public function ProcessGatewayPing()
{
$transactionid = $_REQUEST['transaction_id'];
$order_id = $_REQUEST['order_id'];
$amount = $_REQUEST['amount'];
$from_email = $_REQUEST['from_email'];
$session = $_REQUEST['session'];
$GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->GetName()), 'APC Pingback');
$this->SetOrderData(LoadPendingOrdersByToken($session));
if (md5($GLOBALS['ISC_CFG']['serverStamp'] . number_format($amount, 2) . $this->GetValue('merchantid') . $session) != $_REQUEST['hash']) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'HashMismatch'));
return false;
}
if (function_exists("curl_exec")) {
// Use CURL if it's available
$ch = curl_init('https://www.nochex.com/nochex.dll/apc/apc');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($_POST));
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
@curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
// Setup the proxy settings if there are any
if (GetConfig('HTTPProxyServer')) {
curl_setopt($ch, CURLOPT_PROXY, GetConfig('HTTPProxyServer'));
if (GetConfig('HTTPProxyPort')) {
curl_setopt($ch, CURLOPT_PROXYPORT, GetConfig('HTTPProxyPort'));
}
}
if (GetConfig('HTTPSSLVerifyPeer') == 0) {
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
}
$result = curl_exec($ch);
if (curl_errno($ch)) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'CurlError'));
return false;
}
}
if (isset($result) && $result == 'AUTHORISED') {
$GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'Success'));
// Update the status for all orders that we've just received the payment for
foreach ($this->GetOrders() as $orderId => $order) {
$status = ORDER_STATUS_AWAITING_FULFILLMENT;
// If it's a digital order & awaiting fulfillment, automatically complete it
if ($order['ordisdigital'] && ORDER_STATUS_AWAITING_FULFILLMENT) {
$status = ORDER_STATUS_COMPLETED;
}
UpdateOrderStatus($orderId, $status);
}
return true;
}
return false;
}
public function ProcessGatewayPing()
{
try {
if (!isset($_REQUEST['SessionToken'])) {
exit;
}
$sessionToken = explode('_', $_REQUEST['SessionToken'], 2);
$this->SetOrderData(LoadPendingOrdersByToken($sessionToken[0]));
$amount = $_REQUEST['amount'];
$currency = $_REQUEST['currency'];
$storeCurrency = GetDefaultCurrency();
$storeCurrency = $storeCurrency['currencycode'];
if ($amount != $this->GetGatewayAmount() || $this->GetGatewayAmount() == 0) {
exit;
}
if ($storeCurrency != $currency) {
exit;
}
switch ($_REQUEST['status']) {
case '5':
$newOrderStatus = ORDER_STATUS_AWAITING_FULFILLMENT;
break;
default:
$newOrderStatus = ORDER_STATUS_DECLINED;
break;
}
if ($this->GetOrderStatus() == ORDER_STATUS_INCOMPLETE) {
session_write_close();
$session = new ISC_SESSION($sessionToken[1]);
$orderClass = GetClass('ISC_ORDER');
$orderClass->EmptyCartAndKillCheckout();
}
foreach ($this->GetOrders() as $orderId => $order) {
if ($order['ordisdigital'] && $newOrderStatus == ORDER_STATUS_AWAITING_FULFILLMENT) {
$status = ORDER_STATUS_COMPLETED;
}
UpdateOrderStatus($orderId, $newOrderStatus);
}
$updatedOrder = array('ordpayproviderid' => $_REQUEST['payid'], 'ordpaymentstatus' => 'captured');
$this->UpdateOrders($updatedOrder);
$oldStatus = GetOrderStatusById($order['ordstatus']);
if (!$oldStatus) {
$oldStatus = 'Incomplete';
}
$newStatus = GetOrderStatusById($newOrderStatus);
$extra = sprintf(GetLang('OgoneSuccessDetails'), $order['orderid'], $order['ordgatewayamount'], $_REQUEST['PAYID'], $_REQUEST['STATUS'], $newStatus, $oldStatus);
$GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->_name), GetLang('OgoneSuccess'), $extra);
} catch (Exception $e) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError($e->getMessage());
}
return true;
}
public function ProcessGatewayPing()
{
$pName = $_REQUEST['payer_name'];
$pEmail = $_REQUEST['payer_email'];
$qta = $_REQUEST['qta'];
$thxId = $_REQUEST['thx_id'];
$sessionToken = explode('_', $_REQUEST['custom'], 2);
$payerId = $_REQUEST['payer_id'];
$amount = $_REQUEST['amount'];
$this->SetOrderData(LoadPendingOrdersByToken($sessionToken[0]));
if ($this->GetGatewayAmount() == 0) {
exit;
}
if ($amount != $this->GetGatewayAmount()) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), sprintf(GetLang($this->_languagePrefix . 'AmountMismatch'), $this->GetGatewayAmount(), $amount));
return false;
}
if (isset($_REQUEST['payer_email'])) {
$updatedOrder = array('ordpayproviderid' => $pEmail, 'ordpaymentstatus' => 'captured');
$this->UpdateOrders($updatedOrder);
}
$GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'Success'));
// If the order was previously incomplete, we need to do some extra work
if ($this->GetOrderStatus() == ORDER_STATUS_INCOMPLETE) {
// If a customer doesn't return to the store from PayPal, their cart will never be
// emptied. So what we do here, is if we can, load up the existing customers session
// and empty the cart and kill the checkout process. When they next visit the store,
// everything should be "hunky-dory."
session_write_close();
$session = new ISC_SESSION($sessionToken[1]);
$orderClass = GetClass('ISC_ORDER');
$orderClass->EmptyCartAndKillCheckout();
}
// Update the status for all orders that we've just received the payment for
foreach ($this->GetOrders() as $orderId => $order) {
$status = ORDER_STATUS_AWAITING_FULFILLMENT;
// If it's a digital order & awaiting fulfillment, automatically complete it
if ($order['ordisdigital'] && ORDER_STATUS_AWAITING_FULFILLMENT) {
$status = ORDER_STATUS_COMPLETED;
}
UpdateOrderStatus($orderId, $status);
}
return true;
}
private function SetOrderData()
{
// Some payment providers like WorldPay simply "fetch" FinishOrder.php and so it
// doesn't factor in cookies stored by Unreal Shopping Cart, so we have to pass back the
// order token manually from those payment providers. We do this by taking the
// cart ID passed back from the provider which stores the order's unique token.
if(isset($_COOKIE['SHOP_ORDER_TOKEN'])) {
$this->orderToken = $_COOKIE['SHOP_ORDER_TOKEN'];
}
else if(isset($_REQUEST['provider'])) {
GetModuleById('checkout', $this->paymentProvider, $_REQUEST['provider']);
if(in_array("GetOrderToken", get_class_methods($this->paymentProvider))) {
$this->orderToken = $this->paymentProvider->GetOrderToken();
}
else {
ob_end_clean();
header(sprintf("Location:%s", $GLOBALS['ShopPath']));
die();
}
}
// Load the pending orders from the database
$this->pendingData = LoadPendingOrdersByToken($this->orderToken, true);
if(!$this->orderToken || $this->pendingData === false) {
$this->BadOrder();
exit;
}
if($this->paymentProvider === null) {
GetModuleById('checkout', $this->paymentProvider, $this->pendingData['paymentmodule']);
}
if($this->paymentProvider) {
$this->paymentProvider->SetOrderData($this->pendingData);
}
}
public function ProcessGatewayPing()
{
$this->SetOrderData(LoadPendingOrdersByToken($_REQUEST['USER1']));
if ($this->GetGatewayAmount() == 0) {
return false;
}
$orderid = $this->GetCombinedOrderId();
$hash = md5($GLOBALS['ISC_CFG']['serverStamp'] . $_REQUEST['AMOUNT'] . $orderid . $_REQUEST['USER1'] . $this->GetValue('paypallogin') . $this->GetValue('paypalpartner'));
if ($_REQUEST['USER2'] != $hash) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'HashMismatch'));
return false;
}
if (!isset($_REQUEST['INVOICE']) || $orderid != $_REQUEST['INVOICE']) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'OrderMismatch'), sprintf("Sent %s. Received %s", $orderid, $_REQUEST['INVOICE']));
return false;
}
if ($this->GetGatewayAmount() != $_REQUEST['AMOUNT']) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'PaymentMismatch'), sprintf("Sent %s. Received %s", $this->GetGatewayAmount(), $_REQUEST['AMOUNT']));
return false;
}
if ($_REQUEST['RESULT'] == 0 && $_REQUEST['RESPMSG'] == 'Approved') {
$GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'Success'));
// Update the status for all orders that we've just received the payment for
foreach ($this->GetOrders() as $orderId => $order) {
$status = ORDER_STATUS_AWAITING_FULFILLMENT;
// If it's a digital order & awaiting fulfillment, automatically complete it
if ($order['ordisdigital'] && ORDER_STATUS_AWAITING_FULFILLMENT) {
$status = ORDER_STATUS_COMPLETED;
}
UpdateOrderStatus($orderId, $status);
}
return true;
}
// $transactionId = $_REQUEST['PNREF'];
return false;
}
/**
* Do we need to subscribe the customer to either of our mailing lists?
