public function handle_payment()
{
// handle a payment request via post data from
$invoice_id = (int) $_REQUEST['invoice_id'];
if (self::is_automatic_paying_invoice($invoice_id)) {
}
// resume a failed past payment.
if (isset($_REQUEST['invoice_payment_id']) && (int) $_REQUEST['invoice_payment_id'] > 0) {
$invoice_payment_data = module_invoice::get_invoice_payment($_REQUEST['invoice_payment_id']);
if ($invoice_payment_data['invoice_id'] == $invoice_id && $invoice_payment_data['date_paid'] == '0000-00-00' && $invoice_payment_data['invoice_payment_id'] == $_REQUEST['invoice_payment_id']) {
// we can resume this incomplete payment.
// hack to find out which payment method plugin we are using, this is bad!
$payment_methods = handle_hook('get_payment_methods', $this);
foreach ($payment_methods as &$payment_method) {
if ($payment_method->is_enabled() && $payment_method->is_method('online') && $payment_method->get_payment_method_name() == $invoice_payment_data['method']) {
$payment_method_name = $payment_method->module_name;
global $plugins;
if (isset($plugins[$payment_method_name])) {
$plugins['' . $payment_method_name]->start_payment($invoice_id, $invoice_payment_data['amount'] - $invoice_payment_data['fee_total'], $invoice_payment_data['invoice_payment_id']);
}
}
}
}
} else {
if (isset($_REQUEST['payment_method']) && $invoice_id && isset($_REQUEST['payment_amount'])) {
$payment_method = $_REQUEST['payment_method'];
$payment_amount = number_in($_REQUEST['payment_amount']);
$invoice_data = $this->get_invoice($invoice_id);
//&& module_security::can_access_data('invoice',$invoice_data,$invoice_id)
if ($invoice_id && $payment_method && $payment_amount > 0 && $invoice_data) {
// pass this off to the payment module for handling.
global $plugins;
if (isset($plugins[$payment_method])) {
if (class_exists('module_company', false) && isset($invoice_data['company_id']) && (int) $invoice_data['company_id'] > 0) {
module_company::set_current_company_id($invoice_data['company_id']);
}
// delete any previously pending payment methods
//$sql = "DELETE FROM `"._DB_PREFIX."invoice_payment` WHERE invoice_id = $invoice_id AND method = '".mysql_real_escape_string($plugins[''.$payment_method]->get_payment_method_name())."' AND currency_id = '".$invoice_data['currency_id']."' ";
// insert a temp payment method here.
$invoice_payment_id = update_insert('invoice_payment_id', 'new', 'invoice_payment', array('invoice_id' => $invoice_id, 'amount' => $payment_amount, 'currency_id' => $invoice_data['currency_id'], 'method' => $plugins['' . $payment_method]->get_payment_method_name()));
module_cache::clear('invoice');
$plugins['' . $payment_method]->start_payment($invoice_id, $payment_amount, $invoice_payment_id);
}
}
}
}
// todo - better redirect with errors.
//redirect_browser($_SERVER['REQUEST_URI']);
}
public static function get_finance($finance_id, $full = true, $invoice_payment_id = false)
{
if (!$invoice_payment_id) {
$invoice_payment_id = isset($_REQUEST['invoice_payment_id']) && (int) $_REQUEST['invoice_payment_id'] > 0 ? (int) $_REQUEST['invoice_payment_id'] : false;
}
$finance_id = (int) $finance_id;
if ($finance_id > 0) {
if (!$full) {
return get_single("finance", "finance_id", $finance_id);
}
$sql = "SELECT f.* ";
$sql .= " , fa.name AS account_name ";
$sql .= " , GROUP_CONCAT(fc.`name` ORDER BY fc.`name` ASC SEPARATOR ', ') AS categories ";
$sql .= " FROM `" . _DB_PREFIX . "finance` f ";
$sql .= " LEFT JOIN `" . _DB_PREFIX . "finance_account` fa USING (finance_account_id) ";
$sql .= " LEFT JOIN `" . _DB_PREFIX . "finance_category_rel` fcr ON f.finance_id = fcr.finance_id ";
$sql .= " LEFT JOIN `" . _DB_PREFIX . "finance_category` fc ON fcr.finance_category_id = fc.finance_category_id ";
$sql .= " WHERE f.finance_id = {$finance_id} ";
$sql .= " GROUP BY f.finance_id ";
$sql .= " ORDER BY f.transaction_date DESC ";
$finance = qa1($sql);
$finance_id = $finance['finance_id'];
// get the categories.
$finance['category_ids'] = get_multiple('finance_category_rel', array('finance_id' => $finance_id), 'finance_category_id');
$finance['taxes'] = get_multiple('finance_tax', array('finance_id' => $finance_id), 'finance_tax_id', 'exact', 'order');
// get any linked items.
$linked_finances = $linked_invoice_payments = array();
// find any child / linked transactions to this one.
if ((int) $finance_id > 0 && isset($finance['parent_finance_id']) && $finance['parent_finance_id'] > 0) {
// todo - this could cause problems!
$foo = module_finance::get_finance($finance['parent_finance_id'], false);
if ($foo['finance_id'] != $finance_id) {
// copied from get_finances() method
$foo['url'] = module_finance::link_open($foo['finance_id'], false);
$foo['credit'] = $foo['type'] == 'i' ? $foo['amount'] : 0;
$foo['debit'] = $foo['type'] == 'e' ? $foo['amount'] : 0;
if (!isset($foo['categories'])) {
$foo['categories'] = '';
}
if (!isset($foo['account_name'])) {
$foo['account_name'] = '';
}
$linked_finances[] = $foo;
}
// find any child finances that are also linked to this parent finance.
foreach (module_finance::get_finances_simple(array('parent_finance_id' => $finance['parent_finance_id'])) as $foo) {
if ($foo['finance_id'] != $finance_id) {
// copied from get_finances() method
$foo['url'] = module_finance::link_open($foo['finance_id'], false);
$foo['credit'] = $foo['type'] == 'i' ? $foo['amount'] : 0;
$foo['debit'] = $foo['type'] == 'e' ? $foo['amount'] : 0;
if (!isset($foo['categories'])) {
$foo['categories'] = '';
}
if (!isset($foo['account_name'])) {
$foo['account_name'] = '';
}
$linked_finances[] = $foo;
}
}
// find any child invoice payments that are also linked to this parent finance
foreach (get_multiple('invoice_payment', array('parent_finance_id' => $finance['parent_finance_id'])) as $invoice_payments) {
if ($invoice_payments['payment_type'] == _INVOICE_PAYMENT_TYPE_NORMAL || $invoice_payments['payment_type'] == _INVOICE_PAYMENT_TYPE_CREDIT || $invoice_payments['payment_type'] == _INVOICE_PAYMENT_TYPE_OVERPAYMENT_CREDIT || $invoice_payments['payment_type'] == _INVOICE_PAYMENT_TYPE_REFUND) {
$invoice_payments = module_invoice::get_invoice_payment($invoice_payments['invoice_payment_id']);
// copied from get_finances() method
$invoice_payments = self::_format_invoice_payment($invoice_payments, $finance);
$linked_invoice_payments[$invoice_payments['invoice_payment_id']] = $invoice_payments;
}
}
}
if ((int) $finance_id > 0) {
// find any child finances that are linked to this finance.
