/** * Validate if transaction real and successful * * @param array $dataArr - array with data to validate * @param string &$errorMessage - error message when return result is not 1 * * @return int - validation result * possible variants: * -1 - fraud attempt * 0 - transaction was declined * 1 - transaction was approved * 2 - inner error * * */ function moduleValidateTransaction(&$dataArr, &$errorMessage) { global $providerConf; if ($providerConf['Debug']) { writeDebugLog('Validation for transaction', $dataArr, false); } if (!commonValidateTransaction($dataArr['productDesc'], $dataArr['initialPrice'], $errorMessage)) { return -1; } if ($dataArr['clientAccnum'] != $providerConf['Param_client_accnum']) { $errorMessage = 'Wrong recipient account number'; return -1; } if ($dataArr['clientSubacc'] != $providerConf['Param_client_subacc']) { $errorMessage = 'Wrong recipient subaccount number'; return -1; } return 1; }
/** * Validate if transaction real and successful * * @param array $dataArr - array with data to validate * @param string &$errorMessage - error message when return result is not 1 * * @return int - validation result * possible variants: * -1 - fraud attempt * 0 - transaction was declined * 1 - transaction was approved * 2 - inner error * * */ function moduleValidateTransaction(&$dataArr, &$errorMessage) { global $providerConf; if ($providerConf['Debug']) { writeDebugLog('Validation for transaction', $dataArr, false); } if (!commonValidateTransaction($dataArr['cart_order_id'], $dataArr['total'], $errorMessage)) { return -1; } if ($dataArr['credit_card_processed'] != 'Y') { $errorMessage = 'Credit card is not processed'; return 0; } if ($dataArr['sid'] != $providerConf['Param_sid']) { $errorMessage = 'Wrong recipient account number'; return -1; } if ($providerConf['Mode'] == 'live') { $MD5String = $providerConf['Param_secret_word'] . $providerConf['Param_sid'] . $dataArr['order_number'] . $dataArr['total']; } else { $MD5String = $providerConf['Param_secret_word'] . $providerConf['Param_sid'] . '1' . $dataArr['total']; } $generatedMD5 = strtoupper(md5($MD5String)); if ($providerConf['Debug']) { writeDebugLog('Calculated MD5 hash', $generatedMD5, false); writeDebugLog('Received MD5 hash', $dataArr['key'], false); } if ($dataArr['key'] != $generatedMD5) { $errorMessage = 'MD5 validation not passed'; return -1; } return 1; }
/** * Validate if transaction real and successful * * @param array $dataArr - array with data to validate * @param string &$errorMessage - error message when return result is not 1 * * @return int - validation result * possible variants: * -1 - fraud attempt * 0 - transaction was declined * 1 - transaction was approved * 2 - inner error * * */ function moduleValidateTransaction(&$dataArr, &$errorMessage) { global $providerConf; $maxReadSize = 8192; if ($providerConf['Param_process_type'] == 'Direct' || $providerConf['Param_process_type'] == 'IPN') { if ($dataArr['payment_status'] != 'Completed') { $errorMessage = 'Payment is not completed'; return 0; } if ($providerConf['Mode'] != 'live') { $businessValue = $providerConf['Param_test_business']; } else { $businessValue = $providerConf['Param_business']; } if ($dataArr['business'] != $businessValue) { $errorMessage = 'Wrong receiver email'; return -1; } if ($providerConf['Debug']) { writeDebugLog('Direct/IPN validation for transaction', $dataArr, false); } $req = 'cmd=_notify-validate'; foreach ($dataArr as $key => $value) { $req .