projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #10634 from JMAConsulting/CRM-20673
[civicrm-core.git] / CRM / Core / Payment / AuthorizeNetIPN.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.7 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2017 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
28 /**
29 *
30 * @package CRM
31 * @copyright CiviCRM LLC (c) 2004-2017
32 */
33 class CRM_Core_Payment_AuthorizeNetIPN extends CRM_Core_Payment_BaseIPN {
34
35 /**
36 * Constructor function.
37 *
38 * @param array $inputData
39 * contents of HTTP REQUEST.
40 *
41 * @throws CRM_Core_Exception
42 */
43 public function __construct($inputData) {
44 $this->setInputParameters($inputData);
45 parent::__construct();
46 }
47
48 /**
49 * @param string $component
50 *
51 * @return bool|void
52 */
53 public function main($component = 'contribute') {
54
55 //we only get invoice num as a key player from payment gateway response.
56 //for ARB we get x_subscription_id and x_subscription_paynum
57 $x_subscription_id = $this->retrieve('x_subscription_id', 'String');
58 $ids = $objects = $input = array();
59
60 if ($x_subscription_id) {
61 // Presence of the id means it is approved.
62 $input['component'] = $component;
63
64 // load post vars in $input
65 $this->getInput($input, $ids);
66
67 // load post ids in $ids
68 $this->getIDs($ids, $input);
69
70 // This is an unreliable method as there could be more than one instance.
71 // Recommended approach is to use the civicrm/payment/ipn/xx url where xx is the payment
72 // processor id & the handleNotification function (which should call the completetransaction api & by-pass this
73 // entirely). The only thing the IPN class should really do is extract data from the request, validate it
74 // & call completetransaction or call fail? (which may not exist yet).
75 $paymentProcessorTypeID = CRM_Core_DAO::getFieldValue('CRM_Financial_DAO_PaymentProcessorType',
76 'AuthNet', 'id', 'name'
77 );
78 $paymentProcessorID = (int) civicrm_api3('PaymentProcessor', 'getvalue', array(
79 'is_test' => 0,
80 'options' => array('limit' => 1),
81 'payment_processor_type_id' => $paymentProcessorTypeID,
82 'return' => 'id',
83 ));
84
85 if (!$this->validateData($input, $ids, $objects, TRUE, $paymentProcessorID)) {
86 return FALSE;
87 }
88
89 if ($component == 'contribute' && $ids['contributionRecur']) {
90 // check if first contribution is completed, else complete first contribution
91 $first = TRUE;
92 if ($objects['contribution']->contribution_status_id == 1) {
93 $first = FALSE;
94 }
95 return $this->recur($input, $ids, $objects, $first);
96 }
97 }
98 return TRUE;
99 }
100
101 /**
102 * @param array $input
103 * @param array $ids
104 * @param array $objects
105 * @param $first
106 *
107 * @return bool
108 */
109 public function recur(&$input, &$ids, &$objects, $first) {
110 $this->_isRecurring = TRUE;
111 $recur = &$objects['contributionRecur'];
112 $paymentProcessorObject = $objects['contribution']->_relatedObjects['paymentProcessor']['object'];
113
114 // do a subscription check
115 if ($recur->processor_id != $input['subscription_id']) {
116 CRM_Core_Error::debug_log_message("Unrecognized subscription.");
117 echo "Failure: Unrecognized subscription<p>";
118 return FALSE;
119 }
120
121 // At this point $object has first contribution loaded.
122 // Lets do a check to make sure this payment has the amount same as that of first contribution.
123 if ($objects['contribution']->total_amount != $input['amount']) {
124 CRM_Core_Error::debug_log_message("Subscription amount mismatch.");
125 echo "Failure: Subscription amount mismatch<p>";
126 return FALSE;
127 }
128
129 $contributionStatus = CRM_Contribute_PseudoConstant::contributionStatus(NULL, 'name');
130
131 $transaction = new CRM_Core_Transaction();
132
133 $now = date('YmdHis');
134
135 // fix dates that already exist
136 $dates = array('create_date', 'start_date', 'end_date', 'cancel_date', 'modified_date');
137 foreach ($dates as $name) {
138 if ($recur->$name) {
139 $recur->$name = CRM_Utils_Date::isoToMysql($recur->$name);
140 }
141 }
142
143 //load new contribution object if required.
