Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SagePay Decryption problem


rgbargie

Recommended Posts

I just spent a couple of weeks chasing a problem which I thought I should share with you in case someone else is experiencing the same problem.

 

PROBLEM SYMPTOM

 

The symptom of the problem was that customers were leaving items in the UNSOLD CARTS even though they had successfully paid in SagePay and returned to the store. Our store was not picking up the Successful message from SagePay and assumed the transaction had failed when it hadn't. The customer would then either order the item again and we would have to apologise and refund or they would assume it had worked and would rely on us to notice the UNSOLD CART and contact them. Very embarrassing and time consuming for us and we risked losing customers.

 

PROBLEM ANALYSIS

 

By analysing the server logs we found that the CRYPT messages returned by SagePay where this was happening contained a '+' sign. We had recently moved our server whihc was running later software (PHP5/MySQL5) and Apache was treating the + sign in the GET URL as a space causing the de-encrypting in protx_form.php to either fail or only partially work. This caused the payment__process.php script send the shopper back into the checkout_payment process instead of checkout_success.php.

 

PROBLEM FIX

 

After checking the latest SagePay integration kits on their developer pages, I found the function for decoding the encrypted string as follows:

 

function base64Decode($scrambled) {
 // Initialise output variable
 $output = "";

// Fix plus to space conversion issue
 $scrambled = str_replace(" ","+",$scrambled);

 // Do encoding
 $output = base64_decode($scrambled);

 // Return the result
 return $output;
}

 

So if your SagePay integration code is old or is still using the old PROTX integration kit, make sure you have the plus to space conversion fix in the base64Decode function in includes/module/payment/protx_form.php

Link to comment
Share on other sites

  • 10 months later...

I just spent a couple of weeks chasing a problem which I thought I should share with you in case someone else is experiencing the same problem.

 

PROBLEM SYMPTOM

 

The symptom of the problem was that customers were leaving items in the UNSOLD CARTS even though they had successfully paid in SagePay and returned to the store. Our store was not picking up the Successful message from SagePay and assumed the transaction had failed when it hadn't. The customer would then either order the item again and we would have to apologise and refund or they would assume it had worked and would rely on us to notice the UNSOLD CART and contact them. Very embarrassing and time consuming for us and we risked losing customers.

 

PROBLEM ANALYSIS

 

By analysing the server logs we found that the CRYPT messages returned by SagePay where this was happening contained a '+' sign. We had recently moved our server whihc was running later software (PHP5/MySQL5) and Apache was treating the + sign in the GET URL as a space causing the de-encrypting in protx_form.php to either fail or only partially work. This caused the payment__process.php script send the shopper back into the checkout_payment process instead of checkout_success.php.

 

PROBLEM FIX

 

After checking the latest SagePay integration kits on their developer pages, I found the function for decoding the encrypted string as follows:

 

function base64Decode($scrambled) {
 // Initialise output variable
 $output = "";

// Fix plus to space conversion issue
 $scrambled = str_replace(" ","+",$scrambled);

 // Do encoding
 $output = base64_decode($scrambled);

 // Return the result
 return $output;
}

 

So if your SagePay integration code is old or is still using the old PROTX integration kit, make sure you have the plus to space conversion fix in the base64Decode function in includes/module/payment/protx_form.php

 

Hi,

 

This sounds like exactly the problem I am having - is that the function above that I need to instert into the code? Where abouts does it need to go ? I tried it at the bottom of the page, inside the closing bracket and it doesn't seem to make any difference?

 

TIA

 

Sam

Link to comment
Share on other sites

  • 4 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...