Sha256

Mark · December 15, 2021, 2:46pm

On a site I look after, the payment gateway is being updated.
I need to go from MD5HASH to SHA256
Can anybody help with this?
It is for Realex Globalpayments

joyously · December 15, 2021, 3:53pm

I don’t know much about hashing, but it must be doable. Here’s the cryptography reference page: PHP: Cryptography Extensions - Manual
When I searched for SHA256 it didn’t find a match, but the sodium library has something similar. That’s about all I can contribute.

Simone · December 15, 2021, 3:59pm

If I’ve understood you are using something like
$x = md5( $y, $binary );, where $binary is a boolean and if not set defaults to false.
Then you can use
$x = hash( 'sha256', $y, $binary );

Mark · December 15, 2021, 4:09pm

thank you for the replies.
The form has this

form id=“realex_form” action=“https://epage.payandshop.com/epage.cgi” method=“POST”>
input name=“MERCHANT_ID” type=“hidden” value=“xxxxxx” /
input name=“ORDER_ID” type=“hidden” value=“” />
input name=“CURRENCY” type=“hidden” value=“EUR” />
input name=“AMOUNT” type=“hidden” value=“” />
input name=“TIMESTAMP” type=“hidden” value=“” />
input name=“MD5HASH” type=“hidden” value=“” />
input name=“AUTO_SETTLE_FLAG” type=“hidden” value=“1” /> /form>

in js file I have
success:function(resp)
{
jQuery(‘input[name=ORDER_ID]’).val(resp.order_id);
jQuery(‘input[name=AMOUNT]’).val(resp.amount);
jQuery(‘input[name=TIMESTAMP]’).val(resp.timestamp);
jQuery(‘input[name=MD5HASH]’).val(resp.md5hash);
jQuery(“#realex_form”).submit();
}
}
Can’t find any other occurance of md5hash
closest is this
function getUrlVars()
{
var vars = [], hash;
var hashes = window.location.href.slice(window.location.href.indexOf(‘?’) + 1).split(‘&’);
for(var i = 0; i < hashes.length; i++)
{
hash = hashes[i].split(‘=’);
vars.push(hash[0]);
vars[hash[0]] = hash[1];
}
return vars;
}

Simone · December 15, 2021, 4:28pm

Seems that the md5 is returned from the payment gateway, that confirms a payment with a timestamp, an order ID and a hash.
Don’t know where this data is then processed.
Maybe adding console.log(resp) to success:function(resp) can give you some hints.

Mark · December 15, 2021, 4:31pm

found missing part
$realex_details = array();
$total = $_POST[‘value’];
$orderid = $_POST[‘order_id’];

$merchantid = 'xxxxxxx';
$secret = "xxxxxxxx";
$curr = "EUR";
$total*=100;
$timestamp = strftime("%Y%m%d%H%M%S");
mt_srand((double)microtime()*1000000);
//$orderid = $timestamp."-".mt_rand(1, 999);
$tmp = "$timestamp.$merchantid.$orderid.$total.$curr";
$md5hash = md5($tmp);
$tmp = "$md5hash.$secret";
$md5hash = md5($tmp);

$realex_details['order_id'] = $orderid;
$realex_details['amount'] = $total;
$realex_details['timestamp'] = $timestamp;
$realex_details['md5hash'] = $md5hash;

print_r (json_encode($realex_details));

Generate a SHA256HASH and substitute it in here. Change md5hash to md5hash here and in form
that sounds too easy.

Unfortunately I still do not know how to do it.