144 if (!$first) {
145 // create a contribution and then get it processed
146 $contribution = new CRM_Contribute_BAO_Contribution();
147 $contribution->contact_id = $ids['contact'];
148 $contribution->financial_type_id = $objects['contributionType']->id;
149 $contribution->contribution_page_id = $ids['contributionPage'];
150 $contribution->contribution_recur_id = $ids['contributionRecur'];
151 $contribution->receive_date = $input['receive_date'];
152 $contribution->currency = $objects['contribution']->currency;
153 $contribution->payment_instrument_id = $objects['contribution']->payment_instrument_id;
154 $contribution->amount_level = $objects['contribution']->amount_level;
155 $contribution->address_id = $objects['contribution']->address_id;
156 $contribution->campaign_id = $objects['contribution']->campaign_id;
157
158 $objects['contribution'] = &$contribution;
159 }
160 $objects['contribution']->invoice_id = md5(uniqid(rand(), TRUE));
161 $objects['contribution']->total_amount = $input['amount'];
162 $objects['contribution']->trxn_id = $input['trxn_id'];
163
164 $this->checkMD5($paymentProcessorObject, $input);
165
166 $isFirstOrLastRecurringPayment = FALSE;
167 if ($input['response_code'] == 1) {
168 // Approved
169 if ($first) {
170 $recur->start_date = $now;
171 $recur->trxn_id = $recur->processor_id;
172 $isFirstOrLastRecurringPayment = CRM_Core_Payment::RECURRING_PAYMENT_START;
173 }
174 $statusName = 'In Progress';
175 if (($recur->installments > 0) &&
176 ($input['subscription_paynum'] >= $recur->installments)
177 ) {
178 // this is the last payment
179 $statusName = 'Completed';
180 $recur->end_date = $now;
181 $isFirstOrLastRecurringPayment = CRM_Core_Payment::RECURRING_PAYMENT_END;
182 }
183 $recur->modified_date = $now;
184 $recur->contribution_status_id = array_search($statusName, $contributionStatus);
185 $recur->save();
186 }
187 else {
188 // Declined
189 // failed status
190 $recur->contribution_status_id = array_search('Failed', $contributionStatus);
191 $recur->cancel_date = $now;
192 $recur->save();
193
194 $message = ts("Subscription payment failed - %1", array(1 => htmlspecialchars($input['response_reason_text'])));
195 CRM_Core_Error::debug_log_message($message);
196
197 // the recurring contribution has declined a payment or has failed
198 // so we just fix the recurring contribution and not change any of
199 // the existing contributions
200 // CRM-9036
201 return TRUE;
202 }
203
204 // check if contribution is already completed, if so we ignore this ipn
205 if ($objects['contribution']->contribution_status_id == 1) {
206 $transaction->commit();
207 CRM_Core_Error::debug_log_message("Returning since contribution has already been handled.");
208 echo "Success: Contribution has already been handled<p>";
209 return TRUE;
210 }
211
212 $this->completeTransaction($input, $ids, $objects, $transaction, $recur);
213
214 // Only Authorize.net does this so it is on the a.net class. If there is a need for other processors
215 // to do this we should make it available via the api, e.g as a parameter, changing the nuance
216 // from isSentReceipt to an array of which receipts to send.
217 // Note that there is site-by-site opinions on which notifications are good to send.
218 if ($isFirstOrLastRecurringPayment) {
219 CRM_Contribute_BAO_ContributionRecur::sendRecurringStartOrEndNotification($ids, $recur,
220 $isFirstOrLastRecurringPayment);
221 }
222
223 }
224
225 /**
226 * Get the input from passed in fields.
227 *
228 * @param array $input
229 * @param array $ids
230 *
231 * @return bool
232 */
233 public function getInput(&$input, &$ids) {
234 $input['amount'] = $this->retrieve('x_amount', 'String');
235 $input['subscription_id'] = $this->retrieve('x_subscription_id', 'Integer');
236 $input['response_code'] = $this->retrieve('x_response_code', 'Integer');
237 $input['MD5_Hash'] = $this->retrieve('x_MD5_Hash', 'String', FALSE, '');
238 $input['response_reason_code'] = $this->retrieve('x_response_reason_code', 'String', FALSE);
239 $input['response_reason_text'] = $this->retrieve('x_response_reason_text', 'String', FALSE);
240 $input['subscription_paynum'] = $this->retrieve('x_subscription_paynum', 'Integer', FALSE, 0);
241 $input['trxn_id'] = $this->retrieve('x_trans_id', 'String', FALSE);
242 $input['trxn_id'] = $this->retrieve('x_trans_id', 'String', FALSE);
243 $input['receive_date'] = $this->retrieve('receive_date', 'String', FALSE, 'now');
244
245 if ($input['trxn_id']) {
246 $input['is_test'] = 0;
247 }
248 // Only assume trxn_id 'should' have been returned for success.
249 // Per CRM-17611 it would also not be passed back for a decline.
