/// <summary> /// Determines if the API operation was successful /// </summary> /// <param name="message">The XML response string.</param> /// <param name="paymentMethod">The payment method.</param> /// <returns>The call status</returns> private bool ValidateApiCall(string message, PaymentMethod paymentMethod) { string md5Secret = paymentMethod.DynamicProperty <string>().Md5secret; string md5ResponseString = ""; string md5Check = ""; var responseElement = XDocument.Parse(message).Element("response"); if (responseElement == null) { return(false); } // Concat all elements for MD5 check to // validate the returned response. // Make sure to exclude to sent MD5 value. md5ResponseString = responseElement.Descendants() .Where(x => x.Name.ToString() != "md5check") .Select(x => x.Value) .Aggregate((a, b) => a + b); md5Check = responseElement.Element("md5check").Value; string status = responseElement.Element("qpstat").Value; string md5CheckResponse = QuickpayMd5Computer.GetMd5KeyFromResponseValueString(md5ResponseString, md5Secret); return(status.Equals("000") && !String.IsNullOrEmpty(md5Check) && !String.IsNullOrEmpty(md5CheckResponse) && md5Check.Equals(md5CheckResponse)); }
private bool ValidateCallback(PaymentMethod paymentMethod) { string md5Secret = paymentMethod.DynamicProperty <string>().Md5secret; string[] requestFieldNames = { "msgtype", "ordernumber", "amount", "currency", "time", "state", "qpstat", "qpstatmsg", "chstat", "chstatmsg", "merchant", "merchantemail", "transaction", "cardtype", "cardnumber", "cardexpire", "splitpayment", "fraudprobability", "fraudremarks", "fraudreport", "fee" }; var sb = new StringBuilder(); foreach (string field in requestFieldNames) { sb.Append(HttpContext.Current.Request[field]); } string md5Response = QuickpayMd5Computer.GetMd5KeyFromResponseValueString(sb.ToString(), md5Secret); string md5Check = HttpContext.Current.Request["md5check"]; string quickPayStatus = HttpContext.Current.Request["qpstat"]; return(quickPayStatus.Equals("000") && md5Response.Equals(md5Check)); }