I am trying to use SagePay. I have an account and I would like to use Server Integration.
The error I get is Status Detail: 5068 : The encryption method is not supported by this protocol version.
I'm trying to create a simple 'pay now' button, as described in the documents. The code samples provided by sage don't appear to work.
Can someone please let me know why the code below doesnt work? thanks
<?php
require_once ('lib/SagePay.php');
$sagePay = new SagePay();
$sagePay->setCurrency('BG');
$sagePay->setAmount('100');
$sagePay->setDescription('Lorem ipsum');
$sagePay->setBillingSurname('Mustermann');
$sagePay->setBillingFirstnames('Max');
$sagePay->setBillingCity('Cologne');
$sagePay->setBillingPostCode('50650');
$sagePay->setBillingAddress1('Bahnhofstr. 1');
$sagePay->setBillingCountry('de');
$sagePay->setDeliverySameAsBilling();
/* Example of using BasketXML */
$xml = new DOMDocument();
$basketNode = $xml->createElement("basket");
$itemNode = $xml->createElement("item");
$descriptionNode = $xml->createElement( 'description' );
$descriptionNode->nodeValue = 'First Item Description';
$itemNode -> appendChild($descriptionNode);
$quantityNode = $xml->createElement('quantity');
$quantityNode->nodeValue = '1';
$itemNode -> appendChild($quantityNode);
$unitNetAmountNode = $xml->createElement('unitNetAmount');
$unitNetAmountNode->nodeValue = '90.00';
$itemNode -> appendChild($unitNetAmountNode);
$unitTaxAmountNode = $xml->createElement('unitTaxAmount');
$unitTaxAmountNode->nodeValue = '10.00';
$itemNode -> appendChild($unitTaxAmountNode);
$unitGrossAmountNode = $xml->createElement('unitGrossAmount');
$unitGrossAmountNode->nodeValue = '100.00';
$itemNode -> appendChild($unitGrossAmountNode);
$totalGrossAmountNode = $xml->createElement('totalGrossAmount');
$totalGrossAmountNode->nodeValue = '100.00';
$itemNode -> appendChild($totalGrossAmountNode);
$basketNode->appendChild( $itemNode );
$xml->appendChild( $basketNode );
$sagePay->setBasketXML($xml->saveHTML());
$sagePay->setSuccessURL('https://website.co.uk/page.html');
$sagePay->setFailureURL('https://website.co.uk/page.html');
?>
<form method="POST" id="SagePayForm" action="https://test.sagepay.com/gateway/service/vspform-register.vsp">
<input type="hidden" name="VPSProtocol" value= "3.00">
<input type="hidden" name="TxType" value= "PAYMENT">
<input type="hidden" name="Vendor" value= "vendorname here">
<input type="hidden" name="Crypt" value= "<?php echo $sagePay->getCrypt(); ?>">
<input type="submit" value="continue to SagePay">
</form>
Couple of things to check:
Ensure you are using AES encryption on the Crypt field
When sending the crypt over to Sage Pay, make sure it is prefixed '#'
Make sure you are not Base64 encoding the string after you have AES encrypted it (the protocol documents are a little misleading in this regard)
[update]: 4. You are actually using the Form integration method...
Thanks for the help on this.
It was a problem with the encryption method. The code that eventually worked for me was this one:
https://github.com/tolzhabayev/sagepayForm-php/blob/master/lib/SagePay.php
And my form button is like this:
<form method="POST" id="SagePayForm" action="https://test.sagepay.com/gateway/service/vspform-register.vsp">
<input type="hidden" name="VPSProtocol" value= "3.00">
<input type="hidden" name="TxType" value= "PAYMENT">
<input type="hidden" name="Vendor" value= "vendornamehere">
<input type="hidden" name="Crypt" value= "<?php echo $sagePay->getCrypt(); ?>">
<input type="submit" value="continue to SagePay">
</form>
Related
I have a salesforce web-to-lead form that is set up to collect utm data, and it does.... if I dont leave the page.