* If they ticked yes then the appropriate cookies were set before they
* chose their shipping provider and entered their payment details
*/
function SubscribeCustomerToLists($pendingOrderToken)
{
$orders = LoadPendingOrdersByToken($pendingOrderToken);
$order = current($orders['orders']);
$email = $order['ordbillemail'];
$firstName = $order['ordbillfirstname'];
foreach($orders['orders'] as $order) {
$extraInfo =array();
if(isset($order['extrainfo']) && $order['extrainfo'] != '') {
$extraInfo = @unserialize($order['extrainfo']);
}
$format = Interspire_EmailIntegration_Subscription::FORMAT_PREF_NONE;
if (isset($extraInfo['mail_format_preference'])) {
$format = (int)$extraInfo['mail_format_preference'];
}
// Should we add them to our newsletter mailing list?
if(isset($extraInfo['join_mailing_list']) && $extraInfo['join_mailing_list'] == 1) {
$subscription = new Interspire_EmailIntegration_Subscription_Newsletter($email, $firstName);
$subscription->setDoubleOptIn(GetConfig('EmailIntegrationOrderDoubleOptin')); // override newsletter double-opt-in preference with order double-opt-in preference when subscribing someone to newsletter list through the checkout
$subscription->setSendWelcome(GetConfig('EmailIntegrationOrderSendWelcome')); // as above
$subscription->setEmailFormatPreference($format);
$subscription->routeSubscription();
}
// Should we add them to our special offers & discounts mailing list?
if(isset($extraInfo['join_order_list']) && $extraInfo['join_order_list']) {
$subscription = new Interspire_EmailIntegration_Subscription_Order($order['orderid']);
$subscription->setEmailFormatPreference($format);
$subscription->routeSubscription();
}
}
}
public function ProcessGatewayPing()
{
if (!isset($_POST['ordertoken'])) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'ErrorInvalid'));
return false;
}
$this->SetOrderData(LoadPendingOrdersByToken($_POST['ordertoken']));
if (!isset($_POST['hash']) || !isset($_POST['amount']) || !isset($_POST['currency']) || !isset($_POST['orderref']) || !isset($_POST['ordertoken'])) {
$this->TransferToProvider('Card Details Invalid', $_POST['ordertoken']);
}
if ($_POST['hash'] != md5($this->GetValue('SecretWord') . $_POST['orderref'] . $this->GetValue('MerchantId') . $_POST['amount'] . $_POST['currency'])) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'ErrorInvalid'));
return false;
}
$updatedOrder = array('ordpayproviderid' => $_REQUEST['streference'], 'ordpaymentstatus' => 'captured');
$this->UpdateOrders($updatedOrder);
foreach ($this->GetOrders() as $orderId => $order) {
$status = ORDER_STATUS_AWAITING_FULFILLMENT;
// If it's a digital order & awaiting fulfillment, automatically complete it
if ($order['ordisdigital']) {
$status = ORDER_STATUS_COMPLETED;
}
UpdateOrderStatus($orderId, $status);
}
$GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'Success'));
header('Location: ' . $GLOBALS['ShopPath'] . '/finishorder.php');
return true;
}
public function ProcessGatewayPing()
{
/*
orderID Your order reference
amount Order amount (not multiplied by 100)
currency Currency of the order
PM Payment method
ACCEPTANCE Acceptance code returned by acquirer
STATUS Transaction status
CARDNO Masked card number
PAYID Payment reference in our system
NCERROR Error code
BRAND Card brand (our system derives it from the card number) or similar information for other payment methods.
SHASIGN SHA signature composed by our system, if SHA-out configured by you.
*/
if(!isset($_REQUEST['OrderToken'])) {
exit;
}
if (!isset($_REQUEST['orderID']) || !isset($_REQUEST['amount']) || !isset($_REQUEST['currency']) || !isset($_REQUEST['STATUS'])) {
// Bad order details
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang('OgoneErrorInvalid'), print_r($_POST, true));
return false;
}
// ogone response data
$orderId = $_REQUEST['orderID'];
$amount = $_REQUEST['amount'];
$currency = $_REQUEST['currency'];
$status = $_REQUEST['STATUS'];
$transactionId = $_REQUEST['PAYID'];
$errorCode = $_REQUEST['NCERROR'];
$orderToken = $_REQUEST['OrderToken'];
$sessionToken = $_REQUEST['SessionToken'];
$this->SetOrderData(LoadPendingOrdersByToken($orderToken));
// expected values
$combinedOrderId = $this->GetCombinedOrderId();
$gateway_amount = number_format($this->GetGatewayAmount(), 2, '.', '');
$defaultcurrency = GetDefaultCurrency();
// verify the SHA Sign
$shaParamsToCheck = array(
'AAVADDRESS', 'AAVCHECK', 'AAVZIP', 'ACCEPTANCE', 'ALIAS', 'AMOUNT', 'BRAND', 'CARDNO', 'CCCTY', 'CN', 'COMPLUS', 'CURRENCY', 'CVCCHECK',
'DCC_COMMPERCENTAGE', 'DCC_CONVAMOUNT', 'DCC_CONVCCY', 'DCC_EXCHRATE', 'DCC_EXCHRATESOURCE', 'DCC_EXCHRATETS', 'DCC_INDICATOR', 'DCC_MARGINPERCENTAGE', 'DCC_VALIDHOUS',
'DIGESTCARDNO', 'ECI', 'ED', 'ENCCARDNO', 'IP', 'IPCTY', 'NBREMAILUSAGE', 'NBRIPUSAGE', 'NBRIPUSAGE_ALLTX', 'NBRUSAGE', 'NCERROR',
'ORDERID', 'PAYID', 'PM', 'SCO_CATEGORY', 'SCORING', 'STATUS', 'SUBSCRIPTION_ID', 'TRXDATE', 'VC',
);
$checkRequest = array_change_key_case($_REQUEST, CASE_UPPER);
$signature = $this->GetValue("signature_out");
$stringToHash = '';
foreach ($shaParamsToCheck as $param) {
if (!isset($checkRequest[$param]) || $checkRequest[$param] == '') {
continue;
}
$stringToHash .= $param . '=' . $checkRequest[$param] . $signature;
}
$sha = strtoupper(sha1($stringToHash));
if ($sha != $_REQUEST['SHASIGN']) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang('OgoneErrorInvalid', array('orderId' => $orderId)), print_r($_POST, true));
return false;
}
// The values passed don't match what we expected
if($orderId != $combinedOrderId || $amount != $gateway_amount || $currency != $defaultcurrency['currencycode']) {
$errorMsg = GetLang('OgoneErrorDetailsNoMatch', array(
"total" => $amount,
"expectedTotal" => $gateway_amount,
"orderId" => $orderId,
"expectedOrderId" => $combinedOrderId,
"currency" => $currency,
"expectedCurrency" => $defaultcurrency['currencycode'],
"status" => $status
));
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang('OgoneErrorInvalid', array('orderId' => $orderId)), $errorMsg);
return false;
}
$paymentStatus = '';
$statusLang = $status;
switch($status) {
case '0': // incomplete
case '1': // cancelled by customer
$newOrderStatus = ORDER_STATUS_INCOMPLETE;
break;
case '2': // auth refused
$newOrderStatus = ORDER_STATUS_DECLINED;
break;
case '5': // authorized
$newOrderStatus = ORDER_STATUS_AWAITING_PAYMENT;
break;
case '51': // awaiting authorization
case '52': // authorization unknown
$newOrderStatus = ORDER_STATUS_PENDING;
break;
case '6': // authorized and cancelled
$newOrderStatus = ORDER_STATUS_INCOMPLETE;
break;
case '7': // payment deleted
case '74': // payment deleted
$newOrderStatus = ORDER_STATUS_AWAITING_PAYMENT;
break;
case '8': // refund
$newOrderStatus = ORDER_STATUS_REFUNDED;
break;
case '9': // payment authorized and captured
$newOrderStatus = ORDER_STATUS_AWAITING_FULFILLMENT;
break;
case '91': // awaiting payment
case '93': // payment refused (tech problem or expired auth)
$newOrderStatus = ORDER_STATUS_AWAITING_PAYMENT;
break;
case '92': // unknown payment
$newOrderStatus = ORDER_STATUS_PENDING;
break;
case '94': // payment declined by aquirer
$newOrderStatus = ORDER_STATUS_DECLINED;
break;
default :
$newOrderStatus = ORDER_STATUS_DECLINED;
$statusLang = 'Unknown';
break;
}
// if the order is currently incomplete and the new status isn't incomplete (ie. transaction cancelled by customer), then empty the cart
if($this->GetOrderStatus() == ORDER_STATUS_INCOMPLETE && $newOrderStatus != ORDER_STATUS_INCOMPLETE) {
session_write_close();
$session = new ISC_SESSION($sessionToken);
EmptyCartAndKillCheckout();
}
// update orders with the transaction id
$updatedOrder = array(
'ordpayproviderid' => $transactionId
);
// if captured then update pay status in order
if ($newOrderStatus == ORDER_STATUS_AWAITING_FULFILLMENT) {
$updatedOrder['ordpaymentstatus'] = 'captured';
}
$this->UpdateOrders($updatedOrder);
// we only want to notify the customer of a successfull order
$emailCustomer = false;
if ($newOrderStatus != ORDER_STATUS_INCOMPLETE) {
$emailCustomer = true;
}
// update order statuses
foreach($this->GetOrders() as $orderId => $order) {
// digital orders should complete right away if captured
if($order['ordisdigital'] && $newOrderStatus == ORDER_STATUS_AWAITING_FULFILLMENT) {
$newOrderStatus = ORDER_STATUS_COMPLETED;
}
UpdateOrderStatus($orderId, $newOrderStatus, $emailCustomer);
}
// Log this payment response
$oldStatus = GetOrderStatusById($order['ordstatus']);
if(!$oldStatus) {
$oldStatus = 'Incomplete';
}
$newStatus = GetOrderStatusById($newOrderStatus);
if (!$newStatus) {
$newStatus = 'Incomplete';
}
$extra = GetLang('OgoneSuccessDetails', array(
"orderId" => implode(', ', array_keys($this->GetOrders())),
"amount" => $gateway_amount,
"paymentId" => $transactionId,
"paymentStatus" => $status,
"paymentDesc" => GetLang('OgoneTransactionStatus' . $statusLang),
"newStatus" => $newStatus,
"oldStatus" => $oldStatus
));
$GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->_name), GetLang('OgoneSuccess', array('orderId' => $orderId)), $extra);
return true;
}
/**
* Load a pending order from the pending orders table.
