protected function setBillingAgreementDetailsIfUnset($billingAgreementId)
{
if ($this->session_getData('billing_agreements', $billingAgreementId)) {
return;
}
$this->logger->info("Setting details for billing agreement {$billingAgreementId}");
$this->callPwaClient('setBillingAgreementDetails', array('amazon_billing_agreement_id' => $billingAgreementId, 'seller_note' => WmfFramework::formatMessage('donate_interface-monthly-donation-description'), 'seller_billing_agreement_id' => $this->getData_Staged('order_id')));
$billingAgreements = WmfFramework::getSessionValue('billing_agreements');
$billingAgreements[$billingAgreementId] = true;
WmfFramework::setSessionValue('billing_agreements', $billingAgreements);
}
/**
* Run the filter if we haven't for this session, and set a flag
* @param GatewayType $gateway_adapter
* @param Gateway_Extras_CustomFilters $custom_filter_object
* @return bool
*/
public static function onInitialFilter($gateway_adapter, $custom_filter_object)
{
if (!$gateway_adapter->getGlobal('EnableIPVelocityFilter')) {
return true;
}
if (WmfFramework::getSessionValue(self::RAN_INITIAL)) {
return true;
}
WmfFramework::setSessionValue(self::RAN_INITIAL, true);
$gateway_adapter->debugarray[] = 'IP Velocity onFilter!';
return self::singleton($gateway_adapter, $custom_filter_object)->filter();
}
/**
* Although this function actually does the filtering, as this is a singleton pattern
* we only want one instance actually using it.
*
* @return bool false if we should stop processing
*/
private function filter()
{
$user_ip = $this->gateway_adapter->getData_Unstaged_Escaped('user_ip');
// Determine IP status before doing anything complex
$wl = DataValidator::ip_is_listed($user_ip, $this->gateway_adapter->getGlobal('IPWhitelist'));
$bl = DataValidator::ip_is_listed($user_ip, $this->gateway_adapter->getGlobal('IPBlacklist'));
if ($wl) {
$this->gateway_adapter->debugarray[] = "SessionVelocity: IP present in whitelist.";
return true;
}
if ($bl) {
$this->gateway_adapter->debugarray[] = "SessionVelocity: IP present in blacklist.";
return false;
}
// Open a session if it doesn't already exist
$this->gateway_adapter->session_ensure();
// Obtain some useful information
$gateway = $this->gateway_adapter->getIdentifier();
$transaction = $this->gateway_adapter->getCurrentTransaction();
$cRequestTime = $_SERVER['REQUEST_TIME'];
$decayRate = $this->getVar('DecayRate', $transaction);
$threshold = $this->getVar('Threshold', $transaction);
$multiplier = $this->getVar('Multiplier', $transaction);
// Initialize the filter
$sessionData = WmfFramework::getSessionValue(self::SESS_ROOT);
if (!is_array($sessionData)) {
$sessionData = array();
}
if (!array_key_exists($gateway, $sessionData)) {
$sessionData[$gateway] = array();
}
if (!array_key_exists($transaction, $sessionData[$gateway])) {
$sessionData[$gateway][$transaction] = array($this::SESS_SCORE => 0, $this::SESS_TIME => $cRequestTime, $this::SESS_MULTIPLIER => 1);
}
$lastTime = $sessionData[$gateway][$transaction][self::SESS_TIME];
$score = $sessionData[$gateway][$transaction][self::SESS_SCORE];
$lastMultiplier = $sessionData[$gateway][$transaction][self::SESS_MULTIPLIER];
// Update the filter if it's stale
if ($cRequestTime != $lastTime) {
$score = max(0, $score - ($cRequestTime - $lastTime) * $decayRate);
$score += $this->getVar('HitScore', $transaction) * $lastMultiplier;
$sessionData[$gateway][$transaction][$this::SESS_SCORE] = $score;
$sessionData[$gateway][$transaction][$this::SESS_TIME] = $cRequestTime;
$sessionData[$gateway][$transaction][$this::SESS_MULTIPLIER] = $lastMultiplier * $multiplier;
}
// Store the results
WmfFramework::setSessionValue(self::SESS_ROOT, $sessionData);
// Analyze the filter results
if ($score >= $threshold) {
// Ahh!!! Failure!!! Sloooooooow doooowwwwnnnn
$this->fraud_logger->alert("SessionVelocity: Rejecting request due to score of {$score}");
$this->sendAntifraudMessage('reject', $score, array('SessionVelocity' => $score));
$retval = false;
} else {
$retval = true;
}
$this->fraud_logger->debug("SessionVelocity: ({$gateway}, {$transaction}) Score: {$score}, " . "AllowAction: {$retval}, DecayRate: {$decayRate}, " . "Threshold: {$threshold}, Multiplier: {$lastMultiplier}");
return $retval;
}
/**
* token_refreshAllTokenEverything
* In the case where we have an expired session (token mismatch), we go
* ahead and fix it for 'em for their next post. We do this by refreshing
* everything that has to do with the edit token.
*/
protected function token_refreshAllTokenEverything()
{
$unsalted = self::token_generateToken();
$gateway_ident = self::getIdentifier();
$this->session_ensure();
WmfFramework::setSessionValue($gateway_ident . 'EditToken', $unsalted);
$salted = $this->token_getSaltedSessionToken();
$this->addRequestData(array('wmf_token' => $salted));
}
/**
* Run the transaction through the custom filters
* @param string $phase Run custom filters attached for this phase
* @return bool
*/
protected function validate($phase)
{
$this->runFilters($phase);
$score = $this->getRiskScore();
$this->gateway_adapter->setRiskScore($score);
$localAction = $this->determineAction();
$this->gateway_adapter->setValidationAction($localAction);
$log_message = '"' . $localAction . "\"\t\"" . $score . "\"";
$this->fraud_logger->info('"Filtered" ' . $log_message);
$log_message = '"' . addslashes(json_encode($this->risk_score)) . '"';
$this->fraud_logger->info('"CustomFiltersScores" ' . $log_message);
$utm = array('utm_campaign' => $this->gateway_adapter->getData_Unstaged_Escaped('utm_campaign'), 'utm_medium' => $this->gateway_adapter->getData_Unstaged_Escaped('utm_medium'), 'utm_source' => $this->gateway_adapter->getData_Unstaged_Escaped('utm_source'));
$log_message = '"' . addslashes(json_encode($utm)) . '"';
$this->fraud_logger->info('"utm" ' . $log_message);
// Always send a message if we're about to charge or redirect the donor
// Only send a message on initial validation if things look fishy
if ($phase === self::PHASE_VALIDATE || $localAction !== 'process') {
$this->sendAntifraudMessage($localAction, $score, $this->risk_score);
}
if (!$this->gateway_adapter->isBatchProcessor()) {
// Always keep the stored scores up to date
WmfFramework::setSessionValue('risk_scores', $this->risk_score);
}
return TRUE;
}
