3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
17 class CRM_Core_Payment_PayPalProIPN
extends CRM_Core_Payment_BaseIPN
{
19 public static $_paymentProcessor = NULL;
22 * Input parameters from payment processor. Store these so that
23 * the code does not need to keep retrieving from the http request
26 protected $_inputParameters = [];
29 * Store for the variables from the invoice string.
32 protected $_invoiceData = [];
35 * Is this a payment express transaction.
38 protected $_isPaymentExpress = FALSE;
43 * Are we dealing with an event an 'anything else' (contribute).
47 protected $_component = 'contribute';
50 * Constructor function.
52 * @param array $inputData
53 * Contents of HTTP REQUEST.
55 * @throws CRM_Core_Exception
57 public function __construct($inputData) {
58 $this->setInputParameters($inputData);
59 $this->setInvoiceData();
60 parent
::__construct();
64 * get the values from the rp_invoice_id string.
67 * E.g. i, values are stored in the string with letter codes.
69 * Throw exception if not found
71 * @throws CRM_Core_Exception
74 public function getValue($name, $abort = TRUE) {
75 if ($abort && empty($this->_invoiceData
[$name])) {
76 throw new CRM_Core_Exception("Failure: Missing Parameter $name");
79 return $this->_invoiceData
[$name] ??
NULL;
84 * Set $this->_invoiceData from the input array
86 public function setInvoiceData() {
87 if (empty($this->_inputParameters
['rp_invoice_id'])) {
88 $this->_isPaymentExpress
= TRUE;
91 $rpInvoiceArray = explode('&', $this->_inputParameters
['rp_invoice_id']);
92 // for clarify let's also store without the single letter unreadable
93 //@todo after more refactoring we might ditch storing the one letter stuff
98 'b' => 'contribution_id',
99 'r' => 'contribution_recur_id',
100 'p' => 'participant_id',
103 foreach ($rpInvoiceArray as $rpInvoiceValue) {
104 $rpValueArray = explode('=', $rpInvoiceValue);
105 $this->_invoiceData
[$rpValueArray[0]] = $rpValueArray[1];
106 $this->_inputParameters
[$mapping[$rpValueArray[0]]] = $rpValueArray[1];
107 // p has been overloaded & could mean contribution page or participant id. Clearly we need an
108 // alphabet with more letters.
109 // the mode will always be resolved before the mystery p is reached
110 if ($rpValueArray[1] == 'contribute') {
111 $mapping['p'] = 'contribution_page_id';
114 if (empty($this->_inputParameters
['component'])) {
115 $this->_isPaymentExpress
= TRUE;
120 * @param string $name
121 * Of variable to return.
122 * @param string $type
126 * @param string $location
131 * @throws CRM_Core_Exception
134 public function retrieve($name, $type, $location = 'POST', $abort = TRUE) {
135 $value = CRM_Utils_Type
::validate(
136 CRM_Utils_Array
::value($name, $this->_inputParameters
),
140 if ($abort && $value === NULL) {
141 throw new CRM_Core_Exception("Could not find an entry for $name in $location");
147 * Process recurring contributions.