Currently, I am not using sf web to lead form. If the user comes to site from an ad, the utm parameters are stored in a cookie and used if the user completes a form. It works perfectly.
I now am required to use sf web to lead forms. If I land directly on the page and never leave, the utm parameters in url are successfully collected in the form. If I leave page and return to form page, I can see the utm parameters stored in the cookie, but the form does not collect.
Please send help!!!!! I need to be able to navigate away from page and use stored cookie to populate the utm hidden form fields.
<form id="salesforceForm" method="POST" action="https://webto.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8">
<input name="oid" type="hidden" value="mySFID#">
<input name="retURL" type="hidden" value="myredirectlink.com">
<label for="first_name">First Name*</label> <input id="first_name" maxlength="40" name="first_name" required="" size="20" type="text">
<label for="last_name">Last Name*</label> <input id="last_name" maxlength="80" name="last_name" required="" size="20" type="text">
<label for="email">Email*</label> <input id="email" maxlength="80" name="email" required="" size="20" type="text">
<label for="company">Company*</label> <input id="company" maxlength="40" name="company" required="" size="20" type="text"> <label for="phone">Phone*</label> <input id="phone" maxlength="40" name="phone" required="" size="20" type="text">
<input id="utm_source" name="00N50000003KWmr" type="hidden" value="">
<input id="utm_medium" name="00N50000003KWn6" type="hidden" value="">
<input id="utm_campaign" name="00N50000003KWnB" type="hidden" value="">
<input id="utm_term" name="00N50000003KWnG" type="hidden" value="">
<input id="utm_content" name="00N50000003KWnL" type="hidden" value="">
<input name="btnSubmit" type="submit">
</form>
<script type="text/javascript">
function parseGET(param) {
var searchStr = document.location.search;
try {
var match = searchStr.match('[?&]' + param + '=([^&]+)');
if (match) {
var result = match[1];
result = result.replace(/\+/g, '%20');
result = decodeURIComponent(result);
return result;
} else {
return '';
}
} catch (e) {
return '';
}
}
document.getElementById('utm_source').value = parseGET('utm_source');
document.getElementById('utm_medium').value = parseGET('utm_medium');
document.getElementById('utm_campaign').value = parseGET('utm_campaign');
document.getElementById('utm_term').value = parseGET('utm_term');
document.getElementById('utm_content').value = parseGET('utm_content');
</script>
There's nothing here that actually sets the cookie, right? Or reads from it.
I've never actively used Google Tag Manager and you're saying something sets the cookie already...
My gut feel you need something like if(parseGET('utm_source') == ""), then use functions from https://developer.mozilla.org/en-US/docs/Web/API/Document/cookie
This helps?
let utm_source = parseGET('utm_source');
if(!utm_source){
utm_source = document.cookie
.split('; ')
.find(row => row.startsWith('utm_source='))
.split('=')[1];
}
document.getElementById('utm_source').value = utm_source;
?
Untested, you'll have to experiment and put right names of cookies.
I have some problem with XSS scan on sitelock. They said that some of URL from html input form is vulnerable. They said each parameters which I sent through the form was vulnerable. In this case the vulnerability is from Paypal input form. I build my website with Paypal redirect so the user will input their own data into the form and the system will send it to paypal. This is the example of my form code:
<div class="col-md-5">
<input type="text" class="form-control" name="L_PAYMENTREQUEST_FIRSTNAME" id="L_PAYMENTREQUEST_FIRSTNAME" value="<?=$_SESSION['post_value']['shipping_first_name']?>" readonly="readonly">
</div>
<input type="hidden" name="billing_first_name" value="<?=$_POST['billing_first_name']?>">
<input type="hidden" name="billing_last_name" value="<?=$_POST['billing_last_name']?>">
<input type="hidden" name="billing_email" value="<?=$_POST['billing_email']?>">
<input type="hidden" name="billing_phone" value="<?=$_POST['billing_phone']?>">
<input type="hidden" name="billing_address" value="<?=$_POST['billing_address']?>">
<input type="hidden" name="billing_city" value="<?=$_POST['billing_city']?>">
<input type="hidden" name="billing_postcode" value="<?=$_POST['billing_postcode']?>">
<input type="hidden" name="billing_state" value="<?=$_POST['billing_state']?>">
That is some part of my form. What I want to know is whats wrong with that form and how to prevent Sitelock to scan XSS vulnerability ? Please anyone knows could help me.
