예제 #1
0
 /**
  * Store the CC info to the order and process any results that come back from the payment gateway
  *
  */
 function before_process()
 {
     global $response, $db, $order, $messageStack;
     $order->info['cc_owner'] = zen_db_prepare_input($_POST['bank_acct_name']);
     $order->info['cc_type'] = 'eCheck';
     $order->info['cc_number'] = zen_db_prepare_input($_POST['bank_aba_code'] . '-' . str_pad(substr($_POST['bank_acct_num'], -4), strlen($_POST['bank_acct_num']), "X", STR_PAD_LEFT));
     $sessID = zen_session_id();
     // DATA PREPARATION SECTION
     unset($submit_data);
     // Cleans out any previous data stored in the variable
     // Create a string that contains a listing of products ordered for the description field
     $description = '';
     for ($i = 0; $i < sizeof($order->products); $i++) {
         $description .= $order->products[$i]['name'] . ' (qty: ' . $order->products[$i]['qty'] . ') + ';
     }
     // Remove the last "\n" from the string
     $description = substr($description, 0, -2);
     // Create a variable that holds the order time
     $order_time = date("F j, Y, g:i a");
     // Calculate the next expected order id
     $last_order_id = $db->Execute("select * from " . TABLE_ORDERS . " order by orders_id desc limit 1");
     $new_order_id = $last_order_id->fields['orders_id'];
     $new_order_id = $new_order_id + 1;
     $new_order_id = (string) $new_order_id . '-' . zen_create_random_value(6, 'chars');
     // Populate an array that contains all of the data to be sent to Authorize.net
     $submit_data = array('x_login' => trim(MODULE_PAYMENT_AUTHORIZENET_ECHECK_LOGIN), 'x_tran_key' => trim(MODULE_PAYMENT_AUTHORIZENET_ECHECK_TXNKEY), 'x_relay_response' => 'FALSE', 'x_delim_data' => 'TRUE', 'x_delim_char' => $this->delimiter, 'x_encap_char' => $this->encapChar, 'x_version' => '3.1', 'x_type' => MODULE_PAYMENT_AUTHORIZENET_ECHECK_AUTHORIZATION_TYPE == 'Authorize' ? 'AUTH_ONLY' : 'AUTH_CAPTURE', 'x_amount' => number_format($order->info['total'], 2), 'x_currency_code' => $order->info['currency'], 'x_method' => 'ECHECK', 'x_bank_aba_code' => $_POST['bank_aba_code'], 'x_bank_acct_num' => $_POST['bank_acct_num'], 'x_bank_acct_type' => $_POST['bank_acct_type'], 'x_bank_name' => $_POST['bank_name'], 'x_bank_acct_name' => $_POST['bank_acct_name'], 'x_echeck_type' => 'WEB', 'x_recurring_billing' => 'NO', 'x_email_customer' => MODULE_PAYMENT_AUTHORIZENET_ECHECK_EMAIL_CUSTOMER == 'True' ? 'TRUE' : 'FALSE', 'x_email_merchant' => MODULE_PAYMENT_AUTHORIZENET_ECHECK_EMAIL_MERCHANT == 'True' ? 'TRUE' : 'FALSE', 'x_cust_id' => $_SESSION['customer_id'], 'x_invoice_num' => (MODULE_PAYMENT_AUTHORIZENET_ECHECK_TESTMODE == 'Test' ? 'TEST-' : '') . $new_order_id, 'x_first_name' => $order->billing['firstname'], 'x_last_name' => $order->billing['lastname'], 'x_company' => $order->billing['company'], 'x_address' => $order->billing['street_address'], 'x_city' => $order->billing['city'], 'x_state' => $order->billing['state'], 'x_zip' => $order->billing['postcode'], 'x_country' => $order->billing['country']['title'], 'x_phone' => $order->customer['telephone'], 'x_email' => $order->customer['email_address'], 'x_ship_to_first_name' => $order->delivery['firstname'], 'x_ship_to_last_name' => $order->delivery['lastname'], 'x_ship_to_address' => $order->delivery['street_address'], 'x_ship_to_city' => $order->delivery['city'], 'x_ship_to_state' => $order->delivery['state'], 'x_ship_to_zip' => $order->delivery['postcode'], 'x_ship_to_country' => $order->delivery['country']['title'], 'x_description' => $description, 'x_customer_ip' => zen_get_ip_address(), 'x_po_num' => date('M-d-Y h:i:s'), 'x_freight' => number_format((double) $order->info['shipping_cost'], 2), 'x_tax_exempt' => 'FALSE', 'x_tax' => number_format((double) $order->info['tax'], 2), 'x_duty' => '0', 'Date' => $order_time, 'IP' => zen_get_ip_address(), 'Session' => $sessID);
     // process Wells-Fargo-SecureSource-specific parameters
     if (MODULE_PAYMENT_AUTHORIZENET_ECHECK_WFSS_ENABLED == 'True') {
         $submit_data['x_customer_organization_type'] = zen_db_prepare_input($_POST['echeck_customer_type']);
         if (zen_db_prepare_input($_POST['echeck_customer_tax_id']) != '') {
             $submit_data['x_customer_tax_id'] = zen_db_prepare_input($_POST['echeck_customer_tax_id']);
         } else {
             $submit_data = array_merge($submit_data, array('x_drivers_license_num' => zen_db_prepare_input($_POST['echeck_dl_num']), 'x_drivers_license_state' => zen_db_prepare_input($_POST['echeck_dl_state']), 'x_drivers_license_dob' => zen_db_prepare_input($_POST['echeck_dl_dob'])));
         }
     }
     // force conversion to USD
     if ($order->info['currency'] != 'USD') {
         global $currencies;
         $submit_data['x_amount'] = number_format($order->info['total'] * $currencies->get_value('USD'), 2);
         $submit_data['x_currency_code'] = 'USD';
         unset($submit_data['x_tax'], $submit_data['x_freight']);
     }
     unset($response);
     $response = $this->_sendRequest($submit_data);
     $response_code = $response[0];
     $response_text = $response[3];
     $this->auth_code = $response[4];
     $this->transaction_id = $response[6];
     $response_msg_to_customer = $response_text . ($this->commError == '' ? '' : ' Communications Error - Please notify webmaster.');
     $response['Expected-MD5-Hash'] = $this->calc_md5_response($response[6], $response[9]);
     $response['HashMatchStatus'] = $response[37] == $response['Expected-MD5-Hash'] ? 'PASS' : 'FAIL';
     $this->_debugActions($response, $order_time, $sessID);
     // If the MD5 hash doesn't match, then this transaction's authenticity cannot be verified.
     // Thus, order will be placed in Pending status
     if ($response['HashMatchStatus'] != 'PASS' && defined('MODULE_PAYMENT_AUTHORIZENET_ECHECK_MD5HASH') && MODULE_PAYMENT_AUTHORIZENET_ECHECK_MD5HASH != '') {
         $this->order_status = 1;
         $messageStack->add_session('header', MODULE_PAYMENT_AUTHORIZENET_ECHECK_TEXT_AUTHENTICITY_WARNING, 'caution');
     }
     // If the response code is not 1 (approved) then redirect back to the payment page with the appropriate error message
     if ($response_code != '1') {
         $messageStack->add_session('checkout_payment', $response_msg_to_customer . ' - ' . MODULE_PAYMENT_AUTHORIZENET_ECHECK_TEXT_DECLINED_MESSAGE, 'error');
         zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
     }
 }
예제 #2
0
 /**
  * Prepare and submit the final authorization to PayPal via the appropriate means as configured
  */
 function before_process()
 {
     global $order, $doPayPal;
     $options = array();
     $optionsShip = array();
     $optionsNVP = array();
     $options = $this->getLineItemDetails();
     //$this->zcLog('before_process - 1', 'Have line-item details:' . "\n" . print_r($options, true));
     $doPayPal = $this->paypal_init();
     if ($this->in_special_checkout() || $this->enableDirectPayment == false) {
         $this->zcLog('before_process - EC-1', 'Beginning EC mode');
         /****************************************
          * Do EC checkout
          ****************************************/
         // do not allow blank address to be sent to PayPal
         if ($_SESSION['paypal_ec_payer_info']['ship_street_1'] != '' && $_SESSION['paypal_ec_payer_info']['ship_address_status'] != 'None') {
             $options = array_merge($options, array('SHIPTONAME' => $_SESSION['paypal_ec_payer_info']['ship_name'], 'SHIPTOSTREET' => $_SESSION['paypal_ec_payer_info']['ship_street_1'], 'SHIPTOSTREET2' => $_SESSION['paypal_ec_payer_info']['ship_street_2'], 'SHIPTOCITY' => $_SESSION['paypal_ec_payer_info']['ship_city'], 'SHIPTOSTATE' => $_SESSION['paypal_ec_payer_info']['ship_state'], 'SHIPTOZIP' => $_SESSION['paypal_ec_payer_info']['ship_postal_code'], 'SHIPTOCOUNTRYCODE' => $_SESSION['paypal_ec_payer_info']['ship_country_code']));
             $this->zcLog('before_process - EC-2', 'address overrides added:' . "\n" . print_r($options, true));
         }
         $this->zcLog('before_process - EC-3', 'address info added:' . "\n" . print_r($options, true));
         // If the customer has changed their shipping address,
         // override the shipping address in PayPal with the shipping
         // address that is selected in Zen Cart.
