/** * Process PayPal Instant Payment Notifications (IPN) * @param IsotopeProductCollection */ public function processPostsale(IsotopeProductCollection $objOrder) { $objRequest = new \Request(); $objRequest->send('https://www.' . ($this->debug ? 'sandbox.' : '') . 'paypal.com/cgi-bin/webscr?cmd=_notify-validate', file_get_contents("php://input"), 'post'); if ($objRequest->hasError()) { \System::log('Request Error: ' . $objRequest->error, __METHOD__, TL_ERROR); exit; } elseif ($objRequest->response == 'VERIFIED' && (\Input::post('receiver_email', true) == $this->paypal_account || $this->debug)) { // Validate payment data (see #2221) if ($objOrder->currency != \Input::post('mc_currency') || $objOrder->getTotal() != \Input::post('mc_gross')) { \System::log('IPN manipulation in payment from "' . \Input::post('payer_email') . '" !', __METHOD__, TL_ERROR); return; } if (!$objOrder->checkout()) { \System::log('IPN checkout for Order ID "' . \Input::post('invoice') . '" failed', __METHOD__, TL_ERROR); return; } // Store request data in order for future references $arrPayment = deserialize($objOrder->payment_data, true); $arrPayment['POSTSALE'][] = $_POST; $objOrder->payment_data = $arrPayment; $objOrder->save(); // @see https://www.paypalobjects.com/webstatic/en_US/developer/docs/pdf/ipnguide.pdf switch (\Input::post('payment_status')) { case 'Completed': $objOrder->date_paid = time(); $objOrder->updateOrderStatus($this->new_order_status); break; case 'Canceled_Reversal': case 'Denied': case 'Expired': case 'Failed': case 'Voided': // PayPal will also send this notification if the order has not been placed. // What do we do here? // $objOrder->date_paid = ''; // $objOrder->updateOrderStatus(Isotope::getConfig()->orderstatus_error); break; case 'In-Progress': case 'Partially_Refunded': case 'Pending': case 'Processed': case 'Refunded': case 'Reversed': break; } $objOrder->payment_data = $arrPayment; $objOrder->save(); \System::log('PayPal IPN: data accepted', __METHOD__, TL_GENERAL); } else { \System::log('PayPal IPN: data rejected (' . $objRequest->response . ')', __METHOD__, TL_ERROR); } // 200 OK $objResponse = new Response(); $objResponse->send(); }
/** * Process Transaction URL notification * * @param IsotopeProductCollection|Order $objOrder */ public function processPostsale(IsotopeProductCollection $objOrder) { if (\Input::post('aid') != $this->payone_aid || \Input::post('portalid') != $this->payone_portalid || \Input::post('mode') == 'test' && !$this->debug || \Input::post('mode') == 'live' && $this->debug) { \System::log('PayOne configuration mismatch', __METHOD__, TL_ERROR); die('TSOK'); } // Ignore all except these actions if (\Input::post('txaction') != 'appointed' && \Input::post('txaction') != 'capture' && \Input::post('txaction') != 'paid') { die('TSOK'); } if (\Input::post('currency') != $objOrder->currency || $objOrder->getTotal() != \Input::post('price')) { \System::log('PayOne order data mismatch for Order ID "' . \Input::post('reference') . '"', __METHOD__, TL_ERROR); die('TSOK'); } if (!$objOrder->checkout()) { \System::log('Postsale checkout for Order ID "' . \Input::post('reference') . '" failed', __METHOD__, TL_ERROR); die('TSOK'); } if (\Input::post('txaction') == 'paid' && \Input::post('balance') == 0) { $objOrder->date_paid = time(); } $objOrder->updateOrderStatus($this->new_order_status); $objOrder->save(); // PayOne must get TSOK as return value, otherwise the request will be sent again die('TSOK'); }
