function register_user($adding_service = "no")
{
global $pro_mysql_admin_table;
global $pro_mysql_new_admin_table;
global $pro_mysql_product_table;
global $pro_mysql_vps_server_table;
global $conf_webmaster_email_addr;
global $conf_selling_conditions_url;
global $conf_message_subject_header;
global $secpayconf_currency_letters;
global $gettext_lang;
get_secpay_conf();
// Check if all fields are blank, in wich case don't display error
if ((!isset($_REQUEST["reqadm_login"]) || $_REQUEST["reqadm_login"] == "") && (!isset($_REQUEST["reqadm_pass"]) || $_REQUEST["reqadm_pass"] == "") && (!isset($_REQUEST["reqadm_pass2"]) || $_REQUEST["reqadm_pass2"] == "") && (!isset($_REQUEST["domain_name"]) || $_REQUEST["domain_name"] == "") && (!isset($_REQUEST["domain_tld"]) || $_REQUEST["domain_tld"] == "") && (!isset($_REQUEST["familyname"]) || $_REQUEST["familyname"] == "") && (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "") && (!isset($_REQUEST["email"]) || $_REQUEST["email"] == "") && (!isset($_REQUEST["phone"]) || $_REQUEST["phone"] == "") && (!isset($_REQUEST["address1"]) || $_REQUEST["address1"] == "") && (!isset($_REQUEST["zipcode"]) || $_REQUEST["zipcode"] == "") && (!isset($_REQUEST["city"]) || $_REQUEST["city"] == "") && (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "")) {
$ret["err"] = 1;
$ret["mesg"] = _("Not registering");
return $ret;
}
if (isset($_REQUEST["product_id"])) {
$esc_product_id = addslashes($_REQUEST["product_id"]);
}
if (!isRandomNum($esc_product_id)) {
$ret["err"] = 2;
$ret["mesg"] = _("Product ID not valid!");
return $ret;
}
$q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='{$esc_product_id}';";
$r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$ret["err"] = 2;
$ret["mesg"] = _("Product not found in database");
} else {
$db_product = mysql_fetch_array($r);
}
// Do field format checking and escaping for all fields
if (!preg_match("/^([a-zA-Z0-9]+)([._a-zA-Z0-9-]+)\$/", $_REQUEST["reqadm_login"])) {
$ret["err"] = 2;
$ret["mesg"] = _("User login format incorrect. Please use letters and numbers only and from 4 to 16 chars.");
return $ret;
}
if ($_REQUEST["reqadm_login"] == "root" || $_REQUEST["reqadm_login"] == "debian-sys-maint") {
$ret["err"] = 2;
$ret["mesg"] = _("Username invalid: please choose something else other than root or debian-sys-maint");
return $ret;
}
if (!isDTCPassword($_REQUEST["reqadm_pass"])) {
$ret["err"] = 2;
$ret["mesg"] = _("Password format incorrect. Please use letters and numbers only and from 4 to 16 chars.");
return $ret;
}
if ($_REQUEST["reqadm_pass"] != $_REQUEST["reqadm_pass2"]) {
$ret["err"] = 2;
$ret["mesg"] = _("Passwords 1 and 2 do not match!");
return $ret;
}
if ($_REQUEST["domain_name"] == "" || !isTLD($_REQUEST["domain_tld"])) {
$domain_tld = "";
} else {
$domain_tld = $_REQUEST["domain_tld"];
}
// If shared or ssl hosting, we MUST do type checkings
if ($db_product["heb_type"] == "shared" || $db_product["heb_type"] == "ssl" || $db_product["heb_type"] == "dedicated") {
if (!isHostnameOrIP($_REQUEST["domain_name"] . $_REQUEST["domain_tld"])) {
$ret["err"] = 2;
$ret["mesg"] = _("Domain name seems to be incorrect.");
return $ret;
}
// If not a shared, a dedicated or ssl account, it's a VPS:
// we don't care if it's umpty, but we take care of mysql insertion anyway
// so if there is a domain name, then we check it's consistency, but we don't
// do much more if there's nothing...
