/**
* Process PayPal Instant Payment Notifications (IPN)
* @param IsotopeProductCollection
*/
public function processPostsale(IsotopeProductCollection $objOrder)
{
$objRequest = new \Request();
$objRequest->send('https://www.' . ($this->debug ? 'sandbox.' : '') . 'paypal.com/cgi-bin/webscr?cmd=_notify-validate', file_get_contents("php://input"), 'post');
if ($objRequest->hasError()) {
\System::log('Request Error: ' . $objRequest->error, __METHOD__, TL_ERROR);
exit;
} elseif ($objRequest->response == 'VERIFIED' && (\Input::post('receiver_email', true) == $this->paypal_account || $this->debug)) {
// Validate payment data (see #2221)
if ($objOrder->currency != \Input::post('mc_currency') || $objOrder->getTotal() != \Input::post('mc_gross')) {
\System::log('IPN manipulation in payment from "' . \Input::post('payer_email') . '" !', __METHOD__, TL_ERROR);
return;
}
if (!$objOrder->checkout()) {
\System::log('IPN checkout for Order ID "' . \Input::post('invoice') . '" failed', __METHOD__, TL_ERROR);
return;
}
// Store request data in order for future references
$arrPayment = deserialize($objOrder->payment_data, true);
$arrPayment['POSTSALE'][] = $_POST;
$objOrder->payment_data = $arrPayment;
$objOrder->save();
// @see https://www.paypalobjects.com/webstatic/en_US/developer/docs/pdf/ipnguide.pdf
switch (\Input::post('payment_status')) {
case 'Completed':
$objOrder->date_paid = time();
$objOrder->updateOrderStatus($this->new_order_status);
break;
case 'Canceled_Reversal':
case 'Denied':
case 'Expired':
case 'Failed':
case 'Voided':
// PayPal will also send this notification if the order has not been placed.
// What do we do here?
// $objOrder->date_paid = '';
// $objOrder->updateOrderStatus(Isotope::getConfig()->orderstatus_error);
break;
case 'In-Progress':
case 'Partially_Refunded':
case 'Pending':
case 'Processed':
case 'Refunded':
case 'Reversed':
break;
}
$objOrder->payment_data = $arrPayment;
$objOrder->save();
\System::log('PayPal IPN: data accepted', __METHOD__, TL_GENERAL);
} else {
\System::log('PayPal IPN: data rejected (' . $objRequest->response . ')', __METHOD__, TL_ERROR);
}
// 200 OK
$objResponse = new Response();
$objResponse->send();
}
/**
* Process Transaction URL notification
*
* @param IsotopeProductCollection|Order $objOrder
*/
public function processPostsale(IsotopeProductCollection $objOrder)
{
if (\Input::post('aid') != $this->payone_aid || \Input::post('portalid') != $this->payone_portalid || \Input::post('mode') == 'test' && !$this->debug || \Input::post('mode') == 'live' && $this->debug) {
\System::log('PayOne configuration mismatch', __METHOD__, TL_ERROR);
die('TSOK');
}
// Ignore all except these actions
if (\Input::post('txaction') != 'appointed' && \Input::post('txaction') != 'capture' && \Input::post('txaction') != 'paid') {
die('TSOK');
}
if (\Input::post('currency') != $objOrder->currency || $objOrder->getTotal() != \Input::post('price')) {
\System::log('PayOne order data mismatch for Order ID "' . \Input::post('reference') . '"', __METHOD__, TL_ERROR);
die('TSOK');
}
if (!$objOrder->checkout()) {
\System::log('Postsale checkout for Order ID "' . \Input::post('reference') . '" failed', __METHOD__, TL_ERROR);
die('TSOK');
}
if (\Input::post('txaction') == 'paid' && \Input::post('balance') == 0) {
$objOrder->date_paid = time();
}
$objOrder->updateOrderStatus($this->new_order_status);
$objOrder->save();
// PayOne must get TSOK as return value, otherwise the request will be sent again
die('TSOK');
}
/**
* Process Transaction URL notification
* @param IsotopeProductCollection
*/
public function processPostSale(IsotopeProductCollection $objOrder)
{
if (\Input::post('tr_error') != 'none') {
\System::log('Transferuj.pl response error: ' . \Input::post('tr_error'), __METHOD__, TL_ERROR);