foreach (module_finance::get_finances_simple(array('parent_finance_id' => $finance_id)) as $foo) {
if ($foo['finance_id'] != $finance_id) {
// copied from get_finances() method
$foo['url'] = module_finance::link_open($foo['finance_id'], false);
$foo['credit'] = $foo['type'] == 'i' ? $foo['amount'] : 0;
$foo['debit'] = $foo['type'] == 'e' ? $foo['amount'] : 0;
if (!isset($foo['categories'])) {
$foo['categories'] = '';
}
if (!isset($foo['account_name'])) {
$foo['account_name'] = '';
}
$linked_finances[] = $foo;
}
}
// find any child invoice payments that are also linked to this parent finance
foreach (get_multiple('invoice_payment', array('parent_finance_id' => $finance_id)) as $invoice_payments) {
if ($invoice_payments['payment_type'] == _INVOICE_PAYMENT_TYPE_NORMAL || $invoice_payments['payment_type'] == _INVOICE_PAYMENT_TYPE_OVERPAYMENT_CREDIT || $invoice_payments['payment_type'] == _INVOICE_PAYMENT_TYPE_CREDIT || $invoice_payments['payment_type'] == _INVOICE_PAYMENT_TYPE_REFUND) {
// copied from get_finances() method
$invoice_payments = module_invoice::get_invoice_payment($invoice_payments['invoice_payment_id']);
$invoice_payments = self::_format_invoice_payment($invoice_payments, $finance);
// hack to pull tax information from a linked invoice payment to replace current items tax if none is defined
if (!$finance['taxes'] && count($invoice_payments['taxes']) && $invoice_payments['amount'] == $finance['amount']) {
$finance['taxes'] = $invoice_payments['taxes'];
$finance['taxable_amount'] = $invoice_payments['taxable_amount'];
$finance['sub_amount'] = $invoice_payments['sub_amount'];
}
$linked_invoice_payments[$invoice_payments['invoice_payment_id']] = $invoice_payments;
}
}
if (isset($finance['invoice_payment_id']) && $finance['invoice_payment_id'] > 0) {
$invoice_payments = module_invoice::get_invoice_payment($finance['invoice_payment_id']);
if ($invoice_payments && ($invoice_payments['payment_type'] == _INVOICE_PAYMENT_TYPE_NORMAL || $invoice_payments['payment_type'] == _INVOICE_PAYMENT_TYPE_CREDIT || $invoice_payments['payment_type'] == _INVOICE_PAYMENT_TYPE_OVERPAYMENT_CREDIT || $invoice_payments['payment_type'] == _INVOICE_PAYMENT_TYPE_REFUND)) {
$invoice_payments = self::_format_invoice_payment($invoice_payments, $finance);
// hack to pull tax information from a linked invoice payment to replace current items tax if none is defined
if (!$finance['taxes'] && count($invoice_payments['taxes']) && $invoice_payments['amount'] == $finance['amount']) {
$finance['taxes'] = $invoice_payments['taxes'];
$finance['taxable_amount'] = $invoice_payments['taxable_amount'];
$finance['sub_amount'] = $invoice_payments['sub_amount'];
}
$linked_invoice_payments[$invoice_payments['invoice_payment_id']] = $invoice_payments;
} else {
if (!$invoice_payments) {
// todo: this shou;ldnt happen, fix!
}
}
}
}
$finance['linked_invoice_payments'] = $linked_invoice_payments;
$finance['linked_finances'] = $linked_finances;
}
if ($finance_id <= 0) {
$finance = array('finance_id' => 0, 'parent_finance_id' => 0, 'transaction_date' => print_date(time()), 'name' => '', 'description' => '', 'type' => 'e', 'sub_amount' => 0, 'taxable_amount' => 0, 'tax_mode' => module_config::c('finance_default_tax_mode', 0), 'taxes' => array(), 'amount' => 0, 'currency_id' => module_config::c('default_currency_id', 1), 'category_ids' => array(), 'customer_id' => 0, 'job_id' => 0, 'invoice_id' => 0, 'job_staff_expense' => 0, 'user_id' => 0);
if (isset($_REQUEST['from_job_id'])) {
$job_data = module_job::get_job((int) $_REQUEST['from_job_id']);
$finance['job_id'] = $job_data['job_id'];
if ($job_data['customer_id']) {
$finance['customer_id'] = $job_data['customer_id'];
}
if (isset($_REQUEST['job_staff_expense']) && (int) $_REQUEST['job_staff_expense'] > 0) {
// we have a job staff expense, load up the job tasks for this staff member and find out the cost.
if (isset($job_data['staff_total_grouped'][$_REQUEST['job_staff_expense']])) {
$staff_member = module_user::get_user($_REQUEST['job_staff_expense']);
if ($staff_member && $staff_member['user_id'] == $_REQUEST['job_staff_expense']) {
// valid job found, load in the defaults.
$finance['name'] = $job_data['name'];
$finance['description'] = _l('Job Expense For Staff Member: %s', $staff_member['name'] . ' ' . $staff_member['last_name']);
$finance['type'] = 'e';
$finance['amount'] = $job_data['staff_total_grouped'][$_REQUEST['job_staff_expense']];
$finance['taxes'] = array();
$finance['job_staff_expense_id'] = $job_data['job_id'];
$finance['job_id'] = $job_data['job_id'];
$finance['currency_id'] = $job_data['currency_id'];
$finance['transaction_date'] = print_date($job_data['date_completed']);
$finance['user_id'] = $staff_member['user_id'];
$finance['job_staff_expense'] = $staff_member['user_id'];
}
}
}
}
if (!$full) {
return $finance;
}
if ($invoice_payment_id && $invoice_payment_id > 0) {
$invoice_payment_data = module_invoice::get_invoice_payment($invoice_payment_id);
if ($invoice_payment_data && $invoice_payment_data['invoice_id']) {
$finance = self::_format_invoice_payment($invoice_payment_data, $finance);
$finance['invoice_id'] = $invoice_payment_data['invoice_id'];
$finance['currency_id'] = $invoice_payment_data['currency_id'];
}
}
}
if (isset($finance['invoice_id']) && $finance['invoice_id']) {
$new_finance = hook_handle_callback('finance_invoice_listing', $finance['invoice_id'], $finance);
if (is_array($new_finance) && count($new_finance)) {
foreach ($new_finance as $n) {
$finance = array_merge($finance, $n);
}
}
}
$finance['taxes'] = self::sanatise_taxes(isset($finance['taxes']) ? $finance['taxes'] : array(), isset($finance['taxable_amount']) ? $finance['taxable_amount'] : 0);
return $finance;
}
function handle_paypal_ipn()
{
ob_end_clean();
if (!isset($_REQUEST['custom'])) {
return;
}
$paypal_bits = explode("|", $_REQUEST['custom']);
$user_id = (int) $paypal_bits[0];
$payment_id = (int) $paypal_bits[1];
$invoice_id = (int) $paypal_bits[2];
$invoice_payment_subscription_id = false;
if (count($paypal_bits) == 4) {
// normal IPN, single payment.
} else {
if (count($paypal_bits) == 5) {
// subscription IPN, with subscription id.
$invoice_payment_subscription_id = (int) $paypal_bits[3];
$invoice_payment_subscription = get_single('invoice_payment_subscription', 'invoice_payment_subscription_id', $invoice_payment_subscription_id);
}
}
//send_error('bad?');
if ($payment_id && $invoice_id) {
$hash = $this->paypal_custom($user_id, $payment_id, $invoice_id, $invoice_payment_subscription_id);
if ($hash != $_REQUEST['custom']) {
send_error("PayPal IPN Error (incorrect hash) it should be " . $hash);
exit;
}
/*$sql = "SELECT * FROM `"._DB_PREFIX."user` WHERE user_id = '$user_id' LIMIT 1";
$res = qa($sql);
if($res){
$user = array_shift($res);
if($user && $user['user_id'] == $user_id){*/
// check for payment exists
$payment = module_invoice::get_invoice_payment($payment_id);
$invoice = module_invoice::get_invoice($invoice_id);
if ($payment && $invoice) {
/*if(isset($_REQUEST['fakepay'])){
if($invoice_payment_subscription_id){
// we have a subscription payment. woo!
// this gets a bit tricky, we have to work out if the invoice has been generated for this subscription yet.
// if this invoice hasn't been generated yet then we have to generate it.
// pass this back to the invoice class so we can reuse this feature in the future.
$data = module_invoice::create_new_invoice_for_subscription_payment($invoice_id, $payment_id, $invoice_payment_subscription_id);
if($data && $data['invoice_id'] && $data['invoice_payment_id']){
$next_time = time();
$next_time = strtotime('+'.abs((int)$invoice_payment_subscription['days']).' days',$next_time);
$next_time = strtotime('+'.abs((int)$invoice_payment_subscription['months']).' months',$next_time);
$next_time = strtotime('+'.abs((int)$invoice_payment_subscription['years']).' years',$next_time);
update_insert('invoice_payment_subscription_id',$invoice_payment_subscription_id,'invoice_payment_subscription',array(
'date_last_pay' => date('Y-m-d'),
'date_next' => date('Y-m-d',$next_time),
));
$new_payment_details = array(
'date_paid' => date('Y-m-d'),
'amount' => $_REQUEST['mc_gross'],
'method' => 'PayPal (Subscription)',
'invoice_payment_subscription_id' => $invoice_payment_subscription_id,
);
foreach(array('fee_percent','fee_amount','fee_description','fee_total') as $fee_field){
if(isset($payment[$fee_field])) {
$new_payment_details[ $fee_field ] = $payment[ $fee_field ];
}
}
update_insert("invoice_payment_id",$data['invoice_payment_id'],"invoice_payment",$new_payment_details);
module_invoice::save_invoice($data['invoice_id'],array());
echo "Successful Subscription Payment!";
}else{
send_error("PayPal IPN Subscription Error (failed to generate new invoice!) ".var_export($result,true));
}
}else{
// mark a normal payment as paid
update_insert("invoice_payment_id",$payment_id,"invoice_payment",array(
'date_paid' => date('Y-m-d'),
'amount' => $_REQUEST['mc_gross'],
'method' => 'PayPal (IPN)',
));
module_invoice::save_invoice($invoice_id,array());
echo "Successful Payment!";
}
echo 'fakepay done';exit;
}*/
$invoice_currency = module_config::get_currency($invoice['currency_id']);
$invoice_currency_code = $invoice_currency['code'];
// check correct business
if (!$_REQUEST['business'] && $_REQUEST['receiver_email']) {
$_REQUEST['business'] = $_REQUEST['receiver_email'];
}
if ($_REQUEST['business'] != module_config::c('payment_method_paypal_email', _ERROR_EMAIL)) {
send_error('PayPal error! Paid the wrong business name. ' . $_REQUEST['business'] . ' instead of ' . module_config::c('payment_method_paypal_email', _ERROR_EMAIL));
exit;
}
// check correct currency
if ($invoice_currency_code && $_REQUEST['mc_currency'] != $invoice_currency_code) {
send_error('PayPal error! Paid the wrong currency code. ' . $_REQUEST['mc_currency'] . ' instead of ' . $invoice_currency_code);
exit;
}
switch ($_REQUEST['txn_type']) {
// handle subscriptions first.
// https://www.paypal.com/au/cgi-bin/webscr?cmd=p/acc/ipn-subscriptions-outside
case "subscr_signup":
// started! we update the start date of this one.
if ($invoice_payment_subscription_id) {
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('status' => _INVOICE_SUBSCRIPTION_ACTIVE, 'date_start' => date('Y-m-d')));
}
break;
case "subscr_cancel":
case "subscr_failed":
case "subscr_eot":
if ($invoice_payment_subscription_id) {
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('status' => _INVOICE_SUBSCRIPTION_FAILED));
}
break;
break;
case "subscr_payment":
case "web_accept":
if ($_REQUEST['payment_status'] == "Canceled_Reversal" || $_REQUEST['payment_status'] == "Refunded") {
// funky refund!! oh noes!!
// TODO: store this in the database as a negative payment... should be easy.
// populate $_REQUEST vars then do something like $payment_history_id = update_insert("payment_history_id","new","payment_history");
send_error("PayPal Error! The payment {$payment_id} has been refunded or reversed! BAD BAD! You have to follup up customer for money manually now.");
} else {
if ($_REQUEST['payment_status'] == "Completed") {
// payment is completed! yeye getting closer...
// running in paypal sandbox or not?
//$sandbox = (self::is_sandbox())?"sandbox.":'';
// quick check we're not getting a fake payment request.
$url = 'https://www.' . (self::is_sandbox() ? 'sandbox.' : '') . 'paypal.com/cgi-bin/webscr';
$result = self::fsockPost($url, $_POST);
//send_error('paypal sock post: '.$url."\n\n".var_export($result,true));
if (eregi("VERIFIED", $result)) {
// finally have everything.
// mark the payment as completed.
if ($invoice_payment_subscription_id) {
// we have a subscription payment. woo!
// this gets a bit tricky, we have to work out if the invoice has been generated for this subscription yet.
// if this invoice hasn't been generated yet then we have to generate it.
// pass this back to the invoice class so we can reuse this feature in the future.
$data = module_invoice::create_new_invoice_for_subscription_payment($invoice_id, $payment_id, $invoice_payment_subscription_id);
if ($data && $data['invoice_id'] && $data['invoice_payment_id']) {
$next_time = time();
$next_time = strtotime('+' . abs((int) $invoice_payment_subscription['days']) . ' days', $next_time);
$next_time = strtotime('+' . abs((int) $invoice_payment_subscription['months']) . ' months', $next_time);
$next_time = strtotime('+' . abs((int) $invoice_payment_subscription['years']) . ' years', $next_time);
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('date_last_pay' => date('Y-m-d'), 'date_next' => date('Y-m-d', $next_time)));
$new_payment_details = array('date_paid' => date('Y-m-d'), 'amount' => $_REQUEST['mc_gross'], 'method' => 'PayPal (Subscription)', 'invoice_payment_subscription_id' => $invoice_payment_subscription_id);
foreach (array('fee_percent', 'fee_amount', 'fee_description', 'fee_total') as $fee_field) {
if (isset($payment[$fee_field])) {
$new_payment_details[$fee_field] = $payment[$fee_field];
}
}
update_insert("invoice_payment_id", $data['invoice_payment_id'], "invoice_payment", $new_payment_details);
module_invoice::save_invoice($data['invoice_id'], array());
echo "Successful Subscription Payment!";
} else {
send_error("PayPal IPN Subscription Error (failed to generate new invoice!) " . var_export($result, true));
}
} else {
// mark a normal payment as paid
update_insert("invoice_payment_id", $payment_id, "invoice_payment", array('date_paid' => date('Y-m-d'), 'amount' => $_REQUEST['mc_gross'], 'method' => 'PayPal (IPN)'));
module_invoice::save_invoice($invoice_id, array());
echo "Successful Payment!";
}
/*// send customer an email thanking them for their payment.
