projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #18544 from magnolia61/participant_status_notification_default
[civicrm-core.git] / CRM / Core / Payment / PayPalProIPN.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
5 | |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
10 */
11
12 /**
13 *
14 * @package CRM
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
16 */
17 class CRM_Core_Payment_PayPalProIPN extends CRM_Core_Payment_BaseIPN {
18
19 public static $_paymentProcessor = NULL;
20
21 /**
22 * Input parameters from payment processor. Store these so that
23 * the code does not need to keep retrieving from the http request
24 * @var array
25 */
26 protected $_inputParameters = [];
27
28 /**
29 * Store for the variables from the invoice string.
30 * @var array
31 */
32 protected $_invoiceData = [];
33
34 /**
35 * Is this a payment express transaction.
36 * @var bool
37 */
38 protected $_isPaymentExpress = FALSE;
39
40 /**
41 * Component.
42 *
43 * Are we dealing with an event an 'anything else' (contribute).
44 *
45 * @var string
46 */
47 protected $_component = 'contribute';
48
49 /**
50 * Constructor function.
51 *
52 * @param array $inputData
53 * Contents of HTTP REQUEST.
54 *
55 * @throws CRM_Core_Exception
56 */
57 public function __construct($inputData) {
58 $this->setInputParameters($inputData);
59 $this->setInvoiceData();
60 parent::__construct();
61 }
62
63 /**
64 * get the values from the rp_invoice_id string.
65 *
66 * @param string $name
67 * E.g. i, values are stored in the string with letter codes.
68 * @param bool $abort
69 * Throw exception if not found
70 *
71 * @throws CRM_Core_Exception
72 * @return mixed
73 */
74 public function getValue($name, $abort = TRUE) {
75 if ($abort && empty($this->_invoiceData[$name])) {
76 throw new CRM_Core_Exception("Failure: Missing Parameter $name");
77 }
78 else {
79 return $this->_invoiceData[$name] ?? NULL;
80 }
81 }
82
83 /**
84 * Set $this->_invoiceData from the input array
85 */
86 public function setInvoiceData() {
87 if (empty($this->_inputParameters['rp_invoice_id'])) {
88 $this->_isPaymentExpress = TRUE;
89 return;
90 }
91 $rpInvoiceArray = explode('&', $this->_inputParameters['rp_invoice_id']);
92 // for clarify let's also store without the single letter unreadable
93 //@todo after more refactoring we might ditch storing the one letter stuff
94 $mapping = [
95 'i' => 'invoice_id',
96 'm' => 'component',
97 'c' => 'contact_id',
98 'b' => 'contribution_id',
99 'r' => 'contribution_recur_id',
100 'p' => 'participant_id',
101 'e' => 'event_id',
102 ];
103 foreach ($rpInvoiceArray as $rpInvoiceValue) {
104 $rpValueArray = explode('=', $rpInvoiceValue);
105 $this->_invoiceData[$rpValueArray[0]] = $rpValueArray[1];
106 $this->_inputParameters[$mapping[$rpValueArray[0]]] = $rpValueArray[1];
107 // p has been overloaded & could mean contribution page or participant id. Clearly we need an
108 // alphabet with more letters.
109 // the mode will always be resolved before the mystery p is reached
110 if ($rpValueArray[1] == 'contribute') {
111 $mapping['p'] = 'contribution_page_id';
112 }
113 }
114 if (empty($this->_inputParameters['component'])) {
115 $this->_isPaymentExpress = TRUE;
116 }
117 }
118
119 /**
120 * @param string $name
121 * Of variable to return.
122 * @param string $type
123 * Data type.
124 * - String
125 * - Integer
126 * @param string $location
127 * Deprecated.
128 * @param bool $abort
129 * Abort if empty.
130 *
131 * @throws CRM_Core_Exception
132 * @return mixed
133 */
134 public function retrieve($name, $type, $location = 'POST', $abort = TRUE) {
135 $value = CRM_Utils_Type::validate(
136 CRM_Utils_Array::value($name, $this->_inputParameters),
137 $type,
138 FALSE
139 );
140 if ($abort && $value === NULL) {
141 throw new CRM_Core_Exception("Could not find an entry for $name in $location");
142 }
143 return $value;
144 }
145
146 /**
147 * Process recurring contributions.
