projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #13915 from colemanw/shortCRM
[civicrm-core.git] / CRM / Core / Payment / PayPalProIPN.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | CiviCRM version 5 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2019 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
28 /**
29 *
30 * @package CRM
31 * @copyright CiviCRM LLC (c) 2004-2019
32 */
33 class CRM_Core_Payment_PayPalProIPN extends CRM_Core_Payment_BaseIPN {
34
35 static $_paymentProcessor = NULL;
36
37 /**
38 * Input parameters from payment processor. Store these so that
39 * the code does not need to keep retrieving from the http request
40 * @var array
41 */
42 protected $_inputParameters = [];
43
44 /**
45 * Store for the variables from the invoice string.
46 * @var array
47 */
48 protected $_invoiceData = [];
49
50 /**
51 * Is this a payment express transaction.
52 */
53 protected $_isPaymentExpress = FALSE;
54
55 /**
56 * Are we dealing with an event an 'anything else' (contribute)
57 * @var string component
58 */
59 protected $_component = 'contribute';
60
61 /**
62 * Constructor function.
63 *
64 * @param array $inputData
65 * Contents of HTTP REQUEST.
66 *
67 * @throws CRM_Core_Exception
68 */
69 public function __construct($inputData) {
70 $this->setInputParameters($inputData);
71 $this->setInvoiceData();
72 parent::__construct();
73 }
74
75 /**
76 * get the values from the rp_invoice_id string.
77 *
78 * @param string $name
79 * E.g. i, values are stored in the string with letter codes.
80 * @param bool $abort
81 * Throw exception if not found
82 *
83 * @throws CRM_Core_Exception
84 * @return mixed
85 */
86 public function getValue($name, $abort = TRUE) {
87 if ($abort && empty($this->_invoiceData[$name])) {
88 throw new CRM_Core_Exception("Failure: Missing Parameter $name");
89 }
90 else {
91 return CRM_Utils_Array::value($name, $this->_invoiceData);
92 }
93 }
94
95 /**
96 * Set $this->_invoiceData from the input array
97 */
98 public function setInvoiceData() {
99 if (empty($this->_inputParameters['rp_invoice_id'])) {
100 $this->_isPaymentExpress = TRUE;
101 return;
102 }
103 $rpInvoiceArray = explode('&', $this->_inputParameters['rp_invoice_id']);
104 // for clarify let's also store without the single letter unreadable
105 //@todo after more refactoring we might ditch storing the one letter stuff
106 $mapping = [
107 'i' => 'invoice_id',
108 'm' => 'component',
109 'c' => 'contact_id',
110 'b' => 'contribution_id',
111 'r' => 'contribution_recur_id',
112 'p' => 'participant_id',
113 'e' => 'event_id',
114 ];
115 foreach ($rpInvoiceArray as $rpInvoiceValue) {
116 $rpValueArray = explode('=', $rpInvoiceValue);
117 $this->_invoiceData[$rpValueArray[0]] = $rpValueArray[1];
118 $this->_inputParameters[$mapping[$rpValueArray[0]]] = $rpValueArray[1];
119 // p has been overloaded & could mean contribution page or participant id. Clearly we need an
120 // alphabet with more letters.
121 // the mode will always be resolved before the mystery p is reached
122 if ($rpValueArray[1] == 'contribute') {
123 $mapping['p'] = 'contribution_page_id';
124 }
125 }
126 if (empty($this->_inputParameters['component'])) {
127 $this->_isPaymentExpress = TRUE;
128 }
129 }
130
131 /**
132 * @param string $name
133 * Of variable to return.
134 * @param string $type
135 * Data type.
136 * - String
137 * - Integer
138 * @param string $location
139 * Deprecated.
140 * @param bool $abort
141 * Abort if empty.
142 *
143 * @throws CRM_Core_Exception
144 * @return mixed
145 */
146 public function retrieve($name, $type, $location = 'POST', $abort = TRUE) {
147 $value = CRM_Utils_Type::validate(
148 CRM_Utils_Array::value($name, $this->_inputParameters),
149 $type,
150 FALSE
151 );
152 if ($abort && $value === NULL) {
153 throw new CRM_Core_Exception("Could not find an entry for $name in $location");
154 }
155 return $value;
156 }
157
158 /**
159 * Process recurring contributions.