$sql = "SELECT * FROM "._DB_PREFIX."users WHERE user_id = '"._ADMIN_USER_ID."'";
$res = qa($sql);
$admin = array_shift($res);
$from_email = $admin['email'];
$from_name = $admin['real_name'];
$mail_content = "Dear ".$user['real_name'].", \n\n";
$mail_content .= "Your ".dollar($payment['outstanding'])." payment for '".$payment['description']."' has been processed. \n\n";
$mail_content .= "We have successfully recorded your ".dollar($_REQUEST['mc_gross'])." payment in our system.\n\n";
$mail_content .= "You will receive another email shortly from PayPal with details of the transaction.\n\n";
$mail_content .= "Kind Regards,\n\n";
$mail_content .= $from_name."\n".$from_email;
send_error("PayPal SUCCESS!! User has paid you ".$_REQUEST['mc_gross']." we have recorded this against the payment and sent them an email");
//$this->send_email( $payment_id, $user['email'], $mail_content, "Payment Successful", $from_email, $from_name );
send_email($user['email'], "Payment Successful", $mail_content, array("FROM"=>$from_email,"FROM_NAME"=>$from_name));
*/
// check if it's been paid in full..
} else {
send_error("PayPal IPN Error (paypal rejected the payment!) " . var_export($result, true));
}
} else {
send_error("PayPal info: This payment is not yet completed, this usually means it's an e-cheque, follow it up in a few days if you dont hear anything. This also means you may have to login to paypal and 'Accept' the payment. So check there first.");
}
}
break;
default:
send_error("PayPal IPN Error (unknown transaction t ype!) ");
break;
}
} else {
send_error("PayPal IPN Error (no payment found in database!)");
}
/*}else{
send_error("PayPal IPN Error (error with user that was found in database..)");
}
}else{
send_error("PayPal IPN Error (no user found in database #1)");
}*/
} else {
send_error("PayPal IPN Error (no payment or invoice id found)");
}
exit;
}
public function external_hook($hook)
{
switch ($hook) {
case 'event_ipn':
$body = @file_get_contents('php://input');
$event_json = json_decode($body);
ob_start();
echo "UCM coinbase DEBUG:<br><br>JSON: <br>\n";
print_r($event_json);
echo "<br><br>\n";
$success = false;
$bits = explode(':', isset($event_json->order->custom) ? $event_json->order->custom : '');
if (count($bits) == 4) {
// we have our custom bits, invoice_id, invoice_payment_id and hash
// check they are right
$invoice_id = (int) $bits[0];
$invoice_payment_id = (int) $bits[1];
$invoice_payment_subscription_id = (int) $bits[2];
$hash = $bits[3];
$correct_hash = self::get_payment_key($invoice_id, $invoice_payment_id, $invoice_payment_subscription_id, true);
if ($invoice_id && $invoice_payment_id && $hash == $correct_hash) {
// This will send receipts on succesful invoices
// todo - coinbase doesnt sent this callback correctly just yet
if ($event_json && isset($event_json->recurring_payment) && $invoice_payment_subscription_id) {
// status changes on a recurring payment.
$invoice_payment_subscription = get_single('invoice_payment_subscription', 'invoice_payment_subscription_id', $invoice_payment_subscription_id);
if (!$invoice_payment_subscription['date_start'] || $invoice_payment_subscription['date_start'] == '0000-00-00') {
// no start date yet, set the start date now.
if ($event_json->recurring_payment->status == 'active') {
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('status' => _INVOICE_SUBSCRIPTION_ACTIVE, 'date_start' => date('Y-m-d')));
}
}
if ($event_json->recurring_payment->status == 'paused' || $event_json->recurring_payment->status == 'canceled') {
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('status' => _INVOICE_SUBSCRIPTION_FAILED));
}
}
if ($event_json && isset($event_json->order->status) && $event_json->order->status == 'completed' && isset($event_json->order->total_native) && isset($event_json->order->custom)) {
// crab out the custom bits so we know what to deal with.
$invoice_payment_data = module_invoice::get_invoice_payment($invoice_payment_id);
$currency = module_config::get_currency($invoice_payment_data['currency_id']);
if ($invoice_payment_subscription_id) {
// this API result is for a subscription payment.
$invoice_payment_subscription = get_single('invoice_payment_subscription', 'invoice_payment_subscription_id', $invoice_payment_subscription_id);
if ($invoice_payment_subscription && $invoice_payment_subscription['invoice_payment_subscription_id'] == $invoice_payment_subscription_id && $currency['code'] == $event_json->order->total_native->currency_iso) {
if (!$invoice_payment_subscription['date_start'] || $invoice_payment_subscription['date_start'] == '0000-00-00') {
// no start date yet, set the start date now (this should really happen in the above callback, but coinbase isn't working right now)
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('status' => _INVOICE_SUBSCRIPTION_ACTIVE, 'date_start' => date('Y-m-d')));
}
// we have a subscription payment. woo!
// this gets a bit tricky, we have to work out if the invoice has been generated for this subscription yet.
// if this invoice hasn't been generated yet then we have to generate it.
// pass this back to the invoice class so we can reuse this feature in the future.
$data = module_invoice::create_new_invoice_for_subscription_payment($invoice_id, $invoice_payment_id, $invoice_payment_subscription_id);
if ($data && $data['invoice_id'] && $data['invoice_payment_id']) {
$next_time = time();
$next_time = strtotime('+' . abs((int) $invoice_payment_subscription['days']) . ' days', $next_time);
$next_time = strtotime('+' . abs((int) $invoice_payment_subscription['months']) . ' months', $next_time);
$next_time = strtotime('+' . abs((int) $invoice_payment_subscription['years']) . ' years', $next_time);
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('date_last_pay' => date('Y-m-d'), 'date_next' => date('Y-m-d', $next_time)));
update_insert("invoice_payment_id", $data['invoice_payment_id'], "invoice_payment", array('date_paid' => date('Y-m-d'), 'amount' => $event_json->order->total_native->cents / 100, 'method' => self::get_payment_method_name() . ' (Subscription)', 'invoice_payment_subscription_id' => $invoice_payment_subscription_id));
self::add_payment_data($data['invoice_payment_id'], 'log', "Invoice Payment Subscription Received!");
self::add_payment_data($data['invoice_payment_id'], 'log', "API IP is " . $_SERVER['REMOTE_ADDR']);
self::add_payment_data($data['invoice_payment_id'], 'log', "Received BTC: " . $event_json->order->total_btc->cents / 10000000);
self::add_payment_data($data['invoice_payment_id'], 'log', "Received " . $event_json->order->total_native->currency_iso . ': ' . $event_json->order->total_native->cents / 100);
self::add_payment_data($data['invoice_payment_id'], 'log', "Destination Address: " . $event_json->order->receive_address);
self::add_payment_data($data['invoice_payment_id'], 'log', "Currency code matches, marking invoice as paid.");
self::add_payment_data($data['invoice_payment_id'], 'log', "Raw Event Data: \n" . json_encode($event_json));
module_invoice::save_invoice($data['invoice_id'], array());
echo "Successful Subscription Payment!";
} else {
send_error("Coinbase Subscription Error (failed to generate new invoice!) " . var_export($data, true));
}
} else {
send_error('Currency code missmatch on coinbase subscription payment');
}
} else {
// this is a normal once off payment.
