function eme_sagepay_form($event, $payment, $price, $lang, $multi_booking = 0) { global $post; $charge = eme_payment_provider_extra_charge($price, 'fdgg'); $price += $charge; $events_page_link = eme_get_events_page(true, false); $payment_id = $payment['id']; if ($multi_booking) { $success_link = get_permalink($post->ID); $fail_link = $success_link; $name = __("Multiple booking request", "eme"); } else { $success_link = eme_payment_return_url($event, $payment, 1); $fail_link = eme_payment_return_url($event, $payment, 2); $name = eme_sanitize_html(sprintf(__("Booking for '%s'", "eme"), $event['event_name'])); } // sagepay doesn't use a notification url, but sends the status along as part of the return url // so we add the notification info to it too, so we can process payed info as usual $success_link = add_query_arg(array('eme_eventAction' => 'sagepay_notification'), $success_link); $fail_link = add_query_arg(array('eme_eventAction' => 'sagepay_notification'), $fail_link); $vendor_name = get_option('eme_sagepay_vendor_name'); // the live or sandbox url $sagepay_demo = get_option('eme_sagepay_demo'); if ($sagepay_demo == 1) { $sagepay_pwd = get_option('eme_sagepay_test_pwd'); $url = SAGEPAY_SANDBOX_URL; } else { $sagepay_pwd = get_option('eme_sagepay_live_pwd'); $url = SAGEPAY_LIVE_URL; } $cur = $event['currency']; $button_above = eme_replace_payment_provider_placeholders(get_option('eme_sagepay_button_above'), $charge, $event['currency'], $lang); $button_label = eme_replace_payment_provider_placeholders(get_option('eme_sagepay_button_label'), $charge, $event['currency'], $lang); $button_below = eme_replace_payment_provider_placeholders(get_option('eme_sagepay_button_below'), $charge, $event['currency'], $lang); $button_img_url = get_option('eme_sagepay_button_img_url'); $query = array('VendorTxCode' => $payment_id, 'Amount' => number_format($price, 2, '.', ''), 'Currency' => $cur, 'Description' => $name, 'SuccessURL' => $success_link, 'FailureURL' => $fail_link); require_once 'payment_gateways/sagepay/eme-sagepay-util.php'; $crypt = SagepayUtil::encryptAes(SagepayUtil::arrayToQueryString($query), $sagepay_pwd); $form_html = $button_above; $form_html .= "<form action='{$url}' method='post'>"; $form_html .= "<input type='hidden' name='VPSProtocol' value='3.00' />"; $form_html .= "<input type='hidden' name='TxType' value='PAYMENT' />"; $form_html .= "<input type='hidden' name='Vendor' value='{$vendor_name}' />"; $form_html .= "<input type='hidden' name='Crypt' value='{$crypt}' />"; $button_label = htmlentities($button_label); if (!empty($button_img_url)) { $form_html .= "<input type='image' src='{$button_img_url}' alt='{$button_label}' title='{$button_label}' />"; } else { $form_html .= "<input type='submit' value='{$button_label}' />"; } $form_html .= "</form>"; $form_html .= $button_below; return $form_html; }
/** * Encrypt the order details ready to send to SagePay Server. * * @param SagepayAbstractApi $request The request instance. * @throws SagepayApiException * * @return array|string Returns a String for Form integration method or an array for Server / Direct. */ public static function encryptedOrder(SagepayAbstractApi $request) { $settings = $request->getConfig(); $basket = $request->getBasket(); $address = $request->getAddressList(); $integrationMethod = $request->getIntegrationMethod(); $paneValues = $request->getPaneValues(); // Determine the transaction type based on the payment gateway settings. $txType = $settings->getTxType(); $billingAddress = $address[0]; $deliveryAddress = isset($address[1]) ? $address[1] : null; $query = array('VPSProtocol' => $settings->getProtocolVersion(), 'Vendor' => $settings->getVendorName(), 'VendorTxCode' => self::vendorTxCode($basket->getId(), $txType, $settings->getVendorName()), 'Amount' => number_format($basket->getAmount(), 2, '.', ''), 'Currency' => $settings->getCurrency(), 'Description' => $basket->getDescription(), 'CustomerName' => $billingAddress->firstname . ' ' . $billingAddress->lastname, 