Index: /controller/wpsg_BasketController.class.php
===================================================================
--- /controller/wpsg_BasketController.class.php	(revision 7663)
+++ /controller/wpsg_BasketController.class.php	(revision 7664)
@@ -8,9 +8,7 @@
 		private static $_outputCache = [];
 		
-		public function content_filter(&$content)
-		{
-			
-			if (wpsg_get_the_id() ==  $this->shop->getPagePID(wpsg_ShopController::PAGE_BASKET))
-			{
+		public function content_filter(&$content) {
+			
+			if (wpsg_get_the_id() ==  $this->shop->getPagePID(wpsg_ShopController::PAGE_BASKET)) {
 				
 				parent::dispatch();
@@ -361,13 +359,16 @@
 			if (!wpsg_checkInput($_REQUEST['order_id'], WPSG_SANITIZE_INT)) throw \wpsg\Exception::getSanitizeException();
 			else {
-			
+						
 				// Hash verifizierne
 				$order_id = intval($_REQUEST['order_id']);
 				
 				if ($order_id <= 0) throw \wpsg\Exception::getInvalidValueException();
-				
-				// Hash vergleichen
-				if (password_verify($this->shop->get_option("wpsg_salt").$order_id, $_REQUEST['wpsg_done'])) {
-					
+			
+				$oOrder = wpsg_order::getInstance($order_id);
+				
+				$hash = md5($oOrder->__get('secret').$order_id.$oOrder->__get('secret'));
+				
+				if (hash_equals($hash, rawurldecode($_REQUEST['wpsg_done']))) {					
+					 
 					$this->shop->basket->initFromDB($order_id);
 					$this->shop->view['basket'] = $this->shop->basket->toArray();
@@ -378,5 +379,5 @@
 					$content = $this->shop->render(WPSG_PATH_VIEW.'/warenkorb/done.phtml', false);	
 					
-				} else throw \wpsg\Exception::getInvalidValueException();
+				} else $this->addFrontendError(__('Der Link ist ausgelaufen oder ungÃŒltig.', 'wpsg'));
 				
 			}
Index: /controller/wpsg_ShopController.class.php
===================================================================
--- /controller/wpsg_ShopController.class.php	(revision 7663)
+++ /controller/wpsg_ShopController.class.php	(revision 7664)
@@ -143,4 +143,6 @@
 				self::STATUS_GEKUENDIGTEABOS => __('gekÃŒndigte Abos', 'wpsg'),
 			);
+			
+			$GLOBALS['wpsg_sc'] = $this;
 
 		} // public function __construct()
@@ -436,5 +438,5 @@
 
 			$this->checkDefault('wpsg_afterinsert', '1');
-			$this->checkDefault('wpsg_salt', mkd5($_SERVER['REQUEST_URI'].rand(1, 1000)));
+			$this->checkDefault('wpsg_salt', md5($_SERVER['REQUEST_URI'].rand(1, 1000)));
 
 			// Betreffs der E-Mails vordefinieren
@@ -2656,12 +2658,16 @@
 
 			$basket_url = $this->getURL(wpsg_ShopController::URL_BASKET);
-
+			
+			$rand = wpsg_genCode(128);
+			$this->db->UpdateQuery(WPSG_TBL_ORDER, ['secret' => wpsg_q($rand)], " `id` = '".wpsg_q($order_id)."' ");
+			$code = md5($rand.$order_id.$rand);
+			
 			if (strpos($basket_url, '?') === false) {
 
-				return $basket_url.'?order_id='.$order_id.'&wpsg_done='.password_hash($this->get_option("wpsg_salt").$order_id, PASSWORD_DEFAULT);
+				return $basket_url.'?order_id='.$order_id.'&wpsg_done='.rawurlencode($code);
 
 			} else {
 
-				return $basket_url.'&order_id='.$order_id.'&wpsg_done='.password_hash($this->get_option("wpsg_salt").$order_id, PASSWORD_DEFAULT);
+				return $basket_url.'&order_id='.$order_id.'&wpsg_done='.rawurlencode($code);
 
 			}
Index: /controller/wpsg_SystemController.class.php
===================================================================
--- /controller/wpsg_SystemController.class.php	(revision 7663)
+++ /controller/wpsg_SystemController.class.php	(revision 7664)
@@ -30,11 +30,9 @@
 		 * Contstructor
 		 */
-		public function __construct()
-		{
+		public function __construct() {
 			
 			$this->db = &$GLOBALS['wpsg_db'];
 			
-			if (get_class($this) != 'wpsg_ShopController')
-			{
+			if (get_class($this) != 'wpsg_ShopController') {
 
 				$this->shop = &$GLOBALS['wpsg_sc'];
Index: /lib/functions.inc.php
===================================================================
--- /lib/functions.inc.php	(revision 7663)
+++ /lib/functions.inc.php	(revision 7664)
@@ -1106,5 +1106,23 @@
 
     }
-
+	
+	/**
+	 * Generiert eine zufÃ€llige Zeichenkette der LÃ€nge $laenge
+	 */
+	function wpsg_genCode($laenge, $chars = false) {
+		
+		if ($laenge <= 0) $size = 10;
+		
+		if ($chars === false) $chars = "23456789ABCDEFGHJKLMNPQRSTUVWXYZ";
+		
+		$arCode = array();
+		for ($i = 1; $i <= $laenge; $i++) { $arCode[] = $chars[rand(0, (strlen($chars) - 1))]; }
+		
+		$strCode = implode('', @$arCode);
+		
+		return $strCode;
+		
+	} // public function genCode($laenge)
+    
 	/**
 	 * Escape Funktion fÃŒr die Datenbank
Index: /lib/install.php
===================================================================
--- /lib/install.php	(revision 7663)
+++ /lib/install.php	(revision 7664)
@@ -190,4 +190,5 @@
    		calculation INT(1) COMMENT '1 wenn die Bestellung mit der neuen Calculation Klasse berechnet wurde',
    		tax_mode INT(1) COMMENT 'Art der Besteuerung Kleinunternehmer/1, Endkunden/2, Firmenkunden/3',
+   		secret VARCHAR(255) COMMENT 'Zufallszahl',
    		KEY adress_id (adress_id),
    		KEY shipping_adress_id (shipping_adress_id),
Index: /wpshopgermany.php
===================================================================
--- /wpshopgermany.php	(revision 7663)
+++ /wpshopgermany.php	(revision 7664)
@@ -175,6 +175,5 @@
 
 	/** @var wpsg_ShopController */
-	$shop = new wpsg_ShopController();
-	$GLOBALS['wpsg_sc'] = &$shop;
+	$shop = new wpsg_ShopController();	
 	
 	// Nicht behandelte Exceptions werden hier verarbeitet