Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
fee14197 | 4 | | CiviCRM version 5 | |
6a488035 | 5 | +--------------------------------------------------------------------+ |
8c9251b3 | 6 | | Copyright CiviCRM LLC (c) 2004-2018 | |
6a488035 TO |
7 | +--------------------------------------------------------------------+ |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
d25dd0ee | 26 | */ |
6a488035 TO |
27 | |
28 | /** | |
29 | * | |
30 | * @package CRM | |
8c9251b3 | 31 | * @copyright CiviCRM LLC (c) 2004-2018 |
6a488035 TO |
32 | */ |
33 | class CRM_Core_Payment_AuthorizeNetIPN extends CRM_Core_Payment_BaseIPN { | |
0dbefed3 | 34 | |
b5c2afd0 | 35 | /** |
fe482240 | 36 | * Constructor function. |
0dbefed3 | 37 | * |
5a4f6742 CW |
38 | * @param array $inputData |
39 | * contents of HTTP REQUEST. | |
0dbefed3 EM |
40 | * |
41 | * @throws CRM_Core_Exception | |
b5c2afd0 | 42 | */ |
00be9182 | 43 | public function __construct($inputData) { |
0dbefed3 | 44 | $this->setInputParameters($inputData); |
6a488035 TO |
45 | parent::__construct(); |
46 | } | |
47 | ||
6c786a9b EM |
48 | /** |
49 | * @param string $component | |
50 | * | |
51 | * @return bool|void | |
52 | */ | |
00be9182 | 53 | public function main($component = 'contribute') { |
6a488035 TO |
54 | |
55 | //we only get invoice num as a key player from payment gateway response. | |
56 | //for ARB we get x_subscription_id and x_subscription_paynum | |
0dbefed3 | 57 | $x_subscription_id = $this->retrieve('x_subscription_id', 'String'); |
b6b59c64 | 58 | $ids = $objects = $input = array(); |
6a488035 TO |
59 | |
60 | if ($x_subscription_id) { | |
dbb0d30b | 61 | // Presence of the id means it is approved. |
6a488035 TO |
62 | $input['component'] = $component; |
63 | ||
64 | // load post vars in $input | |
65 | $this->getInput($input, $ids); | |
66 | ||
67 | // load post ids in $ids | |
68 | $this->getIDs($ids, $input); | |
69 | ||
c5cf3602 JP |
70 | // Attempt to get payment processor ID from URL |
71 | if (!empty($this->_inputParameters['processor_id'])) { | |
72 | $paymentProcessorID = $this->_inputParameters['processor_id']; | |
73 | } | |
74 | else { | |
75 | // This is an unreliable method as there could be more than one instance. | |
76 | // Recommended approach is to use the civicrm/payment/ipn/xx url where xx is the payment | |
77 | // processor id & the handleNotification function (which should call the completetransaction api & by-pass this | |
78 | // entirely). The only thing the IPN class should really do is extract data from the request, validate it | |
79 | // & call completetransaction or call fail? (which may not exist yet). | |
f4aff12e | 80 | Civi::log()->warning('Unreliable method used for AuthNet IPN - this will cause problems if you have more than one instance'); |
c5cf3602 JP |
81 | $paymentProcessorTypeID = CRM_Core_DAO::getFieldValue('CRM_Financial_DAO_PaymentProcessorType', |
82 | 'AuthNet', 'id', 'name' | |
83 | ); | |
84 | $paymentProcessorID = (int) civicrm_api3('PaymentProcessor', 'getvalue', array( | |
85 | 'is_test' => 0, | |
86 | 'options' => array('limit' => 1), | |
87 | 'payment_processor_type_id' => $paymentProcessorTypeID, | |
88 | 'return' => 'id', | |
89 | )); | |
90 | } | |
6a488035 TO |
91 | |
92 | if (!$this->validateData($input, $ids, $objects, TRUE, $paymentProcessorID)) { | |
93 | return FALSE; | |
