private function validate_transaction($transaction)
{
$errors = $transaction->errors;
// PayPal can redirect users using a GET request and issuing
// a POST request in the background. If the transaction was
// already verified during the POST transaction the result
// should be stored in the transaction's validated attribute
if (empty($_POST)) {
return $transaction->get('validated', false);
}
$business = awpcp_post_param('business');
$mc_gross = $mcgross = number_format((double) awpcp_post_param('mc_gross'), 2);
$payment_gross = number_format((double) awpcp_post_param('payment_gross'), 2);
$txn_id = awpcp_post_param('txn_id');
$txn_type = awpcp_post_param('txn_type');
$custom = awpcp_post_param('custom');
$receiver_email = awpcp_post_param('receiver_email');
$payer_email = awpcp_post_param('payer_email');
// this variables are not used for verification purposes
$item_name = awpcp_post_param('item_name');
$item_number = awpcp_post_param('item_number');
$quantity = awpcp_post_param('quantity');
$mc_fee = awpcp_post_param('mc_fee');
$tax = awpcp_post_param('tax');
$payment_currency = awpcp_post_param('mc_currency');
$exchange_rate = awpcp_post_param('exchange_rate');
$payment_status = awpcp_post_param('payment_status');
$payment_type = awpcp_post_param('payment_type');
$payment_date = awpcp_post_param('payment_date');
$first_name = awpcp_post_param('first_name');
$last_name = awpcp_post_param('last_name');
$address_street = awpcp_post_param('address_street');
$address_zip = awpcp_post_param('address_zip');
$address_city = awpcp_post_param('address_city');
$address_state = awpcp_post_param('address_state');
$address_country = awpcp_post_param('address_country');
$address_country_code = awpcp_post_param('address_country_code');
$residence_country = awpcp_post_param('residence_country');
// TODO: Add support for recurring payments and subscriptions?
if (!in_array($txn_type, array('web_accept', 'cart'))) {
// we do not support other forms of payment right now
return;
}
$totals = $transaction->get_totals();
$amount = number_format($totals['money'], 2);
$amount_before_tax = number_format($mc_gross - $tax, 2);
if ($amount != $mc_gross && $amount != $payment_gross && $amount != $amount_before_tax) {
$message = __("The amount you have paid does not match the required amount for this transaction. Please contact us to clarify the problem.", "AWPCP");
$transaction->errors['validation'] = $message;
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_INVALID;
awpcp_payment_failed_email($transaction, $message);
return false;
}
$paypal_email = get_awpcp_option('paypalemail');
if (strcasecmp($receiver_email, $paypal_email) !== 0 && strcasecmp($business, $paypal_email) !== 0) {
$message = __("There was an error processing your transaction. If funds have been deducted from your account, they have not been processed to our account. You will need to contact PayPal about the matter.", "AWPCP");
$transaction->errors['validation'] = $message;
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_INVALID;
awpcp_payment_failed_email($transaction, $message);
return false;
}
// TODO: handle this filter for Ads and Subscriptions
$duplicated = apply_filters('awpcp-payments-is-duplicated-transaction', false, $txn_id);
if ($duplicated) {
$message = __("It appears this transaction has already been processed. If you do not see your ad in the system please contact the site adminstrator for assistance.", "AWPCP");
$transaction->errors['validation'] = $message;
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_INVALID;
awpcp_payment_failed_email($transaction, $message);
return false;
}
if (strcasecmp($payment_status, 'Completed') === 0) {
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_COMPLETED;
} else {
if (strcasecmp($payment_status, 'Pending') === 0) {
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_PENDING;
} else {
if (strcasecmp($payment_status, 'Refunded') === 0 || strcasecmp($payment_status, "Reversed") == 0 || strcasecmp($payment_status, "Partially-Refunded") == 0 || strcasecmp($payment_status, "Canceled_Reversal") == 0 || strcasecmp($payment_status, "Denied") == 0 || strcasecmp($payment_status, "Expired") == 0 || strcasecmp($payment_status, "Failed") == 0 || strcasecmp($payment_status, "Voided") == 0) {
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_FAILED;
} else {
$message = __("We couldn't determine the payment status for your transaction. Please contact customer service if you are viewing this message after having made a payment. If you have not tried to make a payment and you are viewing this message, it means this message is being shown in error and can be disregarded.", "AWPCP");
$transaction->errors['validation'] = $message;
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_UNKNOWN;
return false;
}
}
}
// at this point the validation was successful, any previously stored
// errors are irrelevant
unset($transaction->errors['validation']);
$transaction->set('validated', true);
$transaction->payment_gateway = $this->slug;
$transaction->payer_email = $payer_email;
return true;
}
private function validate_transaction($transaction)
{
$x_amount = number_format(awpcp_request_param('x_amount'), 2);
$x_Login = awpcp_request_param('x_login');
$payer_email = awpcp_request_param('email', awpcp_request_param('x_Email'));
$x_2checked = awpcp_request_param('x_2checked');
$x_MD5_Hash = awpcp_request_param('x_MD5_Hash');
$x_trans_id = awpcp_request_param('x_trans_id');
$card_holder_name = awpcp_request_param('card_holder_name');
$x_Country = awpcp_request_param('x_Country');
$x_City = awpcp_request_param('x_City');
$x_State = awpcp_request_param('x_State');
$x_Zip = awpcp_request_param('x_Zip');
$x_Address = awpcp_request_param('x_Address');
$x_Phone = awpcp_request_param('x_Phone');
$demo = awpcp_request_param('demo');
$x_response_code = awpcp_request_param('x_response_code');
$x_response_reason_code = awpcp_request_param('x_response_reason_code');
$x_response_reason_text = awpcp_request_param('x_response_reason_text');
$x_item_number = awpcp_request_param('x_item_number');
$x_custom = awpcp_request_param('x_custom');
$x_twocorec = awpcp_request_param('x_twocorec');
$x_order_number = awpcp_request_param('order_number');
$x_sid = awpcp_request_param('sid');
$totals = $transaction->get_totals();
$amount = number_format($totals['money'], 2);
if ($amount !== $x_amount) {
$msg = __("The amount you have paid does not match the required amount for this transaction. Please contact us to clarify the problem.", "AWPCP");
$transaction->errors['validation'] = $msg;
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_INVALID;
awpcp_payment_failed_email($transaction, $message);
return false;
}
if (strcasecmp($x_Login, get_awpcp_option('2checkout')) !== 0) {
$msg = __("There was an error processing your transaction. If funds have been deducted from your account, they have not been processed to our account. You will need to contact PayPal about the matter.", "AWPCP");
$transaction->errors['validation'] = $msg;
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_INVALID;
awpcp_payment_failed_email($transaction, $message);
return false;
}
// TODO: handle this filter for Ads and Subscriptions
$duplicated = apply_filters('awpcp-payments-is-duplicated-transaction', false, $txn_id);
if ($duplicated) {
$msg = __("It appears this transaction has already been processed. If you do not see your ad in the system please contact the site adminstrator for assistance.", "AWPCP");
$transaction->errors['validation'] = $msg;
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_INVALID;
awpcp_payment_failed_email($transaction, $message);
return false;
}
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_PENDING;
// at this point the validation was successful, any previously stored
// errors are irrelevant
unset($transaction->errors['validation']);
$transaction->set('validated', true);
$transaction->payment_gateway = $this->slug;
$transaction->payer_email = $payer_email;
return true;
}
