I'm trying to integrate a 3rd party shopping cart (and so far have done so with great success). As a final step, I'm trying to make the whole thing a bit more secure and am trying to integrate safety measures by adding a hash value to my products "add to cart" form elements.
What I'm trying to do is hash the value of one field with the name and value of another using hash_hmac(), but I don't know how to go about this in SilversStripe.
This is Foxycart's quick to understand example:
http://wiki.foxycart.com/v/0.7.1/advanced/hmac_validation#an_example
This is a simplified version of my current form:
public function getCMSFields() {
$fields = parent::getCMSFields();
$fields->addFieldToTab('Root.Content.ProductExtras', new TextField('Code','Code'));
$fields->addFieldToTab('Root.Content.ProductExtras', new TextField('Price','Price'));
return $fields;
}What I want to do is something like this:
public function getCMSFields() {
$fields = parent::getCMSFields();
$fields->addFieldToTab('Root.Content.ProductExtras', new TextField('Code','Code'));
$fields->addFieldToTab('Root.Content.ProductExtras', new TextField('Price','Price'));
$fields->addFieldToTab('Root.Content.ProductExtras', new HiddenField('CodeHash','SomeTitle','$value'));
$fields->addFieldToTab('Root.Content.ProductExtras', new HiddenField('PriceHash','SomeTitle','$value'));
return $fields;
}Where $value is calculated by:
$secretKey = "my_secret_key";
// Hash for "Code"
$catCodeValue = $value-of-Code-input."code".$value-of-Code-input;
hash_hmac('sha256', $catCodeValue, $secretKey);
// Hash for "Price"
$catPriceValue = $value-of-Code-input."price".$value-of-Price-input;
hash_hmac('sha256', $catPriceValue, $secretKey);In short, the value is a concatenation of "Code Value" "Element Name" and "Element Value"
Does anybody have any experience with Foxycart? Or can anyone give me a push as to how to go about this? Maybe the question isn't so much how do I do it this way, but how do I concatenate values and hash them in general?
Thanks!
Chris