/** * Process Transaction URL notification * @param IsotopeProductCollection */ public function processPostSale(IsotopeProductCollection $objOrder) { if (\Input::post('tr_error') != 'none') { \System::log('Transferuj.pl response error: ' . \Input::post('tr_error'), __METHOD__, TL_ERROR); die('TRUE'); } if (\Input::post('transferujpl_id') == $this->transferujpl_id && \Input::post('tr_status') == 'TRUE') { $strHash = md5($this->transferujpl_id . \Input::post('tr_id') . number_format(round($objOrder->getTotal(), 2), 2, '.', '') . $objOrder->id . $this->transferujpl_code); if (\Input::post('md5sum') == $strHash) { // Checkout failed if (!$objOrder->checkout()) { \System::log('Transferuj.pl checkout for order ID "' . $objOrder->id . '" failed', __METHOD__, TL_ERROR); die('TRUE'); } $arrPayment = deserialize($objOrder->payment_data, true); $arrPayment['POSTSALE'][] = $_POST; $objOrder->payment_data = $arrPayment; $objOrder->date_paid = time(); $objOrder->updateOrderStatus($this->new_order_status); $objOrder->save(); \System::log('Transferuj.pl data accepted for order ID "' . $objOrder->id . '"', __METHOD__, TL_GENERAL); } } die('TRUE'); }
/** * Process Instant Payment Notifications (IPN) * @param IsotopeProductCollection */ public function processPostSale(IsotopeProductCollection $objOrder) { if (\Input::post('instId') != $this->worldpay_instId) { \System::log('Installation ID does not match', __METHOD__, TL_ERROR); $this->postsaleError(); } // Validate payment data if ($objOrder->currency != \Input::post('currency') || $objOrder->getTotal() != \Input::post('amount') || $this->worldpay_callbackPW != \Input::post('callbackPW') || !$this->debug && \Input::post('testMode') == '100') { \System::log('Data manipulation in payment from "' . \Input::post('email') . '" !', __METHOD__, TL_ERROR); $this->postsaleError(); } // Order status cancelled and order not yet completed, do nothing if (\Input::post('transStatus') != 'Y' && $objOrder->status == 0) { $this->postsaleError(); } if (\Input::post('transStatus') == 'Y') { if (!$objOrder->checkout()) { \System::log('Checkout for Order ID "' . $objOrder->id . '" failed', __METHOD__, TL_ERROR); $this->postsaleError(); } $objOrder->date_paid = time(); $objOrder->updateOrderStatus($this->new_order_status); } // Store request data in order for future references $arrPayment = deserialize($objOrder->payment_data, true); $arrPayment['POSTSALE'][] = $_POST; $objOrder->payment_data = $arrPayment; $objOrder->save(); $this->postsaleSuccess($objOrder); }
/** * Perform server to server data check * * @param IsotopeProductCollection|Order $objOrder */ public function processPostsale(IsotopeProductCollection $objOrder) { // Verify payment status if (\Input::post('status') != 'success') { \System::log('Payment for order ID "' . \Input::post('refno') . '" failed.', __METHOD__, TL_ERROR); return; } // Validate HMAC sign $hash = hash_hmac('md5', $this->datatrans_id . \Input::post('amount') . \Input::post('currency') . \Input::post('uppTransactionId'), $this->datatrans_sign); if (\Input::post('sign2') != $hash) { \System::log('Invalid HMAC signature for Order ID ' . \Input::post('refno'), __METHOD__, TL_ERROR); return; } // For maximum security, also validate individual parameters if (!$this->validateParameters(array('refno' => $objOrder->id, 'currency' => $objOrder->currency, 'amount' => round($objOrder->getTotal() * 100), 'reqtype' => $this->trans_type == 'auth' ? 'NOA' : 'CAA'))) { return; } if (!$objOrder->checkout()) { \System::log('Postsale checkout for Order ID "' . \Input::post('refno') . '" failed', __METHOD__, TL_ERROR); return; } $objOrder->date_paid = time(); $objOrder->updateOrderStatus($this->new_order_status); $objOrder->save(); }
