % (strlen($data))), 1);
}
return $random;
}
function checkString_e($value) {
if ($value == 'null')
$value = '';
return $value;
}
function getChecksumFromArray($arrayList, $key, $sort=1) {
if ($sort != 0) {
ksort($arrayList);
}
$str = getArray2Str($arrayList);
$salt = generateSalt_e(4);
$finalString = $str . "|" . $salt;
$hash = hash("sha256", $finalString);
$hashString = $hash . $salt;
$checksum = encrypt_e($hashString, $key);
return $checksum;
}
function getChecksumFromString($str, $key) {
$salt = generateSalt_e(4);
$finalString = $str . "|" . $salt;
$hash = hash("sha256", $finalString);
$hashString = $hash . $salt;
$checksum = encrypt_e($hashString, $key);
return $checksum;
}
function verifychecksum_e($arrayList, $key, $checksumvalue) {
$arrayList = removeCheckSumParam($arrayList);
ksort($arrayList);
$str = getArray2StrForVerify($arrayList);
$paytm_hash = decrypt_e($checksumvalue, $key);
$salt = substr($paytm_hash, -4);
$finalString = $str . "|" . $salt;
$website_hash = hash("sha256", $finalString);
$website_hash .= $salt;
$validFlag = "FALSE";
if ($website_hash == $paytm_hash) {
$validFlag = "TRUE";
} else {
$validFlag = "FALSE";
}
return $validFlag;
}
function verifychecksum_eFromStr($str, $key, $checksumvalue) {
$paytm_hash = decrypt_e($checksumvalue, $key);
$salt = substr($paytm_hash, -4);
$finalString = $str . "|" . $salt;
$website_hash = hash("sha256", $finalString);
$website_hash .= $salt;
$validFlag = "FALSE";
if ($website_hash == $paytm_hash) {
$validFlag = "TRUE";
} else {
$validFlag = "FALSE";
}
return $validFlag;
}
function getArray2Str($arrayList) {
$findme = 'REFUND';
$findmepipe = '|';
$paramStr = "";
$flag = 1;
foreach ($arrayList as $key => $value) {
$pos = strpos($value, $findme);
$pospipe = strpos($value, $findmepipe);
if ($pos !== false || $pospipe !== false)
{
continue;
}
if ($flag) {
$paramStr .= checkString_e($value);
$flag = 0;
} else {
$paramStr .= "|" . checkString_e($value);
}
}
return $paramStr;
}
function getArray2StrForVerify($arrayList) {
$paramStr = "";
$flag = 1;
foreach ($arrayList as $key => $value) {
if ($flag) {
$paramStr .= checkString_e($value);
$flag = 0;
} else {
$paramStr .= "|" . checkString_e($value);
}
}
return $paramStr;
}
function redirect2PG($paramList, $key) {
$hashString = getchecksumFromArray($paramList);
$checksum = encrypt_e($hashString, $key);
}
function removeCheckSumParam($arrayList) {
if (isset($arrayList["CHECKSUMHASH"])) {
unset($arrayList["CHECKSUMHASH"]);
}
return $arrayList;
}
function getTxnStatus($requestParamList) {
return callAPI(PAYTM_STATUS_QUERY_URL, $requestParamList);
}
function getTxnStatusNew($requestParamList) {
return callNewAPI(PAYTM_STATUS_QUERY_NEW_URL, $requestParamList);
}
function initiateTxnRefund($requestParamList) {
$CHECKSUM = getRefundChecksumFromArray($requestParamList,PAYTM_MERCHANT_KEY,0);
$requestParamList["CHECKSUM"] = $CHECKSUM;
return callAPI(PAYTM_REFUND_URL, $requestParamList);
}
function callAPI($apiURL, $requestParamList) {
$jsonResponse = "";
$responseParamList = array();
$JsonData =json_encode($requestParamList);
$postData = 'JsonData='.urlencode($JsonData);
$ch = curl_init($apiURL);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: ' . strlen($postData))
);
$jsonResponse = curl_exec($ch);
$responseParamList = json_decode($jsonResponse,true);
return $responseParamList;
}
function callNewAPI($apiURL, $requestParamList) {
$jsonResponse = "";
$responseParamList = array();
$JsonData =json_encode($requestParamList);
$postData = 'JsonData='.urlencode($JsonData);
$ch = curl_init($apiURL);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: ' . strlen($postData))
);
$jsonResponse = curl_exec($ch);
$responseParamList = json_decode($jsonResponse,true);
return $responseParamList;
}
function getRefundChecksumFromArray($arrayList, $key, $sort=1) {
if ($sort != 0) {
ksort($arrayList);
}
$str = getRefundArray2Str($arrayList);
$salt = generateSalt_e(4);
$finalString = $str . "|" . $salt;
$hash = hash("sha256", $finalString);
$hashString = $hash . $salt;
$checksum = encrypt_e($hashString, $key);
return $checksum;
}
function getRefundArray2Str($arrayList) {
$findmepipe = '|';
$paramStr = "";
$flag = 1;
foreach ($arrayList as $key => $value) {
$pospipe = strpos($value, $findmepipe);
if ($pospipe !== false)
{
continue;
}
if ($flag) {
$paramStr .= checkString_e($value);
$flag = 0;
} else {
$paramStr .= "|" . checkString_e($value);
}
}
return $paramStr;
}
function callRefundAPI($refundApiURL, $requestParamList) {
$jsonResponse = "";
$responseParamList = array();
$JsonData =json_encode($requestParamList);
$postData = 'JsonData='.urlencode($JsonData);
$ch = curl_init($apiURL);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_URL, $refundApiURL);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$headers = array();
$headers[] = 'Content-Type: application/json';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$jsonResponse = curl_exec($ch);
$responseParamList = json_decode($jsonResponse,true);
return $responseParamList;
}
?>