Thank you.
mcrypt is installed on our server.
We have replaced Protx_VSPForm.php with the newer version that you provided in the forum post you've linked to above (however further down that thread you provide another version. Can you confirm which one is correct?).
We immediately realised that, within that new Protx_VSPForm.php file, you've got a generic Encryption Password which, when we tried to use it, obviously failed as being incorrect. You have the following on line 2 of that file:
$Protx_EncryptionPassword = "8GejG5SG2jCjMsbY";
Checking the version of Protx_VSPForm.php that eCart Checkout Wizard installed by default on OUR site we note that its line 2 is:
$Protx_EncryptionPassword = "<?php echo($WA_SagePay_VSP_Form_Encryption_Password); ?>";
Can you clarify if we should use the above reference or should we just manually enter our own encryption password as you have done with your replacement example file?
We assume that if we use this:
<?php echo($WA_SagePay_VSP_Form_Encryption_Password); ?>
...then eCart is trying to use the encryption password that was entered when using the eCart Checkout Wizard which we are unable to check/change because we can't re-enter the wizard. Where is this value stored?
On confirm.php we changed the hidden form element to this:
<input type="hidden" name="VPSProtocol" id="VPSProtocol" value="3.0" />
...and, just below it we added this:
<?php
$timeStamp = WAEC_getTimestamp();
$optionArray = array();
$optionArray['VendorTxCode'] = $timeStamp;
$optionArray['Amount'] = $whiskyCART->GrandTotal();
$optionArray['Currency'] = "GBP";
$optionArray['Description'] = $timeStamp;
$optionArray['SuccessURL'] = "http://www.nathonjoneswebdesign.co.uk/whiskybroker/checkout_success.php";
$optionArray['FailureURL'] = "http://www.nathonjoneswebdesign.co.uk/whiskybroker/checkout_failure.php";
$optionArray['CustomerEmail'] = ((isset($_POST["Email_Address"]))?$_POST["Email_Address"]:"");
$optionArray['VendorEmail'] = "info@whiskybroker.co.uk";
$optionArray['DeliverySurname'] = ((isset($_POST["Last_Name_2"]))?$_POST["Last_Name_2"]:"");
$optionArray['DeliveryFirstnames'] = ((isset($_POST["First_Name_2"]))?$_POST["First_Name_2"]:"");
$optionArray['DeliveryAddress1'] = ((isset($_POST["Address_1_2"]))?$_POST["Address_1_2"]:"");
$optionArray['DeliveryAddress2'] = ((isset($_POST["Address_2_2"]))?$_POST["Address_2_2"]:"");
$optionArray['DeliveryPostCode'] = ((isset($_POST["Postal_Code_2"]))?$_POST["Postal_Code_2"]:"");
$optionArray['DeliveryCity'] = ((isset($_POST["City_2"]))?$_POST["City_2"]:"");
$optionArray['DeliveryCountry'] = ((isset($_POST["Country_2"]))?$_POST["Country_2"]:"");
$optionArray['BillingSurname'] = ((isset($_POST["Last_Name"]))?$_POST["Last_Name"]:"");
$optionArray['BillingFirstnames'] = ((isset($_POST["First_Name"]))?$_POST["First_Name"]:"");
$optionArray['BillingAddress1'] = ((isset($_POST["Address_1"]))?$_POST["Address_1"]:"");
$optionArray['BillingAddress2'] = ((isset($_POST["Address_2"]))?$_POST["Address_2"]:"");
$optionArray['BillingPostCode'] = ((isset($_POST["Postal_Code"]))?$_POST["Postal_Code"]:"");
$optionArray['BillingCity'] = ((isset($_POST["City"]))?$_POST["City"]:"");
$optionArray['BillingCountry'] = ((isset($_POST["Country"]))?$_POST["Country"]:"");
$optionArray['ContactNumber'] = ((isset($_POST["Phone_Number"]))?$_POST["Phone_Number"]:"");
$optionArray['ContactFax'] = ((isset($_POST["Fax_Number"]))?$_POST["Fax_Number"]:"");
$optionArray['AllowGiftAid'] = "0";
$optionArray['ApplyAVSCV2'] = "0";
$optionArray['Apply3DSecure'] = "0";
$optionArray['EMailMessage'] = "";
?>
We still have the following below that though...
