| 1 | <?php |
| 2 | /* |
| 3 | +--------------------------------------------------------------------+ |
| 4 | | CiviCRM version 4.7 | |
| 5 | +--------------------------------------------------------------------+ |
| 6 | | Copyright CiviCRM LLC (c) 2004-2015 | |
| 7 | +--------------------------------------------------------------------+ |
| 8 | | This file is a part of CiviCRM. | |
| 9 | | | |
| 10 | | CiviCRM is free software; you can copy, modify, and distribute it | |
| 11 | | under the terms of the GNU Affero General Public License | |
| 12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | |
| 13 | | | |
| 14 | | CiviCRM is distributed in the hope that it will be useful, but | |
| 15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
| 17 | | See the GNU Affero General Public License for more details. | |
| 18 | | | |
| 19 | | You should have received a copy of the GNU Affero General Public | |
| 20 | | License and the CiviCRM Licensing Exception along | |
| 21 | | with this program; if not, contact CiviCRM LLC | |
| 22 | | at info[AT]civicrm[DOT]org. If you have questions about the | |
| 23 | | GNU Affero General Public License or the licensing of CiviCRM, | |
| 24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | |
| 25 | +--------------------------------------------------------------------+ |
| 26 | */ |
| 27 | |
| 28 | /** |
| 29 | * |
| 30 | * @package CRM |
| 31 | * @copyright CiviCRM LLC (c) 2004-2015 |
| 32 | */ |
| 33 | class CRM_Core_Payment_AuthorizeNetIPN extends CRM_Core_Payment_BaseIPN { |
| 34 | |
| 35 | /** |
| 36 | * Constructor function. |
| 37 | * |
| 38 | * @param array $inputData |
| 39 | * contents of HTTP REQUEST. |
| 40 | * |
| 41 | * @throws CRM_Core_Exception |
| 42 | */ |
| 43 | public function __construct($inputData) { |
| 44 | $this->setInputParameters($inputData); |
| 45 | parent::__construct(); |
| 46 | } |
| 47 | |
| 48 | /** |
| 49 | * @param string $component |
| 50 | * |
| 51 | * @return bool|void |
| 52 | */ |
| 53 | public function main($component = 'contribute') { |
| 54 | |
| 55 | //we only get invoice num as a key player from payment gateway response. |
| 56 | //for ARB we get x_subscription_id and x_subscription_paynum |
| 57 | $x_subscription_id = $this->retrieve('x_subscription_id', 'String'); |
| 58 | |
| 59 | if ($x_subscription_id) { |
| 60 | //Approved |
| 61 | |
| 62 | $ids = $objects = array(); |
| 63 | $input['component'] = $component; |
| 64 | |
| 65 | // load post vars in $input |
| 66 | $this->getInput($input, $ids); |
| 67 | |
| 68 | // load post ids in $ids |
| 69 | $this->getIDs($ids, $input); |
| 70 | |
| 71 | // This is an unreliable method as there could be more than one instance. |
| 72 | // Recommended approach is to use the civicrm/payment/ipn/xx url where xx is the payment |
| 73 | // processor id & the handleNotification function (which should call the completetransaction api & by-pass this |
| 74 | // entirely). The only thing the IPN class should really do is extract data from the request, validate it |
| 75 | // & call completetransaction or call fail? (which may not exist yet). |
| 76 | $paymentProcessorTypeID = CRM_Core_DAO::getFieldValue('CRM_Financial_DAO_PaymentProcessorType', |
| 77 | 'AuthNet', 'id', 'name' |
| 78 | ); |
| 79 | $paymentProcessorID = (int) civicrm_api3('PaymentProcessor', 'getvalue', array( |
| 80 | 'is_test' => 0, |
| 81 | 'options' => array('limit' => 1), |
| 82 | 'payment_processor_type_id' => $paymentProcessorTypeID, |
| 83 | 'return' => 'id', |
| 84 | )); |
| 85 | |
| 86 | if (!$this->validateData($input, $ids, $objects, TRUE, $paymentProcessorID)) { |
| 87 | return FALSE; |
| 88 | } |
| 89 | |
| 90 | if ($component == 'contribute' && $ids['contributionRecur']) { |
