With PayPal, I can create a BuyNow button pretty easily, containing my merchant info, price, tax, shipping, etc. Is this possible in SagePay?
The desired system is called SagePay Form as far as similarity to PayPal's BuyNow button + PDT process. First, you need to create a FORM like so:
<form action="https://live.sagepay.com/gateway/service/vspform-register.vsp" method="POST" id="SagePayForm" name="SagePayForm">
<input type="hidden" name="VPSProtocol" value="2.23" />
<input type="hidden" name="TxType" value="PAYMENT" />
<input type="hidden" name="Vendor" value="<?= $YOUR_VENDOR_LOGIN_NAME ?>" />
<input type="hidden" name="Crypt" value="<?= $PAYMENT_CRYPT ?>">
<input type="image" src="images/buynow-sagepay.png" />
</form>
(One can swap the live URL with a test one here: https://test.sagepay.com/gateway/service/vspform-register.vsp)
As for the $PAYMENT_CRYPT, you have to first create a string like so:
VendorTxCode=406227821909
&Amount=32.00
&Currency=USD
&Description=1 ACME Widget
&SuccessURL=http://example.com/success.php
&FailureURL=http://example.com/fail.php
&BillingSurname=Smith
&BillingFirstnames=John
&BillingAddress1=123 Main Street
&BillingCity=Anywhere
&BillingPostCode=29555
&BillingCountry=USA
&DeliverySurname=Smith
&DeliveryFirstnames=John
&DeliverAddress1=123 Main Street
&DeliveryCity=Anywhere
&DeliveryPostCode=29555
&DeliveryCountry=USA
It's kind of dumb why they need some of this information when PayPal doesn't, but oh well. The docs clearly say that the thing will error out if they don't receive legitimate values like a real postal code that validates for that city and country, and is also used for problem dispute arbitration.
Note in my example that there's no tax or shipping breakout as PP has, so you'll need to display that as necessary before showing this BuyNow buton, or perhaps on your confirmation page or confirmation email you send. They do have a "&Basket=" parameter where the tax can be specified, but it's redundant to what you can display on your form page yourself and not necessary. Therefore, the &Amount value must be the gross value, not net. There is also no quantity value (which the &Basket parameter could be used to specify). More than likely you'll find the &Basket parameter just redundant to what you can already display on your own form during the checkout process. So, that's why my example didn't include it.
As for the VendorTxCode, that's something you create so that you can track the order back to the appropriate customer.
This $PAYMENT_CRYPT is then encrypted using XOR + Base64 encoding, using the encryption password provided by SagePay. They have an AES + Binhex encryption option, but it's overkill and your server has to have the mcrypt library enabled. Some shared hosting plans STILL don't have the enabled yet!
They provide an XOR example, but it's the typical one you see countless times in Computer Science courses where you repeatedly loop through each ASCII code of the password and each ASCII code of the data and take the complement bit of the other (the XOR process). Once done, feed it through Base64 encoding for safe POST transfer. The Base64 encoding uses the built-in function from PHP.
The response from this is more like PayPal's PDT process than PayPal's IPN process. They do direct someone to success.php and fail.php along with an encrypted URL response via GET that you can unencrypt and parse (base64 decode + XOR), but the difficulty is that the customer can close the form before waiting for the page to redirect. In that case, one will see this in their control panel in SagePay and have to fulfill the transaction manually for the customer.
On the success.php and fail.php it's up to you what you want to do. Once the query string &crypt parameter is unencrypted, you'll be able to parse out whether the transaction is complete or not by looking at Status parameter being "OK".
Note that you don't have to go direct to success.php. You can make it be like success.php?custom=value to pass extra information on the transaction that you can parse. Their code will automatically figure this out and tack on the &crypt= parameter on the end. The same goes with fail.php.
They do have ways to make SagePay send emails to the customer and to the vendor, but it's really overkill because you can do the same thing in your own PHP code with the mail() statement when doing the order.
REFERENCE: Note that the following doc URL may change in the future. To get the latest version of the doc, visit the website, enroll as a developer (a 1 minute process), and search on "form protocol".
http://www.sagepay.com/sites/default/files/downloads/sagepayformprotocolandintegrationguidelines_0.pdf
EDIT: New Link (25th Oct 2017) - https://www.sagepay.co.uk/file/25041/download-document/FORM_Integration_and_Protocol_Guidelines_270815.pdf
Related
I have xml that looks like
<AddResponse xmlns="http://www.test.com/webservices">
<ServerName>51</ServerName>
<Response Type="ERROR">
<ErrorDesc Type="VALIDATE" Number="215">We are sorry, that number is already in use. If it is your mobile number, we need to verify it with you. Please complete the one time verification by submitting your request at Contact Us using the keyword MYMOBILE</ErrorDesc>
</Response>
<ExternalInfo>
<![CDATA[?]]>
</ExternalInfo>
</AddResponse>
But when this is deserialized, it is returning just "using the keyword MYMOBILE" as ErrorDesc instead of the whole
We are sorry, that number is already in use. If it is your mobile number, we need to verify it with you. Please complete the one time verification by submitting your request at Contact Us using the keyword MYMOBILE
Can you please let me know why its omitting the first part and how to retain it?
