function mcs_receive_ipn()
{
if (isset($_GET['mcsipn']) && $_GET['mcsipn'] == 'true') {
global $wpdb;
mcs_check();
if (get_option('mcs_gateway') == 'authorizenet') {
require_once 'gateways/AuthorizeNet.php';
// The SDK
$url = add_query_arg('mcsipn', 'true', home_url());
$api = get_option('mcs_authnet_api');
$hash = get_option('mcs_authnet_hash');
// these all need to be set from Authorize.Net data
$payment_status = mcs_map_status($_POST['x_response_code']);
// map response to equivalent from PayPal
$item_number = 1;
// mandatory for Paypal, but only represents a submissions purchase here.
$price = $_POST['x_amount'];
$quantity = isset($_POST['quantity']) ? $_POST['quantity'] : 1;
// need to add to form
$quantity = is_int($quantity) ? $quantity : 1;
$payer_email = $_POST['x_payer_email'];
// must add to form
$payer_first_name = $_POST['x_first_name'];
$payer_last_name = $_POST['x_last_name'];
$mc_fee = '0.00';
// not included in data
$item_name = sprintf(__('%s Event Submission', 'my-calendar-submissions'), get_option('blogname'));
// required by Paypal
$parent = '';
$redirect_url = $_POST['x_referer_url'];
// paypal IPN data
$ipn = new AuthorizeNetSIM($api, $hash);
if ($ipn->isAuthorizeNet()) {
if ($ipn->approved) {
$response = 'VERIFIED';
$redirect_url = add_query_arg(array('response_code' => '1', 'transaction_id' => $ipn->transaction_id), $redirect_url);
$txn_id = $ipn->transaction_id;
} else {
$response = 'ERROR';
$redirect_url = add_query_arg(array('response_code' => $ipn->response_code, 'response_reason_text' => $ipn->response_reason_text), $redirect_url);
$txn_id = false;
}
$response_code = '200';
} else {
wp_die(__('That transaction was not handled by Authorize.net. Please verify your MD5 setting.', 'my-calendar-submissions'));
}
} else {
if (isset($_POST['payment_status'])) {
$sandbox = get_option("mcs_use_sandbox");
$receiver = strtolower(get_option('mcs_paypal_email'));
$url = $sandbox == 'true' ? 'https://www.sandbox.paypal.com/webscr' : 'https://www.paypal.com/webscr';
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&{$key}={$value}";
}
$args = wp_parse_args($req, array());
global $mcs_version;
$params = array('body' => $args, 'sslverify' => false, 'timeout' => 30, 'user-agent' => "WordPress/My Calendar Pro {$mcs_version}; " . get_bloginfo('url'));
// transaction variables to store
$payment_status = $_POST['payment_status'];
$item_number = $_POST['item_number'];
$price = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$receiver_email = $_POST['receiver_email'];
$quantity = isset($_POST['quantity']) ? $_POST['quantity'] : 1;
$quantity = is_int($quantity) ? $quantity : 1;
$payer_email = $_POST['payer_email'];
$payer_first_name = $_POST['first_name'];
$payer_last_name = $_POST['last_name'];
$mc_fee = $_POST['mc_fee'];
$item_name = $_POST['item_name'];
$txn_id = $_POST['txn_id'];
$parent = isset($_POST['parent_txn_id']) ? $_POST['parent_txn_id'] : '';
// paypal IPN data
$ipn = wp_remote_post($url, $params);
$response = $ipn['body'];
$response_code = $ipn['response']['code'];
// die conditions for PayPal
// if receiver email or currency are wrong, this is probably a fraudulent transaction.