self::add_payment_data($invoice_payment_id, 'log', "API IP is " . $_SERVER['REMOTE_ADDR']);
self::add_payment_data($invoice_payment_id, 'log', "Received BTC: " . $event_json->order->total_btc->cents / 10000000);
self::add_payment_data($invoice_payment_id, 'log', "Received " . $event_json->order->total_native->currency_iso . ': ' . $event_json->order->total_native->cents / 100);
self::add_payment_data($invoice_payment_id, 'log', "Destination Address: " . $event_json->order->receive_address);
if ($currency['code'] == $event_json->order->total_native->currency_iso) {
self::add_payment_data($invoice_payment_id, 'log', "Currency code matches, marking invoice as paid.");
update_insert("invoice_payment_id", $invoice_payment_id, "invoice_payment", array('date_paid' => date('Y-m-d'), 'amount' => $event_json->order->total_native->cents / 100));
module_invoice::save_invoice($invoice_id, array());
echo "Successful Payment!";
$success = true;
} else {
self::add_payment_data($invoice_payment_id, 'log', "Currency code missmatch, please check settings!");
}
self::add_payment_data($invoice_payment_id, 'log', "Raw Event Data: \n" . json_encode($event_json));
}
}
}
}
$debug = ob_get_clean();
if (module_config::c('coinbase_payment_debug', 0)) {
send_error("Coinbase Debug: {$debug}");
}
exit;
break;
case 'pay_subscription':
$invoice_id = isset($_REQUEST['invoice_id']) ? $_REQUEST['invoice_id'] : false;
$invoice_payment_id = isset($_REQUEST['invoice_payment_id']) ? $_REQUEST['invoice_payment_id'] : false;
$invoice_payment_subscription_id = isset($_REQUEST['invoice_payment_subscription_id']) ? $_REQUEST['invoice_payment_subscription_id'] : false;
$coinbase_plan_id = isset($_REQUEST['coinbase_plan_id']) ? $_REQUEST['coinbase_plan_id'] : false;
$user_id = isset($_REQUEST['user_id']) ? $_REQUEST['user_id'] : false;
if ($invoice_id && $invoice_payment_id && $coinbase_plan_id && $invoice_payment_subscription_id && $user_id && isset($_POST['coinbaseToken'])) {
$user_data = module_user::get_user($user_id);
$email = isset($_REQUEST['coinbaseEmail']) && strlen($_REQUEST['coinbaseEmail']) ? $_REQUEST['coinbaseEmail'] : $user_data['email'];
if (!$email || !strpos($email, '@')) {
die('Please ensure your user account has a valid email address before paying with coinbase');
}
$invoice_payment = get_single('invoice_payment', 'invoice_payment_id', $invoice_payment_id);
$invoice_payment_subscription = get_single('invoice_payment_subscription', 'invoice_payment_subscription_id', $invoice_payment_subscription_id);
if (!$invoice_payment || !$invoice_payment_subscription || $invoice_payment['invoice_id'] != $invoice_id || $invoice_payment['invoice_payment_subscription_id'] != $invoice_payment_subscription_id) {
die('Invalid invoice payment subscription id');
}
$invoice_payment_data = module_invoice::get_invoice_payment($invoice_payment_id);
$invoice_data = module_invoice::get_invoice($invoice_id);
if ($invoice_payment_data && $invoice_data && $invoice_id == $invoice_data['invoice_id'] && $invoice_payment_data['invoice_id'] == $invoice_data['invoice_id']) {
$currency = module_config::get_currency($invoice_payment_data['currency_id']);
$currency_code = $currency['code'];
$description = isset($_REQUEST['description']) ? $_REQUEST['description'] : 'N/A';
$template = new module_template();
ob_start();
require_once 'includes/plugin_paymethod_coinbase/coinbase-php/lib/coinbase.php';
$coinbase = array("secret_key" => module_config::c('payment_method_coinbase_api_key'), "publishable_key" => module_config::c('payment_method_coinbase_secret_key'));
coinbase::setApiKey($coinbase['secret_key']);
try {
// todo- search for existing customer based on email address???
// todo: check if adding new plan to existing customer work??
$coinbase_customer = coinbase_Customer::create(array("card" => $_POST['coinbaseToken'], "email" => $email, 'metadata' => array('user_id' => $user_id)));
if ($coinbase_customer && $coinbase_customer->id) {
//} && $coinbase_customer->subscriptions){
$coinbase_subscription = $coinbase_customer->subscriptions->create(array('plan' => $coinbase_plan_id));
if ($coinbase_subscription && $coinbase_subscription->id) {
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('status' => _INVOICE_SUBSCRIPTION_ACTIVE, 'date_start' => date('Y-m-d'), 'coinbase_customer' => $coinbase_customer->id, 'coinbase_subscription' => $coinbase_subscription->id));
module_paymethod_coinbase::add_payment_data($invoice_payment_id, 'log', "Started coinbase Subscription: " . var_export(array('customer.id' => $coinbase_customer->id, 'plan.id' => $coinbase_plan_id, 'subscription.id' => $coinbase_subscription->id), true));
// success!
// redirect to receipt page.
redirect_browser(module_invoice::link_public_payment_complete($invoice_id));
} else {
echo 'Failed to create subscription with coinbase';
}
}
$error = "Something went wrong during coinbase payment. Please confirm invoice payment went through: " . htmlspecialchars($description);
send_error($error);
echo $error;
} catch (coinbase_CardError $e) {
// The card has been declined
$body = $e->getJsonBody();
$err = $body['error'];
$error = "Sorry: Payment failed. <br><br>\n\n" . htmlspecialchars($description) . ". <br><br>\n\n";
$error .= $err['message'];
echo $error;
$error .= "\n\n\n" . var_export($err, true);
send_error($error);
} catch (Exception $e) {
$body = $e->getJsonBody();
$err = $body['error'];
$error = "Sorry: Payment failed. <br><br>\n\n" . htmlspecialchars($description) . ". <br><br>\n\n";
$error .= $err['message'];
echo $error;
$error .= "\n\n\n" . var_export($err, true);
send_error($error);
}
$template->content = ob_get_clean();
echo $template->render('pretty_html');
exit;
}
}
echo 'Error paying via coinbase';
exit;
}
}
public static function add_payment_data($invoice_payment_id, $key, $val)
{
$payment = module_invoice::get_invoice_payment($invoice_payment_id);
$payment_data = @unserialize($payment['data']);
if (!is_array($payment_data)) {
$payment_data = array();
}
if (!isset($payment_data[$key])) {
$payment_data[$key] = array();
}
$payment_data[$key][] = $val;
update_insert('invoice_payment_id', $invoice_payment_id, 'invoice_payment', array('data' => serialize($payment_data)));
}
public function external_hook($hook)
{
switch ($hook) {
case 'event_ipn':
require_once 'includes/plugin_paymethod_stripe/stripe-php/lib/Stripe.php';
$stripe = array("secret_key" => module_config::c('payment_method_stripe_secret_key'), "publishable_key" => module_config::c('payment_method_stripe_publishable_key'));
Stripe::setApiKey($stripe['secret_key']);
$body = @file_get_contents('php://input');
$event_json = json_decode($body);
ob_start();
// echo "INPUT: <br>\n";
// print_r($body);
// echo "<br><br>\n";
echo "UCM STRIPE DEBUG:<br><br>JSON: <br>\n";
print_r($event_json);
echo "<br><br>\n";
$event_id = $event_json->id;
try {
$event = Stripe_Event::retrieve($event_id);
// This will send receipts on succesful invoices
if ($event->type == 'charge.succeeded' && $event->data->object->invoice) {
$paid_amount = $event->data->object->amount / 100;
// get the invoice.
$invoice = Stripe_Invoice::retrieve($event->data->object->invoice);
echo "INVOICE: <br>\n";
print_r($invoice);
echo "<br><br>\n";
if ($invoice && $invoice->subscription && $invoice->paid) {
// this payment was for a subscription! which one though?
$customer = Stripe_Customer::retrieve($invoice->customer);
echo "CUSTOMER: <br>\n";
print_r($customer);
echo "<br><br>\n";
$subscription = $customer->subscriptions->retrieve($invoice->subscription);
echo "SUBSCRIPTION: <br>\n";
print_r($subscription);
echo "<br><br>\n";
// now we have the Customer and Subscription we can look through our invoice_payment_subscription table for those values.
