I am trying to create a hash password in coldfusion for our secure payment gateway to accept a transaction.
Unfortunately the payment gateway is refusing to accept my ge
The code should have functioned the way it is, but in my opinion it's better to create the value to hash as one big string. Appending to strings is 'costly' because each time you add to a string a new string is created and the old one destroyed. If you're processing one transaction a minute you'd never notice a difference, but it is good practice either way. I would use.
<cfset sitesecurity = Hash("test_site1234GBP#OrderTotal##URL.ThisOrderID#PASSWORD", "SHA-256")>
Now you may have an issue getting a HASH in PHP to match a HASH in ColdFusion, but that's a separate issue.
Sample
<cfset OrderTotal = 10>
<cfset url.ThisOrderID = 50>
<cfset sitesecurity = Hash("test_site1234GBP#OrderTotal##URL.ThisOrderID#PASSWORD", "SHA-256")>
<cfdump var="#sitesecurity#" abort>
Returns
92A14E1D03833CB3FD6932A8E240861CDEC66E46723A544DFBC3C592D5EE7E66
I believe the link Miguel-F posted will fix your issue. Coldfusion's hash output is in all uppercase where most (all?) other outputs I've seen are in lowercase. Depending on how your gateway handles case sensitivity you should try passing a lowercase hash.
<cfset sitesecurity = lCase(hash("test_site1234GBP"&OrderTotal&URL.ThisOrderID&"PASSWORD", "SHA-256"))>