         if ($order->delivery['street_address'] != $_SESSION['paypal_ec_payer_info']['ship_street_1'] && $_SESSION['paypal_ec_payer_info']['ship_street_1'] != '') {
             $_GET['markflow'] = 2;
             if (($address_arr = $this->getOverrideAddress()) !== false) {
                 // set the override var
                 $options['ADDROVERRIDE'] = 1;
                 // set the address info
                 $options['SHIPTONAME'] = $address_arr['entry_firstname'] . ' ' . $address_arr['entry_lastname'];
                 $options['SHIPTOSTREET'] = $address_arr['entry_street_address'];
                 if ($address_arr['entry_suburb'] != '') {
                     $options['SHIPTOSTREET2'] = $address_arr['entry_suburb'];
                 }
                 $options['SHIPTOCITY'] = $address_arr['entry_city'];
                 $options['SHIPTOZIP'] = $address_arr['entry_postcode'];
                 $options['SHIPTOSTATE'] = $address_arr['zone_code'];
                 $options['SHIPTOCOUNTRYCODE'] = $address_arr['countries_iso_code_2'];
             }
         }
         // if these optional parameters are blank, remove them from transaction
         if (isset($options['SHIPTOSTREET2']) && trim($options['SHIPTOSTREET2']) == '') {
             unset($options['SHIPTOSTREET2']);
         }
         if (isset($options['SHIPTOPHONE']) && trim($options['SHIPTOPHONE']) == '') {
             unset($options['SHIPTOPHONE']);
         }
         // if State is not supplied, repeat the city so that it's not blank, otherwise PayPal croaks
         if ((!isset($options['SHIPTOSTATE']) || trim($options['SHIPTOSTATE']) == '') && $options['SHIPTOCITY'] != '') {
             $options['SHIPTOSTATE'] = $options['SHIPTOCITY'];
         }
         $options['BUTTONSOURCE'] = $this->buttonSourceEC;
         $options['CURRENCY'] = $this->selectCurrency($order->info['currency']);
         $order_amount = $this->calc_order_amount($order->info['total'], $options['CURRENCY']);
         // unused at present:
         // $options['CUSTOM'] = '';
         // $options['INVNUM'] = '';
         // $options['DESC'] = '';
         // debug output
         $this->zcLog('before_process - EC-4', 'info being submitted:' . "\n" . $_SESSION['paypal_ec_token'] . ' ' . $_SESSION['paypal_ec_payer_id'] . ' ' . number_format($order_amount, 2) . "\n" . print_r($options, true));
         $response = $doPayPal->DoExpressCheckoutPayment($_SESSION['paypal_ec_token'], $_SESSION['paypal_ec_payer_id'], number_format(isset($options['AMT']) ? $options['AMT'] : $order_amount, 2), $options);
         $this->zcLog('before_process - EC-5', 'resultset:' . "\n" . urldecode(print_r($response, true)));
         // CHECK RESPONSE -- if error, actions are taken in the errorHandler
         $error = $this->_errorHandler($response, 'DoExpressCheckoutPayment');
         // SUCCESS
         $this->payment_type = MODULE_PAYMENT_PAYPALWPP_EC_TEXT_TYPE;
         $this->responsedata = $response;
         if ($response['PAYMENTTYPE'] != '') {
             $this->payment_type .= ' (' . urldecode($response['PAYMENTTYPE']) . ')';
         }
         $this->transaction_id = trim($response['PNREF'] . ' ' . $response['TRANSACTIONID']);
         if (empty($response['PENDINGREASON']) || $response['PENDINGREASON'] == 'none' || $response['PENDINGREASON'] == 'completed' || $response['PAYMENTSTATUS'] == 'Completed') {
             $this->payment_status = 'Completed';
             if ($this->order_status > 0) {
                 $order->info['order_status'] = $this->order_status;
             }
         } else {
             $this->payment_status = 'Pending (' . $response['PENDINGREASON'] . ')';
             $order->info['order_status'] = $this->order_pending_status;
         }
         $this->avs = 'N/A';
         $this->cvv2 = 'N/A';
         $this->correlationid = $response['CORRELATIONID'];
         $this->transactiontype = $response['TRANSACTIONTYPE'];
         $this->payment_time = urldecode($response['ORDERTIME']);
         $this->feeamt = urldecode($response['FEEAMT']);
         $this->taxamt = urldecode($response['TAXAMT']);
         $this->pendingreason = $response['PENDINGREASON'];
         $this->reasoncode = $response['REASONCODE'];
         //      $this->numitems = $_SESSION['cart']->count_contents();
         $this->numitems = sizeof($order->products);
         $this->amt = urldecode($response['AMT'] . ' ' . $response['CURRENCYCODE']);
         $this->auth_code = isset($this->response['AUTHCODE']) ? $this->response['AUTHCODE'] : $this->response['TOKEN'];
     } else {
         /****************************************
          * Do DP checkout
          ****************************************/
         $this->zcLog('before_process - DP-1', 'Beginning DP mode');
         // Set state fields depending on what PayPal wants to see for that country
         $this->setStateAndCountry($order->billing);
         if (zen_not_null($order->delivery['street_address'])) {
             $this->setStateAndCountry($order->delivery);
         }
         // Validate credit card data
         include DIR_WS_CLASSES . 'cc_validation.php';
         $cc_validation = new cc_validation();
         $response = $cc_validation->validate($_POST['ec_cc_number'], $_POST['ec_cc_expdate_month'], $_POST['ec_cc_expdate_year'], $_POST['ec_cc_issuedate_month'], $_POST['ec_cc_issuedate_year']);
         $error = '';
         switch ($response) {
             case -1:
                 $error = sprintf(TEXT_CCVAL_ERROR_UNKNOWN_CARD, substr($cc_validation->cc_number, 0, 4));
                 break;
             case -2:
             case -3:
             case -4:
                 $error = TEXT_CCVAL_ERROR_INVALID_DATE;
                 break;
             case false:
                 $error = TEXT_CCVAL_ERROR_INVALID_NUMBER;
                 break;
         }
         $this->zcLog('before_process - DP-2', 'CC validation results: ' . $error . '(' . $response . ')');
         if ($response == false || $response < 1) {
             $this->terminateEC($error, false, FILENAME_CHECKOUT_PAYMENT);
         }
         if (!in_array($cc_validation->cc_type, array('Visa', 'MasterCard', 'Switch', 'Solo', 'Discover', 'American Express', 'Maestro'))) {
             $this->terminateEC(MODULE_PAYMENT_PAYPALWPP_TEXT_BAD_CARD, false, FILENAME_CHECKOUT_PAYMENT);
         }
         $this->zcLog('before_process - DP-3', 'CC info: ' . $cc_validation->cc_type . ' ' . substr($cc_validation->cc_number, 0, 4) . str_repeat('X', strlen($cc_validation->cc_number) - 8) . substr($cc_validation->cc_number, -4));
         // if CC validation passed, continue using the validated data
         $cc_type = $cc_validation->cc_type;
         $cc_number = $cc_validation->cc_number;
         $cc_first_name = $_POST['ec_payer_firstname'];
         $cc_last_name = $_POST['ec_payer_lastname'];
         $cc_checkcode = $_POST['ec_cc_checkcode'];
         $cc_expdate_month = $cc_validation->cc_expiry_month;
         $cc_expdate_year = $cc_validation->cc_expiry_year;
         $cc_issuedate_month = $_POST['ec_cc_issuedate_month'];
         $cc_issuedate_year = $_POST['ec_cc_issuedate_year'];
         $cc_owner_ip = zen_get_ip_address();
         // If they're still here, set some of the order object's variables.
         $order->info['cc_type'] = $cc_type;
         $order->info['cc_number'] = substr($cc_number, 0, 4) . str_repeat('X', strlen($cc_number) - 8) . substr($cc_number, -4);
         $order->info['cc_owner'] = $cc_first_name . ' ' . $cc_last_name;
         $order->info['cc_expires'] = $cc_expdate_month . substr($cc_expdate_year, -2);
         $order->info['ip_address'] = $cc_owner_ip;
         // Set currency
         $my_currency = $this->selectCurrency($order->info['currency'], 'DP');
         /*
               // if CC is switch or solo, must be GBP
               if (in_array($cc_type, array('Switch', 'Solo', 'Maestro'))) {
                 $my_currency = 'GBP';
               }
         */
         $order_amount = $this->calc_order_amount($order->info['total'], $my_currency);
         // Initialize the paypal caller object.
         $doPayPal = $this->paypal_init();
         $optionsAll = array_merge($options, array('STREET' => $order->billing['street_address'], 'ZIP' => $order->billing['postcode']));
         $optionsNVP = array('CITY' => $order->billing['city'], 'STATE' => $order->billing['state'], 'COUNTRYCODE' => $order->billing['country']['iso_code_2'], 'EXPDATE' => $cc_expdate_month . $cc_expdate_year);
         $optionsShip = array();
         if (isset($order->delivery) && $order->delivery['street_address'] != '') {
             $optionsShip = array('SHIPTONAME' => $order->delivery['name'] == '' ? $order->delivery['firstname'] . ' ' . $order->delivery['lastname'] : $order->delivery['name'], 'SHIPTOSTREET' => $order->delivery['street_address'], 'SHIPTOSTREET2' => $order->delivery['suburb'], 'SHIPTOCITY' => $order->delivery['city'], 'SHIPTOZIP' => $order->delivery['postcode'], 'SHIPTOSTATE' => $order->delivery['state'], 'SHIPTOCOUNTRYCODE' => $order->delivery['country']['iso_code_2']);
         }
         // if these optional parameters are blank, remove them from transaction
         if (isset($optionsShip['SHIPTOSTREET2']) && trim($optionsShip['SHIPTOSTREET2']) == '') {
             unset($optionsShip['SHIPTOSTREET2']);
         }
         if (isset($optionsShip['SHIPTOPHONE']) && trim($optionsShip['SHIPTOPHONE']) == '') {
             unset($optionsShip['SHIPTOPHONE']);
         }
         // if State is not supplied, repeat the city so that it's not blank, otherwise PayPal croaks
         if (!isset($optionsShip['SHIPTOSTATE']) || trim($optionsShip['SHIPTOSTATE']) == '') {
             $optionsShip['SHIPTOSTATE'] = $optionsShip['SHIPTOCITY'];
         }
         // Payment Transaction/Authorization Mode
         $optionsNVP['PAYMENTACTION'] = MODULE_PAYMENT_PAYPALWPP_TRANSACTION_MODE == 'Auth Only' ? 'Authorization' : 'Sale';
         //      if (in_array($cc_type, array('Switch', 'Solo'))) {
         //        $optionsNVP['PAYMENTACTION'] = 'Authorization';
         //      }
         $optionsAll['BUTTONSOURCE'] = $this->buttonSourceDP;
         $optionsAll['CURRENCY'] = $my_currency;
         $optionsAll['IPADDRESS'] = $cc_owner_ip;
         if ($cc_issuedate_month && $cc_issuedate_year) {
             $optionsAll['CARDSTART'] = $cc_issuedate_month . substr($cc_issuedate_year, -2);
         }
         // unused at present:
         // $options['CUSTOM'] = '';
         // $options['INVNUM'] = '';
         // $options['DESC'] = '';
         $this->zcLog('before_process - DP-4', 'optionsAll: ' . print_r($optionsAll, true) . "\n" . 'optionsNVP: ' . print_r($optionsNVP, true) . "\n" . 'optionsShip' . print_r($optionsShip, true) . "\n" . 'Rest of data: ' . "\n" . number_format($order_amount, 2) . ' ' . $cc_expdate_month . ' ' . substr($cc_expdate_year, -2) . ' ' . $cc_first_name . ' ' . $cc_last_name . ' ' . $cc_type);
         $response = $doPayPal->DoDirectPayment(number_format($order_amount, 2), $cc_number, $cc_checkcode, $cc_expdate_month . substr($cc_expdate_year, -2), $cc_first_name, $cc_last_name, $cc_type, $optionsAll, array_merge($optionsNVP, $optionsShip));
         $this->zcLog('before_process - DP-5', 'resultset:' . "\n" . print_r($response, true));
         // CHECK RESPONSE
         $error = $this->_errorHandler($response, 'DoDirectPayment');
         $this->feeamt = '';
         $this->taxamt = '';
         $this->pendingreason = '';
         $this->reasoncode = '';
         $this->numitems = sizeof($order->products);