= '&' . urlencode($key) . '=' . urlencode(process_pass_data($value)); } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Host: www.paypal.com\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n"; $header .= "Connection: close\r\n\r\n"; // open socket if ($providerConf['Mode'] != 'live') { $connectURL = 'www.sandbox.paypal.com'; } else { $connectURL = 'www.paypal.com'; } if ($providerConf['Param_connection_type'] == 'SSL') { $fp = fsockopen("ssl://{$connectURL}", 443, $errno, $errstr, 60); } else { $fp = fsockopen("tcp://{$connectURL}", 80, $errno, $errstr, 60); } if (!$fp) { $errorMessage = "Can't connect to remote host for validation ({$errstr})"; return 2; } // send data fputs($fp, $header . $req); // read the body data $response = fread($fp, $maxReadSize); $responseArr = explode("\r\n\r\n", $response); $responseHeader = $responseArr[0]; $res = $responseArr[1]; // parse the data $lines = explode("\n", $res); array_walk($lines, create_function('&$arg', "\$arg = trim(\$arg);")); if ($providerConf['Debug']) { writeDebugLog('Direct/IPN reply lines', $lines, false); } if (strcmp($lines[0], "INVALID") == 0) { $errorMessage = 'Transaction verification failed'; fclose($fp); return -1; } elseif (strcmp($lines[0], "VERIFIED") != 0) { $errorMessage = 'No verification status received'; fclose($fp); return 2; } $paymentAmount = getPaymentAmount($dataArr); if (!commonValidateTransaction($dataArr['item_number'], $paymentAmount, $errorMessage)) { return -1; } if (!customCheck($dataArr, $errorMessage)) { return -1; } fclose($fp); return 1; } elseif ($providerConf['Param_process_type'] == 'PDT') { if ($providerConf['Debug']) { writeDebugLog('PDT validation for transaction', $dataArr, false); } $req = 'cmd=_notify-synch'; $req .= "&tx={$dataArr['tx']}&at={$providerConf['Param_auth_token']}"; // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Host: www.paypal.com\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n"; $header .= "Connection: close\r\n\r\n"; // open socket if ($providerConf['Mode'] != 'live') { $connectURL = 'www.sandbox.paypal.com'; } else { $connectURL = 'www.paypal.com'; } if ($providerConf['Param_connection_type'] == 'SSL') { $fp = fsockopen("ssl://{$connectURL}", 443, $errno, $errstr, 60); } else { $fp = fsockopen("tcp://{$connectURL}", 80, $errno, $errstr, 60); } if (!$fp) { $errorMessage = "Can't connect to remote host for validation ({$errstr})"; return 2; } // send data fputs($fp, $header . $req); // read the body data $res = ''; $headerdone = false; while (!feof($fp)) { $line = fgets($fp, 1024); if (strcmp($line, "\r\n") == 0) { // read the header $headerdone = true; } elseif ($headerdone) { // header has been read. now read the contents $res .= $line; } } // parse the data $lines = explode("\n", $res); if ($providerConf['Debug']) { writeDebugLog('PDT reply lines', $lines, false); } if (strcmp($lines[0], "FAIL") == 0) { $errorMessage = 'Transaction verification failed'; fclose($fp); return -1; } elseif (strcmp($lines[0], "SUCCESS") != 0) { $errorMessage = 'No verification status received'; fclose($fp); return 2; } fclose($fp); for ($i = 1; $i < count($lines); $i++) { list($key, $val) = explode("=", $lines[$i]); $keyarray[urldecode($key)] = urldecode($val); } $dataArr['item_name'] = $keyarray['item_name']; $dataArr['item_number'] = $keyarray['item_number']; $dataArr['payment_status'] = $keyarray['payment_status']; $dataArr['custom'] = $keyarray['custom']; $dataArr['memo'] = $keyarray['memo']; $dataArr['business'] = $keyarray['business']; $dataArr['payment_gross'] = $keyarray['payment_gross']; $dataArr['mc_gross'] = $keyarray['mc_gross']; $dataArr['mc_currency'] = $keyarray['mc_currency']; $dataArr['settle_amount'] = $keyarray['settle_amount']; $dataArr['settle_currency'] = $keyarray['settle_currency']; $dataArr['exchange_rate'] = $keyarray['exchange_rate']; $dataArr['payer_email'] = $keyarray['payer_email']; $dataArr['txn_id'] = $keyarray['txn_id']; if ($dataArr['payment_status'] != 'Completed') { $errorMessage = 'Payment is not completed'; return 0; } if ($providerConf['Mode'] != 'live') { $businessValue = $providerConf['Param_test_business']; } else { $businessValue = $providerConf['Param_business']; } if ($dataArr['business'] != $businessValue) { $errorMessage = 'Wrong receiver email'; return -1; } $paymentAmount = getPaymentAmount($dataArr); if (!commonValidateTransaction($dataArr['item_number'], $paymentAmount, $errorMessage)) { return -1; } if (!customCheck($dataArr, $errorMessage)) { return -1; } return 1; } return 2; }
/** * Validate if transaction real and successful * * @param array $dataArr - array with data to validate * @param string &$errorMessage - error message when return result is not 1 * * @return int - validation result * possible variants: * -1 - fraud attempt * 0 - transaction was declined * 1 - transaction was approved * 2 - inner error * * */ function moduleValidateTransaction(&$dataArr, &$errorMessage) { global $providerConf; if ($providerConf['Param_implementation'] == 'AIM') { if ($providerConf['Debug']) { writeDebugLog('AIM validation for transaction', $dataArr, false); } if (!commonValidateTransaction($dataArr[7], $dataArr[9], $errorMessage)) { return -1; } if ($dataArr[0] != 1) { $errorMessage = 'Transaction declined. Reason: ' . $dataArr[3]; return 0; } $localTranID = (int) $dataArr[7]; $tranArr = db_arr("SELECT `Data` FROM `Transactions`\r\n\t\t\t\t\t\t\t\tWHERE `ID` = {$localTranID}"); $tranData = transStringToData($tranArr['Data']); if ($dataArr[12] != $tranData['memberID']) { $errorMessage = 'Customer validation failed'; return -1; } $MD5String = $providerConf['Param_md5_hash_value'] . $providerConf['Param_x_login'] . $dataArr[6] . $dataArr[9]; $generatedMD5 = md5($MD5String); if ($providerConf['Debug']) { writeDebugLog('Calculated MD5 hash', $generatedMD5, false); writeDebugLog('Received MD5 hash', $dataArr[37], false); } if ($dataArr[37] != $generatedMD5) { $errorMessage = 'MD5 validation not passed'; return -1; } return 1; } elseif ($providerConf['Param_implementation'] == 'SIM') { if ($providerConf['Debug']) { writeDebugLog('SIM validation for transaction', $dataArr, false); } if (!commonValidateTransaction($dataArr['x_invoice_num'], $dataArr['x_amount'], $errorMessage)) { return -1; } if ($dataArr['x_response_code'] != 1) { $errorMessage = 'Transaction declined. Reason: ' . $dataArr['x_response_reason_text']; return 0; } $localTranID = (int) $dataArr['x_invoice_num']; $tranArr = db_arr("SELECT `Data` FROM `Transactions`\r\n\t\t\t\t\t\t\t\tWHERE `ID` = {$localTranID}"); $tranData = transStringToData($tranArr['Data']); if ($dataArr['x_cust_id'] != $tranData['memberID']) { $errorMessage = 'Customer validation failed'; return -1; } $MD5String = $providerConf['Param_md5_hash_value'] . $providerConf['Param_x_login'] . $dataArr['x_trans_id'] . $dataArr['x_amount']; $generatedMD5 = md5($MD5String); if ($providerConf['Debug']) { writeDebugLog('Calculated MD5 hash', $generatedMD5, false); writeDebugLog('Received MD5 hash', $dataArr['x_md5_hash'], false); } if ($dataArr['x_md5_hash'] != $generatedMD5) { $errorMessage = 'MD5 validation not passed'; return -1; } return 1; } return 2; }