/**************************************************************************************************
* Sage Pay Server PHP Kit Includes File
***************************************************************************************************
***************************************************************************************************
* Change history
* ==============
*
* 02/04/2009 - Simon Wolfe - Updated UI for re-brand
* 11/02/2009 - Simon Wolfe - Updated for VSP protocol 2.23
* 18/12/2007 - Nick Selby - New PHP version adapted from ASP
***************************************************************************************************
* Description
* ===========
*
* Page with no visible content, but defines the constants and functions used in other pages in the
* kit. It also opens connections to the database and defines record sets for later use. It is
* included at the top of every other page in the kit and is paried with the closedown scipt.
***************************************************************************************************/
ob_start(); //start output buffering
session_start(); //enable sessions
/***************************************************************************************************
* Values for you to update
***************************************************************************************************/
$strConnectTo="LIVE"; /** Set to SIMULATOR for the Sage Pay Simulator expert system, TEST for the Test Server **
*** and LIVE in the live environment **/
$strDatabaseUser="stall"; // Change this if you created a different user name to access the database
$strDatabasePassword="delta17"; // Set the password for the above user here
$strDatabase="stall"; // Change this if you created a different database name
$strVirtualDir=""; // Change if you've created a Virtual Directory in IIS with a different name
/** IMPORTANT. Set the strYourSiteFQDN value to the Fully Qualified Domain Name of your server. **
** This should start http:// or https:// and should be the name by which our servers can call back to yours **
** i.e. it MUST be resolvable externally, and have access granted to the Sage Pay servers **
** examples would be https://www.mysite.com or http://212.111.32.22/ **
** NOTE: You should leave the final / in place. **/
$strYourSiteFQDN="https://www.onlinestall.com/";
/** At the end of a Sage Pay Server transaction, the customer is redirected back to the completion page **
** on your site using a client-side browser redirect. On live systems, this page will always be **
** referenced using the strYourSiteFQDN value above. During development and testing, however, it **
** is often the case that the development machine sits behind the same firewall as the server **
** hosting the kit, so your browser might not be able resolve external IPs or dns names. **
** e.g. Externally your server might have the IP 212.111.32.22, but behind the firewall it **
** may have the IP 192.168.0.99. If your test machine is also on the 192.168.0.n network **
** it may not be able to resolve 212.111.32.22. **
** Set the strYourSiteInternalFQDN to the internal Fully Qualified Domain Name by which **
** your test machine can reach the server (in the example above you'd use http://192.168.0.99/) **
** If you are not on the same network as the test server, set this value to the same value **
** as strYourSiteFQDN above. **
** NOTE: You should leave the final / in place. **/
$strYourSiteInternalFQDN="https://www.onlinestall.com/";
$strVendorName="accessallareas"; // Set this value to the Vendor Name assigned to you by Sage Pay or chosen when you applied
$strCurrency="GBP"; // Set this to indicate the currency in which you wish to trade. You will need a merchant number in this currency
$strTransactionType="PAYMENT"; // This can be DEFERRED or AUTHENTICATE if your Sage Pay account supports those payment types
$strPartnerID=""; /** Optional setting. If you are a Sage Pay Partner and wish to flag the transactions with your unique partner id set it here. **/
/**************************************************************************************************
* Global Definitions for this site
***************************************************************************************************/
//Open the VPS database
mysqli_connect('localhost',$strDatabaseUser,$strDatabasePassword); //Change 'localhost' if your database is hosted externally
@mysqli_select_db($strDatabase) or die("Unable to select database");
$strProtocol="2.23";
if ($strConnectTo=="LIVE")
{
$strAbortURL="https://live.sagepay.com/gateway/service/abort.vsp";
$strAuthoriseURL="https://live.sagepay.com/gateway/service/authorise.vsp";
$strCancelURL="https://live.sagepay.com/gateway/service/cancel.vsp";
$strPurchaseURL="https://live.sagepay.com/gateway/service/vspserver-register.vsp";
$strRefundURL="https://live.sagepay.com/gateway/service/refund.vsp";
$strReleaseURL="https://live.sagepay.com/gateway/service/release.vsp";
$strRepeatURL="https://live.sagepay.com/gateway/service/repeat.vsp";
$strVoidURL="https://live.sagepay.com/gateway/service/void.vsp";
}
elseif ($strConnectTo=="TEST")
{
$strAbortURL="https://test.sagepay.com/gateway/service/abort.vsp";
$strAuthoriseURL="https://test.sagepay.com/gateway/service/authorise.vsp";
$strCancelURL="https://test.sagepay.com/gateway/service/cancel.vsp";
$strPurchaseURL="https://test.sagepay.com/gateway/service/vspserver-register.vsp";
$strRefundURL="https://test.sagepay.com/gateway/service/refund.vsp";
$strReleaseURL="https://test.sagepay.com/gateway/service/abort.vsp";
$strRepeatURL="https://test.sagepay.com/gateway/service/repeat.vsp";
$strVoidURL="https://test.sagepay.com/gateway/service/void.vsp";
}
else
{
$strAbortURL="https://test.sagepay.com/simulator/VSPServerGateway.asp?Service=VendorAbortTx";
$strAuthoriseURL="https://test.sagepay.com/simulator/VSPServerGateway.asp?Service=VendorAuthoriseTx";
$strCancelURL="https://test.sagepay.com/simulator/VSPServerGateway.asp?Service=VendorCancelTx";
$strPurchaseURL="https://test.sagepay.com/simulator/VSPServerGateway.asp?Service=VendorRegisterTx";
$strRefundURL="https://test.sagepay.com/simulator/VSPServerGateway.asp?Service=VendorRefundTx";
$strReleaseURL="https://test.sagepay.com/simulator/VSPServerGateway.asp?Service=VendorReleaseTx";
$strRepeatURL="https://test.sagepay.com/simulator/VSPServerGateway.asp?Service=VendorRepeatTx";
$strVoidURL="https://test.sagepay.com/simulator/VSPServerGateway.asp?Service=VendorVoidTx";
}
/**************************************************************************************************
* Useful functions for all pages in this kit
**************************************************************************************************/
//Function to redirect browser
function redirect($url)
{
if (!headers_sent())
header('Location: '.$url);
else
{
echo '';
echo '';
}
}
// Filters unwanted characters out of an input string. Useful for tidying up FORM field inputs
function cleanInput($strRawText,$strType)
{
if ($strType=="Number") {
$strClean="0123456789.";
$bolHighOrder=false;
}
else if ($strType=="VendorTxCode") {
$strClean="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.";
$bolHighOrder=false;
}
else {
$strClean=" ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.,'/{}@():?-_&�$=%~<>*+\"";
$bolHighOrder=true;
}
$strCleanedText="";
$iCharPos = 0;
do
{
// Only include valid characters
$chrThisChar=substr($strRawText,$iCharPos,1);
if (strspn($chrThisChar,$strClean,0,strlen($strClean))>0) {
$strCleanedText=$strCleanedText . $chrThisChar;
}
else if ($bolHighOrder==true) {
// Fix to allow accented characters and most high order bit chars which are harmless
if (bin2hex($chrThisChar)>=191) {
$strCleanedText=$strCleanedText . $chrThisChar;
}
}
$iCharPos=$iCharPos+1;
}
while ($iCharPos