94 | } | |
f4aff12e JP |
95 | if (!empty($ids['paymentProcessor']) && $objects['contributionRecur']->payment_processor_id != $ids['paymentProcessor']) { |
96 | Civi::log()->warning('Payment Processor does not match the recurring processor id.', array('civi.tag' => 'deprecated')); | |
97 | } | |
6a488035 TO |
98 | |
99 | if ($component == 'contribute' && $ids['contributionRecur']) { | |
100 | // check if first contribution is completed, else complete first contribution | |
101 | $first = TRUE; | |
102 | if ($objects['contribution']->contribution_status_id == 1) { | |
103 | $first = FALSE; | |
104 | } | |
105 | return $this->recur($input, $ids, $objects, $first); | |
106 | } | |
107 | } | |
0dbefed3 | 108 | return TRUE; |
6a488035 TO |
109 | } |
110 | ||
6c786a9b | 111 | /** |
7a6073fd EM |
112 | * @param array $input |
113 | * @param array $ids | |
0dbefed3 | 114 | * @param array $objects |
6c786a9b | 115 | * @param $first |
7a6073fd EM |
116 | * |
117 | * @return bool | |
6c786a9b | 118 | */ |
00be9182 | 119 | public function recur(&$input, &$ids, &$objects, $first) { |
937cf542 | 120 | $this->_isRecurring = TRUE; |
6a488035 | 121 | $recur = &$objects['contributionRecur']; |
d6944518 | 122 | $paymentProcessorObject = $objects['contribution']->_relatedObjects['paymentProcessor']['object']; |
6a488035 TO |
123 | |
124 | // do a subscription check | |
125 | if ($recur->processor_id != $input['subscription_id']) { | |
126 | CRM_Core_Error::debug_log_message("Unrecognized subscription."); | |
127 | echo "Failure: Unrecognized subscription<p>"; | |
128 | return FALSE; | |
129 | } | |
130 | ||
6a488035 TO |
131 | $contributionStatus = CRM_Contribute_PseudoConstant::contributionStatus(NULL, 'name'); |
132 | ||
133 | $transaction = new CRM_Core_Transaction(); | |
134 | ||
135 | $now = date('YmdHis'); | |
136 | ||
137 | // fix dates that already exist | |
138 | $dates = array('create_date', 'start_date', 'end_date', 'cancel_date', 'modified_date'); | |
139 | foreach ($dates as $name) { | |
140 | if ($recur->$name) { | |
141 | $recur->$name = CRM_Utils_Date::isoToMysql($recur->$name); | |
142 | } | |
143 | } | |
144 | ||
145 | //load new contribution object if required. | |
146 | if (!$first) { | |
147 | // create a contribution and then get it processed | |
148 | $contribution = new CRM_Contribute_BAO_Contribution(); | |
149 | $contribution->contact_id = $ids['contact']; | |
353ffa53 | 150 | $contribution->financial_type_id = $objects['contributionType']->id; |
6a488035 TO |
151 | $contribution->contribution_page_id = $ids['contributionPage']; |
152 | $contribution->contribution_recur_id = $ids['contributionRecur']; | |
4a1ba425 | 153 | $contribution->receive_date = $input['receive_date']; |
6a488035 TO |
154 | $contribution->currency = $objects['contribution']->currency; |
155 | $contribution->payment_instrument_id = $objects['contribution']->payment_instrument_id; | |
156 | $contribution->amount_level = $objects['contribution']->amount_level; | |
157 | $contribution->address_id = $objects['contribution']->address_id; | |
94d1bc8d | 158 | $contribution->campaign_id = $objects['contribution']->campaign_id; |
9bee639f | 159 | $contribution->_relatedObjects = $objects['contribution']->_relatedObjects; |
94d1bc8d | 160 | |
6a488035 TO |
161 | $objects['contribution'] = &$contribution; |
162 | } | |
