4929000000014 esito positvo
4556338637603 esito negativo (saltare 3d secure)'; } function auto(){ $this->indiLingua(); $config = array( // Mandatory parameter // Set to any of: TEST for the Test Server and LIVE for the live environment 'env' => '', // Optional parameter supported protocol version (3.00 is the newest and the only available) 'protocolVersion' => 3.00, // Mandatory. Set this value to the Vendor Name assigned to you by Sage Pay or chosen when you applied 'vendorName' => '', // Mandatory. Set this to indicate the currency in which you wish to trade. // You will need a merchant number in this currency 'currency' => 'GBP', // Mandatory. Usually PAYMENT. This can be DEFERRED or AUTHENTICATE if your Sage Pay // account supports those payment types // NB Ideally all DEFERRED transaction should be released within 6 days (according to card scheme rules). // DEFERRED transactions can be ABORTed before a RELEASE if necessary 'txType' => 'PAYMENT', // Mandatory // Qualified Domain Name of your server. // This should start http:// or https:// and should be the name by which our servers can call back to yours // i.e. it MUST be resolvable externally, and have access granted to the Sage Pay servers // examples would be https://www.mysite.com or http://212.111.32.22/ 'siteFqdns' => array( 'live' => '', 'test' => '', ), // Optional setting. If you are a Sage Pay Partner and wish to flag the transactions // with your unique partner id, it should be set here 'partnerId' => '', // Optional setting to set vendor data 'vendorData' => '', // Optional // 0 = If AVS/CV2 enabled then check them. If rules apply, use rules (default). // 1 = Force AVS/CV2 checks even if not enabled for the account. If rules apply, use rules. // 2 = Force NO AVS/CV2 checks even if enabled on account. // 3 = Force AVS/CV2 checks even if not enabled for the account but DON'T apply any rules. 'applyAvsCv2' => 0, // Optional // 0 = If 3D-Secure checks are possible and rules allow, perform the checks and apply the authorisation rules. (default) // 1 = Force 3D-Secure checks for this transaction if possible and apply rules for authorisation. // 2 = Do not perform 3D-Secure checks for this transaction and always authorise. // 3 = Force 3D-Secure checks for this transaction if possible but ALWAYS obtain an auth code, irrespective of rule base. 'apply3dSecure' => 0, // Optional property. (Server & Form protocols only) // For charities registered for Gift Aid, set to 1 to display the Gift Aid check // box on the payment pages, or else 0 'allowGiftAid' => 1, // Optional // Use this to send surcharge xml and override the default values set for your account. // See the protocol docs for further explanation on using the surcharge xml. 'surcharges' => array( // array( // 'paymentType' => 'MC', // 'percentage' => 5, // ), // array( // 'paymentType' => 'VISA', // 'fixed' => 0, // ), ), // Optional setting. if you are a vendor that has a merchant category code of 6012, then you can fill in extra details required for authorisation for Visa transactions 'collectRecipientDetails' => false, // Mandatory property, set this value to the Encryption password assigned to you by Sage Pay 'formPassword' => array( 'test' => 'TPjs72eMz5qBnaTa', 'live' => '', ), // Mandatory parameters form notifications URLs appended to siteFQDN value 'formSuccessUrl' => 'form/success', 'formFailureUrl' => 'form/failure', //Optional setting. Set to tell the Sage Pay System which merchant account to use. If omitted, // the system will use E, then M, then C by default // E = Use the e-commerce merchant account (default) // M = Use the mail order/telephone order account (if present) // C = Use the continuous authority merchant account (if present) 'accountType' => 'E', // Mandatory Server notification URLs 'serverNotificationUrl' => '', // Optional // 0 = Do not send either customer or vendor e-mails, // 1 = Send customer and vendor e-mails if address(es) are provided(DEFAULT). // 2 = Send Vendor Email but not Customer Email. If you do not supply this field, 1 is assumed and e-mails are sent if addresses are provided. 