/** * Processes a payment POST from the CyberSource Hosted Order Page API. */ public static function post() { if (!uc_cybersource_hop_include()) { \Drupal::logger('uc_cybersource_hop')->error('Unable to receive HOP POST due to missing or unreadable HOP.php file.'); drupal_add_http_header('Status', '503 Service unavailable'); print $this->t('The site was unable to receive a HOP post because of a missing or unreadble HOP.php'); exit; } $verify = VerifyTransactionSignature($_POST); \Drupal::logger('uc_cybersource_hop')->notice('Receiving payment notification at URL for order @orderNumber', array('@orderNumber' => $_POST['orderNumber'])); if (!isset($_POST['orderNumber'])) { \Drupal::logger('uc_cybersource_hop')->error('CS HOP attempted with invalid order number.'); return; } if (!$verify) { \Drupal::logger('uc_cybersource_hop')->notice('Receiving invalid payment notification at URL for order @orderNumber. <pre>@debug</pre>', array('@orderNumber' => $_POST['orderNumber'], '@debug' => print_r($_POST, TRUE))); return; } // Assign posted variables to local variables. $decision = SafeMarkup::checkPlain($_POST['decision']); $reason_code = SafeMarkup::checkPlain($_POST['reasonCode']); $reason = _parse_cs_reason_code($reason_code); $payment_amount = SafeMarkup::checkPlain($_POST['orderAmount']); $payment_currency = SafeMarkup::checkPlain($_POST['paymentCurrency']); $request_id = SafeMarkup::checkPlain($_POST['requestID']); $request_token = SafeMarkup::checkPlain($_POST['orderPage_requestToken']); $reconciliation_id = SafeMarkup::checkPlain($_POST['reconciliationID']); $order_id = SafeMarkup::checkPlain($_POST['orderNumber']); $payer_email = SafeMarkup::checkPlain($_POST['billTo_email']); $order = Order::load($_POST['orderNumber']); switch ($decision) { case 'ACCEPT': \Drupal::logger('uc_cybersource_hop')->notice('CyberSource verified successful payment.'); $duplicate = (bool) db_query_range('SELECT 1 FROM {uc_payment_cybersource_hop_post} WHERE order_id = :order_id AND decision = :decision', 0, 1, array(':order_id' => $order_id, ':decision' => 'ACCEPT'))->fetchField(); if ($duplicate) { \Drupal::logger('uc_cybersource_hop')->notice('CS HOP transaction for order @order-id has been processed before.', array('@order_id' => $order_id)); return; } db_insert('uc_payment_cybersource_hop_post')->fields(array('order_id' => $order_id, 'request_id' => $request_id, 'request_token' => $request_token, 'reconciliation_id' => $reconciliation_id, 'gross' => $payment_amount, 'decision' => $decision, 'reason_code' => $reason_code, 'payer_email' => $payer_email, 'received' => REQUEST_TIME))->execute(); $comment = $this->t('CyberSource request ID: @txn_id', array('@txn_id' => $request_id)); uc_payment_enter($order_id, 'cybersource_hop', $payment_amount, $order->getUserId(), NULL, $comment); uc_cart_complete_sale($order); uc_order_comment_save($order_id, 0, $this->t('Payment of @amount @currency submitted through CyberSource with request ID @rid.', array('@amount' => $payment_amount, '@currency' => $payment_currency, '@rid' => $request_id)), 'order', 'payment_received'); break; case 'ERROR': uc_order_comment_save($order_id, 0, $this->t("Payment error:@reason with request ID @rid", array('@reason' => $reason, '@rid' => '@request_id')), 'admin'); break; case 'REJECT': uc_order_comment_save($order_id, 0, $this->t("Payment is rejected:@reason with request ID @rid", array('@reason' => $reason, '@rid' => '@request_id')), 'admin'); break; case 'REVIEW': $order->setStatusId('review')->save(); uc_order_comment_save($order_id, 0, $this->t('Payment is in review & not complete: @reason. Request ID @rid', array('@reason' => $reason, '@rid' => '@request_id')), 'admin'); break; } }
