Announcement

Collapse
No announcement yet.

MD5 Hash End of Life (Authorize.net) - Problem with transactions for Paid Subscribers

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    [Forum] MD5 Hash End of Life (Authorize.net) - Problem with transactions for Paid Subscribers

    On Jun 27th, Authorize.net phased out the MD5 based hash use for transaction response verification in favor of the SHA-512 based hash utilizing a Signature Key. As a result, my customers are getting "hashtag failed" messages even though I left that field blank. The transactions are still going through, however, many members are paying twice and sometimes three times thinking it didn't go through.

    Is there a fix for this?

    If I didn't need it, I would dump it, but many users can't/don't use Paypal.

    Here is link on details:
    https://support.authorize.net/s/arti...ey-Replacement

    Thanks so much in advance!
    Paula
    Tags: None
  • #2
    vBulletin 4.2.X is no longer in development and was marked end of life with the release of 4.2.5. A third-party developer may be able to make these changes for you.

    This has been updated in vBulletin 5.5.2.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API - Full / Mobile
    Vote for your favorite feature requests and the bugs you want to see fixed.

    Comment

    • #3
      Hi Wayne, I understand that it's no longer in development. I was hoping that someone might still have a fix? Can you send me to the thread for VB5 that pertains to this so I can see if I can hire someone to make the fix?

      Thanks!

      Edited: Just saw the link

      What does this mean specifically?

      The code must be updated to SHA256 hashing
      Is this something I can do somehow?
      Paula

      Comment

      • #4
        Don't know of a topic in the forums. The issue was reported via Support Ticket. I linked to the bug report above. https://tracker.vbulletin.com/vbulle...sues/VBV-19100
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API - Full / Mobile
        Vote for your favorite feature requests and the bugs you want to see fixed.

        Comment

        • #5
          Hi Wayne!

          I'm still paying fees for the service for Authorize.net but can't use. It appears they removed the "Hash"? They directed me to this page. Can anyone assist?
          https://developer.authorize.net/support/hash_upgrade/

          This means it would affect version 5 as well, I believe....?
          Last edited by gsk8; Wed 14th Aug '19, 11:05am.
          Paula

          Comment

          • #6
            vBulletin 5.5.2 and later support the new SHA256 hash required by Authorize.net.

            https://tracker.vbulletin.com/vbulle...sues/VBV-19100

            As vBulletin 4.X is end of life, there are no plans to update that software. Converting to vBulletin 5.5.2 or higher is the upgrade path.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API - Full / Mobile
            Vote for your favorite feature requests and the bugs you want to see fixed.

            Comment

            • #7
              Understood. Is there any quick-fix I can use until I'm ready to upgrade to VB5 that you can suggest? My board is at least 17 years old and huge. I need time to make sure I can find developers for current mods before the upgrade. I really don't want to close my Authorize.net accout.
              Paula

              Comment

              • #8
                The authorization mechanism with Authorize.net changed along with the format of the hash. A few key changes are:
                1. vBulletin 5 is more reliant on an API and object oriented coding. Due to this the code structure is completely different. For instance, the front-end is more reliant on CSS and Javascript (~9 megabytes of code) than it is on PHP code (~1 megabyte of code).
                2. Changes were made to legacy code to work with this API framework. With each version of vBulletin 5, we refactor code and eliminate more of this legacy code.
                3. vBulletin 5 treats variables differently and more securely.
                4. vBulletin 5 handles database queries differently.
                5. In vBulletin 4.X, we generate the hash needed within our code. In vBulletin 5.5.2+, we use the hash_hmac function within PHP. This function didn't exist with older versions of PHP used with 3.X and 4.x.
                6. We added options to the Payment Provider to handle the Authorize.net userid, api key, and signature.
                I don't see a simple change in the code to make this work with older versions of the software.
                Translations provided by Google.

                Wayne Luke
                The Rabid Badger - a vBulletin Cloud demonstration site.
                vBulletin 5 API - Full / Mobile
                Vote for your favorite feature requests and the bugs you want to see fixed.

                Comment

                • #9
                  What I find interesting is that the transaction still goes through. The only problem is that folks are getting a "hash failed" error at the end. I wish I could fix this but can't.
                  Paula

                  Comment

                  Previous template Next

                  Related Topics

                  Collapse
                  Working...
                  X

                  We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                  By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also consent to the transfer of your data to our servers in the United States, where data protection laws may be different from those in your country.

                  I Agree