/** * Handle incoming requests/notifications * @param $args array * @param $request PKPRequest */ function handle($args, $request) { $press = $request->getPress(); $templateMgr = TemplateManager::getManager($request); $user = $request->getUser(); $op = isset($args[0]) ? $args[0] : null; $queuedPaymentId = isset($args[1]) ? (int) $args[1] : 0; import('classes.payment.omp.OMPPaymentManager'); $ompPaymentManager = new OMPPaymentManager($request); $queuedPayment =& $ompPaymentManager->getQueuedPayment($queuedPaymentId); // if the queued payment doesn't exist, redirect away from payments if (!$queuedPayment) { return $request->redirect(null, 'index'); } switch ($op) { case 'notify': import('lib.pkp.classes.mail.MailTemplate'); AppLocale::requireComponents(LOCALE_COMPONENT_APP_COMMON); $contactName = $press->getSetting('contactName'); $contactEmail = $press->getSetting('contactEmail'); $mail = new MailTemplate('MANUAL_PAYMENT_NOTIFICATION'); $mail->setReplyTo($contactEmail, $contactName); $mail->addRecipient($contactEmail, $contactName); $mail->assignParams(array('pressName' => $press->getLocalizedName(), 'userFullName' => $user ? $user->getFullName() : '(' . __('common.none') . ')', 'userName' => $user ? $user->getUsername() : '(' . __('common.none') . ')', 'itemName' => $queuedPayment->getName(), 'itemCost' => $queuedPayment->getAmount(), 'itemCurrencyCode' => $queuedPayment->getCurrencyCode())); $mail->send(); $templateMgr->assign(array('currentUrl' => $request->url(null, null, 'payment', 'plugin', array('notify', $queuedPaymentId)), 'pageTitle' => 'plugins.paymethod.manual.paymentNotification', 'message' => 'plugins.paymethod.manual.notificationSent', 'backLink' => $queuedPayment->getRequestUrl(), 'backLinkLabel' => 'common.continue')); return $templateMgr->display('frontend/pages/message.tpl'); } return parent::handle($args, $request); // Don't know what to do with it }
/** * Handle incoming requests/notifications * @param $args array * @param $request PKPRequest */ function handle($args, $request) { $templateMgr = TemplateManager::getManager($request); $press = $request->getPress(); if (!$press) { return parent::handle($args, $request); } // Just in case we need to contact someone import('lib.pkp.classes.mail.MailTemplate'); // Prefer technical support contact $contactName = $press->getSetting('supportName'); $contactEmail = $press->getSetting('supportEmail'); if (!$contactEmail) { // Fall back on primary contact $contactName = $press->getSetting('contactName'); $contactEmail = $press->getSetting('contactEmail'); } $mail = new MailTemplate('PAYPAL_INVESTIGATE_PAYMENT'); $mail->setReplyTo($contactEmail, $contactName); $mail->addRecipient($contactEmail, $contactName); $paymentStatus = $request->getUserVar('payment_status'); switch (array_shift($args)) { case 'ipn': // Build a confirmation transaction. $req = 'cmd=_notify-validate'; if (get_magic_quotes_gpc()) { foreach ($_POST as $key => $value) { $req .= '&' . urlencode(stripslashes($key)) . '=' . urlencode(stripslashes($value)); } } else { foreach ($_POST as $key => $value) { $req .= '&' . urlencode($key) . '=' . urlencode($value); } } // Create POST response $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->getSetting($press->getId(), 'paypalurl')); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded', 'Content-Length: ' . strlen($req))); curl_setopt($ch, CURLOPT_POSTFIELDS, $req); $ret = curl_exec($ch); curl_close($ch); // Check the confirmation response and handle as necessary. if (strcmp($ret, 'VERIFIED') == 0) { switch ($paymentStatus) { case 'Completed': $payPalDao = DAORegistry::getDAO('PayPalDAO'); $transactionId = $request->getUserVar('txn_id'); if ($payPalDao->transactionExists($transactionId)) { // A duplicate transaction was received; notify someone. $mail->assignParams(array('pressName' => $press->getLocalizedName(), 'postInfo' => print_r($_POST, true), 'additionalInfo' => "Duplicate