} else {
if ($_REQUEST["domain_name"] . $domain_tld != "" && !isHostnameOrIP($_REQUEST["domain_name"] . $domain_tld)) {
$ret["err"] = 2;
$ret["mesg"] = _("Domain name seems to be incorrect.");
return $ret;
}
}
if ($db_product["heb_type"] == "vps") {
if ($_REQUEST["vps_server_hostname"] == "-1") {
$ret["err"] = 2;
$ret["mesg"] = _("VPS location not selected!");
return $ret;
}
$q = "SELECT * FROM {$pro_mysql_vps_server_table} WHERE hostname='" . addslashes($_REQUEST["vps_server_hostname"]) . "';";
$r = mysql_query($q) or die("Cannot query {$q} " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$ret["err"] = 2;
$ret["mesg"] = _("Could not find the VPS server in database");
return $ret;
}
}
if (!isValidEmail($_REQUEST["email"])) {
$ret["err"] = 2;
$ret["mesg"] = _("Email address seems to be incorrect format.");
return $ret;
}
if (!isset($_REQUEST["familyname"]) || $_REQUEST["familyname"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field family name missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_familyname = addslashes($_REQUEST["familyname"]);
} else {
$esc_familyname = $_REQUEST["familyname"];
}
}
if (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field first name missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_firstname = addslashes($_REQUEST["firstname"]);
} else {
$esc_firstname = $_REQUEST["firstname"];
}
}
if (!isset($_REQUEST["phone"]) || $_REQUEST["phone"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field phone missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_phone = addslashes($_REQUEST["phone"]);
} else {
$esc_phone = $_REQUEST["phone"];
}
}
if (!get_magic_quotes_gpc()) {
$esc_fax = addslashes($_REQUEST["fax"]);
} else {
$esc_fax = $_REQUEST["fax"];
}
if (!get_magic_quotes_gpc()) {
$esc_compname = addslashes($_REQUEST["compname"]);
} else {
$esc_compname = $_REQUEST["compname"];
}
if (!get_magic_quotes_gpc()) {
$esc_vat_num = addslashes($_REQUEST["vat_num"]);
} else {
$esc_vat_num = $_REQUEST["vat_num"];
}
if (!isset($_REQUEST["address1"]) || $_REQUEST["address1"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field address (line 1) missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_address1 = addslashes($_REQUEST["address1"]);
} else {
$esc_address1 = $_REQUEST["address1"];
}
}
if (!get_magic_quotes_gpc()) {
$esc_address2 = addslashes($_REQUEST["address2"]);
} else {
$esc_address2 = $_REQUEST["address2"];
}
if (!get_magic_quotes_gpc()) {
$esc_address3 = addslashes($_REQUEST["address3"]);
} else {
$esc_address3 = $_REQUEST["address3"];
}
if (!isset($_REQUEST["zipcode"]) || $_REQUEST["zipcode"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field zipcode missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_zipcode = addslashes($_REQUEST["zipcode"]);
} else {
$esc_zipcode = $_REQUEST["zipcode"];
}
}
if (!isset($_REQUEST["city"]) || $_REQUEST["city"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field city missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_city = addslashes($_REQUEST["city"]);
} else {
$esc_city = $_REQUEST["city"];
}
}
if (!get_magic_quotes_gpc()) {
$esc_state = addslashes($_REQUEST["state"]);
} else {
$esc_state = $_REQUEST["state"];
}
if (!get_magic_quotes_gpc()) {
$esc_custom_notes = addslashes($_REQUEST["custom_notes"]);
} else {
$esc_custom_notes = $_REQUEST["custom_notes"];
}
