Я безуспешно пытался понять, как обновить шифрование, используемое в коде для трех сайтов электронной коммерции моей компании, с simpleXor на шифрование AES. Без этого я не могу обновить остальную часть кода, что означает, что после июля мы не сможем принимать платежи онлайн.
Мне удалось обновить коды криптоформ в соответствии с обновлением до 3.00.
Я могу определить код шифрования и просмотрел загрузку демо-версии формы интеграции для PHP от Sagepay, но не могу найти ничего, что хоть отдаленно похоже на мой код шифрования?!
Может ли кто-нибудь указать мне правильное направление для поиска подходящего кода шифрования для замены старого!?
Наши сайты основаны на JShop и у меня есть один файл для отправки и файл ответов.
Это файл для отправки информации:
<?php function startProcessor($orderNumber) { global $dbA,$orderArray,$jssStoreWebDirHTTP,$jssStoreWebDirHTTPS,$cartMain; $callBack = "$jssStoreWebDirHTTPS"."gateways/response/protx.php"; $cDetails = returnCurrencyDetails($orderArray["currencyID"]); $gatewayOptions = retrieveGatewayOptions("PROTX"); switch ($gatewayOptions["testMode"]) { case "S": $myAction = "https://test.sagepay.com/Simulator/VSPFormGateway.asp"; break; case "Y": $myAction = "https://test.sagepay.com/gateway/service/vspform-register.vsp"; break; case "N": $myAction = "https://live.sagepay.com/gateway/service/vspform-register.vsp"; break; } $myVendor = $gatewayOptions["vendor"]; $myEncryptionPassword = $gatewayOptions["encryptionPassword"]; $billingAddress = $orderArray["address1"]."\n"; if ($orderArray["address2"] != "") { $billingAddress .= $orderArray["address2"]."\n"; } $billingAddress .= $orderArray["town"]."\n"; $billingAddress .= $orderArray["county"]."\n"; $billingAddress .= $orderArray["country"]; $deliveryAddress = $orderArray["deliveryAddress1"]."\n"; if ($orderArray["deliveryAddress2"] != "") { $deliveryAddress .= $orderArray["deliveryAddress2"]."\n"; } $deliveryAddress .= $orderArray["deliveryTown"]."\n"; $deliveryAddress .= $orderArray["deliveryCounty"]."\n"; $deliveryAddress .= $orderArray["deliveryCountry"]; $crypt = "VendorTxCode=$orderNumber";
$crypt .= "&Amount=".number_format($orderArray["orderTotal"],$cDetails["decimals"],'.','');
$crypt .= "&Currency=".@$cDetails["code"];
$crypt .= "&Description=".$gatewayOptions["description"];
$crypt .= "&SuccessURL=$callBack?xOid=$orderNumber&xRn=".$orderArray["randID"];
$crypt .= "&FailureURL=$callBack?xOid=$orderNumber&xRn=".$orderArray["randID"];
$crypt .= "&BillingSurname=".$orderArray["surname"];
$crypt .= "&BillingFirstnames=".$orderArray["forename"];
$crypt .= "&BillingAddress1=".$orderArray["address1"];
$crypt .= "&BillingCity=".$orderArray["town"];
$crypt .= "&BillingPostCode=".preg_replace("/[^\s\-a-zA-Z0-9]/", "", $orderArray["postcode"]);
$crypt .= "&BillingCountry=".$orderArray["country"];
$crypt .= "&DeliverySurname=".&orderArray["surname"];
$crypt .= "&DeliveryFirstnames=".&orderArray["forename"];
if ($orderArray["deliveryPostcode"] != "") {
$crypt .= "&DeliveryAddress1=".$orderArray["deliveryAddress1"];
$crypt .= "&DeliveryCity=".$orderArray["deliveryTown"];
$crypt .= "&DeliveryPostCode=".preg_replace("/[^\s\-a-zA-Z0-9]/", "", $orderArray["deliveryPostcode"]);
$crypt .= "&DeliveryCountry=".$orderArray["deliveryCountry"]; }
else {
$crypt .= "&DeliveryAddress1=".$orderArray["address1"];
$crypt .= "&DeliveryCity=".$orderArray["town"];
$crypt .= "&DeliveryPostCode=".preg_replace("/[^\s\-a-zA-Z0-9]/", "", $orderArray["postcode"]);
$crypt .= "&DeliveryCountry=".$orderArray["country"]; }
$crypt .= "&BillingPhone=".preg_replace("/[^\sa-zA-Z0-9]/", "", $orderArray["telephone"]);
if ($gatewayOptions["sendEmail"] == 1) {
$crypt .= "&CustomerEmail=".$orderArray["email"]; }
$crypt .= "&VendorEmail=".$gatewayOptions["vendorEmail"];
$crypt .= "&ApplyAVSCV2=".$gatewayOptions["cvvCheck"];
$crypt .= "&Apply3DSecure=".$gatewayOptions["3DSecure"];
$crypt = base64_encode(protx_simpleXor($crypt,$myEncryptionPassword));
$tpl = createTSysObject(templatesCreatePath($cartMain["templateSet"]),"gatewaytransfer.html",$requiredVars,0);
$gArray["method"] = "POST";
$gArray["action"] = $myAction;
$gArray["fields"][] = array("name"=>"VPSProtocol","value"=>"3.00");
$gArray["fields"][] = array("name"=>"Vendor","value"=>$myVendor);
$gArray["fields"][] = array("name"=>"TxType","value"=>$gatewayOptions["txType"]); $gArray["fields"][] = array("name"=>"Crypt","value"=>$crypt);
