/** * Performs an action on authorize.net and updates/inserts records. If record update fails, * sends email to admin. * * @param object &$order Which transaction data will be sent. See enrol_authorize table. * @param string &$message Information about error message. * @param object &$extra Extra data that used for refunding and credit card information. * @param int $action Which action will be performed. See AN_ACTION_* * @param string $cctype Used internally to configure credit types automatically. * @return int AN_APPROVED Transaction was successful, AN_RETURNZERO otherwise. Use $message for reason. */ public static function process(&$order, &$message, &$extra, $action = AN_ACTION_NONE, $cctype = NULL) { global $CFG, $DB; static $constpd = array(); require_once $CFG->libdir . '/filelib.php'; $mconfig = get_config('enrol_authorize'); if (empty($constpd)) { $mconfig = get_config('enrol_authorize'); $constpd = array('x_version' => '3.1', 'x_delim_data' => 'True', 'x_delim_char' => self::AN_DELIM, 'x_encap_char' => self::AN_ENCAP, 'x_relay_response' => 'FALSE', 'x_login' => $mconfig->an_login); if (!empty($mconfig->an_tran_key)) { $constpd['x_tran_key'] = $mconfig->an_tran_key; } else { $constpd['x_password'] = $mconfig->an_password; } } if (empty($order) or empty($order->id)) { $message = "Check order->id!"; return AN_RETURNZERO; } $method = $order->paymentmethod; if (empty($method)) { $method = AN_METHOD_CC; } elseif ($method != AN_METHOD_CC && $method != AN_METHOD_ECHECK) { $message = "Invalid method: {$method}"; return AN_RETURNZERO; } $action = intval($action); if ($method == AN_METHOD_ECHECK) { if ($action != AN_ACTION_AUTH_CAPTURE && $action != AN_ACTION_CREDIT) { $message = "Please perform AUTH_CAPTURE or CREDIT for echecks"; return AN_RETURNZERO; } } $pd = $constpd; $pd['x_method'] = $method; $test = !empty($mconfig->an_test); $pd['x_test_request'] = $test ? 'TRUE' : 'FALSE'; switch ($action) { case AN_ACTION_AUTH_ONLY: case AN_ACTION_CAPTURE_ONLY: case AN_ACTION_AUTH_CAPTURE: if ($order->status != AN_STATUS_NONE) { $message = "Order status must be AN_STATUS_NONE(0)!"; return AN_RETURNZERO; } elseif (empty($extra)) { $message = "Need extra fields!"; return AN_RETURNZERO; } elseif ($action == AN_ACTION_CAPTURE_ONLY and empty($extra->x_auth_code)) { $message = "x_auth_code is required for capture only transactions!"; return AN_RETURNZERO; } $ext = (array) $extra; $pd['x_type'] = $action == AN_ACTION_AUTH_ONLY ? 'AUTH_ONLY' : ($action == AN_ACTION_CAPTURE_ONLY ? 'CAPTURE_ONLY' : 'AUTH_CAPTURE'); foreach ($ext as $k => $v) { $pd[$k] = $v; } break; case AN_ACTION_PRIOR_AUTH_CAPTURE: if ($order->status != AN_STATUS_AUTH) { $message = "Order status must be authorized!"; return AN_RETURNZERO; } if (self::expired($order)) { $message = "Transaction must be captured within 30 days. EXPIRED!"; return AN_RETURNZERO; } $pd['x_type'] = 'PRIOR_AUTH_CAPTURE'; $pd['x_trans_id'] = $order->transid; break; case AN_ACTION_CREDIT: if ($order->status != AN_STATUS_AUTHCAPTURE) { $message = "Order status must be authorized/captured!"; return AN_RETURNZERO; } if (!self::settled($order)) { $message = "Order must be settled. Try VOID, check Cut-Off time if it fails!"; return AN_RETURNZERO; } if (empty($extra->amount)) { $message = "No valid amount!"; return AN_RETURNZERO; } $timenowsettle = self::getsettletime(time()); $timediff = $timenowsettle - 120 * 3600 * 24; if ($order->settletime < $timediff) { $message = "Order must be credited within 120 days!"; return AN_RETURNZERO; } $pd['x_type'] = 'CREDIT'; $pd['x_trans_id'] = $order->transid; $pd['x_currency_code'] = $order->currency; $pd['x_invoice_num'] = $extra->orderid; $pd['x_amount'] = $extra->amount; if ($method == AN_METHOD_CC) { $pd['x_card_num'] = sprintf("%04d", intval($order->refundinfo)); } elseif ($method == AN_METHOD_ECHECK && empty($order->refundinfo)) { $message = "Business checkings can be refunded only."; return AN_RETURNZERO; } break; case AN_ACTION_VOID: if (self::expired($order) || self::settled($order)) { $message = "The transaction cannot be voided due to the fact that it is expired or settled."; return AN_RETURNZERO; } $pd['x_type'] = 'VOID'; $pd['x_trans_id'] = $order->transid; break; default: $message = "Invalid action: {$action}"; return AN_RETURNZERO; } $headers = array('Connection' => 'close'); if (!(empty($mconfig->an_referer) || $mconfig->an_referer == "http://")) { $headers['Referer'] = $mconfig->an_referer; } @ignore_user_abort(true); if (intval(ini_get('max_execution_time')) > 0) { @set_time_limit(300); } $host = $test ? 'test.authorize.net' : 'secure.authorize.net'; $data = download_file_content("https://{$host}:443/gateway/transact.dll", $headers, $pd, false, 300, 60, true); if (!$data) { $message = "No connection to https://{$host}:443"; return AN_RETURNZERO; } $response = explode(self::AN_ENCAP . self::AN_DELIM . self::AN_ENCAP, $data); if ($response === false) { $message = "response error"; return AN_RETURNZERO; } $rcount = count($response) - 1; if ($response[0][0] == self::AN_ENCAP) { $response[0] = substr($response[0], 1); } if (substr($response[$rcount], -1) == self::AN_ENCAP) { $response[$rcount] = substr($response[$rcount], 0, -1); } $responsecode = intval($response[0]); if ($responsecode == AN_APPROVED || $responsecode == AN_REVIEW) { $transid = floatval($response[6]); if ($test || $transid == 0) { return $responsecode; // don't update original transaction in test mode. } switch ($action) { case AN_ACTION_AUTH_ONLY: case AN_ACTION_CAPTURE_ONLY: case AN_ACTION_AUTH_CAPTURE: case AN_ACTION_PRIOR_AUTH_CAPTURE: $order->transid = $transid; if ($method == AN_METHOD_CC) { if ($action == AN_ACTION_AUTH_ONLY || $responsecode == AN_REVIEW) { $order->status = AN_STATUS_AUTH; } else { $order->status = AN_STATUS_AUTHCAPTURE; $order->settletime = self::getsettletime(time()); } } elseif ($method == AN_METHOD_ECHECK) { $order->status = AN_STATUS_UNDERREVIEW; } $DB->update_record('enrol_authorize', $order); break; case AN_ACTION_CREDIT: // Credit generates new transaction id. // So, $extra must be updated, not $order. $extra->status = AN_STATUS_CREDIT; $extra->transid = $transid; $extra->settletime = self::getsettletime(time()); $extra->id = $DB->insert_record('enrol_authorize_refunds', $extra); break; case AN_ACTION_VOID: $tableupdate = 'enrol_authorize'; if ($order->status == AN_STATUS_CREDIT) { $tableupdate = 'enrol_authorize_refunds'; unset($order->paymentmethod); } $order->status = AN_STATUS_VOID; $DB->update_record($tableupdate, $order); break; } } else { $reasonno = $response[2]; $reasonstr = "reason" . $reasonno; $message = get_string($reasonstr, "enrol_authorize"); if ($message == '[[' . $reasonstr . ']]') { $message = isset($response[3]) ? $response[3] : 'unknown error'; } if ($method == AN_METHOD_CC && !empty($mconfig->an_avs) && $response[5] != "P") { $avs = "avs" . strtolower($response[5]); $stravs = get_string($avs, "enrol_authorize"); $message .= "<br />" . get_string("avsresult", "enrol_authorize", $stravs); } if (!