*
* @param string The token of the pending order to load.
* @return array Array containing the pending order.
* @deprecated 4.0
* @see LoadPendingOrdersByToken()
*/
function LoadPendingOrderByToken($Token = "")
{
// echo "WARNING: LoadPendingOrderByToken called.";
// echo trace();
$orderData = LoadPendingOrdersByToken($Token);
if ($orderData === false) {
return false;
}
$order = current($orderData['orders']);
return $order;
}
public function ProcessGatewayPing()
{
$siteid = $_REQUEST['site_id'];
$productid = $_REQUEST['product_id'];
$email = $_REQUEST['email'];
$country = $_REQUEST['country'];
$name = $_REQUEST['name'];
$city = $_REQUEST['city'];
$street = $_REQUEST['street'];
$state = $_REQUEST['state'];
$zip = $_REQUEST['zip'];
$hash = $_REQUEST['cs1'];
$session = $_REQUEST['cs2'];
$currency = $_REQUEST['currency'];
$siteCurrency = GetDefaultCurrency();
$GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->GetName()), 'ChronoPay Pingback');
if ($currency != $siteCurrency['currencycode']) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), sprintf(GetLang($this->_languagePrefix . 'CurrencyMismatch'), $siteCurrency['currencycode'], $currency));
return false;
}
$this->SetOrderData(LoadPendingOrdersByToken($session));
if (md5($GLOBALS['ISC_CFG']['serverStamp'] . $session . $this->GetCombinedOrderId() . $this->GetValue('ProductId')) != $hash) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'HashMismatch'));
return false;
}
if (isset($_REQUEST['transaction_id'])) {
$updatedOrder = array('ordpayproviderid' => $_REQUEST['transaction_id'], 'ordpaymentstatus' => 'captured');
}
$this->UpdateOrders($updatedOrder);
$GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'Success'));
// Update the status for all orders that we've just received the payment for
foreach ($this->GetOrders() as $orderId => $order) {
$status = ORDER_STATUS_AWAITING_FULFILLMENT;
// If it's a digital order & awaiting fulfillment, automatically complete it
if ($order['ordisdigital'] && ORDER_STATUS_AWAITING_FULFILLMENT) {
$status = ORDER_STATUS_COMPLETED;
}
UpdateOrderStatus($orderId, $status);
}
return true;
}
protected function _ConstructPostData($postData)
{
$transactionid = $this->GetCombinedOrderId();
$ccname = $postData['name'];
$cctype = $postData['cctype'];
$ccissueno = $postData['ccissueno'];
$ccissuedatem = $postData['ccissuedatem'];
$ccissuedatey = $postData['ccissuedatey'];
$ccnum = $postData['ccno'];
$ccexpm = $postData['ccexpm'];
$ccexpy = $postData['ccexpy'];
$cccvd = $postData['cccvd'];
$amount = number_format($this->GetGatewayAmount(), 2, '.','');
$ccnum = $postData['ccno'];
$currency = GetDefaultCurrency();
$billingDetails = $this->GetBillingDetails();
$this->identifier = substr(sha1(time()),0,10);
$this->_testmode = $this->GetValue("testmode") == "YES";
if ($this->_testmode) {
$test = 'true';
}
else {
$test = 'live';
}
switch ($cctype) {
case 'VISA':
$cctype = 'Visa';
break;
case 'MC':
$cctype = 'Master Card';
break;
case 'MAESTRO':
$cctype = 'Maestro';
break;
case 'AMEX':
$cctype = 'American Express';
break;
case 'DINERS';
$cctype = 'Diners Card';
break;
case 'JCB':
$cctype = 'JCB';
break;
}
//load all orders for this transaction
$orders = $this->GetOrders();
if(empty($orders)) {
$orderData = LoadPendingOrdersByToken($_COOKIE['SHOP_ORDER_TOKEN']);
$this->SetOrderData($orderData);
$orders = $this->GetOrders();
}
$order = current($orders);
$orderIds = '#'.implode(', #', array_keys($orders));
// Grab the billing details for the order
$billingDetails = $this->GetBillingDetails();
$billingAddress = array(
'name' => $billingDetails['ordbillfirstname']." ".$billingDetails['ordbilllastname'],
'company' => $billingDetails['ordbillcompany'],
'addr_1' => $billingDetails['ordbillstreet1'],
'addr_2' => $billingDetails['ordbillstreet2'],
'city' => $billingDetails['ordbillsuburb'],
'state' => $billingDetails['ordbillstate'],
'country' => $billingDetails['ordbillcountry'],
'post_code' => $billingDetails['ordbillzip'],
'tel' => $billingDetails['ordbillphone'],
'email' => $billingDetails['ordbillemail'],
);
$billingString = http_build_query($billingAddress, '', ',');
// get the shipping details
$shippingAddress = $this->getShippingAddress();
$shippingAddress = array(
'name' => $shippingAddress['first_name']." ".$shippingAddress['last_name'],
'company' => $shippingAddress['company'],
'addr_1' => $shippingAddress['address_1'],
'addr_2' => $shippingAddress['address_2'],
'city' => $shippingAddress['city'],
'state' => $shippingAddress['state'],
'country' => $shippingAddress['country'],
'post_code' => $shippingAddress['zip'],
'tel' => $shippingAddress['phone'],
'email' => $shippingAddress['email'],
);
$shippingString = http_build_query($shippingAddress, '', ',');
$gatewayData = array (
'mid' => $this->GetValue('mid'),
'vpn_pswd' => $this->GetValue('password'),
'trans_id'=>$transactionid,
'name'=>$ccname,
'card_number'=>$ccnum,
'amount'=>$amount,
'expiry_date'=>$ccexpm.$ccexpy,
'issue_number'=>$ccissueno,
'start_date'=>$ccissuedatem.$ccissuedatey,
'order'=>"",
'shipping'=> $shippingString,
'billing' => $billingString,
'options'=>"test_status=".$test.",dups=false,card_type=".$cctype.",cv2=".$cccvd.",currency=".$currency['currencycode'],
'returnVariable'=>"authResponse"
);
return array('gatewayData'=>$gatewayData, 'soapAction'=>$this->soapAction);
}
/**
* Create the pending order in the database with the customers selected payment details, etc.
*
* @return array An array containing information about what needs to be done next.
*/
public function SavePendingOrder()
{
$provider = null;
$verifyPaymentProvider = true;
$redirectToFinishOrder = false;
$providerId = '';
$pendingOrderResult = array();
$creditUsed = 0;
$giftCertificates = array();
$orderTotal = $this->getQuote()->getGrandTotal();
// store the discounted subtotal in the session for affiliate tracking
$incTax = (getConfig('taxDefaultTaxDisplayOrders') == TAX_PRICES_DISPLAY_INCLUSIVE);
$_SESSION['LAST_ORDER_DISCOUNTED_SUBTOTAL'] = $this->getQuote()->getDiscountedSubTotal($incTax);
// Find out what currency we are using. We'll need this later to display their previous orders in the currency that they have selected
$selectedCurrency = GetCurrencyById($GLOBALS['CurrentCurrency']);
$giftCertificates = $this->getQuote()->getAppliedGiftCertificates();
if(!empty($giftCertificates)) {
$badCertificates = array();
$remainingBalance = 0;
$totalWithoutCertificates =
$this->getQuote()->getGrandTotalWithoutGiftCertificates();
$giftCertificateAmount =
$this->getQuote()->getGiftCertificateTotal();
getClass('ISC_GIFTCERTIFICATES')
->giftCertificatesApplicableToOrder(
$totalWithoutCertificates,
$giftCertificates,
$remainingBalance,
$badCertificates);
// One or more gift certificates were invalid so this order is now invalid
if(!empty($badCertificates)) {
$badCertificatesList = '<strong>'.GetLang('BadGiftCertificates').'</strong><ul>';
foreach($badCertificates as $code => $reason) {
if(is_array($reason) && $reason[0] == "expired") {
$reason = sprintf(GetLang('BadGiftCertificateExpired'), CDate($reason[1]));
}
else {
$reason = GetLang('BadGiftCertificate'.ucfirst($reason));
}
$badCertificatesList .= sprintf("<li>%s - %s", isc_html_escape($code), $reason);
}
$badCertificatesList .= "</ul>";
$pendingOrderResult = array(
'error' => GetLang('OrderContainedInvalidGiftCertificates'),
'errorDetails' => $badCertificatesList
);
return $pendingOrderResult;
}
// This order was entirely paid for using gift certificates but the totals don't add up
else if($totalWithoutCertificates == $giftCertificateAmount && $remainingBalance > 0) {
$pendingOrderResult = array(
'error' => GetLang('OrderTotalStillRemainingCertificates')
);
return $pendingOrderResult;
}
// Order was entirely paid for using gift certificates
else if($totalWithoutCertificates == $giftCertificateAmount) {
$providerId = 'giftcertificate';
$verifyPaymentProvider = false;
$redirectToFinishOrder = true;
}
}
// If the order total is 0, then we just forward the user on to the "Thank You" page and set the payment provider to ''
if($orderTotal == 0) {
$providerId = '';
$verifyPaymentProvider = false;
$redirectToFinishOrder = true;
}
$selected_provider = '';
if($verifyPaymentProvider) {
$candidate = '';
if (isset($_POST['checkout_provider']) && $_POST['checkout_provider'] != '') {
$candidate = $_POST['checkout_provider'];
} else if (isset($_POST['credit_checkout_provider']) && $_POST['credit_checkout_provider'] != '') {
// used by paypal
$candidate = $_POST['credit_checkout_provider'];
}
// Check if the chosen checkout method is valid
$providers = GetCheckoutModulesThatCustomerHasAccessTo(true);
foreach ($providers as $p) {
if ($p['id'] == $candidate) {
$selected_provider = $candidate;
}
}
// If there's only one payment provider, then they're paying via that
if($selected_provider == '' && count($providers) == 1) {
$selected_provider = $providers[0]['object']->GetId();
}
// Are we using our store credit?
$customer = getClass('ISC_CUSTOMER')->getCustomerDataByToken();
if (isset($_POST['store_credit']) && $_POST['store_credit'] == 1
&& $customer['custstorecredit'] > 0) {
// User has not chosen a payment provider and can't afford this order using only store credit, throw back as error
if ($selected_provider == '' && $customer['custstorecredit'] < $orderTotal) {
return false;
}
// Otherwise we can use the store credit.
// Subtract store credit from users account and send them to the finished page
else {
$onlyCredit = false;
$updateExtra = '';
// If we're only using store credit
$creditToUse = $orderTotal;
if ($customer['custstorecredit'] >= $creditToUse) {
// Set the checkout provider
$providerId = 'storecredit';
$verifyPaymentProvider = false;
$redirectToFinishOrder = true;
$creditUsed = $creditToUse;
$onlyCredit = true;
}
else {
// Using all of our store credit to pay for this order and we owe more.
$creditUsed = $customer['custstorecredit'];
}
}
}
}
$orderStatus = ORDER_STATUS_INCOMPLETE;
// Now with round 2, do we still need to verify the payment provider?
if($verifyPaymentProvider) {
// If there's more than one provider and one wasn't selected on the order confirmation screen then there's a problem
if ((count($providers) == 0 ||
(count($providers) > 1 && $selected_provider == '')) &&
!isset($_SESSION['CHECKOUT']['ProviderListHTML'])) {
return false;
}
// Is the payment provider selected actually valid?
if (!GetModuleById('checkout', $provider, $selected_provider)) {
return false;
}
$providerId = $provider->GetId();
}
if(isset($_COOKIE['SHOP_TOKEN'])) {
$customerToken = $_COOKIE['SHOP_TOKEN'];
}
else {
$customerToken = '';
}
$orderComments = '';
if(isset($_REQUEST['ordercomments'])) {
$orderComments = $_POST['ordercomments'];
}
// Set up the order to be created
$this->getQuote()
->setAppliedStoreCredit($creditUsed)
->setCustomerMessage($orderComments);
;
$newOrder = array(
'orderpaymentmodule' => $providerId,
'ordcurrencyid' => $selectedCurrency['currencyid'],
'ordcurrencyexchangerate' => $selectedCurrency['currencyexchangerate'],
'ordipaddress' => getIp(),
'ordstatus' => $orderStatus,
'extraInfo' => array(),
'quote' => $this->getQuote(),
);
// OK, we're successful down to here - do they want to create an account? If so then assign it to
// a session so we can create the actual record on a successful order
if(!empty($_SESSION['CHECKOUT']['CREATE_ACCOUNT']) ||
!customerIsSignedIn() && getConfig('GuestCheckoutCreateAccounts')) {
$createAccount = array(
'addresses' => array()
);
if(!empty($_SESSION['CHECKOUT']['CREATE_ACCOUNT'])) {
$createAccount['password'] = $_SESSION['CHECKOUT']['CREATE_ACCOUNT']['password'];
$createAccount['customFormFields'] = $_SESSION['CHECKOUT']['CREATE_ACCOUNT']['customFields'];
}
else {
$createAccount['autoCreated'] = 1;
}
// Handle saving of addresses for new customers
foreach($this->getQuote()->getAllAddresses() as $address) {
if($address->getSaveAddress()) {
$customerAddress = $address->getAsArray();
$customFields = $address->getCustomFields();
if(!empty($customFields)) {
$customerAddress['customFormFields'] = $customFields;
// Shipping fields need to be mapped back to billing so they can be stored
if($address->getType() == ISC_QUOTE_ADDRESS::TYPE_SHIPPING) {
$newCustomFields = array();
$map = $GLOBALS['ISC_CLASS_FORM']->mapAddressFieldList(FORMFIELDS_FORM_SHIPPING, array_keys($customFields));
foreach($map as $oldId => $newId) {
$newCustomFields[$newId] = $customFields[$oldId];
}
$customerAddress['customFormFields'] = $newCustomFields;
}
}
$createAccount['addresses'][] = $customerAddress;
}
}
$newOrder['extraInfo']['createAccount'] = $createAccount;
}
// Did they agree to signup to any mailing lists?
if (isset($_POST['join_mailing_list'])) {
$newOrder['extraInfo']['join_mailing_list'] = true;
}
if (isset($_POST['join_order_list'])) {
$newOrder['extraInfo']['join_order_list'] = true;
}
if (isset($_POST['join_mailing_list']) || isset($_POST['join_order_list'])) {
if (isset($_POST['mail_format_preference'])) {
$newOrder['extraInfo']['mail_format_preference'] = (int)$_POST['mail_format_preference'];
} else {
$newOrder['extraInfo']['mail_format_preference'] = Interspire_EmailIntegration_Subscription::FORMAT_PREF_NONE;
}
$newOrder['extraInfo']['join_order_list'] = true;
}
if(isset($_POST['ordermessage'])) {
$newOrder['ordermessage'] = $_POST['ordermessage'];
} else {
$newOrder['ordermessage'] = '';
}
$entity = new ISC_ENTITY_ORDER();
$orderId = $entity->add($newOrder);
// Failed to create the order
if(!$orderId) {
return false;
}
$order = getOrder($orderId);
// Persist the pending order token as a cookie for 24 hours
ISC_SetCookie("SHOP_ORDER_TOKEN", $order['ordtoken'], time() + (3600*24), true);
$_COOKIE['SHOP_ORDER_TOKEN'] = $order['ordtoken'];
// Redirecting to finish order page?
if($redirectToFinishOrder) {
return array(
'redirectToFinishOrder' => true
);
}
// Otherwise, the gateway want's to do something
$orderData = LoadPendingOrdersByToken($order['ordtoken']);
$provider->SetOrderData($orderData);
// Is this an online payment provider? It would like to do something
if($provider->GetPaymentType() == PAYMENT_PROVIDER_ONLINE || method_exists($provider, "ShowPaymentForm")) {
// Call the checkout process for the selected provider
if(method_exists($provider, "ShowPaymentForm")) {
return array(
'provider' => $provider,
'showPaymentForm' => true
);
}
else {
return array(
'provider' => $provider
);
}
}
// If an offline method, we throw them to the "Thank you for your order" page
else {
return array(
'provider' => $provider
);
}
}
/**
* Create the pending order in the database with the customers selected payment details, etc.
*
* @return array An array containing information about what needs to be done next.
*/
public function SavePendingOrder()
{
$provider = null;
$verifyPaymentProvider = true;
$redirectToFinishOrder = false;
$providerId = '';
$pendingOrderResult = array();
if (!isset($_SESSION['CHECKOUT']['PENDING_DATA'])) {
return false;
}
// Did they agree to signup to any mailing lists?
if (isset($_POST['join_mailing_list'])) {
ISC_SetCookie("JOIN_MAILING_LIST", 1, time() + 3600 * 24 * 7);
}
if (isset($_POST['join_order_list'])) {
ISC_SetCookie("JOIN_ORDER_LIST", 1, time() + 3600 * 24 * 7);
}
$orderTotal = $_SESSION['CHECKOUT']['PENDING_DATA']['ORDER_TOTAL'];
$giftCertificateAmount = $_SESSION['CHECKOUT']['PENDING_DATA']['GIFTCERTIFICATE_AMOUNT'];
$gatewayAmount = $_SESSION['CHECKOUT']['PENDING_DATA']['GATEWAY_AMOUNT'];
$creditUsed = 0;
$giftCertificates = array();
// Find out what currency we are using. We'll need this later to display their previous orders in the currency that they have selected
$selectedCurrency = GetCurrencyById($GLOBALS['CurrentCurrency']);
if (isset($_SESSION['OFFERCART']['GIFTCERTIFICATES']) && is_array($_SESSION['OFFERCART']['GIFTCERTIFICATES'])) {
$giftCertificates = $_SESSION['OFFERCART']['GIFTCERTIFICATES'];
// Now we check that the gift certificates can actually be applied to the order
$GLOBALS['ISC_CLASS_GIFT_CERTIFICATES'] = GetClass('ISC_GIFTCERTIFICATES');
$badCertificates = array();
$remainingBalance = 0;
$GLOBALS['ISC_CLASS_GIFT_CERTIFICATES']->GiftCertificatesApplicableToOrder($orderTotal, $giftCertificates, $remainingBalance, $badCertificates);
// One or more gift certificates were invalid so this order is now invalid
if (count($badCertificates) > 0) {
$badCertificatesList = '<strong>' . GetLang('BadGiftCertificates') . '</strong><ul>';
foreach ($badCertificates as $code => $reason) {
if (is_array($reason) && $reason[0] == "expired") {
$reason = sprintf(GetLang('BadGiftCertificateExpired'), CDate($reason[1]));
} else {
$reason = GetLang('BadGiftCertificate' . ucfirst($reason));
}
$badCertificatesList .= sprintf("<li>%s - %s", isc_html_escape($code), $reason);
}
$badCertificatesList .= "</ul>";
$pendingOrderResult = array('error' => GetLang('OrderContainedInvalidGiftCertificates'), 'errorDetails' => $badCertificatesList);
return $pendingOrderResult;
} else {
if ($orderTotal == $giftCertificateAmount && $remainingBalance > 0) {
$pendingOrderResult = array('error' => GetLang('OrderTotalStillRemainingCertificates'));
return $pendingOrderResult;
} else {
if ($orderTotal == $giftCertificateAmount) {
$providerId = 'giftcertificate';
$verifyPaymentProvider = false;
$redirectToFinishOrder = true;
}
}
}
}
// If the order total is 0, then we just forward the user on to the "Thank You" page and set the payment provider to ''
if ($orderTotal == 0) {
$providerId = '';
$verifyPaymentProvider = false;
$redirectToFinishOrder = true;
}
if ($verifyPaymentProvider) {
if (isset($_POST['credit_checkout_provider']) && $_POST['credit_checkout_provider'] != "") {
$_POST['checkout_provider'] = $_POST['credit_checkout_provider'];
}
$selected_provider = "";
$providers = GetCheckoutModulesThatCustomerHasAccessTo(true);
// If there's more than one, use the value they've chosen
if (count($providers) > 1 && isset($_POST['checkout_provider']) || isset($_SESSION['CHECKOUT']['ProviderListHTML'])) {
$selected_provider = $_POST['checkout_provider'];
} else {
if (count($providers) == 1) {
$selected_provider = $providers[0]['object']->GetId();
$_POST['checkout_provider'] = $selected_provider;
} else {
$selected_provider = '';
}
}
if (!isset($_POST['checkout_provider'])) {
$_POST['checkout_provider'] = '';
}
// Are we using our store credit?