149 * @param array $input
151 * @param array $objects
154 * @throws \CRM_Core_Exception
155 * @throws \CiviCRM_API3_Exception
157 public function recur($input, $ids, $objects, $first) {
158 if (!isset($input['txnType'])) {
159 Civi
::log()->debug('PayPalProIPN: Could not find txn_type in input request.');
160 echo 'Failure: Invalid parameters<p>';
164 $recur = &$objects['contributionRecur'];
166 // make sure the invoice ids match
167 // make sure the invoice is valid and matches what we have in
168 // the contribution record
169 if ($recur->invoice_id
!= $input['invoice']) {
170 Civi
::log()->debug('PayPalProIPN: Invoice values dont match between database and IPN request recur is ' . $recur->invoice_id
. ' input is ' . $input['invoice']);
171 echo 'Failure: Invoice values dont match between database and IPN request recur is ' . $recur->invoice_id
. " input is " . $input['invoice'];
175 $now = date('YmdHis');
177 // fix dates that already exist
178 $dates = ['create', 'start', 'end', 'cancel', 'modified'];
179 foreach ($dates as $date) {
180 $name = "{$date}_date";
182 $recur->$name = CRM_Utils_Date
::isoToMysql($recur->$name);
186 $sendNotification = FALSE;
187 $subscriptionPaymentStatus = NULL;
188 //List of Transaction Type
190 recurring_payment_profile_created RP Profile Created
191 recurring_payment RP Successful Payment
192 recurring_payment_failed RP Failed Payment
193 recurring_payment_profile_cancel RP Profile Cancelled
194 recurring_payment_expired RP Profile Expired
195 recurring_payment_skipped RP Profile Skipped
196 recurring_payment_outstanding_payment RP Successful Outstanding Payment
197 recurring_payment_outstanding_payment_failed RP Failed Outstanding Payment
198 recurring_payment_suspended RP Profile Suspended
199 recurring_payment_suspended_due_to_max_failed_payment RP Profile Suspended due to Max Failed Payment
202 //set transaction type
203 $txnType = $this->retrieve('txn_type', 'String');
204 //Changes for paypal pro recurring payment
205 $contributionStatuses = array_flip(CRM_Contribute_BAO_Contribution
::buildOptions('contribution_status_id', 'validate'));
207 case 'recurring_payment_profile_created':
208 if (in_array($recur->contribution_status_id
, [
209 $contributionStatuses['Pending'],
210 $contributionStatuses['In Progress'],
212 && !empty($recur->processor_id
)
214 echo "already handled";
217 $recur->create_date
= $now;
218 $recur->contribution_status_id
= $contributionStatuses['Pending'];
219 $recur->processor_id
= $this->retrieve('recurring_payment_id', 'String');
220 $recur->trxn_id
= $recur->processor_id
;
221 $subscriptionPaymentStatus = CRM_Core_Payment
::RECURRING_PAYMENT_START
;
222 $sendNotification = TRUE;
225 case 'recurring_payment':
227 $recur->start_date
= $now;
230 if ($input['paymentStatus'] != 'Completed') {
231 throw new CRM_Core_Exception("Ignore all IPN payments that are not completed");
234 // In future moving to create pending & then complete, but this OK for now.
235 // Also consider accepting 'Failed' like other processors.
236 $input['contribution_status_id'] = $contributionStatuses['Completed'];
237 $input['invoice_id'] = md5(uniqid(rand(), TRUE));
238 $input['original_contribution_id'] = $ids['contribution'];
239 $input['contribution_recur_id'] = $ids['contributionRecur'];
241 civicrm_api3('Contribution', 'repeattransaction', $input);
245 //contribution installment is completed
246 if ($this->retrieve('profile_status', 'String') == 'Expired') {
247 if (!empty($recur->end_date
)) {
248 echo "already handled";
251 $recur->contribution_status_id
= $contributionStatuses['Completed'];
252 $recur->end_date
= $now;
253 $sendNotification = TRUE;
254 $subscriptionPaymentStatus = CRM_Core_Payment
::RECURRING_PAYMENT_END
;
257 // make sure the contribution status is not done
258 // since order of ipn's is unknown
259 if ($recur->contribution_status_id
!= $contributionStatuses['Completed']) {
260 $recur->contribution_status_id
= $contributionStatuses['In Progress'];
267 if ($sendNotification) {
268 $autoRenewMembership = FALSE;
270 isset($ids['membership']) && $ids['membership']
272 $autoRenewMembership = TRUE;
274 //send recurring Notification email for user
275 CRM_Contribute_BAO_ContributionPage
::recurringNotify($subscriptionPaymentStatus,
277 $ids['contributionPage'],
283 if ($txnType != 'recurring_payment') {
288 //check if this contribution transaction is already processed
289 //if not create a contribution and then get it processed
290 $contribution = new CRM_Contribute_BAO_Contribution();
291 $contribution->trxn_id
= $input['trxn_id'];
292 if ($contribution->trxn_id
&& $contribution->find()) {
293 Civi
::log()->debug('PayPalProIPN: Returning since contribution has already been handled.');
294 echo "Success: Contribution has already been handled<p>";
298 $contribution->contact_id
= $recur->contact_id
;
299 $contribution->financial_type_id
= $objects['contributionType']->id
;
300 $contribution->contribution_page_id
= $ids['contributionPage'];
301 $contribution->contribution_recur_id
= $ids['contributionRecur'];
302 $contribution->currency
= $objects['contribution']->currency
;
303 $contribution->payment_instrument_id
= $objects['contribution']->payment_instrument_id
;
304 $contribution->amount_level
= $objects['contribution']->amount_level
;
305 $contribution->campaign_id
= $objects['contribution']->campaign_id
;
306 $objects['contribution'] = &$contribution;
307 $contribution->invoice_id
= md5(uniqid(rand(), TRUE));
309 // CRM-13737 - am not aware of any reason why payment_date would not be set - this if is a belt & braces
310 $objects['contribution']->receive_date
= !empty($input['payment_date']) ?
date('YmdHis', strtotime($input['payment_date'])) : $now;
312 $this->single($input, $ids, $objects, TRUE, $first);
316 * @param array $input
318 * @param array $objects
324 public function single($input, $ids, $objects, $recur = FALSE, $first = FALSE) {
325 $contribution = &$objects['contribution'];
327 // make sure the invoice is valid and matches what we have in the contribution record
328 if ((!$recur) ||
($recur && $first)) {
329 if ($contribution->invoice_id
!= $input['invoice']) {
330 Civi
::log()->debug('PayPalProIPN: Invoice values dont match between database and IPN request.');
331 echo "Failure: Invoice values dont match between database and IPN request<p>contribution is" . $contribution->invoice_id
. " and input is " . $input['invoice'];
336 $contribution->invoice_id
= md5(uniqid(rand(), TRUE));
340 if ($contribution->total_amount
!= $input['amount']) {
341 Civi
::log()->debug('PayPalProIPN: Amount values dont match between database and IPN request.');
342 echo "Failure: Amount values dont match between database and IPN request<p>";
347 $contribution->total_amount
= $input['amount'];
350 $status = $input['paymentStatus'];
351 if ($status === 'Denied' ||
$status === 'Failed' ||
$status === 'Voided') {
352 $this->failed($objects);
355 if ($status === 'Pending') {
356 Civi
::log()->debug('Returning since contribution status is Pending');
359 elseif ($status === 'Refunded' ||
$status === 'Reversed') {
360 $this->cancelled($objects);
363 elseif ($status !== 'Completed') {
364 Civi
::log()->debug('Returning since contribution status is not handled');
368 // check if contribution is already completed, if so we ignore this ipn
369 $completedStatusId = CRM_Core_PseudoConstant
::getKey('CRM_Contribute_BAO_Contribution', 'contribution_status_id', 'Completed');
370 if ($contribution->contribution_status_id
== $completedStatusId) {
371 Civi
::log()->debug('PayPalProIPN: Returning since contribution has already been handled.');
372 echo 'Success: Contribution has already been handled<p>';
376 $this->completeTransaction($input, $ids, $objects);
380 * Gets PaymentProcessorID for PayPal
384 public function getPayPalPaymentProcessorID() {
385 // This is an unreliable method as there could be more than one instance.
386 // Recommended approach is to use the civicrm/payment/ipn/xx url where xx is the payment
387 // processor id & the handleNotification function (which should call the completetransaction api & by-pass this
388 // entirely). The only thing the IPN class should really do is extract data from the request, validate it
389 // & call completetransaction or call fail? (which may not exist yet).
391 Civi
::log()->warning('Unreliable method used to get payment_processor_id for PayPal Pro IPN - this will cause problems if you have more than one instance');
393 $paymentProcessorTypeID = CRM_Core_DAO
::getFieldValue('CRM_Financial_DAO_PaymentProcessorType',
394 'PayPal', 'id', 'name'
396 return (int) civicrm_api3('PaymentProcessor', 'getvalue', [
398 'options' => ['limit' => 1],
399 'payment_processor_type_id' => $paymentProcessorTypeID,
406 * This is the main function to call. It should be sufficient to instantiate the class
407 * (with the input parameters) & call this & all will be done
409 * @todo the references to POST throughout this class need to be removed
412 public function main() {
413 CRM_Core_Error
::debug_var('GET', $_GET, TRUE, TRUE);
414 CRM_Core_Error
::debug_var('POST', $_POST, TRUE, TRUE);
416 if ($this->_isPaymentExpress
) {
417 $this->handlePaymentExpress();
420 $objects = $ids = $input = [];
421 $this->_component
= $input['component'] = self
::getValue('m');
422 $input['invoice'] = self
::getValue('i', TRUE);
423 // get the contribution and contact ids from the GET params
424 $ids['contact'] = self
::getValue('c', TRUE);
425 $ids['contribution'] = self
::getValue('b', TRUE);
427 $this->getInput($input);
429 if ($this->_component
== 'event') {
430 $ids['event'] = self
::getValue('e', TRUE);
431 $ids['participant'] = self
::getValue('p', TRUE);
432 $ids['contributionRecur'] = self
::getValue('r', FALSE);
435 // get the optional ids
436 //@ how can this not be broken retrieving from GET as we are dealing with a POST request?
