Results 1 to 3 of 3
  1. #1
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Authorize.net phasing out MD5 Hash Key option - Jan 2019

    You may have received a sudden email from Authorize.net today about phasing out their older MD5-hash keyphrase validation feature.

    Authorize.Net is phasing out the MD5 based transHash element in favor of the SHA-256 based transHashSHA2. The setting in the Merchant Interface which controls the MD5 Hash option will be removed by the end of January 2019, and the transHash element will stop returning values at a later date to be determined.
    Things to note:

    1. This MAINLY affects the Authorize.net SIM module (often seen as "authorizenet" in your Zen Cart admin, not "authorizenet_aim"). See more about the AIM module below.

    2. The "end of January 2019" refers ONLY to the ability to set/add/change an MD5 Hash keyphrase in your Authorize.net account admin panel. That option will disappear end of January.

    3. The module WILL (at least temporarily) continue to work fine if you ALREADY have an MD5 Hash phrase set. That's what they mean by "will stop returning values at a later date to be determined."

    So the good news is that (for now) there's no need to worry about having to "fix" something "today" (ie: January).

    We're investigating an update for the SIM module, and will post about it when it's ready later, in about a month.


    The AIM module.
    Currently, in your Zen Cart Admin payments panel if you have the AIM module enabled and in its settings you have an MD5 Hash value set, the module will check that against the MD5 value set in your Authorize.net account. But if you leave it blank, it will skip the check.
    So, if you're using AIM (not SIM), then when Authorize.net finally announces their "later date to be determined", you can just change this to a blank value in order for it to continue without problem. You can also do that today if you wish.



    ACTIONS:

    If you're using the SIM module, replace it with the attachment in the post below.

    If you're using the AIM module, you can blank-out the MD5 Hash setting in your ZC Admin.
    Last edited by DrByte; 26 Feb 2019 at 09:23 PM. Reason: Updated ACTIONS section to point to the new file below.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  2. #2
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Authorize.net phasing out MD5 Hash Key option - Jan 2019

    Attached is an updated SIM module which removes the MD5 key and expects the new SHA Signature Key, which is required from February 2019.

    After unzipping, use this file to replace your old /includes/modules/payment/authorizenet.php file.

    Once installed, you'll need to add your new Signature key per https://support.authorize.net/s/arti...-Signature-Key

    Requires PHP 5.4.0 or newer, and Zen Cart 1.5.0 or newer.

    ----
    (For AIM users, you can simply blank-out the MD5 Hash setting in your ZC Admin settings for your AIM module. No code changes required.)
    Attached Files Attached Files
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,401
    Plugin Contributions
    87

    Default Re: Authorize.net MD5 Hash Phased out

    Just a quick note to anyone (else) who's updating that payment-module on a store that's still using a version of PHP prior to 5.4.0:

    That authorizenet.php update uses a PHP function (hex2bin) that was introduced in PHP 5.4.0, so using the updated payment-module will result in a fatal PHP error due to that missing function for earlier PHP versions. Here's a teeny bit of code (I've put it into /includes/functions/extra_functions/hex2bin_for_authorizenet.php) to work around that integration issue while you investigate updating your site to a more recent version of PHP:
    Code:
    <?php
    // -----
    // A hex2bin function replacement for PHP versions prior to 5.4.0, as indicated by
    // this link: https://stackoverflow.com/questions/41392968/how-to-do-hex2bin-in-php5-3
    //
    if (!function_exists('hex2bin')) {
        function hex2bin($data)
        {
            return pack('H*', (string)$data);
        }
    }

 

 

Similar Threads

  1. v155 Authorize.net MD5 Hash Phased out
    By re_active in forum Built-in Shipping and Payment Modules
    Replies: 6
    Last Post: 26 Feb 2019, 09:26 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR