Unlike our other offerings VSP Server and VSP Direct (which require information to be sent directly from the web server to protx without passing through the client browser), VSP Form transmits all transaction related information from your site to protx and back again through hidden fields in HTML forms sent to the customer's browser.  Whilst this does increase the chances of a malicious user attempting to modify the transaction information (especially the amount field), it does have the following benefits:

• No specialised secure posting objects need to be installed on your server.



• You do not need a certificate on your web site.



• No SSL transport layer or certificate validation routines are required.

Most Payment Service Providers support submission of transaction information in this manner.  You simply place hidden fields on an HTML form that include your transaction id, an amount field, a currency field etc.

Hidden fields alone, however, are not sufficiently secure to prevent a customer from tampering with the information because everything sent to a customer's browser has to be in plain text and can be seen by selecting View Source from the Browser.  Saving such information, altering the values and submitting the new values instead is very simple and a technique often employed by script-kiddy hackers to cause inconvenience to vendors.  The VSP passes all sensitive information in a single encrypted/encoded hidden field called Crypt.  This field is generated by scripts running on your web server (in the case of this kit, it will be a PHP-compatible server).

• sumbit1.php - A simple form that generates a unique transaction code (which you can override if you wish) and allows you to specify example transaction values and descriptions of goods.



• submit2.php - A summary page that illustrate how your final confirmation screen should be constructed.  It walks you through creating the FORM fields to post to protx, specifically detailing how to build the encrypted CRYPT field.



• completed.php - An example "Payment Successful" page, which illustrates how to read the information in the encrypted field sent back by protx after the transaction completes.



• notcompleted.php - An example "Payment Failed" page, which illustrates how to determine the reason for payment failure, and how to extract the encrypted information returned by protx.



• functions.php - A PHP include file that contains default settings and useful subroutines that perform the encryption/decryption and encoding/decoding.



• index.html - This page.

The PHP code of each page contains extended comments on how the page operates, including examples of how you might use each page to store and retrieve information to and from a database.

Click the Proceed button below to navigate to the sumbit1.php page and send a test transaction.

Please do not hesitate to contact us at protx if you have any questions about integrating with VSP form.