/**
* Validate if transaction real and successful
*
* @param array $dataArr - array with data to validate
* @param string &$errorMessage - error message when return result is not 1
*
* @return int - validation result
* possible variants:
* -1 - fraud attempt
* 0 - transaction was declined
* 1 - transaction was approved
* 2 - inner error
*
*
*/
function moduleValidateTransaction(&$dataArr, &$errorMessage)
{
global $providerConf;
if ($providerConf['Debug']) {
writeDebugLog('Validation for transaction', $dataArr, false);
}
if (!commonValidateTransaction($dataArr['productDesc'], $dataArr['initialPrice'], $errorMessage)) {
return -1;
}
if ($dataArr['clientAccnum'] != $providerConf['Param_client_accnum']) {
$errorMessage = 'Wrong recipient account number';
return -1;
}
if ($dataArr['clientSubacc'] != $providerConf['Param_client_subacc']) {
$errorMessage = 'Wrong recipient subaccount number';
return -1;
}
return 1;
}
/**
* Validate if transaction real and successful
*
* @param array $dataArr - array with data to validate
* @param string &$errorMessage - error message when return result is not 1
*
* @return int - validation result
* possible variants:
* -1 - fraud attempt
* 0 - transaction was declined
* 1 - transaction was approved
* 2 - inner error
*
*
*/
function moduleValidateTransaction(&$dataArr, &$errorMessage)
{
global $providerConf;
if ($providerConf['Debug']) {
writeDebugLog('Validation for transaction', $dataArr, false);
}
if (!commonValidateTransaction($dataArr['cart_order_id'], $dataArr['total'], $errorMessage)) {
return -1;
}
if ($dataArr['credit_card_processed'] != 'Y') {
$errorMessage = 'Credit card is not processed';
return 0;
}
if ($dataArr['sid'] != $providerConf['Param_sid']) {
$errorMessage = 'Wrong recipient account number';
return -1;
}
if ($providerConf['Mode'] == 'live') {
$MD5String = $providerConf['Param_secret_word'] . $providerConf['Param_sid'] . $dataArr['order_number'] . $dataArr['total'];
} else {
$MD5String = $providerConf['Param_secret_word'] . $providerConf['Param_sid'] . '1' . $dataArr['total'];
}
$generatedMD5 = strtoupper(md5($MD5String));
if ($providerConf['Debug']) {
writeDebugLog('Calculated MD5 hash', $generatedMD5, false);
writeDebugLog('Received MD5 hash', $dataArr['key'], false);
}
if ($dataArr['key'] != $generatedMD5) {
$errorMessage = 'MD5 validation not passed';
return -1;
}
return 1;
}
/**
* Validate if transaction real and successful
*
* @param array $dataArr - array with data to validate
* @param string &$errorMessage - error message when return result is not 1
*
* @return int - validation result
* possible variants:
* -1 - fraud attempt
* 0 - transaction was declined
* 1 - transaction was approved
* 2 - inner error
*
*
*/
function moduleValidateTransaction(&$dataArr, &$errorMessage)
{
global $providerConf;
$maxReadSize = 8192;
if ($providerConf['Param_process_type'] == 'Direct' || $providerConf['Param_process_type'] == 'IPN') {
if ($dataArr['payment_status'] != 'Completed') {
$errorMessage = 'Payment is not completed';
return 0;
}
if ($providerConf['Mode'] != 'live') {
$businessValue = $providerConf['Param_test_business'];
} else {
$businessValue = $providerConf['Param_business'];
}
if ($dataArr['business'] != $businessValue) {
$errorMessage = 'Wrong receiver email';
return -1;
}
if ($providerConf['Debug']) {
writeDebugLog('Direct/IPN validation for transaction', $dataArr, false);
}
$req = 'cmd=_notify-validate';
foreach ($dataArr as $key => $value) {
$req .= '&' . urlencode($key) . '=' . urlencode(process_pass_data($value));
}
