/** * Check XML data, add to log if debugging is enabled * * @param Order $objOrder * * @return bool */ private function validateXML(Order $objOrder) { if ($this->getPostValue('ACCOUNTID') != $this->saferpay_accountid) { \System::log('XML data wrong, possible manipulation (accountId validation failed)! See log files for further details.', __METHOD__, TL_ERROR); log_message(sprintf('XML data wrong, possible manipulation (accountId validation failed)! XML was: "%s". Order was: "%s"', $this->getPostValue('ACCOUNTID'), $this->saferpay_accountid), 'isotope_saferpay.log'); return false; } elseif ($this->getPostValue('AMOUNT') != round($objOrder->getTotal() * 100, 0)) { \System::log('XML data wrong, possible manipulation (amount validation failed)! See log files for further details.', __METHOD__, TL_ERROR); log_message(sprintf('XML data wrong, possible manipulation (amount validation failed)! XML was: "%s". Order was: "%s"', $this->getPostValue('AMOUNT'), $this->getTotal()), 'isotope_saferpay.log'); return false; } elseif ($this->getPostValue('CURRENCY') != $objOrder->currency) { \System::log('XML data wrong, possible manipulation (currency validation failed)! See log files for further details.', __METHOD__, TL_ERROR); log_message(sprintf('XML data wrong, possible manipulation (currency validation failed)! XML was: "%s". Order was: "%s"', $this->getPostValue('CURRENCY'), $this->currency), 'isotope_saferpay.log'); return false; } return true; }
/** * Prepare PSP params * * @param Order $objOrder * @param \Isotope\Module\Checkout $objModule * * @return array */ protected function preparePSPParams($objOrder, $objModule) { $objBillingAddress = $objOrder->getBillingAddress(); return array('PSPID' => $this->psp_pspid, 'ORDERID' => $objOrder->id, 'AMOUNT' => round($objOrder->getTotal() * 100), 'CURRENCY' => $objOrder->currency, 'LANGUAGE' => $GLOBALS['TL_LANGUAGE'] . '_' . strtoupper($GLOBALS['TL_LANGUAGE']), 'CN' => $objBillingAddress->firstname . ' ' . $objBillingAddress->lastname, 'EMAIL' => $objBillingAddress->email, 'OWNERZIP' => $objBillingAddress->postal, 'OWNERADDRESS' => $objBillingAddress->street_1, 'OWNERADDRESS2' => $objBillingAddress->street_2, 'OWNERCTY' => strtoupper($objBillingAddress->country), 'OWNERTOWN' => $objBillingAddress->city, 'OWNERTELNO' => $objBillingAddress->phone, 'ACCEPTURL' => \Environment::get('base') . $objModule->generateUrlForStep('complete', $objOrder), 'DECLINEURL' => \Environment::get('base') . $objModule->generateUrlForStep('failed'), 'BACKURL' => \Environment::get('base') . $objModule->generateUrlForStep('review'), 'PARAMPLUS' => 'mod=pay&id=' . $this->id, 'TP' => $this->psp_dynamic_template ?: ''); }