projects / trustcommerce.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Changes for ipv6 fraud management
[trustcommerce.git] / CRM / Core / Payment / TrustCommerce.php
CommitLineData
e751ae55
AE		 1<?php
2/*
3 * This file is part of CiviCRM.
4 *
5 * CiviCRM is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
9 *
10 * CiviCRM is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with CiviCRM. If not, see <http://www.gnu.org/licenses/>.
17 *
18 * Copyright (C) 2012
19 * Licensed to CiviCRM under the GPL v3 or higher
20 *
21 * Written and contributed by Ward Vandewege <ward@fsf.org> (http://www.fsf.org)
22 * Modified by Lisa Marie Maginnis <lisa@fsf.org> (http://www.fsf.org)
23 * Copyright © 2015 David Thompson <davet@gnu.org>
24 *
25 */
26
27/**
28 * CiviCRM payment processor module for TrustCommerece.
29 *
30 * This module uses the TrustCommerece API via the tc_link module (GPLv3)
31 * distributed by TrustCommerece.com. For full documentation on the
32 * TrustCommerece API, please see the TCDevGuide for more information:
33 * https://vault.trustcommerce.com/downloads/TCDevGuide.htm
34 *
35 * This module supports the following features: Single credit/debit card
36 * transactions, AVS checking, recurring (create, update, and cancel
37 * subscription) optional blacklist with fail2ban,
38 *
39 * @copyright Ward Vandewege <ward@fsf.org> (http://www.fsf.org)
40 * @copyright Lisa Marie Maginnis <lisa@fsf.org> (http://www.fsf.org)
41 * @copyright David Thompson <davet@gnu.org>
42 * @version 0.4
43 * @package org.fsf.payment.trustcommerce
44 */
45
46/**
47 * Define logging level (0 = off, 4 = log everything)
48 */
49define('TRUSTCOMMERCE_LOGGING_LEVEL', 4);
50
51/**
52 * Load the CiviCRM core payment class so we can extend it.
53 */
54require_once 'CRM/Core/Payment.php';
55
56/**
57 * The payment processor object, it extends CRM_Core_Payment.
58 */
59//class org_fsf_payment_trustcommerce extends CRM_Core_Payment {
60class CRM_Core_Payment_TrustCommerce extends CRM_Core_Payment {
61
62 /**#@+
63 * Constants
64 */
65 /**
66 * This is our default charset, currently unused.
67 */
68 CONST CHARSET = 'iso-8859-1';
69 /**
70 * The API response value for transaction approved.
71 */
72 CONST AUTH_APPROVED = 'approve';
73 /**
74 * The API response value for transaction declined.
75 */
76 CONST AUTH_DECLINED = 'decline';
77 /**
78 * The API response value for baddata passed to the TC API.
79 */
80 CONST AUTH_BADDATA = 'baddata';
81 /**
82 * The API response value for an error in the TC API call.
83 */
84 CONST AUTH_ERROR = 'error';
85 /**
86 * The API response value for blacklisted in our local blacklist
87 */
88 CONST AUTH_BLACKLIST = 'blacklisted';
89 /**
90 * The API response value for approved status per the TCDevGuide.
91 */
92 CONST AUTH_ACCEPTED = 'accepted';
93
94 /**
95 * The current mode of the payment processor, valid values are: live, demo.
96 * @static
97 * @var string
98 */
66407e07 99 protected $_mode = NULL;
e751ae55
AE		 100 /**
101 * The array of params cooked and passed to the TC API via tc_link().
102 * @static
103 * @var array
104 */
66407e07 105 protected $_params = array();
e751ae55
AE		 106
107 /**
108 * We only need one instance of this object. So we use the singleton
109 * pattern and cache the instance in this variable
110 * @static
111 * @var object
112 */
113 static private $_singleton = NULL;
114
115 /**
116 * Sets our basic TC API paramaters (username, password). Also sets up:
117 * logging level, processor name, the mode (live/demo), and creates/copies
118 * our singleton.
119 *
120 * @param string $mode the mode of operation: live or test
121 * @param CRM_Core_Payment The payment processor object.
