function mcs_receive_ipn() { if (isset($_GET['mcsipn']) && $_GET['mcsipn'] == 'true') { global $wpdb; mcs_check(); if (get_option('mcs_gateway') == 'authorizenet') { require_once 'gateways/AuthorizeNet.php'; // The SDK $url = add_query_arg('mcsipn', 'true', home_url()); $api = get_option('mcs_authnet_api'); $hash = get_option('mcs_authnet_hash'); // these all need to be set from Authorize.Net data $payment_status = mcs_map_status($_POST['x_response_code']); // map response to equivalent from PayPal $item_number = 1; // mandatory for Paypal, but only represents a submissions purchase here. $price = $_POST['x_amount']; $quantity = isset($_POST['quantity']) ? $_POST['quantity'] : 1; // need to add to form $quantity = is_int($quantity) ? $quantity : 1; $payer_email = $_POST['x_payer_email']; // must add to form $payer_first_name = $_POST['x_first_name']; $payer_last_name = $_POST['x_last_name']; $mc_fee = '0.00'; // not included in data $item_name = sprintf(__('%s Event Submission', 'my-calendar-submissions'), get_option('blogname')); // required by Paypal $parent = ''; $redirect_url = $_POST['x_referer_url']; // paypal IPN data $ipn = new AuthorizeNetSIM($api, $hash); if ($ipn->isAuthorizeNet()) { if ($ipn->approved) { $response = 'VERIFIED'; $redirect_url = add_query_arg(array('response_code' => '1', 'transaction_id' => $ipn->transaction_id), $redirect_url); $txn_id = $ipn->transaction_id; } else { $response = 'ERROR'; $redirect_url = add_query_arg(array('response_code' => $ipn->response_code, 'response_reason_text' => $ipn->response_reason_text), $redirect_url); $txn_id = false; } $response_code = '200'; } else { wp_die(__('That transaction was not handled by Authorize.net. Please verify your MD5 setting.', 'my-calendar-submissions')); } } else { if (isset($_POST['payment_status'])) { $sandbox = get_option("mcs_use_sandbox"); $receiver = strtolower(get_option('mcs_paypal_email')); $url = $sandbox == 'true' ? 'https://www.sandbox.paypal.com/webscr' : 'https://www.paypal.com/webscr'; $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&{$key}={$value}"; } $args = wp_parse_args($req, array()); global $mcs_version; $params = array('body' => $args, 'sslverify' => false, 'timeout' => 30, 'user-agent' => "WordPress/My Calendar Pro {$mcs_version}; " . get_bloginfo('url')); // transaction variables to store $payment_status = $_POST['payment_status']; $item_number = $_POST['item_number']; $price = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $receiver_email = $_POST['receiver_email']; $quantity = isset($_POST['quantity']) ? $_POST['quantity'] : 1; $quantity = is_int($quantity) ? $quantity : 1; $payer_email = $_POST['payer_email']; $payer_first_name = $_POST['first_name']; $payer_last_name = $_POST['last_name']; $mc_fee = $_POST['mc_fee']; $item_name = $_POST['item_name']; $txn_id = $_POST['txn_id']; $parent = isset($_POST['parent_txn_id']) ? $_POST['parent_txn_id'] : ''; // paypal IPN data $ipn = wp_remote_post($url, $params); $response = $ipn['body']; $response_code = $ipn['response']['code']; // die conditions for PayPal // if receiver email or currency are wrong, this is probably a fraudulent transaction. if (strtolower($receiver_email) != $receiver || $payment_currency != get_option('mcs_currency')) { wp_mail(get_option('mcs_to'), 'Payment Conditions Error', 'PayPal receiver email did not match account or payment currency did not match payment'); wp_die(); } $redirect_url = false; } else { wp_die("No valid IPN request made"); } } if ($response_code == '200') { if ($response == "VERIFIED") { $status = ""; if (get_option('mcs_gateway') != 'authorizenet') { // See whether the transaction already exists. (For refunds, reversals, or canceled reversals) $sql = "SELECT id, hash, status FROM " . my_calendar_payments_table() . " WHERE txn_id = %s"; $txn = $parent != '' ? $wpdb->get_row($wpdb->prepare($sql, array($parent))) : $wpdb->get_row($wpdb->prepare($sql, array($txn_id))); } else { $txn = false; } switch ($payment_status) { case 'Completed': case 'Created': case 'Denied': case 'Expired': case 'Failed': case 'Processed': case 'Voided': $status = $payment_status; break; case 'Pending': $status = $payment_status . ': ' . $post['pending_reason']; break; case 'Refunded': case 'Reversed': case 'Canceled_Reversal': $status = $payment_status . ': ' . $post['ReasonCode']; break; } if (empty($txn)) { //error_log("INSERT: ".