die('TRUE');
}
if (\Input::post('transferujpl_id') == $this->transferujpl_id && \Input::post('tr_status') == 'TRUE') {
$strHash = md5($this->transferujpl_id . \Input::post('tr_id') . number_format(round($objOrder->getTotal(), 2), 2, '.', '') . $objOrder->id . $this->transferujpl_code);
if (\Input::post('md5sum') == $strHash) {
// Checkout failed
if (!$objOrder->checkout()) {
\System::log('Transferuj.pl checkout for order ID "' . $objOrder->id . '" failed', __METHOD__, TL_ERROR);
die('TRUE');
}
$arrPayment = deserialize($objOrder->payment_data, true);
$arrPayment['POSTSALE'][] = $_POST;
$objOrder->payment_data = $arrPayment;
$objOrder->date_paid = time();
$objOrder->updateOrderStatus($this->new_order_status);
$objOrder->save();
\System::log('Transferuj.pl data accepted for order ID "' . $objOrder->id . '"', __METHOD__, TL_GENERAL);
}
}
die('TRUE');
}
/**
* Process Instant Payment Notifications (IPN)
* @param IsotopeProductCollection
*/
public function processPostSale(IsotopeProductCollection $objOrder)
{
if (\Input::post('instId') != $this->worldpay_instId) {
\System::log('Installation ID does not match', __METHOD__, TL_ERROR);
$this->postsaleError();
}
// Validate payment data
if ($objOrder->currency != \Input::post('currency') || $objOrder->getTotal() != \Input::post('amount') || $this->worldpay_callbackPW != \Input::post('callbackPW') || !$this->debug && \Input::post('testMode') == '100') {
\System::log('Data manipulation in payment from "' . \Input::post('email') . '" !', __METHOD__, TL_ERROR);
$this->postsaleError();
}
// Order status cancelled and order not yet completed, do nothing
if (\Input::post('transStatus') != 'Y' && $objOrder->status == 0) {
$this->postsaleError();
}
if (\Input::post('transStatus') == 'Y') {
if (!$objOrder->checkout()) {
\System::log('Checkout for Order ID "' . $objOrder->id . '" failed', __METHOD__, TL_ERROR);
$this->postsaleError();
}
$objOrder->date_paid = time();
$objOrder->updateOrderStatus($this->new_order_status);
}
// Store request data in order for future references
$arrPayment = deserialize($objOrder->payment_data, true);
$arrPayment['POSTSALE'][] = $_POST;
$objOrder->payment_data = $arrPayment;
$objOrder->save();
$this->postsaleSuccess($objOrder);
}
/**
* Perform server to server data check
*
* @param IsotopeProductCollection|Order $objOrder
*/
public function processPostsale(IsotopeProductCollection $objOrder)
{
// Verify payment status
if (\Input::post('status') != 'success') {
\System::log('Payment for order ID "' . \Input::post('refno') . '" failed.', __METHOD__, TL_ERROR);
return;
}
// Validate HMAC sign
$hash = hash_hmac('md5', $this->datatrans_id . \Input::post('amount') . \Input::post('currency') . \Input::post('uppTransactionId'), $this->datatrans_sign);
if (\Input::post('sign2') != $hash) {
\System::log('Invalid HMAC signature for Order ID ' . \Input::post('refno'), __METHOD__, TL_ERROR);
return;
}
// For maximum security, also validate individual parameters
if (!$this->validateParameters(array('refno' => $objOrder->id, 'currency' => $objOrder->currency, 'amount' => round($objOrder->getTotal() * 100), 'reqtype' => $this->trans_type == 'auth' ? 'NOA' : 'CAA'))) {
return;
}
if (!$objOrder->checkout()) {
\System::log('Postsale checkout for Order ID "' . \Input::post('refno') . '" failed', __METHOD__, TL_ERROR);
return;
}
$objOrder->date_paid = time();
$objOrder->updateOrderStatus($this->new_order_status);
$objOrder->save();
}
/**
* Handle the server to server postsale request
* @param IsotopeProductCollection
*/
public function processPostsale(IsotopeProductCollection $objOrder)
{
