Sage Pay v3.00 Интеграция

Question

Может ли кто-нибудь помочь мне включить алгоритм Sachepay v3.00 AES/CBC/PKCS # 5 (шифрование) в следующий файл. Я действительно пытаюсь понять, как включить, чтобы данные клиента были зашифрованы до нового стандарта, а затем расшифрованы на обратном пути. Использование формы Sagepay с очень старой версией cs-cart, хотя успешно удалось обновить с версии 2.22 до 2.23, но Sagepay поддерживают всю поддержку с июля.

Не уверен, насколько этот сценарий имеет отношение к шифрованию:

<?php 

if (!defined('IN_CSCART')) { die('Access denied'); } 

if (defined('PAYMENT_NOTIFICATION')) { 

// Get the password 
$payment_id=db_get_field("SELECT $db_tables[payments].payment_id FROM $db_tables[payments] LEFT JOIN $db_tables[payment_processors] ON $db_tables[payment_processors].processor_id = $db_tables[payments].processor_id WHERE $db_tables[payment_processors].processor_script='protx_form.php'"); 
$processor_data = fn_get_payment_method_data($payment_id); 

$result = "&".simpleXor(base64Decode($_REQUEST['crypt']), $processor_data["params"]["password"])."&"; 

preg_match("/Status=(.+)&/U", $result, $a); 
if(trim($a[1]) == "OK") { 
    $pp_response['order_status'] = ($processor_data["params"]["transaction_type"] == 'PAYMENT') ? 'P' : 'O'; 
    preg_match("/TxAuthNo=(.+)&/U", $result, $authno); 
    $pp_response["reason_text"] = "AuthNo: ".$authno[1]; 
    preg_match("/VPSTxID={(.+)}/U", $result, $transaction_id); 
    $pp_response["transaction_id"] = @$transaction_id[1]; 
} else { 
    $pp_response['order_status'] = 'F'; 
    preg_match("/StatusDetail=(.+)&/U", $result, $stat); 
    $pp_response["reason_text"] = "Status: ".trim($stat[1])." (".trim($a[1]).") "; 
} 
preg_match("/AVSCV2=(.*)&/U", $result, $avs); 
if(!empty($avs[1])) { 
    $pp_response['descr_avs'] = $avs[1]; 
} 
include $payment_files_dir.'payment_cc_complete.php'; 
fn_order_placement_routines($order_id); 

} 
else 
{ 
    global $http_location, $b_order, $_total_back; 

    $post_address = ($processor_data['params']['testmode'] != "N") ? "https://test.sagepay.com/gateway/service/vspform-register.vsp" : "https://live.sagepay.com/gateway/service/vspform-register.vsp"; 

    $post["VPSProtocol"] = "2.23"; 
    $post["TxType"] = $processor_data["params"]["transaction_type"]; 
    $post["Vendor"] = htmlspecialchars($processor_data["params"]["vendor"]); 

    // Form Cart products 
    $strings = 0; 
    if (is_array($cart['products'])) { 
     $strings += count($cart['products']); 
    } 

    if (!empty($cart['products'])) { 
     foreach ($cart['products'] as $v) { 
      $_product = db_get_field("SELECT product FROM $db_tables[product_descriptions] WHERE product_id='$v[product_id]' AND lang_code='$cart_language'"); 
      $products_string .= ":".str_replace(":", " ", $_product).":".$v['amount'].":".fn_format_price($v['subtotal']/$v['amount']).":::".fn_format_price($v['subtotal']); 
     } 
    } 
    if (!empty($cart['payment_surcharge'])) { 
     $products_string .= ":Payment surcharge:---:---:---:---:".fn_format_price($cart['payment_surcharge']); 
     $strings ++; 
    } 
    if (!empty($cart['shipping_cost'])) { 
     $products_string .= ":Shipping cost:---:---:---:---:".fn_format_price($cart['shipping_cost']); 
     $strings ++; 
    } 
    $post_encrypted .= "Basket=".$strings.$products_string; 

    $post["Crypt"] = base64_encode(simpleXor($post_encrypted, $processor_data["params"]["password"])); 
    $post["Crypt"] = htmlspecialchars($post["Crypt"]); 

    $msg = fn_get_lang_var('text_cc_processor_connection'); 
    $msg = str_replace('[processor]', 'Protx Server', $msg); 

echo <<<EOT 
<html> 
<body onLoad="document.process.submit();"> 
<form action="{$post_address}" method="POST" name="process"> 
<INPUT type=hidden name="VPSProtocol" value="{$post['VPSProtocol']}"> 
<INPUT type=hidden name="Vendor" value="{$post['Vendor']}"> 
<INPUT type=hidden name="TxType" value="{$post['TxType']}"> 
<INPUT type=hidden name="Crypt" value="{$post['Crypt']}"> 
<p> 
<div align=center>{$msg}</div> 
</p> 
</body> 
</html> 
EOT; 
} 

exit; 