I would also recommend using the HTTP header.
X-XSS-Protection: 1; mode=block
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
you probably dont check/nullify the data you are getting in the input fields
and by typing <script>alert('hacked')</script> in billing_address field
on next page where you print the billing_address you will get a popup window calling hacked
On the page that process your form you should validate that input fields doesn't have any javascript code.
for example
<?php
// define variables and set to empty values
$name = $email = $gender = $comment = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = test_input($_POST["name"]);
$email = test_input($_POST["email"]);
$website = test_input($_POST["website"]);
$comment = test_input($_POST["comment"]);
$gender = test_input($_POST["gender"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
you need to create a function like test_input and run for all your input fields
Actually, I need to implement the PayUMoney with Ionic 3. I know, I don't have proper plugin. But I need to integrate the PayUMoney processing with my Server and send the acknowledgement to ionic 3.Please Guide me to solve this issue.
I'm not sure if you have found the solution already, but this might help others looking for the answer.
So lets assume you have all the required post parameters(You either have it locally somehow or get it from your server).
this.paymentString = `
<html>
<body>
<form action="${this.post_url}" method="post" id="payu_form">
<input type="hidden" name="firstname" value="${this.firstname}"/>
<input type="hidden" name="email" value="${this.email}"/>
<input type="hidden" name="phone" value="${this.phone}"/>
<input type="hidden" name="surl" value="${this.surl}"/>
<input type="hidden" name="curl" value="${this.curl}"/>
<input type="hidden" name="furl" value="${this.furl}"/>
<input type="hidden" name="key" value="${this.key}"/>
<input type="hidden" name="hash" value="${this.hash}"/>
<input type="hidden" name="txnid" value="${this.txnid}"/>
<input type="hidden" name="productinfo" value="${this.productinfo}"/>
<input type="hidden" name="amount" value="${this.amount}"/>
<input type="hidden" name="service_provider" value="${this.service_provider}"/>
<button type="submit" value="submit" #submitBtn></button>
</form>
<script type="text/javascript">document.getElementById("payu_form").submit();</script>
</body>
</html>`;
console.log(this.paymentString);
this.paymentString = 'data:text/html;base64,' + btoa(paymentString);
So basically now you have a base64 html string which you can pass to your InAppBrowser(from ionic native).
Please find how to include InAppBrowser in your project from ionic native docs (PS: Include InAppBrowser in app.modules.ts as well).
constructor(private iab: InAppBrowser) { }
Next step is to open the your base64String inAppBrowser and listen for completion of the transaction.
const browser = this.iab.create(payString, "_self", {
location: 'no',
clearcache: 'yes',
hardwareback: 'no',
});
browser.on('loadstart').subscribe((event: InAppBrowserEvent) => {
if (event.url === this.surl) {
this.paymentSuccess();
} else if (event.url === this.furl) {
this.paymentFailure();
}
});
What you do in functions paymentSuccess and paymentFailure is up to you.
That is it, should work as required.
Read further if you intend to send json data in 'productinfo'
You need to convert it to htmlsafe characters.
