PayPal IPN username/password hashing, how does it work?

自作多情 提交于 2020-01-25 10:44:05

问题


I'm trying to make use of the PayPal Subscription with IPN to provide monthly billing for my customers. The IPN works fine but I am not sure how the password hashing works.

username (optional) Username generated by PayPal and given to subscriber to access the subscription. 64 password (optional) Password generated by PayPal and given to subscriber to access the subscription (password will be encrypted).

My understanding was that I need to 'hash' the real password and then compare it with the saved 'hashed' password I received via IPN. but there is no mention on what that 'hash' really is. From some forum I gather it is a 'linux crypt' and 'Apache password'. So I have tried to find c# implementation and online generators to hash the password but I never get the IPN hashed password as a result.

  • A) This is what I get via IPN: password=nw4eVBBG2F0hk
  • B) This is what I see when I look at the Seller record: Password uq6oa0zmZSORU
  • C) This what the customer see in their record: Password probe^blob

I need a way to get from C to A and it would be nice to know why is B different then A.


回答1:


This is going to sound pretty weird, but this seems to be how it is working and I'm not exactly sure how this works out from your end if you're trying to pre-hash.

Paypal uses a des crypt on the password with the final password's first 2 char as salt. So for example, if you do:

<?php echo crypt("probe^blob", "nw"); ?>

You will get the salted password. I have no idea how they are doing that on their end, and it's sort of inefficient to check that after the fact with a large user base.

Source: http://www.sitepoint.com/forums/showthread.php?52952-PayPal-IPN-Password-Hashing



来源:https://stackoverflow.com/questions/17780276/paypal-ipn-username-password-hashing-how-does-it-work

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!