160 * @param array $input
161 * @param array $ids
162 * @param array $objects
163 * @param bool $first
164 * @return void
165 */
166 public function recur(&$input, &$ids, &$objects, $first) {
167 if (!isset($input['txnType'])) {
168 Civi::log()->debug('PayPalProIPN: Could not find txn_type in input request.');
169 echo "Failure: Invalid parameters<p>";
170 return;
171 }
172
173 $recur = &$objects['contributionRecur'];
174
175 // make sure the invoice ids match
176 // make sure the invoice is valid and matches what we have in
177 // the contribution record
178 if ($recur->invoice_id != $input['invoice']) {
179 Civi::log()->debug('PayPalProIPN: Invoice values dont match between database and IPN request recur is ' . $recur->invoice_id . ' input is ' . $input['invoice']);
180 echo "Failure: Invoice values dont match between database and IPN request recur is " . $recur->invoice_id . " input is " . $input['invoice'];
181 return;
182 }
183
184 $now = date('YmdHis');
185
186 // fix dates that already exist
187 $dates = ['create', 'start', 'end', 'cancel', 'modified'];
188 foreach ($dates as $date) {
189 $name = "{$date}_date";
190 if ($recur->$name) {
191 $recur->$name = CRM_Utils_Date::isoToMysql($recur->$name);
192 }
193 }
194
195 $sendNotification = FALSE;
196 $subscriptionPaymentStatus = NULL;
197 //List of Transaction Type
198 /*
199 recurring_payment_profile_created RP Profile Created
200 recurring_payment RP Successful Payment
201 recurring_payment_failed RP Failed Payment
202 recurring_payment_profile_cancel RP Profile Cancelled
203 recurring_payment_expired RP Profile Expired
204 recurring_payment_skipped RP Profile Skipped
205 recurring_payment_outstanding_payment RP Successful Outstanding Payment
206 recurring_payment_outstanding_payment_failed RP Failed Outstanding Payment
207 recurring_payment_suspended RP Profile Suspended
208 recurring_payment_suspended_due_to_max_failed_payment RP Profile Suspended due to Max Failed Payment
209 */
210
211 //set transaction type
212 $txnType = $this->retrieve('txn_type', 'String');
213 //Changes for paypal pro recurring payment
214 $contributionStatuses = array_flip(CRM_Contribute_BAO_Contribution::buildOptions('contribution_status_id', 'validate'));
215 switch ($txnType) {
216 case 'recurring_payment_profile_created':
217 if (in_array($recur->contribution_status_id, [
218 $contributionStatuses['Pending'],
219 $contributionStatuses['In Progress'],
220 ])
221 && !empty($recur->processor_id)
222 ) {
223 echo "already handled";
224 return;
225 }
226 $recur->create_date = $now;
227 $recur->contribution_status_id = $contributionStatuses['Pending'];
228 $recur->processor_id = $this->retrieve('recurring_payment_id', 'String');
229 $recur->trxn_id = $recur->processor_id;
230 $subscriptionPaymentStatus = CRM_Core_Payment::RECURRING_PAYMENT_START;
231 $sendNotification = TRUE;
232 break;
233
234 case 'recurring_payment':
235 if ($first) {
236 $recur->start_date = $now;
237 }
238 else {
239 if ($input['paymentStatus'] != 'Completed') {
240 throw new CRM_Core_Exception("Ignore all IPN payments that are not completed");
241 }
242
243 // In future moving to create pending & then complete, but this OK for now.
244 // Also consider accepting 'Failed' like other processors.