122 *
123 * @return void
124 */
125 function __construct($mode, &$paymentProcessor) {
66407e07 126 $this->_mode = $mode;
e751ae55
AE		 127
128 $this->_paymentProcessor = $paymentProcessor;
129
130 $this->_processorName = ts('TrustCommerce');
131
132 $config = CRM_Core_Config::singleton();
133 $this->_setParam('user_name', $paymentProcessor['user_name']);
134 $this->_setParam('password', $paymentProcessor['password']);
135
136 $this->_setParam('timestamp', time());
137 srand(time());
138 $this->_setParam('sequence', rand(1, 1000));
139 $this->logging_level = TRUSTCOMMERCE_LOGGING_LEVEL;
140
141 }
142
143 /**
144 * The singleton function used to manage this object
145 *
146 * @param string $mode the mode of operation: live or test
147 * @param CRM_Core_Payment The payment processor object.
148 *
149 * @return object
150 * @static
151 */
152 static function &singleton($mode, &$paymentProcessor) {
153 $processorName = $paymentProcessor['name'];
154 if (self::$_singleton[$processorName] === NULL) {
155 self::$_singleton[$processorName] = new CRM_Core_Payment_TrustCommerce($mode, $paymentProcessor);
156 }
157 return self::$_singleton[$processorName];
158 }
159
160 /**
161 * Submit a payment using the TC API
162 *
163 * @param array $params The params we will be sending to tclink_send()
164 * @return mixed An array of our results, or an error object if the transaction fails.
165 * @public
166 */
167 function doDirectPayment(&$params) {
168 if (!extension_loaded("tclink")) {
169 return self::error(9001, 'TrustCommerce requires that the tclink module is loaded');
170 }
171
172 /* Copy our paramaters to ourself */
173 foreach ($params as $field => $value) {
174 $this->_setParam($field, $value);
175 }
176
177 /* Get our fields to pass to tclink_send() */
178 $tc_params = $this->_getTrustCommerceFields();
179
180 /* Are we recurring? If so add the extra API fields. */
181 if (CRM_Utils_Array::value('is_recur', $params) == 1) {
182 $tc_params = $this->_getRecurPaymentFields($tc_params);
183 $recur=1;
184 }
185
186 /* Pass our cooked params to the alter hook, per Core/Payment/Dummy.php */
187 CRM_Utils_Hook::alterPaymentProcessorParams($this, $params, $tc_params);
188
189 // TrustCommerce will not refuse duplicates, so we should check if the user already submitted this transaction
190 if ($this->_checkDupe($tc_params['ticket'])) {
191 return self::error(9004, 'It appears that this transaction is a duplicate. Have you already submitted the form once? If so there may have been a connection problem. You can try your transaction again. If you continue to have problems please contact the site administrator.');
192 }
193
194 /* This implements a local blacklist, and passes us though as a normal failure
195 * if the luser is on the blacklist. */
196 if(!$this->_isBlacklisted($tc_params)) {
197 /* Call the TC API, and grab the reply */
198 $reply = $this->_sendTCRequest($tc_params);
199 } else {
200 $this->_logger($tc_params);
201 $reply['status'] = self::AUTH_BLACKLIST;
202 usleep(rand(1000000,10000000));
203 }
204
205 /* Parse our reply */
206 $result = $this->_getTCReply($reply);
207
208 if(!is_object($result)) {
209 if($result == 0) {
210 /* We were successful, congrats. Lets wrap it up:
211 * Convert back to dollars
212 * Save the transaction ID
213 */
214
215 if (array_key_exists('billingid', $reply)) {
216 $params['recurr_profile_id'] = $reply['billingid'];
217 CRM_Core_DAO::setFieldValue(
218 'CRM_Contribute_DAO_ContributionRecur',
219 $this->_getParam('contributionRecurID'),
220 'processor_id', $reply['billingid']
221 );
222 }
223 $params['trxn_id'] = $reply['transid'];
224
225 $params['gross_amount'] = $tc_params['amount'] / 100;
226
227 return $params;
228 }
229 } else {
230 /* Otherwise we return the error object */
231 return $result;
232 }
233 }
234
235 /**
236 * Hook to update CC info for a recurring contribution
237 *
238 * @param string $message The message to dispaly on update success/failure
239 * @param array $params The paramters to pass to the payment processor
240 *
241 * @return bool True if successful, false on failure
242 */
243 function updateSubscriptionBillingInfo(&$message = '', $params = array()) {
244 $expYear = $params['credit_card_exp_date']['Y'];
245 $expMonth = $params['credit_card_exp_date']['M'];
246
247 // TODO: This should be our build in params set function, not by hand!
