/** * Retour de la demande de paiement chez PaypalExpress * * @param array $config * @param null|array $response * @return array */ function presta_paypalexpress_call_response($config, $response = null) { include_spip('inc/bank'); $mode = $config['presta']; $ack = false; include_spip('presta/paypalexpress/inc/paypalexpress'); /* At this point, the buyer has completed in authorizing payment at PayPal. The script will now call PayPal with the details of the authorization, incuding any shipping information of the buyer. Remember, the authorization is not a completed transaction at this state - the buyer still needs an additional step to finalize the transaction */ $token = urlencode(_request('token')); $id_transaction = intval($_SESSION['id_transaction']); if (!($row = sql_fetsel("*", "spip_transactions", "id_transaction=" . intval($id_transaction)))) { return bank_transaction_invalide($id_transaction, array('mode' => $mode, 'log' => var_export($_REQUEST, true) . var_export($_SESSION, true), 'erreur' => 'donnees Paypal non conformes')); } /* Build a second API request to PayPal, using the token as the ID to get the details on the payment authorization */ $nvpstr = "&TOKEN=" . $token; #var_dump($nvpstr); // pas la peine de faire un call Paypal si Cancel if ($token and _request('action') !== 'bank_cancel' and !defined('_BANK_CANCEL_TRANSACTION')) { /* Make the API call and store the results in an array. If the call was a success, show the authorization details, and provide an action to complete the payment. If failed, show the error */ $resArray = bank_paypalexpress_hash_call($config, "GetExpressCheckoutDetails", $nvpstr); #var_dump($resArray); $_SESSION['reshash'] = $resArray; $ack = strtoupper($resArray["ACK"]); } if ($ack == "SUCCESS" and isset($resArray["PAYERID"]) and isset($resArray["EMAIL"]) and $resArray["PAYERID"] == _request('PayerID')) { $url = $_SESSION['paypalexpress_url_confirm']; $url_checkout = generer_action_auteur('paypalexpress_checkoutpayment', $resArray["PAYERID"] . "-" . $mode . "-" . bank_config_id($config)); $url = parametre_url($url, 'checkout', $url_checkout, '&'); $resume = "Paiement par compte Paypal : <br/>" . $resArray['FIRSTNAME'] . ' ' . $resArray['LASTNAME'] . "," . $resArray['EMAIL']; $_SESSION['order_resume'] = $resume; $_SESSION['token'] = $token; $_SESSION['payer_id'] = $resArray["PAYERID"]; // on redirige (un peu sauvagement) sur l'URL de confirmation // qui est l'url d'origine du paiement avec un &confirm=oui // et va rafficher la commande avec un bouton de validation de paiement include_spip("inc/headers"); redirige_par_entete($url); } else { // regarder si l'annulation n'arrive pas apres un reglement (internaute qui a ouvert 2 fenetres de paiement) if ($row['reglee'] == 'oui') { return array($id_transaction, true); } return bank_transaction_echec($id_transaction, array('mode' => $mode, 'config_id' => bank_config_id($config), 'log' => var_export($_REQUEST, true) . var_export($_SESSION['reshash'], true), 'erreur' => $ack, 'where' => 'GetExpressCheckoutDetails')); } }