437 // copy & paste? Note the retrieve function now uses data from _REQUEST so this will be included
438 $ids['membership'] = self
::retrieve('membershipID', 'Integer', 'GET', FALSE);
439 $ids['contributionRecur'] = self
::getValue('r', FALSE);
440 $ids['contributionPage'] = self
::getValue('p', FALSE);
441 $ids['related_contact'] = self
::retrieve('relatedContactID', 'Integer', 'GET', FALSE);
442 $ids['onbehalf_dupe_alert'] = self
::retrieve('onBehalfDupeAlert', 'Integer', 'GET', FALSE);
445 if (!$ids['membership'] && $ids['contributionRecur']) {
448 FROM civicrm_membership m
449 INNER JOIN civicrm_membership_payment mp ON m.id = mp.membership_id AND mp.contribution_id = %1
450 WHERE m.contribution_recur_id = %2
453 1 => [$ids['contribution'], 'Integer'],
454 2 => [$ids['contributionRecur'], 'Integer'],
456 if ($membershipId = CRM_Core_DAO
::singleValueQuery($sql, $sqlParams)) {
457 $ids['membership'] = $membershipId;
461 $paymentProcessorID = CRM_Utils_Array
::value('processor_id', $this->_inputParameters
);
462 if (!$paymentProcessorID) {
463 $paymentProcessorID = self
::getPayPalPaymentProcessorID();
466 if (!$this->validateData($input, $ids, $objects, TRUE, $paymentProcessorID)) {
470 self
::$_paymentProcessor = &$objects['paymentProcessor'];
471 //?? how on earth would we not have component be one of these?
472 // they are the only valid settings & this IPN file can't even be called without one of them
473 // grepping for this class doesn't find other paths to call this class
474 if ($this->_component
== 'contribute' ||
$this->_component
== 'event') {
475 if ($ids['contributionRecur']) {
476 // check if first contribution is completed, else complete first contribution
478 $completedStatusId = CRM_Core_PseudoConstant
::getKey('CRM_Contribute_BAO_Contribution', 'contribution_status_id', 'Completed');
479 if ($objects['contribution']->contribution_status_id
== $completedStatusId) {
482 $this->recur($input, $ids, $objects, $first);
486 $this->single($input, $ids, $objects, FALSE, FALSE);
488 catch (CRM_Core_Exception
$e) {
489 Civi
::log()->debug($e->getMessage());
490 echo 'Invalid or missing data';
495 * @param array $input
498 * @throws CRM_Core_Exception
500 public function getInput(&$input) {
501 $billingID = CRM_Core_BAO_LocationType
::getBilling();
503 $input['txnType'] = self
::retrieve('txn_type', 'String', 'POST', FALSE);
504 $input['paymentStatus'] = self
::retrieve('payment_status', 'String', 'POST', FALSE);
506 $input['amount'] = self
::retrieve('mc_gross', 'Money', 'POST', FALSE);
507 $input['reasonCode'] = self
::retrieve('ReasonCode', 'String', 'POST', FALSE);
510 "first_name" => 'first_name',
511 "last_name" => 'last_name',
512 "street_address-{$billingID}" => 'address_street',
513 "city-{$billingID}" => 'address_city',
514 "state-{$billingID}" => 'address_state',
515 "postal_code-{$billingID}" => 'address_zip',
516 "country-{$billingID}" => 'address_country_code',
518 foreach ($lookup as $name => $paypalName) {
519 $value = self
::retrieve($paypalName, 'String', 'POST', FALSE);
520 $input[$name] = $value ?
