/** * @param array $config * @param int $id_transaction * @param string $transaction_hash * @param array $options * @return array|string */ function presta_paypal_payer_acte_dist($config, $id_transaction, $transaction_hash, $options = array()) { include_spip('presta/paypal/inc/paypal'); $contexte = array('action' => paypal_url_serveur($config), 'url_return' => bank_url_api_retour($config, "response"), 'url_notify' => bank_url_api_retour($config, "autoresponse"), 'url_cancel' => bank_url_api_retour($config, "cancel"), 'id_transaction' => $id_transaction, 'transaction_hash' => $transaction_hash, 'sandbox' => paypal_is_sandbox($config), 'logo' => bank_trouver_logo('paypal', 'PAYPAL.gif'), 'config' => $config); $contexte = array_merge($options, $contexte); return recuperer_fond('presta/paypal/payer/acte', $contexte); }
/** * Verifier que la notification de paiement vient bien de paypal ! * @param array $config * @param bool $is_ipn * @return bool */ function paypal_get_response($config, $is_ipn = false) { $mode = $config['presta']; if (isset($config['mode_test']) and $config['mode_test']) { $mode .= "_test"; } $bank_recuperer_post_https = charger_fonction("bank_recuperer_post_https", "inc"); // recuperer le POST $response = array(); foreach ($_POST as $key => $value) { $response[$key] = $value; } if (isset($response['tx']) and $response['tx']) { $tx = $response['tx']; } elseif (isset($response['txn_id']) and $response['txn_id']) { $tx = $response['txn_id']; } else { $tx = _request('tx'); } if (!$tx) { bank_transaction_invalide(0, array('mode' => $mode, 'erreur' => "Reponse sans tx ni txn_id", 'log' => bank_shell_args($response))); return false; } // si on a un $tx et un identity token dans la config on l'utilise de preference (PDT) if ($tx and isset($config['IDENTITY_TOKEN']) and $config['IDENTITY_TOKEN']) { $post_check = array('cmd' => '_notify-synch', 'tx' => $tx, 'at' => $config['IDENTITY_TOKEN']); // envoyer la demande de verif en post // attention, c'est une demande en ssl, il faut avoir un php qui le supporte $url = paypal_url_serveur($config); list($resultat, $erreur, $erreur_msg) = $bank_recuperer_post_https($url, $post_check, isset($response['payer_id']) ? $response['payer_id'] : ''); $resultat = trim($resultat); if (strncmp($resultat, "SUCCESS", 7) == 0) { $resultat = trim(substr($resultat, 7)); $resultat = explode("\n", $resultat); $resultat = array_map("trim", $resultat); $resultat = implode("&", $resultat); parse_str($resultat, $response); return paypal_charset_reponse($response); } // donnees invalides bank_transaction_invalide(0, array('mode' => $mode, 'erreur' => "Retour PDT :{$resultat}:Erreur {$erreur}:{$erreur_msg}:", 'log' => bank_shell_args($response))); return false; } if (!$response) { bank_transaction_invalide(0, array('mode' => $mode, 'sujet' => 'Paypal IDENTITY_TOKEN manquant', 'erreur' => "IDENTITY_TOKEN manquant pour decoder la reponse", 'log' => "tx={$tx}")); return false; } // ce n'est pas l'IPN, on ne sait pas verifier autrement // on "fait confiance" a la reponse telle quelle if (!$is_ipn) { // mais on le log+mail pour information du webmestre bank_transaction_invalide(0, array('mode' => $mode, 'sujet' => 'Transaction non securisee', 'erreur' => "IDENTITY_TOKEN non configure, impossible de verifier la reponse de Paypal (possible fraude)", 'log' => bank_shell_args($response))); // et on utilise la response return paypal_charset_reponse($response); } // notif de debug pour tests /* $response = json_decode ( '{ "residence_country": "US", "invoice": "abc1234", "address_city": "San Jose", "first_name": "John", "payer_id": "TESTBUYERID01", "shipping": "3.04", "mc_fee": "0.44", "txn_id": "611422392", "receiver_email": "*****@*****.**", "quantity": "1", "custom": "xyz123", "payment_date": "22:29:21 28 Oct 2013 PDT", "address_country_code": "US", "address_zip": "95131", "tax": "2.02", "item_name": "something", "address_name": "John Smith", "last_name": "Smith", "receiver_id": "*****@*****.**", "item_number": "AK-1234", "verify_sign": "AiPC9BjkCyDFQXbSkoZcgqH3hpacAaChsjNZq2jHG82F97aoFSMa6SED", "address_country": "United States", "payment_status": "Completed", "address_status": "confirmed", "business": "*****@*****.**", "payer_email": "*****@*****.**", "notify_version": "2.1", "txn_type": "web_accept", "test_ipn": "1", "payer_status": "verified", "mc_currency": "USD", "mc_gross": "12.34", "address_state": "CA", "mc_gross1": "12.34", "payment_type": "echeck", "address_street": "123, any street" }', true ); */ // lire la publication du systeme PayPal et ajouter 'cmd' en tete $post_check = array('cmd' => '_notify-validate'); foreach ($response as $k => $v) { $post_check[$k] = $v; } // envoyer la demande de verif en post // attention, c'est une demande en ssl, il faut avoir un php qui le supporte $c = $config; if (isset($response['test_ipn']) and $response['test_ipn']) { $c['mode_test'] = true; } else { $c['mode_test'] = false; } $url = paypal_url_serveur($c); list($resultat, $erreur, $erreur_msg) = $bank_recuperer_post_https($url, $post_check, isset($post_check['payer_id']) ? $post_check['payer_id'] : ''); if (strncmp(trim($resultat), 'VERIFIE', 7) == 0) { return paypal_charset_reponse($response); } bank_transaction_invalide(0, array('mode' => $mode, 'erreur' => "Retour IPN :{$resultat}:Erreur {$erreur}:{$erreur_msg}:", 'log' => bank_shell_args($response))); return false; }