$test) { // Autoconfigure :) switch ($reasonno) { // Credit card type isn't accepted case self::AN_REASON_NOCCTYPE: case self::AN_REASON_NOCCTYPE2: if (!empty($cctype)) { $ccaccepts = get_list_of_creditcards(); unset($ccaccepts[$cctype]); set_config("an_acceptcc_{$cctype}", 0, 'enrol_authorize'); foreach ($ccaccepts as $key => $val) { set_config("an_acceptcc_{$key}", 1, 'enrol_authorize'); } message_to_admin("{$message} ({$cctype}) This is new config(an_acceptccs):", $ccaccepts); } break; // Echecks only // Echecks only case self::AN_REASON_ACHONLY: set_config("an_acceptmethod_" . AN_METHOD_ECHECK, 1, 'enrol_authorize'); message_to_admin("{$message} This is new config(an_acceptmethods):", array(AN_METHOD_ECHECK)); break; // Echecks aren't accepted // Echecks aren't accepted case self::AN_REASON_NOACH: set_config("an_acceptmethod_" . AN_METHOD_CC, 1, 'enrol_authorize'); message_to_admin("{$message} This is new config(an_acceptmethods):", array(AN_METHOD_CC)); break; // This echeck type isn't accepted // This echeck type isn't accepted case self::AN_REASON_NOACHTYPE: case self::AN_REASON_NOACHTYPE2: if (!empty($extra->x_echeck_type)) { switch ($extra->x_echeck_type) { // CCD=BUSINESSCHECKING case 'CCD': set_config('an_acceptecheck_CHECKING', 1, 'enrol_authorize'); set_config('an_acceptecheck_SAVINGS', 1, 'enrol_authorize'); message_to_admin("{$message} This is new config(an_acceptechecktypes):", array('CHECKING', 'SAVINGS')); break; // WEB=CHECKING or SAVINGS // WEB=CHECKING or SAVINGS case 'WEB': set_config('an_acceptecheck_BUSINESSCHECKING', 1, 'enrol_authorize'); message_to_admin("{$message} This is new config(an_acceptechecktypes):", array('BUSINESSCHECKING')); break; } } break; } } } return $responsecode; }
/** * The user submitted echeck form. * * @param object $form Form parameters * @param object $course Course info * @return string NULL if ok, error message otherwise. * @access private */ private function echeck_submit($form, $course) { global $CFG, $USER, $SESSION, $DB; prevent_double_paid($course); $useripno = getremoteaddr(); $curcost = get_course_cost($course); $isbusinesschecking = $form->acctype == 'BUSINESSCHECKING'; // NEW ECHECK ORDER $timenow = time(); $order = new stdClass(); $order->paymentmethod = AN_METHOD_ECHECK; $order->refundinfo = $isbusinesschecking ? 1 : 0; $order->ccname = $form->firstname . ' ' . $form->lastname; $order->courseid = $course->id; $order->userid = $USER->id; $order->status = AN_STATUS_NONE; // it will be changed... $order->settletime = 0; // cron changes this. $order->transid = 0; // Transaction Id $order->timecreated = $timenow; $order->amount = $curcost['cost']; $order->currency = $curcost['currency']; $order->id = $DB->insert_record("enrol_authorize", $order); if (!$order->id) { message_to_admin("Error while trying to insert new data", $order); return "Insert record error. Admin has been notified!"; } $extra = new stdClass(); $extra->x_bank_aba_code = $form->abacode; $extra->x_bank_acct_num = $form->accnum; $extra->x_bank_acct_type = $form->acctype; $extra->x_echeck_type = $isbusinesschecking ? 'CCD' : 'WEB'; $extra->x_bank_name = $form->bankname; $extra->x_currency_code = $curcost['currency']; $extra->x_amount = $curcost['cost']; $extra->x_first_name = $form->firstname; $extra->x_last_name = $form->lastname; $extra->x_country = $USER->country; $extra->x_address = $USER->address; $extra->x_city = $USER->city; $extra->x_state = ''; $extra->x_zip = ''; $extra->x_invoice_num = $order->id; $extra->x_description = $course->shortname; $extra->x_cust_id = $USER->id; $extra->x_email = $USER->email; $extra->x_customer_ip = $useripno; $extra->x_email_customer = empty($CFG->enrol_mailstudents) ? 'FALSE' : 'TRUE'; $extra->x_phone = ''; $extra->x_fax = ''; $message = ''; if (AN_REVIEW == AuthorizeNet::process($order, $message, $extra, AN_ACTION_AUTH_CAPTURE)) { $SESSION->ccpaid = 1; // security check: don't duplicate payment redirect($CFG->wwwroot, get_string("reviewnotify", "enrol_authorize"), '30'); return NULL; } else { message_to_admin($message, $order); return $message; } }