Ejemplo n.º 1
0
function mcs_receive_ipn()
{
    if (isset($_GET['mcsipn']) && $_GET['mcsipn'] == 'true') {
        global $wpdb;
        mcs_check();
        if (get_option('mcs_gateway') == 'authorizenet') {
            require_once 'gateways/AuthorizeNet.php';
            // The SDK
            $url = add_query_arg('mcsipn', 'true', home_url());
            $api = get_option('mcs_authnet_api');
            $hash = get_option('mcs_authnet_hash');
            // these all need to be set from Authorize.Net data
            $payment_status = mcs_map_status($_POST['x_response_code']);
            // map response to equivalent from PayPal
            $item_number = 1;
            // mandatory for Paypal, but only represents a submissions purchase here.
            $price = $_POST['x_amount'];
            $quantity = isset($_POST['quantity']) ? $_POST['quantity'] : 1;
            // need to add to form
            $quantity = is_int($quantity) ? $quantity : 1;
            $payer_email = $_POST['x_payer_email'];
            // must add to form
            $payer_first_name = $_POST['x_first_name'];
            $payer_last_name = $_POST['x_last_name'];
            $mc_fee = '0.00';
            // not included in data
            $item_name = sprintf(__('%s Event Submission', 'my-calendar-submissions'), get_option('blogname'));
            // required by Paypal
            $parent = '';
            $redirect_url = $_POST['x_referer_url'];
            // paypal IPN data
            $ipn = new AuthorizeNetSIM($api, $hash);
            if ($ipn->isAuthorizeNet()) {
                if ($ipn->approved) {
                    $response = 'VERIFIED';
                    $redirect_url = add_query_arg(array('response_code' => '1', 'transaction_id' => $ipn->transaction_id), $redirect_url);
                    $txn_id = $ipn->transaction_id;
                } else {
                    $response = 'ERROR';
                    $redirect_url = add_query_arg(array('response_code' => $ipn->response_code, 'response_reason_text' => $ipn->response_reason_text), $redirect_url);
                    $txn_id = false;
                }
                $response_code = '200';
            } else {
                wp_die(__('That transaction was not handled by Authorize.net. Please verify your MD5 setting.', 'my-calendar-submissions'));
            }
        } else {
            if (isset($_POST['payment_status'])) {
                $sandbox = get_option("mcs_use_sandbox");
                $receiver = strtolower(get_option('mcs_paypal_email'));
                $url = $sandbox == 'true' ? 'https://www.sandbox.paypal.com/webscr' : 'https://www.paypal.com/webscr';
                $req = 'cmd=_notify-validate';
                foreach ($_POST as $key => $value) {
                    $value = urlencode(stripslashes($value));
                    $req .= "&{$key}={$value}";
                }
                $args = wp_parse_args($req, array());
                global $mcs_version;
                $params = array('body' => $args, 'sslverify' => false, 'timeout' => 30, 'user-agent' => "WordPress/My Calendar Pro {$mcs_version}; " . get_bloginfo('url'));
                // transaction variables to store
                $payment_status = $_POST['payment_status'];
                $item_number = $_POST['item_number'];
                $price = $_POST['mc_gross'];
                $payment_currency = $_POST['mc_currency'];
                $receiver_email = $_POST['receiver_email'];
                $quantity = isset($_POST['quantity']) ? $_POST['quantity'] : 1;
                $quantity = is_int($quantity) ? $quantity : 1;
                $payer_email = $_POST['payer_email'];
                $payer_first_name = $_POST['first_name'];
                $payer_last_name = $_POST['last_name'];
                $mc_fee = $_POST['mc_fee'];
                $item_name = $_POST['item_name'];
                $txn_id = $_POST['txn_id'];
                $parent = isset($_POST['parent_txn_id']) ? $_POST['parent_txn_id'] : '';
                // paypal IPN data
                $ipn = wp_remote_post($url, $params);
                $response = $ipn['body'];
                $response_code = $ipn['response']['code'];
                // die conditions for PayPal
                // if receiver email or currency are wrong, this is probably a fraudulent transaction.