transaction ID: {$transactionId}", 'serverVars' => print_r($_SERVER, true))); $mail->send(); exit; } else { // New transaction succeeded. Record it. $payPalDao->insertTransaction($transactionId, $request->getUserVar('txn_type'), $request->getUserVar('payer_email'), $request->getUserVar('receiver_email'), $request->getUserVar('item_number'), $request->getUserVar('payment_date'), $request->getUserVar('payer_id'), $request->getUserVar('receiver_id')); $queuedPaymentId = $request->getUserVar('custom'); import('classes.payment.omp.OMPPaymentManager'); $ompPaymentManager = new OMPPaymentManager($request); // Verify the cost and user details as per PayPal spec. $queuedPayment =& $ompPaymentManager->getQueuedPayment($queuedPaymentId); if (!$queuedPayment) { // The queued payment entry is missing. Complain. $mail->assignParams(array('pressName' => $press->getLocalizedName(), 'postInfo' => print_r($_POST, true), 'additionalInfo' => "Missing queued payment ID: {$queuedPaymentId}", 'serverVars' => print_r($_SERVER, true))); $mail->send(); exit; } //NB: if/when paypal subscriptions are enabled, these checks will have to be adjusted // because subscription prices may change over time if (($queuedAmount = $queuedPayment->getAmount()) != ($grantedAmount = $request->getUserVar('mc_gross')) && $queuedAmount > 0 || ($queuedCurrency = $queuedPayment->getCurrencyCode()) != ($grantedCurrency = $request->getUserVar('mc_currency')) || ($grantedEmail = $request->getUserVar('receiver_email')) != ($queuedEmail = $this->getSetting($press->getId(), 'selleraccount'))) { // The integrity checks for the transaction failed. Complain. $mail->assignParams(array('pressName' => $press->getLocalizedName(), 'postInfo' => print_r($_POST, true), 'additionalInfo' => "Granted amount: {$grantedAmount}\n" . "Queued amount: {$queuedAmount}\n" . "Granted currency: {$grantedCurrency}\n" . "Queued currency: {$queuedCurrency}\n" . "Granted to PayPal account: {$grantedEmail}\n" . "Configured PayPal account: {$queuedEmail}", 'serverVars' => print_r($_SERVER, true))); $mail->send(); exit; } // Update queued amount if amount set by user (e.g. donation) if ($queuedAmount == 0 && $grantedAmount > 0) { $queuedPaymentDao = DAORegistry::getDAO('QueuedPaymentDAO'); $queuedPayment->setAmount($grantedAmount); $queuedPayment->setCurrencyCode($grantedCurrency); $queuedPaymentDao->updateQueuedPayment($queuedPaymentId, $queuedPayment); } // Fulfill the queued payment. if ($ompPaymentManager->fulfillQueuedPayment($request, $queuedPayment, $this->getName())) { exit; } // If we're still here, it means the payment couldn't be fulfilled. $mail->assignParams(array('pressName' => $press->getLocalizedName(), 'postInfo' => print_r($_POST, true), 'additionalInfo' => "Queued payment ID {$queuedPaymentId} could not be fulfilled.", 'serverVars' => print_r($_SERVER, true))); $mail->send(); } exit; case 'Pending': // Ignore. exit; default: // An unhandled payment status was received; notify someone. $mail->assignParams(array('pressName' => $press->getLocalizedName(), 'postInfo' => print_r($_POST, true), 'additionalInfo' => "Payment status: {$paymentStatus}", 'serverVars' => print_r($_SERVER, true))); $mail->send(); exit; } } else { // An unknown confirmation response was received; notify someone. $mail->assignParams(array('pressName' => $press->getLocalizedName(), 'postInfo' => print_r($_POST, true), 'additionalInfo' => "Confirmation return: {$ret}", 'serverVars' => print_r($_SERVER, true))); $mail->send(); exit; } break; case 'cancel': $templateMgr->assign(array('currentUrl' => $request->url(null, 'index'), 'pageTitle' => 'plugins.paymethod.paypal.purchase.cancelled.title', 'message' => 'plugins.paymethod.paypal.purchase.cancelled', 'backLink' => $request->getUserVar('ompReturnUrl'), 'backLinkLabel' => 'common.continue')); $templateMgr->display('frontend/pages/message.tpl'); exit; break; } parent::handle($args); // Don't know what to do with it }