$mArray = $gArray;
$gArray["process"] = "document.automaticForm.submit();";
$tpl->addVariable("shop",templateVarsShopRetrieve());
$tpl->addVariable("labels",templateVarsLabelsRetrieve());
$tpl->addVariable("automaticForm",$gArray);
$tpl->addVariable("manualForm",$mArray);
$tpl->showPage(); }
function protx_simpleXor($inString, $key) { $outString=""; $l=0; if (strlen($inString)!=0) { for ($i = 0; $i < strlen($inString); $i++) { $outString=$outString . ($inString[$i]^$key[$l]); $l++; if ($l==strlen($key)) { $l=0; } } } return $outString; } ?>
Это файл ответов:
<?php
/*================ JShop Server ================
= (c)2003-2010 Whorl Ltd. =
= All Rights Reserved =
= Redistribution of this file is prohibited. =
= http://www.jshop.co.uk/ =
==============================================*/
?><?php
define("IN_JSHOP", TRUE);
include("../../static/config.php");
include("../../routines/dbAccess_".$databaseType.".php");
include("../../routines/tSys.php");
include("../../routines/general.php");
include("../../routines/stockControl.php");
include("../../routines/emailOutput.php");
dbConnect($dbA);
$orderID = makeSafe(getFORM("xOid"));
$newOrderID = $orderID;
$randID = makeSafe(getFORM("xRn"));
$crypt = makeSafe(getFORM("crypt"));
$gatewayOptions = retrieveGatewayOptions("PROTX");
$orderID = makeInteger($orderID) - retrieveOption("orderNumberOffset");
$result = $dbA->query("select * from $tableOrdersHeaders where orderID=$orderID and randID='$randID'");
if ($dbA->count($result) == 0 || $crypt=="") {
doRedirect_JavaScript($jssStoreWebDirHTTP."index.php");
exit;
}
$orderArray = $dbA->fetch($result);
$ccResult = $dbA->query("select * from $tablePaymentOptions where paymentID=".$orderArray["paymentID"]);
$poRecord = $dbA->fetch($ccResult);
$paidStatus = $poRecord["statusID"];
$crypt = str_replace(" ","+",$crypt);
$crypt = protx_simpleXor(base64_decode($crypt),$gatewayOptions["encryptionPassword"]);
$nameValues = explode("&",$crypt);
$resultCode = "";
for ($f = 0; $f < count($nameValues); $f++) {
$thisCode = explode("=",$nameValues[$f]);
$resultCode[$thisCode[0]] = $thisCode[1];
}
if ($resultCode["VendorTxCode"] != $newOrderID) {
doRedirect_JavaScript($jssStoreWebDirHTTP."index.php");
exit;
}
$authResponse = "&Status Result=".$resultCode["Status"]."&AVS/CV2 Check=".@$resultCode["AVSCV2"]."&Address Result=".@$resultCode["AddressResult"]."&Postcode Result=".@$resultCode["PostCodeResult"]."&CV2 Result=".@$resultCode["CV2Result"]."&3d Secure Status=".@$resultCode["3DSecureStatus"];
$randID = $orderArray["randID"];
if ($orderArray["status"] != $paidStatus) {
$dt=date("YmdHis",createOffsetTime());
switch ($resultCode["Status"]) {
case "OK":
case "AUTHENTICATED":
case "REGISTERED":
$authResponse="Gateway=Sage Pay&Authorisation Code=".$resultCode["TxAuthNo"]."&Sage Pay Transaction ID=".$resultCode["VPSTxId"]."&Status=Payment Confirmed".$authResponse;
$dbA->query("update $tableOrdersHeaders set status=$paidStatus, authInfo=\"$authResponse\", paymentDate=\"$dt\" where orderID=$orderID");
$orderArray["status"] = $paidStatus;
//ok, this is where we should do the stock control then.
include("process/paidProcessList.php");
doRedirect_JavaScript($jssStoreWebDirHTTPS."process.php?xOid=$newOrderID&xRn=$randID");
break;
case "REJECTED":
$authResponse="Gateway=Sage Pay&Status=Payment Rejected Due To Rules".$authResponse;
$dbA->query("update $tableOrdersHeaders set status=3, authInfo=\"$authResponse\", paymentDate=\"$dt\" where orderID=$orderID");
include("process/failProcessList.php");
doRedirect_JavaScript($jssStoreWebDirHTTPS."process.php?xOid=$newOrderID&xRn=$randID");
break;
default:
if ($orderArray["status"] == 1) {
$authResponse="Gateway=Sage Pay&Status=Payment Failed".$authResponse;
$dbA->query("update $tableOrdersHeaders set status=3, authInfo=\"$authResponse\", paymentDate=\"$dt\" where orderID=$orderID");
include("process/failProcessList.php");
}
doRedirect_JavaScript($jssStoreWebDirHTTPS."process.php?xOid=$newOrderID&xRn=$randID");
break;
}
} else {
doRedirect_JavaScript($jssStoreWebDirHTTPS."process.php?xOid=$newOrderID&xRn=$randID");
}
function protx_simpleXor($inString, $key) {
$outString="";
$l=0;
if (strlen($inString)!=0) {
for ($i = 0; $i < strlen($inString); $i++) {
$outString=$outString . ($inString[$i]^$key[$l]);
$l++;
if ($l==strlen($key)) { $l=0; }
}
}
return $outString;
}
?>