Index: payment/cc_protx.php 
--- payment/cc_protx.php.orig 2009-04-02 10:51:49.000000000 +0400
+++ payment/cc_protx.php  2009-07-22 06:59:42.000000000 +0400
@@ -34,33 +34,17 @@
 # $Id: cc_protx.php,v 1.38.2.1 2009/04/02 06:51:49 ferz Exp $
 #
 
-function simpleXor($InString, $Key)
-{
-	$KeyList = array();
-	$output = "";
-	
-	for($i=0;$i<strlen($Key);$i++)
-		$KeyList[$i] = ord(substr($Key, $i, 1));
-
-	for($i=0;$i<strlen($InString);$i++)
-		$output.= chr(ord(substr($InString, $i, 1)) ^ ($KeyList[$i % strlen($Key)]));
-
-	return $output;
-}
-
-
 if (!isset($REQUEST_METHOD))
 	$REQUEST_METHOD = $_SERVER["REQUEST_METHOD"];
 
 if ($REQUEST_METHOD == "GET" && isset($_GET["crypt"])) {
+
 	require "./auth.php";
+	require_once $xcart_dir.'/include/func/func.cc_protx_common.php';
 
-	# [Status=OK&VendorTxCode=xcart324243&TxAuthNo=28566&AVSCV2=DATA NOT CHECKED&Amount=45.95&VPSTxID={00000033-0BF6-0001-0000-9687261DE084}]
 	$pass = func_query_first_cell("SELECT param02 FROM $sql_tbl[ccprocessors] WHERE processor='cc_protx.php'");
-	$crypt = str_replace(" ", "+", $crypt);
 	$response = array();
-	parse_str(simpleXor(base64_decode($crypt), $pass), $response);
-
+	parse_str(simpleXor(base64Decode($crypt), $pass), $response);
 	$bill_output["sessid"] = func_query_first_cell("select sessionid from $sql_tbl[cc_pp3_data] where ref='".func_addslashes($response['VendorTxCode'])."'");
 
 	if (trim($response['Status']) == "OK") {
@@ -100,80 +84,98 @@
 			"total" => str_replace(",", "",$response['Amount'])
 		);
 	}
-
+	
 	require($xcart_dir."/payment/payment_ccend.php");
+
 } else {
+
 		if (!defined('XCART_START')) { header("Location: ../"); die("Access denied"); }
 
+		x_load("payment");
+		require_once $xcart_dir.'/include/func/func.cc_protx_common.php';
+
 		$pp_merch = $module_params["param01"];
 		$pp_pass = $module_params["param02"];
 		$pp_curr = $module_params["param03"];
 		# Determine request URL (simulator, test server or live server)
 		switch ($module_params['testmode']) {
 		case 'S':
-			$pp_test = 'https://ukvpstest.protx.com/VSPSimulator/VSPFormGateway.asp';
+			$pp_test = 'https://test.sagepay.com/Simulator/VSPFormGateway.asp';
 			break;
 		case 'Y':
-			$pp_test = 'https://ukvpstest.protx.com/vspgateway/service/vspform-register.vsp';
+			$pp_test = 'https://test.sagepay.com/gateway/service/vspform-register.vsp';
 			break;
 		default:
-			$pp_test = 'https://ukvps.protx.com/vspgateway/service/vspform-register.vsp';
+			$pp_test = 'https://live.sagepay.com/gateway/service/vspform-register.vsp';
 		}
 		$pp_shift = preg_replace("/[^\w\d_-]/S", "", $module_params["param05"]);
 		$_orderids = join("-",$secure_oid);
+
 		if (!$duplicate)
 			db_query("REPLACE INTO $sql_tbl[cc_pp3_data] (ref,sessionid) VALUES ('".addslashes($pp_shift.$_orderids)."','".$XCARTSESSID."')");
 
-		$crypt = "VendorTxCode=".$pp_shift.$_orderids."&";
-		$crypt.= "Amount=".price_format($cart["total_cost"])."&";
-		$crypt.= "Currency=".$pp_curr."&";
-		$crypt.= "Description=Your Cart&";
-		$crypt.= "SuccessURL=".$http_location."/payment/cc_protx.php&";
-		$crypt.= "FailureURL=".$http_location."/payment/cc_protx.php&";
-		$crypt.= "CustomerName=".$bill_name."&";
-		$crypt.= "CustomerEMail=".$userinfo["email"]."&";
-		$crypt.= "ContactNumber=".$userinfo["phone"]."&";
-		$crypt.= "ContactFax=".$userinfo["fax"]."&";
-		$crypt.= "VendorEMail=".$config["Company"]["orders_department"]."&";
+		$crypt["VendorTxCode"] = $pp_shift.$_orderids;
+		$crypt["ReferrerID"] = "653E8C42-AD93-4654-BB91-C645678FA97B";
+		$crypt["Amount"] = price_format($cart["total_cost"]);
+		$crypt["Currency"] = $pp_curr;
+		$crypt["Description"] = "Your Cart";
+		$crypt["SuccessURL"] = $current_location."/payment/cc_protx.php";
+		$crypt["FailureURL"] = $current_location."/payment/cc_protx.php";
+
+		$crypt["CustomerName"] = $bill_name;
+		$crypt["CustomerEMail"] = $userinfo["email"];
+		$crypt["VendorEMail"] = $config["Company"]["orders_department"];
+		$crypt["SendEMail"] = 1;
+		
+		# Billing information
+		$crypt["BillingSurname"] = $bill_lastname;
+		$crypt["BillingFirstnames"] =$bill_firstname;
+		$crypt["BillingAddress1"] = $userinfo["b_address"];
 