So replace this line
<input type="hidden" name="productinfo" value="${this.productinfo}"/>
with
<input type="hidden" name="productinfo" value="${this.htmlEntities(this.productinfo)}"/>
and have a function to convert json data to html safe characters,
private htmlEntities(str) {
return String(str)
.replace(/&/g, '&')
.replace(/</g, '<')
.replace(/>/g, '>')
.replace(/"/g, '"');
}
I am trying to send this form, but this does not work
The processor in jquery :
function processorform(id)
{
jQuery(function()
{
var $ = jQuery;
$('.sp-poll-'+id+' form').submit(formProcess);
function formProcess(e) {
e.preventDefault();
var poll = $('input[name=poll]').val(),
answer = $('input[name=answer]:checked').val(),
div = $(this).parent(),
action = $(this).attr('action');
}
}
The HTML code
<div class="sp-poll-1">
<form method="post" action="include/submit.php" class="format" onsubmit="processorform('1');">
<input type="hidden" name="poll" value="<?php echo $pollid; ?>"/>
<input type="hidden" name="backurl" value="<?php echo $thisPage; ?>"/>
<input type="radio" name="answer" value="<?php echo $key; ?>" id="poll-<?php echo $pollid; ?>-<?php echo $key; ?>" class="sp-input-radio" />
<input type="submit" class="sp-btn" value="<?php _e('Send'); ?>"/></p>
</form>
</div>
When I try to send the form, it never works and always goes to submit.php and doesn't show the div results. I don´t know what´s wrong with the code or what the fix might be.
Thank´s for the help.
If you change this line:
onsubmit="processorform('1');"
to this:
onsubmit="processorform('1');return false;"
You won't go to submit.php.
But since you're using AJAX to post your request, some other errors may appear, since we don't have all the varibles to check if it will work.
I'm creating an form which will contain a sort number of hidden inputs and I would like to pass it to my spring MVC server.
The form created will be something like that (not always I will have 3 input types.. I can have more or less than it, the user will set up this value):
<form id="submitCoordenadas" method="post" action="adicionaCorredores">
<button type="submit" id="saveCoordenadas" class="btn" value="Save">Enviar</button>
<input type="hidden" name="corredor" id="linha1" val="[Linha] Inicio: [1;1] Fim: [104;114]">
<input type="hidden" name="corredor" id="linha2" val="[Linha] Inicio: [113;1] Fim: [1;144]">
<input type="hidden" name="corredor" id="linha3" val="[Linha] Inicio: [113;1] Fim: [1;144]">
</form>
What I have tried so far is to create an object which has an List of Strings:
public class Corredores {
List<String> corredor;
........ (getters and setters)
}
and my Spring MVC server:
#RequestMapping("adicionaCorredores")
public String adicionaCorredores(Corredores valores) {
System.out.println("Valores: " + valores.getCorredor().get(0));
return "";
}
I'm not receiving anything on "valores" parameter.
How can I do it? How can I have an undetermined number of inputs in a form and receive it in my Spring MVC server?
I solved my problem..
First of all, I was committing a mistake in my form. Instead of inserting the attribute "value" to it, I was using "val". Now my form looks like this:
<form id="submitCoordenadas" method="post" action="adicionaCorredores">
<button type="submit" id="saveCoordenadas" class="btn" value="Save">Enviar</button>
<input type="hidden" name="corredor" id="linha1" val="[Linha] Inicio: [1;1] Fim: [104;114]">
<input type="hidden" name="corredor" id="linha2" val="[Linha] Inicio: [113;1] Fim: [1;144]">
<input type="hidden" name="corredor" id="linha3" val="[Linha] Inicio: [113;1] Fim: [1;144]">
</form>
Another thing I've done is change my controller to this:
#RequestMapping("adicionaCorredores")
public String adicionaCorredores(#RequestParam("corredor") String[] corredor) {
for(int i=0; i < corredor.length; i++) {
System.out.println("Valores: " + corredor[i]);
}
return "";
}
Instead of receiving an Object "Corredores", I'm just receiving an String array. Note that the name of this String array should be the same of the name given in the form
Hope it helps someone else!