$GLOBALS['ISC_CLASS_CUSTOMER'] = GetClass('ISC_CUSTOMER');
$customer = $GLOBALS['ISC_CLASS_CUSTOMER']->GetCustomerDataByToken();
if (isset($_POST['store_credit']) && $_POST['store_credit'] == 1 && $customer['custstorecredit'] > 0) {
// User has not chosen a payment provider and can't afford this order using only store credit, throw back as error
if (!$_POST['checkout_provider'] && $customer['custstorecredit'] < $orderTotal) {
return false;
} else {
$onlyCredit = false;
$updateExtra = '';
// If we're only using store credit
$creditToUse = $orderTotal - $giftCertificateAmount;
if ($customer['custstorecredit'] >= $creditToUse) {
// Set the checkout provider
$providerId = 'storecredit';
$verifyPaymentProvider = false;
$redirectToFinishOrder = true;
$creditUsed = $creditToUse;
$onlyCredit = true;
} else {
// Using all of our store credit to pay for this order and we owe more.
$creditUsed = $customer['custstorecredit'];
$gatewayAmount -= $creditUsed;
}
}
}
}
// Now with round 2, do we still need to verify the payment provider?
if ($verifyPaymentProvider) {
// If there's more than one provider and one wasn't selected on the order confirmation screen then there's a problem
if ((count($providers) == 0 || count($providers) > 1 && !isset($_POST['checkout_provider'])) && !isset($_SESSION['CHECKOUT']['ProviderListHTML'])) {
return false;
}
// Is the payment provider selected actually valid?
if (!GetModuleById('checkout', $provider, $selected_provider)) {
return false;
}
$providerId = $provider->GetId();
}
// Load up all of the data for the items in the cart
$GLOBALS['ISC_CLASS_MAKEAOFFER'] = GetClass('ISC_MAKEAOFFER');
$cartItems = $GLOBALS['ISC_CLASS_MAKEAOFFER']->api->GetProductsInCart();
// OK, we're successful down to here - do they want to create an account?
if (isset($_SESSION['CHECKOUT']['CREATE_ACCOUNT'])) {
$accountDetails = $_SESSION['CHECKOUT']['ACCOUNT_DETAILS'];
$token = GenerateCustomerToken();
$customerData = array('email' => trim($accountDetails['email']), 'password' => $accountDetails['password'], 'firstname' => $accountDetails['firstname'], 'lastname' => $accountDetails['lastname'], 'company' => $accountDetails['company'], 'phone' => $accountDetails['phone'], 'token' => $token);
//alandy modify.2011-5-20.
/*$sql="select customerid from [|PREFIX|]customers where custconemail='".$accountDetails['email']."'";
$query=$GLOBALS['ISC_CLASS_DB']->Query($sql);
while($rs=$GLOBALS['ISC_CLASS_DB']->Fetch($query)){
$GLOBALS['Hasemailflag']="yes";
return array(
'error' => GetLang('AccountInternalError')
);
}*/
$cusquery = "SELECT customerid\n\t\t\t\tFROM [|PREFIX|]customers\n\t\t\t\tWHERE isguest = 1 AND LOWER(custconemail)='" . $GLOBALS['ISC_CLASS_DB']->Quote(isc_strtolower($customerData['email'])) . "'";
$cusresult = $GLOBALS['ISC_CLASS_DB']->Query($cusquery);
$cusrow = $GLOBALS['ISC_CLASS_DB']->Fetch($cusresult);
$custId = $cusrow['customerid'];
if ($custId == '') {
// 20110613 johnny add ---- add flag for guest user email don't exist
if ($_SESSION['CHECKOUT']['PENDING_DATA']['GUEST_CHECKOUT']) {
$customerData['isguest'] = 1;
}
$customerId = $GLOBALS['ISC_CLASS_CUSTOMER']->CreateCustomerAccount($customerData, false, $accountDetails['autoAccount']);
} else {
if (!$_SESSION['CHECKOUT']['PENDING_DATA']['GUEST_CHECKOUT']) {
$customerId = $GLOBALS['ISC_CLASS_CUSTOMER']->CreateCustomerAccount($customerData, true, $accountDetails['autoAccount']);
/* delet already exist guest account
$entity = new ISC_ENTITY_CUSTOMER();
$entity->delete($custId);
*/
} else {
$customerId = $custId;
// update guest account in customer table for guest user email exist
$GLOBALS['ISC_CLASS_DB']->Query("UPDATE [|PREFIX|]customers SET custconfirstname = '" . $customerData['firstname'] . "', custconlastname = '" . $customerData['lastname'] . "' WHERE customerid = {$customerId}");
}
}
if (!$customerId) {
return array('error' => GetLang('AccountInternalError'));
}
if (!$_SESSION['CHECKOUT']['PENDING_DATA']['GUEST_CHECKOUT']) {
$GLOBALS['ISC_CLASS_CUSTOMER']->LoginCustomerById($customerId, true);
}
unset($_SESSION['CHECKOUT']['CREATE_ACCOUNT']);
unset($_SESSION['CHECKOUT']['ACCOUNT_DETAILS']);
// Log the customer in
@ob_end_clean();
}
if (isset($_COOKIE['SHOP_TOKEN'])) {
$customerToken = $_COOKIE['SHOP_TOKEN'];
} else {
$customerToken = '';
}
$orderComments = '';
if (isset($_REQUEST['ordercomments'])) {
$orderComments = $_REQUEST['ordercomments'];
}
$checkoutSession = $_SESSION['CHECKOUT'];
$pendingData = $checkoutSession['PENDING_DATA'];
// Get a list of the vendors for all of the items in the cart, and loop through them
// to build all of the pending orders
$cartContent = $this->BreakdownCartByAddressVendorforshipping();
//Changed to merging function by Simha
$vendorOrderInfo = array();
foreach ($cartContent as $vendorId => $addresses) {
foreach ($addresses as $addressId => $products) {
$allDigital = 1;
$productArray = array();
foreach ($products as $cartItemId => $product) {
// A physical product, mark as so
if ($product['data']['prodtype'] == PT_PHYSICAL) {
$allDigital = 0;
}
// Mark the quantity of this item
$productArray[$cartItemId] = $product['quantity'];
}
$vendorInfo = $pendingData['VENDORS'][$vendorId . '_' . $addressId];
$vendorData = array('itemtotal' => $vendorInfo['ITEM_TOTAL'], 'taxcost' => $vendorInfo['TAX_COST'], 'taxname' => $vendorInfo['TAX_NAME'], 'taxrate' => $vendorInfo['TAX_RATE'], 'totalcost' => $vendorInfo['ORDER_TOTAL'], 'shippingcost' => @$_SESSION['CHECKOUT']['SHIPPING'][$vendorId][$addressId]['COST'], 'handlingcost' => @$_SESSION['CHECKOUT']['SHIPPING'][$vendorId][$addressId]['HANDLING'], 'shippingprovider' => @$_SESSION['CHECKOUT']['SHIPPING'][$vendorId][$addressId]['PROVIDER'], 'shippingmodule' => @$_SESSION['CHECKOUT']['SHIPPING'][$vendorId][$addressId]['MODULE'], 'isdigitalorder' => $allDigital, 'products' => $productArray);
if ($addressId == 0) {
$addresses = $this->GetOrderShippingAddresses();
$vendorData['shippingaddress'] = $addresses[$addressId];
} else {
$vendorData['shippingaddressid'] = $addressId;
}
// Shipping zones can be configured per vendor, so we need to be sure
// to pass this along correctly too
if (isset($vendorInfo['SHIPPING_ZONE'])) {
$shippingZone = GetShippingZoneById($vendorInfo['SHIPPING_ZONE']);
if (is_array($shippingZone)) {
$vendorData['ordshippingzoneid'] = $shippingZone['zoneid'];
$vendorData['ordshippingzone'] = $shippingZone['zonename'];
}
}
$vendorOrderInfo[$vendorId . '_' . $addressId] = $vendorData;
}
}
// Set some defaults about the rest of the order
$pendingOrder = array("customertoken" => $customerToken, 'paymentmethod' => $providerId, "storecreditamount" => $creditUsed, "giftcertificateamount" => $giftCertificateAmount, "giftcertificates" => $giftCertificates, "gatewayamount" => $gatewayAmount, 'totalincludestax' => $pendingData['TAX_INCLUDED'], "currencyid" => $selectedCurrency['currencyid'], "currencyexchangerate" => $selectedCurrency['currencyexchangerate'], 'ordercomments' => $orderComments, 'ipaddress' => GetIP(), 'vendorinfo' => $vendorOrderInfo);
