3 +--------------------------------------------------------------------+
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2018 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
31 * @copyright CiviCRM LLC (c) 2004-2018
33 class CRM_Core_Payment_AuthorizeNetIPN
extends CRM_Core_Payment_BaseIPN
{
36 * Constructor function.
38 * @param array $inputData
39 * contents of HTTP REQUEST.
41 * @throws CRM_Core_Exception
43 public function __construct($inputData) {
44 $this->setInputParameters($inputData);
45 parent
::__construct();
49 * @param string $component
53 public function main($component = 'contribute') {
55 //we only get invoice num as a key player from payment gateway response.
56 //for ARB we get x_subscription_id and x_subscription_paynum
57 $x_subscription_id = $this->retrieve('x_subscription_id', 'String');
58 $ids = $objects = $input = array();
60 if ($x_subscription_id) {
61 // Presence of the id means it is approved.
62 $input['component'] = $component;
64 // load post vars in $input
65 $this->getInput($input, $ids);
67 // load post ids in $ids
68 $this->getIDs($ids, $input);
70 // Attempt to get payment processor ID from URL
71 if (!empty($this->_inputParameters
['processor_id'])) {
72 $paymentProcessorID = $this->_inputParameters
['processor_id'];
75 // This is an unreliable method as there could be more than one instance.
76 // Recommended approach is to use the civicrm/payment/ipn/xx url where xx is the payment
77 // processor id & the handleNotification function (which should call the completetransaction api & by-pass this
78 // entirely). The only thing the IPN class should really do is extract data from the request, validate it
79 // & call completetransaction or call fail? (which may not exist yet).
80 Civi
::log()->warning('Unreliable method used for AuthNet IPN - this will cause problems if you have more than one instance');
81 $paymentProcessorTypeID = CRM_Core_DAO
::getFieldValue('CRM_Financial_DAO_PaymentProcessorType',
82 'AuthNet', 'id', 'name'
84 $paymentProcessorID = (int) civicrm_api3('PaymentProcessor', 'getvalue', array(
86 'options' => array('limit' => 1),
87 'payment_processor_type_id' => $paymentProcessorTypeID,
92 if (!$this->validateData($input, $ids, $objects, TRUE, $paymentProcessorID)) {
95 if (!empty($ids['paymentProcessor']) && $objects['contributionRecur']->payment_processor_id
!= $ids['paymentProcessor']) {
96 Civi
::log()->warning('Payment Processor does not match the recurring processor id.', array('civi.tag' => 'deprecated'));
99 if ($component == 'contribute' && $ids['contributionRecur']) {
100 // check if first contribution is completed, else complete first contribution
102 if ($objects['contribution']->contribution_status_id
== 1) {
105 return $this->recur($input, $ids, $objects, $first);
112 * @param array $input
114 * @param array $objects
119 public function recur(&$input, &$ids, &$objects, $first) {
120 $this->_isRecurring
= TRUE;
121 $recur = &$objects['contributionRecur'];
122 $paymentProcessorObject = $objects['contribution']->_relatedObjects
['paymentProcessor']['object'];
124 // do a subscription check
125 if ($recur->processor_id
!= $input['subscription_id']) {
126 CRM_Core_Error
::debug_log_message("Unrecognized subscription.");
127 echo "Failure: Unrecognized subscription<p>";
131 $contributionStatus = CRM_Contribute_PseudoConstant
::contributionStatus(NULL, 'name');
133 $transaction = new CRM_Core_Transaction();
135 $now = date('YmdHis');
137 // fix dates that already exist
138 $dates = array('create_date', 'start_date', 'end_date', 'cancel_date', 'modified_date');
139 foreach ($dates as $name) {
141 $recur->$name = CRM_Utils_Date
::isoToMysql($recur->$name);
145 //load new contribution object if required.
