You need to login in order to make a new post. If you do not have a community account, you can get one here.

For god’s sake – MD5?!

May 11th, 2009, by: 3dom

Each page and help document on 2CO site has different description how to calculate MD5 hash to check orders “genuinity” – some even has more than 1 scheme. But none of them work.

I already used these combinations of POST variables and secret word for INS queries:

word + $_POST['vendor_id'] + $_POST['order_number'] + $_POST['total']

word + $_POST['vendor_id'] + $_POST['sale_id'] + $_POST['invoice_usd_amount']

word + $_POST['vendor_id'] + $_POST['sale_id'] + $_POST['invoice_list_amount']

$_POST['sale_id'] + $_POST['vendor_id'] + $_POST['invoice_id '] + word

For the Christ’s sake (or whomever you worship to) – which POST parameters to use?! Also could you please check all documents and remove combinations which aren’t working?

Posted in General

6 comments »

RSS feed

6 Comments »

# Comment by craig 2CO Staff
2009-05-11 18:04:29

Their are 2 different methods listed in our MD5 hash article because we offer the MD5 hash for both the initial passback to your approved url and on INS posts. From looking at the parameters you are using it looks like you are calculating the MD5 hash for INS posts. The MD5 hash that is sent with INS posts is a hash of sale_id + vendor_id + invoice_id + secret word in the md5_hash parameter.

 
# Comment by 3dom
2009-05-11 18:07:37

Seen that instruction. Doesn’t work with test orders sent within vendor panel: hashes differ.

 
# Comment by 3dom
2009-05-11 18:09:46

Just found orders being sent for/from imaginable vendor account – surely secret word is different for that “guy”. Nice.

 
 
 
# Comment by craig 2CO Staff
2009-05-11 18:20:34

The MD5 hash cannot be tested using INS test posts as the same test data is sent on every post. To test the MD5 hash you will need to place a live order under $5 and then cancel the order before it deposits.

 
 
 
 
 
# Comment by 3dmcc
2009-08-30 23:31:47

Can you provide 1007 (INS test vendor account) secret word?

So it will be very easy to check hash integrity without sensless transactions.

 
# Comment by craig 2CO Staff
2009-08-31 07:27:42

The information sent by the INS tester in your account is always the same and the MD5 hash is not actually computed based on the parameters that are returned. If you would like to accurately test your INS script please use the Instant Notification Simulator at developers.2checkout.com to simulate your accounts INS posts.

 
 
 
You need to login before leaving a comment If you do not have an account, you can register one here.

Recent Activity:

simba on Get Payments
ricks on Referring URL
ricks on SPP suggestion
ricks on changing hosting and domain name
sfox on Create a new account for online university fees
ricks on customize 2co form
ricks on Getting started with fresh new 2CO vendor account
richon on Can Default Currency Be EURO???
craig on 2co API – Cancel recurring billing
craig on RESTful API
craig on Cancel recurring sale via api/http
craig on Developer support
craig on Does 2checkout has an API?
craig on No sales record in my 2CO vendor account.
craig on How to configure my new 2CO account?

Welcome to 2Checkout!

2Checkout is a full-service e-commerce solution recognized by Inc. Magazine as one of the fastest growing companies in the United States. 2CO’s proprietary technology supports back-office functions including financial reporting, tracking, fraud prevention, affiliate tracking, customer service and sales tracking. Click here to learn more.

Now a faster, easier way to get paid – the 2CO reloadable MasterCard®.

Spotlight Supplier

Spotlight Supplier

Feng Shui Products


Popular Tags