/**
* Retour de la demande de paiement chez PaypalExpress
*
* @param array $config
* @param null|array $response
* @return array
*/
function presta_paypalexpress_call_response($config, $response = null)
{
include_spip('inc/bank');
$mode = $config['presta'];
$ack = false;
include_spip('presta/paypalexpress/inc/paypalexpress');
/* At this point, the buyer has completed in authorizing payment
at PayPal. The script will now call PayPal with the details
of the authorization, incuding any shipping information of the
buyer. Remember, the authorization is not a completed transaction
at this state - the buyer still needs an additional step to finalize
the transaction
*/
$token = urlencode(_request('token'));
$id_transaction = intval($_SESSION['id_transaction']);
if (!($row = sql_fetsel("*", "spip_transactions", "id_transaction=" . intval($id_transaction)))) {
return bank_transaction_invalide($id_transaction, array('mode' => $mode, 'log' => var_export($_REQUEST, true) . var_export($_SESSION, true), 'erreur' => 'donnees Paypal non conformes'));
}
/* Build a second API request to PayPal, using the token as the
ID to get the details on the payment authorization
*/
$nvpstr = "&TOKEN=" . $token;
#var_dump($nvpstr);
// pas la peine de faire un call Paypal si Cancel
if ($token and _request('action') !== 'bank_cancel' and !defined('_BANK_CANCEL_TRANSACTION')) {
/* Make the API call and store the results in an array. If the
call was a success, show the authorization details, and provide
an action to complete the payment. If failed, show the error
*/
$resArray = bank_paypalexpress_hash_call($config, "GetExpressCheckoutDetails", $nvpstr);
#var_dump($resArray);
$_SESSION['reshash'] = $resArray;
$ack = strtoupper($resArray["ACK"]);
}
if ($ack == "SUCCESS" and isset($resArray["PAYERID"]) and isset($resArray["EMAIL"]) and $resArray["PAYERID"] == _request('PayerID')) {
$url = $_SESSION['paypalexpress_url_confirm'];
$url_checkout = generer_action_auteur('paypalexpress_checkoutpayment', $resArray["PAYERID"] . "-" . $mode . "-" . bank_config_id($config));
$url = parametre_url($url, 'checkout', $url_checkout, '&');
$resume = "Paiement par compte Paypal : <br/>" . $resArray['FIRSTNAME'] . ' ' . $resArray['LASTNAME'] . "," . $resArray['EMAIL'];
$_SESSION['order_resume'] = $resume;
$_SESSION['token'] = $token;
$_SESSION['payer_id'] = $resArray["PAYERID"];
// on redirige (un peu sauvagement) sur l'URL de confirmation
// qui est l'url d'origine du paiement avec un &confirm=oui
// et va rafficher la commande avec un bouton de validation de paiement
include_spip("inc/headers");
redirige_par_entete($url);
} else {
// regarder si l'annulation n'arrive pas apres un reglement (internaute qui a ouvert 2 fenetres de paiement)
if ($row['reglee'] == 'oui') {
return array($id_transaction, true);
}
return bank_transaction_echec($id_transaction, array('mode' => $mode, 'config_id' => bank_config_id($config), 'log' => var_export($_REQUEST, true) . var_export($_SESSION['reshash'], true), 'erreur' => $ack, 'where' => 'GetExpressCheckoutDetails'));
}
}
function bank_paypalexpress_checkoutpayment($payerid, $config)
{
$mode = $config['presta'];
if (isset($config['mode_test']) and $config['mode_test']) {
$mode .= "_test";
}
$config_id = bank_config_id($config);
include_spip('inc/date');
if (!($id_transaction = $_SESSION['id_transaction'])) {
return bank_transaction_invalide(0, array('mode' => $mode, 'erreur' => "id_transaction absent de la session", 'log' => var_export($_SESSION, true)));
}
if (!($row = sql_fetsel("*", "spip_transactions", "id_transaction=" . intval($id_transaction)))) {