147 // create a contribution and then get it processed
148 $contribution = new CRM_Contribute_BAO_Contribution();
149 $contribution->contact_id
= $ids['contact'];
150 $contribution->financial_type_id
= $objects['contributionType']->id
;
151 $contribution->contribution_page_id
= $ids['contributionPage'];
152 $contribution->contribution_recur_id
= $ids['contributionRecur'];
153 $contribution->receive_date
= $input['receive_date'];
154 $contribution->currency
= $objects['contribution']->currency
;
155 $contribution->payment_instrument_id
= $objects['contribution']->payment_instrument_id
;
156 $contribution->amount_level
= $objects['contribution']->amount_level
;
157 $contribution->address_id
= $objects['contribution']->address_id
;
158 $contribution->campaign_id
= $objects['contribution']->campaign_id
;
159 $contribution->_relatedObjects
= $objects['contribution']->_relatedObjects
;
161 $objects['contribution'] = &$contribution;
163 $objects['contribution']->invoice_id
= md5(uniqid(rand(), TRUE));
164 $objects['contribution']->total_amount
= $input['amount'];
165 $objects['contribution']->trxn_id
= $input['trxn_id'];
167 $this->checkMD5($paymentProcessorObject, $input);
169 $isFirstOrLastRecurringPayment = FALSE;
170 if ($input['response_code'] == 1) {
173 $recur->start_date
= $now;
174 $recur->trxn_id
= $recur->processor_id
;
175 $isFirstOrLastRecurringPayment = CRM_Core_Payment
::RECURRING_PAYMENT_START
;
177 $statusName = 'In Progress';
178 if (($recur->installments
> 0) &&
179 ($input['subscription_paynum'] >= $recur->installments
)
181 // this is the last payment
182 $statusName = 'Completed';
183 $recur->end_date
= $now;
184 $isFirstOrLastRecurringPayment = CRM_Core_Payment
::RECURRING_PAYMENT_END
;
186 $recur->modified_date
= $now;
187 $recur->contribution_status_id
= array_search($statusName, $contributionStatus);
193 $recur->contribution_status_id
= array_search('Failed', $contributionStatus);
194 $recur->cancel_date
= $now;
197 $message = ts("Subscription payment failed - %1", array(1 => htmlspecialchars($input['response_reason_text'])));
198 CRM_Core_Error
::debug_log_message($message);
200 // the recurring contribution has declined a payment or has failed
201 // so we just fix the recurring contribution and not change any of
202 // the existing contributions
207 // check if contribution is already completed, if so we ignore this ipn
208 if ($objects['contribution']->contribution_status_id
== 1) {
209 $transaction->commit();
210 CRM_Core_Error
::debug_log_message("Returning since contribution has already been handled.");
211 echo "Success: Contribution has already been handled<p>";
215 $this->completeTransaction($input, $ids, $objects, $transaction, $recur);
217 // Only Authorize.net does this so it is on the a.net class. If there is a need for other processors
218 // to do this we should make it available via the api, e.g as a parameter, changing the nuance
219 // from isSentReceipt to an array of which receipts to send.
220 // Note that there is site-by-site opinions on which notifications are good to send.
221 if ($isFirstOrLastRecurringPayment) {
222 CRM_Contribute_BAO_ContributionRecur
::sendRecurringStartOrEndNotification($ids, $recur,
223 $isFirstOrLastRecurringPayment);
229 * Get the input from passed in fields.
231 * @param array $input
236 public function getInput(&$input, &$ids) {
237 $input['amount'] = $this->retrieve('x_amount', 'String');
238 $input['subscription_id'] = $this->retrieve('x_subscription_id', 'Integer');
239 $input['response_code'] = $this->retrieve('x_response_code', 'Integer');
240 $input['MD5_Hash'] = $this->retrieve('x_MD5_Hash', 'String', FALSE, '');
241 $input['response_reason_code'] = $this->retrieve('x_response_reason_code', 'String', FALSE);
242 $input['response_reason_text'] = $this->retrieve('x_response_reason_text', 'String', FALSE);
243 $input['subscription_paynum'] = $this->retrieve('x_subscription_paynum', 'Integer', FALSE, 0);
244 $input['trxn_id'] = $this->retrieve('x_trans_id', 'String', FALSE);
245 $input['trxn_id'] = $this->retrieve('x_trans_id', 'String', FALSE);
246 $input['receive_date'] = $this->retrieve('receive_date', 'String', FALSE, 'now');
248 if ($input['trxn_id']) {
249 $input['is_test'] = 0;
251 // Only assume trxn_id 'should' have been returned for success.
252 // Per CRM-17611 it would also not be passed back for a decline.