/*update_insert('invoice_payment_subscription_id',$invoice_payment_subscription_id,'invoice_payment_subscription',array(
'status' => _INVOICE_SUBSCRIPTION_ACTIVE,
'date_start' => date('Y-m-d'),
// we also have to store the stripe details here so we can easily search for them later on.
'stripe_customer' => $stripe_customer->id,
'stripe_subscription' => $stripe_subscription->id,
));*/
$invoice_payment_subscription = get_single('invoice_payment_subscription', array('stripe_customer', 'stripe_subscription'), array($customer->id, $subscription->id));
if ($invoice_payment_subscription) {
// FIND THE linked invoice_payment for this original invoice payment subscription, this allows us to perform the same creatE_new_invoice as paypal below:
$invoice_payment_subscription_id = $invoice_payment_subscription['invoice_payment_subscription_id'];
$invoice_payment = get_single('invoice_payment', 'invoice_payment_subscription_id', $invoice_payment_subscription_id);
if ($invoice_payment) {
$payment_id = $invoice_payment['invoice_payment_id'];
$invoice_id = $invoice_payment['invoice_id'];
// we have a subscription payment. woo!
// this gets a bit tricky, we have to work out if the invoice has been generated for this subscription yet.
// if this invoice hasn't been generated yet then we have to generate it.
// pass this back to the invoice class so we can reuse this feature in the future.
$data = module_invoice::create_new_invoice_for_subscription_payment($invoice_id, $payment_id, $invoice_payment_subscription_id);
if ($data && $data['invoice_id'] && $data['invoice_payment_id']) {
$next_time = time();
$next_time = strtotime('+' . abs((int) $invoice_payment_subscription['days']) . ' days', $next_time);
$next_time = strtotime('+' . abs((int) $invoice_payment_subscription['months']) . ' months', $next_time);
$next_time = strtotime('+' . abs((int) $invoice_payment_subscription['years']) . ' years', $next_time);
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('date_last_pay' => date('Y-m-d'), 'date_next' => date('Y-m-d', $next_time)));
update_insert("invoice_payment_id", $data['invoice_payment_id'], "invoice_payment", array('date_paid' => date('Y-m-d'), 'amount' => $paid_amount, 'method' => 'Stripe (Subscription)', 'invoice_payment_subscription_id' => $invoice_payment_subscription_id));
module_paymethod_stripe::add_payment_data($data['invoice_payment_id'], 'log', "Payment Received via Webhook: " . var_export(array('event.type' => $event->type, 'invoice.id' => $invoice->id, 'subscription.id' => $subscription->id, 'customer.id' => $customer->id, '$invoice_payment_subscription_id' => $invoice_payment_subscription_id, '$invoice_payment_id' => $payment_id), true));
module_invoice::save_invoice($data['invoice_id'], array());
echo "Successful Subscription Payment For Invoice " . $data['invoice_id'];
} else {
send_error("Stripe Webhook Subscription Error (failed to generate new invoice!) " . var_export($data, true));
}
} else {
echo 'Failed to find matching invoice payment in db';
}
} else {
echo 'Failed to find matching subscription payment in db';
}
}
}
} catch (Exception $e) {
$body = $e->getJsonBody();
$err = $body['error'];
$error = "Sorry: Webhook failed. <br><br>\n\n";
$error .= $err['message'];
$error .= "\n\n\n" . var_export($e, true);
echo $error;
}
$debug = ob_get_clean();
//mail('*****@*****.**','Stripe Webhook debug',$debug);
if (module_config::c('stripe_payment_debug', 0)) {
echo $debug;
}
echo "Thanks! (set stripe_payment_debug to 1 in UCM to see more data here)";
exit;
break;
case 'pay_subscription':
$invoice_id = isset($_REQUEST['invoice_id']) ? $_REQUEST['invoice_id'] : false;
$invoice_payment_id = isset($_REQUEST['invoice_payment_id']) ? $_REQUEST['invoice_payment_id'] : false;
$invoice_payment_subscription_id = isset($_REQUEST['invoice_payment_subscription_id']) ? $_REQUEST['invoice_payment_subscription_id'] : false;
$stripe_plan_id = isset($_REQUEST['stripe_plan_id']) ? $_REQUEST['stripe_plan_id'] : false;
$user_id = isset($_REQUEST['user_id']) ? $_REQUEST['user_id'] : false;
if ($invoice_id && $invoice_payment_id && $stripe_plan_id && $invoice_payment_subscription_id && $user_id && isset($_POST['stripeToken'])) {
$user_data = module_user::get_user($user_id);
$email = isset($_REQUEST['stripeEmail']) && strlen($_REQUEST['stripeEmail']) ? $_REQUEST['stripeEmail'] : $user_data['email'];
if (!$email || !strpos($email, '@')) {
die('Please ensure your user account has a valid email address before paying with stripe');
}
$invoice_payment = get_single('invoice_payment', 'invoice_payment_id', $invoice_payment_id);
$invoice_payment_subscription = get_single('invoice_payment_subscription', 'invoice_payment_subscription_id', $invoice_payment_subscription_id);
if (!$invoice_payment || !$invoice_payment_subscription || $invoice_payment['invoice_id'] != $invoice_id || $invoice_payment['invoice_payment_subscription_id'] != $invoice_payment_subscription_id) {
die('Invalid invoice payment subscription id');
}
$invoice_payment_data = module_invoice::get_invoice_payment($invoice_payment_id);
$invoice_data = module_invoice::get_invoice($invoice_id);
if ($invoice_payment_data && $invoice_data && $invoice_id == $invoice_data['invoice_id'] && $invoice_payment_data['invoice_id'] == $invoice_data['invoice_id']) {
$currency = module_config::get_currency($invoice_payment_data['currency_id']);
$currency_code = $currency['code'];
$description = isset($_REQUEST['description']) ? $_REQUEST['description'] : 'N/A';
$template = new module_template();
ob_start();
require_once 'includes/plugin_paymethod_stripe/stripe-php/lib/Stripe.php';
$stripe = array("secret_key" => module_config::c('payment_method_stripe_secret_key'), "publishable_key" => module_config::c('payment_method_stripe_publishable_key'));
Stripe::setApiKey($stripe['secret_key']);
try {
// todo- search for existing customer based on email address???
// todo: check if adding new plan to existing customer work??
$stripe_customer = Stripe_Customer::create(array("card" => $_POST['stripeToken'], "email" => $email, 'metadata' => array('user_id' => $user_id)));
if ($stripe_customer && $stripe_customer->id) {
//} && $stripe_customer->subscriptions){
$stripe_subscription = $stripe_customer->subscriptions->create(array('plan' => $stripe_plan_id));
if ($stripe_subscription && $stripe_subscription->id) {
update_insert('invoice_payment_subscription_id', $invoice_payment_subscription_id, 'invoice_payment_subscription', array('status' => _INVOICE_SUBSCRIPTION_ACTIVE, 'date_start' => date('Y-m-d'), 'stripe_customer' => $stripe_customer->id, 'stripe_subscription' => $stripe_subscription->id));
module_paymethod_stripe::add_payment_data($invoice_payment_id, 'log', "Started Stripe Subscription: " . var_export(array('customer.id' => $stripe_customer->id, 'plan.id' => $stripe_plan_id, 'subscription.id' => $stripe_subscription->id), true));
// success!