return bank_transaction_invalide($id_transaction, array('mode' => $mode, 'erreur' => "transaction inconnue", 'log' => var_export($_SESSION, true)));
}
// hmm bizare, double hit ? On fait comme si c'etait OK
if ($row['reglee'] == 'oui') {
spip_log("Erreur transaction {$id_transaction} deja reglee", $mode . _LOG_INFO_IMPORTANTE);
return array($id_transaction, true);
}
// verifier que le payerid est conforme
if ($payerid !== $_SESSION['payer_id']) {
$trace = "Payerid:{$payerid}\n" . var_export($_SESSION, true);
// sinon enregistrer l'absence de paiement et l'erreur
return bank_transaction_echec($id_transaction, array('mode' => $mode, 'config_id' => $config_id, 'code_erreur' => '', 'erreur' => "Annulation", 'log' => $trace));
}
/* Gather the information to make the final call to
finalize the PayPal payment. The variable nvpstr
holds the name value pairs
*/
$token = urlencode($_SESSION['token']);
$paymentAmount = $row['montant'];
$currencyCodeType = "EUR";
$paymentType = "Sale";
$payerID = urlencode($_SESSION['payer_id']);
$serverName = urlencode($_SERVER['SERVER_NAME']);
$nvpstr = '&TOKEN=' . $token . '&PAYERID=' . $payerID . '&PAYMENTACTION=' . $paymentType . '&AMT=' . $paymentAmount . '&ORDERTOTAL=' . $paymentAmount . '&CURRENCYCODE=' . $currencyCodeType . '&IPADDRESS=' . $serverName;
/* Make the call to PayPal to finalize payment
If an error occured, show the resulting errors
*/
$resArray = bank_paypalexpress_hash_call($config, "DoExpressCheckoutPayment", $nvpstr);
$date_paiement = date('Y-m-d H:i:s');
/* Display the API response back to the browser.
If the response from PayPal was a success, display the response parameters'
If the response was an error, display the errors received using APIError.php.
*/
$ack = strtoupper($resArray["ACK"]);
if ($ack != "SUCCESS") {
$_SESSION['reshash'] = $resArray;
return bank_transaction_echec($id_transaction, array('mode' => $mode, 'config_id' => $config_id, "date_paiement" => $date_paiement, 'code_erreur' => '', 'erreur' => "Erreur lors de la transaction avec Paypal", 'log' => var_export($resArray, true), 'where' => 'DoExpressCheckoutPayment'));
}
$authorisation_id = $resArray['TRANSACTIONID'];
$montant_regle = $resArray['AMT'];
$set = array("autorisation_id" => $authorisation_id, "mode" => "{$mode}/{$config_id}", "montant_regle" => $montant_regle, "date_paiement" => $date_paiement, "statut" => 'ok', "reglee" => 'oui');
sql_updateq("spip_transactions", $set, "id_transaction=" . intval($id_transaction));
spip_log("DoExpressCheckoutPayment : id_transaction {$id_transaction}, reglee", $mode . _LOG_INFO_IMPORTANTE);
if (isset($_SESSION['reshash']) and $response = $_SESSION['reshash']) {
// si on dispose des informations utilisateurs, les utiliser pour peupler la gloable bank_session
// qui peut etre utilisee pour creer le compte client a la volee
$var_users = array('EMAIL' => 'email', 'LASTNAME' => 'nom', 'FIRSTNAME' => 'prenom', 'SHIPTONAME' => 'nom', 'SHIPTOSTREET' => 'adresse', 'SHIPTOCITY' => 'ville', 'SHIPTOZIP' => 'code_postal', 'SHIPTOCOUNTRYCODE' => 'pays');
foreach ($var_users as $kr => $ks) {
if (isset($response[$kr]) and $response[$kr]) {
if (!isset($GLOBALS['bank_session'])) {
$GLOBALS['bank_session'] = array();
}
$GLOBALS['bank_session'][$ks] = $response[$kr];
}
}
}
// a faire avant le reglement qui va poser d'autres variables de session
session_unset();
$regler_transaction = charger_fonction('regler_transaction', 'bank');
$regler_transaction($id_transaction, array('row_prec' => $row));
return array($id_transaction, true);
}
