/** * Return result of 3ds authentication * @param array $post from RealexRedirectValidationModuleFrontController::postProcess() * @return xml */ public function requestRealvault3dsVerifysig($post) { $url = 'https://epage.payandshop.com/epage-remote-plugins.cgi'; $pares = (string) Tools::getValue('PaRes'); $merchantid = $this->merchant_id; $md64 = base64_decode(Tools::getValue('MD')); $blow = new BlowfishCore($this->shared_secret, $this->shared_secret); $decrypt = $blow->decrypt($md64); $infos = explode('$', $decrypt); $timestamp = $infos[0]; $orderid = $infos[1]; $currency = $infos[2]; $amount = $infos[3]; $payerref = $infos[4]; $paymentmethod = $infos[5]; $result = $infos[6]; $message = $infos[7]; $account = $infos[8]; $cvn = $infos[9]; $dcc = $infos[10]; $dcc_choice = $infos[11]; $autosettle = $infos[12]; $billing_code = $infos[13]; $billing_country = $infos[14]; $shipping_code = $infos[15]; $shipping_country = $infos[16]; $cardnumber = ''; $tmp = $timestamp . '.' . $merchantid . '.' . $orderid . '.' . $amount . '.' . $currency . '.' . $cardnumber; $sha1 = sha1($tmp); $sha1 = sha1($sha1 . '.' . $this->shared_secret); $xml = "<request timestamp='{$timestamp}' type='3ds-verifysig'>\r\n\t\t\t\t<merchantid>" . $merchantid . "</merchantid>\r\n\t\t\t\t<account>{$account}</account>\r\n\t\t\t\t<orderid>{$orderid}</orderid>\r\n\t\t\t\t<amount currency='{$currency}'>{$amount}</amount>\r\n\t\t\t\t<card>\r\n\t\t\t\t\t<number></number>\r\n\t\t\t\t\t<expdate></expdate>\r\n\t\t\t\t\t<type></type>\r\n\t\t\t\t\t<chname></chname>\r\n\t\t\t\t</card>\r\n\t\t\t\t<payerref>{$payerref}</payerref>\r\n\t\t\t\t<paymentmethod>{$paymentmethod}</paymentmethod>\r\n\t\t\t\t<pares>{$pares}</pares>\r\n\t\t\t\t<sha1hash>{$sha1}</sha1hash>\r\n\t\t\t</request>"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_USERAGENT, 'payandshop.com php version 0.9'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $xml); $response = curl_exec($ch); curl_close($ch); $xm = simplexml_load_string($response); $xm->addChild('currency', (string) $currency); $xm->addChild('amount', (int) $amount); $xm->addChild('cvn', (int) $cvn); $xm->addChild('dcc', (int) $dcc); $xm->addChild('dcc_choice', (string) $dcc_choice); $xm->addChild('payerref', (string) $payerref); $xm->addChild('paymentmethod', (string) $paymentmethod); $xm->addChild('billing_code', (string) $billing_code); $xm->addChild('billing_country', (string) $billing_country); $xm->addChild('shipping_code', (string) $shipping_code); $xm->addChild('shipping_country', (string) $shipping_country); $xm->addChild('autosettle', (int) $autosettle); return $xm; }
/** * @see FrontController::postProcess() */ public function postProcess() { $link = $this->context->link; $realex = new RealexRedirect(); if (Tools::isSubmit('choice_dcc')) { $xm = new SimpleXMLElement('<root/>'); if (Tools::getValue('DCCCHOICE_yes')) { $xm->addChild('cardholderrate', Tools::getValue('DCCAUTHRATE')); $xm->addChild('cardholderamount', Tools::getValue('DCCAUTHCARDHOLDERAMOUNT')); $xm->addChild('cardholdercurrency', Tools::getValue('DCCAUTHCARDHOLDERCURRENCY')); $xm->addChild('dcc_choice', Tools::getValue('DCCCHOICE_yes')); } elseif (Tools::getValue('DCCCHOICE_no')) { $xm->addChild('cardholderrate', (int) 