248 $tc_params = array(
249 'custid' => $this->_paymentProcessor['user_name'],
250 'password' => $this->_paymentProcessor['password'],
251 'action' => 'store',
252 'billingid' => $params['subscriptionId'],
253 'avs' => 'y', // Enable address verification
254 'address1' => $params['street_address'],
255 'zip' => $params['postal_code'],
256 'name' => $this->_formatBillingName($params['first_name'],
257 $params['last_name']),
258 'cc' => $params['credit_card_number'],
259 'cvv' => $params['cvv2'],
260 'exp' => $this->_formatExpirationDate($expYear, $expMonth),
261 'amount' => $this->_formatAmount($params['amount']),
262 );
263
264 CRM_Utils_Hook::alterPaymentProcessorParams($this, $params, $tc_params);
265
266 $reply = $this->_sendTCRequest($tc_params);
267 $result = $this->_getTCReply($reply);
268
269 if($result === 0) {
270 // TODO: Respect vaules for $messages passed in from our caller
271 $message = 'Successfully updated TC billing id ' . $tc_params['billingid'];
272
273 return TRUE;
274 } else {
275 return FALSE;
276 }
277 }
278
279 // TODO: Use the formatting functions throughout the entire class to
280 // dedupe the conversions done elsewhere in a less reusable way.
281
282 /**
283 * Internal routine to convert from CiviCRM amounts to TC amounts.
284 *
285 * Multiplies the amount by 100.
286 *
287 * @param float $amount The currency value to convert.
288 *
289 * @return int The TC amount
290 */
291 private function _formatAmount($amount) {
292 return $amount * 100;
293 }
294
295 /**
296 * Internal routine to format the billing name for TC
297 *
298 * @param string $firstName The first name to submit to TC
299 * @param string $lastName The last name to submit to TC
300 *
301 * @return string The TC name format, "$firstName $lastName"
302 */
303 private function _formatBillingName($firstName, $lastName) {
304 return "$firstName $lastName";
305 }
306
307 /**
308 * Formats the expiration date for TC
309 *
310 * @param int $year The credit card expiration year
311 * @param int $month The credit card expiration year
312 *
313 * @return The TC CC expiration date format, "$month$year"
314 */
315 private function _formatExpirationDate($year, $month) {
316 $exp_month = str_pad($month, 2, '0', STR_PAD_LEFT);
317 $exp_year = substr($year, -2);
318
319 return "$exp_month$exp_year";
320 }
321
322 private function _isParamsBlacklisted($tc_params) {
cafbec2a 323 if($tc_params['address1'] == '230 Motley Dr') {
e751ae55
AE		 324 error_log("TrustCommerce: _isParamsBlacklisted() triggered");
325 return TRUE;
e751ae55 326 }
cafbec2a 327 return FALSE;
e751ae55
AE		 328 }
329
330 /**
331 * Checks to see if the source IP/USERAGENT are blacklisted.
332 *
333 * @return bool TRUE if on the blacklist, FALSE if not.
334 */
335 private function _isBlacklisted($tc_params) {
336 if($this->_isIPBlacklisted()) {
337 return TRUE;
338 } else if($this->_isAgentBlacklisted()) {
339 return TRUE;
340 } else if($this->_isParamsBlacklisted($tc_params)) {
341 return TRUE;
342 }
343 return FALSE;
344
345 }
346
347 /**
348 * Checks to see if the source USERAGENT is blacklisted
349 *
350 * @return bool TRUE if on the blacklist, FALSE if not.