// redirect to receipt page.
redirect_browser(module_invoice::link_public_payment_complete($invoice_id));
} else {
echo 'Failed to create subscription with stripe';
}
}
$error = "Something went wrong during stripe payment. Please confirm invoice payment went through: " . htmlspecialchars($description);
send_error($error);
echo $error;
} catch (Stripe_CardError $e) {
// The card has been declined
$body = $e->getJsonBody();
$err = $body['error'];
$error = "Sorry: Payment failed. <br><br>\n\n" . htmlspecialchars($description) . ". <br><br>\n\n";
$error .= $err['message'];
echo $error;
$error .= "\n\n\n" . var_export($err, true);
send_error($error);
} catch (Exception $e) {
$body = $e->getJsonBody();
$err = $body['error'];
$error = "Sorry: Payment failed. <br><br>\n\n" . htmlspecialchars($description) . ". <br><br>\n\n";
$error .= $err['message'];
echo $error;
$error .= "\n\n\n" . var_export($err, true);
send_error($error);
}
$template->content = ob_get_clean();
echo $template->render('pretty_html');
exit;
}
}
echo 'Error paying via Stripe';
exit;
case 'pay':
$invoice_id = isset($_REQUEST['invoice_id']) ? $_REQUEST['invoice_id'] : false;
$invoice_payment_id = isset($_REQUEST['invoice_payment_id']) ? $_REQUEST['invoice_payment_id'] : false;
if ($invoice_id && $invoice_payment_id && isset($_POST['stripeToken'])) {
$invoice_payment_data = module_invoice::get_invoice_payment($invoice_payment_id);
$invoice_data = module_invoice::get_invoice($invoice_id);
if ($invoice_payment_data && $invoice_data && $invoice_id == $invoice_data['invoice_id'] && $invoice_payment_data['invoice_id'] == $invoice_data['invoice_id']) {
$currency = module_config::get_currency($invoice_payment_data['currency_id']);
$currency_code = $currency['code'];
$description = _l('Payment for invoice %s', $invoice_data['name']);
$template = new module_template();
ob_start();
include module_theme::include_ucm('includes/plugin_paymethod_stripe/pages/stripe_form.php');
$template->content = ob_get_clean();
echo $template->render('pretty_html');
exit;
}
}
echo 'Error paying via Stripe';
exit;
}
}
}
$finance_id = (int) $_REQUEST['finance_id'];
$finance = module_finance::get_finance($finance_id);
if (!isset($finance['finance_id']) || $finance['finance_id'] != $finance_id) {
$finance_id = 0;
}
if ($finance_id <= 0) {
if (isset($_REQUEST['from_invoice_id'])) {
$invoice_data = module_invoice::get_invoice((int) $_REQUEST['from_invoice_id'], false);
$finance['invoice_id'] = $invoice_data['invoice_id'];
if ($invoice_data['customer_id']) {
$finance['customer_id'] = $invoice_data['customer_id'];
}
}
if (isset($_REQUEST['invoice_payment_id'])) {
$invoice_payment_data = module_invoice::get_invoice_payment($_REQUEST['invoice_payment_id']);
if ($invoice_payment_data) {
// we make sure this NEW invoice payment record hasn't already been recorded somewhere.
$existing = module_finance::get_finances(array('invoice_payment_id' => $invoice_payment_data['invoice_payment_id']));
if (count($existing)) {
foreach ($existing as $e) {
if (isset($e['finance_id']) && (int) $e['finance_id'] > 0) {
$link = module_finance::link_open($e['finance_id']);
if ($link) {
redirect_browser($link);
}
}
}
}
}
$linked_invoice_payments[] = $invoice_payment_data;
function handle_multisafepay_ipn()
{
ob_end_clean();
ini_set('display_errors', false);
include 'MultiSafepay.combined.php';
$msp = new MultiSafepay();
// transaction id (same as the transaction->id given in the transaction request)
$transactionid = isset($_GET['transactionid']) ? $_GET['transactionid'] : false;
if (!$transactionid) {
send_error('No MultiSafepay transaction ID');
}
$multisafepay_bits = explode("|", $transactionid);
$user_id = $multisafepay_bits[0];
$payment_id = (int) $multisafepay_bits[1];
$invoice_id = (int) $multisafepay_bits[2];
//send_error('bad?');
//send_error($payment_id.' multisafepay IPN check started',var_export($_REQUEST,true));
if ($payment_id && $invoice_id) {
$hash = $this->multisafepay_custom($user_id, $payment_id, $invoice_id);
if ($hash != $transactionid) {
send_error("Multisafepay IPN Error (incorrect hash)");
exit;
}
$user_id = (int) $user_id;
// sometimes userid is ''
$paymetn_history = get_single('invoice_payment', 'invoice_payment_id', $payment_id);
if (!$paymetn_history) {
send_error("Unknown Multisafe Payment - maybe a history was deleted?");
exit;
}
// (notify.php?type=initial is used as notification_url and should output a link)
$initial = isset($_GET['type']) && $_GET['type'] == "initial";
/*
* Merchant Settings
*/
// $msp->test = MSP_TEST_API;
// $msp->merchant['account_id'] = MSP_ACCOUNT_ID;
// $msp->merchant['site_id'] = MSP_SITE_ID;
// $msp->merchant['site_code'] = MSP_SITE_CODE;
$msp->test = self::is_sandbox();
$msp->merchant['account_id'] = module_config::c('payment_method_multisafepay_account', '');
$msp->merchant['site_id'] = module_config::c('payment_method_multisafepay_site_id', '');
$msp->merchant['site_code'] = module_config::c('payment_method_multisafepay_side_code', '');
/*
* Transaction Details
*/
$msp->transaction['id'] = $transactionid;
// returns the status
$status = $msp->getStatus();
if ($msp->error && !$initial) {
// only show error if we dont need to display the link
echo "Error " . $msp->error_code . ": " . $msp->error;
exit;
}
//send_error($payment_id.' MultiSafepay Status of '.$status,var_export($_REQUEST,true));
$payment_history_data = isset($paymetn_history['data']) && strlen($paymetn_history['data']) ? unserialize($paymetn_history['data']) : array();
if (!is_array($payment_history_data)) {
$payment_history_data = array();
}
if (!isset($payment_history_data['log'])) {
$payment_history_data['log'] = array();
}
$payment_history_data['log'][] = 'Payment ' . $status . ' at ' . print_date(time(), true);
update_insert("invoice_payment_id", $payment_id, "invoice_payment", array('data' => serialize($payment_history_data)));
switch ($status) {
case "initialized":
// waiting
break;
case "completed":
// payment complete
update_insert("invoice_payment_id", $payment_id, "invoice_payment", array('date_paid' => date('Y-m-d'), 'method' => 'MultiSafepay'));
module_invoice::save_invoice($invoice_id, array());
break;
case "uncleared":
// waiting (credit cards or direct debit)
break;
case "void":
// canceled
break;
case "declined":
// declined
break;
case "refunded":
// refunded
send_error("Multisafepay Error! The payment {$payment_id} has been refunded or reversed! BAD BAD! You have to follup up customer for money manually now.");
break;
case "expired":
// expired
break;
default:
}
if ($initial) {
// displayed at the last page of the transaction proces (if no redirect_url is set)
echo '<a href="' . module_invoice::link_public($invoice_id) . '">Return to Invoice</a>';
} else {
// link to notify.php for MultiSafepay back-end (for delayed payment notifications)
// backend expects an "ok" if no error occurred
echo "ok";
}
} else {
send_error('No bits in transaction id');
}
exit;
$multisafepay_bits = explode("|", $_REQUEST['custom']);
$user_id = (int) $multisafepay_bits[0];
$payment_id = (int) $multisafepay_bits[1];
$invoice_id = (int) $multisafepay_bits[2];
//send_error('bad?');
if ($user_id && $payment_id && $invoice_id) {
$hash = $this->multisafepay_custom($user_id, $payment_id, $invoice_id);
if ($hash != $_REQUEST['custom']) {
send_error("Multisafepay IPN Error (incorrect hash)");
exit;
}
$sql = "SELECT * FROM `" . _DB_PREFIX . "user` WHERE user_id = '{$user_id}' LIMIT 1";
$res = qa($sql);
if ($res) {
$user = array_shift($res);
if ($user && $user['user_id'] == $user_id) {
// check for payment exists
$payment = module_invoice::get_invoice_payment($payment_id);
$invoice = module_invoice::get_invoice($invoice_id);
if ($payment && $invoice) {
$invoice_currency = module_config::get_currency($invoice['currency_id']);
$invoice_currency_code = $invoice_currency['code'];
// check correct business
if (!$_REQUEST['business'] && $_REQUEST['receiver_email']) {
$_REQUEST['business'] = $_REQUEST['receiver_email'];
}
if ($_REQUEST['business'] != module_config::c('payment_method_multisafepay_email', _ERROR_EMAIL)) {
send_error('Multisafepay error! Paid the wrong business name. ' . $_REQUEST['business'] . ' instead of ' . module_config::c('payment_method_multisafepay_email', _ERROR_EMAIL));
exit;
}
// check correct currency
if ($invoice_currency_code && $_REQUEST['mc_currency'] != $invoice_currency_code) {
send_error('Multisafepay error! Paid the wrong currency code. ' . $_REQUEST['mc_currency'] . ' instead of ' . $invoice_currency_code);
exit;
}
if ($_REQUEST['payment_status'] == "Canceled_Reversal" || $_REQUEST['payment_status'] == "Refunded") {
// funky refund!! oh noes!!