1); $xm->addChild('cardholderamount', Tools::getValue('DCCAUTHMERCHANTAMOUNT')); $xm->addChild('cardholdercurrency', Tools::getValue('DCCAUTHMERCHANTCURRENCY')); $xm->addChild('dcc_choice', Tools::getValue('DCCCHOICE_yes')); } $xm->addChild('eci', Tools::getValue('eci')); $xm->addChild('cavv', Tools::getValue('cavv')); $xm->addChild('xid', Tools::getValue('xid')); $xm->addChild('dcc', Tools::getValue('DCCCCP')); $xm->addChild('dcc_merchant_currency', Tools::getValue('DCCAUTHMERCHANTCURRENCY')); $xm->addChild('dcc_merchant_amount', Tools::getValue('DCCAUTHMERCHANTAMOUNT')); $xm->addAttribute('timestamp', Tools::getValue('TIMESTAMP')); $xm->addChild('sha1hash', Tools::getValue('SHA1HASH')); $xm->addChild('payerref', Tools::getValue('PAYER_REF')); $xm->addChild('paymentmethod', Tools::getValue('PMT_REF')); $xm->addChild('account', Tools::getValue('ACCOUNT')); $xm->addChild('orderid', Tools::getValue('ORDER_ID')); $xm->addChild('currency', Tools::getValue('CURRENCY')); $xm->addChild('amount', Tools::getValue('AMOUNT')); $cvn = Tools::getValue('cvn'); if ($cvn) { $xm->addChild('cvn', Tools::getValue('cvn')); } $xm->addChild('billing_code', Tools::getValue('BILLING_CODE')); $xm->addChild('billing_country', Tools::getValue('BILLING_CO')); $xm->addChild('shipping_code', Tools::getValue('SHIPPING_CODE')); $xm->addChild('shipping_country', Tools::getValue('SHIPPING_CO')); $xm->addChild('autosettle', Tools::getValue('AUTO_SETTLE_FLAG')); $xm = $realex->requestRealvaultReceiptIn($xm, false, true); $realex->manageOrder($xm); } elseif (Tools::isSubmit('PaRes')) { $xm = $realex->requestRealvault3dsVerifysig($_POST); $result = (string) $xm->result; $status = (string) $xm->threedsecure->status; $eci = (string) $xm->threedsecure->eci; $cavv = (string) $xm->threedsecure->cavv; $xid = (string) $xm->threedsecure->xid; $xm->addChild('cavv', $cavv); $xm->addChild('xid', $xid); $md64 = base64_decode(Tools::getValue('MD')); $blow = new BlowfishCore($realex->shared_secret, $realex->shared_secret); $decrypt = $blow->decrypt($md64); $infos = explode('$', $decrypt); if ($status == 'N' || $status == 'U' || $result != '00') { unset($xm->threedsecure->eci); unset($xm->eci); if ($infos[17] == 'VISA') { $xm->addChild('eci', '7'); } elseif ($infos[17] == 'MC') { $xm->addChild('eci', '0'); } } else { $xm->addChild('eci', $eci); } if ($result == '520') { $xm->addChild('orderid', $infos[1]); $xm->addChild('account', $infos[8]); } if (($status == 'N' || $status == 'U' || $result != '00') && $realex->liability) { if ($result == '110') { unset($xm->threedsecure->eci); unset($xm->eci); if ($infos[17] == 'VISA') { $xm->addChild('eci', '7'); } elseif ($infos[17] == 'MC') { $xm->addChild('eci', '0'); } } $realex->manageOrder($xm, true, true); } else { $xm = $realex->requestRealvaultReceiptIn($xm); $realex->manageOrder($xm); } } elseif (Tools::isSubmit('submit_registered')) { $type_card = Tools::getValue('TYPE_CARD'); if ($realex->cvn && !Tools::getValue('cvn') || $realex->cvn && (!is_numeric(Tools::getValue('cvn')) || Tools::strlen(Tools::getValue('cvn')) != 3 && $type_card != 'AMEX' || Tools::strlen(Tools::getValue('cvn')) != 4 && $type_card == 'AMEX')) { Tools::redirect($link->getModuleLink('realexredirect', 'payment?error=cvn', array(), true)); exit; } if (Tools::getValue('THREEDS') == 1) { $xm = $realex->requestRealvault3dsVerifyenrolled($_POST); $result = $xm->result; $enrolled = (string) $xm->enrolled; if ($result == '00') { $timestamp = (string) $xm->attributes()->timestamp; $orderid = (string) $xm->orderid; $currency = (string) $xm->currency; $amount = (string) $xm->amount; $payerref = (string) $xm->payerref; $paymentmethod = (string) $xm->paymentmethod; $url_redirect = (string) $xm->url; $pareq = (string) $xm->pareq; $message = (string) $xm->message; $authcode = (string) $xm->authcode; $pasref = (string) $xm->pasref; $account = (string) $xm->account; $autosettle = (string) $xm->autosettle; $autosettle = (string) $xm->autosettle; $md = (string) $timestamp . '$' . $orderid . '$' . $currency . '$' . $amount . '$' . $payerref . '$' . $paymentmethod . '$' . $result . '$' . $message . '$' . $account . '$' . Tools::getValue('cvn') . '$' . Tools::getValue('DCC') . '$' . Tools::getValue('DCC_CHOICE') . '$' . $autosettle . '$' . Tools::getValue('BILLING_ZIP') . '|' . Tools::getValue('BILLING_STREETNUMBER') . '$' . Tools::getValue('BILLING_CO') . '$' . Tools::getValue('SHIPPING_ZIP') . '|' . Tools::getValue('SHIPPING_STREETNUMBER') . '$' . Tools::getValue('SHIPPING_CO') . '$' . Tools::getValue('TYPE_CARD'); $blow = new BlowfishCore($realex->shared_secret, $realex->shared_secret); $crypt = $blow->encrypt($md); $md64 = base64_encode($crypt); ?> <HTML> <HEAD> <TITLE><?php echo $realex->l('3D Secure verification'); ?> </TITLE> <SCRIPT LANGUAGE="Javascript" > <!-- function OnLoadEvent() { document.form.submit(); } //--> </SCRIPT> </HEAD> <BODY onLoad="OnLoadEvent()"> <FORM NAME="form" ACTION="<?php echo $url_redirect; ?> " METHOD="POST"> <INPUT TYPE="hidden" NAME="PaReq" VALUE="<?php echo $pareq; ?> "> <INPUT TYPE="hidden" NAME="TermUrl" VALUE="<?php echo $realex->url_validation; ?> "> <INPUT TYPE="hidden" NAME="MD" VALUE="<?php echo $md64; ?> "> <NOSCRIPT><INPUT TYPE="submit"></NOSCRIPT> </FORM> </BODY> </HTML> <?php exit; } else { if ($enrolled == 'N') { if ($type_card == 'VISA') { $xm->addChild('eci', '6'); } elseif ($type_card == 'MC') { $xm->addChild('eci', '1'); } } else { if ($type_card == 'VISA') { $xm->addChild('eci', '7'); } elseif ($type_card == 'MC') { $xm->addChild('eci', '0'); } } if ($enrolled == 'N' || !$realex->liability) { unset($xm->dcc); unset($xm->cvn); if (Tools::getValue('cvn')) { $xm->addChild('cvn', Tools::getValue('cvn')); } $xm->addChild('dcc', Tools::getValue('DCC')); $xm->addChild('dcc_choice', Tools::getValue('DCC_CHOICE')); $xm->addChild('billing_code', Tools::getValue('BILLING_ZIP') . '|' . Tools::getValue('BILLING_STREETNUMBER')); $xm->addChild('billing_country', Tools::getValue('BILLING_CO')); $xm->addChild('shipping_code', Tools::getValue('SHIPPING_ZIP') . '|' . Tools::getValue('SHIPPING_STREETNUMBER')); $xm->addChild('shipping_country', Tools::getValue('SHIPPING_CO')); $xm = $realex->requestRealvaultReceiptIn($xm); $realex->manageOrder($xm); } else { $xm->addChild('orderid', Tools::getValue('ORDER_ID')); $realex->manageOrder($xm, true, true); } } } else { $xm = new