148 *
149 * @param array $input
150 * @param array $ids
151 * @param array $objects
152 * @param bool $first
153 *
154 * @throws \CRM_Core_Exception
155 * @throws \CiviCRM_API3_Exception
156 */
157 public function recur($input, $ids, $objects, $first) {
158 if (!isset($input['txnType'])) {
159 Civi::log()->debug('PayPalProIPN: Could not find txn_type in input request.');
160 echo 'Failure: Invalid parameters<p>';
161 return;
162 }
163
164 $recur = &$objects['contributionRecur'];
165
166 // make sure the invoice ids match
167 // make sure the invoice is valid and matches what we have in
168 // the contribution record
169 if ($recur->invoice_id != $input['invoice']) {
170 Civi::log()->debug('PayPalProIPN: Invoice values dont match between database and IPN request recur is ' . $recur->invoice_id . ' input is ' . $input['invoice']);
171 echo 'Failure: Invoice values dont match between database and IPN request recur is ' . $recur->invoice_id . " input is " . $input['invoice'];
172 return;
173 }
174
175 $now = date('YmdHis');
176
177 $sendNotification = FALSE;
178 $subscriptionPaymentStatus = NULL;
179 //List of Transaction Type
180 /*
181 recurring_payment_profile_created RP Profile Created
182 recurring_payment RP Successful Payment
183 recurring_payment_failed RP Failed Payment
184 recurring_payment_profile_cancel RP Profile Cancelled
185 recurring_payment_expired RP Profile Expired
186 recurring_payment_skipped RP Profile Skipped
187 recurring_payment_outstanding_payment RP Successful Outstanding Payment
188 recurring_payment_outstanding_payment_failed RP Failed Outstanding Payment
189 recurring_payment_suspended RP Profile Suspended
190 recurring_payment_suspended_due_to_max_failed_payment RP Profile Suspended due to Max Failed Payment
191 */
192
193 //set transaction type
194 $txnType = $this->retrieve('txn_type', 'String');
195 //Changes for paypal pro recurring payment
196 $contributionStatuses = array_flip(CRM_Contribute_BAO_Contribution::buildOptions('contribution_status_id', 'validate'));
197 switch ($txnType) {
198 case 'recurring_payment_profile_created':
199 if (in_array($recur->contribution_status_id, [
200 $contributionStatuses['Pending'],
201 $contributionStatuses['In Progress'],
202 ])
203 && !empty($recur->processor_id)
204 ) {
205 echo "already handled";
206 return;
207 }
208 $recur->create_date = $now;
209 $recur->contribution_status_id = $contributionStatuses['Pending'];
210 $recur->processor_id = $this->retrieve('recurring_payment_id', 'String');
211 $recur->trxn_id = $recur->processor_id;
212 $subscriptionPaymentStatus = CRM_Core_Payment::RECURRING_PAYMENT_START;
213 $sendNotification = TRUE;
214 break;
215
216 case 'recurring_payment':
217 if ($first) {
218 $recur->start_date = $now;
219 }
220 else {
221 if ($input['paymentStatus'] != 'Completed') {
222 throw new CRM_Core_Exception("Ignore all IPN payments that are not completed");
223 }
224
225 // In future moving to create pending & then complete, but this OK for now.
226 // Also consider accepting 'Failed' like other processors.
