private function authorize($signed_request)
{
$hash = sha256Encode($signed_request[1], $this->private_key);
$hash = base64Encode($hash);
if ($hash != $signed_request[0]) {
return false;
}
$context = json_decode(base64Decode($signed_request[1]));
$context = $context->context;
$this->token = $context->client->access_token;
$this->token_type = $context->client->token_type;
$this->project_id = $context->environment->current_project;
return true;
}
function encryptAndEncode($strIn, $strEncryptionType, $strEncryptionPassword)
{
if ($strEncryptionType == "XOR") {
//** XOR encryption with Base64 encoding **
return base64Encode(simpleXor($strIn, $strEncryptionPassword));
} else {
//** AES encryption, CBC blocking with PKCS5 padding then HEX encoding - DEFAULT **
//** use initialization vector (IV) set from $strEncryptionPassword
$strIV = $strEncryptionPassword;
//** add PKCS5 padding to the text to be encypted
$strIn = self::addPKCS5Padding($strIn);
//** perform encryption with PHP's MCRYPT module
$strCrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $strEncryptionPassword, $strIn, MCRYPT_MODE_CBC, $strIV);
//** perform hex encoding and return
return "@" . bin2hex($strCrypt);
}
}
function protxvspform_link($params)
{
$strTransactionType = "PAYMENT";
$strCustomerName = $params['clientdetails']['firstname'] . " " . $params['clientdetails']['lastname'];
$strBillingAddress = $params['clientdetails']['address1'];
$strBillingPostCode = $params['clientdetails']['postcode'];
$strContactNumber = $params['clientdetails']['phonenumber'];
$strEncryptionPassword = $params['xorencryptionpw'];
$strVendorTxCode = date("YmdHis") . $params['invoiceid'];
$strBasket = "1:" . $params['description'] . ":1:" . $params['amount'] . ":0:" . $params['amount'] . ":" . $params['amount'] . "";
$strPost = "VendorTxCode=" . $strVendorTxCode;
$strPost = $strPost . "&Amount=" . number_format($params['amount'], 2);
$strPost = $strPost . "&Currency=" . $params['currency'];
$strPost = $strPost . "&Description=" . $params['description'];
$strPost = $strPost . "&SuccessURL=" . $params['systemurl'] . "/modules/gateways/callback/protxvspform.php?invoiceid=" . $params['invoiceid'];
$strPost = $strPost . "&FailureURL=" . $params['systemurl'] . "/modules/gateways/callback/protxvspform.php?invoiceid=" . $params['invoiceid'];
$strPost = $strPost . "&CustomerName=" . $strCustomerName;
$strPost = $strPost . "&CustomerEMail=" . $strCustomerEMail;
$strPost = $strPost . "&VendorEMail=" . $params['vendoremail'];
$strPost = $strPost . "&BillingAddress=" . $strBillingAddress;
$strPost = $strPost . "&BillingPostCode=" . $strBillingPostCode;
$strPost = $strPost . "&DeliveryAddress=" . $strBillingAddress;
$strPost = $strPost . "&DeliveryPostCode=" . $strBillingPostCode;
$strPost = $strPost . "&ContactNumber=" . $strContactNumber;
$strPost = $strPost . "&AllowGiftAid=0";
if ($strTransactionType !== "AUTHENTICATE") {
$strPost = $strPost . "&ApplyAVSCV2=0";
}
$strPost = $strPost . "&Apply3DSecure=0";
$strCrypt = base64Encode(SimpleXor($strPost, $strEncryptionPassword));
$strPurchaseURL = "https://live.sagepay.com/gateway/service/vspform-register.vsp";
if ($params['testmode']) {
$strPurchaseURL = "https://test.sagepay.com/gateway/service/vspform-register.vsp";
}
$code = "<form action=\"" . $strPurchaseURL . "\" method=\"post\">\n<input type=\"hidden\" name=\"VPSProtocol\" value=\"2.22\">\n<input type=\"hidden\" name=\"TxType\" value=\"" . $strTransactionType . "\">\n<input type=\"hidden\" name=\"Vendor\" value=\"" . $params['vendorname'] . "\">\n<input type=\"hidden\" name=\"Crypt\" value=\"" . $strCrypt . "\">\n<input type=\"submit\" value=\"" . $params['langpaynow'] . "\">\n</form>";