                if (strtolower($receiver_email) != $receiver || $payment_currency != get_option('mcs_currency')) {
                    wp_mail(get_option('mcs_to'), 'Payment Conditions Error', 'PayPal receiver email did not match account or payment currency did not match payment');
                    wp_die();
                }
                $redirect_url = false;
            } else {
                wp_die("No valid IPN request made");
            }
        }
        if ($response_code == '200') {
            if ($response == "VERIFIED") {
                $status = "";
                if (get_option('mcs_gateway') != 'authorizenet') {
                    // See whether the transaction already exists. (For refunds, reversals, or canceled reversals)
                    $sql = "SELECT id, hash, status FROM " . my_calendar_payments_table() . " WHERE txn_id = %s";
                    $txn = $parent != '' ? $wpdb->get_row($wpdb->prepare($sql, array($parent))) : $wpdb->get_row($wpdb->prepare($sql, array($txn_id)));
                } else {
                    $txn = false;
                }
                switch ($payment_status) {
                    case 'Completed':
                    case 'Created':
                    case 'Denied':
                    case 'Expired':
                    case 'Failed':
                    case 'Processed':
                    case 'Voided':
                        $status = $payment_status;
                        break;
                    case 'Pending':
                        $status = $payment_status . ': ' . $post['pending_reason'];
                        break;
                    case 'Refunded':
                    case 'Reversed':
                    case 'Canceled_Reversal':
                        $status = $payment_status . ': ' . $post['ReasonCode'];
                        break;
                }
                if (empty($txn)) {
                    //error_log("INSERT: ".$txn_id." ".$status);
                    $uniqid = uniqid('E');
                    $hash = mcs_uniqid($uniqid);
                    $sql = "INSERT INTO " . my_calendar_payments_table() . "\n\t\t\t\t\t\t\t(item_number,quantity,total,hash,txn_id,price,fee,status,transaction_date,first_name,last_name,payer_email)\n\t\t\t\t\t\t\tVALUES(%d, %d, %d, %s, %s, %f, %f, %s, NOW(), %s, %s, %s )";
                    $wpdb->query($wpdb->prepare($sql, array($item_number, $quantity, $quantity, $hash, $txn_id, $price, $mc_fee, $status, $payer_first_name, $payer_last_name, $payer_email)));
                } else {
                    $hash = $txn->hash;
                    //error_log("UPDATE: ".$txn_id." ".$status." ".$hash." ->".$item_number);
                    $sql = "UPDATE " . my_calendar_payments_table() . "\n\t\t\t\t\t\t\tSET status = %s,price=%f,fee=%f,transaction_date = NOW() WHERE id = %d";
                    $r = $wpdb->query($wpdb->prepare($sql, array($status, $price, $mc_fee, $txn->id)));
                    //error_log(var_dump($r, true));
                }
                if ($status == "Completed") {
                    mcs_send_notifications($payer_first_name, $payer_last_name, $payer_email, $price, $hash, $quantity);
                    setcookie("mcs_receipt", 'true', time() + 60 * 60, SITECOOKIEPATH, COOKIE_DOMAIN, false, true);
                }
            } else {
                // log for manual investigation
                $blogname = get_option('blogname');
                $mail_From = "From: {$blogname} Events <" . get_option('mcs_from') . ">";
                $mail_Subject = __("INVALID IPN on My Calendar Submission Payment", 'my-calendar-submissions');
                $mail_Body = __("Something went wrong. Hopefully this information will help:", 'my-calendar-submissions') . "\n\n";
                foreach ($_POST as $key => $value) {
                    $mail_Body .= $key . " = " . $value . "\n";
                }
                wp_mail(get_option('mcs_to'), $mail_Subject, $mail_Body, $mail_From);
            }
        } else {
            $blogname = get_option('blogname');
            $mail_From = "From: {$blogname} Events <" . get_option('mcs_from') . ">";
            $mail_Subject = __("WP HTTP Failed to contact Paypal", 'my-calendar-submissions');
            $mail_Body = __("Something went wrong. Hopefully this information will help:", 'my-calendar-submissions') . "\n\n";
            $mail_Body .= print_r($ipn, 1);
            wp_mail(get_option('mcs_to'), $mail_Subject, $mail_Body, $mail_From);
        }
        if ($redirect_url) {
            echo AuthorizeNetDPM::getRelayResponseSnippet($redirect_url);
            //wp_safe_redirect( $redirect_url );
            exit;
        } else {
            status_header(200);
        }
    } else {
        return;
    }
}
function mcs_add_payment($post)
{
    global $wpdb;
    if (isset($post['mc-submit-payments'])) {
        $nonce = $_POST['_wpnonce'];
        if (!wp_verify_nonce($nonce, 'my-calendar-payments')) {
            return;
        }
        $quantity = (int) $post['quantity'];
        // admin email after submission
        $price = sprintf("%01.2f", $post['price']);
        // submitter email after submission
        $first_name = $post['first_name'];
        // subject line
        $last_name = $post['last_name'];
        $email = is_email($post['email']);
        $transaction_date = date('Y-m-d h:m:s', strtotime($post['transaction_date']));
        $uniqid = uniqid('E');
        $hash = mcs_uniqid($uniqid);
        $add = array('item_number' => 1, 'quantity' => $quantity, 'total' => $quantity, 'hash' => $hash, 'txn_id' => 'Manual Entry', 'price' => $price, 'fee' => '0.00', 'status' => 'Completed', 'transaction_date' => $transaction_date, 'first_name' => $first_name, 'last_name' => $last_name, 'payer_email' => $email);
        $formats = array('%d', '%d', '%d', '%s', '%s', '%f', '%f', '%s', '%s', '%s', '%s', '%s');
        $insert = $wpdb->insert(my_calendar_payments_table(), $add, $formats);
        if ($insert) {
            $notifications = mcs_send_notifications($first_name, $last_name, $email, $price, $hash, $quantity);
            return "<div class=\"updated\"><p><strong>" . __('New Payment Added', 'my-calendar-submissions') . "</strong></p></div>";
        } else {
            return "<div class=\"updated error\"><p><strong>" . __('New Payment was not added.', 'my-calendar-submissions') . "</strong></p></div>";
        }
    }
    return false;
}