163 | $objects['contribution']->invoice_id = md5(uniqid(rand(), TRUE)); | |
164 | $objects['contribution']->total_amount = $input['amount']; | |
165 | $objects['contribution']->trxn_id = $input['trxn_id']; | |
166 | ||
d6944518 | 167 | $this->checkMD5($paymentProcessorObject, $input); |
6a488035 | 168 | |
4086637a | 169 | $isFirstOrLastRecurringPayment = FALSE; |
6a488035 TO |
170 | if ($input['response_code'] == 1) { |
171 | // Approved | |
172 | if ($first) { | |
173 | $recur->start_date = $now; | |
174 | $recur->trxn_id = $recur->processor_id; | |
4086637a | 175 | $isFirstOrLastRecurringPayment = CRM_Core_Payment::RECURRING_PAYMENT_START; |
6a488035 TO |
176 | } |
177 | $statusName = 'In Progress'; | |
178 | if (($recur->installments > 0) && | |
179 | ($input['subscription_paynum'] >= $recur->installments) | |
180 | ) { | |
181 | // this is the last payment | |
182 | $statusName = 'Completed'; | |
183 | $recur->end_date = $now; | |
4086637a | 184 | $isFirstOrLastRecurringPayment = CRM_Core_Payment::RECURRING_PAYMENT_END; |
6a488035 TO |
185 | } |
186 | $recur->modified_date = $now; | |
187 | $recur->contribution_status_id = array_search($statusName, $contributionStatus); | |
188 | $recur->save(); | |
189 | } | |
190 | else { | |
191 | // Declined | |
192 | // failed status | |
193 | $recur->contribution_status_id = array_search('Failed', $contributionStatus); | |
194 | $recur->cancel_date = $now; | |
195 | $recur->save(); | |
196 | ||
267353f4 CB |
197 | $message = ts("Subscription payment failed - %1", array(1 => htmlspecialchars($input['response_reason_text']))); |
198 | CRM_Core_Error::debug_log_message($message); | |
6a488035 TO |
199 | |
200 | // the recurring contribution has declined a payment or has failed | |
201 | // so we just fix the recurring contribution and not change any of | |
7a6073fd | 202 | // the existing contributions |
6a488035 TO |
203 | // CRM-9036 |
204 | return TRUE; | |
205 | } | |
206 | ||
207 | // check if contribution is already completed, if so we ignore this ipn | |
208 | if ($objects['contribution']->contribution_status_id == 1) { | |
209 | $transaction->commit(); | |
267353f4 | 210 | CRM_Core_Error::debug_log_message("Returning since contribution has already been handled."); |
6a488035 TO |
211 | echo "Success: Contribution has already been handled<p>"; |
212 | return TRUE; | |
213 | } | |
214 | ||
215 | $this->completeTransaction($input, $ids, $objects, $transaction, $recur); | |
4086637a | 216 | |
217 | // Only Authorize.net does this so it is on the a.net class. If there is a need for other processors | |
218 | // to do this we should make it available via the api, e.g as a parameter, changing the nuance | |
219 | // from isSentReceipt to an array of which receipts to send. | |
220 | // Note that there is site-by-site opinions on which notifications are good to send. | |
221 | if ($isFirstOrLastRecurringPayment) { | |
222 | CRM_Contribute_BAO_ContributionRecur::sendRecurringStartOrEndNotification($ids, $recur, | |
223 | $isFirstOrLastRecurringPayment); | |
224 | } | |
225 | ||
6a488035 TO |
226 | } |
227 | ||
6c786a9b | 228 | /** |
dbb0d30b | 229 | * Get the input from passed in fields. |
230 | * | |
231 | * @param array $input | |
232 | * @param array $ids | |
7a9ab499 EM |
233 | * |
234 | * @return bool | |
6c786a9b | 235 | */ |
00be9182 | 236 | public function getInput(&$input, &$ids) { |
