function register_user($adding_service = "no") { global $pro_mysql_admin_table; global $pro_mysql_new_admin_table; global $pro_mysql_product_table; global $pro_mysql_vps_server_table; global $conf_webmaster_email_addr; global $conf_selling_conditions_url; global $conf_message_subject_header; global $secpayconf_currency_letters; global $gettext_lang; get_secpay_conf(); // Check if all fields are blank, in wich case don't display error if ((!isset($_REQUEST["reqadm_login"]) || $_REQUEST["reqadm_login"] == "") && (!isset($_REQUEST["reqadm_pass"]) || $_REQUEST["reqadm_pass"] == "") && (!isset($_REQUEST["reqadm_pass2"]) || $_REQUEST["reqadm_pass2"] == "") && (!isset($_REQUEST["domain_name"]) || $_REQUEST["domain_name"] == "") && (!isset($_REQUEST["domain_tld"]) || $_REQUEST["domain_tld"] == "") && (!isset($_REQUEST["familyname"]) || $_REQUEST["familyname"] == "") && (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "") && (!isset($_REQUEST["email"]) || $_REQUEST["email"] == "") && (!isset($_REQUEST["phone"]) || $_REQUEST["phone"] == "") && (!isset($_REQUEST["address1"]) || $_REQUEST["address1"] == "") && (!isset($_REQUEST["zipcode"]) || $_REQUEST["zipcode"] == "") && (!isset($_REQUEST["city"]) || $_REQUEST["city"] == "") && (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "")) { $ret["err"] = 1; $ret["mesg"] = _("Not registering"); return $ret; } if (isset($_REQUEST["product_id"])) { $esc_product_id = addslashes($_REQUEST["product_id"]); } if (!isRandomNum($esc_product_id)) { $ret["err"] = 2; $ret["mesg"] = _("Product ID not valid!"); return $ret; } $q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='{$esc_product_id}';"; $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $ret["err"] = 2; $ret["mesg"] = _("Product not found in database"); } else { $db_product = mysql_fetch_array($r); } // Do field format checking and escaping for all fields if (!preg_match("/^([a-zA-Z0-9]+)([._a-zA-Z0-9-]+)\$/", $_REQUEST["reqadm_login"])) { $ret["err"] = 2; $ret["mesg"] = _("User login format incorrect. Please use letters and numbers only and from 4 to 16 chars."); return $ret; } if ($_REQUEST["reqadm_login"] == "root" || $_REQUEST["reqadm_login"] == "debian-sys-maint") { $ret["err"] = 2; $ret["mesg"] = _("Username invalid: please choose something else other than root or debian-sys-maint"); return $ret; } if (!isDTCPassword($_REQUEST["reqadm_pass"])) { $ret["err"] = 2; $ret["mesg"] = _("Password format incorrect. Please use letters and numbers only and from 4 to 16 chars."); return $ret; } if ($_REQUEST["reqadm_pass"] != $_REQUEST["reqadm_pass2"]) { $ret["err"] = 2; $ret["mesg"] = _("Passwords 1 and 2 do not match!"); return $ret; } if ($_REQUEST["domain_name"] == "" || !isTLD($_REQUEST["domain_tld"])) { $domain_tld = ""; } else { $domain_tld = $_REQUEST["domain_tld"]; } // If shared or ssl hosting, we MUST do type checkings if ($db_product["heb_type"] == "shared" || $db_product["heb_type"] == "ssl" || $db_product["heb_type"] == "dedicated") { if (!isHostnameOrIP($_REQUEST["domain_name"] . $_REQUEST["domain_tld"])) { $ret["err"] = 2; $ret["mesg"] = _("Domain name seems to be incorrect."); return $ret; } // If not a shared, a dedicated or ssl account, it's a VPS: // we don't care if it's umpty, but we take care of mysql insertion anyway // so if there is a domain name, then we check it's consistency, but we don't // do much more if there's nothing... } else { if ($_REQUEST["domain_name"] . $domain_tld != "" && !isHostnameOrIP($_REQUEST["domain_name"] . $domain_tld)) { $ret["err"] = 2; $ret["mesg"] = _("Domain name seems to be incorrect."); return $ret; } } if ($db_product["heb_type"] == "vps") { if ($_REQUEST["vps_server_hostname"] == "-1") { $ret["err"] = 