227 $input['contribution_status_id'] = $contributionStatuses['Completed'];
228 $input['invoice_id'] = md5(uniqid(rand(), TRUE));
229 $input['original_contribution_id'] = $ids['contribution'];
230 $input['contribution_recur_id'] = $ids['contributionRecur'];
231
232 civicrm_api3('Contribution', 'repeattransaction', $input);
233 return;
234 }
235
236 //contribution installment is completed
237 if ($this->retrieve('profile_status', 'String') == 'Expired') {
238 if (!empty($recur->end_date)) {
239 echo "already handled";
240 return;
241 }
242 $recur->contribution_status_id = $contributionStatuses['Completed'];
243 $recur->end_date = $now;
244 $sendNotification = TRUE;
245 $subscriptionPaymentStatus = CRM_Core_Payment::RECURRING_PAYMENT_END;
246 }
247
248 // make sure the contribution status is not done
249 // since order of ipn's is unknown
250 if ($recur->contribution_status_id != $contributionStatuses['Completed']) {
251 $recur->contribution_status_id = $contributionStatuses['In Progress'];
252 }
253 break;
254 }
255
256 $recur->save();
257
258 if ($sendNotification) {
259 $autoRenewMembership = FALSE;
260 if ($recur->id &&
261 isset($ids['membership']) && $ids['membership']
262 ) {
263 $autoRenewMembership = TRUE;
264 }
265 //send recurring Notification email for user
266 CRM_Contribute_BAO_ContributionPage::recurringNotify($subscriptionPaymentStatus,
267 $ids['contact'],
268 $ids['contributionPage'],
269 $recur,
270 $autoRenewMembership
271 );
272 }
273
274 if ($txnType != 'recurring_payment') {
275 return;
276 }
277
278 if (!$first) {
279 //check if this contribution transaction is already processed
280 //if not create a contribution and then get it processed
281 $contribution = new CRM_Contribute_BAO_Contribution();
282 $contribution->trxn_id = $input['trxn_id'];
283 if ($contribution->trxn_id && $contribution->find()) {
284 Civi::log()->debug('PayPalProIPN: Returning since contribution has already been handled.');
285 echo "Success: Contribution has already been handled<p>";
286 return;
287 }
288
289 $contribution->contact_id = $recur->contact_id;
290 $contribution->financial_type_id = $objects['contributionType']->id;
291 $contribution->contribution_page_id = $ids['contributionPage'];
292 $contribution->contribution_recur_id = $ids['contributionRecur'];
293 $contribution->currency = $objects['contribution']->currency;
294 $contribution->payment_instrument_id = $objects['contribution']->payment_instrument_id;
295 $contribution->amount_level = $objects['contribution']->amount_level;
296 $contribution->campaign_id = $objects['contribution']->campaign_id;
297 $objects['contribution'] = &$contribution;
298 $contribution->invoice_id = md5(uniqid(rand(), TRUE));
299 }
300 // CRM-13737 - am not aware of any reason why payment_date would not be set - this if is a belt & braces
301 $objects['contribution']->receive_date = !empty($input['payment_date']) ? date('YmdHis', strtotime($input['payment_date'])) : $now;
302
303 $this->single($input, $ids, $objects, TRUE, $first);
304 }
305
306 /**
307 * @param array $input
308 * @param array $ids
309 * @param array $objects
310 * @param bool $recur
311 * @param bool $first
312 *
313 * @return void
314 */
315 public function single($input, $ids, $objects, $recur = FALSE, $first = FALSE) {
316 $contribution = &$objects['contribution'];
317
318 // make sure the invoice is valid and matches what we have in the contribution record
319 if ((!$recur) || ($recur && $first)) {
320 if ($contribution->invoice_id != $input['invoice']) {
321 Civi::log()->debug('PayPalProIPN: Invoice values dont match between database and IPN request.');
322 echo "Failure: Invoice values dont match between database and IPN request<p>contribution is" . $contribution->invoice_id . " and input is " . $input['invoice'];
323 return;
324 }
325 }
326 else {
327 $contribution->invoice_id = md5(uniqid(rand(), TRUE));
328 }
329
330 if (!$recur) {
331 if ($contribution->total_amount != $input['amount']) {
