function protxvspform_link($params) { $strTransactionType = "PAYMENT"; $strCustomerName = $params['clientdetails']['firstname'] . " " . $params['clientdetails']['lastname']; $strBillingAddress = $params['clientdetails']['address1']; $strBillingPostCode = $params['clientdetails']['postcode']; $strContactNumber = $params['clientdetails']['phonenumber']; $strEncryptionPassword = $params['xorencryptionpw']; $strVendorTxCode = date("YmdHis") . $params['invoiceid']; $strBasket = "1:" . $params['description'] . ":1:" . $params['amount'] . ":0:" . $params['amount'] . ":" . $params['amount'] . ""; $strPost = "VendorTxCode=" . $strVendorTxCode; $strPost = $strPost . "&Amount=" . number_format($params['amount'], 2); $strPost = $strPost . "&Currency=" . $params['currency']; $strPost = $strPost . "&Description=" . $params['description']; $strPost = $strPost . "&SuccessURL=" . $params['systemurl'] . "/modules/gateways/callback/protxvspform.php?invoiceid=" . $params['invoiceid']; $strPost = $strPost . "&FailureURL=" . $params['systemurl'] . "/modules/gateways/callback/protxvspform.php?invoiceid=" . $params['invoiceid']; $strPost = $strPost . "&CustomerName=" . $strCustomerName; $strPost = $strPost . "&CustomerEMail=" . $strCustomerEMail; $strPost = $strPost . "&VendorEMail=" . $params['vendoremail']; $strPost = $strPost . "&BillingAddress=" . $strBillingAddress; $strPost = $strPost . "&BillingPostCode=" . $strBillingPostCode; $strPost = $strPost . "&DeliveryAddress=" . $strBillingAddress; $strPost = $strPost . "&DeliveryPostCode=" . $strBillingPostCode; $strPost = $strPost . "&ContactNumber=" . $strContactNumber; $strPost = $strPost . "&AllowGiftAid=0"; if ($strTransactionType !== "AUTHENTICATE") { $strPost = $strPost . "&ApplyAVSCV2=0"; } $strPost = $strPost . "&Apply3DSecure=0"; $strCrypt = base64Encode(SimpleXor($strPost, $strEncryptionPassword)); $strPurchaseURL = "https://live.sagepay.com/gateway/service/vspform-register.vsp"; if ($params['testmode']) { $strPurchaseURL = "https://test.sagepay.com/gateway/service/vspform-register.vsp"; } $code = "<form action=\"" . $strPurchaseURL . "\" method=\"post\">\n<input type=\"hidden\" name=\"VPSProtocol\" value=\"2.22\">\n<input type=\"hidden\" name=\"TxType\" value=\"" . $strTransactionType . "\">\n<input type=\"hidden\" name=\"Vendor\" value=\"" . $params['vendorname'] . "\">\n<input type=\"hidden\" name=\"Crypt\" value=\"" . $strCrypt . "\">\n<input type=\"submit\" value=\"" . $params['langpaynow'] . "\">\n</form>"; return $code; }
function nzshpcrt_sagepay_decryption() { global $wpdb; if (get_option('permalink_structure') != '') { $seperator = "?"; } else { $seperator = "&"; } $crypt = str_replace(" ", "+", $_GET['crypt']); $uncrypt = SimpleXor(base64_decode($crypt), get_option('protx_enc_key')); parse_str($uncrypt, $unencrypted_values); $success = ''; switch ($unencrypted_values['Status']) { case 'NOTAUTHED': case 'REJECTED': $success = 'Failed'; break; case 'MALFORMED': case 'INVALID': $success = 'Failed'; break; case 'ERROR': $success = 'Failed'; break; case 'ABORT': $success = 'Failed'; break; case 'AUTHENTICATED': // Only returned if TxType is AUTHENTICATE $success = 'Pending'; case 'REGISTERED': // Only returned if TxType is AUTHENTICATE $success = 'Failed'; break; case 'OK': $success = 'Completed'; break; default: break; } switch ($success) { case 'Completed': $wpdb->query("UPDATE `" . WPSC_TABLE_PURCHASE_LOGS . "` SET `processed` = '2', `transactid` = '" . $unencrypted_values['VPSTxId'] . "', `notes` = 'SagePay Status: " . $unencrypted_values['Status'] . "' WHERE `sessionid` = " . $unencrypted_values['VendorTxCode'] . " LIMIT 1"); break; case 'Failed': // if it fails... switch ($unencrypted_values['Status']) { case 'NOTAUTHED': case 'REJECTED': case 'MALFORMED': case 'INVALID': case 'ERROR': $wpdb->query("UPDATE `" . WPSC_TABLE_PURCHASE_LOGS . "` SET `processed` = '1', `notes` = 'SagePay Status: " . $unencrypted_values['Status'] . "' WHERE `sessionid` = " . $unencrypted_values['VendorTxCode'] . " LIMIT 1"); break; } break; case 'Pending': // need to wait for "Completed" before processing $sql = "UPDATE `" . WPSC_TABLE_PURCHASE_LOGS . "` SET `processed` = '1', `transactid` = '" . $unencrypted_values['VPSTxId'] . "', `date` = '" . time() . "', `notes` = 'SagePay Status: " . $unencrypted_values['Status'] . "' WHERE `sessionid` = " . $unencrypted_values['VendorTxCode'] . " LIMIT 1"; $wpdb->query($sql); break; } $transact_url = get_option('transact_url') . $seperator . "sessionid=" . $unencrypted_values['VendorTxCode']; header("Location: {$transact_url}"); exit; }