2; $ret["mesg"] = _("VPS location not selected!"); return $ret; } $q = "SELECT * FROM {$pro_mysql_vps_server_table} WHERE hostname='" . addslashes($_REQUEST["vps_server_hostname"]) . "';"; $r = mysql_query($q) or die("Cannot query {$q} " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $ret["err"] = 2; $ret["mesg"] = _("Could not find the VPS server in database"); return $ret; } } if (!isValidEmail($_REQUEST["email"])) { $ret["err"] = 2; $ret["mesg"] = _("Email address seems to be incorrect format."); return $ret; } if (!isset($_REQUEST["familyname"]) || $_REQUEST["familyname"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field family name missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_familyname = addslashes($_REQUEST["familyname"]); } else { $esc_familyname = $_REQUEST["familyname"]; } } if (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field first name missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_firstname = addslashes($_REQUEST["firstname"]); } else { $esc_firstname = $_REQUEST["firstname"]; } } if (!isset($_REQUEST["phone"]) || $_REQUEST["phone"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field phone missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_phone = addslashes($_REQUEST["phone"]); } else { $esc_phone = $_REQUEST["phone"]; } } if (!get_magic_quotes_gpc()) { $esc_fax = addslashes($_REQUEST["fax"]); } else { $esc_fax = $_REQUEST["fax"]; } if (!get_magic_quotes_gpc()) { $esc_compname = addslashes($_REQUEST["compname"]); } else { $esc_compname = $_REQUEST["compname"]; } if (!get_magic_quotes_gpc()) { $esc_vat_num = addslashes($_REQUEST["vat_num"]); } else { $esc_vat_num = $_REQUEST["vat_num"]; } if (!isset($_REQUEST["address1"]) || $_REQUEST["address1"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field address (line 1) missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_address1 = addslashes($_REQUEST["address1"]); } else { $esc_address1 = $_REQUEST["address1"]; } } if (!get_magic_quotes_gpc()) { $esc_address2 = addslashes($_REQUEST["address2"]); } else { $esc_address2 = $_REQUEST["address2"]; } if (!get_magic_quotes_gpc()) { $esc_address3 = addslashes($_REQUEST["address3"]); } else { $esc_address3 = $_REQUEST["address3"]; } if (!isset($_REQUEST["zipcode"]) || $_REQUEST["zipcode"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field zipcode missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_zipcode = addslashes($_REQUEST["zipcode"]); } else { $esc_zipcode = $_REQUEST["zipcode"]; } } if (!isset($_REQUEST["city"]) || $_REQUEST["city"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field city missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_city = addslashes($_REQUEST["city"]); } else { $esc_city = $_REQUEST["city"]; } } if (!get_magic_quotes_gpc()) { $esc_state = addslashes($_REQUEST["state"]); } else { $esc_state = $_REQUEST["state"]; } if (!get_magic_quotes_gpc()) { $esc_custom_notes = addslashes($_REQUEST["custom_notes"]); } else { $esc_custom_notes = $_REQUEST["custom_notes"]; } if (!preg_match("/^([A-Z])([A-Z])\$/", $_REQUEST["country"])) { $ret["err"] = 2; $ret["mesg"] = _("Country code seems incorrect."); return $ret; } if ($_REQUEST["iscomp"] == "yes") { $esc_comp = "yes"; } else { if ($_REQUEST["iscomp"] == "no") { $esc_comp = "no"; } else { $ret["err"] = 2; $ret["mesg"] = _("Is company radio button is wrong!"); return $ret; } } if ($conf_selling_conditions_url != "none" && (!isset($_REQUEST["condition"]) || $_REQUEST["condition"] != "yes")) { $ret["err"] = 2; $ret["mesg"] = _("Selling conditions not accepted!"); return $ret; } $q = "SELECT adm_login FROM {$pro_mysql_admin_table} WHERE adm_login='******';"; $r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error()); $n = mysql_num_rows($r); if ($n > 0) { $ret["err"] = 3; $ret["mesg"] = _("Username already taken! Try again."); return $ret; } $q = "SELECT reqadm_login FROM {$pro_mysql_new_admin_table} WHERE reqadm_login='******';"; $r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error()); $n = mysql_num_rows($r); if ($n > 0) { $ret["err"] = 3; $ret["mesg"] = _("Username already taken! Try again."); return $ret; } $vps_add1 = ""; $vps_add2 = ""; $vps_mail_add1 = ""; if ($db_product["heb_type"] == "vps") { if (!get_magic_quotes_gpc()) { $esc_vps_os = addslashes($_REQUEST["vps_os"]); } else { $esc_vps_os = $_REQUEST["vps_os"]; } $vps_add1 = ",vps_location,vps_os"; $vps_add2 = ",'" . $_REQUEST["vps_server_hostname"] . "','{$esc_vps_os}'"; $vps_mail_add1 = "VPS hostname: " . $_REQUEST["vps_server_hostname"]; } // MaxMind: Rudd-O get_secpay_conf(); global $secpayconf_maxmind_license_key; global $secpayconf_use_maxmind; global $secpayconf_maxmind_threshold; $maxmind_score = 0; if ($secpayconf_use_maxmind == "yes") { // This has been done in dtc/shared/dtc_lib.php // but could be removed from there... As you like! require_once "../shared/maxmind/HTTPBase.php"; require_once "../shared/maxmind/CreditCardFraudDetection.php"; $hash = array(); $hash["i"] = $_SERVER["REMOTE_ADDR"]; $hash["city"] = $_REQUEST["city"]; $hash["postal"] = $_REQUEST["zipcode"]; $hash["country"] = $_REQUEST["country"]; $maildomain = split("@", $_REQUEST["email"], 2); $hash["domain"] = $maildomain[1]; $hash["custPhone"] = $_REQUEST["phone"]; $hash["license_key"] = $secpayconf_maxmind_license_key; if (isset($_SERVER["X_HTTP_FORWARDED_FOR"])) { $hash["forwardedIP"] = $_SERVER["X_HTTP_FORWARDED_FOR"]; } $hash["emailMD5"] = md5($_REQUEST["email"]); $hash["usernameMD5"] = md5($_REQUEST["reqadm_login"]); $hash["passwordMD5"] = md5($_REQUEST["reqadm_pass"]); // trigger_error("MaxMind input: ".serialize($hash),E_USER_NOTICE); $ccfs = new CreditCardFraudDetection(); $ccfs->isSecure = 1; $ccfs->input($hash); $ccfs->query(); $maxmind_output = $ccfs->output(); // trigger_error("MaxMind output: ".serialize($maxmind_output),E_USER_NOTICE); $maxmind_score = $maxmind_output["riskScore"]; } else { $maxmind_output = ""; } // end MaxMind $q = "INSERT INTO {$pro_mysql_new_admin_table}\n(reqadm_login,\nreqadm_pass,\ndomain_name,\nfamily_name,\nfirst_name,\ncomp_name,\nvat_num,\niscomp,\nemail,\nphone,\nfax,\naddr1,\naddr2,\naddr3,\nzipcode,\ncity,\nstate,\ncountry,\nproduct_id,\ncustom_notes,\nshopper_ip,\ndate,\ntime,\nlast_used_lang,\nmaxmind_output{$vps_add1}\n)\nVALUES('" . $_REQUEST["reqadm_login"] . "',\n'" . $_REQUEST["reqadm_pass"] . "',\n'" . $_REQUEST["domain_name"] . $domain_tld . "',\n'{$esc_familyname}',\n'{$esc_firstname}',\n'{$esc_compname}',\n'{$esc_vat_num}',\n'{$esc_comp}',\n'" . $_REQUEST["email"] . "',\n'{$esc_phone}',\n'{$esc_fax}',\n'{$esc_address1}',\n'{$esc_address2}',\n'{$esc_address3}',\n'{$esc_zipcode}',\n'{$esc_city}',\n'{$esc_state}',\n'" . $_REQUEST["country"] . "',\n'{$esc_product_id}',\n'{$esc_custom_notes}',\n'" . $_SERVER["REMOTE_ADDR"] . "',\n'" . date("Y-m-d") . "',\n'" . date("H:i:s") . "',\n'" . $gettext_lang . "',\n'" . mysql_real_escape_string(serialize($maxmind_output)) . "'{$vps_add2})"; $r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error()); $id = mysql_insert_id(); $ret["err"] = 0; $ret["mesg"] = "Query ok!"; $ret["id"] = $id; $q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='{$esc_product_id}';"; $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { echo "<font color=\"red\">" . _("Cannot find product id!") . "</font>"; $the_prod = $esc_product_id . " (0 {$secpayconf_currency_letters})"; } else { $a = mysql_fetch_array($r); $the_prod = $a["name"] . " (" . $a["price_dollar"] . " {$secpayconf_currency_letters})"; } $mail_content = "\nSomebody tried to register an account. Here is the details of the new user:\n\nlogin: "******"reqadm_login"] . "\npass: "******"reqadm_pass"] . "\ndomain: " . $_REQUEST["domain_name"] . $domain_tld . "\nCompany name: " . $_REQUEST["compname"] . "\nFirst name: " . $_REQUEST["firstname"] . "\nFamily name: " . $_REQUEST["familyname"] . "\nEmail: " . $_REQUEST["email"] . "\nPhone: {$esc_phone}\nFax: {$esc_fax}\nAddr: " . $_REQUEST["address1"] . " " . $_REQUEST["address2"] . " " . $_REQUEST["address3"] . "\nZipcode: {$esc_zipcode}\nCity: " . $_REQUEST["city"] . "\nState: " . $_REQUEST["state"] . "\nCountry: " . $_REQUEST["country"] . "\nShopper ip: " . $_SERVER["REMOTE_ADDR"] . "\nProduct id: {$the_prod}\nCustomer note: " . $_REQUEST["custom_notes"] . "\n{$vps_mail_add1}\n"; if ($maxmind_score > 0) { $mail_content .= "Maxmind Score: {$maxmind_score}\n"; $mail_content .= "Maxmind Output: {$maxmind_output}\n"; } $headers = "From: DTC Robot <{$conf_webmaster_email_addr}>"; mail($conf_webmaster_email_addr, "{$conf_message_subject_header} Somebody tried to register an account", $mail_content, $headers); return $ret; }
// Transaction ID $h["sessionID"] = "abcd9876"; // Session ID // If you want to disable Secure HTTPS or don't have Curl and OpenSSL installed // uncomment the next line // $ccfs->isSecure = 0; // set the timeout to be five seconds $ccfs->timeout = 5; // uncomment to turn on debugging // $ccfs->debug = 1; // how many seconds to cache the ip addresses // $ccfs->wsIpaddrRefreshTimeout = 3600*5; // file to store the ip address for www.maxmind.com and www2.maxmind.com // $ccfs->wsIpaddrCacheFile = "/tmp/maxmind.ws.cache"; // if useDNS is 1 then use DNS, otherwise use ip addresses directly $ccfs->useDNS = 0; $ccfs->isSecure = 0; // next we set up the input hash $ccfs->input($h); // then we query the server $ccfs->query(); // then we get the result from the server $h = $ccfs->output(); // then finally we print out the result $outputkeys = array_keys($h); $numoutputkeys = count($h); for ($i = 0; $i < $numoutputkeys; $i++) { $key = $outputkeys[$i]; $value = $h[$key]; print $key . " = " . $value . "\n"; }
function credit_card_fraud_detection($member, $payment, $vars, &$errors) { global $config, $db; require_once "{$config['root_dir']}/includes/ccfd/CreditCardFraudDetection.php"; // Create a new CreditCardFraudDetection object $ccfs = new CreditCardFraudDetection(); // Set inputs and store them in a hash // See http://www.maxmind.com/app/ccv for more details on the input fields // Enter your license key here (non registered users limited to 20 lookups per day) $h["license_key"] = $config['ccfd_license_key']; // Which level (free, city, premium) of CCFD to use $h["requested_type"] = $config['ccfd_requested_type']; /* i Client IP Address (IP address of customer placing order) forwardedIP IP address of end user, as forwarded by transparent proxy. Transparent proxies set the HTTP headers X-Forwarded-For or Client-IP, which contain the IP address of the end user. These IP addresses can be typically be accessed through the environment variables HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP. Note that the forwarded IP should be passed to the forwardedIP input field instead of the i input field, because we check that the IP address passed to the i input field is a legitimate transparent proxy before using the value in the forwardedIP input field. */ if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) { if (isset($_SERVER["HTTP_CLIENT_IP"])) { $proxy_ip = $_SERVER["HTTP_CLIENT_IP"]; } else { $proxy_ip = $_SERVER["REMOTE_ADDR"]; } $client_ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; $forwarded_ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; } else { if (isset($_SERVER["HTTP_CLIENT_IP"])) { $client_ip = $_SERVER["HTTP_CLIENT_IP"]; } else { $client_ip = $_SERVER["REMOTE_ADDR"]; } $proxy_ip = '0.0.0.0'; $forwarded_ip = ''; } //$db->log_error ("MaxMind debug: HTTP_X_FORWARDED_FOR=".