/** * This method is called whenever the IPN from PayPal is received * * The data from the IPN is verified and answered. After that, * PayPal must reply again with either the "VERIFIED" or "INVALID" * keyword. * All parameter values are optional. Any that are non-empty are * compared to their respective counterparts received in the post * from PayPal. The verification fails if any comparison fails. * You should consider the payment as failed whenever an empty * (false or NULL) value is returned. The latter is intended for * diagnostic purposes only, but will never be returned on success. * @param string $amount The optional amount * @param string $currency The optional currency code * @param string $order_id The optional order ID * @param string $customer_email The optional customer e-mail address * @param string $account_email The optional PayPal account e-mail * @return boolean True on successful verification, * false on failure, or NULL when * an arbitrary result is received. */ static function ipnCheck($amount = NULL, $currency = NULL, $order_id = NULL, $customer_email = NULL, $account_email = NULL) { global $objDatabase; //DBG::log("ipnCheck($amount, $currency, $order_id, $customer_email, $account_email): Entered"); //DBG::log("Paypal::ipnCheck(): Checking POST"); if (empty($_POST['mc_gross']) || empty($_POST['mc_currency']) || empty($_POST['custom']) || empty($_POST['payer_email']) || empty($_POST['business'])) { //DBG::log("Paypal::ipnCheck(): Incomplete IPN parameter values:"); //DBG::log(var_export($_POST, true)); return false; } // Copy the post from PayPal and prepend 'cmd' $encoded = 'cmd=_notify-validate'; // Mind: It is absolutely necessary to clear keys not required for // the verification. Otherwise, PayPal comes up with... nothing! unset($_POST['section']); unset($_POST['cmd']); foreach ($_POST as $name => $value) { $encoded .= '&' . urlencode($name) . '=' . urlencode($value); } //DBG::log("Paypal::ipnCheck(): Made parameters: $encoded"); // 20120530 cURL version $host = \Cx\Core\Setting\Controller\Setting::getValue('paypal_active', 'Shop') ? 'www.paypal.com' : 'www.sandbox.paypal.com'; $uri = 'https://' . $host . '/cgi-bin/webscr?' . $encoded; $res = $ch = ''; if (function_exists('curl_init')) { $ch = curl_init(); } if ($ch) { curl_setopt($ch, CURLOPT_URL, $uri); // Return the received data as a string curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $res = curl_exec($ch); if (curl_errno($ch)) { //DBG::log("Paypal::ipnCheck(): ERROR: cURL: ".curl_errno($ch)." - ".curl_error($ch)); return false; } curl_close($ch); } else { $res = file_get_contents($uri); if (!$res) { $res = Socket::getHttp10Response($uri); } if (!$res) { //DBG::log("Paypal::ipnCheck(): ERROR: failed to connect to PayPal"); return false; } } //DBG::log("Paypal::ipnCheck(): PayPal response: $res"); if (preg_match('/^VERIFIED/', $res)) { //DBG::log("Paypal::ipnCheck(): PayPal IPN verification successful (VERIFIED)"); return true; } if (preg_match('/^INVALID/', $res)) { // The payment failed. //DBG::log("Paypal::ipnCheck(): PayPal IPN verification failed (INVALID)"); return false; } //DBG::log("Paypal::ipnCheck(): WARNING: PayPal IPN verification unclear (none of the expected results)"); return NULL; }
/** * Completes the payment transaction * @access public * @static * @param array $arrOrder The attributes array * @return boolean True on success, false otherwise */ static function payComplete($arrOrder) { $attributes = self::getAttributeList('payComplete', $arrOrder) . (\Cx\Core\Setting\Controller\Setting::getValue('saferpay_use_test_account', 'Shop') ? '&spPassword=XAjc3Kna' : ''); // This won't work without allow_url_fopen $result = file_get_contents(self::$gateway['payComplete'] . '?' . $attributes); if (!$result) { // Try socket connection as well $result = Socket::getHttp10Response(self::$gateway['payComplete'] . '?' . $attributes); } if (substr($result, 0, 2) == 'OK') { return true; } self::$arrError[] = $result; return false; }