// TODO: store this in the database as a negative payment... should be easy.
// populate $_REQUEST vars then do something like $payment_history_id = update_insert("payment_history_id","new","payment_history");
send_error("Multisafepay Error! The payment {$payment_id} has been refunded or reversed! BAD BAD! You have to follup up customer for money manually now.");
} else {
if ($_REQUEST['payment_status'] == "Completed") {
// payment is completed! yeye getting closer...
switch ($_REQUEST['txn_type']) {
case "web_accept":
// running in multisafepay sandbox or not?
//$sandbox = (self::is_sandbox())?"sandbox.":'';
// quick check we're not getting a fake payment request.
$url = 'https://www.' . (self::is_sandbox() ? 'sandbox.' : '') . 'multisafepay.com/cgi-bin/webscr';
$result = self::fsockPost($url, $_POST);
//send_error('multisafepay sock post: '.$url."\n\n".var_export($result,true));
if (eregi("VERIFIED", $result)) {
// finally have everything.
// mark the payment as completed.
update_insert("invoice_payment_id", $payment_id, "invoice_payment", array('date_paid' => date('Y-m-d'), 'amount' => $_REQUEST['mc_gross'], 'method' => 'Multisafepay (IPN)'));
module_invoice::save_invoice($invoice_id, array());
echo "Successful Payment!";
} else {
send_error("Multisafepay IPN Error (multisafepay rejected the payment!) " . var_export($result, true));
}
break;
case "subscr_signup":
default:
// TODO: support different payment methods later? like a monthly hosting fee..
send_error("Multisafepay IPN Error (we dont currently support this payment method: " . $_REQUEST['txn_type'] . ")");
break;
}
} else {
send_error("Multisafepay info: This payment is not yet completed, this usually means it's an e-cheque, follow it up in a few days if you dont hear anything. This also means you may have to login to multisafepay and 'Accept' the payment. So check there first.");
}
}
} else {
send_error("Multisafepay IPN Error (no payment found in database!)");
}
} else {
send_error("Multisafepay IPN Error (error with user that was found in database..)");
}
} else {
send_error("Multisafepay IPN Error (no user found in database #1)");
}
} else {
send_error("Multisafepay IPN Error (no user id found)");
}
exit;
}
public function external_hook($hook)
{
switch ($hook) {
case 'pay':
// result is retured via ajax and displayed on the page.
$invoice_id = isset($_REQUEST['invoice_id']) ? $_REQUEST['invoice_id'] : false;
$invoice_payment_id = isset($_REQUEST['invoice_payment_id']) ? $_REQUEST['invoice_payment_id'] : false;
if ($invoice_id && $invoice_payment_id) {
$invoice_payment_data = module_invoice::get_invoice_payment($invoice_payment_id);
$invoice_data = module_invoice::get_invoice($invoice_id);
if ($invoice_payment_data && $invoice_data && $invoice_id == $invoice_data['invoice_id'] && $invoice_payment_data['invoice_id'] == $invoice_data['invoice_id']) {
$currency = module_config::get_currency($invoice_payment_data['currency_id']);
$currency_code = $currency['code'];
$description = _l('Payment for invoice %s', $invoice_data['name']);
require_once 'includes/plugin_paymethod_authorize/anet_php_1.1.8/AuthorizeNet.php';
$transaction = new AuthorizeNetAIM(module_config::c('payment_method_authorize_api_login_id', ''), module_config::c('payment_method_authorize_transaction_key', ''));
$transaction->setSandbox(module_config::c('payment_method_authorize_sandbox', 0));
$transaction->VERIFY_PEER = module_config::c('payment_method_authorize_ssl_verify', 1);
$transaction->amount = $invoice_payment_data['amount'];
// USD ONLY
foreach (array("address", "allow_partial_auth", "amount", "auth_code", "authentication_indicator", "bank_aba_code", "bank_acct_name", "bank_acct_num", "bank_acct_type", "bank_check_number", "bank_name", "card_code", "card_num", "cardholder_authentication_value", "city", "company", "country", "cust_id", "customer_ip", "delim_char", "delim_data", "description", "duplicate_window", "duty", "echeck_type", "email", "email_customer", "encap_char", "exp_date", "fax", "first_name", "footer_email_receipt", "freight", "header_email_receipt", "invoice_num", "last_name", "line_item", "login", "method", "phone", "po_num", "recurring_billing", "relay_response", "ship_to_address", "ship_to_city", "ship_to_company", "ship_to_country", "ship_to_first_name", "ship_to_last_name", "ship_to_state", "ship_to_zip", "split_tender_id", "state", "tax", "tax_exempt", "test_request", "tran_key", "trans_id", "type", "version", "zip") as $possible_value) {
if (isset($_POST[$possible_value])) {
$transaction->setField($possible_value, $_POST[$possible_value]);
}
}
$transaction->setField('card_num', isset($_POST['number']) ? $_POST['number'] : '');
$transaction->setField('exp_date', $_POST['month'] . '/' . $_POST['year']);
$transaction->setField('card_code', $_POST['cvv']);
//$transaction->card_num = isset($_POST['number']) ? $_POST['number'] : '';
//$transaction->exp_date = $_POST['month'].'/'.$_POST['year'];
//$transaction->card_code = $_POST['cvv'];
$response = $transaction->authorizeAndCapture();
if ($response->approved) {
// echo "<h1>Success! The test credit card has been charged!</h1>";
// echo "Transaction ID: " . $response->transaction_id;
update_insert("invoice_payment_id", $invoice_payment_id, "invoice_payment", array('date_paid' => date('Y-m-d')));
module_paymethod_stripe::add_payment_data($invoice_payment_id, 'log', "Successfully paid: " . var_export($response, true));
module_invoice::save_invoice($invoice_id, array());
// success!
// redirect to receipt page.
redirect_browser(module_invoice::link_receipt($invoice_payment_id));
} else {
echo isset($response->error_message) ? $response->error_message : (isset($response->response_reason_text) ? $response->response_reason_text : var_export($response, true));
}
exit;
}
}
echo 'Error paying via Authorize';
exit;
}
}