| 91 | // check if first contribution is completed, else complete first contribution |
| 92 | $first = TRUE; |
| 93 | if ($objects['contribution']->contribution_status_id == 1) { |
| 94 | $first = FALSE; |
| 95 | } |
| 96 | return $this->recur($input, $ids, $objects, $first); |
| 97 | } |
| 98 | } |
| 99 | return TRUE; |
| 100 | } |
| 101 | |
| 102 | /** |
| 103 | * @param array $input |
| 104 | * @param array $ids |
| 105 | * @param array $objects |
| 106 | * @param $first |
| 107 | * |
| 108 | * @return bool |
| 109 | */ |
| 110 | public function recur(&$input, &$ids, &$objects, $first) { |
| 111 | $this->_isRecurring = TRUE; |
| 112 | $recur = &$objects['contributionRecur']; |
| 113 | $paymentProcessorObject = $objects['contribution']->_relatedObjects['paymentProcessor']['object']; |
| 114 | |
| 115 | // do a subscription check |
| 116 | if ($recur->processor_id != $input['subscription_id']) { |
| 117 | CRM_Core_Error::debug_log_message("Unrecognized subscription."); |
| 118 | echo "Failure: Unrecognized subscription<p>"; |
| 119 | return FALSE; |
| 120 | } |
| 121 | |
| 122 | // At this point $object has first contribution loaded. |
| 123 | // Lets do a check to make sure this payment has the amount same as that of first contribution. |
| 124 | if ($objects['contribution']->total_amount != $input['amount']) { |
| 125 | CRM_Core_Error::debug_log_message("Subscription amount mismatch."); |
| 126 | echo "Failure: Subscription amount mismatch<p>"; |
| 127 | return FALSE; |
| 128 | } |
| 129 | |
| 130 | $contributionStatus = CRM_Contribute_PseudoConstant::contributionStatus(NULL, 'name'); |
| 131 | |
| 132 | $transaction = new CRM_Core_Transaction(); |
| 133 | |
| 134 | $now = date('YmdHis'); |
| 135 | |
| 136 | // fix dates that already exist |
| 137 | $dates = array('create_date', 'start_date', 'end_date', 'cancel_date', 'modified_date'); |
| 138 | foreach ($dates as $name) { |
| 139 | if ($recur->$name) { |
| 140 | $recur->$name = CRM_Utils_Date::isoToMysql($recur->$name); |
| 141 | } |
| 142 | } |
| 143 | |
| 144 | //load new contribution object if required. |
| 145 | if (!$first) { |
| 146 | // create a contribution and then get it processed |
| 147 | $contribution = new CRM_Contribute_BAO_Contribution(); |
| 148 | $contribution->contact_id = $ids['contact']; |
| 149 | $contribution->financial_type_id = $objects['contributionType']->id; |
| 150 | $contribution->contribution_page_id = $ids['contributionPage']; |
| 151 | $contribution->contribution_recur_id = $ids['contributionRecur']; |
| 152 | $contribution->receive_date = $now; |
| 153 | $contribution->currency = $objects['contribution']->currency; |
| 154 | $contribution->payment_instrument_id = $objects['contribution']->payment_instrument_id; |
| 155 | $contribution->amount_level = $objects['contribution']->amount_level; |
| 156 | $contribution->address_id = $objects['contribution']->address_id; |
| 157 | $contribution->campaign_id = $objects['contribution']->campaign_id; |
| 158 | |
| 159 | $objects['contribution'] = &$contribution; |
| 160 | } |
| 161 | $objects['contribution']->invoice_id = md5(uniqid(rand(), TRUE)); |
| 162 | $objects['contribution']->total_amount = $input['amount']; |
| 163 | $objects['contribution']->trxn_id = $input['trxn_id']; |
| 164 | |
| 165 | $this->checkMD5($paymentProcessorObject, $input); |
| 166 | |
| 167 | if ($input['response_code'] == 1) { |
| 168 | // Approved |
| 169 | if ($first) { |
| 170 | $recur->start_date = $now; |
| 171 | $recur->trxn_id = $recur->processor_id; |
| 172 | $this->_isFirstOrLastRecurringPayment = CRM_Core_Payment::RECURRING_PAYMENT_START; |
| 173 | } |
| 174 | $statusName = 'In Progress'; |