351 */
352 private function _isAgentBlacklisted() {
353 // TODO: fix DB calls to be more the CiviCRM way
354 $ip = $_SERVER['REMOTE_ADDR'];
355 $agent = $_SERVER['HTTP_USER_AGENT'];
356 $dao = CRM_Core_DAO::executeQuery('SELECT * FROM `trustcommerce_useragent_blacklist`');
357 while($dao->fetch()) {
358 if(preg_match('/'.$dao->name.'/', $agent) === 1) {
359 error_log(' [client '.$ip.'] [agent '.$agent.'] - Blacklisted by USER_AGENT rule #'.$dao->id);
360 return TRUE;
361 }
362 }
363 return FALSE;
364 }
365
366 /**
367 * Checks to see if the source IP is blacklisted
368 *
369 * @return bool TRUE if on the blacklist, FALSE if not.
370 */
371 private function _isIPBlacklisted() {
372 // TODO: fix DB calls to be more the CiviCRM way
373 $ip = $_SERVER['REMOTE_ADDR'];
374 $agent = $_SERVER['HTTP_USER_AGENT'];
e751ae55
AE		 375 $blacklist = array();
376 $dao = CRM_Core_DAO::executeQuery('SELECT * FROM `trustcommerce_blacklist`');
377 while($dao->fetch()) {
7e9cce83
RR		 378 if($ip == $dao->ip) {
379 error_log('[client '.$ip.'] [agent '.$agent.'] Blacklisted by IP rule #'.$dao->id);
e751ae55
AE		 380 return TRUE;
381 }
382 }
383 return FALSE;
384 }
385
386 /**
387 * Sends the API call to TC for processing
388 *
389 * @param array $request The array of paramaters to pass the TC API
390 *
391 * @return array The response from the TC API
392 */
393 function _sendTCRequest($request) {
394 $this->_logger($request);
395 return tclink_send($request);
396 }
397
398 /**
399 * Logs paramaters from TC along with the remote address of the client
400 *
401 * Will log paramaters via the error_log() routine. For security reasons
402 * the following values are not logged (skipped): custid, password, cc
403 * exp, and cvv.
404 *
405 * @param array $params The paramaters to log
406 */
407 function _logger($params) {
408 $msg = '';
409 foreach ($params as $key => $data) {
410 /* Delete any data we should not be writing to disk. This includes:
411 * custid, password, cc, exp, and cvv
412 */
413 switch($key) {
414 case 'custid':
415 case 'password':
416 case 'cc':
417 case 'exp':
418 case 'cvv':
419 break;
420 default:
421 $msg .= ' '.$key.' => '.$data;
422 }
423 }
424 error_log('[client '.$_SERVER['REMOTE_ADDR'].'] TrustCommerce:'.$msg);
425 }
426
427 /**
428 * Gets the recurring billing fields for the TC API
429 *
430 * @param array $fields The fields to modify.
431 * @return array The fields for tclink_send(), modified for recurring billing.
432 * @public
433 */
434 function _getRecurPaymentFields($fields) {
435 $payments = $this->_getParam('frequency_interval');
436 $cycle = $this->_getParam('frequency_unit');
437
438 /* Translate billing cycle from CiviCRM -> TC */
439 switch($cycle) {
440 case 'day':
441 $cycle = 'd';
442 break;
443 case 'week':
444 $cycle = 'w';
445 break;
446 case 'month':
447 $cycle = 'm';
448 break;
449 case 'year':
450 $cycle = 'y';
451 break;
452 }
453
454 /* Translate frequency interval from CiviCRM -> TC
455 * Payments are the same, HOWEVER a payment of 1 (forever) should be 0 in TC */
456 if($payments == 1) {
457 $payments = 0;
458 }
459
460 $fields['cycle'] = '1'.$cycle; /* The billing cycle in years, months, weeks, or days. */
461 $fields['payments'] = $payments;
462 $fields['action'] = 'store'; /* Change our mode to `store' mode. */
463
464 return $fields;
465 }
466
467 /** Parses a response from TC via the tclink_send() command.
468 *
469 * @param array $reply The result of a call to tclink_send().
470 *
471 * @return mixed|CRM_Core_Error CRM_Core_Error object if transaction failed, otherwise
472 * returns 0.