if (isset($customerId)) {
$pendingOrder['customerid'] = $customerId;
}
// Determine the address ID we're using for billing
if (is_array($_SESSION['CHECKOUT']['BILLING_ADDRESS'])) {
$pendingOrder['billingaddress'] = $_SESSION['CHECKOUT']['BILLING_ADDRESS'];
} else {
$pendingOrder['billingaddressid'] = (int) $_SESSION['CHECKOUT']['BILLING_ADDRESS'];
}
if (isset($_POST['ordermessage'])) {
$pendingOrder['ordermessage'] = $_POST['ordermessage'];
} else {
$pendingOrder['ordermessage'] = '';
}
/**
* Save our custom fields. If we are creating a new account then split this up so the
* account fields will go in the customers table and the rest will go in the orders table
*/
if (isset($_SESSION['CHECKOUT']['CUSTOM_FIELDS']['customer']) && isset($customerId) && isId($customerId)) {
$formSessionId = $GLOBALS['ISC_CLASS_FORM']->saveFormSessionManual($_SESSION['CHECKOUT']['CUSTOM_FIELDS']['customer']);
if (isId($formSessionId)) {
$updateData = array('customerid' => $customerId, 'email' => $customerData['email'], 'firstname' => $customerData['firstname'], 'lastname' => $customerData['lastname'], 'company' => $customerData['company'], 'phone' => $customerData['phone'], 'custformsessionid' => $formSessionId);
$entity = new ISC_ENTITY_CUSTOMER();
$entity->edit($updateData);
}
}
/**
* OK, now to store the custom address fields. Check here to see if we are not split
* shipping (single order)
*/
if (!isset($_SESSION['CHECKOUT']['IS_SPLIT_SHIPPING']) || !$_SESSION['CHECKOUT']['IS_SPLIT_SHIPPING']) {
$pendingOrder['ordformsessionid'] = '';
if (isset($_SESSION['CHECKOUT']['CUSTOM_FIELDS']) && is_array($_SESSION['CHECKOUT']['CUSTOM_FIELDS'])) {
/**
* Save the billing
*/
if (isset($_SESSION['CHECKOUT']['CUSTOM_FIELDS']['billing']) && isset($pendingOrder['billingaddress']['saveAddress']) && $pendingOrder['billingaddress']['saveAddress']) {
$pendingOrder['billingaddress']['shipformsessionid'] = $GLOBALS['ISC_CLASS_FORM']->saveFormSessionManual($_SESSION['CHECKOUT']['CUSTOM_FIELDS']['billing']);
}
/**
* Now for the shipping. Only save this once for all the shipping addresses
*/
if (isset($_SESSION['CHECKOUT']['CUSTOM_FIELDS']['shipping'])) {
$shippSessId = $GLOBALS['ISC_CLASS_FORM']->saveFormSessionManual($_SESSION['CHECKOUT']['CUSTOM_FIELDS']['shipping']);
foreach ($pendingOrder['vendorinfo'] as $vendorId => $vendorData) {
if (isset($vendorData['shippingaddress']['saveAddress']) && $vendorData['shippingaddress']['saveAddress']) {
$pendingOrder['vendorinfo'][$vendorId]['shippingaddress']['shipformsessionid'] = $shippSessId;
}
}
}
/**
* Now the orders. This part is tricky because the billing and shipping information
* have the same keys (same fields used in the frontend). We need to split them up
* into separate billing and shipping information and then save it
*/
if (isset($_SESSION['CHECKOUT']['CUSTOM_FIELDS']['billing']) && is_array($_SESSION['CHECKOUT']['CUSTOM_FIELDS']['billing'])) {
/**
* We create a map first so we can map the shipping information to its proper field
* ID
*/
$billingKeys = array_keys($_SESSION['CHECKOUT']['CUSTOM_FIELDS']['billing']);
$fieldAddressMap = $GLOBALS['ISC_CLASS_FORM']->mapAddressFieldList(FORMFIELDS_FORM_BILLING, $billingKeys);
/**
* OK, we have the map, now to split up the custom fields
*/
$orderSessData = array();
foreach ($fieldAddressMap as $fieldId => $newShippingFieldId) {
$orderSessData[$fieldId] = $_SESSION['CHECKOUT']['CUSTOM_FIELDS']['billing'][$fieldId];
if (isset($_SESSION['CHECKOUT']['CUSTOM_FIELDS']['shipping'][$fieldId])) {
$orderSessData[$newShippingFieldId] = $_SESSION['CHECKOUT']['CUSTOM_FIELDS']['shipping'][$fieldId];
}
}
$pendingOrder['ordformsessionid'] = $GLOBALS['ISC_CLASS_FORM']->saveFormSessionManual($orderSessData);
}
}
/**
* This is for split shipping. Loop through each address to get their default custom
* field data, combine it with the billing custom field data, create the form session
* record and then save that ID for each address
*/
} else {
$shippingAddresses = $this->GetOrderShippingAddresses();
$origFormSessionData = array();
if (isset($_SESSION['CHECKOUT']['CUSTOM_FIELDS']['billing']) && is_array($_SESSION['CHECKOUT']['CUSTOM_FIELDS']['billing'])) {
$origFormSessionData = $_SESSION['CHECKOUT']['CUSTOM_FIELDS']['billing'];
}
foreach ($pendingOrder['vendorinfo'] as $vendorId => $vendorData) {
$address = null;
$orderSessData = array();
if (array_key_exists($vendorData['shippingaddressid'], $shippingAddresses)) {
$address = $shippingAddresses[$vendorData['shippingaddressid']];
}
if (isset($address['shipformsessionid']) && isId($address['shipformsessionid'])) {
$shippingSessionData = $GLOBALS['ISC_CLASS_FORM']->getSavedSessionData($address['shipformsessionid']);
if (is_array($shippingSessionData)) {
/**
* Same deal with this save session data because the billing and shipping data
* use the same fields and therefore have the same keys
*/
$billingKeys = array_keys($origFormSessionData);
$fieldAddressMap = $GLOBALS['ISC_CLASS_FORM']->mapAddressFieldList(FORMFIELDS_FORM_BILLING, $billingKeys);
/**
* OK, we have the map, now to split up the custom fields
*/
$orderSessData = array();
foreach ($fieldAddressMap as $fieldId => $newShippingFieldId) {
$orderSessData[$fieldId] = $origFormSessionData[$fieldId];
$orderSessData[$newShippingFieldId] = $shippingSessionData[$fieldId];
}
}
}
$newFormSessionId = $GLOBALS['ISC_CLASS_FORM']->saveFormSessionManual($orderSessData);
if (isId($newFormSessionId)) {
$pendingOrder['vendorinfo'][$vendorId]['ordformsessionid'] = $newFormSessionId;
}
}
}
$pendingToken = CreateOrder($pendingOrder, $cartItems);
// Try to add the record and if we can't then take them back to the shopping cart
if (!$pendingToken) {
return false;
}
// Persist the pending order token as a cookie for 24 hours
ISC_SetCookie("SHOP_ORDER_TOKEN", $pendingToken, time() + 3600 * 24, true);
$_COOKIE['SHOP_ORDER_TOKEN'] = $pendingToken;
// Redirecting to finish order page?
if ($redirectToFinishOrder) {
return array('redirectToFinishOrder' => true);
}
$orderData = LoadPendingOrdersByToken($pendingToken);
// Otherwise, the gateway want's to do something
$provider->SetOrderData($orderData);
// Is this an online payment provider? It would like to do something
if ($provider->GetPaymentType() == PAYMENT_PROVIDER_ONLINE || method_exists($provider, "ShowPaymentForm")) {
// Call the checkout process for the selected provider
if (method_exists($provider, "ShowPaymentForm")) {
return array('provider' => $provider, 'showPaymentForm' => true);
} else {
return array('provider' => $provider);
}
} else {
return array('provider' => $provider);
}
}
/**
* Get Express Checkout Details step
* When customer come back from paypal after they select the payment method and shipping address in paypal,
* This function takes the shipping address and redirect customer to choose shipping provider page.
