1
votes

I'm setting up a simple PHP form to send transactions to sagepay using form integration, the cryptkey is setup as follows:

$PAYMENT_CRYPT = 
"VendorTxCode=website
&Amount=$total
&Currency=GBP
&Description=Ticket
&SuccessURL=EDITED-OUT/registered-thanks
&FailureURL=EDITED-OUT/registered-fail
&BillingSurname=$surname
&BillingFirstnames=$firstname
&BillingAddress1=$address1
&BillingCity=$city
&BillingPostCode=$postcode
&BillingCountry=UK
&DeliverySurname=$surname
&DeliveryFirstnames=$firstname
&DeliverAddress1=$address1
&DeliveryCity=$city
&DeliveryPostCode=$postcode
&DeliveryCountry=UK
&AllowGiftAid=1"

Form:

<form action="https://live.sagepay.com/gateway/service/vspform-register.vsp" method="POST" id="SagePayForm" name="SagePayForm">
    <input type="hidden" name="VPSProtocol" value="2.23" />
    <input type="hidden" name="TxType" value="PAYMENT" />
    <input type="hidden" name="Vendor" value="MYVENDORID" />
    <input type="hidden" name="Crypt" value="<?= $PAYMENT_CRYPT ?>">    
    <input type="image" src="images/buynow-sagepay.png" />
</form>

Sage is giving me an error as follows, which makes no sense since the currency field is most definitely being passed.

This transaction attempt has failed. We are unable to redirect you back to the web store from which you were purchasing. The details of the failure are given below.

Status: MALFORMED

Status Detail: 3045 : The Currency field is missing.

Any help would be much appreciated!

Rick

1
Hey did you sort this? We're having the same issue, but strangely only with one of our client's SP credentials.QFDev

1 Answers

2
votes

you appear not to be encrypting your data at all. The following will help you check and include in your code the relevant functionality.

<?php
function pkcs5_pad($text, $blocksize)
{
    $pad = $blocksize - (strlen($text) % $blocksize);
    return $text . str_repeat(chr($pad), $pad);
}

function encryptFieldData($input)
{
    $key = "use your SagePAY encryption key here";
    $iv = $key;

    $cipher = mcrypt_module_open(MCRYPT_RIJNDAEL_128, "", MCRYPT_MODE_CBC, "");
    if (mcrypt_generic_init($cipher, $key, $iv) != -1)
    {
        $cipherText = mcrypt_generic($cipher,$input );
        mcrypt_generic_deinit($cipher);

        $enc = bin2hex($cipherText);
    }
    return $enc;
}
$str = "Currency=GBP";
$datapadded = pkcs5_pad($str,16);
$cryptpadded = "@" . encryptFieldData($datapadded);
?>
<html>
    <form name="pp_form" action="SagePay test url" method="post">
    <input name="VPSProtocol" type="hidden" value=3.00 />
    <input name="TxType" type="hidden" value=PAYMENT />
    <input name="Vendor" type="hidden" value="YOUR SAGEPAY ACCOUNT NAME HERE"     />
    <input name="Crypt" type="hidden" value=<?php echo $cryptpadded;?> />
    <p>Click here to submit 
        <input type="submit" value="here">
    </p>
    </form>
</html>

You can see a fuller explanation here SagePay form integration with PHP