245 $input['contribution_status_id'] = $contributionStatuses['Completed'];
246 $input['invoice_id'] = md5(uniqid(rand(), TRUE));
247 $input['original_contribution_id'] = $ids['contribution'];
248 $input['contribution_recur_id'] = $ids['contributionRecur'];
249
250 civicrm_api3('Contribution', 'repeattransaction', $input);
251 return;
252 }
253
254 //contribution installment is completed
255 if ($this->retrieve('profile_status', 'String') == 'Expired') {
256 if (!empty($recur->end_date)) {
257 echo "already handled";
258 return;
259 }
260 $recur->contribution_status_id = $contributionStatuses['Completed'];
261 $recur->end_date = $now;
262 $sendNotification = TRUE;
263 $subscriptionPaymentStatus = CRM_Core_Payment::RECURRING_PAYMENT_END;
264 }
265
266 // make sure the contribution status is not done
267 // since order of ipn's is unknown
268 if ($recur->contribution_status_id != $contributionStatuses['Completed']) {
269 $recur->contribution_status_id = $contributionStatuses['In Progress'];
270 }
271 break;
272 }
273
274 $recur->save();
275
276 if ($sendNotification) {
277 $autoRenewMembership = FALSE;
278 if ($recur->id &&
279 isset($ids['membership']) && $ids['membership']
280 ) {
281 $autoRenewMembership = TRUE;
282 }
283 //send recurring Notification email for user
284 CRM_Contribute_BAO_ContributionPage::recurringNotify($subscriptionPaymentStatus,
285 $ids['contact'],
286 $ids['contributionPage'],
287 $recur,
288 $autoRenewMembership
289 );
290 }
291
292 if ($txnType != 'recurring_payment') {
293 return;
294 }
295
296 if (!$first) {
297 //check if this contribution transaction is already processed
298 //if not create a contribution and then get it processed
299 $contribution = new CRM_Contribute_BAO_Contribution();
300 $contribution->trxn_id = $input['trxn_id'];
301 if ($contribution->trxn_id && $contribution->find()) {
302 Civi::log()->debug('PayPalProIPN: Returning since contribution has already been handled.');
303 echo "Success: Contribution has already been handled<p>";
304 return;
305 }
306
307 $contribution->contact_id = $recur->contact_id;
308 $contribution->financial_type_id = $objects['contributionType']->id;
309 $contribution->contribution_page_id = $ids['contributionPage'];
310 $contribution->contribution_recur_id = $ids['contributionRecur'];
311 $contribution->currency = $objects['contribution']->currency;
312 $contribution->payment_instrument_id = $objects['contribution']->payment_instrument_id;
313 $contribution->amount_level = $objects['contribution']->amount_level;
314 $contribution->campaign_id = $objects['contribution']->campaign_id;
315 $objects['contribution'] = &$contribution;
316 $contribution->invoice_id = md5(uniqid(rand(), TRUE));
317 }
318 // CRM-13737 - am not aware of any reason why payment_date would not be set - this if is a belt & braces
319 $objects['contribution']->receive_date = !empty($input['payment_date']) ? date('YmdHis', strtotime($input['payment_date'])) : $now;
320
321 $this->single($input, $ids, $objects, TRUE, $first);
322 }
323
324 /**
325 * @param array $input
326 * @param array $ids
327 * @param array $objects
328 * @param bool $recur
329 * @param bool $first
330 *
331 * @return void
332 */
333 public function single(&$input, &$ids, &$objects, $recur = FALSE, $first = FALSE) {
334 $contribution = &$objects['contribution'];
335
336 // make sure the invoice is valid and matches what we have in the contribution record
337 if ((!$recur) || ($recur && $first)) {
338 if ($contribution->invoice_id != $input['invoice']) {
339 Civi::log()->debug('PayPalProIPN: Invoice values dont match between database and IPN request.');
340 echo "Failure: Invoice values dont match between database and IPN request<p>contribution is" . $contribution->invoice_id . " and input is " . $input['invoice'];
341 return;
342 }
343 }
344 else {
345 $contribution->invoice_id = md5(uniqid(rand(), TRUE));