'sendEmail' => 0, // Optional // You can specify any custom message to send to your customers in their confirmation e-mail here // The field can contain HTML if you wish, and be different for each order. This field is optional 'emailMessage' => '', // Optional setting. Set this to the mail address which will receive order confirmations and failures 'vendorEmail' => '', // Optional parameter, this value will be used to set the BillingAgreement field in the registration POST // A default is value of 0 is used if this parameter is not included in this properties file 'billingAgreement' => 1, // Mandatory parameter, salt used for hashing the password in the local database // i.e. value: q8W#e1_ 'customerPasswordSalt' => '', // Optional parameter, set this to true to use colon delimited format for the basket instead of XML // Note: The 'Trips' details on the 'Extra Information' page will not be displayed if this flag is set to true. 'basketAsXmlDisable' => false, // Set this to true if you want to store all logs in debug.log file 'logError' => false, // Optional // The language the customer sees the payment pages in is determined by the code sent here. If this is NULL then the language default of the shoppers browser will be used. // If the language is not supported then the language supported in the templates will be used // Currently supported languages in the Default templates are : // French, German, Spanish, Portuguese, Dutch and English 'language' => $this->lingua, // Optional parameter reference to the website this transaction came from. This field is useful if transactions can originate from more than one website. Supplying this information will enable reporting to be performed by website. 'website' => '', 'requestTimeout' => 30, 'caCertPath' => '', ); if($this->demo){ $config['env'] = 'test'; $config['vendorName'] = 'protxross'; $config['apply3dSecure'] = '3'; } else{ $config['env'] = 'live'; $config['vendorName'] = $this->id; } $this->Procedura->forzaGeneraLinkSenzaRewrite = true;//sagepay riceve i %20 con rewrite come spazi, in questa maniera invece no $config['siteFqdns'][$config['env']] = "http".(!empty($_SERVER['HTTPS'])&&$_SERVER['HTTPS']!='off'?'s':'')."://".$_SERVER['HTTP_HOST']; $config['website'] = $config['siteFqdns'][$config['env']]; //verificato che nella documenteazione lo vuole assoluto, ma la libreria php se lo aspetta relativo $config['serverNotificationUrl'] = substr($this->Procedura->genera_link_agg(array($this->step_var=>"s2s")), strlen($config['siteFqdns'][$config['env']])); //$config['serverNotificationUrl'] = $this->Procedura->genera_link_agg(array($this->step_var=>"s2s"));//non funziona $this->importo = number_format(str_replace(",", ".", $this->importo), 2, ".", ""); $step = $_GET[$this->step_var]; if(!