Skip to main content

LCN code sample

Last updated: 14-Feb-2024
Rate this article:

Overview

Use the following example of PHP code for creating a script that reads and validates incoming License Change Notifications.

Example

<?php
/* License Change Notification */

/*
 * possible values: sha256, sha3-256
 * sha3-256 only for php version > 7.1
 */
$usedHashAlgorithm = 'sha256';

/* pass to compute HASH. Retrieve your secret key by accessing https://secure.2checkout.com/cpanel/webhooks_api.php */
$secretKey = "AABBCCDDEEFF";

function serializeArray($myarray)
{
    $retvalue = "";

    if (isset($myarray) && is_array($myarray) && count($myarray) > 0) {
        foreach ($myarray as $key => $val) {
            /* skip signature hashes from computed hash */
            if (in_array($key , ['HASH', 'SIGNATURE_SHA2_256', 'SIGNATURE_SHA3_256'])) {
                continue;
            }

            if (is_array($val)) {
                $retvalue .= serializeArray($val);
            } else {
                $retvalue .= strlen($val) . $val;
            }
        }
    }

    return $retvalue;
}

$signature_sha2   = isset($_POST["SIGNATURE_SHA2_256"]) ? $_POST["SIGNATURE_SHA2_256"] : '';    /* sha256 HASH received */
$signature_sha3   = isset($_POST["SIGNATURE_SHA3_256"]) ? $_POST["SIGNATURE_SHA3_256"] : '';    /* sha3-256 HASH received */

$stringForHash = serializeArray($_POST);
$computedHash = hash_hmac($usedHashAlgorithm, $stringForHash, $secretKey);

$validHash = false;
switch ($usedHashAlgorithm) {
    case "sha256":
        if ($computedHash == $signature_sha2) {
            $validHash = true;
        }
        break;
    case "sha3-256":
        if ($computedHash == $signature_sha3) {
            $validHash = true;
        }
        break;
}

if ($validHash === false) {
    /* hash verification failed */
    http_response_code(400);
    mail("your_address@example.com", "BAD LCN Signature", print_r($_POST, TRUE),"");
    return;
}

// hash is valid. We proceed with success response
$responseDate = date("YmdGis");
$arrayForResponseHash = [
    $_POST["LICENSE_CODE"],
    $_POST["EXPIRATION_DATE"],
    $responseDate
];
$stringForResponseHash = serializeArray($arrayForResponseHash);

$responseString = '';
switch ($usedHashAlgorithm) {
    case "sha256":
        $responseHash = hash_hmac('sha256', $stringForResponseHash, $secretKey);
        $responseString = '<sig algo="sha256" date="' . $responseDate . '">' . $responseHash . '</sig>';
        break;
    case "sha3-256":
        $responseHash = hash_hmac('sha3-256', $stringForResponseHash, $secretKey);
        $responseString = '<sig algo="sha3-256" date="' . $responseDate . '">' . $responseHash . '</sig>';
        break;
}

http_response_code(200);
echo $responseString;
Rate this article:

Need help?

Do you have a question? If you didn’t find the answer you are looking for in our documentation, you can contact our Support teams for more information. If you have a technical issue or question, please contact us. We are happy to help.

Not yet a Verifone customer?

We’ll help you choose the right payment solution for your business, wherever you want to sell, in-person or online. Our team of experts will happily discuss your needs.

Verifone logo