/** * Handle the server to server postsale request * @param IsotopeProductCollection */ public function processPostsale(IsotopeProductCollection $objOrder) { $arrHash = array('transaction' => \Input::post('transaction'), 'user_id' => \Input::post('user_id'), 'project_id' => \Input::post('project_id'), 'sender_holder' => \Input::post('sender_holder'), 'sender_account_number' => \Input::post('sender_account_number'), 'sender_bank_code' => \Input::post('sender_bank_code'), 'sender_bank_name' => \Input::post('sender_bank_name'), 'sender_bank_bic' => \Input::post('sender_bank_bic'), 'sender_iban' => \Input::post('sender_iban'), 'sender_country_id' => \Input::post('sender_country_id'), 'recipient_holder' => \Input::post('recipient_holder'), 'recipient_account_number' => \Input::post('recipient_account_number'), 'recipient_bank_code' => \Input::post('recipient_bank_code'), 'recipient_bank_name' => \Input::post('recipient_bank_name'), 'recipient_bank_bic' => \Input::post('recipient_bank_bic'), 'recipient_iban' => \Input::post('recipient_iban'), 'recipient_country_id' => \Input::post('recipient_country_id'), 'international_transaction' => \Input::post('international_transaction'), 'amount' => \Input::post('amount'), 'currency_id' => \Input::post('currency_id'), 'reason_1' => \Input::post('reason_1'), 'reason_2' => \Input::post('reason_2'), 'security_criteria' => \Input::post('security_criteria'), 'user_variable_0' => \Input::post('user_variable_0'), 'user_variable_1' => \Input::post('user_variable_1'), 'user_variable_2' => \Input::post('user_variable_2'), 'user_variable_3' => \Input::post('user_variable_3'), 'user_variable_4' => \Input::post('user_variable_4'), 'user_variable_5' => \Input::post('user_variable_5'), 'created' => \Input::post('created'), 'notification_password' => $this->sofortueberweisung_project_password); // check if both hashes math if (\Input::post('hash') != sha1(implode('|', $arrHash))) { \System::log('The given hash does not match. (sofortüberweisung.de)', __METHOD__, TL_ERROR); return; } if (!$objOrder->checkout()) { \System::log('Postsale checkout for Order ID "' . \Input::post('user_variable_0') . '" failed', __METHOD__, TL_ERROR); return; } $objOrder->date_paid = time(); $objOrder->updateOrderStatus($this->new_order_status); $objOrder->save(); }
/** * Process Transaction URL notification * @param IsotopeProductCollection */ public function processPostSale(IsotopeProductCollection $objOrder) { if (\Input::post('pos_id') == $this->payu_id) { $strHash = md5($this->payu_id . \Input::post('session_id') . \Input::post('ts') . $this->payu_key2); if (\Input::post('sig') == $strHash) { $time = time(); $arrData = array('pos_id' => $this->payu_id, 'session_id' => \Input::post('session_id'), 'ts' => $time, 'sig' => md5($this->payu_id . \Input::post('session_id') . $time . $this->payu_key1)); $strParams = http_build_query($arrData); $strHeaders = 'POST /paygw/UTF/Payment/get/txt HTTP/1.0' . "\r\n" . 'Host: www.platnosci.pl' . "\r\n" . 'Content-Type: application/x-www-form-urlencoded' . "\r\n" . 'Content-Length: ' . strlen($strParams) . "\r\n" . 'Connection: close' . "\r\n\r\n"; if ($fp = @fsockopen('ssl://www.platnosci.pl', 443, $errno, $errstr, 30)) { fputs($fp, $strHeaders . $strParams); $strResponse = ''; // Get the response while (!feof($fp)) { $strLine = fgets($fp, 1024); if (stripos($strLine, 'trans_') !== false || stripos($strLine, 'status') !== false) { $strResponse .= $strLine; } } fclose($fp); // Parse the response $arrResponse = $this->parseResponse($strResponse); $strHash = md5($this->payu_id . $arrResponse['trans_session_id'] . $arrResponse['trans_order_id'] . $arrResponse['trans_status'] . $arrResponse['trans_amount'] . $arrResponse['trans_desc'] . $arrResponse['trans_ts'] . $this->payu_key2); if ($arrResponse['status'] == 'OK' && $arrResponse['trans_sig'] == $strHash && $arrResponse['trans_status'] == 99) { if (!$objOrder->checkout()) { \System::log('PayU checkout for order ID "' . $objOrder->id . '" failed', __METHOD__, TL_ERROR); die('OK'); } // Store the payment data $arrPayment = deserialize($objOrder->payment_data, true); $arrPayment['POSTSALE'][] = $arrResponse; $objOrder->payment_data = $arrPayment; $objOrder->date_paid = $time; $objOrder->updateOrderStatus($this->new_order_status); $objOrder->save(); \System::log('PayU data accepted for order ID ' . $objOrder->id . ' (status: ' . $arrResponse['trans_status'] . ')', __METHOD__, TL_GENERAL); } } else { \System::log('PayU could not connect to server', __METHOD__, TL_ERROR); } } } die('OK'); }