253 elseif ($input['response_code'] == 1) {
254 $input['is_test'] = 1;
255 $input['trxn_id'] = md5(uniqid(rand(), TRUE));
258 if (!$this->getBillingID($ids)) {
261 $billingID = $ids['billing'];
263 'first_name' => 'x_first_name',
264 'last_name' => 'x_last_name',
265 "street_address-{$billingID}" => 'x_address',
266 "city-{$billingID}" => 'x_city',
267 "state-{$billingID}" => 'x_state',
268 "postal_code-{$billingID}" => 'x_zip',
269 "country-{$billingID}" => 'x_country',
270 "email-{$billingID}" => 'x_email',
272 foreach ($params as $civiName => $resName) {
273 $input[$civiName] = $this->retrieve($resName, 'String', FALSE);
278 * Get ids from input.
281 * @param array $input
283 * @throws \CRM_Core_Exception
285 public function getIDs(&$ids, &$input) {
286 $ids['contact'] = $this->retrieve('x_cust_id', 'Integer', FALSE, 0);
287 $ids['contribution'] = $this->retrieve('x_invoice_num', 'Integer');
289 // joining with contribution table for extra checks
291 SELECT cr.id, cr.contact_id
292 FROM civicrm_contribution_recur cr
293 INNER JOIN civicrm_contribution co ON co.contribution_recur_id = cr.id
294 WHERE cr.processor_id = '{$input['subscription_id']}' AND
295 (cr.contact_id = {$ids['contact']} OR co.id = {$ids['contribution']})
297 $contRecur = CRM_Core_DAO
::executeQuery($sql);
299 $ids['contributionRecur'] = $contRecur->id
;
300 if ($ids['contact'] != $contRecur->contact_id
) {
301 $message = ts("Recurring contribution appears to have been re-assigned from id %1 to %2, continuing with %2.", array(1 => $ids['contact'], 2 => $contRecur->contact_id
));
302 CRM_Core_Error
::debug_log_message($message);
303 $ids['contact'] = $contRecur->contact_id
;
305 if (!$ids['contributionRecur']) {
306 $message = ts("Could not find contributionRecur id");
307 $log = new CRM_Utils_SystemLogger();
308 $log->error('payment_notification', array('message' => $message, 'ids' => $ids, 'input' => $input));
309 throw new CRM_Core_Exception($message);
312 // get page id based on contribution id
313 $ids['contributionPage'] = CRM_Core_DAO
::getFieldValue('CRM_Contribute_DAO_Contribution',
314 $ids['contribution'],
315 'contribution_page_id'
318 if ($input['component'] == 'event') {
319 // FIXME: figure out fields for event
322 // Get membershipId. Join with membership payment table for additional checks
325 FROM civicrm_membership m
326 INNER JOIN civicrm_membership_payment mp ON m.id = mp.membership_id AND mp.contribution_id = {$ids['contribution']}
327 WHERE m.contribution_recur_id = {$ids['contributionRecur']}
329 if ($membershipId = CRM_Core_DAO
::singleValueQuery($sql)) {
330 $ids['membership'] = $membershipId;
333 // FIXME: todo related_contact and onBehalfDupeAlert. Check paypalIPN.
338 * @param string $name
340 * @param string $type
343 * Abort if not present.
344 * @param null $default
347 * @throws CRM_Core_Exception
350 public function retrieve($name, $type, $abort = TRUE, $default = NULL) {
351 $value = CRM_Utils_Type
::validate(
352 empty($this->_inputParameters
[$name]) ?
$default : $this->_inputParameters
[$name],
356 if ($abort && $value === NULL) {
357 throw new CRM_Core_Exception("Could not find an entry for $name");
363 * Check and validate gateway MD5 response if present.
365 * @param CRM_Core_Payment_AuthorizeNet $paymentObject
366 * @param array $input
368 * @throws CRM_Core_Exception
370 public function checkMD5($paymentObject, $input) {
371 if (empty($input['trxn_id'])) {
372 // For decline we have nothing to check against.
375 if (!$paymentObject->checkMD5($input['MD5_Hash'], $input['trxn_id'], $input['amount'], TRUE)) {
376 $message = "Failure: Security verification failed";
377 $log = new CRM_Utils_SystemLogger();
378 $log->error('payment_notification', array('message' => $message, 'input' => $input));
379 throw new CRM_Core_Exception($message);