From b002c800405ef8b68a928c5562e0024d0a8a41d2 Mon Sep 17 00:00:00 2001
From: Juanjo Menent <jmenent@2byte.es>
Date: Mon, 5 Sep 2011 13:31:59 +0000
Subject: [PATCH] Add russian prod id

---
 htdocs/public/paypal/newpayment.php | 38 ++++++++---------------------
 1 file changed, 10 insertions(+), 28 deletions(-)

diff --git a/htdocs/public/paypal/newpayment.php b/htdocs/public/paypal/newpayment.php
index 065de28665d..c540cdd3030 100755
--- a/htdocs/public/paypal/newpayment.php
+++ b/htdocs/public/paypal/newpayment.php
@@ -87,7 +87,7 @@ $SOURCE=GETPOST("source",'alpha');
 $ref=$REF=GETPOST('ref','alpha');
 $TAG=GETPOST("tag",'alpha');
 $FULLTAG=GETPOST("fulltag",'alpha');		// fulltag is tag with more informations
-$SECUREKEY=GETPOST("securekey");	        // Secure key
+$SECUREKEY=GETPOST("securekey",'alpha');	// Secure key
 
 if (! empty($SOURCE))
 {
@@ -138,35 +138,10 @@ if (empty($PAYPAL_API_SIGNATURE))
     return -1;
 }
 
-// Check security token
-$valid=true;
-if (! empty($conf->global->PAYPAL_SECURITY_TOKEN))
-{
-    if (! empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE))
-    {
-	    if ($REF) $token = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . $REF);    // REF always defined if SOURCE is defined
-	    else $token = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN);
-    }
-    else
-    {
-        $token = $conf->global->PAYPAL_SECURITY_TOKEN;
-    }
-	if ($SECUREKEY != $token) $valid=false;
-
-	if (! $valid)
-	{
-    	print '<div class="error">Bad value for key.</div>';
-	    //print 'SECUREKEY='.$SECUREKEY.' token='.$token.' valid='.$valid;
-    	exit;
-	}
-}
-
-
 
 /*
  * Actions
  */
-
 if (GETPOST("action") == 'dopayment')
 {
 	$PAYPAL_API_PRICE=price2num(GETPOST("newamount"),'MT');
@@ -262,7 +237,6 @@ print '<input type="hidden" name="action" value="dopayment">'."\n";
 print '<input type="hidden" name="amount" value="'.GETPOST("amount",'int').'">'."\n";
 print '<input type="hidden" name="tag" value="'.GETPOST("tag",'alpha').'">'."\n";
 print '<input type="hidden" name="suffix" value="'.GETPOST("suffix",'alpha').'">'."\n";
-print '<input type="hidden" name="securekey" value="'.$SECUREKEY.'">'."\n";
 print "\n";
 print '<!-- Form to send a Paypal payment -->'."\n";
 print '<!-- PAYPAL_API_SANDBOX = '.$conf->global->PAYPAL_API_SANDBOX.' -->'."\n";
@@ -329,8 +303,16 @@ $found=false;
 $error=0;
 $var=false;
 
+// Check security token
+$valid=true;
+if (! empty($conf->global->PAYPAL_SECURITY_TOKEN) )
+{
+	$token = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . $SOURCE . $ref, 2);
+	if ($SECUREKEY != $token) $valid=false;
+}
+
 // Free payment
-if (! GETPOST("source") && $valid)
+if (! GETPOST("source"))
 {
 	$found=true;
 	$tag=GETPOST("tag");