250 elseif ($input['response_code'] == 1) {
251 $input['is_test'] = 1;
252 $input['trxn_id'] = md5(uniqid(rand(), TRUE));
253 }
254
255 if (!$this->getBillingID($ids)) {
256 return FALSE;
257 }
258 $billingID = $ids['billing'];
259 $params = array(
260 'first_name' => 'x_first_name',
261 'last_name' => 'x_last_name',
262 "street_address-{$billingID}" => 'x_address',
263 "city-{$billingID}" => 'x_city',
264 "state-{$billingID}" => 'x_state',
265 "postal_code-{$billingID}" => 'x_zip',
266 "country-{$billingID}" => 'x_country',
267 "email-{$billingID}" => 'x_email',
268 );
269 foreach ($params as $civiName => $resName) {
270 $input[$civiName] = $this->retrieve($resName, 'String', FALSE);
271 }
272 }
273
274 /**
275 * Get ids from input.
276 *
277 * @param array $ids
278 * @param array $input
279 *
280 * @throws \CRM_Core_Exception
281 */
282 public function getIDs(&$ids, &$input) {
283 $ids['contact'] = $this->retrieve('x_cust_id', 'Integer', FALSE, 0);
284 $ids['contribution'] = $this->retrieve('x_invoice_num', 'Integer');
285
286 // joining with contribution table for extra checks
287 $sql = "
288 SELECT cr.id, cr.contact_id
289 FROM civicrm_contribution_recur cr
290 INNER JOIN civicrm_contribution co ON co.contribution_recur_id = cr.id
291 WHERE cr.processor_id = '{$input['subscription_id']}' AND
292 (cr.contact_id = {$ids['contact']} OR co.id = {$ids['contribution']})
293 LIMIT 1";
294 $contRecur = CRM_Core_DAO::executeQuery($sql);
295 $contRecur->fetch();
296 $ids['contributionRecur'] = $contRecur->id;
297 if ($ids['contact'] != $contRecur->contact_id) {
298 $message = ts("Recurring contribution appears to have been re-assigned from id %1 to %2, continuing with %2.", array(1 => $ids['contact'], 2 => $contRecur->contact_id));
299 CRM_Core_Error::debug_log_message($message);
300 $ids['contact'] = $contRecur->contact_id;
301 }
302 if (!$ids['contributionRecur']) {
303 $message = ts("Could not find contributionRecur id");
304 $log = new CRM_Utils_SystemLogger();
305 $log->error('payment_notification', array('message' => $message, 'ids' => $ids, 'input' => $input));
306 throw new CRM_Core_Exception($message);
307 }
308
309 // get page id based on contribution id
310 $ids['contributionPage'] = CRM_Core_DAO::getFieldValue('CRM_Contribute_DAO_Contribution',
311 $ids['contribution'],
312 'contribution_page_id'
313 );
314
315 if ($input['component'] == 'event') {
316 // FIXME: figure out fields for event
317 }
318 else {
319 // Get membershipId. Join with membership payment table for additional checks
320 $sql = "
321 SELECT m.id
322 FROM civicrm_membership m
323 INNER JOIN civicrm_membership_payment mp ON m.id = mp.membership_id AND mp.contribution_id = {$ids['contribution']}
324 WHERE m.contribution_recur_id = {$ids['contributionRecur']}
325 LIMIT 1";
326 if ($membershipId = CRM_Core_DAO::singleValueQuery($sql)) {
327 $ids['membership'] = $membershipId;
328 }
329
330 // FIXME: todo related_contact and onBehalfDupeAlert. Check paypalIPN.
331 }
332 }
333
334 /**
335 * @param string $name
336 * Parameter name.
337 * @param string $type
338 * Parameter type.
339 * @param bool $abort
340 * Abort if not present.
341 * @param null $default
342 * Default value.
343 *
344 * @throws CRM_Core_Exception
345 * @return mixed
346 */
347 public function retrieve($name, $type, $abort = TRUE, $default = NULL) {
348 $value = CRM_Utils_Type::validate(
349 empty($this->_inputParameters[$name]) ? $default : $this->_inputParameters[$name],
350 $type,
351 FALSE
352 );
353 if ($abort && $value === NULL) {
354 throw new CRM_Core_Exception("Could not find an entry for $name");
355 }
356 return $value;
357 }
358
359 /**
360 * Check and validate gateway MD5 response if present.
361 *
362 * @param CRM_Core_Payment_AuthorizeNet $paymentObject
363 * @param array $input
364 *
365 * @throws CRM_Core_Exception
366 */
367 public function checkMD5($paymentObject, $input) {
368 if (empty($input['trxn_id'])) {
369 // For decline we have nothing to check against.
370 return;
371 }
372 if (!$paymentObject->checkMD5($input['MD5_Hash'], $input['trxn_id'], $input['amount'], TRUE)) {
373 $message = "Failure: Security verification failed";
374 $log = new CRM_Utils_SystemLogger();
375 $log->error('payment_notification', array('message' => $message, 'input' => $input));
376 throw new CRM_Core_Exception($message);
377 }
378 }
379
380 }