Is this a bug or correct behaviour?
I'm trying to integrate an e-commerce web site with a UK payment service provider Protx (their VSP Form service) http://www.protx.co.uk/. It's the normal set up where you post the customer's purchase details to the PSP's site as a few form fields containing the merchant code, amount, description of the goods, etc. To prevent the casual user from tampering with the form data, the PSP requires that the vendor's site concatenates the relevant fields together into a delimited string, XORs it with the vendor's password and then Base64 encodes the result. That then is posted to the PSP's site as a form field called "Crypt". They've got some sample ASP code with a SimpleXor function plus a Base64 encoding and decoding function. I've written a ColdFusion module (VSPCrypt.cfm, below) to mimic their SimpleXor and was then just running the output through ToBase64(). If you compare the ASP and ColdFusion results, they appear to be the largely the same. However, when you've got a situation like this: strIn strPassword a 1 b 2 c c d 4 e 5 . ... the input XORed with the password results in 0 at character position 3. This value is then passed through Chr() and the result concatenated to the output string. Chr(0) evaluates to null which, in the ASP template, is concatenated into the string. However, the ColdFusion code (which is nigh-on identical) doesn't concatenate the null. If you then XOR the result, the ASP output and the ColdFusion output drift at the point where the XORed value was 0. Has anyone else hit this problem and found a decent workaround? Thing is, the VBScript seems to concatenate the nulls into the string. Is VBScript displaying the "correct" behaviour here? Someone suggested that a way round this is to store the result of XOR in an array. Then, I could write a ToBase64() function that takes an array as an argument (instead of the native function which takes a string) and encodes the string, but that's more work that I really have time to spend on this. VSPCrypt.cfm ======================== <cfparam name="Attributes.String" type="string" default=""> <cfparam name="Attributes.Password" type="string" default=""> <cfparam name="Attributes.Encode" type="boolean" default="false"> <cfparam name="Variables.Output" type="string" default=""> <cfscript> // Loop through the string and the password, XORing each character in the string with it's // corresponding value in the password, looping where necessary. i = 1; j = 1; while (i lte Len(Attributes.String)) { Output = Output & Chr(BitXOR(Asc(Mid(Attributes.String, i, 1)), Asc(Mid(Attributes.Password, j, 1)))); i = IncrementValue(i); if (j is Len(Attributes.Password)) { j = 0; } j = IncrementValue(j); } // Encode the output with ToBase64 if required. if (Attributes.Encode) { Output = ToBase64(Output); } // Make the encoded variable available to the calling template. Caller.Output = Output; </cfscript> -- Aidan Whitehall<[EMAIL PROTECTED]> Macromedia ColdFusion Developer Fairbanks Environmental +44 (0)1695 51775 ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