$step){ $this->Procedura->iniziato($this->nome_metodo); $api = SagepayApiFactory::create("server", SagepaySettings::getInstance($config, false)); $basket = new SagepayBasket(); $basket->setDescription(''); // $basket->setDeliveryNetAmount(); // $basket->setDeliveryTaxAmount(0.05); $basket->setDescription($this->descrizione); $item = new SagepayItem(); $item->setDescription($this->descrizione); $item->setUnitNetAmount($this->importo); $item->setQuantity(1); // $item->setProductCode($row['code']); // $item->setProductSku($row['sku']); // $item->setUnitTaxAmount($row['tax']); $basket->addItem($item); $api->setBasket($basket); $nome_cognome = explode(" ", $this->cliente_nome); $cognome = array_pop($nome_cognome); $nome = implode(" ", $nome_cognome); $vuoto = "- vuoto -"; $customer = new SagepayCustomerDetails(); $customer->email = $this->cliente_email; $customer->lastname = $cognome ? $cognome : "Lastname"; $customer->firstname = $nome ? $nome : "Name"; $customer->address1 = $vuoto; $customer->city = $vuoto; $customer->postcode = "12345"; $customer->country = "IT"; $customer->state = $vuoto;//obbligatorio solo US $api->addAddress($customer);//billing // $api->addAddress($customer);//delivery $result = $api->createRequest(); $this->Procedura->comunicazione_s2s($this->identificativo, "Ricevuto id pagamento Sagepay: ".$result['VPSTxId'].", ".$this->markerSecurityKey.$result['SecurityKey']); if ($result['Status'] != SAGEPAY_REMOTE_STATUS_OK){ return $this->Procedura->errore($result['StatusDetail']); } else $this->Procedura->redirect($result['NextURL']); } else if($_POST){ // Array // ( // [VPSProtocol] => 3.00 // [TxType] => PAYMENT // [VendorTxCode] => protxross-PAYMENT-1479405993-656049881 // [VPSTxId] => {E3A2DD2C-CBF8-FA7C-A321-60637FA3F109} // [Status] => OK // [StatusDetail] => 0000 : The Authorisation was Successful. // [TxAuthNo] => 13244532 // [AVSCV2] => NO DATA MATCHES // [AddressResult] => NOTMATCHED // [PostCodeResult] => NOTMATCHED // [CV2Result] => NOTMATCHED // [GiftAid] => 0 // [3DSecureStatus] => NOTAVAILABLE // [CardType] => VISA // [Last4Digits] => 5559 // [VPSSignature] => 072DBBB742898EEA9990B542C0DD362E // [DeclineCode] => 00 // [ExpiryDate] => 0443 // [BankAuthCode] => 999777 // ) $logPagamento = explode("\n", $this->Procedura->db_qrs("select info from ".$this->Procedura->tabella_log." where identificativo_ordine = '".$this->identificativo."'")); foreach($logPagamento as $linea) if(strpos($linea, $_POST['VPSTxId']) !== false && strpos($linea, $this->markerSecurityKey) !== false) break; $securityKey = substr($linea, strpos($linea, $this->markerSecurityKey)+strlen($this->markerSecurityKey)); $body = ""; foreach($_POST as $k=>$v) $body .= "\n| $k:\t$v"; $this->Procedura->comunicazione_s2s($this->identificativo, $body); // MD5 signature of the concatenation of the values of: // {VPSTxId }+ VendorTxCode + Status + TxAuthNo + VendorName + AVSCV2 + SecurityKey + AddressResult + PostCodeResult + CV2Result + GiftAid + 3DSecureStatus + CAVV + AddressStatus + PayerStatus + CardType + Last4Digits + DeclineCode + ExpiryDate + FraudResponse + BankAuthCode // MD5 value is returned in UPPER CASE. If a field is returned without a value this should not be included in the string. Please ensure the VendorName is lower case prior to hashing. $debugMe = array( 'VPSTxId'=>$_POST['VPSTxId'],//{VPSTxId } 'VendorTxCode'=>$_POST['VendorTxCode'],//VendorTxCode 'Status'=>$_POST['Status'],//Status 'TxAuthNo'=>$_POST['TxAuthNo'],//TxAuthNo '$config[\'vendorName\']'=>strtolower($config['vendorName']),//VendorName 'AVSCV2'=>$_POST['AVSCV2'],//AVSCV2 '$securityKey'=>$securityKey,//SecurityKey 'AddressResult'=>$_POST['AddressResult'],//AddressResult 'PostCodeResult'=>$_POST['PostCodeResult'],//PostCodeResult 'CV2Result'=>$_POST['CV2Result'],//CV2Result 'GiftAid'=>$_POST['GiftAid'],//GiftAid '3DSecureStatus'=>$_POST['3DSecureStatus'],//3DSecureStatus 'CAVV'=>$_POST['CAVV'],//CAVV 'AddressStatus'=>$_POST['AddressStatus'],//AddressStatus 'PayerStatus'=>$_POST['PayerStatus'],//PayerStatus 'CardType'=>$_POST['CardType'],//CardType 'Last4Digits'=>$_POST['Last4Digits'],//Last4Digits 'DeclineCode'=>$_POST['DeclineCode'],//DeclineCode 'ExpiryDate'=>$_POST['ExpiryDate'],//ExpiryDate 'FraudResponse'=>$_POST['FraudResponse'],//FraudResponse 'BankAuthCode'=>$_POST['BankAuthCode']//BankAuthCode ); $checkMe = md5(implode('',$debugMe)); if(false){ mail( "c@localhost", "sagePay", $url. "\n".print_r($_POST, true). // "\n".print_r($logPagamento, true). "\n".