*/
private function GetExpressCheckoutDetails()
{
$merchant = $this->GetMerchantSettings();
if ($merchant['testmode'] == 'YES') {
$transactionURL = $this->_testTransactionURL;
$transactionURI = $this->_testTransactionURI;
} else {
$transactionURL = $this->_liveTransactionURL;
$transactionURI = $this->_liveTransactionURI;
}
$pp_array = array('METHOD' => 'GetExpressCheckoutDetails', 'USER' => $merchant['username'], 'PWD' => $merchant['password'], 'SIGNATURE' => $merchant['signature'], 'VERSION' => '52.0', 'PAYMENTACTION' => $merchant['transactionType'], 'TOKEN' => $_REQUEST['token']);
$paypal_query = '';
foreach ($pp_array as $key => $value) {
$paypal_query .= $key . '=' . urlencode($value) . '&';
}
$paypal_query = rtrim($paypal_query, '&');
// get the customer details from paypal
$result = $this->_ConnectToProvider($transactionURL, $transactionURI, $paypal_query);
$nvpArray = $this->_DecodePaypalResult($result);
if (strtolower($nvpArray['ACK']) == 'success') {
$_SESSION['CHECKOUT']['PayPalExpressCheckout'] = $nvpArray;
// if user started paypal express checkout at confirmation page, redirect user back to confirmation page
if (isset($_COOKIE['SHOP_ORDER_TOKEN'])) {
// Load the pending order
$orders = LoadPendingOrdersByToken($_COOKIE['SHOP_ORDER_TOKEN']);
if (!is_array($orders)) {
@ob_end_clean();
header("Location: " . $GLOBALS['ShopPathSSL'] . "/checkout.php?action=confirm_order");
die;
}
$this->SetOrderData($orders);
$this->DoExpressCheckoutPayment();
exit;
}
$countryName = trim($nvpArray['SHIPTOCOUNTRYNAME']);
$query = "select\n\t\t\t\t\t\t\t\tcountryid\n\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t[|PREFIX|]countries\n\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\tcountryname = '" . $GLOBALS['ISC_CLASS_DB']->Quote($countryName) . "'";
$result = $GLOBALS['ISC_CLASS_DB']->Query($query);
$countryID = $GLOBALS['ISC_CLASS_DB']->FetchOne($result);
$stateName = trim($nvpArray['SHIPTOSTATE']);
$stateID = $this->GetStateId($countryID, $stateName);
if (isset($nvpArray['PHONENUM'])) {
$phone = $nvpArray['PHONENUM'];
} else {
$phone = 1;
}
$address = array('shipfirstname' => $nvpArray['FIRSTNAME'], 'shiplastname' => $nvpArray['LASTNAME'], 'shipcompany' => '', 'shipaddress1' => $nvpArray['SHIPTOSTREET'], 'shipaddress2' => '', 'shipcity' => $nvpArray['SHIPTOCITY'], 'shipstate' => $nvpArray['SHIPTOSTATE'], 'shipzip' => $nvpArray['SHIPTOZIP'], 'shipcountry' => $countryName, 'shipstateid' => $stateID, 'shipcountryid' => $countryID, 'shipdestination' => 'residential', 'shipphone' => $phone);
if (CustomerIsSignedIn()) {
$GLOBALS['ISC_CLASS_CUSTOMER'] = GetClass('ISC_CUSTOMER');
$customerID = $GLOBALS['ISC_CLASS_CUSTOMER']->GetCustomerId();
$address['shipcustomerid'] = $customerID;
// check if the customer's address we get back from paypal is already exist in the customer's ISC address book
$addressid = $this->GetAddressID($address);
if ($addressid > 0) {
//if address is already in ISC address book, set the ISC address id to session so it can be selected by default on the checkout page.
$_SESSION['CHECKOUT']['SelectAddress'] = $addressid;
} else {
//if address isn't in ISC address book, add it to customer's address book.
$_SESSION['CHECKOUT']['SelectAddress'] = $GLOBALS['ISC_CLASS_DB']->InsertQuery("shipping_addresses", $address, 1);
}
}
$address['shipemail'] = $nvpArray['EMAIL'];
$address['saveAddress'] = 0;
$GLOBALS['ISC_CLASS_CHECKOUT'] = GetClass('ISC_CHECKOUT');
//set the address to the session
$GLOBALS['ISC_CLASS_CHECKOUT']->SetOrderBillingAddress($address);
if ($nvpArray['FIRSTNAME'] . " " . $nvpArray['LASTNAME'] != $nvpArray['SHIPTONAME']) {
$_SESSION['CHECKOUT']['GoToCheckoutStep'] = "BillingAddress";
$firstName = trim(preg_replace('/\\s.*$/', '', $nvpArray['SHIPTONAME']));
$lastName = trim(str_replace($firstName, '', $nvpArray['SHIPTONAME']));
$address['shipfirstname'] = $firstName;
$address['shiplastname'] = $lastName;
} else {
$_SESSION['CHECKOUT']['GoToCheckoutStep'] = "ShippingProvider";
}
$GLOBALS['ISC_CLASS_CHECKOUT']->SetOrderShippingAddress($address);
// Only want to display paypal as the payment provider on order confirmation page, as customer has already selected the pay with paypal previously, so save paypal in provider list in session, so confirmation page will read from the session.
$_SESSION['CHECKOUT']['ProviderListHTML'] = $this->ParseTemplate('paypalexpress.providerlist', true);
$GLOBALS['ISC_CLASS_CART'] = GetClass('ISC_CART');
$GLOBALS['ISC_CLASS_CART']->SetCartValues();
// Skip choose a billing and shipping address step
if (GetConfig('CheckoutType') == 'single') {
$returnURL = $GLOBALS['ShopPathSSL'] . "/checkout.php";
} else {
//set the address to the session
$GLOBALS['ISC_CLASS_CHECKOUT']->SetOrderBillingAddress($address);
$GLOBALS['ISC_CLASS_CHECKOUT']->SetOrderShippingAddress($address);
$returnURL = $GLOBALS['ShopPathSSL'] . "/checkout.php?action=choose_shipper";
}
header("Location: " . $returnURL);
}
}
/**
* Process the NAB pingback
*/
public function ProcessGatewayPing()
{
if(!isset($_REQUEST['payment_reference']) || !isset($_REQUEST['bank_reference']) || !isset($_REQUEST['orderToken']) || !isset($_REQUEST['signature'])) {
exit;
}
$paymentReference = $_REQUEST['payment_reference'];
$paymentAmount = number_format($_REQUEST['payment_amount'], 2, '.', '');
$orderToken = $_REQUEST['orderToken'];
$sessionToken = $_REQUEST['sessionToken'];
$requestSignature = $_REQUEST['signature'];
$transactionId = $_REQUEST['payment_number'];
$bankReference = $_REQUEST['bank_reference'];
$this->SetOrderData(LoadPendingOrdersByToken($orderToken));
$orders = $this->GetOrders();
list(,$order) = each($orders);
$orderId = $order['orderid'];
// GetGatewayAmount returns the amount from the order record, so $amount is that but formatted into #.##
$amount = number_format($this->GetGatewayAmount(), 2, '.', '');
// verify that the signature matches
$verifySignature = md5($amount . $orderToken . $orderId . GetConfig('EncryptionToken'));
if ($verifySignature != $requestSignature) {
$errorMsg = GetLang('NabSignatureMismatchDetails', array('orderId' => $orderId, 'transactionId' => $transactionId));
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang('NabSignatureMismatch'), $errorMsg);
return false;
}
/** @var ISC_TRANSACTION */
$transaction = GetClass('ISC_TRANSACTION');
$previousTransaction = $transaction->LoadByTransactionId($transactionId, $this->GetId());
if(is_array($previousTransaction) && $previousTransaction['transactionid']) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), sprintf(GetLang('NabTransactionAlreadyProcessed'), $_REQUEST['payment_date']));
return false;
}
// Need to finish the processing of the pingback
$newTransaction = array(
'providerid' => $this->GetId(),
'transactiondate' => $_REQUEST['payment_date'],
'transactionid' => $transactionId,
'orderid' => $orderId,
'message' => 'Completed',
'status' => '',
'amount' => $_REQUEST['payment_amount'],
'extrainfo' => array()
);
$newTransaction['status'] = TRANS_STATUS_COMPLETED;
$newOrderStatus = ORDER_STATUS_AWAITING_FULFILLMENT;
$transaction->Create($newTransaction);
// If the order was previously incomplete, empty the customers cart
if($this->GetOrderStatus() == ORDER_STATUS_INCOMPLETE) {
session_write_close();
$session = new ISC_SESSION($sessionToken);
EmptyCartAndKillCheckout();
}
$status = $newOrderStatus;
// If it's a digital order & awaiting fulfillment, automatically complete it
if($order['ordisdigital'] && $status == ORDER_STATUS_AWAITING_FULFILLMENT) {
$status = ORDER_STATUS_COMPLETED;
}
UpdateOrderStatus($orderId, $status);
$updatedOrder = array(
'ordpayproviderid' => $_REQUEST['payment_number'],
'ordpaymentstatus' => 'captured',
);
$this->UpdateOrders($updatedOrder);
// This was a successful order
$oldStatus = GetOrderStatusById($this->GetOrderStatus());
if(!$oldStatus) {
$oldStatus = 'Incomplete';
}
$newStatus = GetOrderStatusById($newOrderStatus);
$extra = GetLang('NabSuccessDetails',
array(
'orderId' => $orderId,
'amount' => $amount,
'bankAuth' => $bankReference,
'transactionId' => $transactionId,
'paymentStatus' => 'Captured',
'newOrderStatus' => $newStatus,
'oldOrderStatus' => $oldStatus,
)
);
$GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->GetName()), GetLang('NabSuccess'), $extra);
return true;
}
public function ProcessGatewayPing()
{
$this->SetOrderData(LoadPendingOrdersByToken($_REQUEST['USER1']));
if($this->GetGatewayAmount() == 0) {
return false;
}
$orderid = $this->GetCombinedOrderId();
$hash = md5($GLOBALS['ISC_CFG']['serverStamp'].$_REQUEST['AMOUNT'].$orderid.$_REQUEST['USER1'].$this->GetValue('paypallogin').$this->GetValue('paypalpartner'));
if ($_REQUEST['USER2'] != $hash) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'HashMismatch'));
return false;
}
if (!isset($_REQUEST['INVOICE']) || $orderid != $_REQUEST['INVOICE']) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'OrderMismatch'), sprintf("Sent %s. Received %s", $orderid, $_REQUEST['INVOICE']));
return false;
}
if ($this->GetGatewayAmount() != $_REQUEST['AMOUNT']) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'PaymentMismatch'), sprintf("Sent %s. Received %s", $this->GetGatewayAmount(), $_REQUEST['AMOUNT']));
return false;
}
if ($_REQUEST['RESULT'] == 0 && $_REQUEST['RESPMSG'] == 'Approved') {
$oldOrderStatus = $this->GetOrderStatus();
// If the order was previously incomplete, we need to do some extra work
if($oldOrderStatus == ORDER_STATUS_INCOMPLETE) {
// If a customer doesn't return to the store from PayPal, their cart will never be
// emptied. So what we do here, is if we can, load up the existing customers session
// and empty the cart and kill the checkout process. When they next visit the store,
// everything should be "hunky-dory."
session_write_close();
$session = new ISC_SESSION($_REQUEST['USER3']);
}
$GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'Success'));
// Update the status for all orders that we've just received the payment for
foreach($this->GetOrders() as $orderId => $order) {
$status = ORDER_STATUS_AWAITING_FULFILLMENT;
// If it's a digital order & awaiting fulfillment, automatically complete it
if($order['ordisdigital'] && ORDER_STATUS_AWAITING_FULFILLMENT) {
$status = ORDER_STATUS_COMPLETED;
}
UpdateOrderStatus($orderId, $status);
}
return true;
}
// $transactionId = $_REQUEST['PNREF'];
return false;
}
/**
* Process the PayPal IPN ping back.
