function m_Sagepay_3DR()
{
$strMD = $_REQUEST["MD"];
$strPaRes = $_REQUEST["PARes"];
$strVendorTxCode = $_SESSION["VendorTxCode"];
// POST for Sage Pay Direct 3D completion page
$strPost = "MD=" . $strMD . "&PARes=" . urlencode($strPaRes);
//Use cURL to POST the data directly from this server to Sage Pay. cURL connection code is in includes.php.
$obSaveOrder = new c_saveOrder();
$arrResponse = $obSaveOrder->requestPost($_SESSION['str3DCallbackPage'], $strPost);
//Analyse the response from Sage Pay Direct to check that everything is okay
$arrStatus = split(" ", $arrResponse["Status"]);
$strStatus = array_shift($arrStatus);
$arrStatusDetail = split("=", $arrResponse["StatusDetail"]);
$strStatusDetail = array_shift($arrStatusDetail);
//Get the results form the POST if they are there
$arrVPSTxId = split(" ", $arrResponse["VPSTxId"]);
$strVPSTxId = array_shift($arrVPSTxId);
$arrSecurityKey = split(" ", $arrResponse["SecurityKey"]);
$strSecurityKey = array_shift($arrSecurityKey);
$arrTxAuthNo = split(" ", $arrResponse["TxAuthNo"]);
$strTxAuthNo = array_shift($arrTxAuthNo);
$arrAVSCV2 = split(" ", $arrResponse["AVSCV2"]);
$strAVSCV2 = array_shift($arrAVSCV2);
$arrAddressResult = split(" ", $arrResponse["AddressResult"]);
$strAddressResult = array_shift($arrAddressResult);
$arrPostCodeResult = split(" ", $arrResponse["PostCodeResult"]);
$strPostCodeResult = array_shift($arrPostCodeResult);
$arrCV2Result = split(" ", $arrResponse["CV2Result"]);
$strCV2Result = array_shift($arrCV2Result);
$arr3DSecureStatus = split(" ", $arrResponse["3DSecureStatus"]);
$str3DSecureStatus = array_shift($arr3DSecureStatus);
$arrCAVV = split(" ", $arrResponse["CAVV"]);
$strCAVV = array_shift($arrCAVV);
//Update the database and redirect the user appropriately
if ($strStatus == "OK") {
$strDBStatus = "AUTHORISED - The transaction was successfully authorised with the bank.";
} elseif ($strStatus == "MALFORMED") {
$strDBStatus = "MALFORMED - The StatusDetail was:" . mysql_real_escape_string(substr($strStatusDetail, 0, 255));
} elseif ($strStatus == "INVALID") {
$strDBStatus = "INVALID - The StatusDetail was:" . mysql_real_escape_string(substr($strStatusDetail, 0, 255));
} elseif ($strStatus == "NOTAUTHED") {
$strDBStatus = "DECLINED - The transaction was not authorised by the bank.";
} elseif ($strStatus == "REJECTED") {
$strDBStatus = "REJECTED - The transaction was failed by your 3D-Secure or AVS/CV2 rule-bases.";
} elseif ($strStatus == "AUTHENTICATED") {
$strDBStatus = "AUTHENTICATED - The transaction was successfully 3D-Secure Authenticated and can now be Authorised.";
} elseif ($strStatus == "REGISTERED") {
$strDBStatus = "REGISTERED - The transaction was could not be 3D-Secure Authenticated, but has been registered to be Authorised.";
} elseif ($strStatus == "ERROR") {
$strDBStatus = "ERROR - There was an error during the payment process. The error details are: " . mysql_real_escape_string($strStatusDetail);
} else {
$strDBStatus = "UNKNOWN - An unknown status was returned from Sage Pay. The Status was: " . mysql_real_escape_string($strStatus) . ", with StatusDetail:" . mysql_real_escape_string($strStatusDetail);
}
if ($strStatus == "OK" || $strStatus == "AUTHENTICATED" || $strStatus == "REGISTERED") {
$this->obDb->query = "UPDATE " . ORDERS . " SET iPayStatus=1,iOrderStatus=1,v3DSecureStatus='" . addslashes($strDBStatus) . "' WHERE iTransactionId = '" . $strVendorTxCode . "'";
$rs = $this->obDb->updateQuery();
$this->obDb->query = "SELECT iOrderid_PK FROM " . ORDERS . " WHERE iTransactionId = '" . $strVendorTxCode . "'";
$rs = $this->obDb->fetchQuery();
$orderId = $rs[0]->iOrderid_PK;
$retUrl = $this->libFunc->m_safeUrl(SITE_SAFEURL . "ecom/index.php?action=checkout.process&mode=" . $orderId);
$this->libFunc->m_mosRedirect($retUrl);
} else {
$this->obDb->query = "UPDATE " . ORDERS . " SET v3DSecureStatus='" . addslashes($strDBStatus) . "' WHERE iTransactionId = '" . $strVendorTxCode . "'";
$rs = $this->obDb->updateQuery();
$_SESSION['cardsave_error'] = $strDBStatus;
$retUrl = $this->libFunc->m_safeUrl(SITE_SAFEURL . "ecom/index.php?action=checkout.billing");
$this->libFunc->m_mosRedirect($retUrl);
}
exit;
}