<input id="TxType" name="TxType" type="hidden" value="<?php echo("PAYMENT"); ?>">
<input id="VendorTxCode" name="VendorTxCode" type="hidden" value="<?php echo("".WAEC_getTimestamp() .""); ?>">
<input id="Amount" name="Amount" type="hidden" value="<?php echo("".$whiskyCART->GrandTotal() .""); ?>">
<input id="Currency" name="Currency" type="hidden" value="<?php echo("GBP"); ?>">
<input id="Description" name="Description" type="hidden" value="<?php echo("".WAEC_getTimestamp() .""); ?>">
<input id="SuccessURL" name="SuccessURL" type="hidden" value="<?php echo("checkout_success.php"); ?>">
<input id="FailureURL" name="FailureURL" type="hidden" value="<?php echo("checkout_failure.php"); ?>">
<input id="CustomerEMail" name="CustomerEMail" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Email_Address')) .""); ?>">
<input id="BillingAddress1" name="BillingAddress1" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Address_1')) .""); ?>">
<input id="BillingPostCode" name="BillingPostCode" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Postal_Code')) .""); ?>">
<input id="BillingSurname" name="BillingSurname" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Last_Name')) .""); ?>">
<input id="BillingFirstnames" name="BillingFirstnames" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','First_Name')) .""); ?>">
<input id="BillingState" name="BillingState" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','State')) .""); ?>">
<input id="BillingCity" name="BillingCity" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','City')) .""); ?>">
<input id="BillingCountry" name="BillingCountry" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Country')) .""); ?>">
<input id="DeliveryAddress1" name="DeliveryAddress1" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Address_1_2')) .""); ?>">
<input id="DeliveryPostCode" name="DeliveryPostCode" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Postal_Code_2')) .""); ?>">
<input id="DeliverySurname" name="DeliverySurname" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Last_Name_2')) .""); ?>">
<input id="DeliveryFirstnames" name="DeliveryFirstnames" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','First_Name_2')) .""); ?>">
<input id="DeliveryCity" name="DeliveryCity" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','City_2')) .""); ?>">
<input id="DeliveryState" name="DeliveryState" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','State_2')) .""); ?>">
<input id="DeliveryCountry" name="DeliveryCountry" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Country_2')) .""); ?>">
<input id="ContactNumber" name="ContactNumber" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Phone_Number')) .""); ?>">
<input id="ContactFax" name="ContactFax" type="hidden" value="<?php echo("".(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Fax_Number')) .""); ?>">
<input id="AllowGiftAid" name="AllowGiftAid" type="hidden" value="<?php echo("0"); ?>">
<input id="ApplyAVSCV2" name="ApplyAVSCV2" type="hidden" value="<?php echo("0"); ?>">
<input id="Apply3DSecure" name="Apply3DSecure" type="hidden" value="<?php echo("0"); ?>">
Should we have removed that?
Then, just below that, we have...
<input id="Crypt" name="Crypt" type="hidden" value="<?php echo("".WA_Protx_VSPFormHash($whiskyCART, ''.($WA_SagePay_VSP_Form_Encryption_Password) .'', ''.WAEC_getTimestamp() .'', ''.$whiskyCART->GrandTotal() .'', 'GBP', ''.WAEC_getTimestamp() .'', 'checkout_success.php', 'checkout_failure.php', ''.(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Email_Address')) .'', '', ''.(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Last_Name_2')) .'', ''.(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','First_Name_2')) .'', ''.(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Address_1_2')) .'', ''.(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Postal_Code_2')) .'', ''.(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','City_2')) .'', ''.(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Country_2')) .'', ''.(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Last_Name')) .'', ''.(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','First_Name')) .'', ''.(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Address_1')) .'', ''.(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Postal_Code')) .'', ''.(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','City')) .'', ''.(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Country')) .'', ''.(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Phone_Number')) .'', ''.(WA_getSavedFormValue('CheckoutWizard_NewFromBlank_Default','Fax_Number')) .'', '0', '0', '0', '') .""); ?>">
...but you've instructed us to remove that and replace it with:
<input type="hidden" name="Crypt" id="Crypt" value="<?php echo WA_Protx_VSPFormHash_v3($whiskyCART, "[yourprotxpassword]", $optionArray); ?>" />
Is that correct?
Sage Pay offer 4 different types of integration:
http://www.sagepay.co.uk/support/integration-kits-protocols-document
Form Integration
Server Integration
Server InFrame Integration
Direct Integration
Which one should we be using with eCart because the test URL is different for each?
For example:
Form Integration - https://test.sagepay.com/gateway/service/vspform-register.vsp
Server Integration - https://test.sagepay.com/gateway/service/vspserver-register.vsp
When we test all of this, using the Form Integration method, we get the following error:
This transaction attempt has failed. We are unable to redirect you back to the web store from which you were purchasing. The details of the failure are given below.
Status: ERROR
Status Detail: 5070 : Form transactions are disabled for this vendor in the test environment. Please contact support to re-enable this functionality.
Prior to this we were getting:
Error number: 3076 Error message: The NotificationURL is required. Explanation: The NotificationURL is required. Solution: There is a problem with the details that have been supplied. Please check and retry Site Section: Support
We contacted Sage Pay support and they confirmed that form transactions were disabled on the account. They re-enabled them for us but now we're getting the following:
This transaction attempt has failed. We are unable to redirect you back to the web store from which you were purchasing. The details of the failure are given below.
Status: MALFORMED
Status Detail: 3045 : The Currency field is missing.
Hope you can help. I attach confirm.php and Protx_VSPForm.php.
