/**
* @param array $config
* @param int $id_transaction
* @param string $transaction_hash
* @param array $options
* @return array|string
*/
function presta_paypal_payer_acte_dist($config, $id_transaction, $transaction_hash, $options = array())
{
include_spip('presta/paypal/inc/paypal');
$contexte = array('action' => paypal_url_serveur($config), 'url_return' => bank_url_api_retour($config, "response"), 'url_notify' => bank_url_api_retour($config, "autoresponse"), 'url_cancel' => bank_url_api_retour($config, "cancel"), 'id_transaction' => $id_transaction, 'transaction_hash' => $transaction_hash, 'sandbox' => paypal_is_sandbox($config), 'logo' => bank_trouver_logo('paypal', 'PAYPAL.gif'), 'config' => $config);
$contexte = array_merge($options, $contexte);
return recuperer_fond('presta/paypal/payer/acte', $contexte);
}
/**
* Verifier que la notification de paiement vient bien de paypal !
* @param array $config
* @param bool $is_ipn
* @return bool
*/
function paypal_get_response($config, $is_ipn = false)
{
$mode = $config['presta'];
if (isset($config['mode_test']) and $config['mode_test']) {
$mode .= "_test";
}
$bank_recuperer_post_https = charger_fonction("bank_recuperer_post_https", "inc");
// recuperer le POST
$response = array();
foreach ($_POST as $key => $value) {
$response[$key] = $value;
}
if (isset($response['tx']) and $response['tx']) {
$tx = $response['tx'];
} elseif (isset($response['txn_id']) and $response['txn_id']) {
$tx = $response['txn_id'];
} else {
$tx = _request('tx');
}
if (!$tx) {
bank_transaction_invalide(0, array('mode' => $mode, 'erreur' => "Reponse sans tx ni txn_id", 'log' => bank_shell_args($response)));
return false;
}
// si on a un $tx et un identity token dans la config on l'utilise de preference (PDT)
if ($tx and isset($config['IDENTITY_TOKEN']) and $config['IDENTITY_TOKEN']) {
$post_check = array('cmd' => '_notify-synch', 'tx' => $tx, 'at' => $config['IDENTITY_TOKEN']);
// envoyer la demande de verif en post
// attention, c'est une demande en ssl, il faut avoir un php qui le supporte
$url = paypal_url_serveur($config);
list($resultat, $erreur, $erreur_msg) = $bank_recuperer_post_https($url, $post_check, isset($response['payer_id']) ? $response['payer_id'] : '');
$resultat = trim($resultat);
if (strncmp($resultat, "SUCCESS", 7) == 0) {
$resultat = trim(substr($resultat, 7));
$resultat = explode("\n", $resultat);
$resultat = array_map("trim", $resultat);
$resultat = implode("&", $resultat);
parse_str($resultat, $response);
return paypal_charset_reponse($response);
}
// donnees invalides
bank_transaction_invalide(0, array('mode' => $mode, 'erreur' => "Retour PDT :{$resultat}:Erreur {$erreur}:{$erreur_msg}:", 'log' => bank_shell_args($response)));
return false;
}
if (!$response) {
bank_transaction_invalide(0, array('mode' => $mode, 'sujet' => 'Paypal IDENTITY_TOKEN manquant', 'erreur' => "IDENTITY_TOKEN manquant pour decoder la reponse", 'log' => "tx={$tx}"));
return false;
}
// ce n'est pas l'IPN, on ne sait pas verifier autrement
// on "fait confiance" a la reponse telle quelle
if (!$is_ipn) {
// mais on le log+mail pour information du webmestre
bank_transaction_invalide(0, array('mode' => $mode, 'sujet' => 'Transaction non securisee', 'erreur' => "IDENTITY_TOKEN non configure, impossible de verifier la reponse de Paypal (possible fraude)", 'log' => bank_shell_args($response)));
// et on utilise la response
return paypal_charset_reponse($response);
}
// notif de debug pour tests
/*
$response = json_decode
(
'{
"residence_country": "US",
"invoice": "abc1234",
"address_city": "San Jose",
"first_name": "John",
"payer_id": "TESTBUYERID01",
"shipping": "3.04",
"mc_fee": "0.44",
"txn_id": "611422392",
"receiver_email": "*****@*****.**",
"quantity": "1",
"custom": "xyz123",
"payment_date": "22:29:21 28 Oct 2013 PDT",
"address_country_code": "US",
"address_zip": "95131",
"tax": "2.02",
"item_name": "something",
"address_name": "John Smith",
"last_name": "Smith",
"receiver_id": "*****@*****.**",
"item_number": "AK-1234",
"verify_sign": "AiPC9BjkCyDFQXbSkoZcgqH3hpacAaChsjNZq2jHG82F97aoFSMa6SED",
"address_country": "United States",
"payment_status": "Completed",
"address_status": "confirmed",
"business": "*****@*****.**",
"payer_email": "*****@*****.**",
"notify_version": "2.1",
"txn_type": "web_accept",
"test_ipn": "1",
"payer_status": "verified",
"mc_currency": "USD",
"mc_gross": "12.34",
"address_state": "CA",
"mc_gross1": "12.34",
"payment_type": "echeck",
"address_street": "123, any street"
}',
true
);
*/
// lire la publication du systeme PayPal et ajouter 'cmd' en tete
$post_check = array('cmd' => '_notify-validate');
foreach ($response as $k => $v) {
$post_check[$k] = $v;
}
// envoyer la demande de verif en post
// attention, c'est une demande en ssl, il faut avoir un php qui le supporte
$c = $config;
if (isset($response['test_ipn']) and $response['test_ipn']) {
$c['mode_test'] = true;
} else {
$c['mode_test'] = false;
}
$url = paypal_url_serveur($c);
list($resultat, $erreur, $erreur_msg) = $bank_recuperer_post_https($url, $post_check, isset($post_check['payer_id']) ? $post_check['payer_id'] : '');
if (strncmp(trim($resultat), 'VERIFIE', 7) == 0) {
return paypal_charset_reponse($response);
}
bank_transaction_invalide(0, array('mode' => $mode, 'erreur' => "Retour IPN :{$resultat}:Erreur {$erreur}:{$erreur_msg}:", 'log' => bank_shell_args($response)));
return false;
}