$txn_id." ".$status); $uniqid = uniqid('E'); $hash = mcs_uniqid($uniqid); $sql = "INSERT INTO " . my_calendar_payments_table() . "\n\t\t\t\t\t\t\t(item_number,quantity,total,hash,txn_id,price,fee,status,transaction_date,first_name,last_name,payer_email)\n\t\t\t\t\t\t\tVALUES(%d, %d, %d, %s, %s, %f, %f, %s, NOW(), %s, %s, %s )"; $wpdb->query($wpdb->prepare($sql, array($item_number, $quantity, $quantity, $hash, $txn_id, $price, $mc_fee, $status, $payer_first_name, $payer_last_name, $payer_email))); } else { $hash = $txn->hash; //error_log("UPDATE: ".$txn_id." ".$status." ".$hash." ->".$item_number); $sql = "UPDATE " . my_calendar_payments_table() . "\n\t\t\t\t\t\t\tSET status = %s,price=%f,fee=%f,transaction_date = NOW() WHERE id = %d"; $r = $wpdb->query($wpdb->prepare($sql, array($status, $price, $mc_fee, $txn->id))); //error_log(var_dump($r, true)); } if ($status == "Completed") { mcs_send_notifications($payer_first_name, $payer_last_name, $payer_email, $price, $hash, $quantity); setcookie("mcs_receipt", 'true', time() + 60 * 60, SITECOOKIEPATH, COOKIE_DOMAIN, false, true); } } else { // log for manual investigation $blogname = get_option('blogname'); $mail_From = "From: {$blogname} Events <" . get_option('mcs_from') . ">"; $mail_Subject = __("INVALID IPN on My Calendar Submission Payment", 'my-calendar-submissions'); $mail_Body = __("Something went wrong. Hopefully this information will help:", 'my-calendar-submissions') . "\n\n"; foreach ($_POST as $key => $value) { $mail_Body .= $key . " = " . $value . "\n"; } wp_mail(get_option('mcs_to'), $mail_Subject, $mail_Body, $mail_From); } } else { $blogname = get_option('blogname'); $mail_From = "From: {$blogname} Events <" . get_option('mcs_from') . ">"; $mail_Subject = __("WP HTTP Failed to contact Paypal", 'my-calendar-submissions'); $mail_Body = __("Something went wrong. Hopefully this information will help:", 'my-calendar-submissions') . "\n\n"; $mail_Body .= print_r($ipn, 1); wp_mail(get_option('mcs_to'), $mail_Subject, $mail_Body, $mail_From); } if ($redirect_url) { echo AuthorizeNetDPM::getRelayResponseSnippet($redirect_url); //wp_safe_redirect( $redirect_url ); exit; } else { status_header(200); } } else { return; } }
function mcs_add_payment($post) { global $wpdb; if (isset($post['mc-submit-payments'])) { $nonce = $_POST['_wpnonce']; if (!wp_verify_nonce($nonce, 'my-calendar-payments')) { return; } $quantity = (int) $post['quantity']; // admin email after submission $price = sprintf("%01.2f", $post['price']); // submitter email after submission $first_name = $post['first_name']; // subject line $last_name = $post['last_name']; $email = is_email($post['email']); $transaction_date = date('Y-m-d h:m:s', strtotime($post['transaction_date'])); $uniqid = uniqid('E'); $hash = mcs_uniqid($uniqid); $add = array('item_number' => 1, 'quantity' => $quantity, 'total' => $quantity, 'hash' => $hash, 'txn_id' => 'Manual Entry', 'price' => $price, 'fee' => '0.00', 'status' => 'Completed', 'transaction_date' => $transaction_date, 'first_name' => $first_name, 'last_name' => $last_name, 'payer_email' => $email); $formats = array('%d', '%d', '%d', '%s', '%s', '%f', '%f', '%s', '%s', '%s', '%s', '%s'); $insert = $wpdb->insert(my_calendar_payments_table(), $add, $formats); if ($insert) { $notifications = mcs_send_notifications($first_name, $last_name, $email, $price, $hash, $quantity); return "<div class=\"updated\"><p><strong>" . __('New Payment Added', 'my-calendar-submissions') . "</strong></p></div>"; } else { return "<div class=\"updated error\"><p><strong>" . __('New Payment was not added.', 'my-calendar-submissions') . "</strong></p></div>"; } } return false; }