$arrHash = array('transaction' => \Input::post('transaction'), 'user_id' => \Input::post('user_id'), 'project_id' => \Input::post('project_id'), 'sender_holder' => \Input::post('sender_holder'), 'sender_account_number' => \Input::post('sender_account_number'), 'sender_bank_code' => \Input::post('sender_bank_code'), 'sender_bank_name' => \Input::post('sender_bank_name'), 'sender_bank_bic' => \Input::post('sender_bank_bic'), 'sender_iban' => \Input::post('sender_iban'), 'sender_country_id' => \Input::post('sender_country_id'), 'recipient_holder' => \Input::post('recipient_holder'), 'recipient_account_number' => \Input::post('recipient_account_number'), 'recipient_bank_code' => \Input::post('recipient_bank_code'), 'recipient_bank_name' => \Input::post('recipient_bank_name'), 'recipient_bank_bic' => \Input::post('recipient_bank_bic'), 'recipient_iban' => \Input::post('recipient_iban'), 'recipient_country_id' => \Input::post('recipient_country_id'), 'international_transaction' => \Input::post('international_transaction'), 'amount' => \Input::post('amount'), 'currency_id' => \Input::post('currency_id'), 'reason_1' => \Input::post('reason_1'), 'reason_2' => \Input::post('reason_2'), 'security_criteria' => \Input::post('security_criteria'), 'user_variable_0' => \Input::post('user_variable_0'), 'user_variable_1' => \Input::post('user_variable_1'), 'user_variable_2' => \Input::post('user_variable_2'), 'user_variable_3' => \Input::post('user_variable_3'), 'user_variable_4' => \Input::post('user_variable_4'), 'user_variable_5' => \Input::post('user_variable_5'), 'created' => \Input::post('created'), 'notification_password' => $this->sofortueberweisung_project_password);
// check if both hashes math
if (\Input::post('hash') != sha1(implode('|', $arrHash))) {
\System::log('The given hash does not match. (sofortüberweisung.de)', __METHOD__, TL_ERROR);
return;
}
if (!$objOrder->checkout()) {
\System::log('Postsale checkout for Order ID "' . \Input::post('user_variable_0') . '" failed', __METHOD__, TL_ERROR);
return;
}
$objOrder->date_paid = time();
$objOrder->updateOrderStatus($this->new_order_status);
$objOrder->save();
}
/**
* Process Transaction URL notification
* @param IsotopeProductCollection
*/
public function processPostSale(IsotopeProductCollection $objOrder)
{
if (\Input::post('pos_id') == $this->payu_id) {
$strHash = md5($this->payu_id . \Input::post('session_id') . \Input::post('ts') . $this->payu_key2);
if (\Input::post('sig') == $strHash) {
$time = time();
$arrData = array('pos_id' => $this->payu_id, 'session_id' => \Input::post('session_id'), 'ts' => $time, 'sig' => md5($this->payu_id . \Input::post('session_id') . $time . $this->payu_key1));
$strParams = http_build_query($arrData);
$strHeaders = 'POST /paygw/UTF/Payment/get/txt HTTP/1.0' . "\r\n" . 'Host: www.platnosci.pl' . "\r\n" . 'Content-Type: application/x-www-form-urlencoded' . "\r\n" . 'Content-Length: ' . strlen($strParams) . "\r\n" . 'Connection: close' . "\r\n\r\n";
if ($fp = @fsockopen('ssl://www.platnosci.pl', 443, $errno, $errstr, 30)) {
fputs($fp, $strHeaders . $strParams);
$strResponse = '';
// Get the response
while (!feof($fp)) {
$strLine = fgets($fp, 1024);
if (stripos($strLine, 'trans_') !== false || stripos($strLine, 'status') !== false) {
$strResponse .= $strLine;
}
}
fclose($fp);
// Parse the response
$arrResponse = $this->parseResponse($strResponse);
$strHash = md5($this->payu_id . $arrResponse['trans_session_id'] . $arrResponse['trans_order_id'] . $arrResponse['trans_status'] . $arrResponse['trans_amount'] . $arrResponse['trans_desc'] . $arrResponse['trans_ts'] . $this->payu_key2);
if ($arrResponse['status'] == 'OK' && $arrResponse['trans_sig'] == $strHash && $arrResponse['trans_status'] == 99) {
if (!$objOrder->checkout()) {
\System::log('PayU checkout for order ID "' . $objOrder->id . '" failed', __METHOD__, TL_ERROR);