         $this->responsedata = $response;
         if ($response['PNREF']) {
             // PNREF only comes from payflow mode
             $this->payment_type = MODULE_PAYMENT_PAYPALWPP_PF_TEXT_TYPE;
             $this->transaction_id = $response['PNREF'];
             $this->payment_status = MODULE_PAYMENT_PAYPALWPP_TRANSACTION_MODE == 'Auth Only' ? 'Authorization' : 'Completed';
             $this->avs = 'AVSADDR: ' . $response['AVSADDR'] . ', AVSZIP: ' . $response['AVSZIP'] . ', IAVS: ' . $response['IAVS'];
             $this->cvv2 = $response['CVV2MATCH'];
             $this->amt = $order_amount . ' ' . $my_currency;
             $this->payment_time = date('Y-m-d h:i:s');
             $this->responsedata['CURRENCYCODE'] = $my_currency;
             $this->responsedata['EXCHANGERATE'] = $order->info['currency_value'];
             $this->auth_code = $this->response['AUTHCODE'];
         } else {
             // here we're in NVP mode
             $this->transaction_id = $response['TRANSACTIONID'];
             $this->payment_type = MODULE_PAYMENT_PAYPALWPP_DP_TEXT_TYPE;
             $this->payment_status = MODULE_PAYMENT_PAYPALWPP_TRANSACTION_MODE == 'Auth Only' ? 'Authorization' : 'Completed';
             $this->pendingreason = MODULE_PAYMENT_PAYPALWPP_TRANSACTION_MODE == 'Auth Only' ? 'authorization' : '';
             $this->avs = $response['AVSCODE'];
             $this->cvv2 = $response['CVV2MATCH'];
             $this->correlationid = $response['CORRELATIONID'];
             $this->payment_time = urldecode($response['TIMESTAMP']);
             $this->amt = urldecode($response['AMT'] . ' ' . $response['CURRENCYCODE']);
             $this->auth_code = isset($this->response['AUTHCODE']) ? $this->response['AUTHCODE'] : $this->response['TOKEN'];
             $this->transactiontype = 'cart';
         }
     }
 }
예제 #3
0
 /**
  * Store the CC info to the order and process any results that come back from the payment gateway
  *
  */
 function before_process()
 {
     global $response, $db, $order, $messageStack;
     $order->info['cc_type'] = $_POST['cc_type'];
     $order->info['cc_owner'] = $_POST['cc_owner'];
     $order->info['cc_number'] = str_pad(substr($_POST['cc_number'], -4), strlen($_POST['cc_number']), "X", STR_PAD_LEFT);
     $order->info['cc_expires'] = '';
     // $_POST['cc_expires'];
     $order->info['cc_cvv'] = '***';
     //$_POST['cc_cvv'];
     $sessID = zen_session_id();
     // DATA PREPARATION SECTION
     unset($submit_data);
     // Cleans out any previous data stored in the variable
     // Create a string that contains a listing of products ordered for the description field
     $description = '';
     for ($i = 0; $i < sizeof($order->products); $i++) {
         $description .= $order->products[$i]['name'] . ' (qty: ' . $order->products[$i]['qty'] . ') + ';
     }
     // Remove the last "\n" from the string
     $description = substr($description, 0, -2);
     // Create a variable that holds the order time
     $order_time = date("F j, Y, g:i a");
     // Calculate the next expected order id (adapted from code written by Eric Stamper - 01/30/2004 Released under GPL)
     $last_order_id = $db->Execute("select * from " . TABLE_ORDERS . " order by orders_id desc limit 1");
     $new_order_id = $last_order_id->fields['orders_id'];
     $new_order_id = $new_order_id + 1;
     // add randomized suffix to order id to produce uniqueness ... since it's unwise to submit the same order-number twice to authorize.net
     $new_order_id = (string) $new_order_id . '-' . zen_create_random_value(6, 'chars');
     // Populate an array that contains all of the data to be sent to Authorize.net
     $submit_data = array('x_login' => trim(MODULE_PAYMENT_AUTHORIZENET_AIM_LOGIN), 'x_tran_key' => trim(MODULE_PAYMENT_AUTHORIZENET_AIM_TXNKEY), 'x_relay_response' => 'FALSE', 'x_delim_data' => 'TRUE', 'x_delim_char' => $this->delimiter, 'x_encap_char' => $this->encapChar, 'x_version' => '3.1', 'x_type' => MODULE_PAYMENT_AUTHORIZENET_AIM_AUTHORIZATION_TYPE == 'Authorize' ? 'AUTH_ONLY' : 'AUTH_CAPTURE', 'x_method' => 'CC', 'x_amount' => number_format($order->info['total'], 2), 'x_currency_code' => $order->info['currency'], 'x_card_num' => $_POST['cc_number'], 'x_exp_date' => $_POST['cc_expires'], 'x_card_code' => $_POST['cc_cvv'], 'x_email_customer' => MODULE_PAYMENT_AUTHORIZENET_AIM_EMAIL_CUSTOMER == 'True' ? 'TRUE' : 'FALSE', 'x_email_merchant' => MODULE_PAYMENT_AUTHORIZENET_AIM_EMAIL_MERCHANT == 'True' ? 'TRUE' : 'FALSE', 'x_cust_id' => $_SESSION['customer_id'], 'x_invoice_num' => (MODULE_PAYMENT_AUTHORIZENET_AIM_TESTMODE == 'Test' ? 'TEST-' : '') . $new_order_id, 'x_first_name' => $order->billing['firstname'], 'x_last_name' => $order->billing['lastname'], 'x_company' => $order->billing['company'], 'x_address' => $order->billing['street_address'], 'x_city' => $order->billing['city'], 'x_state' => $order->billing['state'], 'x_zip' => $order->billing['postcode'], 'x_country' => $order->billing['country']['title'], 'x_phone' => $order->customer['telephone'], 'x_email' => $order->customer['email_address'], 'x_ship_to_first_name' => $order->delivery['firstname'], 'x_ship_to_last_name' => $order->delivery['lastname'], 'x_ship_to_address' => $order->delivery['street_address'], 'x_ship_to_city' => $order->delivery['city'], 'x_ship_to_state' => $order->delivery['state'], 'x_ship_to_zip' => $order->delivery['postcode'], 'x_ship_to_country' => $order->delivery['country']['title'], 'x_description' => $description, 'x_recurring_billing' => 'NO', 'x_customer_ip' => zen_get_ip_address(), 'x_po_num' => date('M-d-Y h:i:s'), 'x_freight' => number_format((double) $order->info['shipping_cost'], 2), 'x_tax_exempt' => 'FALSE', 'x_tax' => number_format((double) $order->info['tax'], 2), 'x_duty' => '0', 'x_allow_partial_Auth' => 'FALSE', 'Date' => $order_time, 'IP' => zen_get_ip_address(), 'Session' => $sessID);
     unset($response);
     $response = $this->_sendRequest($submit_data);
     $response_code = $response[0];
     $response_text = $response[3];
     $this->auth_code = $response[4];
     $this->transaction_id = $response[6];
     $this->avs_response = $response[5];
     $this->ccv_response = $response[38];
     $response_msg_to_customer = $response_text . ($this->commError == '' ? '' : ' Communications Error - Please notify webmaster.');
     $response['Expected-MD5-Hash'] = $this->calc_md5_response($response[6], $response[9]);
     $response['HashMatchStatus'] = $response[37] == $response['Expected-MD5-Hash'] ? 'PASS' : 'FAIL';
     if ($response[0] == '3' && $response[2] == '103') {
         $response['ErrorDetails'] = 'Invalid Transaction Key in AIM configuration.';
     }
     if ($response[0] == '2' && $response[2] == '44') {
         $response['ErrorDetails'] = 'Declined due to CVV refusal by issuing bank.';
     }
     if ($response[0] == '2' && $response[2] == '45') {
         $response['ErrorDetails'] = 'Declined due to AVS/CVV filters.';
     }
     if ($response[0] == '2' && $response[2] == '65') {
         $response['ErrorDetails'] = 'Declined due to custom CVV filters.';
     }
     if ($response[0] == '3' && $response[2] == '66') {
         $response['ErrorDetails'] = 'Transaction did not meet security guideline requirements.';
     }
     if ($response[0] == '3' && $response[2] == '128') {
         $response['ErrorDetails'] = 'Refused by customers bank.';
     }
     if ($response[0] == '2' && $response[2] == '250') {
         $response['ErrorDetails'] = 'Transaction submitted from a blocked IP address.';
     }
     if ($response[0] == '2' && $response[2] == '251') {
         $response['ErrorDetails'] = 'Declined by Fraud Detection Suite filter.';
     }
     if ($response[0] == '4' && in_array($response[2], array('193', '252', '253'))) {
         $this->order_status = 1;
         $this->transaction_id .= ' ***NOTE: Held for review by merchant.';
         $response['ErrorDetails'] = 'Transaction held for review by merchant or fraud detection suite.';
     }
     $this->_debugActions($response, $order_time, $sessID);
     // If the MD5 hash doesn't match, then this transaction's authenticity cannot be verified.
     // Thus, order will be placed in Pending status
     if ($response['HashMatchStatus'] != 'PASS' && defined('MODULE_PAYMENT_AUTHORIZENET_AIM_MD5HASH') && MODULE_PAYMENT_AUTHORIZENET_AIM_MD5HASH != '') {
         $this->order_status = 1;
         $messageStack->add_session('header', MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_AUTHENTICITY_WARNING, 'caution');
     }
     // If the response code is not 1 (approved) then redirect back to the payment page with the appropriate error message
     if ($response_code != '1') {
         $messageStack->add_session('checkout_payment', $response_msg_to_customer . ' - ' . MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_DECLINED_MESSAGE, 'error');
         zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
     }
     if ($response[88] != '') {
         $_SESSION['payment_method_messages'] = $response[88];
     }
 }
예제 #4
0
    if ($_SESSION['SSL_SESSION_ID'] != $ssl_session_id) {
        zen_session_destroy();
        zen_redirect(zen_href_link(FILENAME_SSL_CHECK));
    }
}
/**
 * verify the browser user agent if the feature is enabled
 */
if (SESSION_CHECK_USER_AGENT == 'True') {
    $http_user_agent = $_SERVER['HTTP_USER_AGENT'];
    if (!$_SESSION['SESSION_USER_AGENT']) {
        $_SESSION['SESSION_USER_AGENT'] = $http_user_agent;
    }
    if ($_SESSION['SESSION_USER_AGENT'] != $http_user_agent) {
        zen_session_destroy();
        zen_redirect(zen_href_link(FILENAME_LOGIN));
    }
}
/**
 * verify the IP address if the feature is enabled
 */
if (SESSION_CHECK_IP_ADDRESS == 'True') {
    $ip_address = zen_get_ip_address();
    if (!$_SESSION['SESSION_IP_ADDRESS']) {
        $_SESSION['SESSION_IP_ADDRESS'] = $ip_address;
    }
    if ($_SESSION['SESSION_IP_ADDRESS'] != $ip_address) {
        zen_session_destroy();
        zen_redirect(zen_href_link(FILENAME_LOGIN));
    }
}
예제 #5
0
            // check for required session variables
            $_SESSION['gv_id'] = $coupon->fields['coupon_id'];
            $error = false;
        } else {
            $error = true;
        }
    }
} else {
    zen_redirect(zen_href_link(FILENAME_DEFAULT));
}
if (!$error && $_SESSION['customer_id']) {
    // Update redeem status
    $gv_query = "INSERT INTO  " . TABLE_COUPON_REDEEM_TRACK . "(coupon_id, customer_id, redeem_date, redeem_ip)\n               VALUES (:couponID, :customersID, now(), :remoteADDR)";
    $gv_query = $db->bindVars($gv_query, ':customersID', $_SESSION['customer_id'], 'integer');
    $gv_query = $db->bindVars($gv_query, ':couponID', $coupon->fields['coupon_id'], 'integer');
    $gv_query = $db->bindVars($gv_query, ':remoteADDR', zen_get_ip_address(), 'string');
    $db->Execute($gv_query);
    $gv_update = "UPDATE " . TABLE_COUPONS . "\n                SET coupon_active = 'N'\n                WHERE coupon_id = :couponID";
    $gv_update = $db->bindVars($gv_update, ':couponID', $coupon->fields['coupon_id'], 'integer');
    $db->Execute($gv_update);
    zen_gv_account_update($_SESSION['customer_id'], $_SESSION['gv_id']);
    $_SESSION['gv_id'] = '';
}
//require(DIR_WS_MODULES . zen_get_module_directory('require_languages.php')); //moved to top
$breadcrumb->add(NAVBAR_TITLE);
// prepare message for display in template:
$message = sprintf(TEXT_VALID_GV, $currencies->format($coupon->fields['coupon_amount']));
if ($error) {
    // if we get here then either the URL gv_no param was not set or it was invalid
    // so output a message.
