/**
* Store the CC info to the order and process any results that come back from the payment gateway
*
*/
function before_process()
{
global $response, $db, $order, $messageStack;
$order->info['cc_owner'] = zen_db_prepare_input($_POST['bank_acct_name']);
$order->info['cc_type'] = 'eCheck';
$order->info['cc_number'] = zen_db_prepare_input($_POST['bank_aba_code'] . '-' . str_pad(substr($_POST['bank_acct_num'], -4), strlen($_POST['bank_acct_num']), "X", STR_PAD_LEFT));
$sessID = zen_session_id();
// DATA PREPARATION SECTION
unset($submit_data);
// Cleans out any previous data stored in the variable
// Create a string that contains a listing of products ordered for the description field
$description = '';
for ($i = 0; $i < sizeof($order->products); $i++) {
$description .= $order->products[$i]['name'] . ' (qty: ' . $order->products[$i]['qty'] . ') + ';
}
// Remove the last "\n" from the string
$description = substr($description, 0, -2);
// Create a variable that holds the order time
$order_time = date("F j, Y, g:i a");
// Calculate the next expected order id
$last_order_id = $db->Execute("select * from " . TABLE_ORDERS . " order by orders_id desc limit 1");
$new_order_id = $last_order_id->fields['orders_id'];
$new_order_id = $new_order_id + 1;
$new_order_id = (string) $new_order_id . '-' . zen_create_random_value(6, 'chars');
// Populate an array that contains all of the data to be sent to Authorize.net
$submit_data = array('x_login' => trim(MODULE_PAYMENT_AUTHORIZENET_ECHECK_LOGIN), 'x_tran_key' => trim(MODULE_PAYMENT_AUTHORIZENET_ECHECK_TXNKEY), 'x_relay_response' => 'FALSE', 'x_delim_data' => 'TRUE', 'x_delim_char' => $this->delimiter, 'x_encap_char' => $this->encapChar, 'x_version' => '3.1', 'x_type' => MODULE_PAYMENT_AUTHORIZENET_ECHECK_AUTHORIZATION_TYPE == 'Authorize' ? 'AUTH_ONLY' : 'AUTH_CAPTURE', 'x_amount' => number_format($order->info['total'], 2), 'x_currency_code' => $order->info['currency'], 'x_method' => 'ECHECK', 'x_bank_aba_code' => $_POST['bank_aba_code'], 'x_bank_acct_num' => $_POST['bank_acct_num'], 'x_bank_acct_type' => $_POST['bank_acct_type'], 'x_bank_name' => $_POST['bank_name'], 'x_bank_acct_name' => $_POST['bank_acct_name'], 'x_echeck_type' => 'WEB', 'x_recurring_billing' => 'NO', 'x_email_customer' => MODULE_PAYMENT_AUTHORIZENET_ECHECK_EMAIL_CUSTOMER == 'True' ? 'TRUE' : 'FALSE', 'x_email_merchant' => MODULE_PAYMENT_AUTHORIZENET_ECHECK_EMAIL_MERCHANT == 'True' ? 'TRUE' : 'FALSE', 'x_cust_id' => $_SESSION['customer_id'], 'x_invoice_num' => (MODULE_PAYMENT_AUTHORIZENET_ECHECK_TESTMODE == 'Test' ? 'TEST-' : '') . $new_order_id, 'x_first_name' => $order->billing['firstname'], 'x_last_name' => $order->billing['lastname'], 'x_company' => $order->billing['company'], 'x_address' => $order->billing['street_address'], 'x_city' => $order->billing['city'], 'x_state' => $order->billing['state'], 'x_zip' => $order->billing['postcode'], 'x_country' => $order->billing['country']['title'], 'x_phone' => $order->customer['telephone'], 'x_email' => $order->customer['email_address'], 'x_ship_to_first_name' => $order->delivery['firstname'], 'x_ship_to_last_name' => $order->delivery['lastname'], 'x_ship_to_address' => $order->delivery['street_address'], 'x_ship_to_city' => $order->delivery['city'], 'x_ship_to_state' => $order->delivery['state'], 'x_ship_to_zip' => $order->delivery['postcode'], 'x_ship_to_country' => $order->delivery['country']['title'], 'x_description' => $description, 'x_customer_ip' => zen_get_ip_address(), 'x_po_num' => date('M-d-Y h:i:s'), 'x_freight' => number_format((double) $order->info['shipping_cost'], 2), 'x_tax_exempt' => 'FALSE', 'x_tax' => number_format((double) $order->info['tax'], 2), 'x_duty' => '0', 'Date' => $order_time, 'IP' => zen_get_ip_address(), 'Session' => $sessID);
// process Wells-Fargo-SecureSource-specific parameters
if (MODULE_PAYMENT_AUTHORIZENET_ECHECK_WFSS_ENABLED == 'True') {
$submit_data['x_customer_organization_type'] = zen_db_prepare_input($_POST['echeck_customer_type']);
if (zen_db_prepare_input($_POST['echeck_customer_tax_id']) != '') {
$submit_data['x_customer_tax_id'] = zen_db_prepare_input($_POST['echeck_customer_tax_id']);
} else {
$submit_data = array_merge($submit_data, array('x_drivers_license_num' => zen_db_prepare_input($_POST['echeck_dl_num']), 'x_drivers_license_state' => zen_db_prepare_input($_POST['echeck_dl_state']), 'x_drivers_license_dob' => zen_db_prepare_input($_POST['echeck_dl_dob'])));
}
}
// force conversion to USD
if ($order->info['currency'] != 'USD') {
global $currencies;
$submit_data['x_amount'] = number_format($order->info['total'] * $currencies->get_value('USD'), 2);
$submit_data['x_currency_code'] = 'USD';
unset($submit_data['x_tax'], $submit_data['x_freight']);
}
unset($response);
$response = $this->_sendRequest($submit_data);
$response_code = $response[0];
$response_text = $response[3];
$this->auth_code = $response[4];
$this->transaction_id = $response[6];
$response_msg_to_customer = $response_text . ($this->commError == '' ? '' : ' Communications Error - Please notify webmaster.');
$response['Expected-MD5-Hash'] = $this->calc_md5_response($response[6], $response[9]);
$response['HashMatchStatus'] = $response[37] == $response['Expected-MD5-Hash'] ? 'PASS' : 'FAIL';
$this->_debugActions($response, $order_time, $sessID);
// If the MD5 hash doesn't match, then this transaction's authenticity cannot be verified.
// Thus, order will be placed in Pending status
if ($response['HashMatchStatus'] != 'PASS' && defined('MODULE_PAYMENT_AUTHORIZENET_ECHECK_MD5HASH') && MODULE_PAYMENT_AUTHORIZENET_ECHECK_MD5HASH != '') {
$this->order_status = 1;
$messageStack->add_session('header', MODULE_PAYMENT_AUTHORIZENET_ECHECK_TEXT_AUTHENTICITY_WARNING, 'caution');
}
// If the response code is not 1 (approved) then redirect back to the payment page with the appropriate error message
if ($response_code != '1') {
$messageStack->add_session('checkout_payment', $response_msg_to_customer . ' - ' . MODULE_PAYMENT_AUTHORIZENET_ECHECK_TEXT_DECLINED_MESSAGE, 'error');
zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
}
}
/**
* Prepare and submit the final authorization to PayPal via the appropriate means as configured
*/
function before_process()
{
global $order, $doPayPal;
$options = array();
$optionsShip = array();
$optionsNVP = array();
$options = $this->getLineItemDetails();
//$this->zcLog('before_process - 1', 'Have line-item details:' . "\n" . print_r($options, true));
$doPayPal = $this->paypal_init();
if ($this->in_special_checkout() || $this->enableDirectPayment == false) {
$this->zcLog('before_process - EC-1', 'Beginning EC mode');
/****************************************
* Do EC checkout
****************************************/
// do not allow blank address to be sent to PayPal
if ($_SESSION['paypal_ec_payer_info']['ship_street_1'] != '' && $_SESSION['paypal_ec_payer_info']['ship_address_status'] != 'None') {
$options = array_merge($options, array('SHIPTONAME' => $_SESSION['paypal_ec_payer_info']['ship_name'], 'SHIPTOSTREET' => $_SESSION['paypal_ec_payer_info']['ship_street_1'], 'SHIPTOSTREET2' => $_SESSION['paypal_ec_payer_info']['ship_street_2'], 'SHIPTOCITY' => $_SESSION['paypal_ec_payer_info']['ship_city'], 'SHIPTOSTATE' => $_SESSION['paypal_ec_payer_info']['ship_state'], 'SHIPTOZIP' => $_SESSION['paypal_ec_payer_info']['ship_postal_code'], 'SHIPTOCOUNTRYCODE' => $_SESSION['paypal_ec_payer_info']['ship_country_code']));
$this->zcLog('before_process - EC-2', 'address overrides added:' . "\n" . print_r($options, true));
}
$this->zcLog('before_process - EC-3', 'address info added:' . "\n" . print_r($options, true));
// If the customer has changed their shipping address,
// override the shipping address in PayPal with the shipping
// address that is selected in Zen Cart.