if (!preg_match("/^([A-Z])([A-Z])\$/", $_REQUEST["country"])) {
$ret["err"] = 2;
$ret["mesg"] = _("Country code seems incorrect.");
return $ret;
}
if ($_REQUEST["iscomp"] == "yes") {
$esc_comp = "yes";
} else {
if ($_REQUEST["iscomp"] == "no") {
$esc_comp = "no";
} else {
$ret["err"] = 2;
$ret["mesg"] = _("Is company radio button is wrong!");
return $ret;
}
}
if ($conf_selling_conditions_url != "none" && (!isset($_REQUEST["condition"]) || $_REQUEST["condition"] != "yes")) {
$ret["err"] = 2;
$ret["mesg"] = _("Selling conditions not accepted!");
return $ret;
}
$q = "SELECT adm_login FROM {$pro_mysql_admin_table} WHERE adm_login='******';";
$r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n > 0) {
$ret["err"] = 3;
$ret["mesg"] = _("Username already taken! Try again.");
return $ret;
}
$q = "SELECT reqadm_login FROM {$pro_mysql_new_admin_table} WHERE reqadm_login='******';";
$r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n > 0) {
$ret["err"] = 3;
$ret["mesg"] = _("Username already taken! Try again.");
return $ret;
}
$vps_add1 = "";
$vps_add2 = "";
$vps_mail_add1 = "";
if ($db_product["heb_type"] == "vps") {
if (!get_magic_quotes_gpc()) {
$esc_vps_os = addslashes($_REQUEST["vps_os"]);
} else {
$esc_vps_os = $_REQUEST["vps_os"];
}
$vps_add1 = ",vps_location,vps_os";
$vps_add2 = ",'" . $_REQUEST["vps_server_hostname"] . "','{$esc_vps_os}'";
$vps_mail_add1 = "VPS hostname: " . $_REQUEST["vps_server_hostname"];
}
// MaxMind: Rudd-O
get_secpay_conf();
global $secpayconf_maxmind_license_key;
global $secpayconf_use_maxmind;
global $secpayconf_maxmind_threshold;
$maxmind_score = 0;
if ($secpayconf_use_maxmind == "yes") {
// This has been done in dtc/shared/dtc_lib.php
// but could be removed from there... As you like!
require_once "../shared/maxmind/HTTPBase.php";
require_once "../shared/maxmind/CreditCardFraudDetection.php";
$hash = array();
$hash["i"] = $_SERVER["REMOTE_ADDR"];
$hash["city"] = $_REQUEST["city"];
$hash["postal"] = $_REQUEST["zipcode"];
$hash["country"] = $_REQUEST["country"];
$maildomain = split("@", $_REQUEST["email"], 2);
$hash["domain"] = $maildomain[1];
$hash["custPhone"] = $_REQUEST["phone"];
$hash["license_key"] = $secpayconf_maxmind_license_key;
if (isset($_SERVER["X_HTTP_FORWARDED_FOR"])) {
$hash["forwardedIP"] = $_SERVER["X_HTTP_FORWARDED_FOR"];
}
$hash["emailMD5"] = md5($_REQUEST["email"]);
$hash["usernameMD5"] = md5($_REQUEST["reqadm_login"]);
$hash["passwordMD5"] = md5($_REQUEST["reqadm_pass"]);
// trigger_error("MaxMind input: ".serialize($hash),E_USER_NOTICE);
$ccfs = new CreditCardFraudDetection();
$ccfs->isSecure = 1;
$ccfs->input($hash);
$ccfs->query();
$maxmind_output = $ccfs->output();
// trigger_error("MaxMind output: ".serialize($maxmind_output),E_USER_NOTICE);
$maxmind_score = $maxmind_output["riskScore"];
} else {
$maxmind_output = "";
}
// end MaxMind
$q = "INSERT INTO {$pro_mysql_new_admin_table}\n(reqadm_login,\nreqadm_pass,\ndomain_name,\nfamily_name,\nfirst_name,\ncomp_name,\nvat_num,\niscomp,\nemail,\nphone,\nfax,\naddr1,\naddr2,\naddr3,\nzipcode,\ncity,\nstate,\ncountry,\nproduct_id,\ncustom_notes,\nshopper_ip,\ndate,\ntime,\nlast_used_lang,\nmaxmind_output{$vps_add1}\n)\nVALUES('" . $_REQUEST["reqadm_login"] . "',\n'" . $_REQUEST["reqadm_pass"] . "',\n'" . $_REQUEST["domain_name"] . $domain_tld . "',\n'{$esc_familyname}',\n'{$esc_firstname}',\n'{$esc_compname}',\n'{$esc_vat_num}',\n'{$esc_comp}',\n'" . $_REQUEST["email"] . "',\n'{$esc_phone}',\n'{$esc_fax}',\n'{$esc_address1}',\n'{$esc_address2}',\n'{$esc_address3}',\n'{$esc_zipcode}',\n'{$esc_city}',\n'{$esc_state}',\n'" . $_REQUEST["country"] . "',\n'{$esc_product_id}',\n'{$esc_custom_notes}',\n'" . $_SERVER["REMOTE_ADDR"] . "',\n'" . date("Y-m-d") . "',\n'" . date("H:i:s") . "',\n'" . $gettext_lang . "',\n'" . mysql_real_escape_string(serialize($maxmind_output)) . "'{$vps_add2})";
$r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error());
$id = mysql_insert_id();
$ret["err"] = 0;
$ret["mesg"] = "Query ok!";
$ret["id"] = $id;
$q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='{$esc_product_id}';";
$r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
echo "<font color=\"red\">" . _("Cannot find product id!") . "</font>";
$the_prod = $esc_product_id . " (0 {$secpayconf_currency_letters})";
} else {
$a = mysql_fetch_array($r);
$the_prod = $a["name"] . " (" . $a["price_dollar"] . " {$secpayconf_currency_letters})";
}
$mail_content = "\nSomebody tried to register an account. Here is the details of the new user:\n\nlogin: "******"reqadm_login"] . "\npass: "******"reqadm_pass"] . "\ndomain: " . $_REQUEST["domain_name"] . $domain_tld . "\nCompany name: " . $_REQUEST["compname"] . "\nFirst name: " . $_REQUEST["firstname"] . "\nFamily name: " . $_REQUEST["familyname"] . "\nEmail: " . $_REQUEST["email"] . "\nPhone: {$esc_phone}\nFax: {$esc_fax}\nAddr: " . $_REQUEST["address1"] . " " . $_REQUEST["address2"] . " " . $_REQUEST["address3"] . "\nZipcode: {$esc_zipcode}\nCity: " . $_REQUEST["city"] . "\nState: " . $_REQUEST["state"] . "\nCountry: " . $_REQUEST["country"] . "\nShopper ip: " . $_SERVER["REMOTE_ADDR"] . "\nProduct id: {$the_prod}\nCustomer note: " . $_REQUEST["custom_notes"] . "\n{$vps_mail_add1}\n";
if ($maxmind_score > 0) {
$mail_content .= "Maxmind Score: {$maxmind_score}\n";
$mail_content .= "Maxmind Output: {$maxmind_output}\n";
}
$headers = "From: DTC Robot <{$conf_webmaster_email_addr}>";
mail($conf_webmaster_email_addr, "{$conf_message_subject_header} Somebody tried to register an account", $mail_content, $headers);
return $ret;
}
#!/usr/bin/php -q <?php require "CreditCardFraudDetection.php"; // Create a new CreditCardFraudDetection object $ccfs = new CreditCardFraudDetection(); // Set inputs and store them in a hash // See http://www.maxmind.com/app/ccv for more details on the input fields // Enter your license key here (Required) $h["license_key"] = "YOUR_LICENSE_KEY_HERE"; // Required fields $h["i"] = "24.24.24.24"; // set the client ip address $h["city"] = "New York"; // set the billing city $h["region"] = "NY"; // set the billing state $h["postal"] = "11434"; // set the billing zip code $h["country"] = "US"; // set the billing country // Recommended fields $h["domain"] = "yahoo.com"; // Email domain $h["bin"] = "549099"; // bank identification number $h["forwardedIP"] = "24.24.24.25"; // X-Forwarded-For or Client-IP HTTP Header // CreditCardFraudDetection.php will take // MD5 hash of e-mail address passed to emailMD5 if it detects '@' in the string $h["emailMD5"] = "*****@*****.**"; // CreditCardFraudDetection.php will take the MD5 hash of the username/password if the length of the string is not 32
function credit_card_fraud_detection($member, $payment, $vars, &$errors)