332 Civi::log()->debug('PayPalProIPN: Amount values dont match between database and IPN request.');
333 echo "Failure: Amount values dont match between database and IPN request<p>";
334 return;
335 }
336 }
337 else {
338 $contribution->total_amount = $input['amount'];
339 }
340
341 $status = $input['paymentStatus'];
342 if ($status === 'Denied' || $status === 'Failed' || $status === 'Voided') {
343 $this->failed($objects);
344 return;
345 }
346 if ($status === 'Pending') {
347 Civi::log()->debug('Returning since contribution status is Pending');
348 return;
349 }
350 elseif ($status === 'Refunded' || $status === 'Reversed') {
351 $this->cancelled($objects);
352 return;
353 }
354 elseif ($status !== 'Completed') {
355 Civi::log()->debug('Returning since contribution status is not handled');
356 return;
357 }
358
359 // check if contribution is already completed, if so we ignore this ipn
360 $completedStatusId = CRM_Core_PseudoConstant::getKey('CRM_Contribute_BAO_Contribution', 'contribution_status_id', 'Completed');
361 if ($contribution->contribution_status_id == $completedStatusId) {
362 Civi::log()->debug('PayPalProIPN: Returning since contribution has already been handled.');
363 echo 'Success: Contribution has already been handled<p>';
364 return;
365 }
366
367 CRM_Contribute_BAO_Contribution::completeOrder($input, [
368 'related_contact' => $ids['related_contact'] ?? NULL,
369 'participant' => !empty($objects['participant']) ? $objects['participant']->id : NULL,
370 'contributionRecur' => !empty($objects['contributionRecur']) ? $objects['contributionRecur']->id : NULL,
371 ], $objects);
372 }
373
374 /**
375 * Gets PaymentProcessorID for PayPal
376 *
377 * @return int
378 */
379 public function getPayPalPaymentProcessorID() {
380 // This is an unreliable method as there could be more than one instance.
381 // Recommended approach is to use the civicrm/payment/ipn/xx url where xx is the payment
382 // processor id & the handleNotification function (which should call the completetransaction api & by-pass this
383 // entirely). The only thing the IPN class should really do is extract data from the request, validate it
384 // & call completetransaction or call fail? (which may not exist yet).
385
386 Civi::log()->warning('Unreliable method used to get payment_processor_id for PayPal Pro IPN - this will cause problems if you have more than one instance');
387
388 $paymentProcessorTypeID = CRM_Core_DAO::getFieldValue('CRM_Financial_DAO_PaymentProcessorType',
389 'PayPal', 'id', 'name'
390 );
391 return (int) civicrm_api3('PaymentProcessor', 'getvalue', [
392 'is_test' => 0,
393 'options' => ['limit' => 1],
394 'payment_processor_type_id' => $paymentProcessorTypeID,
395 'return' => 'id',
396 ]);
397
398 }
399
400 /**
401 * This is the main function to call. It should be sufficient to instantiate the class
402 * (with the input parameters) & call this & all will be done
403 *
404 * @todo the references to POST throughout this class need to be removed
405 * @return void
406 */
407 public function main() {
408 CRM_Core_Error::debug_var('GET', $_GET, TRUE, TRUE);
409 CRM_Core_Error::debug_var('POST', $_POST, TRUE, TRUE);
410 try {
411 if ($this->_isPaymentExpress) {
412 $this->handlePaymentExpress();
413 return;
414 }
415 $objects = $ids = $input = [];
416 $this->_component = $input['component'] = self::getValue('m');
417 $input['invoice'] = self::getValue('i', TRUE);
418 // get the contribution and contact ids from the GET params
419 $ids['contact'] = self::getValue('c', TRUE);
420 $ids['contribution'] = self::getValue('b', TRUE);
421
422 $this->getInput($input);
423
424 if ($this->_component == 'event') {
425 $ids['event'] = self::getValue('e', TRUE);
426 $ids['participant'] = self::getValue('p', TRUE);
427 $ids['contributionRecur'] = self::getValue('r', FALSE);
428 }
429 else {
430 // get the optional ids
431 //@ how can this not be broken retrieving from GET as we are dealing with a POST request?