346 }
347
348 if (!$recur) {
349 if ($contribution->total_amount != $input['amount']) {
350 Civi::log()->debug('PayPalProIPN: Amount values dont match between database and IPN request.');
351 echo "Failure: Amount values dont match between database and IPN request<p>";
352 return;
353 }
354 }
355 else {
356 $contribution->total_amount = $input['amount'];
357 }
358
359 $transaction = new CRM_Core_Transaction();
360
361 $status = $input['paymentStatus'];
362 if ($status == 'Denied' || $status == 'Failed' || $status == 'Voided') {
363 $this->failed($objects, $transaction);
364 return;
365 }
366 elseif ($status == 'Pending') {
367 $this->pending($objects, $transaction);
368 return;
369 }
370 elseif ($status == 'Refunded' || $status == 'Reversed') {
371 $this->cancelled($objects, $transaction);
372 return;
373 }
374 elseif ($status != 'Completed') {
375 $this->unhandled($objects, $transaction);
376 return;
377 }
378
379 // check if contribution is already completed, if so we ignore this ipn
380 $completedStatusId = CRM_Core_Pseudoconstant::getKey('CRM_Contribute_BAO_Contribution', 'contribution_status_id', 'Completed');
381 if ($contribution->contribution_status_id == $completedStatusId) {
382 $transaction->commit();
383 Civi::log()->debug('PayPalProIPN: Returning since contribution has already been handled.');
384 echo "Success: Contribution has already been handled<p>";
385 return;
386 }
387
388 $this->completeTransaction($input, $ids, $objects, $transaction, $recur);
389 }
390
391 /**
392 * Gets PaymentProcessorID for PayPal
393 *
394 * @return int
395 */
396 public function getPayPalPaymentProcessorID() {
397 // This is an unreliable method as there could be more than one instance.
398 // Recommended approach is to use the civicrm/payment/ipn/xx url where xx is the payment
399 // processor id & the handleNotification function (which should call the completetransaction api & by-pass this
400 // entirely). The only thing the IPN class should really do is extract data from the request, validate it
401 // & call completetransaction or call fail? (which may not exist yet).
402
403 Civi::log()->warning('Unreliable method used to get payment_processor_id for PayPal Pro IPN - this will cause problems if you have more than one instance');
404
405 $paymentProcessorTypeID = CRM_Core_DAO::getFieldValue('CRM_Financial_DAO_PaymentProcessorType',
406 'PayPal', 'id', 'name'
407 );
408 return (int) civicrm_api3('PaymentProcessor', 'getvalue', [
409 'is_test' => 0,
410 'options' => ['limit' => 1],
411 'payment_processor_type_id' => $paymentProcessorTypeID,
412 'return' => 'id',
413 ]);
414
415 }
416
417 /**
418 * This is the main function to call. It should be sufficient to instantiate the class
419 * (with the input parameters) & call this & all will be done
420 *
421 * @todo the references to POST throughout this class need to be removed
422 * @return void
423 */
424 public function main() {
425 CRM_Core_Error::debug_var('GET', $_GET, TRUE, TRUE);
426 CRM_Core_Error::debug_var('POST', $_POST, TRUE, TRUE);
427 if ($this->_isPaymentExpress) {
428 $this->handlePaymentExpress();
429 return;
430 }
431 $objects = $ids = $input = [];
432 $this->_component = $input['component'] = self::getValue('m');
433 $input['invoice'] = self::getValue('i', TRUE);
434 // get the contribution and contact ids from the GET params
435 $ids['contact'] = self::getValue('c', TRUE);
436 $ids['contribution'] = self::getValue('b', TRUE);
437
438 $this->getInput($input, $ids);
439
440 if ($this->_component == 'event') {
441 $ids['event'] = self::getValue('e', TRUE);
442 $ids['participant'] = self::getValue('p', TRUE);
443 $ids['contributionRecur'] = self::getValue('r', FALSE);
444 }
445 else {
446 // get the optional ids
447 //@ how can this not be broken retrieving from GET as we are dealing with a POST request?