| 175 | if (($recur->installments > 0) && |
| 176 | ($input['subscription_paynum'] >= $recur->installments) |
| 177 | ) { |
| 178 | // this is the last payment |
| 179 | $statusName = 'Completed'; |
| 180 | $recur->end_date = $now; |
| 181 | $this->_isFirstOrLastRecurringPayment = CRM_Core_Payment::RECURRING_PAYMENT_END; |
| 182 | } |
| 183 | $recur->modified_date = $now; |
| 184 | $recur->contribution_status_id = array_search($statusName, $contributionStatus); |
| 185 | $recur->save(); |
| 186 | } |
| 187 | else { |
| 188 | // Declined |
| 189 | // failed status |
| 190 | $recur->contribution_status_id = array_search('Failed', $contributionStatus); |
| 191 | $recur->cancel_date = $now; |
| 192 | $recur->save(); |
| 193 | |
| 194 | $message = ts("Subscription payment failed - %1", array(1 => htmlspecialchars($input['response_reason_text']))); |
| 195 | CRM_Core_Error::debug_log_message($message); |
| 196 | |
| 197 | // the recurring contribution has declined a payment or has failed |
| 198 | // so we just fix the recurring contribution and not change any of |
| 199 | // the existing contributions |
| 200 | // CRM-9036 |
| 201 | return TRUE; |
| 202 | } |
| 203 | |
| 204 | // check if contribution is already completed, if so we ignore this ipn |
| 205 | if ($objects['contribution']->contribution_status_id == 1) { |
| 206 | $transaction->commit(); |
| 207 | CRM_Core_Error::debug_log_message("Returning since contribution has already been handled."); |
| 208 | echo "Success: Contribution has already been handled<p>"; |
| 209 | return TRUE; |
| 210 | } |
| 211 | |
| 212 | $this->completeTransaction($input, $ids, $objects, $transaction, $recur); |
| 213 | } |
| 214 | |
| 215 | /** |
| 216 | * @param $input |
| 217 | * @param $ids |
| 218 | * |
| 219 | * @return bool |
| 220 | */ |
| 221 | public function getInput(&$input, &$ids) { |
| 222 | $input['amount'] = $this->retrieve('x_amount', 'String'); |
| 223 | $input['subscription_id'] = $this->retrieve('x_subscription_id', 'Integer'); |
| 224 | $input['response_code'] = $this->retrieve('x_response_code', 'Integer'); |
| 225 | $input['MD5_Hash'] = $this->retrieve('x_MD5_Hash', 'String', FALSE, ''); |
| 226 | $input['response_reason_code'] = $this->retrieve('x_response_reason_code', 'String', FALSE); |
| 227 | $input['response_reason_text'] = $this->retrieve('x_response_reason_text', 'String', FALSE); |
| 228 | $input['subscription_paynum'] = $this->retrieve('x_subscription_paynum', 'Integer', FALSE, 0); |
| 229 | $input['trxn_id'] = $this->retrieve('x_trans_id', 'String', FALSE); |
| 230 | |
| 231 | if ($input['trxn_id']) { |
| 232 | $input['is_test'] = 0; |
| 233 | } |
| 234 | else { |
| 235 | $input['is_test'] = 1; |
| 236 | $input['trxn_id'] = md5(uniqid(rand(), TRUE)); |
| 237 | } |
| 238 | |
| 239 | if (!$this->getBillingID($ids)) { |
| 240 | return FALSE; |
| 241 | } |
| 242 | $billingID = $ids['billing']; |
| 243 | $params = array( |
| 244 | 'first_name' => 'x_first_name', |
| 245 | 'last_name' => 'x_last_name', |
| 246 | "street_address-{$billingID}" => 'x_address', |
| 247 | "city-{$billingID}" => 'x_city', |
| 248 | "state-{$billingID}" => 'x_state', |
| 249 | "postal_code-{$billingID}" => 'x_zip', |
| 250 | "country-{$billingID}" => 'x_country', |
| 251 | "email-{$billingID}" => 'x_email', |
| 252 | ); |
| 253 | foreach ($params as $civiName => $resName) { |
| 254 | $input[$civiName] = $this->retrieve($resName, 'String', FALSE); |
| 255 | } |
| 256 | } |
| 257 | |
| 258 | /** |
| 259 | * @param $ids |
| 260 | * @param $input |
| 261 | */ |
| 262 | public function getIDs(&$ids, &$input) { |
| 263 | $ids['contact'] = $this->retrieve('x_cust_id', 'Integer', FALSE, 0); |
| 264 | $ids['contribution'] = $this->retrieve('x_invoice_num', 'Integer'); |
