From c9206332609c7282167b8455ad9843db950b2736 Mon Sep 17 00:00:00 2001
From: Grzegorz Szczepaniak <52274854+SzczepaniakG@users.noreply.github.com>
Date: Wed, 19 May 2021 09:52:11 +0200
Subject: [PATCH] calculation revisionin md5sum and sign (#21)

md5sum and card methods sign calculation update
---
 tpayLibs/src/_class_tpay/CardApi.php          | 28 ++++++++++++++-----
 .../PaymentOptions/BasicPaymentOptions.php    |  9 +++++-
 .../src/_class_tpay/Refunds/CardRefunds.php   |  2 +-
 3 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/tpayLibs/src/_class_tpay/CardApi.php b/tpayLibs/src/_class_tpay/CardApi.php
index 9905820..7b3432b 100644
--- a/tpayLibs/src/_class_tpay/CardApi.php
+++ b/tpayLibs/src/_class_tpay/CardApi.php
@@ -48,7 +48,7 @@ public function registerSaleMethod(
         if ($this->enablePowUrl) {
             $params['enable_pow_url'] = 1;
         }
-        $params[CardDictionary::SIGN] = hash($this->cardHashAlg, implode('', $params) . $this->cardVerificationCode);
+        $params[CardDictionary::SIGN] = hash($this->cardHashAlg, implode('&', $params) .'&'. $this->cardVerificationCode);
         $params[CardDictionary::APIPASS] = $this->cardApiPass;
         $params = array_merge($params, $this->checkReturnUrls());
         if (!is_null($this->moduleName)) {
@@ -96,9 +96,17 @@ public function presaleMethod($saleDescription) {
         if (!empty($this->orderID)) {
             $params[CardDictionary::ORDERID] = $this->orderID;
         }
-        $params[CardDictionary::SIGN] = hash($this->cardHashAlg, CardDictionary::PRESALE . $this->clientAuthCode .
-            $saleDescription . $this->amount . $this->currency . $this->orderID . $this->lang .
-            $this->cardVerificationCode);
+        $hashParams = [
+            CardDictionary::PRESALE,
+            $this->clientAuthCode,
+            $saleDescription,
+            $this->amount,
+            $this->currency,
+            $this->orderID,
+            $this->lang,
+            $this->cardVerificationCode,
+            ];
+        $params[CardDictionary::SIGN] = hash($this->cardHashAlg, implode('&', $hashParams));
         $params[CardDictionary::APIPASS] = $this->cardApiPass;
         Util::log('Pre sale params with hash ',
             print_r($params, true) . 'req url ' . $this->cardsApiURL . $this->cardApiKey);
@@ -125,8 +133,14 @@ public function saleMethod($saleAuthCode) {
             CardDictionary::CLIAUTH  => $this->clientAuthCode,
             CardDictionary::SALEAUTH => $saleAuthCode,
         );
-        $params[CardDictionary::SIGN] = hash($this->cardHashAlg, CardDictionary::SALE .
-            $this->clientAuthCode . $saleAuthCode . $this->cardVerificationCode);
+        $hashParams = [
+            CardDictionary::SALE,
+            $this->clientAuthCode,
+            $saleAuthCode,
+            $this->cardVerificationCode,
+        ];
+
+        $params[CardDictionary::SIGN] = hash($this->cardHashAlg, implode('&', $hashParams));
         $params[CardDictionary::APIPASS] = $this->cardApiPass;
         Util::log('Sale request params', print_r($params, true));
 
@@ -145,7 +159,7 @@ public function deregisterClient()
         $params[CardDictionary::METHOD] = CardDictionary::DEREGISTER;
         $params[CardDictionary::CLIAUTH] = $this->clientAuthCode;
         $params[CardDictionary::LANGUAGE] = $this->lang;
-        $params[CardDictionary::SIGN] = hash($this->cardHashAlg, implode('', $params) . $this->cardVerificationCode);
+        $params[CardDictionary::SIGN] = hash($this->cardHashAlg, implode('&', $params) .'&'. $this->cardVerificationCode);
         $params[CardDictionary::APIPASS] = $this->cardApiPass;
 
         return $this->requests($this->cardsApiURL . $this->cardApiKey, $params);
diff --git a/tpayLibs/src/_class_tpay/PaymentOptions/BasicPaymentOptions.php b/tpayLibs/src/_class_tpay/PaymentOptions/BasicPaymentOptions.php
index 88d06cb..cf10317 100644
--- a/tpayLibs/src/_class_tpay/PaymentOptions/BasicPaymentOptions.php
+++ b/tpayLibs/src/_class_tpay/PaymentOptions/BasicPaymentOptions.php
@@ -57,7 +57,14 @@ public function prepareConfig($config, $isApi = false)
         $ready = $isApi ? $this->validateConfig(new PaymentTypeBasicApi(), $config) :
             $this->validateConfig(new PaymentTypeBasic(), $config);
         $crc = isset($ready['crc']) ? $ready['crc'] : '';
-        $ready['md5sum'] = md5($this->merchantId . $ready['amount'] . $crc . $this->merchantSecret);
+
+        $md5Params = [
+            $this->merchantId,
+            $ready['amount'],
+            $crc,
+            $this->merchantSecret,
+        ];
+        $ready['md5sum'] = md5(implode('&', $md5Params));
         $ready['id'] = $this->merchantId;
 
         return $ready;
diff --git a/tpayLibs/src/_class_tpay/Refunds/CardRefunds.php b/tpayLibs/src/_class_tpay/Refunds/CardRefunds.php
index ea58c65..d65ccaa 100644
--- a/tpayLibs/src/_class_tpay/Refunds/CardRefunds.php
+++ b/tpayLibs/src/_class_tpay/Refunds/CardRefunds.php
@@ -46,7 +46,7 @@ public function refund($saleAuthCode, $refundDesc)
         }
         $params[CardDictionary::CURRENCY] = $this->currency;
         $params[CardDictionary::LANGUAGE] = $this->lang;
-        $params[CardDictionary::SIGN] = hash($this->cardHashAlg, implode('', $params) . $this->cardVerificationCode);
+        $params[CardDictionary::SIGN] = hash($this->cardHashAlg, implode('&', $params) .'&'. $this->cardVerificationCode);
         $params[CardDictionary::APIPASS] = $this->cardApiPass;
         Util::log('Card refund', print_r($params, true));
         $result = $this->requests($this->cardsApiURL . $this->cardApiKey, $params);