// 
// ---------------- Additional functions ------------ 
// 
function simpleXor($InString, $Key) { 
$KeyList = array(); 
$output = ""; 

for($i = 0; $i < strlen($Key); $i++){ 
    $KeyList[$i] = ord(substr($Key, $i, 1)); 
} 
for($i = 0; $i < strlen($InString); $i++) { 
    $output.= chr(ord(substr($InString, $i, 1))^($KeyList[$i % strlen($Key)])); 
} 

return $output; 
} 

function base64Decode($scrambled) { 
// Initialise output variable 
$output = ""; 
// Fix plus to space conversion issue 
$scrambled = str_replace(" ","+",$scrambled); 
// Do encoding 
$output = base64_decode($scrambled); 
// Return the result 
return $output; 
} 
?> 

Answer 1

Вы можете попробовать сбросив следующие функции в сценарий, а затем обменивать из simpleXor для encryptAes. Убедитесь, что вы также добавили символ «@» в качестве первого символа строки склепа (и отключите его при декодировании ответа от Sage Pay).

function addPKCS5Padding($input) 
{ 
    $blockSize = 16; 
    $padd = ""; 
    $length = $blockSize - (strlen($input) % $blockSize); 
    for ($i = 1; $i <= $length; $i++) 
{ 
    $padd .= chr($length); 
} 
    return $input . $padd; 
} 

function removePKCS5Padding($input) 
{ 
    $blockSize = 16; 
    $padChar = ord($input[strlen($input) - 1]); 
    $unpadded = substr($input, 0, (-1) * $padChar); 
    return $unpadded; 
} 


function encryptAes($string, $key) 
{ 
    $string = addPKCS5Padding($string); 
    $crypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $string, MCRYPT_MODE_CBC, $key); 
    return strtoupper(bin2hex($crypt)); 
} 


function decryptAes($strIn, $password) 
{ 
    $strInitVector = $password; 
    $strIn = pack('H*', $hex); 
    $string = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $password, $strIn, MCRYPT_MODE_CBC,$strInitVector); 
    return removePKCS5Padding($string); 
} 

Answer 2

Вы можете попробовать это. Я не могу это проверить, поэтому дайте мне знать, как вы поживаете.

Rik

<?php 

    if (!defined('IN_CSCART')) { die('Access denied'); } 

    if (defined('PAYMENT_NOTIFICATION')) { 

    // Get the password 
    $payment_id=db_get_field("SELECT $db_tables[payments].payment_id FROM $db_tables[payments] LEFT JOIN $db_tables[payment_processors] ON $db_tables 

    [payment_processors].processor_id = $db_tables[payments].processor_id WHERE $db_tables[payment_processors].processor_script='protx_form.php'"); 
    $processor_data = fn_get_payment_method_data($payment_id); 


    #Rik added: 
    $result = "&".decryptAes($_REQUEST['crypt'], $processor_data["params"]["password"])."&"; 

    #$result = "&".simpleXor(base64Decode($_REQUEST['crypt']), $processor_data["params"]["password"])."&"; 

    preg_match("/Status=(.+)&/U", $result, $a); 
    if(trim($a[1]) == "OK") { 
     $pp_response['order_status'] = ($processor_data["params"]["transaction_type"] == 'PAYMENT') ? 'P' : 'O'; 
     preg_match("/TxAuthNo=(.+)&/U", $result, $authno); 
     $pp_response["reason_text"] = "AuthNo: ".$authno[1]; 
     preg_match("/VPSTxID={(.+)}/U", $result, $transaction_id); 
     $pp_response["transaction_id"] = @$transaction_id[1]; 
    } else { 
     $pp_response['order_status'] = 'F'; 
     preg_match("/StatusDetail=(.+)&/U", $result, $stat); 
     $pp_response["reason_text"] = "Status: ".trim($stat[1])." (".trim($a[1]).") "; 
    } 
    preg_match("/AVSCV2=(.*)&/U", $result, $avs); 
    if(!empty($avs[1])) { 
     $pp_response['descr_avs'] = $avs[1]; 
    } 
    include $payment_files_dir.'payment_cc_complete.php'; 
    fn_order_placement_routines($order_id); 

    } 
    else 
    { 
     global $http_location, $b_order, $_total_back; 

