I'm also interested in the update to this, I've already asked cs cart help desk for a solution and I'm waiting for an update as we only have untill November 23th to update it.
Okay, you're right. They are doing their own hashing rather than just relying on HTTPS.
So the question is what is the method the provider expects to use? The fix is very simple once you know what they want/expect and I'm guessing there is a different URL to use based on which hash method you are using (unless they try both on their end). I.e. you will probably have to change this line too:
If they expect you to be using sha256, then find instances of sha1($string) and change them to hash('sha256', $string) and you should be good to go. But it would be better to review their entire specification rather than just trying to change something on the fly and expect it to work properly.
Excerpt from PHP sha1() man page:
Note that the sha1 algorithm has been compromised and is no longer being used by government agencies.
As of PHP 5.1.2 a new set of hashing functions are available.
The new function hash() supports a new range of hashing methods.
echo hash('sha256', 'The quick brown fox jumped over the lazy dog.');
It is recommended that developers start to future proof their applications by using the stronger sha-2, hashing methods such as sha256, sha384, sha512 or better.
As of PHP 5.1.2 hash_algos() returns an array of system specific or registered hashing algorithms methods that are available to PHP.
Okay, you're right. They are doing their own hashing rather than just relying on HTTPS.
So the question is what is the method the provider expects to use? The fix is very simple once you know what they want/expect and I'm guessing there is a different URL to use based on which hash method you are using (unless they try both on their end). I.e. you will probably have to change this line too:
If they expect you to be using sha256, then find instances of sha1($string) and change them to hash('sha256', $string) and you should be good to go. But it would be better to review their entire specification rather than just trying to change something on the fly and expect it to work properly.
Excerpt from PHP sha1() man page:
Yes, looks like that they want SHA256. No manual in English so far.
I also posted a message in cs-cart's communication system. As all of you, I am very interested in a reliable solution to this issue.
My message got this reply this morning:
Thank you for your message.
We really appreciate your help in this matter. I have forwarded this information to our developers. I would like to draw your attention to the fact that they are working on this issue and we will contact you as soon as we get any results from them.
I'll post in this thread any relevant information from them. If we all collaborate hopefully we'll have a path to update the servired payment method in time to deploy and avoid any business interruption.
Just as a follow up, I had this answer from Cs-Cart team today:
We are glad to inform you that our engineers are already working on this issue and the solution is on the testing stage. Most probably, the fix will be ready within the next week.
It will let us very few time to move on to test on real stores, but hopefully the script will be OK...
Cs cart support team tells me that 2.2 version files are compatible and "OpenSSL does not affect the Servired payment method. So there is no need to check version of OpenSSL on the server."
Has anybody tried version 2.2 - 3.0? Does it work? I made everything as per instructions but seems like it does not work properly or something is wrong. After you press the button "Confirm the order" it sais "Proceeding with the payment, please wait" and it never takes you to the following page of Servired. The php version 5.3.3. in this case.
Has anybody tried version 2.2 - 3.0? Does it work? I made everything as per instructions but seems like it does not work properly or something is wrong. After you press the button "Confirm the order" it sais "Proceeding with the payment, please wait" and it never takes you to the following page of Servired. The php version 5.3.3. in this case.
What could be the problem?
Thanks
The problem requires examination on your server. Please contact us via Customer Help Desk and provide temporary access to your server by clicking on the Add record link on the Access information page of your Help Desk account so that we could examine the issue.