0dbefed3 EM |
237 | $input['amount'] = $this->retrieve('x_amount', 'String'); |
238 | $input['subscription_id'] = $this->retrieve('x_subscription_id', 'Integer'); | |
239 | $input['response_code'] = $this->retrieve('x_response_code', 'Integer'); | |
240 | $input['MD5_Hash'] = $this->retrieve('x_MD5_Hash', 'String', FALSE, ''); | |
241 | $input['response_reason_code'] = $this->retrieve('x_response_reason_code', 'String', FALSE); | |
242 | $input['response_reason_text'] = $this->retrieve('x_response_reason_text', 'String', FALSE); | |
243 | $input['subscription_paynum'] = $this->retrieve('x_subscription_paynum', 'Integer', FALSE, 0); | |
244 | $input['trxn_id'] = $this->retrieve('x_trans_id', 'String', FALSE); | |
4a1ba425 | 245 | $input['trxn_id'] = $this->retrieve('x_trans_id', 'String', FALSE); |
246 | $input['receive_date'] = $this->retrieve('receive_date', 'String', FALSE, 'now'); | |
0dbefed3 | 247 | |
6a488035 TO |
248 | if ($input['trxn_id']) { |
249 | $input['is_test'] = 0; | |
250 | } | |
5c6c7e76 | 251 | // Only assume trxn_id 'should' have been returned for success. |
252 | // Per CRM-17611 it would also not be passed back for a decline. | |
253 | elseif ($input['response_code'] == 1) { | |
6a488035 TO |
254 | $input['is_test'] = 1; |
255 | $input['trxn_id'] = md5(uniqid(rand(), TRUE)); | |
256 | } | |
257 | ||
258 | if (!$this->getBillingID($ids)) { | |
259 | return FALSE; | |
260 | } | |
261 | $billingID = $ids['billing']; | |
262 | $params = array( | |
263 | 'first_name' => 'x_first_name', | |
264 | 'last_name' => 'x_last_name', | |
265 | "street_address-{$billingID}" => 'x_address', | |
266 | "city-{$billingID}" => 'x_city', | |
267 | "state-{$billingID}" => 'x_state', | |
268 | "postal_code-{$billingID}" => 'x_zip', | |
269 | "country-{$billingID}" => 'x_country', | |
270 | "email-{$billingID}" => 'x_email', | |
271 | ); | |
272 | foreach ($params as $civiName => $resName) { | |
0dbefed3 | 273 | $input[$civiName] = $this->retrieve($resName, 'String', FALSE); |
6a488035 TO |
274 | } |
275 | } | |
276 | ||
6c786a9b | 277 | /** |
dbb0d30b | 278 | * Get ids from input. |
279 | * | |
280 | * @param array $ids | |
281 | * @param array $input | |
282 | * | |
283 | * @throws \CRM_Core_Exception | |
6c786a9b | 284 | */ |
00be9182 | 285 | public function getIDs(&$ids, &$input) { |
0dbefed3 EM |
286 | $ids['contact'] = $this->retrieve('x_cust_id', 'Integer', FALSE, 0); |
287 | $ids['contribution'] = $this->retrieve('x_invoice_num', 'Integer'); | |
6a488035 TO |
288 | |
289 | // joining with contribution table for extra checks | |
290 | $sql = " | |
291 | SELECT cr.id, cr.contact_id | |
292 | FROM civicrm_contribution_recur cr | |
293 | INNER JOIN civicrm_contribution co ON co.contribution_recur_id = cr.id | |
294 | WHERE cr.processor_id = '{$input['subscription_id']}' AND | |
295 | (cr.contact_id = {$ids['contact']} OR co.id = {$ids['contribution']}) | |
296 | LIMIT 1"; | |
297 | $contRecur = CRM_Core_DAO::executeQuery($sql); | |
298 | $contRecur->fetch(); | |
299 | $ids['contributionRecur'] = $contRecur->id; | |
9b873358 | 300 | if ($ids['contact'] != $contRecur->contact_id) { |
267353f4 CB |
301 | $message = ts("Recurring contribution appears to have been re-assigned from id %1 to %2, continuing with %2.", array(1 => $ids['contact'], 2 => $contRecur->contact_id)); |
302 | CRM_Core_Error::debug_log_message($message); | |