if ($order->delivery['street_address'] != $_SESSION['paypal_ec_payer_info']['ship_street_1'] && $_SESSION['paypal_ec_payer_info']['ship_street_1'] != '') {
$_GET['markflow'] = 2;
if (($address_arr = $this->getOverrideAddress()) !== false) {
// set the override var
$options['ADDROVERRIDE'] = 1;
// set the address info
$options['SHIPTONAME'] = $address_arr['entry_firstname'] . ' ' . $address_arr['entry_lastname'];
$options['SHIPTOSTREET'] = $address_arr['entry_street_address'];
if ($address_arr['entry_suburb'] != '') {
$options['SHIPTOSTREET2'] = $address_arr['entry_suburb'];
}
$options['SHIPTOCITY'] = $address_arr['entry_city'];
$options['SHIPTOZIP'] = $address_arr['entry_postcode'];
$options['SHIPTOSTATE'] = $address_arr['zone_code'];
$options['SHIPTOCOUNTRYCODE'] = $address_arr['countries_iso_code_2'];
}
}
// if these optional parameters are blank, remove them from transaction
if (isset($options['SHIPTOSTREET2']) && trim($options['SHIPTOSTREET2']) == '') {
unset($options['SHIPTOSTREET2']);
}
if (isset($options['SHIPTOPHONE']) && trim($options['SHIPTOPHONE']) == '') {
unset($options['SHIPTOPHONE']);
}
// if State is not supplied, repeat the city so that it's not blank, otherwise PayPal croaks
if ((!isset($options['SHIPTOSTATE']) || trim($options['SHIPTOSTATE']) == '') && $options['SHIPTOCITY'] != '') {
$options['SHIPTOSTATE'] = $options['SHIPTOCITY'];
}
$options['BUTTONSOURCE'] = $this->buttonSourceEC;
$options['CURRENCY'] = $this->selectCurrency($order->info['currency']);
$order_amount = $this->calc_order_amount($order->info['total'], $options['CURRENCY']);
// unused at present:
// $options['CUSTOM'] = '';
// $options['INVNUM'] = '';
// $options['DESC'] = '';
// debug output
$this->zcLog('before_process - EC-4', 'info being submitted:' . "\n" . $_SESSION['paypal_ec_token'] . ' ' . $_SESSION['paypal_ec_payer_id'] . ' ' . number_format($order_amount, 2) . "\n" . print_r($options, true));
$response = $doPayPal->DoExpressCheckoutPayment($_SESSION['paypal_ec_token'], $_SESSION['paypal_ec_payer_id'], number_format(isset($options['AMT']) ? $options['AMT'] : $order_amount, 2), $options);
$this->zcLog('before_process - EC-5', 'resultset:' . "\n" . urldecode(print_r($response, true)));
// CHECK RESPONSE -- if error, actions are taken in the errorHandler
$error = $this->_errorHandler($response, 'DoExpressCheckoutPayment');
// SUCCESS
$this->payment_type = MODULE_PAYMENT_PAYPALWPP_EC_TEXT_TYPE;
$this->responsedata = $response;
if ($response['PAYMENTTYPE'] != '') {
$this->payment_type .= ' (' . urldecode($response['PAYMENTTYPE']) . ')';
}
$this->transaction_id = trim($response['PNREF'] . ' ' . $response['TRANSACTIONID']);
if (empty($response['PENDINGREASON']) || $response['PENDINGREASON'] == 'none' || $response['PENDINGREASON'] == 'completed' || $response['PAYMENTSTATUS'] == 'Completed') {
$this->payment_status = 'Completed';
if ($this->order_status > 0) {
$order->info['order_status'] = $this->order_status;
}
} else {
$this->payment_status = 'Pending (' . $response['PENDINGREASON'] . ')';
$order->info['order_status'] = $this->order_pending_status;
}
$this->avs = 'N/A';
$this->cvv2 = 'N/A';
$this->correlationid = $response['CORRELATIONID'];
$this->transactiontype = $response['TRANSACTIONTYPE'];
$this->payment_time = urldecode($response['ORDERTIME']);
$this->feeamt = urldecode($response['FEEAMT']);
$this->taxamt = urldecode($response['TAXAMT']);
$this->pendingreason = $response['PENDINGREASON'];
$this->reasoncode = $response['REASONCODE'];
// $this->numitems = $_SESSION['cart']->count_contents();
$this->numitems = sizeof($order->products);
$this->amt = urldecode($response['AMT'] . ' ' . $response['CURRENCYCODE']);
$this->auth_code = isset($this->response['AUTHCODE']) ? $this->response['AUTHCODE'] : $this->response['TOKEN'];
} else {
/****************************************
* Do DP checkout
****************************************/
$this->zcLog('before_process - DP-1', 'Beginning DP mode');
// Set state fields depending on what PayPal wants to see for that country
$this->setStateAndCountry($order->billing);
if (zen_not_null($order->delivery['street_address'])) {
$this->setStateAndCountry($order->delivery);
}
// Validate credit card data
include DIR_WS_CLASSES . 'cc_validation.php';
$cc_validation = new cc_validation();
$response = $cc_validation->validate($_POST['ec_cc_number'], $_POST['ec_cc_expdate_month'], $_POST['ec_cc_expdate_year'], $_POST['ec_cc_issuedate_month'], $_POST['ec_cc_issuedate_year']);
$error = '';
switch ($response) {
case -1:
$error = sprintf(TEXT_CCVAL_ERROR_UNKNOWN_CARD, substr($cc_validation->cc_number, 0, 4));
break;
case -2:
case -3:
case -4:
$error = TEXT_CCVAL_ERROR_INVALID_DATE;
break;
case false:
$error = TEXT_CCVAL_ERROR_INVALID_NUMBER;
break;
}
$this->zcLog('before_process - DP-2', 'CC validation results: ' . $error . '(' . $response . ')');
if ($response == false || $response < 1) {
$this->terminateEC($error, false, FILENAME_CHECKOUT_PAYMENT);
}
if (!in_array($cc_validation->cc_type, array('Visa', 'MasterCard', 'Switch', 'Solo', 'Discover', 'American Express', 'Maestro'))) {
$this->terminateEC(MODULE_PAYMENT_PAYPALWPP_TEXT_BAD_CARD, false, FILENAME_CHECKOUT_PAYMENT);
}
$this->zcLog('before_process - DP-3', 'CC info: ' . $cc_validation->cc_type . ' ' . substr($cc_validation->cc_number, 0, 4) . str_repeat('X', strlen($cc_validation->cc_number) - 8) . substr($cc_validation->cc_number, -4));
// if CC validation passed, continue using the validated data
$cc_type = $cc_validation->cc_type;
$cc_number = $cc_validation->cc_number;
$cc_first_name = $_POST['ec_payer_firstname'];
$cc_last_name = $_POST['ec_payer_lastname'];
$cc_checkcode = $_POST['ec_cc_checkcode'];
$cc_expdate_month = $cc_validation->cc_expiry_month;
$cc_expdate_year = $cc_validation->cc_expiry_year;
$cc_issuedate_month = $_POST['ec_cc_issuedate_month'];
$cc_issuedate_year = $_POST['ec_cc_issuedate_year'];
$cc_owner_ip = zen_get_ip_address();
// If they're still here, set some of the order object's variables.
$order->info['cc_type'] = $cc_type;
$order->info['cc_number'] = substr($cc_number, 0, 4) . str_repeat('X', strlen($cc_number) - 8) . substr($cc_number, -4);
$order->info['cc_owner'] = $cc_first_name . ' ' . $cc_last_name;
$order->info['cc_expires'] = $cc_expdate_month . substr($cc_expdate_year, -2);
$order->info['ip_address'] = $cc_owner_ip;
// Set currency
$my_currency = $this->selectCurrency($order->info['currency'], 'DP');
/*
// if CC is switch or solo, must be GBP
if (in_array($cc_type, array('Switch', 'Solo', 'Maestro'))) {
$my_currency = 'GBP';
}
*/
$order_amount = $this->calc_order_amount($order->info['total'], $my_currency);
// Initialize the paypal caller object.
$doPayPal = $this->paypal_init();
$optionsAll = array_merge($options, array('STREET' => $order->billing['street_address'], 'ZIP' => $order->billing['postcode']));
$optionsNVP = array('CITY' => $order->billing['city'], 'STATE' => $order->billing['state'], 'COUNTRYCODE' => $order->billing['country']['iso_code_2'], 'EXPDATE' => $cc_expdate_month . $cc_expdate_year);
$optionsShip = array();
if (isset($order->delivery) && $order->delivery['street_address'] != '') {
$optionsShip = array('SHIPTONAME' => $order->delivery['name'] == '' ? $order->delivery['firstname'] . ' ' . $order->delivery['lastname'] : $order->delivery['name'], 'SHIPTOSTREET' => $order->delivery['street_address'], 'SHIPTOSTREET2' => $order->delivery['suburb'], 'SHIPTOCITY' => $order->delivery['city'], 'SHIPTOZIP' => $order->delivery['postcode'], 'SHIPTOSTATE' => $order->delivery['state'], 'SHIPTOCOUNTRYCODE' => $order->delivery['country']['iso_code_2']);
}
// if these optional parameters are blank, remove them from transaction
if (isset($optionsShip['SHIPTOSTREET2']) && trim($optionsShip['SHIPTOSTREET2']) == '') {
unset($optionsShip['SHIPTOSTREET2']);
}
if (isset($optionsShip['SHIPTOPHONE']) && trim($optionsShip['SHIPTOPHONE']) == '') {
unset($optionsShip['SHIPTOPHONE']);
}
// if State is not supplied, repeat the city so that it's not blank, otherwise PayPal croaks
if (!isset($optionsShip['SHIPTOSTATE']) || trim($optionsShip['SHIPTOSTATE']) == '') {
$optionsShip['SHIPTOSTATE'] = $optionsShip['SHIPTOCITY'];
}
// Payment Transaction/Authorization Mode
$optionsNVP['PAYMENTACTION'] = MODULE_PAYMENT_PAYPALWPP_TRANSACTION_MODE == 'Auth Only' ? 'Authorization' : 'Sale';
// if (in_array($cc_type, array('Switch', 'Solo'))) {
// $optionsNVP['PAYMENTACTION'] = 'Authorization';
// }
$optionsAll['BUTTONSOURCE'] = $this->buttonSourceDP;
$optionsAll['CURRENCY'] = $my_currency;
$optionsAll['IPADDRESS'] = $cc_owner_ip;
if ($cc_issuedate_month && $cc_issuedate_year) {
$optionsAll['CARDSTART'] = $cc_issuedate_month . substr($cc_issuedate_year, -2);
}
// unused at present:
// $options['CUSTOM'] = '';
// $options['INVNUM'] = '';
// $options['DESC'] = '';
$this->zcLog('before_process - DP-4', 'optionsAll: ' . print_r($optionsAll, true) . "\n" . 'optionsNVP: ' . print_r($optionsNVP, true) . "\n" . 'optionsShip' . print_r($optionsShip, true) . "\n" . 'Rest of data: ' . "\n" . number_format($order_amount, 2) . ' ' . $cc_expdate_month . ' ' . substr($cc_expdate_year, -2) . ' ' . $cc_first_name . ' ' . $cc_last_name . ' ' . $cc_type);
$response = $doPayPal->DoDirectPayment(number_format($order_amount, 2), $cc_number, $cc_checkcode, $cc_expdate_month . substr($cc_expdate_year, -2), $cc_first_name, $cc_last_name, $cc_type, $optionsAll, array_merge($optionsNVP, $optionsShip));
$this->zcLog('before_process - DP-5', 'resultset:' . "\n" . print_r($response, true));
// CHECK RESPONSE
$error = $this->_errorHandler($response, 'DoDirectPayment');
$this->feeamt = '';
$this->taxamt = '';
$this->pendingreason = '';
$this->reasoncode = '';
$this->numitems = sizeof($order->products);
$this->responsedata = $response;
if ($response['PNREF']) {
// PNREF only comes from payflow mode
$this->payment_type = MODULE_PAYMENT_PAYPALWPP_PF_TEXT_TYPE;
$this->transaction_id = $response['PNREF'];
$this->payment_status = MODULE_PAYMENT_PAYPALWPP_TRANSACTION_MODE == 'Auth Only' ? 'Authorization' : 'Completed';
$this->avs = 'AVSADDR: ' . $response['AVSADDR'] . ', AVSZIP: ' . $response['AVSZIP'] . ', IAVS: ' . $response['IAVS'];