function bank_paypalexpress_checkoutpayment($payerid, $config) { $mode = $config['presta']; if (isset($config['mode_test']) and $config['mode_test']) { $mode .= "_test"; } $config_id = bank_config_id($config); include_spip('inc/date'); if (!($id_transaction = $_SESSION['id_transaction'])) { return bank_transaction_invalide(0, array('mode' => $mode, 'erreur' => "id_transaction absent de la session", 'log' => var_export($_SESSION, true))); } if (!($row = sql_fetsel("*", "spip_transactions", "id_transaction=" . intval($id_transaction)))) { return bank_transaction_invalide($id_transaction, array('mode' => $mode, 'erreur' => "transaction inconnue", 'log' => var_export($_SESSION, true))); } // hmm bizare, double hit ? On fait comme si c'etait OK if ($row['reglee'] == 'oui') { spip_log("Erreur transaction {$id_transaction} deja reglee", $mode . _LOG_INFO_IMPORTANTE); return array($id_transaction, true); } // verifier que le payerid est conforme if ($payerid !== $_SESSION['payer_id']) { $trace = "Payerid:{$payerid}\n" . var_export($_SESSION, true); // sinon enregistrer l'absence de paiement et l'erreur return bank_transaction_echec($id_transaction, array('mode' => $mode, 'config_id' => $config_id, 'code_erreur' => '', 'erreur' => "Annulation", 'log' => $trace)); } /* Gather the information to make the final call to finalize the PayPal payment. The variable nvpstr holds the name value pairs */ $token = urlencode($_SESSION['token']); $paymentAmount = $row['montant']; $currencyCodeType = "EUR"; $paymentType = "Sale"; $payerID = urlencode($_SESSION['payer_id']); $serverName = urlencode($_SERVER['SERVER_NAME']); $nvpstr = '&TOKEN=' . $token . '&PAYERID=' . $payerID . '&PAYMENTACTION=' . $paymentType . '&AMT=' . $paymentAmount . '&ORDERTOTAL=' . $paymentAmount . '&CURRENCYCODE=' . $currencyCodeType . '&IPADDRESS=' . $serverName; /* Make the call to PayPal to finalize payment If an error occured, show the resulting errors */ $resArray = bank_paypalexpress_hash_call($config, "DoExpressCheckoutPayment", $nvpstr); $date_paiement = date('Y-m-d H:i:s'); /* Display the API response back to the browser. If the response from PayPal was a success, display the response parameters' If the response was an error, display the errors received using APIError.php. */ $ack = strtoupper($resArray["ACK"]); if ($ack != "SUCCESS") { $_SESSION['reshash'] = $resArray; return bank_transaction_echec($id_transaction, array('mode' => $mode, 'config_id' => $config_id, "date_paiement" => $date_paiement, 'code_erreur' => '', 'erreur' => "Erreur lors de la transaction avec Paypal", 'log' => var_export($resArray, true), 'where' => 'DoExpressCheckoutPayment')); } $authorisation_id = $resArray['TRANSACTIONID']; $montant_regle = $resArray['AMT']; $set = array("autorisation_id" => $authorisation_id, "mode" => "{$mode}/{$config_id}", "montant_regle" => $montant_regle, "date_paiement" => $date_paiement, "statut" => 'ok', "reglee" => 'oui'); sql_updateq("spip_transactions", $set, "id_transaction=" . intval($id_transaction)); spip_log("DoExpressCheckoutPayment : id_transaction {$id_transaction}, reglee", $mode . _LOG_INFO_IMPORTANTE); if (isset($_SESSION['reshash']) and $response = $_SESSION['reshash']) { // si on dispose des informations utilisateurs, les utiliser pour peupler la gloable bank_session // qui peut etre utilisee pour creer le compte client a la volee $var_users = array('EMAIL' => 'email', 'LASTNAME' => 'nom', 'FIRSTNAME' => 'prenom', 'SHIPTONAME' => 'nom', 'SHIPTOSTREET' => 'adresse', 'SHIPTOCITY' => 'ville', 'SHIPTOZIP' => 'code_postal', 'SHIPTOCOUNTRYCODE' => 'pays'); foreach ($var_users as $kr => $ks) { if (isset($response[$kr]) and $response[$kr]) { if (!isset($GLOBALS['bank_session'])) { $GLOBALS['bank_session'] = array(); } $GLOBALS['bank_session'][$ks] = $response[$kr]; } } } // a faire avant le reglement qui va poser d'autres variables de session session_unset(); $regler_transaction = charger_fonction('regler_transaction', 'bank'); $regler_transaction($id_transaction, array('row_prec' => $row)); return array($id_transaction, true); }