*/
public function ProcessGatewayPing()
{
//make it only work for echeck pings
if($_POST['payment_type'] != 'echeck' || $_POST['payment_status']== 'Pending') {
exit;
}
if(!isset($_POST['custom'])) {
exit;
}
$sessionToken = explode('_', $_REQUEST['custom'], 2);
$this->SetOrderData(LoadPendingOrdersByToken($sessionToken[0]));
$amount = number_format($this->GetGatewayAmount(), 2, '.', '');
if($amount == 0) {
exit;
}
// Perform a post back to PayPal with exactly what we received in order to validate the request
$queryString = array();
$queryString[] = "cmd=_notify-validate";
foreach($_POST as $k => $v) {
$queryString[] = $k."=".urlencode($v);
}
$queryString = implode('&', $queryString);
$testMode = $this->GetValue('testmode');
if($testMode == 'YES') {
$verifyURL = 'http://www.sandbox.paypal.com/cgi-bin/webscr';
}
else {
$verifyURL = 'http://www.paypal.com/cgi-bin/webscr';
}
$response = PostToRemoteFileAndGetResponse($verifyURL, $queryString);
// This pingback was not valid
if($response != "VERIFIED") {
// Bad order details
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang('PayPalErrorInvalid'), "RESPONSE : " .$response);
return false;
}
// If we're still here, the ping back was valid, so we check the payment status and everything else match up
$paypalEmail = $this->GetValue('email');
if(!isset($_POST['receiver_email']) || !isset($_POST['mc_gross']) || !isset($_POST['payment_status'])) {
// Bad order details
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang('PayPalErrorInvalid'), print_r($_POST, true));
return false;
}
// The values passed don't match what we expected
if(($_POST['mc_gross'] != $amount && !in_array($_POST['payment_status'], array('Reversed', 'Refunded', 'Canceled_Reversed')))) {
$errorMsg = sprintf(GetLang('PayPalErrorInvalidMsg'), $_POST['mc_gross'], $amount, $_POST['receiver_email'], $paypalEmail, $_POST['payment_status']);
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang('PayPalErrorInvalid'), $errorMsg);
return false;
}
$currency = GetDefaultCurrency();
if($_POST['mc_currency'] != $currency['currencycode']) {
$errorMsg = sprintf(GetLang('PayPalErrorInvalidMsg3'), $currency['currencycode'], $_POST['mc_currency']);
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang('PayPalErrorInvalid'), $errorMsg);
return false;
}
// Has the transaction been processed before? If so, we can't process it again
$transaction = GetClass('ISC_TRANSACTION');
$newTransaction = array(
'providerid' => $this->GetId(),
'transactiondate' => time(),
'transactionid' => $_POST['txn_id'],
'orderid' => array_keys($this->GetOrders()),
'message' => '',
'status' => '',
'amount' => $_POST['mc_gross'],
'extrainfo' => array()
);
$orderPaymentStatus = '';
switch($_POST['payment_status']) {
case "Completed":
$orderPaymentStatus = 'captured';
$newTransaction['status'] = TRANS_STATUS_COMPLETED;
$newOrderStatus = ORDER_STATUS_AWAITING_FULFILLMENT;
break;
case "Pending":
if($_POST['payment_type'] != 'echeck') {
$orderPaymentStatus = 'authorized';
}
$newTransaction['status'] = TRANS_STATUS_PENDING;
$newOrderStatus = ORDER_STATUS_AWAITING_PAYMENT;
$newTransaction['extrainfo']['reason'] = $_POST['pending_reason'];
break;
case "Denied":
$newTransaction['status'] = TRANS_STATUS_DECLINED;
$newOrderStatus = ORDER_STATUS_DECLINED;
break;
case "Failed":
$newTransaction['status'] = TRANS_STATUS_FAILED;
$newOrderStatus = ORDER_STATUS_DECLINED;
break;
case "Refunded":
$newTransaction['status'] = TRANS_STATUS_REFUND;
$newOrderStatus = ORDER_STATUS_REFUNDED;
break;
case "Reversed":
$newTransaction['status'] = TRANS_STATUS_CHARGEBACK;
$newOrderStatus = ORDER_STATUS_REFUNDED;
break;
case "Canceled_Reversal":
$newTransaction['status'] = TRANS_STATUS_CANCELLED_REVERSAL;
$newOrderStatus = ORDER_STATUS_REFUNDED;
break;
}
$previousTransaction = $transaction->LoadByTransactionId($_POST['txn_id'], $this->GetId());
// Already processed before, HALT and log error
if(is_array($previousTransaction) && $previousTransaction['transactionid'] && $previousTransaction['status'] == $newTransaction['status']) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), sprintf(GetLang('PayPalTransactionAlreadyProcessed'), $_POST['txn_id']));
return false;
}
$newTransaction['message'] = $this->GetPayPalTransactionMessage($_POST);
$transactionId = $transaction->Create($newTransaction);
$oldOrderStatus = $this->GetOrderStatus();
// If the order was previously incomplete, we need to do some extra work
if($oldOrderStatus == ORDER_STATUS_INCOMPLETE) {
// If a customer doesn't return to the store from PayPal, their cart will never be
// emptied. So what we do here, is if we can, load up the existing customers session
// and empty the cart and kill the checkout process. When they next visit the store,
// everything should be "hunky-dory."
session_write_close();
$session = new ISC_SESSION($sessionToken[1]);
EmptyCartAndKillCheckout();
}
// Update the status for all orders that we've just received the payment for
foreach($this->GetOrders() as $orderId => $order) {
$status = $newOrderStatus;
// If it's a digital order & awaiting fulfillment, automatically complete it
if($order['ordisdigital'] && $status == ORDER_STATUS_AWAITING_FULFILLMENT) {
$status = ORDER_STATUS_COMPLETED;
}
UpdateOrderStatus($orderId, $status);
}
$updatedOrder = array(
'ordpaymentstatus' => $orderPaymentStatus,
);
$this->UpdateOrders($updatedOrder);
// This was a successful order
$oldStatus = GetOrderStatusById($oldOrderStatus);
if(!$oldStatus) {
$oldStatus = 'Incomplete';
}
$newStatus = GetOrderStatusById($newOrderStatus);
$extra = sprintf(GetLang('PayPalSuccessDetails'), implode(', ', array_keys($this->GetOrders())), $amount, '', $_POST['txn_id'], $_POST['payment_status'], $newStatus, $oldStatus);
$successMsg = sprintf(GetLang('PayPalPaymentsProSuccess'), implode(', ', array_keys($this->GetOrders())));
$GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->GetName()), $successMsg, $extra);
return true;
}
public function ProcessGatewayPing()
{
$hash = $_REQUEST['isc_hash'];
$returnStatus = $_REQUEST['status'];
$md5sig = $_REQUEST['md5sig'];
$merchant_id = $_REQUEST['merchant_id'];
$pay_to_email = $_REQUEST['pay_to_email'];
$mb_amount = $_REQUEST['mb_amount'];
$mb_transaction_id = $_REQUEST['mb_transaction_id'];
$session = $_REQUEST['isc_session'];
$mb_currency = $_REQUEST['mb_currency'];
$transaction_id = $_REQUEST['transaction_id'];
$GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->GetName()), 'MoneyBookers Pingback');
$this->SetOrderData(LoadPendingOrdersByToken($session));
if (md5($GLOBALS['ISC_CFG']['serverStamp'] . $this->GetCombinedOrderId() . $session . number_format($this->GetGatewayAmount(), 2)) != $hash) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'HashMismatch'));
return false;
}
if (strtoupper(md5($merchant_id . $transaction_id . strtoupper(md5($this->GetValue('secretword'))) . $mb_amount . $mb_currency . $returnStatus)) != $md5sig) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'HashMBMismatch'));
return false;
}
$currency = GetDefaultCurrency();
if ($returnStatus != 2) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'Failure'));
return false;
}
if ($mb_currency != $currency['currencycode']) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'CurrencyMismatch'));
return false;
}
if ($mb_amount != $this->GetGatewayAmount()) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'PaymentMismatch'));
return false;
}
if ($pay_to_email != $this->GetValue('mbemail')) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'AccountMismatch'));
return false;
}
$GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->GetName()), GetLang($this->_languagePrefix . 'Success'));
// Update the status for all orders that we've just received the payment for
foreach ($this->GetOrders() as $orderId => $order) {
$status = ORDER_STATUS_AWAITING_FULFILLMENT;
// If it's a digital order & awaiting fulfillment, automatically complete it
if ($order['ordisdigital'] && ORDER_STATUS_AWAITING_FULFILLMENT) {
$status = ORDER_STATUS_COMPLETED;
}
UpdateOrderStatus($orderId, $status);
}
return true;
}