| 265 | |
| 266 | // joining with contribution table for extra checks |
| 267 | $sql = " |
| 268 | SELECT cr.id, cr.contact_id |
| 269 | FROM civicrm_contribution_recur cr |
| 270 | INNER JOIN civicrm_contribution co ON co.contribution_recur_id = cr.id |
| 271 | WHERE cr.processor_id = '{$input['subscription_id']}' AND |
| 272 | (cr.contact_id = {$ids['contact']} OR co.id = {$ids['contribution']}) |
| 273 | LIMIT 1"; |
| 274 | $contRecur = CRM_Core_DAO::executeQuery($sql); |
| 275 | $contRecur->fetch(); |
| 276 | $ids['contributionRecur'] = $contRecur->id; |
| 277 | if ($ids['contact'] != $contRecur->contact_id) { |
| 278 | $message = ts("Recurring contribution appears to have been re-assigned from id %1 to %2, continuing with %2.", array(1 => $ids['contact'], 2 => $contRecur->contact_id)); |
| 279 | CRM_Core_Error::debug_log_message($message); |
| 280 | $ids['contact'] = $contRecur->contact_id; |
| 281 | } |
| 282 | if (!$ids['contributionRecur']) { |
| 283 | $message = ts("Could not find contributionRecur id: %1", array(1 => htmlspecialchars(print_r($input, TRUE)))); |
| 284 | CRM_Core_Error::debug_log_message($message); |
| 285 | echo "Failure: $message<p>"; |
| 286 | exit(); |
| 287 | } |
| 288 | |
| 289 | // get page id based on contribution id |
| 290 | $ids['contributionPage'] = CRM_Core_DAO::getFieldValue('CRM_Contribute_DAO_Contribution', |
| 291 | $ids['contribution'], |
| 292 | 'contribution_page_id' |
| 293 | ); |
| 294 | |
| 295 | if ($input['component'] == 'event') { |
| 296 | // FIXME: figure out fields for event |
| 297 | } |
| 298 | else { |
| 299 | // get the optional ids |
| 300 | |
| 301 | // Get membershipId. Join with membership payment table for additional checks |
| 302 | $sql = " |
| 303 | SELECT m.id |
| 304 | FROM civicrm_membership m |
| 305 | INNER JOIN civicrm_membership_payment mp ON m.id = mp.membership_id AND mp.contribution_id = {$ids['contribution']} |
| 306 | WHERE m.contribution_recur_id = {$ids['contributionRecur']} |
| 307 | LIMIT 1"; |
| 308 | if ($membershipId = CRM_Core_DAO::singleValueQuery($sql)) { |
| 309 | $ids['membership'] = $membershipId; |
| 310 | } |
| 311 | |
| 312 | // FIXME: todo related_contact and onBehalfDupeAlert. Check paypalIPN. |
| 313 | } |
| 314 | } |
| 315 | |
| 316 | /** |
| 317 | * @param string $name |
| 318 | * Parameter name. |
| 319 | * @param string $type |
| 320 | * Parameter type. |
| 321 | * @param bool $abort |
| 322 | * Abort if not present. |
| 323 | * @param null $default |
| 324 | * Default value. |
| 325 | * |
| 326 | * @throws CRM_Core_Exception |
| 327 | * @return mixed |
| 328 | */ |
| 329 | public function retrieve($name, $type, $abort = TRUE, $default = NULL) { |
| 330 | $value = CRM_Utils_Type::validate( |
| 331 | empty($this->_inputParameters[$name]) ? $default : $this->_inputParameters[$name], |
| 332 | $type, |
| 333 | FALSE |
| 334 | ); |
| 335 | if ($abort && $value === NULL) { |
| 336 | throw new CRM_Core_Exception("Could not find an entry for $name"); |
| 337 | } |
| 338 | return $value; |
| 339 | } |
| 340 | |
| 341 | /** |
| 342 | * Check and validate gateway MD5 response if present. |
| 343 | * |
| 344 | * @param CRM_Core_Payment_AuthorizeNet $paymentObject |
| 345 | * @param array $input |
| 346 | * |
| 347 | * @return bool |
| 348 | */ |
| 349 | public function checkMD5($paymentObject, $input) { |
| 350 | if (!$paymentObject->checkMD5($input['MD5_Hash'], $input['trxn_id'], $input['amount'], TRUE)) { |
| 351 | CRM_Core_Error::debug_log_message("MD5 Verification failed."); |
| 352 | echo "Failure: Security verification failed<p>"; |
| 353 | exit(); |
| 354 | } |
| 355 | return TRUE; |
| 356 | } |
| 357 | |
| 358 | } |