{
global $config, $db;
require_once "{$config['root_dir']}/includes/ccfd/CreditCardFraudDetection.php";
// Create a new CreditCardFraudDetection object
$ccfs = new CreditCardFraudDetection();
// Set inputs and store them in a hash
// See http://www.maxmind.com/app/ccv for more details on the input fields
// Enter your license key here (non registered users limited to 20 lookups per day)
$h["license_key"] = $config['ccfd_license_key'];
// Which level (free, city, premium) of CCFD to use
$h["requested_type"] = $config['ccfd_requested_type'];
/*
i
Client IP Address (IP address of customer placing order)
forwardedIP
IP address of end user, as forwarded by transparent proxy. Transparent proxies set the HTTP headers X-Forwarded-For or Client-IP,
which contain the IP address of the end user. These IP addresses can be typically be accessed through the environment
variables HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP. Note that the forwarded IP should be passed to the forwardedIP input field
instead of the i input field, because we check that the IP address passed to the i input field is a legitimate transparent proxy
before using the value in the forwardedIP input field.
*/
if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
if (isset($_SERVER["HTTP_CLIENT_IP"])) {
$proxy_ip = $_SERVER["HTTP_CLIENT_IP"];
} else {
$proxy_ip = $_SERVER["REMOTE_ADDR"];
}
$client_ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
$forwarded_ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} else {
if (isset($_SERVER["HTTP_CLIENT_IP"])) {
$client_ip = $_SERVER["HTTP_CLIENT_IP"];
} else {
$client_ip = $_SERVER["REMOTE_ADDR"];
}
$proxy_ip = '0.0.0.0';
$forwarded_ip = '';
}
//$db->log_error ("MaxMind debug: HTTP_X_FORWARDED_FOR=".$_SERVER["HTTP_X_FORWARDED_FOR"].", HTTP_CLIENT_IP=".$_SERVER["HTTP_CLIENT_IP"].", REMOTE_ADDR=".$_SERVER["REMOTE_ADDR"]);
// Required fields
$h["i"] = $client_ip;
// set the client ip address
$h["city"] = $vars['cc_city'];
// set the billing city
$h["region"] = $vars['cc_state'];
// set the billing state
$h["postal"] = $vars['cc_zip'];
// set the billing zip code
$h["country"] = $vars['cc_country'];
// set the billing country
$country = db_getCountryByCode($vars['cc_country']);
if (!$country) {
$country = $vars['cc_country'];
}
$domain = $member['email'];
$pos = strpos($domain, '@');
if ($pos !== false) {
$domain = substr($domain, $pos + 1);
}
$cc_num = preg_replace('/\\D+/', '', $vars['cc_number']);
// Recommended fields
$h["domain"] = $domain;
// Email domain
$h["bin"] = substr($cc_num, 0, 6);
// bank identification number
//$h["forwardedIP"] = $proxy_ip; // X-Forwarded-For or Client-IP HTTP Header
if ($forwarded_ip) {
$h["forwardedIP"] = $forwarded_ip;
}
// X-Forwarded-For or Client-IP HTTP Header
$h["custPhone"] = $vars['cc_phone'];
// Area-code and local prefix of customer phone number
// Optional fields
$h["binName"] = $vars['cc_bin_name'];
// bank name
$h["binPhone"] = $vars['cc_bin_phone'];
// bank customer service phone number on back of credit card
$h["emailMD5"] = md5(strtolower($member['email']));
// CreditCardFraudDetection.php will take MD5 hash of e-mail address passed to emailMD5
//if it detects '@' in the string
// added 04/10/2006
/* MaxMind:
* We have added the following two new input fields: "usernameMD5" and "passwordMD5".
