OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	05/19/2025 10:07:15 AM	rwxr-xr-x
📄 Account.php	1.62 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 Addon.php	556 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 Api.php	1.65 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 ArrayableInterface.php	177 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 Card.php	386 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 Collection.php	308 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 Customer.php	1.47 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 Dispute.php	701 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 Document.php	305 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 Entity.php	5.92 KB	05/19/2025 10:07:15 AM	rw-r--r--
📁 Errors	-	05/19/2025 10:07:15 AM	rwxr-xr-x
📄 FundAccount.php	522 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 Iin.php	316 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 Invoice.php	2.32 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 Item.php	654 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 Order.php	1.4 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 Payment.php	5.16 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 PaymentLink.php	1.74 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 PaymentPage.php	582 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 Plan.php	341 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 Product.php	911 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 QrCode.php	1.47 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 Refund.php	752 bytes	05/19/2025 10:07:15 AM	rw-r--r--
📄 Request.php	6.02 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 Resource.php	1.13 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 Settlement.php	2.04 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 Stakeholder.php	1.4 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 Subscription.php	2.19 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 Token.php	1.47 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 Transfer.php	1.41 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 Utility.php	2.63 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 VirtualAccount.php	1.33 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 Webhook.php	1.74 KB	05/19/2025 10:07:15 AM	rw-r--r--

Name

Size

Modified

Perms

📁 ..

05/19/2025 10:07:15 AM

rwxr-xr-x

📄 Account.php

1.62 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 Addon.php

556 bytes

05/19/2025 10:07:15 AM

rw-r--r--

📄 Api.php

1.65 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 ArrayableInterface.php

177 bytes

05/19/2025 10:07:15 AM

rw-r--r--

📄 Card.php

386 bytes

05/19/2025 10:07:15 AM

rw-r--r--

📄 Collection.php

308 bytes

05/19/2025 10:07:15 AM

rw-r--r--

📄 Customer.php

1.47 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 Dispute.php

701 bytes

05/19/2025 10:07:15 AM

rw-r--r--

📄 Document.php

305 bytes

05/19/2025 10:07:15 AM

rw-r--r--

📄 Entity.php

5.92 KB

05/19/2025 10:07:15 AM

rw-r--r--

📁 Errors

05/19/2025 10:07:15 AM

rwxr-xr-x

📄 FundAccount.php

522 bytes

05/19/2025 10:07:15 AM

rw-r--r--

📄 Iin.php

316 bytes

05/19/2025 10:07:15 AM

rw-r--r--

📄 Invoice.php

2.32 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 Item.php

654 bytes

05/19/2025 10:07:15 AM

rw-r--r--

📄 Order.php

1.4 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 Payment.php

5.16 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 PaymentLink.php

1.74 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 PaymentPage.php

582 bytes

05/19/2025 10:07:15 AM

rw-r--r--

📄 Plan.php

341 bytes

05/19/2025 10:07:15 AM

rw-r--r--

📄 Product.php

911 bytes

05/19/2025 10:07:15 AM

rw-r--r--

📄 QrCode.php

1.47 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 Refund.php

752 bytes

05/19/2025 10:07:15 AM

rw-r--r--

📄 Request.php

6.02 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 Resource.php

1.13 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 Settlement.php

2.04 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 Stakeholder.php

1.4 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 Subscription.php

2.19 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 Token.php

1.47 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 Transfer.php

1.41 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 Utility.php

2.63 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 VirtualAccount.php

1.33 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 Webhook.php

1.74 KB

05/19/2025 10:07:15 AM

rw-r--r--

Editing: Utility.php

<?php

namespace Razorpay\Api;

class Utility
{
    const SHA256 = 'sha256';

public function verifyPaymentSignature($attributes)
    {
        $actualSignature = $attributes['razorpay_signature'];

$paymentId = $attributes['razorpay_payment_id'];

if (isset($attributes['razorpay_order_id']) === true)
        {
            $orderId = $attributes['razorpay_order_id'];

$payload = $orderId . '|' . $paymentId;
        }
        else if (isset($attributes['razorpay_subscription_id']) === true)
        {
            $subscriptionId = $attributes['razorpay_subscription_id'];

$payload = $paymentId . '|' . $subscriptionId;
        }
        else if (isset($attributes['razorpay_payment_link_id']) === true)
        {
            $paymentLinkId     = $attributes['razorpay_payment_link_id'];

$paymentLinkRefId  = $attributes['razorpay_payment_link_reference_id'];

$paymentLinkStatus = $attributes['razorpay_payment_link_status'];

$payload = $paymentLinkId . '|'. $paymentLinkRefId . '|' . $paymentLinkStatus . '|' . $paymentId;
        }
        else
        {
            throw new Errors\SignatureVerificationError(
                'Either razorpay_order_id or razorpay_subscription_id or razorpay_payment_link_id must be present.');
        }

$secret = Api::getSecret();

self::verifySignature($payload, $actualSignature, $secret);
    }

public function verifyWebhookSignature($payload, $actualSignature, $secret)
    {
        self::verifySignature($payload, $actualSignature, $secret);
    }

public function verifySignature($payload, $actualSignature, $secret)
    {
        $expectedSignature = hash_hmac(self::SHA256, $payload, $secret);

// Use lang's built-in hash_equals if exists to mitigate timing attacks
        if (function_exists('hash_equals'))
        {
            $verified = hash_equals($expectedSignature, $actualSignature);
        }
        else
        {
            $verified = $this->hashEquals($expectedSignature, $actualSignature);
        }

if ($verified === false)
        {
            throw new Errors\SignatureVerificationError(
                'Invalid signature passed');
        }
    }

private function hashEquals($expectedSignature, $actualSignature)
    {
        if (strlen($expectedSignature) === strlen($actualSignature))
        {
            $res = $expectedSignature ^ $actualSignature;
            $return = 0;

for ($i = strlen($res) - 1; $i >= 0; $i--)
            {
                $return |= ord($res[$i]);
            }

return ($return === 0);
        }

return false;
    }
}