$this->cvv2 = $response['CVV2MATCH'];
$this->amt = $order_amount . ' ' . $my_currency;
$this->payment_time = date('Y-m-d h:i:s');
$this->responsedata['CURRENCYCODE'] = $my_currency;
$this->responsedata['EXCHANGERATE'] = $order->info['currency_value'];
$this->auth_code = $this->response['AUTHCODE'];
} else {
// here we're in NVP mode
$this->transaction_id = $response['TRANSACTIONID'];
$this->payment_type = MODULE_PAYMENT_PAYPALWPP_DP_TEXT_TYPE;
$this->payment_status = MODULE_PAYMENT_PAYPALWPP_TRANSACTION_MODE == 'Auth Only' ? 'Authorization' : 'Completed';
$this->pendingreason = MODULE_PAYMENT_PAYPALWPP_TRANSACTION_MODE == 'Auth Only' ? 'authorization' : '';
$this->avs = $response['AVSCODE'];
$this->cvv2 = $response['CVV2MATCH'];
$this->correlationid = $response['CORRELATIONID'];
$this->payment_time = urldecode($response['TIMESTAMP']);
$this->amt = urldecode($response['AMT'] . ' ' . $response['CURRENCYCODE']);
$this->auth_code = isset($this->response['AUTHCODE']) ? $this->response['AUTHCODE'] : $this->response['TOKEN'];
$this->transactiontype = 'cart';
}
}
}
/**
* Store the CC info to the order and process any results that come back from the payment gateway
*
*/
function before_process()
{
global $response, $db, $order, $messageStack;
$order->info['cc_type'] = $_POST['cc_type'];
$order->info['cc_owner'] = $_POST['cc_owner'];
$order->info['cc_number'] = str_pad(substr($_POST['cc_number'], -4), strlen($_POST['cc_number']), "X", STR_PAD_LEFT);
$order->info['cc_expires'] = '';
// $_POST['cc_expires'];
$order->info['cc_cvv'] = '***';
//$_POST['cc_cvv'];
$sessID = zen_session_id();
// DATA PREPARATION SECTION
unset($submit_data);
// Cleans out any previous data stored in the variable
// Create a string that contains a listing of products ordered for the description field
$description = '';
for ($i = 0; $i < sizeof($order->products); $i++) {
$description .= $order->products[$i]['name'] . ' (qty: ' . $order->products[$i]['qty'] . ') + ';
}
// Remove the last "\n" from the string
$description = substr($description, 0, -2);
// Create a variable that holds the order time
$order_time = date("F j, Y, g:i a");
// Calculate the next expected order id (adapted from code written by Eric Stamper - 01/30/2004 Released under GPL)
$last_order_id = $db->Execute("select * from " . TABLE_ORDERS . " order by orders_id desc limit 1");
$new_order_id = $last_order_id->fields['orders_id'];
$new_order_id = $new_order_id + 1;
// add randomized suffix to order id to produce uniqueness ... since it's unwise to submit the same order-number twice to authorize.net
$new_order_id = (string) $new_order_id . '-' . zen_create_random_value(6, 'chars');
// Populate an array that contains all of the data to be sent to Authorize.net
$submit_data = array('x_login' => trim(MODULE_PAYMENT_AUTHORIZENET_AIM_LOGIN), 'x_tran_key' => trim(MODULE_PAYMENT_AUTHORIZENET_AIM_TXNKEY), 'x_relay_response' => 'FALSE', 'x_delim_data' => 'TRUE', 'x_delim_char' => $this->delimiter, 'x_encap_char' => $this->encapChar, 'x_version' => '3.1', 'x_type' => MODULE_PAYMENT_AUTHORIZENET_AIM_AUTHORIZATION_TYPE == 'Authorize' ? 'AUTH_ONLY' : 'AUTH_CAPTURE', 'x_method' => 'CC', 'x_amount' => number_format($order->info['total'], 2), 'x_currency_code' => $order->info['currency'], 'x_card_num' => $_POST['cc_number'], 'x_exp_date' => $_POST['cc_expires'], 'x_card_code' => $_POST['cc_cvv'], 'x_email_customer' => MODULE_PAYMENT_AUTHORIZENET_AIM_EMAIL_CUSTOMER == 'True' ? 'TRUE' : 'FALSE', 'x_email_merchant' => MODULE_PAYMENT_AUTHORIZENET_AIM_EMAIL_MERCHANT == 'True' ? 'TRUE' : 'FALSE', 'x_cust_id' => $_SESSION['customer_id'], 'x_invoice_num' => (MODULE_PAYMENT_AUTHORIZENET_AIM_TESTMODE == 'Test' ? 'TEST-' : '') . $new_order_id, 'x_first_name' => $order->billing['firstname'], 'x_last_name' => $order->billing['lastname'], 'x_company' => $order->billing['company'], 'x_address' => $order->billing['street_address'], 'x_city' => $order->billing['city'], 'x_state' => $order->billing['state'], 'x_zip' => $order->billing['postcode'], 'x_country' => $order->billing['country']['title'], 'x_phone' => $order->customer['telephone'], 'x_email' => $order->customer['email_address'], 'x_ship_to_first_name' => $order->delivery['firstname'], 'x_ship_to_last_name' => $order->delivery['lastname'], 'x_ship_to_address' => $order->delivery['street_address'], 'x_ship_to_city' => $order->delivery['city'], 'x_ship_to_state' => $order->delivery['state'], 'x_ship_to_zip' => $order->delivery['postcode'], 'x_ship_to_country' => $order->delivery['country']['title'], 'x_description' => $description, 'x_recurring_billing' => 'NO', 'x_customer_ip' => zen_get_ip_address(), 'x_po_num' => date('M-d-Y h:i:s'), 'x_freight' => number_format((double) $order->info['shipping_cost'], 2), 'x_tax_exempt' => 'FALSE', 'x_tax' => number_format((double) $order->info['tax'], 2), 'x_duty' => '0', 'x_allow_partial_Auth' => 'FALSE', 'Date' => $order_time, 'IP' => zen_get_ip_address(), 'Session' => $sessID);
unset($response);
$response = $this->_sendRequest($submit_data);
$response_code = $response[0];
$response_text = $response[3];
$this->auth_code = $response[4];
$this->transaction_id = $response[6];
$this->avs_response = $response[5];
$this->ccv_response = $response[38];
$response_msg_to_customer = $response_text . ($this->commError == '' ? '' : ' Communications Error - Please notify webmaster.');
$response['Expected-MD5-Hash'] = $this->calc_md5_response($response[6], $response[9]);
$response['HashMatchStatus'] = $response[37] == $response['Expected-MD5-Hash'] ? 'PASS' : 'FAIL';
if ($response[0] == '3' && $response[2] == '103') {
$response['ErrorDetails'] = 'Invalid Transaction Key in AIM configuration.';
}
if ($response[0] == '2' && $response[2] == '44') {
$response['ErrorDetails'] = 'Declined due to CVV refusal by issuing bank.';
}
if ($response[0] == '2' && $response[2] == '45') {
$response['ErrorDetails'] = 'Declined due to AVS/CVV filters.';
}
if ($response[0] == '2' && $response[2] == '65') {
$response['ErrorDetails'] = 'Declined due to custom CVV filters.';
}
if ($response[0] == '3' && $response[2] == '66') {
$response['ErrorDetails'] = 'Transaction did not meet security guideline requirements.';
}
if ($response[0] == '3' && $response[2] == '128') {
$response['ErrorDetails'] = 'Refused by customers bank.';
}
if ($response[0] == '2' && $response[2] == '250') {
$response['ErrorDetails'] = 'Transaction submitted from a blocked IP address.';
}
if ($response[0] == '2' && $response[2] == '251') {
$response['ErrorDetails'] = 'Declined by Fraud Detection Suite filter.';
}
if ($response[0] == '4' && in_array($response[2], array('193', '252', '253'))) {
$this->order_status = 1;
$this->transaction_id .= ' ***NOTE: Held for review by merchant.';
$response['ErrorDetails'] = 'Transaction held for review by merchant or fraud detection suite.';
}
$this->_debugActions($response, $order_time, $sessID);
// If the MD5 hash doesn't match, then this transaction's authenticity cannot be verified.
// Thus, order will be placed in Pending status
if ($response['HashMatchStatus'] != 'PASS' && defined('MODULE_PAYMENT_AUTHORIZENET_AIM_MD5HASH') && MODULE_PAYMENT_AUTHORIZENET_AIM_MD5HASH != '') {
$this->order_status = 1;
$messageStack->add_session('header', MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_AUTHENTICITY_WARNING, 'caution');
}
// If the response code is not 1 (approved) then redirect back to the payment page with the appropriate error message
if ($response_code != '1') {
$messageStack->add_session('checkout_payment', $response_msg_to_customer . ' - ' . MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_DECLINED_MESSAGE, 'error');
zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
}
if ($response[88] != '') {
$_SESSION['payment_method_messages'] = $response[88];
}
}
if ($_SESSION['SSL_SESSION_ID'] != $ssl_session_id) {
zen_session_destroy();
zen_redirect(zen_href_link(FILENAME_SSL_CHECK));
}
}
/**
* verify the browser user agent if the feature is enabled
*/
if (SESSION_CHECK_USER_AGENT == 'True') {
$http_user_agent = $_SERVER['HTTP_USER_AGENT'];
if (!$_SESSION['SESSION_USER_AGENT']) {
$_SESSION['SESSION_USER_AGENT'] = $http_user_agent;
}
if ($_SESSION['SESSION_USER_AGENT'] != $http_user_agent) {
zen_session_destroy();
zen_redirect(zen_href_link(FILENAME_LOGIN));
}
}
/**
* verify the IP address if the feature is enabled
*/
if (SESSION_CHECK_IP_ADDRESS == 'True') {
$ip_address = zen_get_ip_address();
if (!$_SESSION['SESSION_IP_ADDRESS']) {
$_SESSION['SESSION_IP_ADDRESS'] = $ip_address;
}
if ($_SESSION['SESSION_IP_ADDRESS'] != $ip_address) {
zen_session_destroy();
zen_redirect(zen_href_link(FILENAME_LOGIN));
}
}
// check for required session variables
$_SESSION['gv_id'] = $coupon->fields['coupon_id'];
$error = false;
} else {
$error = true;
}
}
} else {
zen_redirect(zen_href_link(FILENAME_DEFAULT));
}
if (!$error && $_SESSION['customer_id']) {
// Update redeem status
$gv_query = "INSERT INTO " . TABLE_COUPON_REDEEM_TRACK . "(coupon_id, customer_id, redeem_date, redeem_ip)\n VALUES (:couponID, :customersID, now(), :remoteADDR)";
$gv_query = $db->bindVars($gv_query, ':customersID', $_SESSION['customer_id'], 'integer');
$gv_query = $db->bindVars($gv_query, ':couponID', $coupon->fields['coupon_id'], 'integer');
$gv_query = $db->bindVars($gv_query, ':remoteADDR', zen_get_ip_address(), 'string');
$db->Execute($gv_query);
$gv_update = "UPDATE " . TABLE_COUPONS . "\n SET coupon_active = 'N'\n WHERE coupon_id = :couponID";
$gv_update = $db->bindVars($gv_update, ':couponID', $coupon->fields['coupon_id'], 'integer');
$db->Execute($gv_update);
zen_gv_account_update($_SESSION['customer_id'], $_SESSION['gv_id']);
$_SESSION['gv_id'] = '';
}
//require(DIR_WS_MODULES . zen_get_module_directory('require_languages.php')); //moved to top
$breadcrumb->add(NAVBAR_TITLE);
// prepare message for display in template:
$message = sprintf(TEXT_VALID_GV, $currencies->format($coupon->fields['coupon_amount']));
if ($error) {
// if we get here then either the URL gv_no param was not set or it was invalid
// so output a message.