    $message = TEXT_INVALID_GV;
예제 #6
0
 /**
  * Prepare and submit the authorization to the gateway
  */
 function before_process()
 {
     global $order, $order_totals, $db, $messageStack, $lp_avs, $lp_trans_num;
     $myorder = array();
     // Calculate the next expected order id
     $last_order_id = $db->Execute("select * from " . TABLE_ORDERS . " order by orders_id desc limit 1");
     $new_order_id = $last_order_id->fields['orders_id'];
     $new_order_id = $new_order_id + 1;
     // add randomized suffix to order id to produce uniqueness ... since it's unwise to submit the same order-number twice to the gateway
     $new_order_id = (string) $new_order_id . '-' . zen_create_random_value(6);
     // Build Info to send to Gateway
     $myorder["result"] = "LIVE";
     switch (MODULE_PAYMENT_LINKPOINT_API_TRANSACTION_MODE_RESPONSE) {
         case "TESTING: Successful":
             $myorder["result"] = "GOOD";
             break;
         case "TESTING: Decline":
             $myorder["result"] = "DECLINE";
             break;
         case "TESTING: Duplicate":
             $myorder["result"] = "DUPLICATE";
             break;
     }
     // "oid" - Order ID number must be unique. If not set, gateway will assign one.
     //$oid = zen_create_random_value(16, 'digits'); // Create a UID for the order
     $myorder["oid"] = $new_order_id;
     //"";    // time(); ????
     // prepare totals for submission
     $surcharges = 0;
     $creditsApplied = 0;
     global $order_totals;
     reset($order_totals);
     $myorder['subtotal'] = $myorder['tax'] = $myorder['shipping'] = $myorder['chargetotal'] = 0;
     for ($i = 0, $n = sizeof($order_totals); $i < $n; $i++) {
         if ($order_totals[$i]['code'] == '') {
             continue;
         }
         if (in_array($order_totals[$i]['code'], array('ot_total', 'ot_subtotal', 'ot_tax', 'ot_shipping'))) {
             if ($order_totals[$i]['code'] == 'ot_subtotal') {
                 $myorder["subtotal"] = round($order_totals[$i]['value'], 2);
             }
             if ($order_totals[$i]['code'] == 'ot_tax') {
                 $myorder["tax"] += round($order_totals[$i]['value'], 2);
             }
             if ($order_totals[$i]['code'] == 'ot_shipping') {
                 $myorder["shipping"] = round($order_totals[$i]['value'], 2);
             }
             if ($order_totals[$i]['code'] == 'ot_total') {
                 $myorder["chargetotal"] = round($order_totals[$i]['value'], 2);
             }
         } else {
             global ${$order_totals[$i]['code']};
             if (substr($order_totals[$i]['text'], 0, 1) == '-' || isset(${$order_totals[$i]['code']}->credit_class) && ${$order_totals[$i]['code']}->credit_class == true) {
                 $creditsApplied += round($order_totals[$i]['value'], 2);
             } else {
                 $surcharges += round($order_totals[$i]['value'], 2);
             }
         }
     }
     foreach (array('subtotal', 'tax', 'chargetotal', 'shipping') as $i) {
         if (isset($myorder[$i])) {
             $myorder[$i] = number_format($myorder[$i], 2, '.', '');
         }
     }
     if ($surcharges == 0 && $creditsApplied == 0 && $order->info['total'] >= $order->info['subtotal'] && sizeof($order->products) <= 20) {
         // itemized contents
         $num_line_items = 0;
         reset($order->products);
         for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
             $num_line_items++;
             $myorder["items"][$num_line_items]['id'] = $order->products[$i]['id'];
             $myorder["items"][$num_line_items]['description'] = substr(htmlentities($order->products[$i]['name'], ENT_QUOTES, 'UTF-8'), 0, 128);
             $myorder["items"][$num_line_items]['quantity'] = $order->products[$i]['qty'];
             $myorder["items"][$num_line_items]['price'] = number_format(zen_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']), 2, '.', '');
             // check and adjust for fractional quantities, which cannot be submitted as line-item details
             $q = $order->products[$i]['qty'];
             $q1 = strval($q);
             $q2 = (int) $q;
             $q3 = strval($q2);
             if ($q1 != $q3 || $myorder["items"][$num_line_items]['quantity'] * $myorder["items"][$num_line_items]['price'] != number_format($order->products[$i]['qty'] * $order->products[$i]['final_price'], 2, '.', '')) {
                 $myorder["items"][$num_line_items]['quantity'] = 1;
                 $myorder["items"][$num_line_items]['price'] = number_format(zen_round(zen_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']), $decimals) * $order->products[$i]['qty'], 2, '.', '');
                 $myorder["items"][$num_line_items]['description'] = '(' . $order->products[$i]['qty'] . ' x )' . substr($myorder["items"][$num_line_items]['description'], 115);
             }
             if (isset($order->products[$i]['attributes'])) {
                 $options_text_length = 0;
                 for ($j = 0, $m = sizeof($order->products[$i]['attributes']); $j < $m; $j++) {
                     $options_text_length += strlen($order->products[$i]['attributes'][$j]['option'] . $order->products[$i]['attributes'][$j]['value']);
                 }
                 if ($options_text_length < 128) {
                     for ($j = 0, $m = sizeof($order->products[$i]['attributes']); $j < $m; $j++) {
                         $myorder["items"][$num_line_items]['options' . $j]['name'] = substr(htmlentities($order->products[$i]['attributes'][$j]['option'], ENT_QUOTES, 'UTF-8'), 0, 128);
                         $myorder["items"][$num_line_items]['options' . $j]['value'] = substr(htmlentities($order->products[$i]['attributes'][$j]['value'], ENT_QUOTES, 'UTF-8'), 0, 128);
                     }
                 }
             }
             // track one-time charges
             if ($order->products[$i]['onetime_charges'] != 0) {
                 $num_line_items++;
                 $myorder["items"][$num_line_items]['id'] = 'OTC';
                 $myorder["items"][$num_line_items]['description'] = 'One Time Charges';
                 $myorder["items"][$num_line_items]['quantity'] = 1;
                 $myorder["items"][$num_line_items]['price'] = number_format(zen_add_tax($order->products[$i]['onetime_charges'], $order->products[$i]['tax']), 2, '.', '');
             }
         }
         /*
                 // deal with surcharges/fees
                 $num_line_items++;
                 $myorder["items"][$num_line_items]['id']          = 'Surcharge';
                 $myorder["items"][$num_line_items]['description'] = $order_totals[$i]['title'];
                 $myorder["items"][$num_line_items]['quantity']    = 1;
                 $myorder["items"][$num_line_items]['price']       = number_format($order_totals[$i]['value'], 2, '.', '');
                 $myorder["subtotal"] += $surcharges;
         */
         // FirstData can't accept more than 20 line-item submissions per transaction
         if ($num_line_items > 20) {
             unset($myorder["items"]);
             $num_line_items = 0;
         }
         // Verify that the line-item math works
         for ($i = 1, $n = $num_line_items; $i <= $n; $i++) {
             $sum2 += $myorder["items"][$i]['quantity'] * $myorder["items"][$i]['price'];
         }
         if (strval($sum2) != strval($myorder['subtotal'])) {
             unset($myorder['items']);
             $num_line_items = 0;
         }
     }
     // Subtotal Sanity Check in case there are addon modules affecting calculations
     $sum1 = strval($myorder['subtotal'] + $myorder['shipping'] + $myorder['tax']);
     if ($sum1 > $myorder['chargetotal']) {
         foreach (array('subtotal', 'tax', 'shipping', 'items') as $i) {
             if (isset($myorder[$i])) {
                 unset($myorder[$i]);
             }
         }
     } elseif ($sum1 < $myorder['chargetotal']) {
         if ($num_line_items > 0 && $num_line_items < 20 && isset($myorder['items'])) {
             $num_line_items++;
             $myorder["items"][$num_line_items]['id'] = 'Adj';
             $myorder["items"][$num_line_items]['description'] = 'Rounding Adjustment';
             $myorder["items"][$num_line_items]['quantity'] = 1;
             $myorder["items"][$num_line_items]['price'] = number_format($myorder['chargetotal'] - $sum1, 2, '.', '');
             $myorder['subtotal'] += round($myorder['chargetotal'] - $sum1, 2);
             $myorder['subtotal'] = number_format($myorder['subtotal'], 2, '.', '');
         } else {
             foreach (array('subtotal', 'tax', 'shipping', 'items') as $i) {
                 if (isset($myorder[$i])) {
                     unset($myorder[$i]);
                 }
             }
         }
     }
     // clean up zeros
     foreach (array('subtotal', 'tax', 'shipping') as $i) {
         if (isset($myorder[$i]) && $myorder[$i] == 0) {
             unset($myorder[$i]);
         }
     }
     $myorder["ip"] = current(explode(':', str_replace(',', ':', zen_get_ip_address())));
     $myorder["ponumber"] = "";
     // CARD INFO
     $myorder["cardnumber"] = $_POST['cc_number'];
     $myorder["cardexpmonth"] = $_POST['cc_expires_month'];
     $myorder["cardexpyear"] = $_POST['cc_expires_year'];
     $myorder["cvmindicator"] = "provided";
     $myorder["cvmvalue"] = $_POST['cc_cvv'];
     // BILLING INFO
     $myorder["userid"] = $_SESSION['customer_id'];
     $myorder["customerid"] = $_SESSION['customer_id'];
     $myorder["name"] = htmlentities($_POST['cc_owner'], ENT_QUOTES, 'UTF-8');
     //$order->billing['firstname'] . ' ' . $order->billing['lastname']);
     $myorder["company"] = htmlentities($order->billing['company'], ENT_QUOTES, 'UTF-8');
     $myorder["address1"] = htmlentities($order->billing['street_address'], ENT_QUOTES, 'UTF-8');
     $myorder["address2"] = htmlentities($order->billing['suburb'], ENT_QUOTES, 'UTF-8');
     $myorder["city"] = $order->billing['city'];
     $myorder["state"] = $order->billing['state'];
     $myorder["country"] = $order->billing['country']['iso_code_2'];
     $myorder["phone"] = $order->customer['telephone'];
     //$myorder["fax"]      = $order->customer['fax'];
     $myorder["email"] = $order->customer['email_address'];
     $myorder["addrnum"] = $order->billing['street_address'];
     // Required for AVS. If not provided, transactions will downgrade.