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Host: www.paypal.com\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n";
$header .= "Connection: close\r\n\r\n";
// open socket
if ($providerConf['Mode'] != 'live') {
$connectURL = 'www.sandbox.paypal.com';
} else {
$connectURL = 'www.paypal.com';
}
if ($providerConf['Param_connection_type'] == 'SSL') {
$fp = fsockopen("ssl://{$connectURL}", 443, $errno, $errstr, 60);
} else {
$fp = fsockopen("tcp://{$connectURL}", 80, $errno, $errstr, 60);
}
if (!$fp) {
$errorMessage = "Can't connect to remote host for validation ({$errstr})";
return 2;
}
// send data
fputs($fp, $header . $req);
// read the body data
$response = fread($fp, $maxReadSize);
$responseArr = explode("\r\n\r\n", $response);
$responseHeader = $responseArr[0];
$res = $responseArr[1];
// parse the data
$lines = explode("\n", $res);
array_walk($lines, create_function('&$arg', "\$arg = trim(\$arg);"));
if ($providerConf['Debug']) {
writeDebugLog('Direct/IPN reply lines', $lines, false);
}
if (strcmp($lines[0], "INVALID") == 0) {
$errorMessage = 'Transaction verification failed';
fclose($fp);
return -1;
} elseif (strcmp($lines[0], "VERIFIED") != 0) {
$errorMessage = 'No verification status received';
fclose($fp);
return 2;
}
$paymentAmount = getPaymentAmount($dataArr);
if (!commonValidateTransaction($dataArr['item_number'], $paymentAmount, $errorMessage)) {
return -1;
}
if (!customCheck($dataArr, $errorMessage)) {
return -1;
}
fclose($fp);
return 1;
} elseif ($providerConf['Param_process_type'] == 'PDT') {
if ($providerConf['Debug']) {
writeDebugLog('PDT validation for transaction', $dataArr, false);
}
$req = 'cmd=_notify-synch';
$req .= "&tx={$dataArr['tx']}&at={$providerConf['Param_auth_token']}";
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Host: www.paypal.com\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n";
$header .= "Connection: close\r\n\r\n";
// open socket
if ($providerConf['Mode'] != 'live') {
$connectURL = 'www.sandbox.paypal.com';
} else {
$connectURL = 'www.paypal.com';
}
if ($providerConf['Param_connection_type'] == 'SSL') {
$fp = fsockopen("ssl://{$connectURL}", 443, $errno, $errstr, 60);
} else {
$fp = fsockopen("tcp://{$connectURL}", 80, $errno, $errstr, 60);
}
if (!$fp) {
$errorMessage = "Can't connect to remote host for validation ({$errstr})";
return 2;
}
// send data
fputs($fp, $header . $req);
// read the body data
$res = '';
$headerdone = false;
while (!feof($fp)) {
$line = fgets($fp, 1024);
if (strcmp($line, "\r\n") == 0) {
// read the header
$headerdone = true;
} elseif ($headerdone) {
// header has been read. now read the contents
$res .= $line;
}
}
// parse the data
$lines = explode("\n", $res);
if ($providerConf['Debug']) {
writeDebugLog('PDT reply lines', $lines, false);
}
if (strcmp($lines[0], "FAIL") == 0) {
$errorMessage = 'Transaction verification failed';
fclose($fp);
return -1;
} elseif (strcmp($lines[0], "SUCCESS") != 0) {
$errorMessage = 'No verification status received';
fclose($fp);
return 2;
}
fclose($fp);
for ($i = 1; $i < count($lines); $i++) {
list($key, $val) = explode("=", $lines[$i]);
$keyarray[urldecode($key)] = urldecode($val);
}
$dataArr['item_name'] = $keyarray['item_name'];
$dataArr['item_number'] = $keyarray['item_number'];
$dataArr['payment_status'] = $keyarray['payment_status'];
$dataArr['custom'] = $keyarray['custom'];
$dataArr['memo'] = $keyarray['memo'];
$dataArr['business'] = $keyarray['business'];
$dataArr['payment_gross'] = $keyarray['payment_gross'];
$dataArr['mc_gross'] = $keyarray['mc_gross'];