448 // copy & paste? Note the retrieve function now uses data from _REQUEST so this will be included
449 $ids['membership'] = self::retrieve('membershipID', 'Integer', 'GET', FALSE);
450 $ids['contributionRecur'] = self::getValue('r', FALSE);
451 $ids['contributionPage'] = self::getValue('p', FALSE);
452 $ids['related_contact'] = self::retrieve('relatedContactID', 'Integer', 'GET', FALSE);
453 $ids['onbehalf_dupe_alert'] = self::retrieve('onBehalfDupeAlert', 'Integer', 'GET', FALSE);
454 }
455
456 if (!$ids['membership'] && $ids['contributionRecur']) {
457 $sql = "
458 SELECT m.id
459 FROM civicrm_membership m
460 INNER JOIN civicrm_membership_payment mp ON m.id = mp.membership_id AND mp.contribution_id = %1
461 WHERE m.contribution_recur_id = %2
462 LIMIT 1";
463 $sqlParams = [
464 1 => [$ids['contribution'], 'Integer'],
465 2 => [$ids['contributionRecur'], 'Integer'],
466 ];
467 if ($membershipId = CRM_Core_DAO::singleValueQuery($sql, $sqlParams)) {
468 $ids['membership'] = $membershipId;
469 }
470 }
471
472 $paymentProcessorID = self::getPayPalPaymentProcessorID();
473
474 if (!$this->validateData($input, $ids, $objects, TRUE, $paymentProcessorID)) {
475 return;
476 }
477
478 self::$_paymentProcessor = &$objects['paymentProcessor'];
479 //?? how on earth would we not have component be one of these?
480 // they are the only valid settings & this IPN file can't even be called without one of them
481 // grepping for this class doesn't find other paths to call this class
482 if ($this->_component == 'contribute' || $this->_component == 'event') {
483 if ($ids['contributionRecur']) {
484 // check if first contribution is completed, else complete first contribution
485 $first = TRUE;
486 $completedStatusId = CRM_Core_Pseudoconstant::getKey('CRM_Contribute_BAO_Contribution', 'contribution_status_id', 'Completed');
487 if ($objects['contribution']->contribution_status_id == $completedStatusId) {
488 $first = FALSE;
489 }
490 $this->recur($input, $ids, $objects, $first);
491 return;
492 }
493 }
494 $this->single($input, $ids, $objects, FALSE, FALSE);
495 }
496
497 /**
498 * @param array $input
499 * @param array $ids
500 *
501 * @return void
502 * @throws CRM_Core_Exception
503 */
504 public function getInput(&$input, &$ids) {
505 if (!$this->getBillingID($ids)) {
506 return;
507 }
508
509 $input['txnType'] = self::retrieve('txn_type', 'String', 'POST', FALSE);
510 $input['paymentStatus'] = self::retrieve('payment_status', 'String', 'POST', FALSE);
511
512 $input['amount'] = self::retrieve('mc_gross', 'Money', 'POST', FALSE);
513 $input['reasonCode'] = self::retrieve('ReasonCode', 'String', 'POST', FALSE);
514
515 $billingID = $ids['billing'];
516 $lookup = [
517 "first_name" => 'first_name',
518 "last_name" => 'last_name',
519 "street_address-{$billingID}" => 'address_street',
520 "city-{$billingID}" => 'address_city',
521 "state-{$billingID}" => 'address_state',
522 "postal_code-{$billingID}" => 'address_zip',
523 "country-{$billingID}" => 'address_country_code',
524 ];
525 foreach ($lookup as $name => $paypalName) {
526 $value = self::retrieve($paypalName, 'String', 'POST', FALSE);
527 $input[$name] = $value ? $value : NULL;
528 }
529
530 $input['is_test'] = self::retrieve('test_ipn', 'Integer', 'POST', FALSE);
531 $input['fee_amount'] = self::retrieve('mc_fee', 'Money', 'POST', FALSE);
532 $input['net_amount'] = self::retrieve('settle_amount', 'Money', 'POST', FALSE);
533 $input['trxn_id'] = self::retrieve('txn_id', 'String', 'POST', FALSE);
534 $input['payment_date'] = $input['receive_date'] = self::retrieve('payment_date', 'String', 'POST', FALSE);
535 $input['total_amount'] = $input['amount'];
536 }
537
538 /**
539 * Handle payment express IPNs.