$message = TEXT_INVALID_GV;
/**
* Prepare and submit the authorization to the gateway
*/
function before_process()
{
global $order, $order_totals, $db, $messageStack, $lp_avs, $lp_trans_num;
$myorder = array();
// Calculate the next expected order id
$last_order_id = $db->Execute("select * from " . TABLE_ORDERS . " order by orders_id desc limit 1");
$new_order_id = $last_order_id->fields['orders_id'];
$new_order_id = $new_order_id + 1;
// add randomized suffix to order id to produce uniqueness ... since it's unwise to submit the same order-number twice to the gateway
$new_order_id = (string) $new_order_id . '-' . zen_create_random_value(6);
// Build Info to send to Gateway
$myorder["result"] = "LIVE";
switch (MODULE_PAYMENT_LINKPOINT_API_TRANSACTION_MODE_RESPONSE) {
case "TESTING: Successful":
$myorder["result"] = "GOOD";
break;
case "TESTING: Decline":
$myorder["result"] = "DECLINE";
break;
case "TESTING: Duplicate":
$myorder["result"] = "DUPLICATE";
break;
}
// "oid" - Order ID number must be unique. If not set, gateway will assign one.
//$oid = zen_create_random_value(16, 'digits'); // Create a UID for the order
$myorder["oid"] = $new_order_id;
//""; // time(); ????
// prepare totals for submission
$surcharges = 0;
$creditsApplied = 0;
global $order_totals;
reset($order_totals);
$myorder['subtotal'] = $myorder['tax'] = $myorder['shipping'] = $myorder['chargetotal'] = 0;
for ($i = 0, $n = sizeof($order_totals); $i < $n; $i++) {
if ($order_totals[$i]['code'] == '') {
continue;
}
if (in_array($order_totals[$i]['code'], array('ot_total', 'ot_subtotal', 'ot_tax', 'ot_shipping'))) {
if ($order_totals[$i]['code'] == 'ot_subtotal') {
$myorder["subtotal"] = round($order_totals[$i]['value'], 2);
}
if ($order_totals[$i]['code'] == 'ot_tax') {
$myorder["tax"] += round($order_totals[$i]['value'], 2);
}
if ($order_totals[$i]['code'] == 'ot_shipping') {
$myorder["shipping"] = round($order_totals[$i]['value'], 2);
}
if ($order_totals[$i]['code'] == 'ot_total') {
$myorder["chargetotal"] = round($order_totals[$i]['value'], 2);
}
} else {
global ${$order_totals[$i]['code']};
if (substr($order_totals[$i]['text'], 0, 1) == '-' || isset(${$order_totals[$i]['code']}->credit_class) && ${$order_totals[$i]['code']}->credit_class == true) {
$creditsApplied += round($order_totals[$i]['value'], 2);
} else {
$surcharges += round($order_totals[$i]['value'], 2);
}
}
}
foreach (array('subtotal', 'tax', 'chargetotal', 'shipping') as $i) {
if (isset($myorder[$i])) {
$myorder[$i] = number_format($myorder[$i], 2, '.', '');
}
}
if ($surcharges == 0 && $creditsApplied == 0 && $order->info['total'] >= $order->info['subtotal'] && sizeof($order->products) <= 20) {
// itemized contents
$num_line_items = 0;
reset($order->products);
for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
$num_line_items++;
$myorder["items"][$num_line_items]['id'] = $order->products[$i]['id'];
$myorder["items"][$num_line_items]['description'] = substr(htmlentities($order->products[$i]['name'], ENT_QUOTES, 'UTF-8'), 0, 128);
$myorder["items"][$num_line_items]['quantity'] = $order->products[$i]['qty'];
$myorder["items"][$num_line_items]['price'] = number_format(zen_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']), 2, '.', '');
// check and adjust for fractional quantities, which cannot be submitted as line-item details
$q = $order->products[$i]['qty'];
$q1 = strval($q);
$q2 = (int) $q;
$q3 = strval($q2);
if ($q1 != $q3 || $myorder["items"][$num_line_items]['quantity'] * $myorder["items"][$num_line_items]['price'] != number_format($order->products[$i]['qty'] * $order->products[$i]['final_price'], 2, '.', '')) {
$myorder["items"][$num_line_items]['quantity'] = 1;
$myorder["items"][$num_line_items]['price'] = number_format(zen_round(zen_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']), $decimals) * $order->products[$i]['qty'], 2, '.', '');
$myorder["items"][$num_line_items]['description'] = '(' . $order->products[$i]['qty'] . ' x )' . substr($myorder["items"][$num_line_items]['description'], 115);
}
if (isset($order->products[$i]['attributes'])) {
$options_text_length = 0;
for ($j = 0, $m = sizeof($order->products[$i]['attributes']); $j < $m; $j++) {
$options_text_length += strlen($order->products[$i]['attributes'][$j]['option'] . $order->products[$i]['attributes'][$j]['value']);
}
if ($options_text_length < 128) {
for ($j = 0, $m = sizeof($order->products[$i]['attributes']); $j < $m; $j++) {
$myorder["items"][$num_line_items]['options' . $j]['name'] = substr(htmlentities($order->products[$i]['attributes'][$j]['option'], ENT_QUOTES, 'UTF-8'), 0, 128);
$myorder["items"][$num_line_items]['options' . $j]['value'] = substr(htmlentities($order->products[$i]['attributes'][$j]['value'], ENT_QUOTES, 'UTF-8'), 0, 128);
}
}
}
// track one-time charges
if ($order->products[$i]['onetime_charges'] != 0) {
$num_line_items++;
$myorder["items"][$num_line_items]['id'] = 'OTC';
$myorder["items"][$num_line_items]['description'] = 'One Time Charges';
$myorder["items"][$num_line_items]['quantity'] = 1;
$myorder["items"][$num_line_items]['price'] = number_format(zen_add_tax($order->products[$i]['onetime_charges'], $order->products[$i]['tax']), 2, '.', '');
}
}
/*
// deal with surcharges/fees
$num_line_items++;
$myorder["items"][$num_line_items]['id'] = 'Surcharge';
$myorder["items"][$num_line_items]['description'] = $order_totals[$i]['title'];
$myorder["items"][$num_line_items]['quantity'] = 1;
$myorder["items"][$num_line_items]['price'] = number_format($order_totals[$i]['value'], 2, '.', '');
$myorder["subtotal"] += $surcharges;
*/
// FirstData can't accept more than 20 line-item submissions per transaction
if ($num_line_items > 20) {
unset($myorder["items"]);
$num_line_items = 0;
}
// Verify that the line-item math works
for ($i = 1, $n = $num_line_items; $i <= $n; $i++) {
$sum2 += $myorder["items"][$i]['quantity'] * $myorder["items"][$i]['price'];
}
if (strval($sum2) != strval($myorder['subtotal'])) {
unset($myorder['items']);
$num_line_items = 0;
}
}
// Subtotal Sanity Check in case there are addon modules affecting calculations
$sum1 = strval($myorder['subtotal'] + $myorder['shipping'] + $myorder['tax']);
if ($sum1 > $myorder['chargetotal']) {
foreach (array('subtotal', 'tax', 'shipping', 'items') as $i) {
if (isset($myorder[$i])) {
unset($myorder[$i]);
}
}
} elseif ($sum1 < $myorder['chargetotal']) {
if ($num_line_items > 0 && $num_line_items < 20 && isset($myorder['items'])) {
$num_line_items++;
$myorder["items"][$num_line_items]['id'] = 'Adj';
$myorder["items"][$num_line_items]['description'] = 'Rounding Adjustment';
$myorder["items"][$num_line_items]['quantity'] = 1;
$myorder["items"][$num_line_items]['price'] = number_format($myorder['chargetotal'] - $sum1, 2, '.', '');
$myorder['subtotal'] += round($myorder['chargetotal'] - $sum1, 2);
$myorder['subtotal'] = number_format($myorder['subtotal'], 2, '.', '');
} else {
foreach (array('subtotal', 'tax', 'shipping', 'items') as $i) {
if (isset($myorder[$i])) {
unset($myorder[$i]);
}
}
}
}
// clean up zeros
foreach (array('subtotal', 'tax', 'shipping') as $i) {
if (isset($myorder[$i]) && $myorder[$i] == 0) {
unset($myorder[$i]);
}
}
$myorder["ip"] = current(explode(':', str_replace(',', ':', zen_get_ip_address())));
$myorder["ponumber"] = "";
// CARD INFO
$myorder["cardnumber"] = $_POST['cc_number'];
$myorder["cardexpmonth"] = $_POST['cc_expires_month'];
$myorder["cardexpyear"] = $_POST['cc_expires_year'];
$myorder["cvmindicator"] = "provided";
$myorder["cvmvalue"] = $_POST['cc_cvv'];
// BILLING INFO
$myorder["userid"] = $_SESSION['customer_id'];
$myorder["customerid"] = $_SESSION['customer_id'];
$myorder["name"] = htmlentities($_POST['cc_owner'], ENT_QUOTES, 'UTF-8');
//$order->billing['firstname'] . ' ' . $order->billing['lastname']);
$myorder["company"] = htmlentities($order->billing['company'], ENT_QUOTES, 'UTF-8');
$myorder["address1"] = htmlentities($order->billing['street_address'], ENT_QUOTES, 'UTF-8');
$myorder["address2"] = htmlentities($order->billing['suburb'], ENT_QUOTES, 'UTF-8');
$myorder["city"] = $order->billing['city'];
$myorder["state"] = $order->billing['state'];
$myorder["country"] = $order->billing['country']['iso_code_2'];
$myorder["phone"] = $order->customer['telephone'];
//$myorder["fax"] = $order->customer['fax'];
$myorder["email"] = $order->customer['email_address'];
$myorder["addrnum"] = $order->billing['street_address'];
// Required for AVS. If not provided, transactions will downgrade.
