SagePAY form integration

Publish date: Dec 27, 2013

A test page to illustrate how to implement a PHP solution and effectively test a SagePAY Form Integration. Read on…

SagePAY Form Integration - how to avoid the gotchas!

SagePAY has currently (as of Nov 2013) removed all the Integration Kits for server solutions other than .net and Java. For those of you using PHP, Python or any other Open Source solution it appears, from the Technical Support people I have spoken to over the last few days, that they are refusing to help solve any integration issues you may experience. This appears to be a common issue....

SagePAY form intergration error

...and it is not just because the currency code is missing; it may be because your encryption is wrong. Having built some nice integration classes and prepared the data nicely, I thought it was going to be easy to integrate with SagePAY. Unfortunately it is not if you do not know exactly what to do.

Default behaviour of PHP breaks the SagePAY integration; SagePAY's limited instructions are wrong and if you do not pass the currency code as part of your test string then you will never know when it is working or when it isn't. SagePAY's server response does differentiate between an encryption issue or a data issue.

The first problem is the mcrypt_generic function. Do not rely on it to pad your plain text string - i.e. the string you want to encrypt. You have to pad the string yourself before passing it to the mcrypt_generic function.

Secondly, do not use the base64_encode function as this does not work. Use bin2hex function instead.

Thirdly, ensure you pass a valid name-value-pair currency value through as part of your string. e.g. Currency=GBP. This ensures that you will not be misled by the erroneous error code SagePAY issues.

Fourthly, prefix your encrypted string with an @ sign. Do all of those and you should be OK.

Summary - see full code sample below

Pad your plain text string to 16 byte multiples.
Do not base64_encode function...
...use bin2hex instead
Pass Currency=GBP (or equivalent) through on your test string
Prefix your encryption string with an @

Code Sample

<?php
function pkcs5_pad($text, $blocksize)
{
    $pad = $blocksize - (strlen($text) % $blocksize);
    //echo "<br/>Padding:".str_repeat(chr($pad), $pad)."<";
    return $text . str_repeat(chr($pad), $pad);
}

function encryptFieldData($input)
{
    $key = "use your SagePAY encryption key here";
    $iv = $key;

    $cipher = mcrypt_module_open(MCRYPT_RIJNDAEL_128, "", MCRYPT_MODE_CBC, "");
    if (mcrypt_generic_init($cipher, $key, $iv) != -1)
    {
        $cipherText = mcrypt_generic($cipher,$input );
        mcrypt_generic_deinit($cipher);

        $enc = bin2hex($cipherText);
    }
    return $enc;
}
$str = "Currency=GBP";
$datapadded = pkcs5_pad($str,16);
$cryptpadded = "@" . encryptFieldData($datapadded);
?>
<html>
    <form name="pp_form" action="SagePay test url" method="post">
        <input name="VPSProtocol" type="hidden" value=3.00 />
        <input name="TxType" type="hidden" value=PAYMENT />
        <input name="Vendor" type="hidden" value="YOUR SAGEPAY ACCOUNT NAME HERE" />
        <input name="Crypt" type="hidden" value=<?php echo $cryptpadded;?> />
        <p>Click here to submit
            <input type="submit" value="here">
        </p>
    </form>
</html>

Please share

5 Star Reviews on Google

Rob Gentry

Chris and his team at 5and3 instantly understood our requirements, they developed our concept and produced outstanding work within the timescales required. It feels like 5and3 are an extension to our company rather than a contractor. Having a single source for my branding, digital marketing, website and business systems integration needs makes my life easier. With 5and3 It just works, I would without doubt recommend their services and can see why they have won numerous awards for their work.

James Christian

I personally cannot recommend 5and3, Chris , Simon and their team highly enough. I have worked with them for seven years, they are passionate about design, but also have the technical knowledge to make your website work for you.

Craig Trowse

I can not recommend highly enough Chris, Simon and the whole team at 5 and 3 for there excellent work creating my new website. They have been a pleasure working with from the 1st meeting through to completion of the website. I'm thrilled with the final product and wish the whole team great success for the future. I won't hesitate in recommending the professional, team to anyone who needs help promoting their business. Thanks again Craig

Andrew Moore

A slightly different testimonial on 5&3 as I was working for them with a client, but I wanted to tell you about the results they produced for that client. The work I produced was used in a brochure and the branding for the company in question and the product they showed me was outstanding. The way the pictures and video were integrated into the branding of the company showed a highly professional and creative process that I have come to expect from 5 & 3 as an award winning company. I would have absolutely no hesitation in recommending 5 & 3 and will do so in the future.

Joe Arnold

I have been using the services of Chris Heighton for over 10 years. I can honestly say he is one of the most genuine people I know. His designs are brilliant. He also takes the time to listen and understand the brief. He is now fully versed on life as a Chartered Surveyor, and I know he loves the property industry. The 5and3 team have recently undertaken a full rebrand and website build. The branding included all stationery, marketing collateral and also specialist wall paper, window art and pictures for our new head office. It looks stunning. They fully manage our SEO and online presence. In the last 12 months we have doubled our instructions. I have also introduced 5and3 to several friends and customers (as long as they don’t conflict!). Keep away you surveyors he is mine! 😁 Anyway. 100% use 5and3. They are amazing. You never know, you may end up snowboarding with Chris like I did if you are lucky! Nostravia!

Andy Edwards

I've been working with 5and3 since 2009 and have been impressed by their enthusiasm and energy for the projects they work on. Precision Technology Supplies use their services for Branding, Brochure Design, Web Styling and many other related areas. We wouldn't use any else.

Jon Hodges

5and3 have been our main marketing and development solutions provider for over 10 years now. They’ve produced, for me and my sales team, various marketing collateral from brochures to technical data sheets photography to presentations, posters to exhibition displays, website design, development including server-side solutions. The team are very approachable, hardworking and always prepared to deliver last minute. They have no problem delivering creative or technical solutions for demanding multimillion revenue organisations.

Phil Gimmock

Great service, fast response and good design ideas for our brochure, highly recommended.

Award-winning website?

SEARCH FOR ANYTHING

Branding

Marketing

Websites

Development

Integration

SEO & PPC

No-cost Consultation?

SagePAY form integration