Index: payment/cc_protxdir.php --- eshop/payment/cc_protxdir.php.orig 2009-04-02 10:51:49.000000000 +0400 +++ eshop/payment/cc_protxdir.php 2009-07-22 06:59:42.000000000 +0400 @@ -41,12 +41,13 @@ require "./auth.php"; $md = $_POST['MD']; $post = array(); - $post[] = "MD=".$md; - $post[] = "PARes=".$_POST['PaRes']; + $post["MD"] = $md; + $post["PARes"] = $_POST['PaRes']; $bill_output["sessid"] = func_query_first_cell("SELECT sessionid FROM $sql_tbl[cc_pp3_data] WHERE ref='".$_POST['MD']."'"); $secure_verified_3d = true; x_session_register("module_params"); } + if (!defined('XCART_START')) { header("Location: ../"); die("Access denied"); } x_load('http'); @@ -56,34 +57,39 @@ # Determine request URL (simulator, test server or live server) switch ($module_params['testmode']) { -case 'S': - $pp_test = 'https://ukvpstest.protx.com:443/VSPSimulator/VSPDirectGateway.asp'; - break; -case 'Y': - $pp_test = 'https://ukvpstest.protx.com:443/vspgateway/service/vspdirect-register.vsp'; - break; -default: - $pp_test = 'https://ukvps.protx.com:443/vspgateway/service/vspdirect-register.vsp'; + case 'S': + $pp_test = 'https://test.sagepay.com:443/Simulator/VSPDirectGateway.asp'; + break; + case 'Y': + $pp_test = 'https://test.sagepay.com:443/gateway/service/vspdirect-register.vsp'; + break; + default: + $pp_test = 'https://live.sagepay.com:443/gateway/service/vspdirect-register.vsp'; } x_session_register("already_posted"); + if ($secure_verified_3d && $already_posted) { func_header_location($current_location.DIR_CUSTOMER."/home.php"); exit; + } else if ($secure_verified_3d && !$already_posted) { # Determine 3-D Secure callback URL (simulator, test server or live server) switch ($module_params['testmode']) { case 'S': - $pp_test = 'https://ukvpstest.protx.com:443/VSPSimulator/VSPDirectCallback.asp'; + $pp_test = 'https://test.sagepay.com:443/Simulator/VSPDirectCallback.asp'; break; case 'Y': - $pp_test = 'https://ukvpstest.protx.com:443/vspgateway/service/direct3dcallback.vsp'; + $pp_test = 'https://test.sagepay.com:443/gateway/service/direct3dcallback.vsp'; break; default: - $pp_test = 'https://ukvps.protx.com:443/vspgateway/service/direct3dcallback.vsp'; + $pp_test = 'https://live.sagepay.com:443/gateway/service/direct3dcallback.vsp'; } + list($a, $return) = func_https_request("POST", $pp_test, $post); + $already_posted = true; + } else { $already_posted = false; @@ -127,68 +133,70 @@ return; } - $post = array(); - $post[] = "VPSProtocol=2.22"; - $post[] = "TxType=" . (($module_params['use_preauth'] == 'Y' || func_is_preauth_force_enabled($secure_oid)) ? "DEFERRED" : "PAYMENT"); - $post[] = "Vendor=".$pp_merch; - $post[] = "VendorTxCode=".$pp_shift.$_orderids; - $post[] = "Amount=".$cart["total_cost"]; - $post[] = "Currency=".$pp_curr; - $post[] = "Description=Your Cart"; - $post[] = "CardHolder=".$userinfo["card_name"]; - $post[] = "CardNumber=".$userinfo["card_number"]; - $post[] = "ExpiryDate=".$userinfo["card_expire"]; - $post[] = "CV2=".$userinfo["card_cvv2"]; - $post[] = "CardType=".$userinfo["card_type"]; - - $billing_address = array(); - $ship_address = array(); - $address_fields = array("address","address2","city","county","state","country"); - - foreach($address_fields as $field) { - if (in_array($field,array("county","state","country"))) { - $fieldname = empty($userinfo["b_".$field."name"]) ? $userinfo["b_".$field] : $userinfo["b_".$field."name"]; - if ($userinfo["default_fields"]["b_".$field] && !empty($fieldname)) - $billing_address[] = $fieldname; - $fieldname = empty($userinfo["s_".$field."name"]) ? $userinfo["s_".$field] : $userinfo["s_".$field."name"]; - if ($userinfo["default_fields"]["s_".$field] && !empty($fieldname)) - $ship_address[] = $fieldname; - continue; - } - - if ($userinfo["default_fields"]["b_".$field] && !empty($userinfo["b_".$field])) - $billing_address[] = $userinfo["b_".$field]; - if ($userinfo["default_fields"]["s_".$field] && !empty($userinfo["s_".$field])) - $ship_address[] = $userinfo["s_".