$myorder["zip"] = $order->billing['postcode'];
// Required for AVS. If not provided, transactions will downgrade.
// SHIPPING INFO
$myorder["sname"] = htmlentities($order->delivery['firstname'] . ' ' . $order->delivery['lastname'], ENT_QUOTES, 'UTF-8');
$myorder["saddress1"] = htmlentities($order->delivery['street_address'], ENT_QUOTES, 'UTF-8');
$myorder["saddress2"] = htmlentities($order->delivery['suburb'], ENT_QUOTES, 'UTF-8');
$myorder["scity"] = $order->delivery['city'];
$myorder["sstate"] = $order->delivery['state'];
$myorder["szip"] = $order->delivery['postcode'];
$myorder["scountry"] = $order->delivery['country']['iso_code_2'];
// MISC
$myorder["comments"] = "Website Order";
// $myorder["referred"] = "";
$myorder["ordertype"] = MODULE_PAYMENT_LINKPOINT_API_AUTHORIZATION_MODE == 'Authorize Only' ? 'PREAUTH' : 'SALE';
$this->payment_status = $myorder["ordertype"];
// send request to gateway
$result = $this->_sendRequest($myorder);
// alert to customer if communication failure
if (!is_array($result)) {
$messageStack->add_session('checkout_payment', MODULE_PAYMENT_LINKPOINT_API_TEXT_FAILURE_MESSAGE, 'error');
zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
}
// resubmit without subtotals if subtotal error occurs
if ($result["r_approved"] != "APPROVED" && !($result["r_approved"] == "SUBMITTED" && $result["r_message"] == 'APPROVED')) {
if (in_array(substr($result['r_error'], 0, 10), array('SGS-002301', 'SGS-010503', 'SGS-005003'))) {
foreach (array('items', 'subtotal', 'tax', 'shipping') as $i) {
if (isset($myorder[$i])) {
unset($myorder[$i]);
}
}
$myorder["oid"] .= '-b';
$myorder["chargetotal"] = $myorder["chargetotal"] - 0.01;
$result = $this->_sendRequest($myorder);
if (!is_array($result)) {
$messageStack->add_session('checkout_payment', MODULE_PAYMENT_LINKPOINT_API_TEXT_FAILURE_MESSAGE, 'error');
zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
}
}
}
// PARSE Results
$all_response_info = '';
foreach ($result as $key => $value) {
$all_response_info .= ' ' . $key . '=' . $value;
}
if ($this->code_debug) {
$messageStack->add_session('header', $all_response_info, 'caution');
}
$chargetotal = $myorder["chargetotal"];
// prepare transaction logging info
$cust_info = '';
$cc_number = substr($myorder["cardnumber"], 0, 4) . str_repeat('X', abs(strlen($myorder["cardnumber"]) - 8)) . substr($myorder["cardnumber"], -4);
foreach ($myorder as $key => $value) {
if ($key != 'cardnumber') {
if ($key == 'cvmvalue') {
$value = '****';
}
if ($key == 'cardexpmonth') {
$cc_month = $value;
}
if ($key == 'cardexpyear') {
$cc_year = $value;
}
if (is_array($value)) {
$value = print_r($value, true);
}
if (!in_array($key, array('keyfile', 'configfile', 'transactionorigin', 'terminaltype', 'host', 'port'))) {
$cust_info .= ' ' . $key . '=' . $value . ';';
}
} else {
$cust_info .= ' ' . $key . '=' . $cc_number . ';';
}
}
// store last 4 digits of CC number
// $order->info['cc_number'] = str_repeat('X', (strlen($myorder["cardnumber"]) - 4)) . substr($myorder["cardnumber"], -4);
// store first and last 4 digits of CC number ... which is the Visa-standards-compliant approach, same as observed by Linkpoint's services
$order->info['cc_number'] = $cc_number;
$order->info['cc_type'] = $_POST['cc_type'];
$order->info['cc_owner'] = $_POST['cc_owner'];
$order->info['cc_cvv'] = '***';
$order->info['cc_expires'] = '';
// $_POST['cc_expires'];
$lp_trans_num = $result['r_ordernum'];
$transaction_tax = $result['r_tax'];
// The calculated tax for the order, when the ordertype is calctax.
$transaction_shipping = $result['r_shipping'];
// The calculated shipping charges for the order, when the ordertype is calcshipping.
$this->response_codes = $result['r_avs'];
// AVS Response for transaction
// these are used to update the order-status-history upon order completion
$this->transaction_id = $result['r_tdate'] . ' Order Number/Code: ' . $result['r_ordernum'];
$this->auth_code = $result['r_code'];
// The approval code for this transaction.
// Store Transaction history in Database
$sql_data_array = array(array('fieldName' => 'lp_trans_num', 'value' => $result['r_ordernum'], 'type' => 'string'), array('fieldName' => 'order_id', 'value' => $result['r_ordernum'], 'type' => 'integer'), array('fieldName' => 'approval_code', 'value' => $result['r_code'], 'type' => 'string'), array('fieldName' => 'transaction_response_time', 'value' => $result['r_time'], 'type' => 'string'), array('fieldName' => 'r_error', 'value' => $result['r_error'], 'type' => 'string'), array('fieldName' => 'customer_id', 'value' => $_SESSION['customer_id'], 'type' => 'integer'), array('fieldName' => 'avs_response', 'value' => $result['r_avs'], 'type' => 'string'), array('fieldName' => 'transaction_result', 'value' => $result['r_approved'], 'type' => 'string'), array('fieldName' => 'message', 'value' => $result['r_message'] . "\n" . $all_response_info, 'type' => 'string'), array('fieldName' => 'transaction_time', 'value' => $result['r_tdate'], 'type' => 'string'), array('fieldName' => 'transaction_reference_number', 'value' => $result['r_ref'], 'type' => 'string'), array('fieldName' => 'fraud_score', 'value' => $result['r_score'], 'type' => 'integer'), array('fieldName' => 'cc_number', 'value' => $cc_number, 'type' => 'string'), array('fieldName' => 'cust_info', 'value' => $cust_info, 'type' => 'string'), array('fieldName' => 'chargetotal', 'value' => $chargetotal, 'type' => 'string'), array('fieldName' => 'ordertype', 'value' => $myorder['ordertype'], 'type' => 'string'), array('fieldName' => 'date_added', 'value' => 'now()', 'type' => 'noquotestring'));
if (MODULE_PAYMENT_LINKPOINT_API_STORE_DATA == 'True') {
$db->perform(TABLE_LINKPOINT_API, $sql_data_array);
}
// Begin check of specific error conditions
if ($result["r_approved"] != "APPROVED" && !($result["r_approved"] == "SUBMITTED" && $result["r_message"] == 'APPROVED')) {
if (substr($result['r_error'], 0, 10) == 'SGS-020005') {
$messageStack->add_session('checkout_payment', $result['r_error'], 'error');
}
// Error (Merchant config file is missing, empty or cannot be read)
if (substr($result['r_error'], 0, 10) == 'SGS-005000') {
$messageStack->add_session('checkout_payment', MODULE_PAYMENT_LINKPOINT_API_TEXT_GENERAL_ERROR . '<br />' . $result['r_error'], 'error');
}
// The server encountered a database error
if (substr($result['r_error'], 0, 10) == 'SGS-000001' || strstr($result['r_error'], 'D:Declined') || strstr($result['r_error'], 'R:Referral')) {
$messageStack->add_session('checkout_payment', MODULE_PAYMENT_LINKPOINT_API_TEXT_DECLINED_MESSAGE . '<br />' . $result['r_error'], 'error');
}
if (substr($result['r_error'], 0, 10) == 'SGS-005005' || strstr($result['r_error'], 'Duplicate transaction')) {
$messageStack->add_session('checkout_payment', MODULE_PAYMENT_LINKPOINT_API_TEXT_DUPLICATE_MESSAGE . '<br />' . $result['r_error'], 'error');
}
if (substr($result['r_error'], 0, 10) == 'SGS-002301') {
$messageStack->add_session('checkout_payment', 'Subtotal miscalculation. Please notify the storeowner.' . '<br />' . $result['r_error'], 'error');
}
}
// End specific error conditions
// Begin Transaction Status does not equal APPROVED
if ($result["r_approved"] != "APPROVED") {
// alert to customer:
$messageStack->add_session('checkout_payment', MODULE_PAYMENT_LINKPOINT_API_TEXT_DECLINED_MESSAGE, 'caution');
zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
}
// End Transaction Status does not equal APPROVED
$avs_meanings = array();
$avs_meanings['YY'] = ' - Street Address and Zip Code match.';
$avs_meanings['YN'] = ' - Street Address matches but Zip Code does NOT match.';
$avs_meanings['YX'] = ' - Street Address matches, but Zip Code comparison unavailable.';
$avs_meanings['NY'] = ' - Street Address DOES NOT match, but Zip Code matches.';
$avs_meanings['XY'] = ' - Street Address check not available, but Zip Code matches.';
$avs_meanings['NN'] = ' - Street Address DOES NOT MATCH and Zip Code DOES NOT MATCH.';