$_SERVER["HTTP_X_FORWARDED_FOR"].", HTTP_CLIENT_IP=".$_SERVER["HTTP_CLIENT_IP"].", REMOTE_ADDR=".$_SERVER["REMOTE_ADDR"]); // Required fields $h["i"] = $client_ip; // set the client ip address $h["city"] = $vars['cc_city']; // set the billing city $h["region"] = $vars['cc_state']; // set the billing state $h["postal"] = $vars['cc_zip']; // set the billing zip code $h["country"] = $vars['cc_country']; // set the billing country $country = db_getCountryByCode($vars['cc_country']); if (!$country) { $country = $vars['cc_country']; } $domain = $member['email']; $pos = strpos($domain, '@'); if ($pos !== false) { $domain = substr($domain, $pos + 1); } $cc_num = preg_replace('/\\D+/', '', $vars['cc_number']); // Recommended fields $h["domain"] = $domain; // Email domain $h["bin"] = substr($cc_num, 0, 6); // bank identification number //$h["forwardedIP"] = $proxy_ip; // X-Forwarded-For or Client-IP HTTP Header if ($forwarded_ip) { $h["forwardedIP"] = $forwarded_ip; } // X-Forwarded-For or Client-IP HTTP Header $h["custPhone"] = $vars['cc_phone']; // Area-code and local prefix of customer phone number // Optional fields $h["binName"] = $vars['cc_bin_name']; // bank name $h["binPhone"] = $vars['cc_bin_phone']; // bank customer service phone number on back of credit card $h["emailMD5"] = md5(strtolower($member['email'])); // CreditCardFraudDetection.php will take MD5 hash of e-mail address passed to emailMD5 //if it detects '@' in the string // added 04/10/2006 /* MaxMind: * We have added the following two new input fields: "usernameMD5" and "passwordMD5". * These fields can be used by sites that require their customers to login before making a purchase. * Once the customer makes a purchase, the two new inputs would be passed along with the other input fields. * As with e-mails, carders will often use the same login and password to sign up at different online sites to reduce overhead * in managing their different accounts. These two new fields will affect the risk score and will offer additional reference points * for predictive analysis. Please note that this information will be encoded to ensure user privacy, but still allow us to compare * a unique identifier to help prevent fraud. These fields are optional inputs, and while we recommend using these valuable tools against fraud, * we also recognize the importance of keeping your customers' information secure. As such, it is possible to enter both, either, * or neither of these fields. */ $h["usernameMD5"] = md5(strtolower($member['login'])); // MD5 hash in hexadecimal form of lowercase version of your customer's user name. Used by highRiskUsername output to check against database of high risk user names. //$h["shipAddr"] = $vars['cc_housenumber']." ".$vars['cc_street']; // Shipping Address $h["shipAddr"] = $vars['cc_street']; // Shipping Address $h["shipCity"] = $vars['cc_city']; // the City to Ship to $h["shipRegion"] = $vars['cc_state']; // the Region to Ship to $h["shipPostal"] = $vars['cc_zip']; // the Postal Code to Ship to $h["shipCountry"] = $vars['cc_country']; // the country to Ship to $h["txnID"] = $payment['payment_id']; // Transaction ID $h["sessionID"] = md5(session_id()); // Session ID // If you want to disable Secure HTTPS or don't have Curl and OpenSSL installed // uncomment the next line // $ccfs->isSecure = 0; // set the timeout to be five seconds $ccfs->timeout = 