3 +----------------------------------------------------------------------------+
4 | PayflowPro Core Payment Module for CiviCRM version 4.4 |
5 +----------------------------------------------------------------------------+
6 | Licensed to CiviCRM under the Academic Free License version 3.0 |
8 | Written & Contributed by Eileen McNaughton - 2009 |
9 +---------------------------------------------------------------------------+
11 class CRM_Core_Payment_PayflowPro
extends CRM_Core_Payment
{
12 // (not used, implicit in the API, might need to convert?)
17 * We only need one instance of this object. So we use the singleton
18 * pattern and cache the instance in this variable
23 static private $_singleton = NULL;
28 * @param string $mode the mode of operation: live or test
32 function __construct($mode, &$paymentProcessor) {
35 $this->_paymentProcessor
= $paymentProcessor;
36 $this->_processorName
= ts('Payflow Pro');
40 * singleton function used to manage this object
42 * @param string $mode the mode of operation: live or test
48 static function &singleton($mode, &$paymentProcessor) {
49 $processorName = $paymentProcessor['name'];
50 if (self
::$_singleton[$processorName] === NULL) {
51 self
::$_singleton[$processorName] = new CRM_Core_Payment_PayflowPro($mode, $paymentProcessor);
53 return self
::$_singleton[$processorName];
57 * This function sends request and receives response from
58 * the processor. It is the main function for processing on-server
59 * credit card transactions
61 function doDirectPayment(&$params) {
62 if (!defined('CURLOPT_SSLCERT')) {
63 CRM_Core_Error
::fatal(ts('PayFlowPro requires curl with SSL support'));
67 * define variables for connecting with the gateway
70 // Are you using the Payflow Fraud Protection Service?
71 // Default is YES, change to NO or blank if not.
72 //This has not been investigated as part of writing this payment processor
74 //if you have not set up a separate user account the vendor name is used as the username
75 if (!$this->_paymentProcessor
['subject']) {
76 $user = $this->_paymentProcessor
['user_name'];
79 $user = $this->_paymentProcessor
['subject'];
82 // ideally this id would be passed through into this class as
83 // part of the paymentProcessor
84 //object with the other variables. It seems inefficient to re-query to get it.
85 //$params['processor_id'] = CRM_Core_DAO::getFieldValue(
86 // 'CRM_Contribute_DAO_ContributionP
87 //age',$params['contributionPageID'], 'payment_processor_id' );
90 *Create the array of variables to be sent to the processor from the $params array
91 * passed into this function
95 $payflow_query_array = array(
97 'VENDOR' => $this->_paymentProcessor
['user_name'],
98 'PARTNER' => $this->_paymentProcessor
['signature'],
99 'PWD' => $this->_paymentProcessor
['password'],
100 // C - Direct Payment using credit card
102 // A - Authorization, S - Sale
104 'ACCT' => urlencode($params['credit_card_number']),
105 'CVV2' => $params['cvv2'],
106 'EXPDATE' => urlencode(sprintf('%02d', (int) $params['month']) . substr($params['year'], 2, 2)),
107 'ACCTTYPE' => urlencode($params['credit_card_type']),
108 'AMT' => urlencode($params['amount']),
109 'CURRENCY' => urlencode($params['currency']),
110 'FIRSTNAME' => $params['billing_first_name'],
112 'LASTNAME' => $params['billing_last_name'],
114 'STREET' => $params['street_address'],
115 'CITY' => urlencode($params['city']),
116 'STATE' => urlencode($params['state_province']),
117 'ZIP' => urlencode($params['postal_code']),
118 'COUNTRY' => urlencode($params['country']),
119 'EMAIL' => $params['email'],
120 'CUSTIP' => urlencode($params['ip_address']),
121 'COMMENT1' => urlencode($params['contributionType_accounting_code']),
123 'INVNUM' => urlencode($params['invoiceID']),
124 'ORDERDESC' => urlencode($params['description']),
125 'VERBOSITY' => 'MEDIUM',
126 'BILLTOCOUNTRY' => urlencode($params['country']),
129 if ($params['installments'] == 1) {
130 $params['is_recur'] == FALSE;
133 if ($params['is_recur'] == TRUE) {
135 $payflow_query_array['TRXTYPE'] = 'R';
136 $payflow_query_array['OPTIONALTRX'] = 'S';
137 $payflow_query_array['OPTIONALTRXAMT'] = $params['amount'];
138 //Amount of the initial Transaction. Required
139 $payflow_query_array['ACTION'] = 'A';
140 //A for add recurring (M-modify,C-cancel,R-reactivate,I-inquiry,P-payment
141 $payflow_query_array['PROFILENAME'] = urlencode('RegularContribution');
142 //A for add recurring (M-modify,C-cancel,R-reactivate,I-inquiry,P-payment
143 if ($params['installments'] > 0) {
144 $payflow_query_array['TERM'] = $params['installments'] - 1;
145 //ie. in addition to the one happening with this transaction
147 // $payflow_query_array['COMPANYNAME']
148 // $payflow_query_array['DESC'] = not set yet Optional
149 // description of the goods or
150 //services being purchased.
151 //This parameter applies only for ACH_CCD accounts.