473 */
474 function _getTCReply($reply) {
475
476 /* DUPLIATE CODE, please refactor. ~lisa */
477 if (!$reply) {
478 return self::error(9002, 'Could not initiate connection to payment gateway.');
479 }
480
481 $this->_logger($reply);
482
483 switch($reply['status']) {
484 case self::AUTH_BLACKLIST:
7e9cce83 485 return self::error(9009, "Your transaction was declined. Please check the correctness of your credit card information, including CC number, expiration date and CVV code. ");
e751ae55
AE		 486 break;
487 case self::AUTH_APPROVED:
488 break;
489 case self::AUTH_ACCEPTED:
490 // It's all good
491 break;
492 case self::AUTH_DECLINED:
493 // TODO FIXME be more or less specific?
494 // declinetype can be: decline, avs, cvv, call, expiredcard, carderror, authexpired, fraud, blacklist, velocity
495 // See TC documentation for more info
496 switch($reply['declinetype']) {
497 case 'avs':
498 return self::error(9009, "Your transaction was declined for address verification reasons. If your address was correct please contact us at donate@fsf.org before attempting to retry your transaction.");
499 break;
500 }
501 return self::error(9009, "Your transaction was declined. Please check the correctness of your credit card information, including CC number, expiration date and CVV code.");
502 break;
503 case self::AUTH_BADDATA:
504 // TODO FIXME do something with $reply['error'] and $reply['offender']
505 return self::error(9011, "Invalid credit card information. The following fields were invalid: {$reply['offenders']}.");
506 break;
507 case self::AUTH_ERROR:
508 return self::error(9002, 'Could not initiate connection to payment gateway');
509 break;
510 }
511 return 0;
512 }
513
514 /**
515 * Generate the basic paramaters to send the TC API
516 *
517 * @return array The array of paramaters to pass _sendTCRequest()
518 */
519 function _getTrustCommerceFields() {
520 // Total amount is from the form contribution field
521 $amount = $this->_getParam('total_amount');
522 // CRM-9894 would this ever be the case??
523 if (empty($amount)) {
524 $amount = $this->_getParam('amount');
525 }
526 $fields = array();
66407e07
RR		 527
528 $fields['custid'] = $this->_paymentProcessor['user_name'];
529 $fields['password'] = $this->_paymentProcessor['password'];
530
e751ae55
AE		 531 $fields['action'] = 'sale';
532
533 // Enable address verification
534 $fields['avs'] = 'y';
535
536 $fields['address1'] = $this->_getParam('street_address');
537 $fields['zip'] = $this->_getParam('postal_code');
76223b76 538 $fields['country'] = $this->_getParam('country');
e751ae55
AE		 539
540 $fields['name'] = $this->_getParam('billing_first_name') . ' ' . $this->_getParam('billing_last_name');
541
542 // This assumes currencies where the . is used as the decimal point, like USD
543 $amount = preg_replace("/([^0-9\\.])/i", "", $amount);
544
545 // We need to pass the amount to TrustCommerce in dollar cents
546 $fields['amount'] = $amount * 100;
547
548 // Unique identifier
549 $fields['ticket'] = substr($this->_getParam('invoiceID'), 0, 20);
550
551 // cc info
552 $fields['cc'] = $this->_getParam('credit_card_number');
553 $fields['cvv'] = $this->_getParam('cvv2');
554 $exp_month = str_pad($this->_getParam('month'), 2, '0', STR_PAD_LEFT);
555 $exp_year = substr($this->_getParam('year'),-2);
556 $fields['exp'] = "$exp_month$exp_year";
557
66407e07 558 if ($this->_mode != 'live') {
e751ae55
AE		 559 $fields['demo'] = 'y';
560 }
561 return $fields;
562 }
563
564 /**
565 * Checks to see if invoice_id already exists in db
566 *
567 * @param int $invoiceId The ID to check
568 *
569 * @return bool True if ID exists, else false
570 */
571 function _checkDupe($invoiceId) {
572 require_once 'CRM/Contribute/DAO/Contribution.php';
573 $contribution = new CRM_Contribute_DAO_Contribution();
574 $contribution->invoice_id = $invoiceId;
575 return $contribution->find();
576 }
577
578 /**
579 * Get the value of a field if set
580 *
581 * @param string $field the field
582 *
583 * @return mixed value of the field, or empty string if the field is
584 * not set
585 */
586 function _getParam($field) {
66407e07
RR		 587 $value = CRM_Utils_Array::value($field, $this->_params, '');
588 if ($xmlSafe) {
589 $value = str_replace(array('&', '"', "'", '<', '>'), '', $value);
590 }
591 return $value;
e751ae55
AE		 592 }
593
594 /**
595 * Sets our error message/logging information for CiviCRM
596 *
597 * @param int $errorCode The numerical code of the error, defaults to 9001
598 * @param string $errorMessage The error message to display/log
599 *
600 * @return CRM_Core_Error The error object with message and code.