432 // copy & paste? Note the retrieve function now uses data from _REQUEST so this will be included
433 $ids['membership'] = self::retrieve('membershipID', 'Integer', 'GET', FALSE);
434 $ids['contributionRecur'] = self::getValue('r', FALSE);
435 $ids['contributionPage'] = self::getValue('p', FALSE);
436 $ids['related_contact'] = self::retrieve('relatedContactID', 'Integer', 'GET', FALSE);
437 $ids['onbehalf_dupe_alert'] = self::retrieve('onBehalfDupeAlert', 'Integer', 'GET', FALSE);
438 }
439
440 if (!$ids['membership'] && $ids['contributionRecur']) {
441 $sql = "
442 SELECT m.id
443 FROM civicrm_membership m
444 INNER JOIN civicrm_membership_payment mp ON m.id = mp.membership_id AND mp.contribution_id = %1
445 WHERE m.contribution_recur_id = %2
446 LIMIT 1";
447 $sqlParams = [
448 1 => [$ids['contribution'], 'Integer'],
449 2 => [$ids['contributionRecur'], 'Integer'],
450 ];
451 if ($membershipId = CRM_Core_DAO::singleValueQuery($sql, $sqlParams)) {
452 $ids['membership'] = $membershipId;
453 }
454 }
455
456 $paymentProcessorID = CRM_Utils_Array::value('processor_id', $this->_inputParameters);
457 if (!$paymentProcessorID) {
458 $paymentProcessorID = self::getPayPalPaymentProcessorID();
459 }
460
461 if (!$this->validateData($input, $ids, $objects, TRUE, $paymentProcessorID)) {
462 return;
463 }
464
465 $input['payment_processor_id'] = $paymentProcessorID;
466
467 self::$_paymentProcessor = &$objects['paymentProcessor'];
468 //?? how on earth would we not have component be one of these?
469 // they are the only valid settings & this IPN file can't even be called without one of them
470 // grepping for this class doesn't find other paths to call this class
471 if ($this->_component == 'contribute' || $this->_component == 'event') {
472 if ($ids['contributionRecur']) {
473 // check if first contribution is completed, else complete first contribution
474 $first = TRUE;
475 $completedStatusId = CRM_Core_PseudoConstant::getKey('CRM_Contribute_BAO_Contribution', 'contribution_status_id', 'Completed');
476 if ($objects['contribution']->contribution_status_id == $completedStatusId) {
477 $first = FALSE;
478 }
479 $this->recur($input, $ids, $objects, $first);
480 return;
481 }
482 }
483 $this->single($input, $ids, $objects, FALSE, FALSE);
484 }
485 catch (CRM_Core_Exception $e) {
486 Civi::log()->debug($e->getMessage());
487 echo 'Invalid or missing data';
488 }
489 }
490
491 /**
492 * @param array $input
493 *
494 * @return void
495 * @throws CRM_Core_Exception
496 */
497 public function getInput(&$input) {
498 $billingID = CRM_Core_BAO_LocationType::getBilling();
499
500 $input['txnType'] = self::retrieve('txn_type', 'String', 'POST', FALSE);
501 $input['paymentStatus'] = self::retrieve('payment_status', 'String', 'POST', FALSE);
502
503 $input['amount'] = self::retrieve('mc_gross', 'Money', 'POST', FALSE);
504 $input['reasonCode'] = self::retrieve('ReasonCode', 'String', 'POST', FALSE);
505
506 $lookup = [
507 "first_name" => 'first_name',
508 "last_name" => 'last_name',
509 "street_address-{$billingID}" => 'address_street',
510 "city-{$billingID}" => 'address_city',
511 "state-{$billingID}" => 'address_state',
512 "postal_code-{$billingID}" => 'address_zip',
513 "country-{$billingID}" => 'address_country_code',
514 ];
515 foreach ($lookup as $name => $paypalName) {
516 $value = self::retrieve($paypalName, 'String', 'POST', FALSE);
517 $input[$name] = $value ? $value : NULL;
518 }
519
520 $input['is_test'] = self::retrieve('test_ipn', 'Integer', 'POST', FALSE);
521 $input['fee_amount'] = self::retrieve('mc_fee', 'Money', 'POST', FALSE);
522 $input['net_amount'] = self::retrieve('settle_amount', 'Money', 'POST', FALSE);
523 $input['trxn_id'] = self::retrieve('txn_id', 'String', 'POST', FALSE);
524 $input['payment_date'] = $input['receive_date'] = self::retrieve('payment_date', 'String', 'POST', FALSE);
525 $input['total_amount'] = $input['amount'];
526 }
527
528 /**
529 * Handle payment express IPNs.