5; // uncomment to turn on debugging //$ccfs->debug = 1; // how many seconds to cache the ip addresses // $ccfs->wsIpaddrRefreshTimeout = 3600*5; // file to store the ip address for www.maxmind.com and www2.maxmind.com // $ccfs->wsIpaddrCacheFile = "/tmp/maxmind.ws.cache"; // if useDNS is 1 then use DNS, otherwise use ip addresses directly $ccfs->useDNS = 1; $ccfs->isSecure = 0; // next we set up the input hash $ccfs->input($h); // then we query the server $ccfs->query(); // then we get the result from the server $h = $ccfs->output(); $was_errors = false; $payment_records_edit_log = array(); $risk_score = $h['riskScore']; if ($h['carderEmail'] == 'Yes') { $risk_score = 99; $db->log_error(_TPL_CC_ERROR_CARDEREMAIL); $payment_records_edit_log[] = _TPL_CC_ERROR_CARDEREMAIL; $was_errors = true; } if ($h['countryMatch'] == 'No' && !$config['allow_country_not_matched']) { $risk_score = 99; $db->log_error(_TPL_CC_ERROR_COUNTRYNOTMATCH . " (login="******", ip=" . $client_ip . ", country=" . $country . ")"); $payment_records_edit_log[] = _TPL_CC_ERROR_COUNTRYNOTMATCH; $was_errors = true; } if ($h['highRiskCountry'] == 'Yes' && !$config['allow_high_risk_country']) { $risk_score = 99; $db->log_error(_TPL_CC_ERROR_HIGHRISKCOUNTRY . " (login="******", country=" . $country . ")"); $payment_records_edit_log[] = _TPL_CC_ERROR_HIGHRISKCOUNTRY; $was_errors = true; } if ($h['anonymousProxy'] == 'Yes' && !$config['allow_anonymous_proxy']) { $risk_score = 99; $db->log_error(_TPL_CC_ERROR_ANONYMOUSPROXY . " (login="******", HTTP_X_FORWARDED_FOR=" . $_SERVER["HTTP_X_FORWARDED_FOR"] . ", HTTP_CLIENT_IP=" . $_SERVER["HTTP_CLIENT_IP"] . ", REMOTE_ADDR=" . $_SERVER["REMOTE_ADDR"] . ")"); $payment_records_edit_log[] = _TPL_CC_ERROR_ANONYMOUSPROXY; $was_errors = true; } if ($h['freeMail'] == 'Yes' && !$config['allow_free_mail']) { $risk_score = 99; $db->log_error(_TPL_CC_ERROR_FREEMAIL . " (login="******", email=" . $member['email'] . ")"); $payment_records_edit_log[] = _TPL_CC_ERROR_FREEMAIL; $was_errors = true; } if ($config['cc_input_bin']) { if ($h['binMatch'] != 'Yes') { $risk_score = 99; $db->log_error(_TPL_CC_ERROR_BIN); $payment_records_edit_log[] = _TPL_CC_ERROR_BIN; $was_errors = true; } if ($h['binNameMatch'] != 'Yes') { $risk_score = 99; $db->log_error(_TPL_CC_ERROR_BIN_NAME); $payment_records_edit_log[] = _TPL_CC_ERROR_BIN_NAME; $was_errors = true; } if ($h['binPhoneMatch'] != 'Yes') { $risk_score = 99; $db->log_error(_TPL_CC_ERROR_BIN_PHONE); $payment_records_edit_log[] = _TPL_CC_ERROR_BIN_PHONE; $was_errors = true; } } if ($h['queriesRemaining'] > 0 && $h['queriesRemaining'] < 10) { $db->log_error("MaxMind queriesRemaining: " . $h['queriesRemaining']); } $ccfd_warnings = array('IP_NOT_FOUND', 'COUNTRY_NOT_FOUND', 'CITY_NOT_FOUND', 'CITY_REQUIRED', 'POSTAL_CODE_REQUIRED', 'POSTAL_CODE_NOT_FOUND'); $ccfd_fatal_errors = array('INVALID_LICENSE_KEY', 'MAX_REQUESTS_PER_LICENSE', 'IP_REQUIRED', 'LICENSE_REQUIRED', 'COUNTRY_REQUIRED', 'MAX_REQUESTS_REACHED'); if ($h['err']) { if (in_array($h['err'], $ccfd_warnings)) { $db->log_error("MaxMind warning: " . $h['err'] . " maxmindID: " . $h['maxmindID']); } if (in_array($h['err'], $ccfd_fatal_errors)) { $db->log_error("MaxMind error: " . $h['err'] . " maxmindID: " . $h['maxmindID']); $was_errors = true; } } if ($was_errors) { $errors[] = _TPL_CC_DECLINED; if ($payment_records_edit_log) { $payment = $db->get_payment($payment['payment_id']); $payment['data']['ccfd_errors'] = $payment_records_edit_log; $db->update_payment($payment['payment_id'], $payment); } } //if ($h['err']) $errors[] = $h['err']; return $risk_score; }