* These fields can be used by sites that require their customers to login before making a purchase.
* Once the customer makes a purchase, the two new inputs would be passed along with the other input fields.
* As with e-mails, carders will often use the same login and password to sign up at different online sites to reduce overhead
* in managing their different accounts. These two new fields will affect the risk score and will offer additional reference points
* for predictive analysis. Please note that this information will be encoded to ensure user privacy, but still allow us to compare
* a unique identifier to help prevent fraud. These fields are optional inputs, and while we recommend using these valuable tools against fraud,
* we also recognize the importance of keeping your customers' information secure. As such, it is possible to enter both, either,
* or neither of these fields.
*/
$h["usernameMD5"] = md5(strtolower($member['login']));
// MD5 hash in hexadecimal form of lowercase version of your customer's user name. Used by highRiskUsername output to check against database of high risk user names.
//$h["shipAddr"] = $vars['cc_housenumber']." ".$vars['cc_street']; // Shipping Address
$h["shipAddr"] = $vars['cc_street'];
// Shipping Address
$h["shipCity"] = $vars['cc_city'];
// the City to Ship to
$h["shipRegion"] = $vars['cc_state'];
// the Region to Ship to
$h["shipPostal"] = $vars['cc_zip'];
// the Postal Code to Ship to
$h["shipCountry"] = $vars['cc_country'];
// the country to Ship to
$h["txnID"] = $payment['payment_id'];
// Transaction ID
$h["sessionID"] = md5(session_id());
// Session ID
// If you want to disable Secure HTTPS or don't have Curl and OpenSSL installed
// uncomment the next line
// $ccfs->isSecure = 0;
// set the timeout to be five seconds
$ccfs->timeout = 5;
// uncomment to turn on debugging
//$ccfs->debug = 1;
// how many seconds to cache the ip addresses
// $ccfs->wsIpaddrRefreshTimeout = 3600*5;
// file to store the ip address for www.maxmind.com and www2.maxmind.com
// $ccfs->wsIpaddrCacheFile = "/tmp/maxmind.ws.cache";
// if useDNS is 1 then use DNS, otherwise use ip addresses directly
$ccfs->useDNS = 1;
$ccfs->isSecure = 0;
// next we set up the input hash
$ccfs->input($h);
// then we query the server
$ccfs->query();
// then we get the result from the server
$h = $ccfs->output();
$was_errors = false;
$payment_records_edit_log = array();
$risk_score = $h['riskScore'];
if ($h['carderEmail'] == 'Yes') {
$risk_score = 99;
$db->log_error(_TPL_CC_ERROR_CARDEREMAIL);
$payment_records_edit_log[] = _TPL_CC_ERROR_CARDEREMAIL;
$was_errors = true;
}
if ($h['countryMatch'] == 'No' && !$config['allow_country_not_matched']) {
$risk_score = 99;
$db->log_error(_TPL_CC_ERROR_COUNTRYNOTMATCH . " (login="******", ip=" . $client_ip . ", country=" . $country . ")");
$payment_records_edit_log[] = _TPL_CC_ERROR_COUNTRYNOTMATCH;
$was_errors = true;
}
if ($h['highRiskCountry'] == 'Yes' && !$config['allow_high_risk_country']) {
$risk_score = 99;
$db->log_error(_TPL_CC_ERROR_HIGHRISKCOUNTRY . " (login="******", country=" . $country . ")");
