protected function setBillingAgreementDetailsIfUnset($billingAgreementId) { if ($this->session_getData('billing_agreements', $billingAgreementId)) { return; } $this->logger->info("Setting details for billing agreement {$billingAgreementId}"); $this->callPwaClient('setBillingAgreementDetails', array('amazon_billing_agreement_id' => $billingAgreementId, 'seller_note' => WmfFramework::formatMessage('donate_interface-monthly-donation-description'), 'seller_billing_agreement_id' => $this->getData_Staged('order_id'))); $billingAgreements = WmfFramework::getSessionValue('billing_agreements'); $billingAgreements[$billingAgreementId] = true; WmfFramework::setSessionValue('billing_agreements', $billingAgreements); }
/** * Run the filter if we haven't for this session, and set a flag * @param GatewayType $gateway_adapter * @param Gateway_Extras_CustomFilters $custom_filter_object * @return bool */ public static function onInitialFilter($gateway_adapter, $custom_filter_object) { if (!$gateway_adapter->getGlobal('EnableIPVelocityFilter')) { return true; } if (WmfFramework::getSessionValue(self::RAN_INITIAL)) { return true; } WmfFramework::setSessionValue(self::RAN_INITIAL, true); $gateway_adapter->debugarray[] = 'IP Velocity onFilter!'; return self::singleton($gateway_adapter, $custom_filter_object)->filter(); }
/** * Although this function actually does the filtering, as this is a singleton pattern * we only want one instance actually using it. * * @return bool false if we should stop processing */ private function filter() { $user_ip = $this->gateway_adapter->getData_Unstaged_Escaped('user_ip'); // Determine IP status before doing anything complex $wl = DataValidator::ip_is_listed($user_ip, $this->gateway_adapter->getGlobal('IPWhitelist')); $bl = DataValidator::ip_is_listed($user_ip, $this->gateway_adapter->getGlobal('IPBlacklist')); if ($wl) { $this->gateway_adapter->debugarray[] = "SessionVelocity: IP present in whitelist."; return true; } if ($bl) { $this->gateway_adapter->debugarray[] = "SessionVelocity: IP present in blacklist."; return false; } // Open a session if it doesn't already exist $this->gateway_adapter->session_ensure(); // Obtain some useful information $gateway = $this->gateway_adapter->getIdentifier(); $transaction = $this->gateway_adapter->getCurrentTransaction(); $cRequestTime = $_SERVER['REQUEST_TIME']; $decayRate = $this->getVar('DecayRate', $transaction); $threshold = $this->getVar('Threshold', $transaction); $multiplier = $this->getVar('Multiplier', $transaction); // Initialize the filter $sessionData = WmfFramework::getSessionValue(self::SESS_ROOT); if (!is_array($sessionData)) { $sessionData = array(); } if (!array_key_exists($gateway, $sessionData)) { $sessionData[$gateway] = array(); } if (!array_key_exists($transaction, $sessionData[$gateway])) { $sessionData[$gateway][$transaction] = array($this::SESS_SCORE => 0, $this::SESS_TIME => $cRequestTime, $this::SESS_MULTIPLIER => 1); } $lastTime = $sessionData[$gateway][$transaction][self::SESS_TIME]; $score = $sessionData[$gateway][$transaction][self::SESS_SCORE]; $lastMultiplier = $sessionData[$gateway][$transaction][self::SESS_MULTIPLIER]; // Update the filter if it's stale if ($cRequestTime != $lastTime) { $score = max(0, $score - ($cRequestTime - $lastTime) * $decayRate); $score += $this->getVar('HitScore', $transaction) * $lastMultiplier; $sessionData[$gateway][$transaction][$this::SESS_SCORE] = $score; $sessionData[$gateway][$transaction][$this::SESS_TIME] = $cRequestTime; $sessionData[$gateway][$transaction][$this::SESS_MULTIPLIER] = $lastMultiplier * $multiplier; } // Store the results WmfFramework::setSessionValue(self::SESS_ROOT, $sessionData); // Analyze the filter results if ($score >= $threshold) { // Ahh!!! Failure!!! Sloooooooow doooowwwwnnnn $this->fraud_logger->alert("SessionVelocity: Rejecting request due to score of {$score}"); $this->sendAntifraudMessage('reject', $score, array('SessionVelocity' => $score)); $retval = false; } else { $retval = true; } $this->fraud_logger->debug("SessionVelocity: ({$gateway}, {$transaction}) Score: {$score}, " . "AllowAction: {$retval}, DecayRate: {$decayRate}, " . "Threshold: {$threshold}, Multiplier: {$lastMultiplier}"); return $retval; }
/** * token_refreshAllTokenEverything * In the case where we have an expired session (token mismatch), we go * ahead and fix it for 'em for their next post. We do this by refreshing * everything that has to do with the edit token. */ protected function token_refreshAllTokenEverything() { $unsalted = self::token_generateToken(); $gateway_ident = self::getIdentifier(); $this->session_ensure(); WmfFramework::setSessionValue($gateway_ident . 'EditToken', $unsalted); $salted = $this->token_getSaltedSessionToken(); $this->addRequestData(array('wmf_token' => $salted)); }
/** * Run the transaction through the custom filters * @param string $phase Run custom filters attached for this phase * @return bool */ protected function validate($phase) { $this->runFilters($phase); $score = $this->getRiskScore(); $this->gateway_adapter->setRiskScore($score); $localAction = $this->determineAction(); $this->gateway_adapter->setValidationAction($localAction); $log_message = '"' . $localAction . "\"\t\"" . $score . "\""; $this->fraud_logger->info('"Filtered" ' . $log_message); $log_message = '"' . addslashes(json_encode($this->risk_score)) . '"'; $this->fraud_logger->info('"CustomFiltersScores" ' . $log_message); $utm = array('utm_campaign' => $this->gateway_adapter->getData_Unstaged_Escaped('utm_campaign'), 'utm_medium' => $this->gateway_adapter->getData_Unstaged_Escaped('utm_medium'), 'utm_source' => $this->gateway_adapter->getData_Unstaged_Escaped('utm_source')); $log_message = '"' . addslashes(json_encode($utm)) . '"'; $this->fraud_logger->info('"utm" ' . $log_message); // Always send a message if we're about to charge or redirect the donor // Only send a message on initial validation if things look fishy if ($phase === self::PHASE_VALIDATE || $localAction !== 'process') { $this->sendAntifraudMessage($localAction, $score, $this->risk_score); } if (!$this->gateway_adapter->isBatchProcessor()) { // Always keep the stored scores up to date WmfFramework::setSessionValue('risk_scores', $this->risk_score); } return TRUE; }