/** * Server to server communication * @param IsotopeProductCollection */ public function processPostsale(IsotopeProductCollection $objOrder) { $arrData = array(); foreach (array('aid', 'amount', 'basketid', 'currency', 'directPosErrorCode', 'directPosErrorMessage', 'orderid', 'rc', 'retrefnum', 'sessionid', 'trefnum') as $strKey) { $arrData[$strKey] = \Input::post($strKey); } // Sparkasse system sent error message if ($arrData['directPosErrorCode'] > 0) { $this->redirectError($arrData); } // Check the data hash to prevent manipulations if (\Input::post('mac') != $this->calculateHash($arrData)) { \System::log('Security hash mismatch in Sparkasse payment!', __METHOD__, TL_ERROR); $this->redirectError($arrData); } // Convert amount, Sparkasse is using comma instead of dot as decimal separator $arrData['amount'] = str_replace(',', '.', preg_replace('/[^0-9,]/', '', $arrData['amount'])); // Validate payment data if ($objOrder->currency != $arrData['currency']) { \System::log(sprintf('Data manipulation: currency mismatch ("%s" != "%s")', $objOrder->currency, $arrData['currency']), __METHOD__, TL_ERROR); $this->redirectError($arrData); } elseif ($objOrder->getTotal() != $arrData['amount']) { \System::log(sprintf('Data manipulation: amount mismatch ("%s" != "%s")', $objOrder->getTotal(), $arrData['amount']), __METHOD__, TL_ERROR); $this->redirectError($arrData); } if (!$objOrder->checkout()) { \System::log('Postsale checkout for order ID "' . $objOrder->id . '" failed', __METHOD__, TL_ERROR); $this->redirectError($arrData); } // Store request data in order for future references $arrPayment = deserialize($objOrder->payment_data, true); $arrPayment['POSTSALE'][] = $_POST; $objOrder->payment_data = $arrPayment; $objOrder->date_paid = time(); $objOrder->updateOrderStatus($this->new_order_status); $objOrder->save(); $strUrl = Checkout::generateUrlForStep('complete', $objOrder, \PageModel::findWithDetails((int) $arrData['sessionid'])); // 200 OK $objResponse = new Response('redirecturls=' . \Environment::get('base') . $strUrl); $objResponse->send(); }
/** * Process PayPal Instant Payment Notifications (IPN) * * @param IsotopeProductCollection|Order $objOrder */ public function processPostsale(IsotopeProductCollection $objOrder) { if (\Input::post('payment_status') != 'Completed') { \System::log('PayPal IPN: payment status "' . \Input::post('payment_status') . '" not implemented', __METHOD__, TL_GENERAL); return; } $objRequest = new \Request(); $objRequest->send('https://www.' . ($this->debug ? 'sandbox.' : '') . 'paypal.com/cgi-bin/webscr?cmd=_notify-validate', file_get_contents("php://input"), 'post'); if ($objRequest->hasError()) { \System::log('PayPal IPN: Request Error (' . $objRequest->error . ')', __METHOD__, TL_ERROR); $response = new Response('', 500); $response->send(); } if ($objRequest->response != 'VERIFIED') { \System::log('PayPal IPN: data rejected (' . $objRequest->response . ')', __METHOD__, TL_ERROR); return; } if (\Input::post('receiver_email', true) != $this->paypal_account && !