$avs_meanings['NX'] = ' - Street Address DOES NOT MATCH and Zip Code comparison unavailable.';
$avs_meanings['XN'] = ' - Street Address check not available. Zip Code DOES NOT MATCH.';
$avs_meanings['XX'] = ' - No validation for address or zip code could be performed (not available from issuing bank).';
// Possible Fraud order. Allow transaction to process, but notify shop for owner to take appropriate action on order
if ($result["r_approved"] == "APPROVED" && substr($result['r_code'], 17, 2) != "YY" && MODULE_PAYMENT_LINKPOINT_API_FRAUD_ALERT == 'Yes') {
//DEBUG: $messageStack->add_session('header', 'possible fraud situation--> ' . $result['r_code'], 'caution');
$message = 'Potential Fraudulent Order - Bad Address - Action Required' . "\n" . 'This alert occurs because the "Approval Code" below does not contain the expected YY response.' . "\n" . 'Thus, you might want to verify the address with the customer prior to shipping, or be sure to use Registered Mail with Signature Required in case they file a chargeback.' . "\n\n" . 'Customer Name: ' . $order->customer['firstname'] . ' ' . $order->customer['lastname'] . "\n\n" . 'AVS Result: ' . $result['r_avs'] . $avs_meanings[substr($result['r_avs'], 0, 2)] . "\n\n" . 'Order Number: ' . $lp_trans_num . "\n" . 'Transaction Date and Time: ' . $result['r_time'] . "\n" . 'Approval Code: ' . $result['r_code'] . "\n" . 'Reference Number: ' . $result['r_ref'] . "\n\n" . 'Error Message: ' . $result['r_error'] . "\n\n" . 'Transaction Result: ' . $result['r_approved'] . "\n\n" . 'Message: ' . $result['r_message'] . "\n\n" . 'Fraud Score: ' . ($result['r_score'] == '' ? 'Not Enabled' : $result['r_score']) . "\n\n" . 'AVS CODE MEANINGS: ' . "\n" . 'YY** = Street Address and Zip Code match.' . "\n" . 'YN** = Street Address matches but Zip Code does NOT match.' . "\n" . 'YX** = Street Address matches, but Zip Code comparison unavailable.' . "\n" . 'NY** = Street Address DOES NOT match, but Zip Code matches.' . "\n" . 'XY** = Street Address check not available, but Zip Code matches.' . "\n" . 'NN** = Street Address DOES NOT MATCH and Zip Code DOES NOT MATCH.' . "\n" . 'NX** = Street Address DOES NOT MATCH and Zip Code comparison unavailable.' . "\n" . 'XN** = Street Address check not available. Zip Code DOES NOT MATCH.' . "\n" . 'XX** = Neither validation is available.' . "\n";
$html_msg['EMAIL_MESSAGE_HTML'] = nl2br($result['r_message']);
zen_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, 'Potential Fraudulent Order - Bad Address - Action Required - ' . $lp_trans_num, $message, STORE_NAME, EMAIL_FROM, $html_msg, 'fraudalert');
}
// end fraud alert
}
zen_session_save_path(SESSION_WRITE_DIRECTORY);
// set the session cookie parameters
$path = str_replace('\\', '/', dirname($_SERVER['SCRIPT_NAME']));
if (defined('SESSION_USE_ROOT_COOKIE_PATH') && SESSION_USE_ROOT_COOKIE_PATH == 'True') {
$path = '/';
}
$path = defined('CUSTOM_COOKIE_PATH') ? CUSTOM_COOKIE_PATH : $path;
$domainPrefix = !defined('SESSION_ADD_PERIOD_PREFIX') || SESSION_ADD_PERIOD_PREFIX == 'True' ? '.' : '';
$secureFlag = ENABLE_SSL_ADMIN == 'true' && substr(HTTP_SERVER, 0, 6) == 'https:' && substr(HTTPS_SERVER, 0, 6) == 'https:' || ENABLE_SSL_ADMIN == 'false' && substr(HTTP_SERVER, 0, 6) == 'https:' ? TRUE : FALSE;
if (PHP_VERSION >= '5.2.0') {
session_set_cookie_params(0, $path, zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : '', $secureFlag, TRUE);
} else {
session_set_cookie_params(0, $path, zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : '', $secureFlag);
}
/**
* tidy up $_SERVER['REMOTE_ADDR'] before we use it anywhere else
*/
$ipAddressArray = explode(',', zen_get_ip_address());
$ipAddress = sizeof($ipAddressArray) > 0 ? $ipAddressArray[0] : '';
$_SERVER['REMOTE_ADDR'] = $ipAddress;
// lets start our session
zen_session_start();
$session_started = true;
if (!isset($_SESSION['securityToken'])) {
$_SESSION['securityToken'] = md5(uniqid(rand(), true));
}
if ((isset($_GET['action']) || isset($_POST['action'])) && $_SERVER['REQUEST_METHOD'] == 'POST') {
if (!isset($_SESSION['securityToken']) || !isset($_POST['securityToken']) || $_SESSION['securityToken'] !== $_POST['securityToken']) {
zen_redirect(zen_href_link(FILENAME_DEFAULT, '', 'SSL'));
}
}
/**
* Prepare and submit the final authorization to PayPal via the appropriate means as configured
*/
function before_process()
{
global $order, $doPayPal, $messageStack;
$options = array();
$optionsShip = array();
$optionsNVP = array();
$options = $this->getLineItemDetails();
//$this->zcLog('before_process - 1', 'Have line-item details:' . "\n" . print_r($options, true));
$doPayPal = $this->paypal_init();
/****************************************
* Do DP checkout
****************************************/
$this->zcLog('before_process - DP-1', 'Beginning DP mode');
// Set state fields depending on what PayPal wants to see for that country
$this->setStateAndCountry($order->billing);
if (zen_not_null($order->delivery['street_address'])) {
$this->setStateAndCountry($order->delivery);
}
// Validate credit card data
include DIR_WS_CLASSES . 'cc_validation.php';
$cc_validation = new cc_validation();
$response = $cc_validation->validate($_POST['wpp_cc_number'], $_POST['wpp_cc_expdate_month'], $_POST['wpp_cc_expdate_year'], $_POST['wpp_cc_issuedate_month'], $_POST['wpp_cc_issuedate_year']);
$error = '';
switch ($response) {
case -1:
$error = sprintf(TEXT_CCVAL_ERROR_UNKNOWN_CARD, substr($cc_validation->cc_number, 0, 4));
break;
case -2:
case -3:
case -4:
$error = TEXT_CCVAL_ERROR_INVALID_DATE;
break;
case false:
$error = TEXT_CCVAL_ERROR_INVALID_NUMBER;
break;
}
if ($response === false || $response < 1) {
$this->zcLog('before_process - DP-2', 'CC validation results: ' . $error . '(' . $response . ')');
$messageStack->add_session('checkout_payment', $error . '<!-- [' . $this->code . '] -->' . '<!-- result: ' . $response . ' -->', 'error');
zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, $error, 'SSL', true, false));
$this->zcLog('before_process - DP-3', 'CC info: ' . $cc_validation->cc_type . ' ' . substr($cc_validation->cc_number, 0, 4) . str_repeat('X', strlen($cc_validation->cc_number) - 8) . substr($cc_validation->cc_number, -4) . ' ' . $error);
}
if (!in_array($cc_validation->cc_type, array('Visa', 'MasterCard', 'Switch', 'Solo', 'Discover', 'American Express', 'Maestro'))) {
$messageStack->add_session('checkout_payment', MODULE_PAYMENT_PAYPALDP_TEXT_BAD_CARD . '<!-- [' . $this->code . ' ' . $cc_validation->cc_type . '] -->', 'error');
zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, MODULE_PAYMENT_PAYPALDP_TEXT_BAD_CARD, 'SSL', true, false));
}
// if CC validation passed, continue using the validated data
$cc_type = $cc_validation->cc_type;
$cc_number = $cc_validation->cc_number;
$cc_first_name = $_POST['wpp_payer_firstname'];
$cc_last_name = $_POST['wpp_payer_lastname'];
$cc_checkcode = $_POST['wpp_cc_checkcode'];
$cc_expdate_month = $cc_validation->cc_expiry_month;
$cc_expdate_year = $cc_validation->cc_expiry_year;
$cc_issuedate_month = $_POST['wpp_cc_issuedate_month'];
$cc_issuedate_year = $_POST['wpp_cc_issuedate_year'];
$cc_issuenumber = $_POST['wpp_cc_issuenumber'];
$cc_owner_ip = zen_get_ip_address();
// If they're still here, set some of the order object's variables.
$order->info['cc_type'] = $cc_type;
$order->info['cc_number'] = substr($cc_number, 0, 4) . str_repeat('X', strlen($cc_number) - 8) . substr($cc_number, -4);
$order->info['cc_owner'] = $cc_first_name . ' ' . $cc_last_name;
$order->info['cc_expires'] = $cc_expdate_month . substr($cc_expdate_year, -2);
$order->info['ip_address'] = $cc_owner_ip;
// Set currency
$my_currency = $this->selectCurrency($order->info['currency'], 'DP');
/*
// if CC is switch or solo, must be GBP
if (in_array($cc_type, array('Switch', 'Solo', 'Maestro'))) {
$my_currency = 'GBP';
}
*/
$order_amount = $this->calc_order_amount($order->info['total'], $my_currency);
// Initialize the paypal caller object.