SimpleXMLElement('<root/>'); $xm->addAttribute('timestamp', Tools::getValue('TIMESTAMP')); $xm->addChild('sha1', Tools::getValue('SHA1HASH')); $xm->addChild('account', Tools::getValue('ACCOUNT')); $xm->addChild('orderid', Tools::getValue('ORDER_ID')); $xm->addChild('currency', Tools::getValue('CURRENCY')); $xm->addChild('amount', Tools::getValue('AMOUNT')); $xm->addChild('cvn', Tools::getValue('cvn')); $xm->addChild('dcc', Tools::getValue('DCC')); $xm->addChild('dcc_choice', Tools::getValue('DCC_CHOICE')); $xm->addChild('autosettle', Tools::getValue('AUTO_SETTLE_FLAG')); $xm->addChild('payerref', Tools::getValue('PAYER_REF')); $xm->addChild('paymentmethod', Tools::getValue('PMT_REF')); $xm->addChild('billing_code', Tools::getValue('BILLING_ZIP') . '|' . Tools::getValue('BILLING_STREETNUMBER')); $xm->addChild('billing_country', Tools::getValue('BILLING_CO')); $xm->addChild('shipping_code', Tools::getValue('SHIPPING_ZIP') . '|' . Tools::getValue('SHIPPING_STREETNUMBER')); $xm->addChild('shipping_country', Tools::getValue('SHIPPING_CO')); $xm = $realex->requestRealvaultReceiptIn($xm); $realex->manageOrder($xm); } } elseif (Tools::isSubmit('RESULT')) { $xm = new SimpleXMLElement('<root/>'); $xm->addAttribute('timestamp', Tools::getValue('TIMESTAMP')); $xm->addChild('result', Tools::getValue('RESULT')); $xm->addChild('message', Tools::getValue('MESSAGE')); $xm->addChild('authcode', Tools::getValue('AUTHCODE')); $xm->addChild('pasref', Tools::getValue('PASREF')); $xm->addChild('sha1hash', Tools::getValue('SHA1HASH')); $tss = $xm->addChild('tss'); $tss->addChild('result', Tools::getValue('TSS')); $xm->addChild('eci', Tools::getValue('ECI')); $xm->addChild('avspostcoderesponse', Tools::getValue('AVSPOSTCODERESULT')); $xm->addChild('avsaddressresponse', Tools::getValue('AVSADDRESSRESULT')); $xm->addChild('RV', Tools::getValue('REALWALLET_CHOSEN')); $xm->addChild('RVSavedPayerRef', Tools::getValue('SAVED_PAYER_REF')); $xm->addChild('RVSavedPaymentRef', Tools::getValue('SAVED_PMT_REF')); $xm->addChild('RVSavedPaymentType', Tools::getValue('SAVED_PMT_TYPE')); $xm->addChild('RVPmtResponse', Tools::getValue('PMT_SETUP')); $xm->addChild('RVPmtDigits', Tools::getValue('SAVED_PMT_DIGITS')); $rvpmt_exp = Tools::getValue('SAVED_PMT_EXPDATE'); $xm->addChild('RVPmtExpFormat', $rvpmt_exp[0] . $rvpmt_exp[1] . '/' . $rvpmt_exp[2] . $rvpmt_exp[3]); $xm->addChild('account', Tools::getValue('ACCOUNT')); $xm->addChild('orderid', Tools::getValue('ORDER_ID')); $xm->addChild('currency', Tools::getValue('CURRENCY')); $xm->addChild('amount', Tools::getValue('AMOUNT')); $xm->addChild('cvn', Tools::getValue('cvn')); $xm->addChild('dcc', Tools::getValue('DCCCCP')); $xm->addChild('dcc_choice', Tools::getValue('DCCCHOICE')); $xm->addChild('dcc_rate', Tools::getValue('DCCAUTHRATE')); $xm->addChild('dcc_cardholder_amount', Tools::getValue('DCCAUTHCARDHOLDERAMOUNT')); $xm->addChild('dcc_cardholder_currency', Tools::getValue('DCCAUTHCARDHOLDERCURRENCY')); $xm->addChild('dcc_merchant_currency', Tools::getValue('DCCAUTHMERCHANTCURRENCY')); $xm->addChild('dcc_merchant_amount', Tools::getValue('DCCAUTHMERCHANTAMOUNT')); $xm->addChild('autosettle', Tools::getValue('AUTO_SETTLE_FLAG')); $tmp = Tools::getValue('TIMESTAMP'); $tmp .= '.' . $realex->merchant_id; $tmp .= '.' . Tools::getValue('ORDER_ID'); $tmp .= '.' . Tools::getValue('RESULT'); $tmp .= '.' . Tools::getValue('MESSAGE'); $tmp .= '.' . Tools::getValue('PASREF'); $tmp .= '.' . Tools::getValue('AUTHCODE'); $sha1hash = sha1($tmp); $tmp = $sha1hash . '.' . $realex->shared_secret; $sha1hash = sha1($tmp); if ($sha1hash != Tools::getValue('SHA1HASH')) { die($this->l("hashes don't match - response not authenticated!", 'validation')); } else { $realex->manageOrder($xm, false); } } }