$this->debug) { \System::log('PayPal IPN: Account email does not match (got ' . \Input::post('receiver_email', true) . ', expected ' . $this->paypal_account . ')', __METHOD__, TL_ERROR); return; } // Validate payment data (see #2221) if ($objOrder->currency != \Input::post('mc_currency') || $objOrder->getTotal() != \Input::post('mc_gross')) { \System::log('PayPal IPN: manipulation in payment from "' . \Input::post('payer_email') . '" !', __METHOD__, TL_ERROR); return; } if (!$objOrder->checkout()) { \System::log('PayPal IPN: checkout for Order ID "' . \Input::post('invoice') . '" failed', __METHOD__, TL_ERROR); return; } // Store request data in order for future references $arrPayment = deserialize($objOrder->payment_data, true); $arrPayment['POSTSALE'][] = $_POST; $objOrder->payment_data = $arrPayment; $objOrder->date_paid = time(); $objOrder->updateOrderStatus($this->new_order_status); $objOrder->save(); \System::log('PayPal IPN: data accepted', __METHOD__, TL_GENERAL); }
/** * Handle the server to server postsale request * @param IsotopeProductCollection */ public function processPostsale(IsotopeProductCollection $objOrder) { // check if both hashes match if (\Input::post('requestFingerprint') == $this->calcHashPost()) { \System::log('The given hash does not match for Order ID "' . \Input::post('order_id') . '" (Wirecard)', __METHOD__, TL_ERROR); return; } $strState = \Input::post('paymentState'); // log \System::log('Update of payment status of Order ID "' . \Input::post('order_id') . '" (Wirecard): "' . $strState . '"', __METHOD__, TL_GENERAL); // ignore all cases except success if ($strState != 'SUCCESS') { return; } // perform checkout if (!$objOrder->checkout()) { \System::log('Postsale checkout for Order ID "' . \Input::post('order_id') . '" failed', __METHOD__, TL_ERROR); return; } // update status $objOrder->date_paid = time(); $objOrder->updateOrderStatus($this->new_order_status); $objOrder->save(); }
/** * Process post-sale requestion from the PSP payment server. * @param IsotopeProductCollection */ public function processPostsale(IsotopeProductCollection $objOrder) { if (!$this->validateSHASign()) { \System::log('Received invalid postsale data for order ID "' . $objOrder->id . '"', __METHOD__, TL_ERROR); return false; } // Validate payment data if ($objOrder->currency != $this->getRequestData('currency') || $objOrder->getTotal() != $this->getRequestData('amount')) { \System::log('Postsale checkout manipulation in payment for Order ID ' . $objOrder->id . '!', __METHOD__, TL_ERROR); return false; } // Validate payment status switch ($this->getRequestData('STATUS')) { case 9: // Zahlung beantragt (Authorize & Capture) $objOrder->date_paid = time(); // no break // no break case 5: // Genehmigt (Authorize ohne Capture) $intStatus = $this->new_order_status; break; case 41: // Unbekannter Wartezustand // Unbekannter Wartezustand case 51: // Genehmigung im Wartezustand // Genehmigung im Wartezustand case 91: // Zahlung im Wartezustand // Zahlung im Wartezustand case 52: // Genehmigung nicht bekannt // Genehmigung nicht bekannt case 92: // Zahlung unsicher if (($objConfig = $objOrder->getRelated('config_id')) === null) { $this->log('Config for Order ID ' . $objOrder->id . ' not found', __METHOD__, TL_ERROR); return false; } $intStatus = $objConfig->orderstatus_error; break; case 0: // Ungültig / Unvollständig // Ungültig / Unvollständig case 1: // Zahlungsvorgang abgebrochen // Zahlungsvorgang abgebrochen case 2: // Genehmigung verweigert // Genehmigung verweigert case 4: // Gespeichert // Gespeichert case 93: // Bezahlung verweigert // Bezahlung verweigert default: return false; } if (!$objOrder->checkout()) { \System::log('Post-Sale checkout for Order ID "' . $objOrder->id . '" failed', __METHOD__, TL_ERROR); return false; } $objOrder->updateOrderStatus($intStatus); $objOrder->save(); return true; }