colinbm/sagepay-php

Sagepay Form?

volomike opened this issue · 2 comments

volomike commented

Do you have an example that integrates with Sagepay form instead of Sagepay direct? I've got a client who wants my photography product to integrate with Sagepay and am looking around on the Internet for a PHP example.

colinbm commented

Afraid not - form is completely different to direct, so none of this code is relevant. Check the SagePay developer resources though, they have good documentation and examples.

volomike commented

Colin,

Thanks! I went and figured it out. Basically you create a FORM like so in HTML/PHP:

(One can swap the live URL with a test one here: https://test.sagepay.com/gateway/service/vspform-register.vsp)

As for the $PAYMENT_CRYPT, you have to first create a string like so:

VendorTxCode=406227821909
&Amount=32.00
&Currency=USD
&Description=1 ACME Widget
&SuccessURL=http://example.com/success.php
&FailureURL=http://example.com/fail.php
&BillingSurname=Smith
&BillingFirstnames=John
&BillingAddress1=123 Main Street
&BillingCity=Anywhere
&BillingPostCode=29555
&BillingCountry=USA
&DeliverySurname=Smith
&DeliveryFirstnames=John
&DeliverAddress1=123 Main Street
&DeliveryCity=Anywhere
&DeliveryPostCode=29555
&DeliveryCountry=USA

It's kind of dumb why they need some of this information when PayPal doesn't, but oh well.

Note there's no tax or shipping breakout, so you'll need to display that as necessary before showing this BuyNow buton, or perhaps on your confirmation page or confirmation email you send. They do have a "&Basket=" parameter where the tax can be specified, but it's redundant to what you can display on your form page yourself and not necessary.

As for the VendorTxCode, that's something you create so that you can track the order back to the appropriate customer.

This $PAYMENT_CRYPT is then encrypted using XOR + Base64 encoding, using the encryption password provided by SagePay. They have an AES + Binhex encryption option, but it's overkill and your server has to have the mcrypt library enabled.

The response from this is more like PayPal's PDT process than PayPal's IPN process. They do direct someone to success.php and fail.php along with an encrypted URL response via GET that you can unencrypt and parse, but the difficulty is that the customer can close the form before waiting for the page to redirect. In that case, one will see this in their control panel in SagePay and have to fulfill the transaction manually for the customer.