$doPayPal = $this->paypal_init();
$optionsAll = array_merge($options, array('STREET' => $order->billing['street_address'], 'ZIP' => $order->billing['postcode'], 'CITY' => $order->billing['city'], 'STATE' => $order->billing['state'], 'STREET2' => $order->billing['suburb'], 'COUNTRYCODE' => $order->billing['country']['iso_code_2'], 'EXPDATE' => $cc_expdate_month . $cc_expdate_year, 'EMAIL' => $order->customer['email_address'], 'PHONENUM' => $order->customer['telephone']));
$optionsShip = array();
if (isset($order->delivery) && $order->delivery['street_address'] != '') {
$optionsShip = array('SHIPTONAME' => $order->delivery['name'] == '' ? $order->delivery['firstname'] . ' ' . $order->delivery['lastname'] : $order->delivery['name'], 'SHIPTOSTREET' => $order->delivery['street_address'], 'SHIPTOSTREET2' => $order->delivery['suburb'], 'SHIPTOCITY' => $order->delivery['city'], 'SHIPTOZIP' => $order->delivery['postcode'], 'SHIPTOSTATE' => $order->delivery['state'], 'SHIPTOCOUNTRYCODE' => $order->delivery['country']['iso_code_2']);
}
// if State is not supplied, repeat the city so that it's not blank, otherwise PayPal croaks
if (!isset($optionsShip['SHIPTOSTATE']) || trim($optionsShip['SHIPTOSTATE']) == '') {
$optionsShip['SHIPTOSTATE'] = $optionsShip['SHIPTOCITY'];
}
if ($optionsAll['STREET2'] == '') {
unset($optionsAll['STREET2']);
}
if ($optionsShip['SHIPTOSTREET2'] == '') {
unset($optionsShip['SHIPTOSTREET2']);
}
// Payment Transaction/Authorization Mode
$optionsNVP['PAYMENTACTION'] = MODULE_PAYMENT_PAYPALDP_TRANSACTION_MODE == 'Auth Only' ? 'Authorization' : 'Sale';
if (MODULE_PAYMENT_PAYPALDP_TRANSACTION_MODE == 'Auth Only') {
$this->order_status = MODULE_PAYMENT_PAYPALDP_ORDER_PENDING_STATUS_ID;
}
// if (in_array($cc_type, array('Switch', 'Solo'))) {
// $optionsNVP['PAYMENTACTION'] = 'Authorization';
// }
$optionsAll['BUTTONSOURCE'] = $this->buttonSource;
$optionsAll['CURRENCY'] = $my_currency;
$optionsAll['IPADDRESS'] = $cc_owner_ip;
if ($cc_issuedate_month && $cc_issuedate_year) {
$optionsAll['CARDSTART'] = $cc_issuedate_month . substr($cc_issuedate_year, -2);
}
if (isset($_POST['wpp_cc_issuenumber'])) {
$optionsAll['CARDISSUE'] = $_POST['wpp_cc_issuenumber'];
}
// unused at present:
// $options['CUSTOM'] = '';
// $options['INVNUM'] = '';
// $options['DESC'] = '';
if (substr(MODULE_PAYMENT_PAYPALDP_MODULE_MODE, 0, 7) == 'Payflow') {
if (isset($optionsAll['COUNTRYCODE'])) {
$optionsAll['COUNTRY'] = $optionsAll['COUNTRYCODE'];
unset($optionsAll['COUNTRYCODE']);
}
if (isset($optionsShip['SHIPTOCOUNTRYCODE'])) {
$optionsShip['SHIPTOCOUNTRY'] = $optionsShip['SHIPTOCOUNTRYCODE'];
unset($optionsShip['SHIPTOCOUNTRYCODE']);
}
if (isset($optionsShip['SHIPTOSTREET2'])) {
unset($optionsShip['SHIPTOSTREET2']);
}
if (isset($optionsAll['STREET2'])) {
unset($optionsAll['STREET2']);
}
}
$this->zcLog('before_process - DP-4', 'optionsAll: ' . print_r($optionsAll, true) . "\n" . 'optionsNVP: ' . print_r($optionsNVP, true) . "\n" . 'optionsShip' . print_r($optionsShip, true) . "\n" . 'Rest of data: ' . "\n" . number_format($order_amount, 2) . ' ' . $cc_expdate_month . ' ' . substr($cc_expdate_year, -2) . ' ' . $cc_first_name . ' ' . $cc_last_name . ' ' . $cc_type);
$response = $doPayPal->DoDirectPayment(number_format($order_amount, 2), $cc_number, $cc_checkcode, $cc_expdate_month . substr($cc_expdate_year, -2), $cc_first_name, $cc_last_name, $cc_type, $optionsAll, array_merge($optionsNVP, $optionsShip));
$this->zcLog('before_process - DP-5', 'resultset:' . "\n" . urldecode(print_r($response, true)));
// CHECK RESPONSE
$error = $this->_errorHandler($response, 'DoDirectPayment');
$this->feeamt = '';
$this->taxamt = '';
$this->pendingreason = '';
$this->reasoncode = '';
$this->numitems = sizeof($order->products);
$this->responsedata = $response;
if ($response['PNREF']) {
// PNREF only comes from payflow mode
$this->payment_type = MODULE_PAYMENT_PAYPALDP_PF_TEXT_TYPE;
$this->transaction_id = $response['PNREF'];
$this->payment_status = MODULE_PAYMENT_PAYPALDP_TRANSACTION_MODE == 'Auth Only' ? 'Authorization' : 'Completed';
$this->avs = 'AVSADDR: ' . $response['AVSADDR'] . ', AVSZIP: ' . $response['AVSZIP'] . ', IAVS: ' . $response['IAVS'];
$this->cvv2 = $response['CVV2MATCH'];
$this->amt = $order_amount . ' ' . $my_currency;
$this->payment_time = date('Y-m-d h:i:s');
$this->responsedata['CURRENCYCODE'] = $my_currency;
$this->responsedata['EXCHANGERATE'] = $order->info['currency_value'];
$this->auth_code = $this->response['AUTHCODE'];
} else {
// here we're in NVP mode
$this->transaction_id = $response['TRANSACTIONID'];
$this->payment_type = MODULE_PAYMENT_PAYPALDP_DP_TEXT_TYPE;
$this->payment_status = MODULE_PAYMENT_PAYPALDP_TRANSACTION_MODE == 'Auth Only' ? 'Authorization' : 'Completed';
$this->pendingreason = MODULE_PAYMENT_PAYPALDP_TRANSACTION_MODE == 'Auth Only' ? 'authorization' : '';
$this->avs = $response['AVSCODE'];
$this->cvv2 = $response['CVV2MATCH'];
$this->correlationid = $response['CORRELATIONID'];
$this->payment_time = urldecode($response['TIMESTAMP']);
$this->amt = urldecode($response['AMT'] . ' ' . $response['CURRENCYCODE']);
$this->auth_code = isset($this->response['AUTHCODE']) ? $this->response['AUTHCODE'] : $this->response['TOKEN'];
$this->transactiontype = 'cart';
}
}
/**
* Build the data and actions to process when the "Submit" button is pressed on the order-confirmation screen.
* This sends the data to the payment gateway for processing.
* (These are hidden fields on the checkout confirmation page)
*
* @return string
*/
function process_button()
{
global $order;
$sequence = rand(1, 1000);
$submit_data_core = array('x_login' => MODULE_PAYMENT_AUTHORIZENET_LOGIN, 'x_amount' => number_format($order->info['total'], 2), 'x_version' => '3.1', 'x_method' => MODULE_PAYMENT_AUTHORIZENET_METHOD == 'Credit Card' ? 'CC' : 'ECHECK', 'x_type' => MODULE_PAYMENT_AUTHORIZENET_AUTHORIZATION_TYPE == 'Authorize' ? 'AUTH_ONLY' : 'AUTH_CAPTURE', 'x_cust_ID' => $_SESSION['customer_id'], 'x_email_customer' => MODULE_PAYMENT_AUTHORIZENET_EMAIL_CUSTOMER == 'True' ? 'TRUE' : 'FALSE', 'x_company' => $order->billing['company'], 'x_first_name' => $order->billing['firstname'], 'x_last_name' => $order->billing['lastname'], 'x_address' => $order->billing['street_address'], 'x_city' => $order->billing['city'], 'x_state' => $order->billing['state'], 'x_zip' => $order->billing['postcode'], 'x_country' => $order->billing['country']['title'], 'x_phone' => $order->customer['telephone'], 'x_fax' => $order->customer['fax'], 'x_email' => $order->customer['email_address'], 'x_ship_to_company' => $order->delivery['company'], 'x_ship_to_first_name' => $order->delivery['firstname'], 'x_ship_to_last_name' => $order->delivery['lastname'], 'x_ship_to_address' => $order->delivery['street_address'], 'x_ship_to_city' => $order->delivery['city'], 'x_ship_to_state' => $order->delivery['state'], 'x_ship_to_zip' => $order->delivery['postcode'], 'x_ship_to_country' => $order->delivery['country']['title'], 'x_Customer_IP' => zen_get_ip_address(), 'x_relay_response' => 'TRUE', 'x_relay_URL' => zen_href_link(FILENAME_CHECKOUT_PROCESS, 'action=confirm', 'SSL', true, false), 'x_invoice_num' => '', 'x_duplicate_window' => '120', 'x_allow_partial_Auth' => 'FALSE', 'x_description' => 'Website Purchase from ' . str_replace('"', "'", STORE_NAME));
$submit_data_security = $this->InsertFP(MODULE_PAYMENT_AUTHORIZENET_LOGIN, MODULE_PAYMENT_AUTHORIZENET_TXNKEY, number_format($order->info['total'], 2), $sequence);
$submit_data_offline = array('x_show_form' => 'PAYMENT_FORM', 'x_receipt_link_method' => 'POST', 'x_receipt_link_text' => 'Click here to complete your order.', 'x_receipt_link_url' => zen_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', false));
//The following can (and SHOULD) be set in the authnet account admin area instead of here
$submit_data_extras = array();
$submit_data_onsite = array('x_card_num' => $this->cc_card_number, 'x_exp_date' => $this->cc_expiry_month . substr($this->cc_expiry_year, -2));
if (MODULE_PAYMENT_AUTHORIZENET_USE_CVV == 'True') {
if ($this->gateway_mode == 'onsite') {
$submit_data_onsite['x_card_code'] = $_POST['authorizenet_cc_cvv'];
}
}
if ($this->gateway_mode == 'onsite') {
$submit_data = array_merge($submit_data_core, $submit_data_security, $submit_data_onsite);
} else {
$submit_data = array_merge($submit_data_core, $submit_data_security, $submit_data_offline, $submit_data_extras);
}
if (MODULE_PAYMENT_AUTHORIZENET_TESTMODE == 'Test') {
$submit_data['x_Test_Request'] = 'TRUE';
}
$submit_data[zen_session_name()] = zen_session_id();
$process_button_string = "\n";
foreach ($submit_data as $key => $value) {
$process_button_string .= zen_draw_hidden_field($key, $value) . "\n";
}
// prepare a copy of submitted data for error-reporting purposes
$this->reportable_submit_data = $submit_data;
$this->reportable_submit_data['x_login'] = '******';
if (isset($this->reportable_submit_data['x_tran_key'])) {
$this->reportable_submit_data['x_tran_key'] = '*******';
}
if (isset($this->reportable_submit_data['x_card_num'])) {
$this->reportable_submit_data['x_card_num'] = str_repeat('X', strlen($this->reportable_submit_data['x_card_num'] - 4)) . substr($this->reportable_submit_data['x_card_num'], -4);
}
// if (isset($this->reportable_submit_data['x_card_code'])) $this->reportable_submit_data['x_card_code'] = '*******';
$this->reportable_submit_data['url'] = $url;
$this->_debugActions($this->reportable_submit_data, 'Submit-Data', '', zen_session_id());
return $process_button_string;
}
/**
* 3D-Secure lookup
*
* @param array $lookup_data_array