     $myorder["zip"] = $order->billing['postcode'];
     // Required for AVS. If not provided, transactions will downgrade.
     // SHIPPING INFO
     $myorder["sname"] = htmlentities($order->delivery['firstname'] . ' ' . $order->delivery['lastname'], ENT_QUOTES, 'UTF-8');
     $myorder["saddress1"] = htmlentities($order->delivery['street_address'], ENT_QUOTES, 'UTF-8');
     $myorder["saddress2"] = htmlentities($order->delivery['suburb'], ENT_QUOTES, 'UTF-8');
     $myorder["scity"] = $order->delivery['city'];
     $myorder["sstate"] = $order->delivery['state'];
     $myorder["szip"] = $order->delivery['postcode'];
     $myorder["scountry"] = $order->delivery['country']['iso_code_2'];
     // MISC
     $myorder["comments"] = "Website Order";
     // $myorder["referred"] = "";
     $myorder["ordertype"] = MODULE_PAYMENT_LINKPOINT_API_AUTHORIZATION_MODE == 'Authorize Only' ? 'PREAUTH' : 'SALE';
     $this->payment_status = $myorder["ordertype"];
     // send request to gateway
     $result = $this->_sendRequest($myorder);
     // alert to customer if communication failure
     if (!is_array($result)) {
         $messageStack->add_session('checkout_payment', MODULE_PAYMENT_LINKPOINT_API_TEXT_FAILURE_MESSAGE, 'error');
         zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
     }
     // resubmit without subtotals if subtotal error occurs
     if ($result["r_approved"] != "APPROVED" && !($result["r_approved"] == "SUBMITTED" && $result["r_message"] == 'APPROVED')) {
         if (in_array(substr($result['r_error'], 0, 10), array('SGS-002301', 'SGS-010503', 'SGS-005003'))) {
             foreach (array('items', 'subtotal', 'tax', 'shipping') as $i) {
                 if (isset($myorder[$i])) {
                     unset($myorder[$i]);
                 }
             }
             $myorder["oid"] .= '-b';
             $myorder["chargetotal"] = $myorder["chargetotal"] - 0.01;
             $result = $this->_sendRequest($myorder);
             if (!is_array($result)) {
                 $messageStack->add_session('checkout_payment', MODULE_PAYMENT_LINKPOINT_API_TEXT_FAILURE_MESSAGE, 'error');
                 zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
             }
         }
     }
     // PARSE Results
     $all_response_info = '';
     foreach ($result as $key => $value) {
         $all_response_info .= ' ' . $key . '=' . $value;
     }
     if ($this->code_debug) {
         $messageStack->add_session('header', $all_response_info, 'caution');
     }
     $chargetotal = $myorder["chargetotal"];
     // prepare transaction logging info
     $cust_info = '';
     $cc_number = substr($myorder["cardnumber"], 0, 4) . str_repeat('X', abs(strlen($myorder["cardnumber"]) - 8)) . substr($myorder["cardnumber"], -4);
     foreach ($myorder as $key => $value) {
         if ($key != 'cardnumber') {
             if ($key == 'cvmvalue') {
                 $value = '****';
             }
             if ($key == 'cardexpmonth') {
                 $cc_month = $value;
             }
             if ($key == 'cardexpyear') {
                 $cc_year = $value;
             }
             if (is_array($value)) {
                 $value = print_r($value, true);
             }
             if (!in_array($key, array('keyfile', 'configfile', 'transactionorigin', 'terminaltype', 'host', 'port'))) {
                 $cust_info .= ' ' . $key . '=' . $value . ';';
             }
         } else {
             $cust_info .= ' ' . $key . '=' . $cc_number . ';';
         }
     }
     // store last 4 digits of CC number
     //    $order->info['cc_number'] = str_repeat('X', (strlen($myorder["cardnumber"]) - 4)) . substr($myorder["cardnumber"], -4);
     // store first and last 4 digits of CC number ... which is the Visa-standards-compliant approach, same as observed by Linkpoint's services
     $order->info['cc_number'] = $cc_number;
     $order->info['cc_type'] = $_POST['cc_type'];
     $order->info['cc_owner'] = $_POST['cc_owner'];
     $order->info['cc_cvv'] = '***';
     $order->info['cc_expires'] = '';
     // $_POST['cc_expires'];
     $lp_trans_num = $result['r_ordernum'];
     $transaction_tax = $result['r_tax'];
     // The calculated tax for the order, when the ordertype is calctax.
     $transaction_shipping = $result['r_shipping'];
     // The calculated shipping charges for the order, when the ordertype is calcshipping.
     $this->response_codes = $result['r_avs'];
     // AVS Response for transaction
     // these are used to update the order-status-history upon order completion
     $this->transaction_id = $result['r_tdate'] . ' Order Number/Code: ' . $result['r_ordernum'];
     $this->auth_code = $result['r_code'];
     // The approval code for this transaction.
     //  Store Transaction history in Database
     $sql_data_array = array(array('fieldName' => 'lp_trans_num', 'value' => $result['r_ordernum'], 'type' => 'string'), array('fieldName' => 'order_id', 'value' => $result['r_ordernum'], 'type' => 'integer'), array('fieldName' => 'approval_code', 'value' => $result['r_code'], 'type' => 'string'), array('fieldName' => 'transaction_response_time', 'value' => $result['r_time'], 'type' => 'string'), array('fieldName' => 'r_error', 'value' => $result['r_error'], 'type' => 'string'), array('fieldName' => 'customer_id', 'value' => $_SESSION['customer_id'], 'type' => 'integer'), array('fieldName' => 'avs_response', 'value' => $result['r_avs'], 'type' => 'string'), array('fieldName' => 'transaction_result', 'value' => $result['r_approved'], 'type' => 'string'), array('fieldName' => 'message', 'value' => $result['r_message'] . "\n" . $all_response_info, 'type' => 'string'), array('fieldName' => 'transaction_time', 'value' => $result['r_tdate'], 'type' => 'string'), array('fieldName' => 'transaction_reference_number', 'value' => $result['r_ref'], 'type' => 'string'), array('fieldName' => 'fraud_score', 'value' => $result['r_score'], 'type' => 'integer'), array('fieldName' => 'cc_number', 'value' => $cc_number, 'type' => 'string'), array('fieldName' => 'cust_info', 'value' => $cust_info, 'type' => 'string'), array('fieldName' => 'chargetotal', 'value' => $chargetotal, 'type' => 'string'), array('fieldName' => 'ordertype', 'value' => $myorder['ordertype'], 'type' => 'string'), array('fieldName' => 'date_added', 'value' => 'now()', 'type' => 'noquotestring'));
     if (MODULE_PAYMENT_LINKPOINT_API_STORE_DATA == 'True') {
         $db->perform(TABLE_LINKPOINT_API, $sql_data_array);
     }
     //  Begin check of specific error conditions
     if ($result["r_approved"] != "APPROVED" && !($result["r_approved"] == "SUBMITTED" && $result["r_message"] == 'APPROVED')) {
         if (substr($result['r_error'], 0, 10) == 'SGS-020005') {
             $messageStack->add_session('checkout_payment', $result['r_error'], 'error');
         }
         // Error (Merchant config file is missing, empty or cannot be read)
         if (substr($result['r_error'], 0, 10) == 'SGS-005000') {
             $messageStack->add_session('checkout_payment', MODULE_PAYMENT_LINKPOINT_API_TEXT_GENERAL_ERROR . '<br />' . $result['r_error'], 'error');
         }
         // The server encountered a database error
         if (substr($result['r_error'], 0, 10) == 'SGS-000001' || strstr($result['r_error'], 'D:Declined') || strstr($result['r_error'], 'R:Referral')) {
             $messageStack->add_session('checkout_payment', MODULE_PAYMENT_LINKPOINT_API_TEXT_DECLINED_MESSAGE . '<br />' . $result['r_error'], 'error');
         }
         if (substr($result['r_error'], 0, 10) == 'SGS-005005' || strstr($result['r_error'], 'Duplicate transaction')) {
             $messageStack->add_session('checkout_payment', MODULE_PAYMENT_LINKPOINT_API_TEXT_DUPLICATE_MESSAGE . '<br />' . $result['r_error'], 'error');
         }
         if (substr($result['r_error'], 0, 10) == 'SGS-002301') {
             $messageStack->add_session('checkout_payment', 'Subtotal miscalculation. Please notify the storeowner.' . '<br />' . $result['r_error'], 'error');
         }
     }
     //  End specific error conditions
     //  Begin Transaction Status does not equal APPROVED
     if ($result["r_approved"] != "APPROVED") {
         // alert to customer:
         $messageStack->add_session('checkout_payment', MODULE_PAYMENT_LINKPOINT_API_TEXT_DECLINED_MESSAGE, 'caution');
         zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
     }
     //  End Transaction Status does not equal APPROVED
     $avs_meanings = array();
     $avs_meanings['YY'] = ' - Street Address and Zip Code match.';
     $avs_meanings['YN'] = ' - Street Address matches but Zip Code does NOT match.';
     $avs_meanings['YX'] = ' - Street Address matches, but Zip Code comparison unavailable.';
     $avs_meanings['NY'] = ' - Street Address DOES NOT match, but Zip Code matches.';