-		$shipping_address = array();
-		$shipping_address[] = $userinfo["s_address"];
+		if (!empty($userinfo["b_address_2"]))
+			$crypt["BillingAddress2"] = $userinfo["b_address_2"];
+		$crypt["BillingCity"] = $userinfo["b_city"];
+		$crypt["BillingPostCode"] = $userinfo["b_zipcode"];
+		$crypt["BillingCountry"] = $userinfo["b_country"];
+		if ($userinfo["b_country"] == "US" && !empty($userinfo["b_state"]) && $userinfo["b_state"] != "Other")
+			$crypt["BillingState"] = $userinfo["b_state"];
+
+		# Shipping information
+		$crypt["DeliverySurname"] = $ship_lastname;
+		$crypt["DeliveryFirstnames"] = $ship_firstname;
+		$crypt["DeliveryAddress1"] = $userinfo["s_address"];
 		if (!empty($userinfo["s_address_2"]))
-			$shipping_address[] = $userinfo["s_address_2"];
-		$shipping_address[] = $userinfo["s_city"];
-		if (!empty($userinfo["s_countyname"]))
-			$shipping_address[] = $userinfo["s_countyname"];
-		$shipping_address[] = empty($userinfo["s_statename"]) ? $userinfo["s_state"] : $userinfo["s_statename"];
-		$shipping_address[] = empty($userinfo["s_countryname"]) ? $userinfo["s_country"] : $userinfo["s_countryname"];
-	
-		$crypt.= "DeliveryAddress=".implode(" ", $shipping_address)."&";
-		$crypt.= "DeliveryPostCode=".$userinfo["s_zipcode"]."&";
+			$crypt["DeliveryAddress2"] = $userinfo["s_address_2"];
+		$crypt["DeliveryCity"] = $userinfo["s_city"];
+		$crypt["DeliveryPostCode"] = $userinfo["s_zipcode"];
+		$crypt["DeliveryCountry"] = $userinfo["s_country"];
+		if ($userinfo["s_country"] == "US" && !empty($userinfo["s_state"]) && $userinfo["s_state"] != "Other")
+			$crypt["DeliveryState"] = $userinfo["s_state"];
 		
-		$billing_address = array();
-		$billing_address[] = $userinfo["b_address"];
-		if (!empty($userinfo["b_address_2"]))
-			$billing_address[] = $userinfo["b_address_2"];
-		$billing_address[] = $userinfo["b_city"];
-		if (!empty($userinfo["b_countyname"]))
-			$billing_address[] = $userinfo["b_countyname"];
-		$billing_address[] = empty($userinfo["b_statename"]) ? $userinfo["b_state"] : $userinfo["b_statename"];
-		$billing_address[] = empty($userinfo["b_countryname"]) ? $userinfo["b_country"] : $userinfo["b_countryname"];
-	
-		$crypt.= "BillingAddress=".implode(" ", $billing_address)."&";
-		$crypt.= "BillingPostCode=".$userinfo["b_zipcode"]."&";
-		$crypt.= "AllowGiftAid=0&";
-		$crypt.= "ApplyAVSCV2=".$module_params["param06"]."&";
-		$crypt.= "Apply3DSecure=".$module_params["param07"]."&";
+		$crypt["Basket"] = func_cc_protx_get_basket_new();
+
+		$crypt["AllowGiftAid"] = "0";
+		$crypt["ApplyAVSCV2"] = $module_params["param06"];
+		$crypt["Apply3DSecure"] = $module_params["param07"];
+
+		# Tide up the entire values
+		$crypt = func_sagepay_clean_inputs($crypt);
+
+		$_crypt = array();
+		foreach($crypt as $k => $v) {
+			$_crypt[] = $k."=".$v;
+		}
 
+		$crypt_str = join("&",$_crypt);
 		func_create_payment_form(
 			$pp_test,
 			array(
-				"VPSProtocol" => "2.22",
+				"VPSProtocol" => "2.23",
 				"Vendor" => $pp_merch,
 				"TxType" => "PAYMENT",
-				"Crypt" => base64_encode(simpleXor($crypt."Basket=".func_cc_protx_get_basket(), $pp_pass))
+				"Crypt" => base64Encode(simpleXor($crypt_str, $pp_pass))
 			),
-			"Protx VSP Form"
+			"Sage Pay"
 		);
 }
 exit;