As per the documentation found at -
Step 2: Create security signature[
^] your code is incorrect. You have cleared '$passphrase' as an empty string, documentation gave it a value.
Your 'generateSignature' function also differ from theirs. Use the link above to re-code your function and HTML as per their requirements (this includes the order of the returned data array) and your error will disappear -
1. Concatenation of the name value pairs of all the non-blank variables with '&' used as a separator
Quote:
Variable order: The pairs must be listed in the order in which they appear in the attributes description. eg. name_first=John&name_last=Doe&email_address=…
* Do not use the API signature format, which uses alphabetical ordering!
2. Add your passphrase (Important part right here, an empty string will not do)
The passphrase is an extra security feature, used as a ‘salt’, and is set by the Merchant in the Settings section of their Payfast Dashboard.
Add the passphrase to the end of the below string.
E.g. name_first=John&name_last=Doe&email_address=…&passphrase=... The resultant URL encoding must be in upper case (eg. http%3A%2F%2F), and spaces encoded as ‘+’.
3. MD5 the parameter string and pass it as a hidden input named “signature”.
Security Signature holder -
<input type="hidden" name="signature" value="f103e22c0418655fb03991538c51bfd5">
Signature function generation -
function generateSignature($data, $passPhrase = null) {
$pfOutput = '';
foreach( $data as $key => $val ) {
if($val !== '') {
$pfOutput .= $key .'='. urlencode( trim( $val ) ) .'&';
}
}
$getString = substr( $pfOutput, 0, -1 );
if( $passPhrase !== null ) {
$getString .= '&passphrase='. urlencode( trim( $passPhrase ) );
}
return md5( $getString );
}
Full form implementation -
/ Construct variables
$cartTotal = 10.00;
$passphrase = 'jt7NOE43FZPn';
$data = array(
'merchant_id' => '10000100',
'merchant_key' => '46f0cd694581a',
'return_url' => 'http://www.yourdomain.co.za/return.php',
'cancel_url' => 'http://www.yourdomain.co.za/cancel.php',
'notify_url' => 'http://www.yourdomain.co.za/notify.php',
'name_first' => 'First Name',
'name_last' => 'Last Name',
'email_address'=> 'test@test.com',
'm_payment_id' => '1234',
'amount' => number_format( sprintf( '%.2f', $cartTotal ), 2, '.', '' ),
'item_name' => 'Order#123'
);
$signature = generateSignature($data, $passphrase);
$data['signature'] = $signature;
$testingMode = true;
$pfHost = $testingMode ? 'sandbox.payfast.co.za' : 'www.payfast.co.za';
$htmlForm = '<form action="https://'.$pfHost.'/eng/process" method="post">';
foreach($data as $name=> $value)
{
$htmlForm .= '<input name="'.$name.'" type="hidden" value=\''.$value.'\' />';
}
$htmlForm .= '<input type="submit" value="Pay Now" /></form>';
echo $htmlForm;