     $avs_meanings['XY'] = ' - Street Address check not available, but Zip Code matches.';
     $avs_meanings['NN'] = ' - Street Address DOES NOT MATCH and Zip Code DOES NOT MATCH.';
     $avs_meanings['NX'] = ' - Street Address DOES NOT MATCH and Zip Code comparison unavailable.';
     $avs_meanings['XN'] = ' - Street Address check not available. Zip Code DOES NOT MATCH.';
     $avs_meanings['XX'] = ' - No validation for address or zip code could be performed (not available from issuing bank).';
     // Possible Fraud order. Allow transaction to process, but notify shop for owner to take appropriate action on order
     if ($result["r_approved"] == "APPROVED" && substr($result['r_code'], 17, 2) != "YY" && MODULE_PAYMENT_LINKPOINT_API_FRAUD_ALERT == 'Yes') {
         //DEBUG: $messageStack->add_session('header', 'possible fraud situation--> ' . $result['r_code'], 'caution');
         $message = 'Potential Fraudulent Order - Bad Address - Action Required' . "\n" . 'This alert occurs because the "Approval Code" below does not contain the expected YY response.' . "\n" . 'Thus, you might want to verify the address with the customer prior to shipping, or be sure to use Registered Mail with Signature Required in case they file a chargeback.' . "\n\n" . 'Customer Name: ' . $order->customer['firstname'] . ' ' . $order->customer['lastname'] . "\n\n" . 'AVS Result: ' . $result['r_avs'] . $avs_meanings[substr($result['r_avs'], 0, 2)] . "\n\n" . 'Order Number: ' . $lp_trans_num . "\n" . 'Transaction Date and Time: ' . $result['r_time'] . "\n" . 'Approval Code: ' . $result['r_code'] . "\n" . 'Reference Number: ' . $result['r_ref'] . "\n\n" . 'Error Message: ' . $result['r_error'] . "\n\n" . 'Transaction Result: ' . $result['r_approved'] . "\n\n" . 'Message: ' . $result['r_message'] . "\n\n" . 'Fraud Score: ' . ($result['r_score'] == '' ? 'Not Enabled' : $result['r_score']) . "\n\n" . 'AVS CODE MEANINGS: ' . "\n" . 'YY** = Street Address and Zip Code match.' . "\n" . 'YN** = Street Address matches but Zip Code does NOT match.' . "\n" . 'YX** = Street Address matches, but Zip Code comparison unavailable.' . "\n" . 'NY** = Street Address DOES NOT match, but Zip Code matches.' . "\n" . 'XY** = Street Address check not available, but Zip Code matches.' . "\n" . 'NN** = Street Address DOES NOT MATCH and Zip Code DOES NOT MATCH.' . "\n" . 'NX** = Street Address DOES NOT MATCH and Zip Code comparison unavailable.' . "\n" . 'XN** = Street Address check not available. Zip Code DOES NOT MATCH.' . "\n" . 'XX** = Neither validation is available.' . "\n";
         $html_msg['EMAIL_MESSAGE_HTML'] = nl2br($result['r_message']);
         zen_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, 'Potential Fraudulent Order - Bad Address - Action Required - ' . $lp_trans_num, $message, STORE_NAME, EMAIL_FROM, $html_msg, 'fraudalert');
     }
     // end fraud alert
 }
예제 #7
0
zen_session_save_path(SESSION_WRITE_DIRECTORY);
// set the session cookie parameters
$path = str_replace('\\', '/', dirname($_SERVER['SCRIPT_NAME']));
if (defined('SESSION_USE_ROOT_COOKIE_PATH') && SESSION_USE_ROOT_COOKIE_PATH == 'True') {
    $path = '/';
}
$path = defined('CUSTOM_COOKIE_PATH') ? CUSTOM_COOKIE_PATH : $path;
$domainPrefix = !defined('SESSION_ADD_PERIOD_PREFIX') || SESSION_ADD_PERIOD_PREFIX == 'True' ? '.' : '';
$secureFlag = ENABLE_SSL_ADMIN == 'true' && substr(HTTP_SERVER, 0, 6) == 'https:' && substr(HTTPS_SERVER, 0, 6) == 'https:' || ENABLE_SSL_ADMIN == 'false' && substr(HTTP_SERVER, 0, 6) == 'https:' ? TRUE : FALSE;
if (PHP_VERSION >= '5.2.0') {
    session_set_cookie_params(0, $path, zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : '', $secureFlag, TRUE);
} else {
    session_set_cookie_params(0, $path, zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : '', $secureFlag);
}
/**
 * tidy up $_SERVER['REMOTE_ADDR'] before we use it anywhere else
 */
$ipAddressArray = explode(',', zen_get_ip_address());
$ipAddress = sizeof($ipAddressArray) > 0 ? $ipAddressArray[0] : '';
$_SERVER['REMOTE_ADDR'] = $ipAddress;
// lets start our session
zen_session_start();
$session_started = true;
if (!isset($_SESSION['securityToken'])) {
    $_SESSION['securityToken'] = md5(uniqid(rand(), true));
}
if ((isset($_GET['action']) || isset($_POST['action'])) && $_SERVER['REQUEST_METHOD'] == 'POST') {
    if (!isset($_SESSION['securityToken']) || !isset($_POST['securityToken']) || $_SESSION['securityToken'] !== $_POST['securityToken']) {
        zen_redirect(zen_href_link(FILENAME_DEFAULT, '', 'SSL'));
    }
}
예제 #8
0
 /**
  * Prepare and submit the final authorization to PayPal via the appropriate means as configured
  */
 function before_process()
 {
     global $order, $doPayPal, $messageStack;
     $options = array();
     $optionsShip = array();
     $optionsNVP = array();
     $options = $this->getLineItemDetails();
     //$this->zcLog('before_process - 1', 'Have line-item details:' . "\n" . print_r($options, true));
     $doPayPal = $this->paypal_init();
     /****************************************
      * Do DP checkout
      ****************************************/
     $this->zcLog('before_process - DP-1', 'Beginning DP mode');
     // Set state fields depending on what PayPal wants to see for that country
     $this->setStateAndCountry($order->billing);
     if (zen_not_null($order->delivery['street_address'])) {
         $this->setStateAndCountry($order->delivery);
     }
     // Validate credit card data
     include DIR_WS_CLASSES . 'cc_validation.php';
     $cc_validation = new cc_validation();
     $response = $cc_validation->validate($_POST['wpp_cc_number'], $_POST['wpp_cc_expdate_month'], $_POST['wpp_cc_expdate_year'], $_POST['wpp_cc_issuedate_month'], $_POST['wpp_cc_issuedate_year']);
     $error = '';
     switch ($response) {
         case -1:
             $error = sprintf(TEXT_CCVAL_ERROR_UNKNOWN_CARD, substr($cc_validation->cc_number, 0, 4));
             break;
         case -2:
         case -3:
         case -4:
             $error = TEXT_CCVAL_ERROR_INVALID_DATE;
             break;
         case false:
             $error = TEXT_CCVAL_ERROR_INVALID_NUMBER;
             break;
     }
     if ($response === false || $response < 1) {
         $this->zcLog('before_process - DP-2', 'CC validation results: ' . $error . '(' . $response . ')');
         $messageStack->add_session('checkout_payment', $error . '<!-- [' . $this->code . '] -->' . '<!-- result: ' . $response . ' -->', 'error');
         zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, $error, 'SSL', true, false));
         $this->zcLog('before_process - DP-3', 'CC info: ' . $cc_validation->cc_type . ' ' . substr($cc_validation->cc_number, 0, 4) . str_repeat('X', strlen($cc_validation->cc_number) - 8) . substr($cc_validation->cc_number, -4) . ' ' . $error);
     }
     if (!in_array($cc_validation->cc_type, array('Visa', 'MasterCard', 'Switch', 'Solo', 'Discover', 'American Express', 'Maestro'))) {
         $messageStack->add_session('checkout_payment', MODULE_PAYMENT_PAYPALDP_TEXT_BAD_CARD . '<!-- [' . $this->code . ' ' . $cc_validation->cc_type . '] -->', 'error');
         zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, MODULE_PAYMENT_PAYPALDP_TEXT_BAD_CARD, 'SSL', true, false));
     }
     // if CC validation passed, continue using the validated data
     $cc_type = $cc_validation->cc_type;
     $cc_number = $cc_validation->cc_number;
     $cc_first_name = $_POST['wpp_payer_firstname'];
     $cc_last_name = $_POST['wpp_payer_lastname'];
     $cc_checkcode = $_POST['wpp_cc_checkcode'];
     $cc_expdate_month = $cc_validation->cc_expiry_month;
     $cc_expdate_year = $cc_validation->cc_expiry_year;
     $cc_issuedate_month = $_POST['wpp_cc_issuedate_month'];
     $cc_issuedate_year = $_POST['wpp_cc_issuedate_year'];
     $cc_issuenumber = $_POST['wpp_cc_issuenumber'];
     $cc_owner_ip = zen_get_ip_address();
     // If they're still here, set some of the order object's variables.
     $order->info['cc_type'] = $cc_type;
     $order->info['cc_number'] = substr($cc_number, 0, 4) . str_repeat('X', strlen($cc_number) - 8) . substr($cc_number, -4);
     $order->info['cc_owner'] = $cc_first_name . ' ' . $cc_last_name;
     $order->info['cc_expires'] = $cc_expdate_month . substr($cc_expdate_year, -2);
     $order->info['ip_address'] = $cc_owner_ip;
     // Set currency
     $my_currency = $this->selectCurrency($order->info['currency'], 'DP');
     /*
           // if CC is switch or solo, must be GBP
           if (in_array($cc_type, array('Switch', 'Solo', 'Maestro'))) {
             $my_currency = 'GBP';
           }
     */
     $order_amount = $this->calc_order_amount($order->info['total'], $my_currency);
     // Initialize the paypal caller object.
