Guest Posted March 5, 2008 Share Posted March 5, 2008 Our host has PHP 5 installed, and apparently it doesn't come with mhash, php is replacing with just 'hash'. They say the function will be the same. Is it safe to change the mhash function in authorize/transfer.inc.php from mhash to hash? Thanks! Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 9, 2008 Share Posted March 9, 2008 I'm not seeing it as being a straight substitute. I took a look over at CubeCartForums.org and nothing relevant came up with mhash or anyone building newer versions of the gateways. 1) string mhash ( int $hash , string $data [, string $key ] ) 2) string hash ( string $algo , string $data [, bool $raw_output ] ) 3) string hash_hmac ( string $algo , string $data , string $key [, bool $raw_output ] ) There are minor differences between mhash() and hash_hmac(). So, maybe (not having tried it myself): Line 125: return (bin2hex (mhash(MHASH_MD5, $data, $key))); to: return (hash_hmac("md5", $data, $key)); 'outputs lower-case hex as default I hope the CC powers-that-be decide to offer up a free upgrade for the gateways (and other code) that uses the obsoleted MHASH extension. Quote Link to comment Share on other sites More sharing options...
Guest Posted March 11, 2008 Share Posted March 11, 2008 Resolved! See below for code change Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 11, 2008 Share Posted March 11, 2008 Maybe I'm not looking at the right file, but how is what's above different than what's already there (lines 139-152)? Quote Link to comment Share on other sites More sharing options...
Guest Posted March 12, 2008 Share Posted March 12, 2008 It's not.... I put in the wrong code. Here's the correct one: Find the following: // compute HMAC-MD5 // Uses PHP mhash extension. Pl sure to enable the extension function hmac ($key, $data) { return (bin2hex (mhash(MHASH_MD5, $data, $key))); } and replace it with the following: // compute HMAC-MD5 function hmac($passwd, $data) { $algo = "md5"; /* md5 and sha1 only */ $algo=strtolower($algo); $p=array('md5'=>'H32','sha1'=>'H40'); if(strlen($passwd)>64) $passwd=pack($p[$algo],$algo($passwd)); if(strlen($passwd)<64) $passwd=str_pad($passwd,64,chr(0)); $ipad=substr($passwd,0,64) ^ str_repeat(chr(0x36),64); $opad=substr($passwd,0,64) ^ str_repeat(chr(0x5C),64); return($algo($opad.pack($p[$algo],$algo($ipad.$data)))); } Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 12, 2008 Share Posted March 12, 2008 Wow. Would you be so kind as to mention where this function came from? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.