return $code;
}
$rs = "false";
if (!file_exists($filenamekey) || !$pkey2) {
$rs = "false";
} else {
$rs = $pkey2;
}
echo "&key=" . $rs . "&";
} else {
if ($savekey && !$pkey1 && !$pkey2 && !$pkey3) {
$arrkey = explode("|", $savekey);
$fp = fopen($filenamekey, 'w');
fwrite($fp, '<?php ;$pkey1=base64_decode(\'' . base64_encode($arrkey[0]) . '\');$pkey2=base64_decode(\'' . base64_encode($arrkey[1]) . '\');$pkey3=base64_decode(base64_decode(\'' . base64_encode($arrkey[2]) . '\'));?>');
fclose($fp);
} else {
if (!$paramInfo) {
return;
}
initparam($paramInfo);
$text = get_curl($link);
if ($encRes == 1) {
$text = encrypt($text, $pkey1);
} else {
if ($encRes == 2) {
$text = base64Encode($text, $pkey3);
}
}
echo $text;
}
}
?>
function testBase64()
{
$hasErrors = false;
$allData = '';
for ($i = 0; $i < 64; $i += 4) {
$allData .= chr($i << 2 | $i + 1 >> 4) . chr($i + 1 << 4 | $i + 2 >> 2) . chr($i + 2 << 6 | $i + 3);
}
for ($size = 1; $size <= 48; $size++) {
$allDataBase64 = base64Encode(substr($allData, 0, $size));
printf("base64Encode(allData) = %s\n", $allDataBase64);
$allDataBase64DotSlash = base64EncodeDotSlash(substr($allData, 0, $size));
printf("base64EncodeDotSlash(allData) = %s\n", $allDataBase64DotSlash);
$allDataBase64DotSlashOrdered = base64EncodeDotSlashOrdered(substr($allData, 0, $size));
printf("base64EncodeDotSlashOrdered(allData) = %s\n\n", $allDataBase64DotSlashOrdered);
$testAllData = base64Decode($allDataBase64);
printf("base64Decode(allDataBase64) ret = %u: ", $testAllData === false ? 1 : 0);
$good = true;
for ($i = 0; $i < $size; $i++) {
if ($testAllData[$i] != $allData[$i]) {
$good = false;
}
}
if ($testAllData === false || !$good) {
$hasErrors = true;
}
printf("%s\n", $good ? "good" : "bad");
$testAllData = base64DecodeDotSlash($allDataBase64DotSlash);
printf("base64DecodeDotSlash(allDataBase64DotSlash) ret = %u: ", $testAllData === false ? 1 : 0);
$good = true;
for ($i = 0; $i < $size; $i++) {
if ($testAllData[$i] != $allData[$i]) {
$good = false;
}
}
if ($testAllData === false || !$good) {
$hasErrors = true;
}
printf("%s\n", $good ? "good" : "bad");
$testAllData = base64DecodeDotSlashOrdered($allDataBase64DotSlashOrdered);
printf("base64DecodeDotSlashOrdered(allDataBase64DotSlashOrdered) ret = %u: ", $testAllData === false ? 1 : 0);
$good = true;
for ($i = 0; $i < $size; $i++) {
if ($testAllData[$i] != $allData[$i]) {
$good = false;
}
}
if ($testAllData === false || !$good) {
$hasErrors = true;
}
printf("%s\n\n\n", $good ? "good" : "bad");
}
printf("Should error:\n");
$testAllData = base64Decode($allDataBase64DotSlash);
printf("base64Decode(allDataBase64DotSlash) ret = %u: %s\n", $testAllData === false ? 1 : 0, $testAllData === false ? "good" : "bad");
if ($testAllData !== false) {
$hasErrors = true;
}
$testAllData = base64DecodeDotSlash($allDataBase64);
printf("base64DecodeDotSlash(allDataBase64) ret = %u: %s\n", $testAllData === false ? 1 : 0, $testAllData === false ? "good" : "bad");
if ($testAllData !== false) {
$hasErrors = true;
}
$testAllData = base64DecodeDotSlashOrdered($allDataBase64);
printf("base64DecodeDotSlashOrdered(allDataBase64) ret = %u: %s\n", $testAllData === false ? 1 : 0, $testAllData === false ? "good" : "bad");
if ($testAllData !== false) {
$hasErrors = true;
}
if ($hasErrors) {
printf("*** FAILED ***\n");
} else {
printf("*** PASSED ***\n");
}
return $hasErrors;
}