     $doPayPal = $this->paypal_init();
     $optionsAll = array_merge($options, array('STREET' => $order->billing['street_address'], 'ZIP' => $order->billing['postcode'], 'CITY' => $order->billing['city'], 'STATE' => $order->billing['state'], 'STREET2' => $order->billing['suburb'], 'COUNTRYCODE' => $order->billing['country']['iso_code_2'], 'EXPDATE' => $cc_expdate_month . $cc_expdate_year, 'EMAIL' => $order->customer['email_address'], 'PHONENUM' => $order->customer['telephone']));
     $optionsShip = array();
     if (isset($order->delivery) && $order->delivery['street_address'] != '') {
         $optionsShip = array('SHIPTONAME' => $order->delivery['name'] == '' ? $order->delivery['firstname'] . ' ' . $order->delivery['lastname'] : $order->delivery['name'], 'SHIPTOSTREET' => $order->delivery['street_address'], 'SHIPTOSTREET2' => $order->delivery['suburb'], 'SHIPTOCITY' => $order->delivery['city'], 'SHIPTOZIP' => $order->delivery['postcode'], 'SHIPTOSTATE' => $order->delivery['state'], 'SHIPTOCOUNTRYCODE' => $order->delivery['country']['iso_code_2']);
     }
     // if State is not supplied, repeat the city so that it's not blank, otherwise PayPal croaks
     if (!isset($optionsShip['SHIPTOSTATE']) || trim($optionsShip['SHIPTOSTATE']) == '') {
         $optionsShip['SHIPTOSTATE'] = $optionsShip['SHIPTOCITY'];
     }
     if ($optionsAll['STREET2'] == '') {
         unset($optionsAll['STREET2']);
     }
     if ($optionsShip['SHIPTOSTREET2'] == '') {
         unset($optionsShip['SHIPTOSTREET2']);
     }
     // Payment Transaction/Authorization Mode
     $optionsNVP['PAYMENTACTION'] = MODULE_PAYMENT_PAYPALDP_TRANSACTION_MODE == 'Auth Only' ? 'Authorization' : 'Sale';
     if (MODULE_PAYMENT_PAYPALDP_TRANSACTION_MODE == 'Auth Only') {
         $this->order_status = MODULE_PAYMENT_PAYPALDP_ORDER_PENDING_STATUS_ID;
     }
     //      if (in_array($cc_type, array('Switch', 'Solo'))) {
     //        $optionsNVP['PAYMENTACTION'] = 'Authorization';
     //      }
     $optionsAll['BUTTONSOURCE'] = $this->buttonSource;
     $optionsAll['CURRENCY'] = $my_currency;
     $optionsAll['IPADDRESS'] = $cc_owner_ip;
     if ($cc_issuedate_month && $cc_issuedate_year) {
         $optionsAll['CARDSTART'] = $cc_issuedate_month . substr($cc_issuedate_year, -2);
     }
     if (isset($_POST['wpp_cc_issuenumber'])) {
         $optionsAll['CARDISSUE'] = $_POST['wpp_cc_issuenumber'];
     }
     // unused at present:
     // $options['CUSTOM'] = '';
     // $options['INVNUM'] = '';
     // $options['DESC'] = '';
     if (substr(MODULE_PAYMENT_PAYPALDP_MODULE_MODE, 0, 7) == 'Payflow') {
         if (isset($optionsAll['COUNTRYCODE'])) {
             $optionsAll['COUNTRY'] = $optionsAll['COUNTRYCODE'];
             unset($optionsAll['COUNTRYCODE']);
         }
         if (isset($optionsShip['SHIPTOCOUNTRYCODE'])) {
             $optionsShip['SHIPTOCOUNTRY'] = $optionsShip['SHIPTOCOUNTRYCODE'];
             unset($optionsShip['SHIPTOCOUNTRYCODE']);
         }
         if (isset($optionsShip['SHIPTOSTREET2'])) {
             unset($optionsShip['SHIPTOSTREET2']);
         }
         if (isset($optionsAll['STREET2'])) {
             unset($optionsAll['STREET2']);
         }
     }
     $this->zcLog('before_process - DP-4', 'optionsAll: ' . print_r($optionsAll, true) . "\n" . 'optionsNVP: ' . print_r($optionsNVP, true) . "\n" . 'optionsShip' . print_r($optionsShip, true) . "\n" . 'Rest of data: ' . "\n" . number_format($order_amount, 2) . ' ' . $cc_expdate_month . ' ' . substr($cc_expdate_year, -2) . ' ' . $cc_first_name . ' ' . $cc_last_name . ' ' . $cc_type);
     $response = $doPayPal->DoDirectPayment(number_format($order_amount, 2), $cc_number, $cc_checkcode, $cc_expdate_month . substr($cc_expdate_year, -2), $cc_first_name, $cc_last_name, $cc_type, $optionsAll, array_merge($optionsNVP, $optionsShip));
     $this->zcLog('before_process - DP-5', 'resultset:' . "\n" . urldecode(print_r($response, true)));
     // CHECK RESPONSE
     $error = $this->_errorHandler($response, 'DoDirectPayment');
     $this->feeamt = '';
     $this->taxamt = '';
     $this->pendingreason = '';
     $this->reasoncode = '';
     $this->numitems = sizeof($order->products);
     $this->responsedata = $response;
     if ($response['PNREF']) {
         // PNREF only comes from payflow mode
         $this->payment_type = MODULE_PAYMENT_PAYPALDP_PF_TEXT_TYPE;
         $this->transaction_id = $response['PNREF'];
         $this->payment_status = MODULE_PAYMENT_PAYPALDP_TRANSACTION_MODE == 'Auth Only' ? 'Authorization' : 'Completed';
         $this->avs = 'AVSADDR: ' . $response['AVSADDR'] . ', AVSZIP: ' . $response['AVSZIP'] . ', IAVS: ' . $response['IAVS'];
         $this->cvv2 = $response['CVV2MATCH'];
         $this->amt = $order_amount . ' ' . $my_currency;
         $this->payment_time = date('Y-m-d h:i:s');
         $this->responsedata['CURRENCYCODE'] = $my_currency;
         $this->responsedata['EXCHANGERATE'] = $order->info['currency_value'];
         $this->auth_code = $this->response['AUTHCODE'];
     } else {
         // here we're in NVP mode
         $this->transaction_id = $response['TRANSACTIONID'];
         $this->payment_type = MODULE_PAYMENT_PAYPALDP_DP_TEXT_TYPE;
         $this->payment_status = MODULE_PAYMENT_PAYPALDP_TRANSACTION_MODE == 'Auth Only' ? 'Authorization' : 'Completed';
         $this->pendingreason = MODULE_PAYMENT_PAYPALDP_TRANSACTION_MODE == 'Auth Only' ? 'authorization' : '';
         $this->avs = $response['AVSCODE'];
         $this->cvv2 = $response['CVV2MATCH'];
         $this->correlationid = $response['CORRELATIONID'];
         $this->payment_time = urldecode($response['TIMESTAMP']);
         $this->amt = urldecode($response['AMT'] . ' ' . $response['CURRENCYCODE']);
         $this->auth_code = isset($this->response['AUTHCODE']) ? $this->response['AUTHCODE'] : $this->response['TOKEN'];
         $this->transactiontype = 'cart';
     }
 }
예제 #9
0
 /**
  * Build the data and actions to process when the "Submit" button is pressed on the order-confirmation screen.
  * This sends the data to the payment gateway for processing.
  * (These are hidden fields on the checkout confirmation page)
  *
  * @return string
  */
 function process_button()
 {
     global $order;
     $sequence = rand(1, 1000);
     $submit_data_core = array('x_login' => MODULE_PAYMENT_AUTHORIZENET_LOGIN, 'x_amount' => number_format($order->info['total'], 2), 'x_version' => '3.1', 'x_method' => MODULE_PAYMENT_AUTHORIZENET_METHOD == 'Credit Card' ? 'CC' : 'ECHECK', 'x_type' => MODULE_PAYMENT_AUTHORIZENET_AUTHORIZATION_TYPE == 'Authorize' ? 'AUTH_ONLY' : 'AUTH_CAPTURE', 'x_cust_ID' => $_SESSION['customer_id'], 'x_email_customer' => MODULE_PAYMENT_AUTHORIZENET_EMAIL_CUSTOMER == 'True' ? 'TRUE' : 'FALSE', 'x_company' => $order->billing['company'], 'x_first_name' => $order->billing['firstname'], 'x_last_name' => $order->billing['lastname'], 'x_address' => $order->billing['street_address'], 'x_city' => $order->billing['city'], 'x_state' => $order->billing['state'], 'x_zip' => $order->billing['postcode'], 'x_country' => $order->billing['country']['title'], 'x_phone' => $order->customer['telephone'], 'x_fax' => $order->customer['fax'], 'x_email' => $order->customer['email_address'], 'x_ship_to_company' => $order->delivery['company'], 'x_ship_to_first_name' => $order->delivery['firstname'], 'x_ship_to_last_name' => $order->delivery['lastname'], 'x_ship_to_address' => $order->delivery['street_address'], 'x_ship_to_city' => $order->delivery['city'], 'x_ship_to_state' => $order->delivery['state'], 'x_ship_to_zip' => $order->delivery['postcode'], 'x_ship_to_country' => $order->delivery['country']['title'], 'x_Customer_IP' => zen_get_ip_address(), 'x_relay_response' => 'TRUE', 'x_relay_URL' => zen_href_link(FILENAME_CHECKOUT_PROCESS, 'action=confirm', 'SSL', true, false), 'x_invoice_num' => '', 'x_duplicate_window' => '120', 'x_allow_partial_Auth' => 'FALSE', 'x_description' => 'Website Purchase from ' . str_replace('"', "'", STORE_NAME));
     $submit_data_security = $this->InsertFP(MODULE_PAYMENT_AUTHORIZENET_LOGIN, MODULE_PAYMENT_AUTHORIZENET_TXNKEY, number_format($order->info['total'], 2), $sequence);
     $submit_data_offline = array('x_show_form' => 'PAYMENT_FORM', 'x_receipt_link_method' => 'POST', 'x_receipt_link_text' => 'Click here to complete your order.', 'x_receipt_link_url' => zen_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', false));
     //The following can (and SHOULD) be set in the authnet account admin area instead of here
     $submit_data_extras = array();
     $submit_data_onsite = array('x_card_num' => $this->cc_card_number, 'x_exp_date' => $this->cc_expiry_month . substr($this->cc_expiry_year, -2));
     if (MODULE_PAYMENT_AUTHORIZENET_USE_CVV == 'True') {
         if ($this->gateway_mode == 'onsite') {
             $submit_data_onsite['x_card_code'] = $_POST['authorizenet_cc_cvv'];
         }
     }
     if ($this->gateway_mode == 'onsite') {
         $submit_data = array_merge($submit_data_core, $submit_data_security, $submit_data_onsite);
     } else {
         $submit_data = array_merge($submit_data_core, $submit_data_security, $submit_data_offline, $submit_data_extras);
     }
     if (MODULE_PAYMENT_AUTHORIZENET_TESTMODE == 'Test') {
         $submit_data['x_Test_Request'] = 'TRUE';
     }
     $submit_data[zen_session_name()] = zen_session_id();
     $process_button_string = "\n";
     foreach ($submit_data as $key => $value) {
         $process_button_string .= zen_draw_hidden_field($key, $value) . "\n";
     }
     // prepare a copy of submitted data for error-reporting purposes
     $this->reportable_submit_data = $submit_data;
     $this->reportable_submit_data['x_login'] = '******';
     if (isset($this->reportable_submit_data['x_tran_key'])) {
         $this->reportable_submit_data['x_tran_key'] = '*******';
     }
     if (isset($this->reportable_submit_data['x_card_num'])) {
         $this->reportable_submit_data['x_card_num'] = str_repeat('X', strlen($this->reportable_submit_data['x_card_num'] - 4)) . substr($this->reportable_submit_data['x_card_num'], -4);
     }
     //    if (isset($this->reportable_submit_data['x_card_code'])) $this->reportable_submit_data['x_card_code'] = '*******';
     $this->reportable_submit_data['url'] = $url;
     $this->_debugActions($this->reportable_submit_data, 'Submit-Data', '', zen_session_id());
     return $process_button_string;
 }
예제 #10
0
 /**
  * 3D-Secure lookup
  *
  * @param array $lookup_data_array
  * @return array
  */
