function m_Sagepay_3DR() { $strMD = $_REQUEST["MD"]; $strPaRes = $_REQUEST["PARes"]; $strVendorTxCode = $_SESSION["VendorTxCode"]; // POST for Sage Pay Direct 3D completion page $strPost = "MD=" . $strMD . "&PARes=" . urlencode($strPaRes); //Use cURL to POST the data directly from this server to Sage Pay. cURL connection code is in includes.php. $obSaveOrder = new c_saveOrder(); $arrResponse = $obSaveOrder->requestPost($_SESSION['str3DCallbackPage'], $strPost); //Analyse the response from Sage Pay Direct to check that everything is okay $arrStatus = split(" ", $arrResponse["Status"]); $strStatus = array_shift($arrStatus); $arrStatusDetail = split("=", $arrResponse["StatusDetail"]); $strStatusDetail = array_shift($arrStatusDetail); //Get the results form the POST if they are there $arrVPSTxId = split(" ", $arrResponse["VPSTxId"]); $strVPSTxId = array_shift($arrVPSTxId); $arrSecurityKey = split(" ", $arrResponse["SecurityKey"]); $strSecurityKey = array_shift($arrSecurityKey); $arrTxAuthNo = split(" ", $arrResponse["TxAuthNo"]); $strTxAuthNo = array_shift($arrTxAuthNo); $arrAVSCV2 = split(" ", $arrResponse["AVSCV2"]); $strAVSCV2 = array_shift($arrAVSCV2); $arrAddressResult = split(" ", $arrResponse["AddressResult"]); $strAddressResult = array_shift($arrAddressResult); $arrPostCodeResult = split(" ", $arrResponse["PostCodeResult"]); $strPostCodeResult = array_shift($arrPostCodeResult); $arrCV2Result = split(" ", $arrResponse["CV2Result"]); $strCV2Result = array_shift($arrCV2Result); $arr3DSecureStatus = split(" ", $arrResponse["3DSecureStatus"]); $str3DSecureStatus = array_shift($arr3DSecureStatus); $arrCAVV = split(" ", $arrResponse["CAVV"]); $strCAVV = array_shift($arrCAVV); //Update the database and redirect the user appropriately if ($strStatus == "OK") { $strDBStatus = "AUTHORISED - The transaction was successfully authorised with the bank."; } elseif ($strStatus == "MALFORMED") { $strDBStatus = "MALFORMED - The StatusDetail was:" . mysql_real_escape_string(substr($strStatusDetail, 0, 255)); } elseif ($strStatus == "INVALID") { $strDBStatus = "INVALID - The StatusDetail was:" . mysql_real_escape_string(substr($strStatusDetail, 0, 255)); } elseif ($strStatus == "NOTAUTHED") { $strDBStatus = "DECLINED - The transaction was not authorised by the bank."; } elseif ($strStatus == "REJECTED") { $strDBStatus = "REJECTED - The transaction was failed by your 3D-Secure or AVS/CV2 rule-bases."; } elseif ($strStatus == "AUTHENTICATED") { $strDBStatus = "AUTHENTICATED - The transaction was successfully 3D-Secure Authenticated and can now be Authorised."; } elseif ($strStatus == "REGISTERED") { $strDBStatus = "REGISTERED - The transaction was could not be 3D-Secure Authenticated, but has been registered to be Authorised."; } elseif ($strStatus == "ERROR") { $strDBStatus = "ERROR - There was an error during the payment process. The error details are: " . mysql_real_escape_string($strStatusDetail); } else { $strDBStatus = "UNKNOWN - An unknown status was returned from Sage Pay. The Status was: " . mysql_real_escape_string($strStatus) . ", with StatusDetail:" . mysql_real_escape_string($strStatusDetail); } if ($strStatus == "OK" || $strStatus == "AUTHENTICATED" || $strStatus == "REGISTERED") { $this->obDb->query = "UPDATE " . ORDERS . " SET iPayStatus=1,iOrderStatus=1,v3DSecureStatus='" . addslashes($strDBStatus) . "' WHERE iTransactionId = '" . $strVendorTxCode . "'"; $rs = $this->obDb->updateQuery(); $this->obDb->query = "SELECT iOrderid_PK FROM " . ORDERS . " WHERE iTransactionId = '" . $strVendorTxCode . "'"; $rs = $this->obDb->fetchQuery(); $orderId = $rs[0]->iOrderid_PK; $retUrl = $this->libFunc->m_safeUrl(SITE_SAFEURL . "ecom/index.php?action=checkout.process&mode=" . $orderId); $this->libFunc->m_mosRedirect($retUrl); } else { $this->obDb->query = "UPDATE " . ORDERS . " SET v3DSecureStatus='" . addslashes($strDBStatus) . "' WHERE iTransactionId = '" . $strVendorTxCode . "'"; $rs = $this->obDb->updateQuery(); $_SESSION['cardsave_error'] = $strDBStatus; $retUrl = $this->libFunc->m_safeUrl(SITE_SAFEURL . "ecom/index.php?action=checkout.billing"); $this->libFunc->m_mosRedirect($retUrl); } exit; }