if (strtolower($receiver_email) != $receiver || $payment_currency != get_option('mcs_currency')) {
wp_mail(get_option('mcs_to'), 'Payment Conditions Error', 'PayPal receiver email did not match account or payment currency did not match payment');
wp_die();
}
$redirect_url = false;
} else {
wp_die("No valid IPN request made");
}
}
if ($response_code == '200') {
if ($response == "VERIFIED") {
$status = "";
if (get_option('mcs_gateway') != 'authorizenet') {
// See whether the transaction already exists. (For refunds, reversals, or canceled reversals)
$sql = "SELECT id, hash, status FROM " . my_calendar_payments_table() . " WHERE txn_id = %s";
$txn = $parent != '' ? $wpdb->get_row($wpdb->prepare($sql, array($parent))) : $wpdb->get_row($wpdb->prepare($sql, array($txn_id)));
} else {
$txn = false;
}
switch ($payment_status) {
case 'Completed':
case 'Created':
case 'Denied':
case 'Expired':
case 'Failed':
case 'Processed':
case 'Voided':
$status = $payment_status;
break;
case 'Pending':
$status = $payment_status . ': ' . $post['pending_reason'];
break;
case 'Refunded':
case 'Reversed':
case 'Canceled_Reversal':
$status = $payment_status . ': ' . $post['ReasonCode'];
break;
}
if (empty($txn)) {
//error_log("INSERT: ".$txn_id." ".$status);
$uniqid = uniqid('E');
$hash = mcs_uniqid($uniqid);
$sql = "INSERT INTO " . my_calendar_payments_table() . "\n\t\t\t\t\t\t\t(item_number,quantity,total,hash,txn_id,price,fee,status,transaction_date,first_name,last_name,payer_email)\n\t\t\t\t\t\t\tVALUES(%d, %d, %d, %s, %s, %f, %f, %s, NOW(), %s, %s, %s )";
$wpdb->query($wpdb->prepare($sql, array($item_number, $quantity, $quantity, $hash, $txn_id, $price, $mc_fee, $status, $payer_first_name, $payer_last_name, $payer_email)));
} else {
$hash = $txn->hash;
//error_log("UPDATE: ".$txn_id." ".$status." ".$hash." ->".$item_number);
$sql = "UPDATE " . my_calendar_payments_table() . "\n\t\t\t\t\t\t\tSET status = %s,price=%f,fee=%f,transaction_date = NOW() WHERE id = %d";
$r = $wpdb->query($wpdb->prepare($sql, array($status, $price, $mc_fee, $txn->id)));
//error_log(var_dump($r, true));
}
if ($status == "Completed") {
mcs_send_notifications($payer_first_name, $payer_last_name, $payer_email, $price, $hash, $quantity);
setcookie("mcs_receipt", 'true', time() + 60 * 60, SITECOOKIEPATH, COOKIE_DOMAIN, false, true);
}
} else {
// log for manual investigation
$blogname = get_option('blogname');
$mail_From = "From: {$blogname} Events <" . get_option('mcs_from') . ">";
$mail_Subject = __("INVALID IPN on My Calendar Submission Payment", 'my-calendar-submissions');
$mail_Body = __("Something went wrong. Hopefully this information will help:", 'my-calendar-submissions') . "\n\n";
foreach ($_POST as $key => $value) {
$mail_Body .= $key . " = " . $value . "\n";
}
wp_mail(get_option('mcs_to'), $mail_Subject, $mail_Body, $mail_From);
}
} else {
$blogname = get_option('blogname');
$mail_From = "From: {$blogname} Events <" . get_option('mcs_from') . ">";
$mail_Subject = __("WP HTTP Failed to contact Paypal", 'my-calendar-submissions');
$mail_Body = __("Something went wrong. Hopefully this information will help:", 'my-calendar-submissions') . "\n\n";
$mail_Body .= print_r($ipn, 1);
wp_mail(get_option('mcs_to'), $mail_Subject, $mail_Body, $mail_From);
}
if ($redirect_url) {
echo AuthorizeNetDPM::getRelayResponseSnippet($redirect_url);
//wp_safe_redirect( $redirect_url );
exit;
} else {
status_header(200);
}
} else {
return;
}
}
function mcs_add_payment($post)
{
global $wpdb;
if (isset($post['mc-submit-payments'])) {
$nonce = $_POST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'my-calendar-payments')) {
return;
}
$quantity = (int) $post['quantity'];
// admin email after submission
$price = sprintf("%01.2f", $post['price']);
// submitter email after submission
$first_name = $post['first_name'];
// subject line
$last_name = $post['last_name'];
$email = is_email($post['email']);
$transaction_date = date('Y-m-d h:m:s', strtotime($post['transaction_date']));
$uniqid = uniqid('E');
$hash = mcs_uniqid($uniqid);
$add = array('item_number' => 1, 'quantity' => $quantity, 'total' => $quantity, 'hash' => $hash, 'txn_id' => 'Manual Entry', 'price' => $price, 'fee' => '0.00', 'status' => 'Completed', 'transaction_date' => $transaction_date, 'first_name' => $first_name, 'last_name' => $last_name, 'payer_email' => $email);
$formats = array('%d', '%d', '%d', '%s', '%s', '%f', '%f', '%s', '%s', '%s', '%s', '%s');
$insert = $wpdb->insert(my_calendar_payments_table(), $add, $formats);
if ($insert) {
$notifications = mcs_send_notifications($first_name, $last_name, $email, $price, $hash, $quantity);
return "<div class=\"updated\"><p><strong>" . __('New Payment Added', 'my-calendar-submissions') . "</strong></p></div>";
} else {
return "<div class=\"updated error\"><p><strong>" . __('New Payment was not added.', 'my-calendar-submissions') . "</strong></p></div>";
}
}
return false;
}