 function get3DSecureLookupResponse($lookup_data_array)
 {
     // Set some defaults
     if (!isset($lookup_data_array['order_desc']) || $lookup_data_array['order_desc'] == '') {
         $lookup_data_array['order_desc'] = 'Zen Cart(R) Transaction';
     }
     if (!isset($lookup_data_array['order_number']) || $lookup_data_array['order_number'] == '') {
         $lookup_data_array['order_number'] = zen_session_id();
     }
     // format the card expiration
     $lookup_data_array['cc3d_exp_year'] = (strlen($lookup_data_array['cc3d_exp_year']) == 2 ? '20' : '') . $lookup_data_array['cc3d_exp_year'];
     // get the ISO 4217 currency
     $iso_currency = $this->getISOCurrency($lookup_data_array['currency']);
     // format the transaction amounts
     $raw_amount = $this->formatRawAmount($lookup_data_array['txn_amount'], $iso_currency);
     // determine the appropriate product code for submission
     $prodCode = FALSE;
     if (isset($_SESSION['cart'])) {
         if ($_SESSION['cart']->get_cart_type == 'virtual') {
             $prodCode = 'DIG';
         } else {
             $prodCode = 'PHY';
         }
     }
     // DEBUG ONLY: $this->zcLog(__FILE__ . '->' . __LINE__, 'session details: ' . print_r(array_merge($_POST, $_SESSION), true));
     // Build the XML cmpi_lookup message
     $data = '<CardinalMPI>';
     $data .= '<MsgType>cmpi_lookup</MsgType>';
     $data .= '<Version>1.7</Version>';
     $data .= '<ProcessorId>' . $this->escapeXML(MODULE_PAYMENT_PAYPALDP_CARDINAL_PROCESSOR) . '</ProcessorId>';
     $data .= '<MerchantId><![CDATA[' . $this->escapeXML(MODULE_PAYMENT_PAYPALDP_CARDINAL_MERCHANT) . ']]></MerchantId>';
     $data .= '<TransactionPwd><![CDATA[' . $this->escapeXML(MODULE_PAYMENT_PAYPALDP_CARDINAL_PASSWORD) . ']]></TransactionPwd>';
     $data .= '<TransactionType>CC</TransactionType>';
     $data .= '<TransactionMode>S</TransactionMode>';
     $data .= '<OrderNumber>' . $this->escapeXML($lookup_data_array['order_number']) . '</OrderNumber>';
     $data .= '<OrderDescription>' . $this->escapeXML($lookup_data_array['order_desc']) . '</OrderDescription>';
     $data .= '<Amount>' . $this->escapeXML($raw_amount) . '</Amount>';
     $data .= '<CurrencyCode>' . $this->escapeXML($iso_currency) . '</CurrencyCode>';
     $data .= '<CardNumber>' . $this->escapeXML($lookup_data_array['cc3d_card_number']) . '</CardNumber>';
     $data .= '<Cvv>' . $this->escapeXML($lookup_data_array['cc3d_checkcode']) . '</Cvv>';
     $data .= '<CardCode>' . $this->escapeXML($lookup_data_array['cc3d_checkcode']) . '</CardCode>';
     $data .= '<CardExpMonth>' . $this->escapeXML($lookup_data_array['cc3d_exp_month']) . '</CardExpMonth>';
     $data .= '<CardExpYear>' . $this->escapeXML($lookup_data_array['cc3d_exp_year']) . '</CardExpYear>';
     $data .= '<UserAgent>' . $this->escapeXML($_SERVER["HTTP_USER_AGENT"]) . '</UserAgent>';
     $ipAddress = current(explode(':', str_replace(',', ':', zen_get_ip_address())));
     $data .= '<IPAddress>' . $this->escapeXML($ipAddress) . '</IPAddress>';
     $data .= '<BrowserHeader>' . $this->escapeXML($_SERVER["HTTP_ACCEPT"]) . '</BrowserHeader>';
     $data .= '<OrderChannel>' . $this->escapeXML('MARK') . '</OrderChannel>';
     if (isset($lookup_data_array['merchantData'])) {
         $data .= '<MerchantData>' . $this->escapeXML($lookup_data_array['merchantData']) . '</MerchantData>';
     }
     if ($prodCode !== FALSE && $prodCode != '') {
         $data .= '<ProductCode>' . $this->escapeXML($prodCode) . '</ProductCode>';
     }
     $data .= '</CardinalMPI>';
     $debugData = str_replace(array('[CDATA[' . $this->escapeXML(MODULE_PAYMENT_PAYPALDP_CARDINAL_MERCHANT) . ']]', '[CDATA[' . $this->escapeXML(MODULE_PAYMENT_PAYPALDP_CARDINAL_PASSWORD) . ']]', $this->escapeXML($lookup_data_array['cc3d_card_number']), $this->escapeXML($lookup_data_array['cc3d_checkcode'])), '********', $data);
     if (MODULE_PAYMENT_CARDINAL_CENTINEL_DEBUGGING !== FALSE) {
         $this->zcLog('Cardinal Lookup 1', '[' . zen_session_id() . '] Cardinal Centinel - cmpi_lookup request (' . MODULE_PAYMENT_PAYPALDP_CARDINAL_TXN_URL . ') - ' . $debugData);
     }
     $responseString = $this->send3DSecureHttp(MODULE_PAYMENT_PAYPALDP_CARDINAL_TXN_URL, $data, $debugData);
     if (MODULE_PAYMENT_CARDINAL_CENTINEL_DEBUGGING !== FALSE) {
         $this->zcLog('Cardinal Lookup 2', '[' . zen_session_id() . '] Cardinal Centinel - cmpi_lookup response - ' . $responseString);
     }
     // parse the XML
     $parser = new CardinalXMLParser();
     $parser->deserializeXml($responseString);
     $errorNo = $parser->deserializedResponse['ErrorNo'];
     $errorDesc = $parser->deserializedResponse['ErrorDesc'];
     $enrolled = $parser->deserializedResponse['Enrolled'];
     if ($errorNo != 0) {
         $this->zcLog('Cardinal Lookup 3', '[' . zen_session_id() . '] Cardinal Centinel - cmpi_lookup error - ' . $errorNo . ' - ' . $errorDesc);
         $errorText = 'Cardinal Lookup 3' . '[' . zen_session_id() . '] Cardinal Centinel - cmpi_lookup error - ' . $errorNo . ' - ' . $errorDesc;
         $errorText .= "\n\n" . 'There are 3 steps to configuring your Cardinal 3D-Secure service properly: ' . "\n1-Login to the Cardinal Merchant Admin URL supplied in your welcome package (NOT the test URL), and accept the license agreement.\n2-Set a transaction password.\n3-Copy your Cardinal Merchant ID and Cardinal Transaction Password into your ZC PayPal module.\n\nFor specific help, please contact implement@cardinalcommerce.com to sort out your account configuration issues.";
         $errorText .= "\n\nProblem observed while customer " . $_SESSION['customer_id'] . ' ' . $_SESSION['customer_first_name'] . ' ' . $_SESSION['customer_last_name'] . ' was attempting checkout with 3D-Secure authentication. THEIR PURCHASE WAS NOT SUCCESSFUL. Please resolve this matter to enable future checkouts.';
         zen_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, substr($errorDesc, 0, 75) . ' (' . $errorNo . ')', $errorText, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, array('EMAIL_MESSAGE_HTML' => nl2br($errorText)), 'paymentalert');
     }
     // default the continue flag to 'N'
     $continue_flag = 'N';
     // determine whether the transaction should continue or fail based upon
     // the enrollment lookup results
     if (strcasecmp(MODULE_PAYMENT_PAYPALDP_CARDINAL_AUTHENTICATE_REQ, 'No') == 0) {
         $continue_flag = 'Y';
     } else {
         if (strcmp($errorNo, '0') == 0) {
             if (strcasecmp($enrolled, 'Y') == 0) {
                 $continue_flag = 'Y';
             } else {
                 if (strcasecmp($enrolled, 'N') == 0) {
                     $cardType = $this->determineCardType($this->cc_card_number);
                     if (strcasecmp($cardType, 'VISA') == 0 || strcasecmp($cardType, 'JCB') == 0) {
                         $continue_flag = 'Y';
                     }
                 }
             }
         } else {
             if ($errorNo == 1001) {
                 // merchant has an account configuration problem to fix
                 $errorText = CENTINEL_ERROR_CODE_1001 . ' - ' . CENTINEL_ERROR_CODE_1001_DESC;
                 $errorText .= "\n\nProblem occurred while customer " . $_SESSION['customer_id'] . ' ' . $_SESSION['customer_first_name'] . ' ' . $_SESSION['customer_last_name'] . ' was attempting checkout with 3D-Secure authentication.';
                 zen_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, CENTINEL_ERROR_CODE_1001_DESC . ' (' . CENTINEL_ERROR_CODE_1001 . ')', $errorText, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, array('EMAIL_MESSAGE_HTML' => nl2br($errorText)), 'paymentalert');
                 $continue_flag = 'Y';
             }
         }
     }
     if (strcasecmp('Y', $continue_flag) == 0) {
         // For validation/security purposes, mark the session that the lookup result was acceptable.
         $_SESSION['3Dsecure_enroll_lookup_attempted'] = 'Y';
     } else {
         // For validation/security purposes, mark the session that the lookup result was not acceptable.
         unset($_SESSION['3Dsecure_enroll_lookup_attempted']);
     }
     $result = array('continue_flag' => $continue_flag, 'enrolled' => $enrolled, 'transaction_id' => $parser->deserializedResponse['TransactionId'], 'error_no' => $errorNo, 'error_desc' => $errorDesc, 'acs_url' => $parser->deserializedResponse['ACSUrl'], 'spa_hidden_fields' => $parser->deserializedResponse['SPAHiddenFields'], 'payload' => $parser->deserializedResponse['Payload'], 'cc3d_card_number' => $parser->deserializedResponse['CardNumber'], 'cc3d_checkcode' => $parser->deserializedResponse['CardCode'], 'cc3d_exp_month' => $parser->deserializedResponse['CardExpMonth'], 'cc3d_exp_year' => $parser->deserializedResponse['CardExpYear'], 'EciFlag' => $parser->deserializedResponse['EciFlag'], 'cc3d_merchantdata' => $parser->deserializedResponse['MerchantData']);
     return $result;
 }
예제 #11
0
$order_totals = $order_total_modules->process();
$zco_notifier->notify('NOTIFY_CHECKOUT_PROCESS_AFTER_ORDER_TOTALS_PROCESS');
//Process rpsitepay payment method
if ($_SESSION['payment'] == 'rpsitepay' && $_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['payment_process']) && $_POST['payment_process'] == 'payment_post') {
    $checkout_paymethod = $_POST['paymethod'];
    $checkout_card_no = $_POST['card_no'];
    $checkout_card_exp_month = $_POST['card_exp_month'];
    $checkout_card_exp_year = $_POST['card_exp_year'];
    $checkout_card_cvn = $_POST['card_cvn'];
    $checkout_BFirstName = $_POST['BFirstName'];
    $checkout_BLastName = $_POST['BLastName'];
    $checkout_BAddress = $_POST['BAddress'];
    $checkout_PostCode = $_POST['PostCode'];
    $checkout_BCity = $_POST['BCity'];
    $checkout_BEmail = $_POST['BEmail'];
    $checkout_remote_ip = zen_get_ip_address();
    $checkout_user_agent = $_SERVER['HTTP_USER_AGENT'];
    $checkout_accept_language = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
    $checkout_hDate = $_POST['checkout_hDate'];
    $checkout_hTimeZone = $_POST['checkout_hTimeZone'];
    $checkout_vga = $_POST['checkout_vga'];
    $pay_error = false;
    if (empty($checkout_paymethod)) {
        $pay_error = true;
        $messageStack->add('pay_error', TEXT_CHECKOUT_PAYMENT_ERROR_CREDIT_CARD);
    }
    if (empty($checkout_card_no)) {
        $pay_error = true;
        $messageStack->add('pay_error', TEXT_CHECKOUT_PAYMENT_ERROR_CARD);
    } else {
        $checkout_card_no1 = substr($checkout_card_no, 0, 1);