die('OK');
}
// Store the payment data
$arrPayment = deserialize($objOrder->payment_data, true);
$arrPayment['POSTSALE'][] = $arrResponse;
$objOrder->payment_data = $arrPayment;
$objOrder->date_paid = $time;
$objOrder->updateOrderStatus($this->new_order_status);
$objOrder->save();
\System::log('PayU data accepted for order ID ' . $objOrder->id . ' (status: ' . $arrResponse['trans_status'] . ')', __METHOD__, TL_GENERAL);
}
} else {
\System::log('PayU could not connect to server', __METHOD__, TL_ERROR);
}
}
}
die('OK');
}
/**
* Server to server communication
* @param IsotopeProductCollection
*/
public function processPostsale(IsotopeProductCollection $objOrder)
{
$arrData = array();
foreach (array('aid', 'amount', 'basketid', 'currency', 'directPosErrorCode', 'directPosErrorMessage', 'orderid', 'rc', 'retrefnum', 'sessionid', 'trefnum') as $strKey) {
$arrData[$strKey] = \Input::post($strKey);
}
// Sparkasse system sent error message
if ($arrData['directPosErrorCode'] > 0) {
$this->redirectError($arrData);
}
// Check the data hash to prevent manipulations
if (\Input::post('mac') != $this->calculateHash($arrData)) {
\System::log('Security hash mismatch in Sparkasse payment!', __METHOD__, TL_ERROR);
$this->redirectError($arrData);
}
// Convert amount, Sparkasse is using comma instead of dot as decimal separator
$arrData['amount'] = str_replace(',', '.', preg_replace('/[^0-9,]/', '', $arrData['amount']));
// Validate payment data
if ($objOrder->currency != $arrData['currency']) {
\System::log(sprintf('Data manipulation: currency mismatch ("%s" != "%s")', $objOrder->currency, $arrData['currency']), __METHOD__, TL_ERROR);
$this->redirectError($arrData);
} elseif ($objOrder->getTotal() != $arrData['amount']) {
\System::log(sprintf('Data manipulation: amount mismatch ("%s" != "%s")', $objOrder->getTotal(), $arrData['amount']), __METHOD__, TL_ERROR);
$this->redirectError($arrData);
}
if (!$objOrder->checkout()) {
\System::log('Postsale checkout for order ID "' . $objOrder->id . '" failed', __METHOD__, TL_ERROR);
$this->redirectError($arrData);
}
// Store request data in order for future references
$arrPayment = deserialize($objOrder->payment_data, true);
$arrPayment['POSTSALE'][] = $_POST;
$objOrder->payment_data = $arrPayment;
$objOrder->date_paid = time();
$objOrder->updateOrderStatus($this->new_order_status);
$objOrder->save();
$strUrl = Checkout::generateUrlForStep('complete', $objOrder, \PageModel::findWithDetails((int) $arrData['sessionid']));
// 200 OK
$objResponse = new Response('redirecturls=' . \Environment::get('base') . $strUrl);
$objResponse->send();
}
/**
* Process PayPal Instant Payment Notifications (IPN)
*
* @param IsotopeProductCollection|Order $objOrder
*/
public function processPostsale(IsotopeProductCollection $objOrder)
{
if (\Input::post('payment_status') != 'Completed') {
\System::log('PayPal IPN: payment status "' . \Input::post('payment_status') . '" not implemented', __METHOD__, TL_GENERAL);
return;
}
$objRequest = new \Request();
$objRequest->send('https://www.' . ($this->debug ? 'sandbox.' : '') . 'paypal.com/cgi-bin/webscr?cmd=_notify-validate', file_get_contents("php://input"), 'post');
if ($objRequest->hasError()) {
\System::log('PayPal IPN: Request Error (' . $objRequest->error . ')', __METHOD__, TL_ERROR);
$response = new Response('', 500);
$response->send();
}
if ($objRequest->response != 'VERIFIED') {
\System::log('PayPal IPN: data rejected (' . $objRequest->response . ')', __METHOD__, TL_ERROR);
return;
}
if (\Input::post('receiver_email', true) != $this->paypal_account && !$this->debug) {
\System::log('PayPal IPN: Account email does not match (got ' . \Input::post('receiver_email', true) . ', expected ' . $this->paypal_account . ')', __METHOD__, TL_ERROR);