     $post_address = ($processor_data['params']['testmode'] != "N") ? "https://test.sagepay.com/gateway/service/vspform-register.vsp" : 

    "https://live.sagepay.com/gateway/service/vspform-register.vsp"; 

     $post["VPSProtocol"] = "2.23"; 
     $post["TxType"] = $processor_data["params"]["transaction_type"]; 
     $post["Vendor"] = htmlspecialchars($processor_data["params"]["vendor"]); 

     // Form Cart products 
     $strings = 0; 
     if (is_array($cart['products'])) { 
      $strings += count($cart['products']); 
     } 

     if (!empty($cart['products'])) { 
      foreach ($cart['products'] as $v) { 
       $_product = db_get_field("SELECT product FROM $db_tables[product_descriptions] WHERE product_id='$v[product_id]' AND lang_code='$cart_language'"); 
       $products_string .= ":".str_replace(":", " ", $_product).":".$v['amount'].":".fn_format_price($v['subtotal']/$v['amount']).":::".fn_format_price($v 

    ['subtotal']); 
      } 
     } 
     if (!empty($cart['payment_surcharge'])) { 
      $products_string .= ":Payment surcharge:---:---:---:---:".fn_format_price($cart['payment_surcharge']); 
      $strings ++; 
     } 
     if (!empty($cart['shipping_cost'])) { 
      $products_string .= ":Shipping cost:---:---:---:---:".fn_format_price($cart['shipping_cost']); 
      $strings ++; 
     } 
     $post_encrypted .= "Basket=".$strings.$products_string; 


    #Rik added: 

    $post["Crypt"] = "@".encryptAes($post_encrypted, $processor_data["params"]["password"]); 

    # $post["Crypt"] = base64_encode(simpleXor($post_encrypted, $processor_data["params"]["password"])); 
    # $post["Crypt"] = htmlspecialchars($post["Crypt"]); 

     $msg = fn_get_lang_var('text_cc_processor_connection'); 
     $msg = str_replace('[processor]', 'Protx Server', $msg); 

    echo <<<EOT 
    <html> 
    <body onLoad="document.process.submit();"> 
    <form action="{$post_address}" method="POST" name="process"> 
    <INPUT type=hidden name="VPSProtocol" value="{$post['VPSProtocol']}"> 
    <INPUT type=hidden name="Vendor" value="{$post['Vendor']}"> 
    <INPUT type=hidden name="TxType" value="{$post['TxType']}"> 
    <INPUT type=hidden name="Crypt" value="{$post['Crypt']}"> 
    <p> 
    <div align=center>{$msg}</div> 
    </p> 
    </body> 
    </html> 
    EOT; 
    } 

    exit; 

    // 
    // ---------------- Additional functions ------------ 
    // 
    function simpleXor($InString, $Key) { 
    $KeyList = array(); 
    $output = ""; 

    for($i = 0; $i < strlen($Key); $i++){ 
     $KeyList[$i] = ord(substr($Key, $i, 1)); 
    } 
    for($i = 0; $i < strlen($InString); $i++) { 
     $output.= chr(ord(substr($InString, $i, 1))^($KeyList[$i % strlen($Key)])); 
    } 

    return $output; 
    } 

    function base64Decode($scrambled) { 
    // Initialise output variable 
    $output = ""; 
    // Fix plus to space conversion issue 
    $scrambled = str_replace(" ","+",$scrambled); 
    // Do encoding 
    $output = base64_decode($scrambled); 
    // Return the result 
    return $output; 
    } 


    #added by Rik 

    function addPKCS5Padding($input) 
    { 
     $blockSize = 16; 
     $padd = ""; 
     $length = $blockSize - (strlen($input) % $blockSize); 
     for ($i = 1; $i <= $length; $i++) 
    { 
     $padd .= chr($length); 
    } 
     return $input . $padd; 
    } 

    function removePKCS5Padding($input) 
    { 
     $blockSize = 16; 
     $padChar = ord($input[strlen($input) - 1]); 
     $unpadded = substr($input, 0, (-1) * $padChar); 
     return $unpadded; 
    } 


    function encryptAes($string, $key) 
    { 
     $string = addPKCS5Padding($string); 
     $crypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $string, MCRYPT_MODE_CBC, $key); 
     return strtoupper(bin2hex($crypt)); 
    } 


    function decryptAes($strIn, $password) 
    { 

    #Sagepay specific - remove the '@' 
    $strIn = substr($strIn,1) 

     $strInitVector = $password; 
     $strIn = pack('H*', $hex); 
     $string = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $password, $strIn, MCRYPT_MODE_CBC,$strInitVector); 
     return removePKCS5Padding($string); 
    } 

    ?>