/**
* Processes a payment POST from the CyberSource Hosted Order Page API.
*/
public static function post()
{
if (!uc_cybersource_hop_include()) {
\Drupal::logger('uc_cybersource_hop')->error('Unable to receive HOP POST due to missing or unreadable HOP.php file.');
drupal_add_http_header('Status', '503 Service unavailable');
print $this->t('The site was unable to receive a HOP post because of a missing or unreadble HOP.php');
exit;
}
$verify = VerifyTransactionSignature($_POST);
\Drupal::logger('uc_cybersource_hop')->notice('Receiving payment notification at URL for order @orderNumber', array('@orderNumber' => $_POST['orderNumber']));
if (!isset($_POST['orderNumber'])) {
\Drupal::logger('uc_cybersource_hop')->error('CS HOP attempted with invalid order number.');
return;
}
if (!$verify) {
\Drupal::logger('uc_cybersource_hop')->notice('Receiving invalid payment notification at URL for order @orderNumber. <pre>@debug</pre>', array('@orderNumber' => $_POST['orderNumber'], '@debug' => print_r($_POST, TRUE)));
return;
}
// Assign posted variables to local variables.
$decision = SafeMarkup::checkPlain($_POST['decision']);
$reason_code = SafeMarkup::checkPlain($_POST['reasonCode']);
$reason = _parse_cs_reason_code($reason_code);
$payment_amount = SafeMarkup::checkPlain($_POST['orderAmount']);
$payment_currency = SafeMarkup::checkPlain($_POST['paymentCurrency']);
$request_id = SafeMarkup::checkPlain($_POST['requestID']);
$request_token = SafeMarkup::checkPlain($_POST['orderPage_requestToken']);
$reconciliation_id = SafeMarkup::checkPlain($_POST['reconciliationID']);
$order_id = SafeMarkup::checkPlain($_POST['orderNumber']);
$payer_email = SafeMarkup::checkPlain($_POST['billTo_email']);
$order = Order::load($_POST['orderNumber']);
switch ($decision) {
case 'ACCEPT':
\Drupal::logger('uc_cybersource_hop')->notice('CyberSource verified successful payment.');
$duplicate = (bool) db_query_range('SELECT 1 FROM {uc_payment_cybersource_hop_post} WHERE order_id = :order_id AND decision = :decision', 0, 1, array(':order_id' => $order_id, ':decision' => 'ACCEPT'))->fetchField();
if ($duplicate) {
\Drupal::logger('uc_cybersource_hop')->notice('CS HOP transaction for order @order-id has been processed before.', array('@order_id' => $order_id));
return;
}
db_insert('uc_payment_cybersource_hop_post')->fields(array('order_id' => $order_id, 'request_id' => $request_id, 'request_token' => $request_token, 'reconciliation_id' => $reconciliation_id, 'gross' => $payment_amount, 'decision' => $decision, 'reason_code' => $reason_code, 'payer_email' => $payer_email, 'received' => REQUEST_TIME))->execute();
$comment = $this->t('CyberSource request ID: @txn_id', array('@txn_id' => $request_id));
uc_payment_enter($order_id, 'cybersource_hop', $payment_amount, $order->getUserId(), NULL, $comment);
uc_cart_complete_sale($order);
uc_order_comment_save($order_id, 0, $this->t('Payment of @amount @currency submitted through CyberSource with request ID @rid.', array('@amount' => $payment_amount, '@currency' => $payment_currency, '@rid' => $request_id)), 'order', 'payment_received');
break;
case 'ERROR':
uc_order_comment_save($order_id, 0, $this->t("Payment error:@reason with request ID @rid", array('@reason' => $reason, '@rid' => '@request_id')), 'admin');
break;
case 'REJECT':
uc_order_comment_save($order_id, 0, $this->t("Payment is rejected:@reason with request ID @rid", array('@reason' => $reason, '@rid' => '@request_id')), 'admin');
break;
case 'REVIEW':
$order->setStatusId('review')->save();
uc_order_comment_save($order_id, 0, $this->t('Payment is in review & not complete: @reason. Request ID @rid', array('@reason' => $reason, '@rid' => '@request_id')), 'admin');
break;
}
}
<?php
# Open mysql connection and select database
# Include Cybersource lib
include_once 'database.php';
include_once 'HOP.php';
//
// Verify sale based on posted decision
// ACCEPT, REJECT, ERROR, REVIEW
//
if (VerifyTransactionSignature($_POST)) {
$sale_decision = mysql_real_escape_string($_POST['decision']);
switch ($sale_decision) {
case 'ACCEPT':
#Retrieve and sanitize gateway silent POST data
$token = addslashes($_POST['orderNumber']);
$requestId = addslashes($_POST['requestID']);
# Update transactions_tbl were token exists
$query = mysql_query("UPDATE transactions_tbl SET \n\t\t\t transactionid = '{$requestId}'\n\t\t\t WHERE token = '{$token}'");
# Close DB connection
mysql_close($link);
$message = '<p>Thank you for purchasing a USB sensor and joining the Quake-Catcher Network. We appreciate your effort and are happy to have you as a part of the seismic network. By utilizing the low-cost sensors in and attached to internet-connected computers, the Quake-Catcher Network will provide better understanding of earthquakes and may ultimately be used to give early warnings to schools, emergency response systems, and others.
You will soon receive a USB Kit that includes all the information you will need to install your new USB sensor and participate in the Quake-Catcher Network. QCN also provides free educational software designed to help teach about earthquakes and earthquake hazards. We hope you find this free software useful.
By joining the network you will be able to share information with others in the network, edit your profile, gain access to recent news, post to the message boards, learn about software updates, and more.
Once again, thank you for your participation. The Quake-Catcher Network can only grow with the support of interested individuals like you.</p>';
break;
case 'REJECT':
$message = '<p>Your transaction has been rejected by the payment processor. The reason code is ' . $_POST['reasonCode'] . ' . Your request ID is ' . $_POST['requestID'] . '.
Please contact your credit card company regarding this transaction. If you have questions about your purchase, please contact: <a href="mailto:cbaroni@stanford.edu">Claudia Baroni</a>';
break;
case 'ERROR':