'CustomerEMail' => $billingAddress->email, 'VendorEMail' => $settings->getVendorEmail(), 'SendEMail' => $settings->getSendEmail(), 'eMailMessage' => $settings->getEmailMessage(), 'BillingSurname' => $billingAddress->lastname, 'BillingFirstnames' => $billingAddress->firstname, 'BillingAddress1' => $billingAddress->address1, 'BillingAddress2' => $billingAddress->address2, 'BillingCity' => $billingAddress->city, 'BillingPostCode' => $billingAddress->getPostCode(), 'BillingCountry' => $billingAddress->country, 'BillingPhone' => $billingAddress->phone, 'ApplyAVSCV2' => $settings->getApplyAvsCv2(), 'Apply3DSecure' => $settings->getApply3dSecure(), 'AllowGiftAid' => $settings->getAllowGiftAid(), 'BillingAgreement' => $settings->getBillingAgreement()); $query += $request->getData(); $customer = $request->getCustomer(); if ($customer instanceof SagepayCustomer) { $query += self::_setAuxValue($query, 'CustomerXML', $customer->export()); } $query += self::_setAuxValue($query, 'VendorData', $settings->getVendorData()); $query += self::_setAuxValue($query, 'ReferrerID', $settings->getPartnerId()); $query += self::_setAuxValue($query, 'Language', $settings->getLanguage()); // Add check for state for US addresses only. if ($billingAddress->country == 'US') { $query['BillingState'] = $billingAddress->state; } //Override with supplied delivery address if we have one . $query += self::_populateDeliveryDetails($billingAddress, $deliveryAddress); if (isset($paneValues['cardType']) && empty($paneValues['cardType'])) { $integrationMethod = SAGEPAY_TOKEN; } // Check if we need to encode cart. if (!$settings->basketAsXmlDisabled()) { $query['BasketXML'] = $basket->exportAsXml(); } else { $query['Basket'] = $basket->exportAsXml(false); } if (count($settings->getSurcharges()) > 0) { $surcharges = new SagepaySurcharge(); $surcharges->setSurcharges($settings->getSurcharges()); $query['SurchargeXML'] = $surcharges->export(); } switch ($integrationMethod) { case SAGEPAY_FORM: // Unset unused values unset($query['VPSProtocol']); unset($query['Vendor']); unset($query['TxType']); $env = $settings->getEnv(); $query['SuccessURL'] = $settings->getFullFormSuccessUrl(); $query['FailureURL'] = $settings->getFullFormFailureUrl(); $request->setData($query); $queryStr = SagepayUtil::arrayToQueryString($query); $formValues = array(); $formValues['Vendor'] = $settings->getVendorName(); $formValues['VPSProtocol'] = $settings->getProtocolVersion(); $formValues['TxType'] = $txType; $formValues['Crypt'] = SagepayUtil::encryptAes($queryStr, $settings->getFormEncryptionPassword($env)); // Encrypt order details using base64 and the secret key from the settings. return $formValues; case SAGEPAY_SERVER: $query['NotificationURL'] = $settings->getFullServerNotificationUrl(); $query['TxType'] = $txType; $query['Profile'] = $settings->getServerProfile(); $query['StoreToken'] = 1; $query += self::_setAuxValue($query, 'AccountType', $settings->getAccountType()); return $query; case SAGEPAY_DIRECT: $query = array_merge($query, self::_getCardDetails($paneValues)); $query['TxType'] = $txType; $query['CardHolder'] = $billingAddress->firstname . ' ' . $billingAddress->lastname; // Add 3D Secure flag only if the 3d Secure module is enabled for DIRECT. $query['Apply3DSecure'] = $settings->getApply3dSecure(); $query += self::_setAuxValue($query, 'AccountType', $settings->getAccountType()); return $query; case SAGEPAY_PAYPAL: $query['TxType'] = $txType; $query['CardType'] = 'PAYPAL'; $query['PayPalCallbackURL'] = $settings->getPaypalCallbackUrl() . '?vtx=' . $query['VendorTxCode']; return $query; case SAGEPAY_TOKEN: $query['TxType'] = $txType; $query['Token'] = $paneValues['token']; $query['CV2'] = $paneValues['cv2']; $query['AllowGiftAid'] = $paneValues['giftAid'] ? 1 : 0; $query += self::_setAuxValue($query, 'AccountType', $settings->getAccountType()); $query['StoreToken'] = 1; $query['ApplyAVSCV2'] = 2; return $query; default: throw new SagepayApiException('Invalid integration type'); } }