$field]; - } - - if (!empty($billing_address)) - $post[] = "BillingAddress=".substr(implode(" ", $billing_address), 0, 200); - if (!empty($userinfo["b_zipcode"])) - $post[] = "BillingPostCode=".substr($userinfo["b_zipcode"], 0, 10); - - if (!empty($ship_address) && !empty($userinfo["s_zipcode"])) { - $post[] = "DeliveryAddress=".substr(implode(" ", $ship_address), 0, 200); - $post[] = "DeliveryPostCode=".substr($userinfo["s_zipcode"], 0, 10); - } + require_once $xcart_dir.'/include/func/func.cc_protx_common.php'; - $post[] = "CustomerName=".substr($userinfo["firstname"]." ".$userinfo["lastname"], 0, 100); - $post[] = "ContactNumber=".substr(str_replace(array(" ","-"), array("",""), $userinfo["phone"]), 0, 20); - $post[] = "ContactFax=".substr(str_replace(array(" ","-"), array("",""), $userinfo["fax"]), 0, 20); - $post[] = "CustomerEMail=".substr($userinfo["email"], 0, 255); - $post[] = "Basket=".func_cc_protx_get_basket(); - $post[] = "GiftAidPayment=0"; - $post[] = "ApplyAVSCV2=".$module_params['param06']; - $post[] = "Apply3DSecure=".$module_params['param07']; - $post[] = "ClientIPAddress=".func_get_valid_ip($REMOTE_ADDR); + $post = array(); + $post["VPSProtocol"] = "2.23"; + $post["TxType"] = (($module_params['use_preauth'] == 'Y' || func_is_preauth_force_enabled($secure_oid)) ? "DEFERRED" : "PAYMENT"); + $post["Vendor"] = $pp_merch; + $post["VendorTxCode"] = $pp_shift.$_orderids; + $post["ReferrerID"] = "653E8C42-AD93-4654-BB91-C645678FA97B"; + $post["Amount"] = $cart["total_cost"]; + $post["Currency"] = $pp_curr; + $post["Description"] = "Your Cart"; + + # Card info + $post["CardHolder"] = $userinfo["card_name"]; + $post["CardNumber"] = $userinfo["card_number"]; + $post["ExpiryDate"] = $userinfo["card_expire"]; + $post["CV2"] = $userinfo["card_cvv2"]; + $post["CardType"] = $userinfo["card_type"]; + + # Billing information + $post["BillingSurname"] = $bill_lastname; + $post["BillingFirstnames"] = $bill_firstname; + $post["BillingAddress1"] = $userinfo["b_address"]; + if (!empty($userinfo["b_address_2"])) + $post["BillingAddress2"] = $userinfo["b_address_2"]; + $post["BillingCity"] = $userinfo["b_city"]; + $post["BillingPostCode"] = $userinfo["b_zipcode"]; + $post["BillingCountry"] = $userinfo["b_country"]; + if ($userinfo["b_country"] == "US" && !empty($userinfo["b_state"]) && $userinfo["b_state"] != "Other") + $post["BillingState"] = $userinfo["b_state"]; + + # Shipping information + $post["DeliverySurname"] = $ship_lastname; + $post["DeliveryFirstnames"] = $ship_firstname; + $post["DeliveryAddress1"] = $userinfo["s_address"]; + if (!empty($userinfo["s_address_2"])) + $post["DeliveryAddress2"] = $userinfo["s_address_2"]; + $post["DeliveryCity"] = $userinfo["s_city"]; + $post["DeliveryPostCode"] = $userinfo["s_zipcode"]; + $post["DeliveryCountry"] = $userinfo["s_country"]; + if ($userinfo["s_country"] == "US" && !empty($userinfo["s_state"]) && $userinfo["s_state"] != "Other") + $post["DeliveryState"] = $userinfo["s_state"]; + + $post["CustomerEMail"] = $userinfo["email"]; + $post["Basket"] = func_cc_protx_get_basket_new(); + $post["GiftAidPayment"] = "0"; + $post["ApplyAVSCV2"] = $module_params['param06']; + $post["Apply3DSecure"] = $module_params['param07']; + $post["ClientIPAddress"] = func_get_valid_ip($REMOTE_ADDR); if ($userinfo["card_type"] == 'SOLO' || $userinfo["card_type"] == 'SWITCH' || $userinfo["card_type"] == 'MAESTRO') { $userinfo['card_issue_no'] = (!isset($userinfo['card_issue_no'])) ? "" : $userinfo['card_issue_no']; - $post[] = "IssueNumber=".trim($userinfo['card_issue_no']); + $post["IssueNumber"] = trim($userinfo['card_issue_no']); } - list($a, $return) = func_https_request("POST", $pp_test, $post); + # Tide up the entire values + $post = func_sagepay_clean_inputs($post); + $_post = array(); + foreach($post as $k => $v) { + $_post[] = $k."=".$v; + } + + list($a, $return) = func_https_request("POST", $pp_test, $_post); } $ret = str_replace("\r\n","&",$return); @@ -203,20 +211,23 @@ x_session_register("module_params"); db_query("REPLACE INTO $sql_tbl[cc_pp3_data] (ref,sessionid,trstat) VALUES ('".trim($response['MD'])."','".$XCARTSESSID."','GO|".implode('|',$secure_oid)."')"); + ?>
"/> -