$payment_records_edit_log[] = _TPL_CC_ERROR_HIGHRISKCOUNTRY;
$was_errors = true;
}
if ($h['anonymousProxy'] == 'Yes' && !$config['allow_anonymous_proxy']) {
$risk_score = 99;
$db->log_error(_TPL_CC_ERROR_ANONYMOUSPROXY . " (login="******", HTTP_X_FORWARDED_FOR=" . $_SERVER["HTTP_X_FORWARDED_FOR"] . ", HTTP_CLIENT_IP=" . $_SERVER["HTTP_CLIENT_IP"] . ", REMOTE_ADDR=" . $_SERVER["REMOTE_ADDR"] . ")");
$payment_records_edit_log[] = _TPL_CC_ERROR_ANONYMOUSPROXY;
$was_errors = true;
}
if ($h['freeMail'] == 'Yes' && !$config['allow_free_mail']) {
$risk_score = 99;
$db->log_error(_TPL_CC_ERROR_FREEMAIL . " (login="******", email=" . $member['email'] . ")");
$payment_records_edit_log[] = _TPL_CC_ERROR_FREEMAIL;
$was_errors = true;
}
if ($config['cc_input_bin']) {
if ($h['binMatch'] != 'Yes') {
$risk_score = 99;
$db->log_error(_TPL_CC_ERROR_BIN);
$payment_records_edit_log[] = _TPL_CC_ERROR_BIN;
$was_errors = true;
}
if ($h['binNameMatch'] != 'Yes') {
$risk_score = 99;
$db->log_error(_TPL_CC_ERROR_BIN_NAME);
$payment_records_edit_log[] = _TPL_CC_ERROR_BIN_NAME;
$was_errors = true;
}
if ($h['binPhoneMatch'] != 'Yes') {
$risk_score = 99;
$db->log_error(_TPL_CC_ERROR_BIN_PHONE);
$payment_records_edit_log[] = _TPL_CC_ERROR_BIN_PHONE;
$was_errors = true;
}
}
if ($h['queriesRemaining'] > 0 && $h['queriesRemaining'] < 10) {
$db->log_error("MaxMind queriesRemaining: " . $h['queriesRemaining']);
}
$ccfd_warnings = array('IP_NOT_FOUND', 'COUNTRY_NOT_FOUND', 'CITY_NOT_FOUND', 'CITY_REQUIRED', 'POSTAL_CODE_REQUIRED', 'POSTAL_CODE_NOT_FOUND');
$ccfd_fatal_errors = array('INVALID_LICENSE_KEY', 'MAX_REQUESTS_PER_LICENSE', 'IP_REQUIRED', 'LICENSE_REQUIRED', 'COUNTRY_REQUIRED', 'MAX_REQUESTS_REACHED');
if ($h['err']) {
if (in_array($h['err'], $ccfd_warnings)) {
$db->log_error("MaxMind warning: " . $h['err'] . " maxmindID: " . $h['maxmindID']);
}
if (in_array($h['err'], $ccfd_fatal_errors)) {
$db->log_error("MaxMind error: " . $h['err'] . " maxmindID: " . $h['maxmindID']);
$was_errors = true;
}
}
if ($was_errors) {
$errors[] = _TPL_CC_DECLINED;
if ($payment_records_edit_log) {
$payment = $db->get_payment($payment['payment_id']);
$payment['data']['ccfd_errors'] = $payment_records_edit_log;
$db->update_payment($payment['payment_id'], $payment);
}
}
//if ($h['err']) $errors[] = $h['err'];
return $risk_score;
}
function fraud_scrub(&$transInfo, &$bankInfo, &$companyInfo)
{
if ($transInfo['cardtype'] != 'Visa' && $transInfo['cardtype'] != 'Mastercard') {
return 0;
}
global $etel_fraud_response;
require_once 'fraud/CreditCardFraudDetection.php';
$ccfs = new CreditCardFraudDetection();
// Set inputs and store them in a hash
// See http://www.maxmind.com/app/ccv for more details on the input fields
// Enter your license key here (non registered users limited to 20 lookups per day)
$h["license_key"] = "UHccvlc5aVqk";
// Required fields
$h["i"] = $transInfo['ipaddress'];
// set the client ip address
$h["city"] = $transInfo['city'];
// set the billing city
$h["region"] = $transInfo['state'];
// set the billing state
$h["postal"] = $transInfo['zipcode'];
// set the billing zip code
$h["country"] = $transInfo['country'];
