Implementing SHA-256

[christianh]

Hi, I an based in Finland I have an osCommerce online store using the 2.3 version and would like to use a payment module that redirects to Luottokunta bank payments but they say that the security method should use SHA-256 and not MD5. I have no idea what to do and which files to modify could you help me?

[Bob Terveuren]

Hi

 

You'll have something like this installed:

 

http://addons.oscommerce.com/info/3698

 

Assuming that works and the only problem is that the MD5 needs changing to SHA then you need to go to the

 

includes/modules/payment/luttokundo.php file - in the package above you'll find this:

  $tarkiste = MODULE_PAYMENT_LUOTTOKUNTA_USER_ID. $order_number . $price . '1' . MODULE_PAYMENT_LUOTTOKUNTA_SALAINEN_AVAIN;
	  $mac=strtoupper(md5($tarkiste));

change that final line to

$mac = hash('sha256', $tarkiste)

Edited August 22, 2014 by Bob Terveuren

[christianh]

Hi, and thank you Bob Terveuren for your answer I will try that.

 

Another question, is it a must to use SSL when it goes as follows that a registered member clicks a button that takes him/her to a new page which is a secured bank page where the whole payment process will take place?

The fact is I wouldn't like to pay for an SSL service if its useless to the transaction.

[♥toyicebear]

If you want to transmit cc info on your pages you will need SSL.

 

If you send the customer to a 3 party payment service to complete payment info then you don't necessarily need SSL, but even so you should still have it since you are collecting sensitive personal info during checkout.