$value : NULL;
523 $input['is_test'] = self
::retrieve('test_ipn', 'Integer', 'POST', FALSE);
524 $input['fee_amount'] = self
::retrieve('mc_fee', 'Money', 'POST', FALSE);
525 $input['net_amount'] = self
::retrieve('settle_amount', 'Money', 'POST', FALSE);
526 $input['trxn_id'] = self
::retrieve('txn_id', 'String', 'POST', FALSE);
527 $input['payment_date'] = $input['receive_date'] = self
::retrieve('payment_date', 'String', 'POST', FALSE);
528 $input['total_amount'] = $input['amount'];
532 * Handle payment express IPNs.
534 * For one off IPNS no actual response is required
535 * Recurring is more difficult as we have limited confirmation material
536 * lets look up invoice id in recur_contribution & rely on the unique transaction id to ensure no
538 * this may not be acceptable to all sites - e.g. if they are shipping or delivering something in return
539 * then the quasi security of the ids array might be required - although better to
540 * http://stackoverflow.com/questions/4848227/validate-that-ipn-call-is-from-paypal
541 * but let's assume knowledge on invoice id & schedule is enough for now esp for donations
542 * only contribute is handled
544 public function handlePaymentExpress() {
545 //@todo - loads of copy & paste / code duplication but as this not going into core need to try to
547 // also note that a lot of the complexity above could be removed if we used
548 // http://stackoverflow.com/questions/4848227/validate-that-ipn-call-is-from-paypal
549 // as membership id etc can be derived by the load objects fn
550 $objects = $ids = $input = [];
552 $input['invoice'] = self
::getValue('i', FALSE);
553 //Avoid return in case of unit test.
554 if (empty($input['invoice']) && empty($this->_inputParameters
['is_unit_test'])) {
557 $input['txnType'] = $this->retrieve('txn_type', 'String');
558 $contributionRecur = civicrm_api3('contribution_recur', 'getsingle', [
559 'return' => 'contact_id, id, payment_processor_id',
560 'invoice_id' => $input['invoice'],
563 if ($input['txnType'] !== 'recurring_payment' && $input['txnType'] !== 'recurring_payment_profile_created') {
564 throw new CRM_Core_Exception('Paypal IPNS not handled other than recurring_payments');
567 $this->getInput($input, $ids);
568 if ($input['txnType'] === 'recurring_payment' && $this->transactionExists($input['trxn_id'])) {
569 throw new CRM_Core_Exception('This transaction has already been processed');
572 $ids['contact'] = $contributionRecur['contact_id'];
573 $ids['contributionRecur'] = $contributionRecur['id'];
574 $result = civicrm_api3('contribution', 'getsingle', ['invoice_id' => $input['invoice'], 'contribution_test' => '']);
576 $ids['contribution'] = $result['id'];
577 //@todo hardcoding 'pending' for now
578 $pendingStatusId = CRM_Core_PseudoConstant
::getKey('CRM_Contribute_BAO_Contribution', 'contribution_status_id', 'Pending');
579 if ($result['contribution_status_id'] == $pendingStatusId) {
582 // arg api won't get this - fix it
583 $ids['contributionPage'] = CRM_Core_DAO
::singleValueQuery("SELECT contribution_page_id FROM civicrm_contribution WHERE invoice_id = %1", [
585 $ids['contribution'],
589 // only handle component at this stage - not terribly sure how a recurring event payment would arise
590 // & suspec main function may be a victom of copy & paste
591 // membership would be an easy add - but not relevant to my customer...
592 $this->_component
= $input['component'] = 'contribute';
593 $input['trxn_date'] = date('Y-m-d H:i:s', strtotime(self
::retrieve('time_created', 'String')));
594 $paymentProcessorID = $contributionRecur['payment_processor_id'];
596 if (!$this->validateData($input, $ids, $objects, TRUE, $paymentProcessorID)) {
597 throw new CRM_Core_Exception('Data did not validate');
599 $this->recur($input, $ids, $objects, $isFirst);
603 * Function check if transaction already exists.
604 * @param string $trxn_id
607 public function transactionExists($trxn_id) {
608 if (CRM_Core_DAO
::singleValueQuery("SELECT count(*) FROM civicrm_contribution WHERE trxn_id = %1",
610 1 => [$trxn_id, 'String'],