8753de39 | 303 | $ids['contact'] = $contRecur->contact_id; |
6a488035 TO |
304 | } |
305 | if (!$ids['contributionRecur']) { | |
4346da4b | 306 | $message = ts("Could not find contributionRecur id"); |
307 | $log = new CRM_Utils_SystemLogger(); | |
308 | $log->error('payment_notification', array('message' => $message, 'ids' => $ids, 'input' => $input)); | |
309 | throw new CRM_Core_Exception($message); | |
6a488035 TO |
310 | } |
311 | ||
312 | // get page id based on contribution id | |
313 | $ids['contributionPage'] = CRM_Core_DAO::getFieldValue('CRM_Contribute_DAO_Contribution', | |
314 | $ids['contribution'], | |
315 | 'contribution_page_id' | |
316 | ); | |
317 | ||
318 | if ($input['component'] == 'event') { | |
319 | // FIXME: figure out fields for event | |
320 | } | |
321 | else { | |
6a488035 TO |
322 | // Get membershipId. Join with membership payment table for additional checks |
323 | $sql = " | |
324 | SELECT m.id | |
325 | FROM civicrm_membership m | |
326 | INNER JOIN civicrm_membership_payment mp ON m.id = mp.membership_id AND mp.contribution_id = {$ids['contribution']} | |
327 | WHERE m.contribution_recur_id = {$ids['contributionRecur']} | |
328 | LIMIT 1"; | |
329 | if ($membershipId = CRM_Core_DAO::singleValueQuery($sql)) { | |
330 | $ids['membership'] = $membershipId; | |
331 | } | |
332 | ||
333 | // FIXME: todo related_contact and onBehalfDupeAlert. Check paypalIPN. | |
334 | } | |
335 | } | |
336 | ||
6c786a9b | 337 | /** |
6a0b768e TO |
338 | * @param string $name |
339 | * Parameter name. | |
340 | * @param string $type | |
341 | * Parameter type. | |
342 | * @param bool $abort | |
343 | * Abort if not present. | |
344 | * @param null $default | |
345 | * Default value. | |
6c786a9b | 346 | * |
0dbefed3 | 347 | * @throws CRM_Core_Exception |
6c786a9b EM |
348 | * @return mixed |
349 | */ | |
00be9182 | 350 | public function retrieve($name, $type, $abort = TRUE, $default = NULL) { |
0dbefed3 EM |
351 | $value = CRM_Utils_Type::validate( |
352 | empty($this->_inputParameters[$name]) ? $default : $this->_inputParameters[$name], | |
353 | $type, | |
354 | FALSE | |
6a488035 TO |
355 | ); |
356 | if ($abort && $value === NULL) { | |
0dbefed3 | 357 | throw new CRM_Core_Exception("Could not find an entry for $name"); |
6a488035 TO |
358 | } |
359 | return $value; | |
2aa397bc | 360 | } |
6a488035 | 361 | |
6c786a9b | 362 | /** |
d6944518 EM |
363 | * Check and validate gateway MD5 response if present. |
364 | * | |
365 | * @param CRM_Core_Payment_AuthorizeNet $paymentObject | |
366 | * @param array $input | |
6c786a9b | 367 | * |
4346da4b | 368 | * @throws CRM_Core_Exception |
6c786a9b | 369 | */ |
d6944518 | 370 | public function checkMD5($paymentObject, $input) { |
5c6c7e76 | 371 | if (empty($input['trxn_id'])) { |
372 | // For decline we have nothing to check against. | |
373 | return; | |
374 | } | |
6a488035 | 375 | if (!$paymentObject->checkMD5($input['MD5_Hash'], $input['trxn_id'], $input['amount'], TRUE)) { |
4346da4b | 376 | $message = "Failure: Security verification failed"; |
377 | $log = new CRM_Utils_SystemLogger(); | |
11a1ad01 | 378 | $log->error('payment_notification', array('message' => $message, 'input' => $input)); |
4346da4b | 379 | throw new CRM_Core_Exception($message); |
6a488035 | 380 | } |
6a488035 | 381 | } |
96025800 | 382 | |
6a488035 | 383 | } |