601 */
602 function &error($errorCode = NULL, $errorMessage = NULL) {
603 $e = CRM_Core_Error::singleton();
604 if ($errorCode) {
605 $e->push($errorCode, 0, NULL, $errorMessage);
606 }
607 else {
608 $e->push(9001, 0, NULL, 'Unknown System Error.');
609 }
610 return $e;
611 }
612
613 /**
614 * Set a field to the specified value. Value must be a scalar (int,
615 * float, string, or boolean)
616 *
617 * @param string $field
618 * @param mixed $value
619 *
620 * @return bool false if value is not a scalar, true if successful
621 */
622 function _setParam($field, $value) {
623 if (!is_scalar($value)) {
624 return FALSE;
625 }
626 else {
66407e07 627 $this->_params[$field] = $value;
e751ae55
AE		 628 }
629 }
630
631 /**
632 * Checks to see if we have the manditory config values set.
633 *
634 * @return string the error message if any
635 * @public
636 */
637 function checkConfig() {
638 $error = array();
639 if (empty($this->_paymentProcessor['user_name'])) {
640 $error[] = ts('Customer ID is not set for this payment processor');
641 }
642
643 if (empty($this->_paymentProcessor['password'])) {
644 $error[] = ts('Password is not set for this payment processor');
645 }
646
647 if (!empty($error)) {
648 return implode('<p>', $error);
649 } else {
650 return NULL;
651 }
652 }
653
654 /**
655 * Hook to cancel a recurring contribution
656 *
657 * @param string $message The message to dispaly on update success/failure
658 * @param array $params The paramters to pass to the payment processor
659 *
660 * @return bool True if successful, false on failure
661 */
662 function cancelSubscription(&$message = '', $params = array()) {
663 $tc_params['custid'] = $this->_getParam('user_name');
664 $tc_params['password'] = $this->_getParam('password');
665 $tc_params['action'] = 'unstore';
666 $tc_params['billingid'] = CRM_Utils_Array::value('subscriptionId', $params);
667
668 $result = $this->_sendTCRequest($tc_params);
669
670 /* Test if call failed */
671 if(!$result) {
672 return self::error(9002, 'Could not initiate connection to payment gateway');
673 }
674 /* We are done, pass success */
675 return TRUE;
676 }
677
678 /**
679 * Hook to update amount billed for a recurring contribution
680 *
681 * @param string $message The message to dispaly on update success/failure
682 * @param array $params The paramters to pass to the payment processor
683 *
684 * @return bool True if successful, false on failure
685 */
686 function changeSubscriptionAmount(&$message = '', $params = array()) {
687 $tc_params['custid'] = $this->_paymentProcessor['user_name'];
688 $tc_params['password'] = $this->_paymentProcessor['password'];
689 $tc_params['action'] = 'store';
690
691 $tc_params['billingid'] = CRM_Utils_Array::value('subscriptionId', $params);
692 $tc_params['payments'] = CRM_Utils_Array::value('installments', $params);
693 $tc_params['amount'] = CRM_Utils_Array::value('amount', $params) * 100;
694
695 if($tc_params['payments'] == 1) {
696 $tc_params['payments'] = 0;
697 }
698 $reply = $this->_sendTCRequest($tc_params);
699 $result = $this->_getTCReply($reply);
700
701 /* We are done, pass success */
702 return TRUE;
703
704 }
705
706 /**
707 * Installs the trustcommerce module (currently a dummy)
708 */
709 public function install() {
710 return TRUE;
711 }
712
713 /**
714 * Uninstalls the trustcommerce module (currently a dummy)
715 */
716 public function uninstall() {
717 return TRUE;
718 }
719
720}
721