540 *
541 * For one off IPNS no actual response is required
542 * Recurring is more difficult as we have limited confirmation material
543 * lets look up invoice id in recur_contribution & rely on the unique transaction id to ensure no
544 * duplicated
545 * this may not be acceptable to all sites - e.g. if they are shipping or delivering something in return
546 * then the quasi security of the ids array might be required - although better to
547 * http://stackoverflow.com/questions/4848227/validate-that-ipn-call-is-from-paypal
548 * but let's assume knowledge on invoice id & schedule is enough for now esp for donations
549 * only contribute is handled
550 */
551 public function handlePaymentExpress() {
552 //@todo - loads of copy & paste / code duplication but as this not going into core need to try to
553 // keep discreet
554 // also note that a lot of the complexity above could be removed if we used
555 // http://stackoverflow.com/questions/4848227/validate-that-ipn-call-is-from-paypal
556 // as membership id etc can be derived by the load objects fn
557 $objects = $ids = $input = [];
558 $isFirst = FALSE;
559 $input['invoice'] = self::getValue('i', FALSE);
560 //Avoid return in case of unit test.
561 if (empty($input['invoice']) && empty($this->_inputParameters['is_unit_test'])) {
562 return;
563 }
564 $input['txnType'] = $this->retrieve('txn_type', 'String');
565 $contributionRecur = civicrm_api3('contribution_recur', 'getsingle', [
566 'return' => 'contact_id, id, payment_processor_id',
567 'invoice_id' => $input['invoice'],
568 ]);
569
570 if ($input['txnType'] !== 'recurring_payment' && $input['txnType'] !== 'recurring_payment_profile_created') {
571 throw new CRM_Core_Exception('Paypal IPNS not handled other than recurring_payments');
572 }
573
574 $this->getInput($input, $ids);
575 if ($input['txnType'] === 'recurring_payment' && $this->transactionExists($input['trxn_id'])) {
576 throw new CRM_Core_Exception('This transaction has already been processed');
577 }
578
579 $ids['contact'] = $contributionRecur['contact_id'];
580 $ids['contributionRecur'] = $contributionRecur['id'];
581 $result = civicrm_api3('contribution', 'getsingle', ['invoice_id' => $input['invoice'], 'contribution_test' => '']);
582
583 $ids['contribution'] = $result['id'];
584 //@todo hardcoding 'pending' for now
585 $pendingStatusId = CRM_Core_Pseudoconstant::getKey('CRM_Contribute_BAO_Contribution', 'contribution_status_id', 'Pending');
586 if ($result['contribution_status_id'] == $pendingStatusId) {
587 $isFirst = TRUE;
588 }
589 // arg api won't get this - fix it
590 $ids['contributionPage'] = CRM_Core_DAO::singleValueQuery("SELECT contribution_page_id FROM civicrm_contribution WHERE invoice_id = %1", [
591 1 => [
592 $ids['contribution'],
593 'Integer',
594 ],
595 ]);
596 // only handle component at this stage - not terribly sure how a recurring event payment would arise
597 // & suspec main function may be a victom of copy & paste
598 // membership would be an easy add - but not relevant to my customer...
599 $this->_component = $input['component'] = 'contribute';
600 $input['trxn_date'] = date('Y-m-d-H-i-s', strtotime(self::retrieve('time_created', 'String')));
601 $paymentProcessorID = $contributionRecur['payment_processor_id'];
602
603 if (!$this->validateData($input, $ids, $objects, TRUE, $paymentProcessorID)) {
604 throw new CRM_Core_Exception('Data did not validate');
605 }
606 $this->recur($input, $ids, $objects, $isFirst);
607 }
608
609 /**
610 * Function check if transaction already exists.
611 * @param string $trxn_id
612 * @return bool|void
613 */
614 public function transactionExists($trxn_id) {
615 if (CRM_Core_DAO::singleValueQuery("SELECT count(*) FROM civicrm_contribution WHERE trxn_id = %1",
616 [
617 1 => [$trxn_id, 'String'],
618 ])
619 ) {
620 return TRUE;
621 }
622 }
623
624 }