$linea. "\n".$securityKey. "\n".$checkMe. "\n".print_r($debugMe, true) ); } if($checkMe != strtolower($_POST['VPSSignature'])){ $e = "Errore nella verifica della signature"; trigger_error($e, E_USER_ERROR); $this->Procedura->comunicazione_s2s($this->identificativo, $e); $redirectStep = "error"; $status = SAGEPAY_REMOTE_STATUS_ERROR;//ERROR = An error has occurred during your Notification processing. The Sage Pay system will check for a RedirectURL, and if one is provided the Customer will be redirected to your site, but the transaction will NOT be settled with the bank. Only send this result if you want to cancel the transaction and report an ERROR to Sage Pay. //c'è anche questo ma sembra servire più per annullare volontariamente la tranasazioni in base ad altri controlli: //$status = SAGEPAY_REMOTE_STATUS_INVALID;//INVALID = Send this if the details you received in the A3 post were inconsistent with expectations for this transaction. The RedirectURL must still be provided, and Sage Pay will still redirect the customer back to your site, but the transaction will NOT be settled with the bank. Only send this result if you want to cancel the transaction. } else{ $status = SAGEPAY_REMOTE_STATUS_OK;//OK = Send this if you successfully received the Notification Post in B1 and were able to match the VPSSignature. if(in_array($_POST['Status'], array(SAGEPAY_REMOTE_STATUS_OK, SAGEPAY_REMOTE_STATUS_AUTHENTICATED, SAGEPAY_REMOTE_STATUS_REGISTERED))){ $redirectStep = "return_ok"; $this->Procedura->comunicazione_s2s($this->identificativo, "Pagamento andato a buon fine"); } else if($_POST['Status'] == "ABORT"){//la costante SAGEPAY_REMOTE_STATUS_ABORTED è ABORTED! $redirectStep = "return_ko"; $this->Procedura->comunicazione_s2s($this->identificativo, "Pagamento annullato dall'utente"); } else{ $redirectStep = "error"; $this->Procedura->comunicazione_s2s($this->identificativo, "Pagamento NON andato a buon fine"); } } //This is the plain text response part of the POST originated by the Server in the step above. Encoding must be as Name=Value fields separated by carriage-returnlinefeeds //Before writing the three fields above to the Response object of the POST, please ensure you clear your response buffer to remove any header code, comments or HTML. The Sage Pay Server is expecting “Status=” to be the first characters in the response. If it does not see these, it treats the response as though it is an error and fails the transaction. All POSTs must be communicated through ports 80 and 443. $this->pulisciOutput(); ob_start(); echo "Status=".$status."\r\nRedirectURL=".$this->Procedura->genera_link_agg(array($this->step_var=>$redirectStep))."\r\n"; $output = ob_get_clean(); //mail("c@localhost", "sagePay output", "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']."\n\n".$output); echo $output; die; } else{ switch($step){ case 'return_ok': return $this->Procedura->concluso(); case 'return_ko': return $this->Procedura->annulla(); default: case 'error': return $this->Procedura->errore(); } } } function indiLingua(){ switch($GLOBALS['DATI']["lang"]) { case "ita": $this->lingua = "Italian"; break; case "fra": $this->lingua = "French"; break; case "spa": $this->lingua = "Spanish"; break; case "ger": $this->lingua = "German"; break; default: $this->lingua = "English"; break; //Portuguese, Dutch } } } ?>