530 *
531 * For one off IPNS no actual response is required
532 * Recurring is more difficult as we have limited confirmation material
533 * lets look up invoice id in recur_contribution & rely on the unique transaction id to ensure no
534 * duplicated
535 * this may not be acceptable to all sites - e.g. if they are shipping or delivering something in return
536 * then the quasi security of the ids array might be required - although better to
537 * http://stackoverflow.com/questions/4848227/validate-that-ipn-call-is-from-paypal
538 * but let's assume knowledge on invoice id & schedule is enough for now esp for donations
539 * only contribute is handled
540 */
541 public function handlePaymentExpress() {
542 //@todo - loads of copy & paste / code duplication but as this not going into core need to try to
543 // keep discreet
544 // also note that a lot of the complexity above could be removed if we used
545 // http://stackoverflow.com/questions/4848227/validate-that-ipn-call-is-from-paypal
546 // as membership id etc can be derived by the load objects fn
547 $objects = $ids = $input = [];
548 $isFirst = FALSE;
549 $input['invoice'] = self::getValue('i', FALSE);
550 //Avoid return in case of unit test.
551 if (empty($input['invoice']) && empty($this->_inputParameters['is_unit_test'])) {
552 return;
553 }
554 $input['txnType'] = $this->retrieve('txn_type', 'String');
555 $contributionRecur = civicrm_api3('contribution_recur', 'getsingle', [
556 'return' => 'contact_id, id, payment_processor_id',
557 'invoice_id' => $input['invoice'],
558 ]);
559
560 if ($input['txnType'] !== 'recurring_payment' && $input['txnType'] !== 'recurring_payment_profile_created') {
561 throw new CRM_Core_Exception('Paypal IPNS not handled other than recurring_payments');
562 }
563
564 $this->getInput($input, $ids);
565 if ($input['txnType'] === 'recurring_payment' && $this->transactionExists($input['trxn_id'])) {
566 throw new CRM_Core_Exception('This transaction has already been processed');
567 }
568
569 $ids['contact'] = $contributionRecur['contact_id'];
570 $ids['contributionRecur'] = $contributionRecur['id'];
571 $result = civicrm_api3('contribution', 'getsingle', ['invoice_id' => $input['invoice'], 'contribution_test' => '']);
572
573 $ids['contribution'] = $result['id'];
574 //@todo hardcoding 'pending' for now
575 $pendingStatusId = CRM_Core_PseudoConstant::getKey('CRM_Contribute_BAO_Contribution', 'contribution_status_id', 'Pending');
576 if ($result['contribution_status_id'] == $pendingStatusId) {
577 $isFirst = TRUE;
578 }
579 // arg api won't get this - fix it
580 $ids['contributionPage'] = CRM_Core_DAO::singleValueQuery("SELECT contribution_page_id FROM civicrm_contribution WHERE invoice_id = %1", [
581 1 => [
582 $ids['contribution'],
583 'Integer',
584 ],
585 ]);
586 // only handle component at this stage - not terribly sure how a recurring event payment would arise
587 // & suspec main function may be a victom of copy & paste
588 // membership would be an easy add - but not relevant to my customer...
589 $this->_component = $input['component'] = 'contribute';
590 $input['trxn_date'] = date('Y-m-d H:i:s', strtotime(self::retrieve('time_created', 'String')));
591 $paymentProcessorID = $contributionRecur['payment_processor_id'];
592
593 if (!$this->validateData($input, $ids, $objects, TRUE, $paymentProcessorID)) {
594 throw new CRM_Core_Exception('Data did not validate');
595 }
596 $this->recur($input, $ids, $objects, $isFirst);
597 }
598
599 /**
600 * Function check if transaction already exists.
601 * @param string $trxn_id
602 * @return bool|void
603 */
604 public function transactionExists($trxn_id) {
605 if (CRM_Core_DAO::singleValueQuery("SELECT count(*) FROM civicrm_contribution WHERE trxn_id = %1",
606 [
607 1 => [$trxn_id, 'String'],
608 ])
609 ) {
610 return TRUE;
611 }
612 }
613
614 }