* @return array
*/
function get3DSecureLookupResponse($lookup_data_array)
{
// Set some defaults
if (!isset($lookup_data_array['order_desc']) || $lookup_data_array['order_desc'] == '') {
$lookup_data_array['order_desc'] = 'Zen Cart(R) Transaction';
}
if (!isset($lookup_data_array['order_number']) || $lookup_data_array['order_number'] == '') {
$lookup_data_array['order_number'] = zen_session_id();
}
// format the card expiration
$lookup_data_array['cc3d_exp_year'] = (strlen($lookup_data_array['cc3d_exp_year']) == 2 ? '20' : '') . $lookup_data_array['cc3d_exp_year'];
// get the ISO 4217 currency
$iso_currency = $this->getISOCurrency($lookup_data_array['currency']);
// format the transaction amounts
$raw_amount = $this->formatRawAmount($lookup_data_array['txn_amount'], $iso_currency);
// determine the appropriate product code for submission
$prodCode = FALSE;
if (isset($_SESSION['cart'])) {
if ($_SESSION['cart']->get_cart_type == 'virtual') {
$prodCode = 'DIG';
} else {
$prodCode = 'PHY';
}
}
// DEBUG ONLY: $this->zcLog(__FILE__ . '->' . __LINE__, 'session details: ' . print_r(array_merge($_POST, $_SESSION), true));
// Build the XML cmpi_lookup message
$data = '<CardinalMPI>';
$data .= '<MsgType>cmpi_lookup</MsgType>';
$data .= '<Version>1.7</Version>';
$data .= '<ProcessorId>' . $this->escapeXML(MODULE_PAYMENT_PAYPALDP_CARDINAL_PROCESSOR) . '</ProcessorId>';
$data .= '<MerchantId><![CDATA[' . $this->escapeXML(MODULE_PAYMENT_PAYPALDP_CARDINAL_MERCHANT) . ']]></MerchantId>';
$data .= '<TransactionPwd><![CDATA[' . $this->escapeXML(MODULE_PAYMENT_PAYPALDP_CARDINAL_PASSWORD) . ']]></TransactionPwd>';
$data .= '<TransactionType>CC</TransactionType>';
$data .= '<TransactionMode>S</TransactionMode>';
$data .= '<OrderNumber>' . $this->escapeXML($lookup_data_array['order_number']) . '</OrderNumber>';
$data .= '<OrderDescription>' . $this->escapeXML($lookup_data_array['order_desc']) . '</OrderDescription>';
$data .= '<Amount>' . $this->escapeXML($raw_amount) . '</Amount>';
$data .= '<CurrencyCode>' . $this->escapeXML($iso_currency) . '</CurrencyCode>';
$data .= '<CardNumber>' . $this->escapeXML($lookup_data_array['cc3d_card_number']) . '</CardNumber>';
$data .= '<Cvv>' . $this->escapeXML($lookup_data_array['cc3d_checkcode']) . '</Cvv>';
$data .= '<CardCode>' . $this->escapeXML($lookup_data_array['cc3d_checkcode']) . '</CardCode>';
$data .= '<CardExpMonth>' . $this->escapeXML($lookup_data_array['cc3d_exp_month']) . '</CardExpMonth>';
$data .= '<CardExpYear>' . $this->escapeXML($lookup_data_array['cc3d_exp_year']) . '</CardExpYear>';
$data .= '<UserAgent>' . $this->escapeXML($_SERVER["HTTP_USER_AGENT"]) . '</UserAgent>';
$ipAddress = current(explode(':', str_replace(',', ':', zen_get_ip_address())));
$data .= '<IPAddress>' . $this->escapeXML($ipAddress) . '</IPAddress>';
$data .= '<BrowserHeader>' . $this->escapeXML($_SERVER["HTTP_ACCEPT"]) . '</BrowserHeader>';
$data .= '<OrderChannel>' . $this->escapeXML('MARK') . '</OrderChannel>';
if (isset($lookup_data_array['merchantData'])) {
$data .= '<MerchantData>' . $this->escapeXML($lookup_data_array['merchantData']) . '</MerchantData>';
}
if ($prodCode !== FALSE && $prodCode != '') {
$data .= '<ProductCode>' . $this->escapeXML($prodCode) . '</ProductCode>';
}
$data .= '</CardinalMPI>';
$debugData = str_replace(array('[CDATA[' . $this->escapeXML(MODULE_PAYMENT_PAYPALDP_CARDINAL_MERCHANT) . ']]', '[CDATA[' . $this->escapeXML(MODULE_PAYMENT_PAYPALDP_CARDINAL_PASSWORD) . ']]', $this->escapeXML($lookup_data_array['cc3d_card_number']), $this->escapeXML($lookup_data_array['cc3d_checkcode'])), '********', $data);
if (MODULE_PAYMENT_CARDINAL_CENTINEL_DEBUGGING !== FALSE) {
$this->zcLog('Cardinal Lookup 1', '[' . zen_session_id() . '] Cardinal Centinel - cmpi_lookup request (' . MODULE_PAYMENT_PAYPALDP_CARDINAL_TXN_URL . ') - ' . $debugData);
}
$responseString = $this->send3DSecureHttp(MODULE_PAYMENT_PAYPALDP_CARDINAL_TXN_URL, $data, $debugData);
if (MODULE_PAYMENT_CARDINAL_CENTINEL_DEBUGGING !== FALSE) {
$this->zcLog('Cardinal Lookup 2', '[' . zen_session_id() . '] Cardinal Centinel - cmpi_lookup response - ' . $responseString);
}
// parse the XML
$parser = new CardinalXMLParser();
$parser->deserializeXml($responseString);
$errorNo = $parser->deserializedResponse['ErrorNo'];
$errorDesc = $parser->deserializedResponse['ErrorDesc'];
$enrolled = $parser->deserializedResponse['Enrolled'];
if ($errorNo != 0) {
$this->zcLog('Cardinal Lookup 3', '[' . zen_session_id() . '] Cardinal Centinel - cmpi_lookup error - ' . $errorNo . ' - ' . $errorDesc);
$errorText = 'Cardinal Lookup 3' . '[' . zen_session_id() . '] Cardinal Centinel - cmpi_lookup error - ' . $errorNo . ' - ' . $errorDesc;
$errorText .= "\n\n" . 'There are 3 steps to configuring your Cardinal 3D-Secure service properly: ' . "\n1-Login to the Cardinal Merchant Admin URL supplied in your welcome package (NOT the test URL), and accept the license agreement.\n2-Set a transaction password.\n3-Copy your Cardinal Merchant ID and Cardinal Transaction Password into your ZC PayPal module.\n\nFor specific help, please contact implement@cardinalcommerce.com to sort out your account configuration issues.";
$errorText .= "\n\nProblem observed while customer " . $_SESSION['customer_id'] . ' ' . $_SESSION['customer_first_name'] . ' ' . $_SESSION['customer_last_name'] . ' was attempting checkout with 3D-Secure authentication. THEIR PURCHASE WAS NOT SUCCESSFUL. Please resolve this matter to enable future checkouts.';
zen_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, substr($errorDesc, 0, 75) . ' (' . $errorNo . ')', $errorText, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, array('EMAIL_MESSAGE_HTML' => nl2br($errorText)), 'paymentalert');
}
// default the continue flag to 'N'
$continue_flag = 'N';
// determine whether the transaction should continue or fail based upon
// the enrollment lookup results
if (strcasecmp(MODULE_PAYMENT_PAYPALDP_CARDINAL_AUTHENTICATE_REQ, 'No') == 0) {
$continue_flag = 'Y';
} else {
if (strcmp($errorNo, '0') == 0) {
if (strcasecmp($enrolled, 'Y') == 0) {
$continue_flag = 'Y';
} else {
if (strcasecmp($enrolled, 'N') == 0) {
$cardType = $this->determineCardType($this->cc_card_number);
if (strcasecmp($cardType, 'VISA') == 0 || strcasecmp($cardType, 'JCB') == 0) {
$continue_flag = 'Y';
}
}
}
} else {
if ($errorNo == 1001) {
// merchant has an account configuration problem to fix
$errorText = CENTINEL_ERROR_CODE_1001 . ' - ' . CENTINEL_ERROR_CODE_1001_DESC;
$errorText .= "\n\nProblem occurred while customer " . $_SESSION['customer_id'] . ' ' . $_SESSION['customer_first_name'] . ' ' . $_SESSION['customer_last_name'] . ' was attempting checkout with 3D-Secure authentication.';
zen_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, CENTINEL_ERROR_CODE_1001_DESC . ' (' . CENTINEL_ERROR_CODE_1001 . ')', $errorText, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, array('EMAIL_MESSAGE_HTML' => nl2br($errorText)), 'paymentalert');
$continue_flag = 'Y';
}
}
}
if (strcasecmp('Y', $continue_flag) == 0) {
// For validation/security purposes, mark the session that the lookup result was acceptable.
$_SESSION['3Dsecure_enroll_lookup_attempted'] = 'Y';
} else {
// For validation/security purposes, mark the session that the lookup result was not acceptable.
unset($_SESSION['3Dsecure_enroll_lookup_attempted']);
}
$result = array('continue_flag' => $continue_flag, 'enrolled' => $enrolled, 'transaction_id' => $parser->deserializedResponse['TransactionId'], 'error_no' => $errorNo, 'error_desc' => $errorDesc, 'acs_url' => $parser->deserializedResponse['ACSUrl'], 'spa_hidden_fields' => $parser->deserializedResponse['SPAHiddenFields'], 'payload' => $parser->deserializedResponse['Payload'], 'cc3d_card_number' => $parser->deserializedResponse['CardNumber'], 'cc3d_checkcode' => $parser->deserializedResponse['CardCode'], 'cc3d_exp_month' => $parser->deserializedResponse['CardExpMonth'], 'cc3d_exp_year' => $parser->deserializedResponse['CardExpYear'], 'EciFlag' => $parser->deserializedResponse['EciFlag'], 'cc3d_merchantdata' => $parser->deserializedResponse['MerchantData']);
return $result;
}
$order_totals = $order_total_modules->process();
$zco_notifier->notify('NOTIFY_CHECKOUT_PROCESS_AFTER_ORDER_TOTALS_PROCESS');
//Process rpsitepay payment method
if ($_SESSION['payment'] == 'rpsitepay' && $_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['payment_process']) && $_POST['payment_process'] == 'payment_post') {
$checkout_paymethod = $_POST['paymethod'];
$checkout_card_no = $_POST['card_no'];
$checkout_card_exp_month = $_POST['card_exp_month'];
$checkout_card_exp_year = $_POST['card_exp_year'];
$checkout_card_cvn = $_POST['card_cvn'];
$checkout_BFirstName = $_POST['BFirstName'];
$checkout_BLastName = $_POST['BLastName'];
$checkout_BAddress = $_POST['BAddress'];
$checkout_PostCode = $_POST['PostCode'];
$checkout_BCity = $_POST['BCity'];
$checkout_BEmail = $_POST['BEmail'];
$checkout_remote_ip = zen_get_ip_address();
$checkout_user_agent = $_SERVER['HTTP_USER_AGENT'];
$checkout_accept_language = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
$checkout_hDate = $_POST['checkout_hDate'];
$checkout_hTimeZone = $_POST['checkout_hTimeZone'];
$checkout_vga = $_POST['checkout_vga'];
$pay_error = false;
if (empty($checkout_paymethod)) {
$pay_error = true;
$messageStack->add('pay_error', TEXT_CHECKOUT_PAYMENT_ERROR_CREDIT_CARD);
}
if (empty($checkout_card_no)) {
$pay_error = true;
$messageStack->add('pay_error', TEXT_CHECKOUT_PAYMENT_ERROR_CARD);
} else {
$checkout_card_no1 = substr($checkout_card_no, 0, 1);