$dataArr['mc_currency'] = $keyarray['mc_currency'];
$dataArr['settle_amount'] = $keyarray['settle_amount'];
$dataArr['settle_currency'] = $keyarray['settle_currency'];
$dataArr['exchange_rate'] = $keyarray['exchange_rate'];
$dataArr['payer_email'] = $keyarray['payer_email'];
$dataArr['txn_id'] = $keyarray['txn_id'];
if ($dataArr['payment_status'] != 'Completed') {
$errorMessage = 'Payment is not completed';
return 0;
}
if ($providerConf['Mode'] != 'live') {
$businessValue = $providerConf['Param_test_business'];
} else {
$businessValue = $providerConf['Param_business'];
}
if ($dataArr['business'] != $businessValue) {
$errorMessage = 'Wrong receiver email';
return -1;
}
$paymentAmount = getPaymentAmount($dataArr);
if (!commonValidateTransaction($dataArr['item_number'], $paymentAmount, $errorMessage)) {
return -1;
}
if (!customCheck($dataArr, $errorMessage)) {
return -1;
}
return 1;
}
return 2;
}
/**
* Validate if transaction real and successful
*
* @param array $dataArr - array with data to validate
* @param string &$errorMessage - error message when return result is not 1
*
* @return int - validation result
* possible variants:
* -1 - fraud attempt
* 0 - transaction was declined
* 1 - transaction was approved
* 2 - inner error
*
*
*/
function moduleValidateTransaction(&$dataArr, &$errorMessage)
{
global $providerConf;
if ($providerConf['Param_implementation'] == 'AIM') {
if ($providerConf['Debug']) {
writeDebugLog('AIM validation for transaction', $dataArr, false);
}
if (!commonValidateTransaction($dataArr[7], $dataArr[9], $errorMessage)) {
return -1;
}
if ($dataArr[0] != 1) {
$errorMessage = 'Transaction declined. Reason: ' . $dataArr[3];
return 0;
}
$localTranID = (int) $dataArr[7];
$tranArr = db_arr("SELECT `Data` FROM `Transactions`\r\n\t\t\t\t\t\t\t\tWHERE `ID` = {$localTranID}");
$tranData = transStringToData($tranArr['Data']);
if ($dataArr[12] != $tranData['memberID']) {
$errorMessage = 'Customer validation failed';
return -1;
}
$MD5String = $providerConf['Param_md5_hash_value'] . $providerConf['Param_x_login'] . $dataArr[6] . $dataArr[9];
$generatedMD5 = md5($MD5String);
if ($providerConf['Debug']) {
writeDebugLog('Calculated MD5 hash', $generatedMD5, false);
writeDebugLog('Received MD5 hash', $dataArr[37], false);
}
if ($dataArr[37] != $generatedMD5) {
$errorMessage = 'MD5 validation not passed';
return -1;
}
return 1;
} elseif ($providerConf['Param_implementation'] == 'SIM') {
if ($providerConf['Debug']) {
writeDebugLog('SIM validation for transaction', $dataArr, false);
}
if (!commonValidateTransaction($dataArr['x_invoice_num'], $dataArr['x_amount'], $errorMessage)) {
return -1;
}
if ($dataArr['x_response_code'] != 1) {
$errorMessage = 'Transaction declined. Reason: ' . $dataArr['x_response_reason_text'];
return 0;
}
$localTranID = (int) $dataArr['x_invoice_num'];
$tranArr = db_arr("SELECT `Data` FROM `Transactions`\r\n\t\t\t\t\t\t\t\tWHERE `ID` = {$localTranID}");
$tranData = transStringToData($tranArr['Data']);
if ($dataArr['x_cust_id'] != $tranData['memberID']) {
$errorMessage = 'Customer validation failed';
return -1;
}
$MD5String = $providerConf['Param_md5_hash_value'] . $providerConf['Param_x_login'] . $dataArr['x_trans_id'] . $dataArr['x_amount'];
$generatedMD5 = md5($MD5String);
if ($providerConf['Debug']) {
writeDebugLog('Calculated MD5 hash', $generatedMD5, false);
writeDebugLog('Received MD5 hash', $dataArr['x_md5_hash'], false);
}
if ($dataArr['x_md5_hash'] != $generatedMD5) {
$errorMessage = 'MD5 validation not passed';
return -1;
}
return 1;
}
return 2;
}