/** * Finalizes 2checkout transaction. */ public function complete($cart_id = 0) { $cart_config = \Drupal::config('uc_cart.settings'); $module_config = \Drupal::config('uc_2checkout.settings'); \Drupal::logger('2Checkout')->notice('Receiving new order notification for order !order_id.', array('!order_id' => SafeMarkup::checkPlain($_REQUEST['merchant_order_id']))); $order = Order::load($_REQUEST['merchant_order_id']); if (!$order || $order->getStateId() != 'in_checkout') { return t('An error has occurred during payment. Please contact us to ensure your order has submitted.'); } $key = $_REQUEST['key']; $order_number = $module_config->get('demo') ? 1 : $_REQUEST['order_number']; $valid = md5($module_config->get('secret_word') . $_REQUEST['sid'] . $order_number . $_REQUEST['total']); if (Unicode::strtolower($key) != Unicode::strtolower($valid)) { uc_order_comment_save($order->id(), 0, t('Attempted unverified 2Checkout completion for this order.'), 'admin'); throw new AccessDeniedHttpException(); } if ($_REQUEST['demo'] == 'Y' xor $module_config->get('demo')) { \Drupal::logger('uc_2checkout')->error('The 2checkout payment for order <a href="@order_url">@order_id</a> demo flag was set to %flag, but the module is set to %mode mode.', array('@order_url' => url('admin/store/orders/' . $order->id()), '@order_id' => $order->id(), '%flag' => $_REQUEST['demo'] == 'Y' ? 'Y' : 'N', '%mode' => $module_config->get('demo') ? 'Y' : 'N')); if (!$module_config->get('demo')) { throw new AccessDeniedHttpException(); } } $order->billing_street1 = $_REQUEST['street_address']; $order->billing_street2 = $_REQUEST['street_address2']; $order->billing_city = $_REQUEST['city']; $order->billing_postal_code = $_REQUEST['zip']; $order->billing_phone = $_REQUEST['phone']; $order->billing_zone = $_REQUEST['state']; $order->billing_country = $_REQUEST['country']; $order->save(); if (Unicode::strtolower($_REQUEST['email']) !== Unicode::strtolower($order->getEmail())) { uc_order_comment_save($order->id(), 0, t('Customer used a different e-mail address during payment: !email', array('!email' => SafeMarkup::checkPlain($_REQUEST['email']))), 'admin'); } if ($_REQUEST['credit_card_processed'] == 'Y' && is_numeric($_REQUEST['total'])) { $comment = t('Paid by !type, 2Checkout.com order #!order.', array('!type' => $_REQUEST['pay_method'] == 'CC' ? t('credit card') : t('echeck'), '!order' => SafeMarkup::checkPlain($_REQUEST['order_number']))); uc_payment_enter($order->id(), '2checkout', $_REQUEST['total'], 0, NULL, $comment); } else { drupal_set_message(t('Your order will be processed as soon as your payment clears at 2Checkout.com.')); uc_order_comment_save($order->id(), 0, t('!type payment is pending approval at 2Checkout.com.', array('!type' => $_REQUEST['pay_method'] == 'CC' ? t('Credit card') : t('eCheck'))), 'admin'); } // Empty that cart... uc_cart_empty($cart_id); // Add a comment to let sales team know this came in through the site. uc_order_comment_save($order->id(), 0, t('Order created through website.'), 'admin'); $build = uc_cart_complete_sale($order, $cart_config->get('new_customer_login')); return $build; }
<?php define('DRUPAL_ROOT', dirname(__FILE__) . '/../../../../../../'); chdir(DRUPAL_ROOT); require './includes/bootstrap.inc'; drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); if (isset($_POST['SIGN'])) { $sign = strtoupper(md5(md5($_POST['SHOP_ID']) . '&' . md5($_POST["ORDER_ID"]) . '&' . md5($_POST['STATE']))); if ($_POST['SIGN'] == $sign) { switch ($_POST['STATE']) { case 'paid': $order = uc_order_load($_POST["ORDER_ID"]); uc_payment_enter($_POST["ORDER_ID"], 'uc_ubrir', $order->order_total, 0, NULL, $_POST["ORDER_ID"]); uc_cart_complete_sale($order, variable_get('uc_new_customer_login', FALSE)); break; } } }