/**
* @desc HTTP Authentication of the notification
* @param $response
*/
protected function authorised($response)
{
// Add CGI support
$this->_fixCgiHttpAuthentication();
$internalMerchantAccount = $this->_adyenHelper->getAdyenAbstractConfigData('merchant_account');
$username = $this->_adyenHelper->getAdyenAbstractConfigData('notification_username');
$password = $this->_adyenHelper->getNotificationPassword();
$submitedMerchantAccount = $response['merchantAccountCode'];
if (empty($submitedMerchantAccount) && empty($internalMerchantAccount)) {
if (strtolower(substr($response['pspReference'], 0, 17)) == "testnotification_" || strtolower(substr($response['pspReference'], 0, 5)) == "test_") {
echo 'merchantAccountCode is empty in magento settings';
exit;
}
return false;
}
// validate username and password
if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW'])) {
if (strtolower(substr($response['pspReference'], 0, 17)) == "testnotification_" || strtolower(substr($response['pspReference'], 0, 5)) == "test_") {
echo 'Authentication failed: PHP_AUTH_USER and PHP_AUTH_PW are empty. See Adyen Magento manual CGI mode';
exit;
}
return false;
}
$accountCmp = !$this->_adyenHelper->getAdyenAbstractConfigDataFlag('multiple_merchants') ? strcmp($submitedMerchantAccount, $internalMerchantAccount) : 0;
$usernameCmp = strcmp($_SERVER['PHP_AUTH_USER'], $username);
$passwordCmp = strcmp($_SERVER['PHP_AUTH_PW'], $password);
if ($accountCmp === 0 && $usernameCmp === 0 && $passwordCmp === 0) {
return true;
}
// If notification is test check if fields are correct if not return error
if (strtolower(substr($response['pspReference'], 0, 17)) == "testnotification_" || strtolower(substr($response['pspReference'], 0, 5)) == "test_") {
if ($accountCmp != 0) {
echo 'MerchantAccount in notification is not the same as in Magento settings';
exit;
} elseif ($usernameCmp != 0 || $passwordCmp != 0) {
echo 'username (PHP_AUTH_USER) and\\or password (PHP_AUTH_PW) are not the same as Magento settings';
exit;
}
}
return false;
}