// set the billing country
// Recommended fields
$h["domain"] = substr(strstr($transInfo['email'], '@'), 1);
// Email domain
$h["bin"] = substr($transInfo['CCnumber'], 0, 6);
// bank identification number
$h["forwardedIP"] = $transInfo['ipaddress'];
// X-Forwarded-For or Client-IP HTTP Header
$h["custPhone"] = substr($transInfo['phonenumber'], 0, 3) . "-" . substr($transInfo['phonenumber'], 4, 6);
// Area-code and local prefix of customer phone number
// Optional fields
//$h["binName"] = "MBNA America Bank"; // bank name
$h["binPhone"] = $transInfo['td_bank_number'];
// bank customer service phone number on back of credit card
$h["requested_type"] = "premium";
// Which level (free, city, premium) of CCFD to use
$h["emailMD5"] = md5(strtolower($transInfo['email']));
// CreditCardFraudDetection.php will take
// MD5 hash of e-mail address passed to emailMD5 if it detects '@' in the string
$h["shipAddr"] = $transInfo['address'];
// Shipping Address
//$h["txnID"] = "1234"; // Transaction ID
$h["sessionID"] = session_id();
// Session ID
// If you want to disable Secure HTTPS or don't have Curl and OpenSSL installed
// uncomment the next line
// $ccfs->isSecure = 0;
//set the time out to be five seconds
$ccfs->timeout = 5;
//uncomment to turn on debugging
$ccfs->debug = 0;
//next we pass the input hash to the server
$ccfs->input($h);
//then we query the server
$ccfs->query();
//then we get the result from the server
$ho = $ccfs->output();
//then finally we print out the result
$outputkeys = array_keys($ho);
$numoutputkeys = count($ho);
$noCity = 0;
for ($i = 0; $i < $numoutputkeys; $i++) {
$key = $outputkeys[$i];
$value = $ho[$key];
$tolog .= $key . " = " . $value . "\n";
if ($key == 'err' && $value == 'CITY_NOT_FOUND') {
//toLog('erroralert','customer', "Fraud Scrubbing Can't find City '".$h["city"]."' ".serialize($h)." ".$tolog);
$noCity = 1;
}
}
toLog('order', 'customer', "Fraud Scrubbing Result for " . $transInfo['reference_number'] . ": " . $tolog, $transInfo['transactionId']);
$etel_fraud_response = $tolog;
return floatval($ho['score'] - $noCity * 2.6);
}
#!/usr/bin/php -q
<?php
require "../src/CreditCardFraudDetection.php";
// Create a new CreditCardFraudDetection object
$ccfs = new CreditCardFraudDetection();
// Set inputs and store them in a hash
// See http://www.maxmind.com/app/ccv for more details on the input fields
// Enter your license key here (Required)
$input["license_key"] = "YOUR_LICENSE_KEY_HERE";
// Required fields
$input['i'] = $_SERVER['REMOTE_ADDR'];
// set the client ip address
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
// X-Forwarded-For or Client-IP HTTP Header
$input['forwardedIP'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
$input['city'] = 'New York';
// set the billing city
$input['region'] = 'NY';
// set the billing state
$input['postal'] = '11434';
// set the billing zip code
$input['country'] = 'US';
// set the billing country
// Recommended fields
$input['domain'] = 'yahoo.com';
// Email domain
$input['bin'] = '549099';
// bank identification number
/**
* CreditCardFraudDetection.php will take MD5 hash of e-mail address passed