return;
}
// Validate payment data (see #2221)
if ($objOrder->currency != \Input::post('mc_currency') || $objOrder->getTotal() != \Input::post('mc_gross')) {
\System::log('PayPal IPN: manipulation in payment from "' . \Input::post('payer_email') . '" !', __METHOD__, TL_ERROR);
return;
}
if (!$objOrder->checkout()) {
\System::log('PayPal IPN: checkout for Order ID "' . \Input::post('invoice') . '" failed', __METHOD__, TL_ERROR);
return;
}
// Store request data in order for future references
$arrPayment = deserialize($objOrder->payment_data, true);
$arrPayment['POSTSALE'][] = $_POST;
$objOrder->payment_data = $arrPayment;
$objOrder->date_paid = time();
$objOrder->updateOrderStatus($this->new_order_status);
$objOrder->save();
\System::log('PayPal IPN: data accepted', __METHOD__, TL_GENERAL);
}
/**
* Handle the server to server postsale request
* @param IsotopeProductCollection
*/
public function processPostsale(IsotopeProductCollection $objOrder)
{
// check if both hashes match
if (\Input::post('requestFingerprint') == $this->calcHashPost()) {
\System::log('The given hash does not match for Order ID "' . \Input::post('order_id') . '" (Wirecard)', __METHOD__, TL_ERROR);
return;
}
$strState = \Input::post('paymentState');
// log
\System::log('Update of payment status of Order ID "' . \Input::post('order_id') . '" (Wirecard): "' . $strState . '"', __METHOD__, TL_GENERAL);
// ignore all cases except success
if ($strState != 'SUCCESS') {
return;
}
// perform checkout
if (!$objOrder->checkout()) {
\System::log('Postsale checkout for Order ID "' . \Input::post('order_id') . '" failed', __METHOD__, TL_ERROR);
return;
}
// update status
$objOrder->date_paid = time();
$objOrder->updateOrderStatus($this->new_order_status);
$objOrder->save();
}
/**
* Process post-sale requestion from the PSP payment server.
* @param IsotopeProductCollection
*/
public function processPostsale(IsotopeProductCollection $objOrder)
{
if (!$this->validateSHASign()) {
\System::log('Received invalid postsale data for order ID "' . $objOrder->id . '"', __METHOD__, TL_ERROR);
return false;
}
// Validate payment data
if ($objOrder->currency != $this->getRequestData('currency') || $objOrder->getTotal() != $this->getRequestData('amount')) {
\System::log('Postsale checkout manipulation in payment for Order ID ' . $objOrder->id . '!', __METHOD__, TL_ERROR);
return false;
}
// Validate payment status
switch ($this->getRequestData('STATUS')) {
case 9:
// Zahlung beantragt (Authorize & Capture)
$objOrder->date_paid = time();
// no break
// no break
case 5:
// Genehmigt (Authorize ohne Capture)
$intStatus = $this->new_order_status;
break;
case 41:
// Unbekannter Wartezustand
// Unbekannter Wartezustand
case 51:
// Genehmigung im Wartezustand
// Genehmigung im Wartezustand
case 91:
// Zahlung im Wartezustand
// Zahlung im Wartezustand
case 52:
// Genehmigung nicht bekannt
// Genehmigung nicht bekannt
case 92:
// Zahlung unsicher
if (($objConfig = $objOrder->getRelated('config_id')) === null) {
$this->log('Config for Order ID ' . $objOrder->id . ' not found', __METHOD__, TL_ERROR);
return false;
}
$intStatus = $objConfig->orderstatus_error;
break;
case 0:
// Ungültig / Unvollständig
// Ungültig / Unvollständig
case 1:
// Zahlungsvorgang abgebrochen
// Zahlungsvorgang abgebrochen
case 2:
// Genehmigung verweigert
// Genehmigung verweigert
case 4:
// Gespeichert
// Gespeichert
case 93:
// Bezahlung verweigert
// Bezahlung verweigert
default:
return false;
}
if (!$objOrder->checkout()) {
\System::log('Post-Sale checkout for Order ID "' . $objOrder->id . '" failed', __METHOD__, TL_ERROR);
return false;
}
$objOrder->updateOrderStatus($intStatus);
$objOrder->save();
return true;
}