function fraud_scrub(&$transInfo, &$bankInfo, &$companyInfo) { if ($transInfo['cardtype'] != 'Visa' && $transInfo['cardtype'] != 'Mastercard') { return 0; } global $etel_fraud_response; require_once 'fraud/CreditCardFraudDetection.php'; $ccfs = new CreditCardFraudDetection(); // Set inputs and store them in a hash // See http://www.maxmind.com/app/ccv for more details on the input fields // Enter your license key here (non registered users limited to 20 lookups per day) $h["license_key"] = "UHccvlc5aVqk"; // Required fields $h["i"] = $transInfo['ipaddress']; // set the client ip address $h["city"] = $transInfo['city']; // set the billing city $h["region"] = $transInfo['state']; // set the billing state $h["postal"] = $transInfo['zipcode']; // set the billing zip code $h["country"] = $transInfo['country']; // set the billing country // Recommended fields $h["domain"] = substr(strstr($transInfo['email'], '@'), 1); // Email domain $h["bin"] = substr($transInfo['CCnumber'], 0, 6); // bank identification number $h["forwardedIP"] = $transInfo['ipaddress']; // X-Forwarded-For or Client-IP HTTP Header $h["custPhone"] = substr($transInfo['phonenumber'], 0, 3) . "-" . substr($transInfo['phonenumber'], 4, 6); // Area-code and local prefix of customer phone number // Optional fields //$h["binName"] = "MBNA America Bank"; // bank name $h["binPhone"] = $transInfo['td_bank_number']; // bank customer service phone number on back of credit card $h["requested_type"] = "premium"; // Which level (free, city, premium) of CCFD to use $h["emailMD5"] = md5(strtolower($transInfo['email'])); // CreditCardFraudDetection.php will take // MD5 hash of e-mail address passed to emailMD5 if it detects '@' in the string $h["shipAddr"] = $transInfo['address']; // Shipping Address //$h["txnID"] = "1234"; // Transaction ID $h["sessionID"] = session_id(); // Session ID // If you want to disable Secure HTTPS or don't have Curl and OpenSSL installed // uncomment the next line // $ccfs->isSecure = 0; //set the time out to be five seconds $ccfs->timeout = 5; //uncomment to turn on debugging $ccfs->debug = 0; //next we pass the input hash to the server $ccfs->input($h); //then we query the server $ccfs->query(); //then we get the result from the server $ho = $ccfs->output(); //then finally we print out the result $outputkeys = array_keys($ho); $numoutputkeys = count($ho); $noCity = 0; for ($i = 0; $i < $numoutputkeys; $i++) { $key = $outputkeys[$i]; $value = $ho[$key]; $tolog .= $key . " = " . $value . "\n"; if ($key == 'err' && $value == 'CITY_NOT_FOUND') { //toLog('erroralert','customer', "Fraud Scrubbing Can't find City '".$h["city"]."' ".serialize($h)." ".$tolog); $noCity = 1; } } toLog('order', 'customer', "Fraud Scrubbing Result for " . $transInfo['reference_number'] . ": " . $tolog, $transInfo['transactionId']); $etel_fraud_response = $tolog; return floatval($ho['score'] - $noCity * 2.6); }
$input['shipCity'] = 'Jamaica'; // the City to Ship to $input['shipRegion'] = 'NY'; // the Region to Ship to $input['shipPostal'] = '11434'; // the Postal Code to Ship to $input['shipCountry'] = 'US'; // the country to Ship to11 $input['txnID'] = '1234'; // Transaction ID $input['accept_language'] = $_SERVER['HTTP_ACCEPT_LANGUAGE']; $input['user_agent'] = $_SERVER['HTTP_USER_AGENT']; /** * If you want to enable Secure HTTPS, have Curl and OpenSSL * installed, change the next line to true. */ // $ccfs->isSecure = false; // Set the timeout to be five seconds. $ccfs->timeout = 10; // Convert the output to UTF-8 (it is ISO 8859-1 by default) $ccfs->useUtf8(true); // Uncomment to turn on debugging. // $ccfs->debug = true; // Add the input array to the object. $ccfs->input($input); // Query the server. $ccfs->query(); // Get the result from the server. $output = $ccfs->output(); // Finally we print out the result. print_r($output);