Note: this works fine for rest of xml data that doesn't have html tags in it.
In this message formatting doc: https://api.slack.com/docs/message-formatting, you can use special control sequence characters < and > to perform server-side parsing (server-side as in Slack API's server-side).
So using <#U024BE7LH> in your chat.postMessage() call will get parsed to something like #bob or whatever the username associated with that ID is, in the actual text that shows up in slack.
Unfortunately, this will cause a notification for the person you're referring to. How do I make it so that it doesn't notify the person? I've tried to enclose in a code block, i.e.:
`<#U024BE7LH>`
or
```
<#U024BE7LH>
```
But it still pings. I'm thinking the only way is to get a list of users and parse the name from the ID.
According to this, backticks should work but empirically it hasn't for me. The Slack employee says to just convert the user ID to their name and use that without the templating.
https://forums.slackcommunity.com/s/question/0D73a000005n0OXCAY/detail?language=en_US&fromEmail=1&s1oid=00Dj0000001q028&s1nid=0DB3a000000fxl3&s1uid=0053a00000Ry9cX&s1ext=0&emkind=chatterCommentNotification&emtm=1667894666436&emvtk=fH.W2M01lq9W1cf31RSROPwB7LYs.och8RgbVTqoNlg%3D&t=1667931570045
I have asked this question in the Opencart forums but have yet to receive any responses, so i thought i might ask the experts here #stackoverflow :)
I am trying to see exactly how i can pass the 'quantity' of the items ordered to the success.php page so i can then pass that to another php script that will generate an array based on the quantity.
This is my goal:
Customer Buys 5 items
Customer checks out and processes CC through Paypal Pro
Paypay returns a successful transaction
Now i want the success.php page to pass a variable($quantity) to
myNewScript.php page
myNewScript.php page will generate some random strings and then i
want to attach these random strings to the confirmation email that
opencart generates and sends to the customer.
Where should i start.
You will need to do this in checkout/success controller. Get the $quantity and use redirect function to redirect to your custom page:
$this->redirect($this->url->link('checkout/myNewScript','quantity='.$quantity));
I need to capture server side a notification of a users payment. I've gone through a good majority of the documentation with no luck, but will go through it again. Is there a way to enable a "return to site" after they complete the order?
I searched google checkout return url and got http://www.phpexpertsforum.com/return-url-in-google-checkout-after-payment-t561.html
veerlapallavi wrote...
There are 2 methods through which you
can provide the return URL. 1) Go to
your Google checkout account and Open
the settings. In the settings>>Profile
you can find a field with name "Public
business website:" provide your return
URL there.
2) The second method is , You can pass
the value to Google Checkout with the
HTML form as a hidden variable.
<input name="continue_shopping_url"
type="hidden"
value="http://www.yousite.com/payment_success.php">
OR
Set a function as below
SetContinueShoppingUrl("http://www.yousite.com/payment_success.php");
function SetContinueShoppingUrl($url)
{ $this->continue_shopping_url =
$url; }
Hope that helps.
It looks like you can configure gcheckout to send you XML notifications, but I don't see how you can associate it with a particular order ID other than matching fields or something...
http://code.google.com/apis/checkout/developer/Google_Checkout_XML_API_Notification_API.html#new_order_notifications
I have a single Classic ASP page that I wish to display a search form and the associated results.
When a user first comes to this page, I want to display a search form and the 10 latest properties. If a user decides to use the search form to retrieve more relevant properties, then i want the default 10 latest properties to be replaced with the users' paged search results.
I was wondering if this is possible/practical within the confines of one page and if so, does anyone have any hints on how i could best achieve this?
This is my preliminary code for such a page;
http://gist.github.com/188770
Once again, i'm currently having to patch an existing ASP site until I can redevelop it in something more modern like PHP.
Thank you for any help offered.
Neil.
It's certainly very possible and practical. Typically the solution is to postback to yourself and have code in the page that detects if you arrived there from a post or a get. Get meant show the 10 latest properties, post means you do a search and show the results.
if (Request.ServerVariables("REQUEST_METHOD") = "POST") then
' arrived via post, get form values and do search
else
' arrived via get, show last 10 results
end if
You probably want to display what the user searched for in the form when you display the result:
<label>Street: <input type="text" name="searchStreet" value="<%=Server.HtmlEncode(Request("searchStreet") & "") %>" /></label>
Adding a empty string is for casting to string to not give an error when the key wasn't found, eg. on first visit.
If you want to you can make the loop prettier:
do until myRecordSet.EOF
%>
<div class='result'>")
<dl><%=myRecordSet("ContentTitle")%><dl>
<dt><%=myRecordSet("ContentStreet")%><dt>
<dt><%=myRecordSet("ContentTown")%><dt>
<dt><%=myRecordSet("ContentPostcode")%><dt>
</div><%
myRecordSet.MoveNext
loop
You probably want to Server.HtmlEncode there as well...
(ps ASP is actually one year younger than PHP... if you want something modern you might want to look at python, ruby or asp.net mvc before PHP, as it's easier to write bad code in PHP than in any of those. ds)