Thank you.
NJ
EDIT:
I changed the form on confirm.php to this:
<form class="NewFromBlank_Default" id="Payment_NewFromBlank_Default" name="Payment_NewFromBlank_Default" method="post" action="https://test.sagepay.com/gateway/service/vspform-register.vsp">
<!--
WebAssist CSS Form Builder - Form v1
CC: eCommerce
CP: Payment
TC: <New From Blank>
TP: Default
-->
<ul class="NewFromBlank_Default">
<li>
<fieldset class="NewFromBlank_Default" id="Payment_Info">
<legend class="groupHeader">Complete your Purchase</legend>
<ul class="formList">
<li class="formItem">
<span class="buttonFieldGroup" >
<input id="Vendor" name="Vendor" type="hidden" value="<?php echo("".($WA_SagePay_VSP_Form_Vendor) .""); ?>">
<input id="EncryptionPassword" name="EncryptionPassword" type="hidden" value="<?php echo("".($WA_SagePay_VSP_Form_Encryption_Password) .""); ?>">
<input id="VPSProtocol" name="VPSProtocol" type="hidden" value="3.0">
<input id="TxType" name="TxType" type="hidden" value="<?php echo("PAYMENT"); ?>">
<?php
$timeStamp = WAEC_getTimestamp();
$optionArray = array();
$optionArray['VendorTxCode'] = $timeStamp;
$optionArray['Amount'] = $whiskyCART->GrandTotal();
$optionArray['Currency'] = "GBP";
$optionArray['Description'] = $timeStamp;
$optionArray['SuccessURL'] = "http://www.nathonjoneswebdesign.co.uk/whiskybroker/checkout_success.php";
$optionArray['FailureURL'] = "http://www.nathonjoneswebdesign.co.uk/whiskybroker/checkout_failure.php";
$optionArray['CustomerEmail'] = ((isset($_POST["Email_Address"]))?$_POST["Email_Address"]:"");
$optionArray['VendorEmail'] = "info@whiskybroker.co.uk";
$optionArray['DeliverySurname'] = ((isset($_POST["Last_Name_2"]))?$_POST["Last_Name_2"]:"");
$optionArray['DeliveryFirstnames'] = ((isset($_POST["First_Name_2"]))?$_POST["First_Name_2"]:"");
$optionArray['DeliveryAddress1'] = ((isset($_POST["Address_1_2"]))?$_POST["Address_1_2"]:"");
$optionArray['DeliveryAddress2'] = ((isset($_POST["Address_2_2"]))?$_POST["Address_2_2"]:"");
$optionArray['DeliveryPostCode'] = ((isset($_POST["Postal_Code_2"]))?$_POST["Postal_Code_2"]:"");
$optionArray['DeliveryCity'] = ((isset($_POST["City_2"]))?$_POST["City_2"]:"");
$optionArray['DeliveryCountry'] = ((isset($_POST["Country_2"]))?$_POST["Country_2"]:"");
$optionArray['BillingSurname'] = ((isset($_POST["Last_Name"]))?$_POST["Last_Name"]:"");
$optionArray['BillingFirstnames'] = ((isset($_POST["First_Name"]))?$_POST["First_Name"]:"");
$optionArray['BillingAddress1'] = ((isset($_POST["Address_1"]))?$_POST["Address_1"]:"");
$optionArray['BillingAddress2'] = ((isset($_POST["Address_2"]))?$_POST["Address_2"]:"");
$optionArray['BillingPostCode'] = ((isset($_POST["Postal_Code"]))?$_POST["Postal_Code"]:"");
$optionArray['BillingCity'] = ((isset($_POST["City"]))?$_POST["City"]:"");
$optionArray['BillingCountry'] = ((isset($_POST["Country"]))?$_POST["Country"]:"");
$optionArray['ContactNumber'] = ((isset($_POST["Phone_Number"]))?$_POST["Phone_Number"]:"");
$optionArray['ContactFax'] = ((isset($_POST["Fax_Number"]))?$_POST["Fax_Number"]:"");
$optionArray['AllowGiftAid'] = "0";
$optionArray['ApplyAVSCV2'] = "0";
$optionArray['Apply3DSecure'] = "0";
$optionArray['EMailMessage'] = "";
?>
<input type="hidden" name="Crypt" id="Crypt" value="<?php echo WA_Protx_VSPFormHash_v3($whiskyCART, $WA_SagePay_VSP_Form_Encryption_Password, $optionArray); ?>" />
<input class="formButton" name="Payment_submit" type="submit" id="Payment_submit" value="Process Payment" tabindex="101">
</span>
</li>
</ul>
</fieldset>
</li>
</ul>
</form>
...and it's submitting nicely to the Sage Pay test environment now however we're in an odd situation where no shipping is being added to the order despite us hooking up the UPS account - details of that are here: http://www.webassist.com/forums/posts.php?pid=194457
Hope you can help. Thank you.
NJ