153 // $payflow_query_array['MAXFAILPAYMENTS'] = 0;
154 // number of payment periods (as s
155 //pecified by PAYPERIOD) for which the transaction is allowed
156 //to fail before PayPal cancels a profile. the default
157 // value of 0 (zero) specifies no
159 //attempts occur until the term is complete.
160 // $payflow_query_array['RETRYNUMDAYS'] = (not set as can't assume business rule
162 switch ($params['frequency_unit']) {
164 $params['next_sched_contribution_date'] = mktime(0, 0, 0, date("m"), date("d") +
7,
167 $params['end_date'] = mktime(0, 0, 0, date("m"), date("d") +
(7 * $payflow_query_array['TERM']),
170 $payflow_query_array['START'] = date('mdY', $params['next_sched_contribution_date']);
171 $payflow_query_array['PAYPERIOD'] = "WEEK";
172 $params['frequency_unit'] = "week";
173 $params['frequency_interval'] = 1;
177 $params['next_sched_contribution_date'] = mktime(0, 0, 0, date("m"), date("d") +
14, date("Y"));
178 $params['end_date'] = mktime(0, 0, 0, date("m"), date("d") +
(14 * $payflow_query_array['TERM'])
181 $payflow_query_array['START'] = date('mdY', $params['next_sched_contribution_date']);
182 $payflow_query_array['PAYPERIOD'] = "BIWK";
183 $params['frequency_unit'] = "week";
184 $params['frequency_interval'] = 2;
188 $params['next_sched_contribution_date'] = mktime(0, 0, 0, date("m"), date("d") +
28, date("Y")
190 $params['end_date'] = mktime(0, 0, 0, date("m"), date("d") +
(28 * $payflow_query_array['TERM'])
193 $payflow_query_array['START'] = date('mdY', $params['next_sched_contribution_date']);
194 $payflow_query_array['PAYPERIOD'] = "FRWK";
195 $params['frequency_unit'] = "week";
196 $params['frequency_interval'] = 4;
200 $params['next_sched_contribution_date'] = mktime(0, 0, 0, date("m") +
1,
203 $params['end_date'] = mktime(0, 0, 0, date("m") +
204 (1 * $payflow_query_array['TERM']),
207 $payflow_query_array['START'] = date('mdY', $params['next_sched_contribution_date']);
208 $payflow_query_array['PAYPERIOD'] = "MONT";
209 $params['frequency_unit'] = "month";
210 $params['frequency_interval'] = 1;
214 $params['next_sched_contribution_date'] = mktime(0, 0, 0, date("m") +
3, date("d")
217 $params['end_date'] = mktime(0, 0, 0, date("m") +
218 (3 * $payflow_query_array['TERM']),
221 $payflow_query_array['START'] = date('mdY', $params['next_sched_contribution_date']);
222 $payflow_query_array['PAYPERIOD'] = "QTER";
223 $params['frequency_unit'] = "month";
224 $params['frequency_interval'] = 3;
228 $params['next_sched_contribution_date'] = mktime(0, 0, 0, date("m") +
6, date("d"),
231 $params['end_date'] = mktime(0, 0, 0, date("m") +
232 (6 * $payflow_query_array['TERM']),
235 $payflow_query_array['START'] = date('mdY', $params['next_sched_contribution_date'
238 $payflow_query_array['PAYPERIOD'] = "SMYR";
239 $params['frequency_unit'] = "month";
240 $params['frequency_interval'] = 6;
244 $params['next_sched_contribution_date'] = mktime(0, 0, 0, date("m"), date("d"),
247 $params['end_date'] = mktime(0, 0, 0, date("m"), date("d"),
249 (1 * $payflow_query_array['TEM'])
251 $payflow_query_array['START'] = date('mdY', $params['next_sched_contribution_date']);
252 $payflow_query_array['PAYPERIOD'] = "YEAR";
253 $params['frequency_unit'] = "year";
254 $params['frequency_interval'] = 1;
259 CRM_Utils_Hook
::alterPaymentProcessorParams($this, $params, $payflow_query_array);
260 $payflow_query = $this->convert_to_nvp($payflow_query_array);
263 * Check to see if we have a duplicate before we send
265 if ($this->_checkDupe($params['invoiceID'])) {
266 return self
::errorExit(9003, 'It appears that this transaction is a duplicate. Have you already submitted the form once? If so there may have been a connection problem. Check your email for a receipt. If you do not receive a receipt within 2 hours you can try your transaction again. If you continue to have problems please contact the site administrator.');
269 // ie. url at payment processor to submit to.
270 $submiturl = $this->_paymentProcessor
['url_site'];
272 $responseData = self
::submit_transaction($submiturl, $payflow_query);
275 * Payment successfully sent to gateway - process the response now
277 $result = strstr($responseData, "RESULT");
279 while (strlen($result)) {
281 $keypos = strpos($result, '=');
282 $keyval = substr($result, 0, $keypos);
284 $valuepos = strpos($result, '&') ?
strpos($result, '&') : strlen($result);
285 $valval = substr($result, $keypos +
1, $valuepos - $keypos - 1);
286 // decoding the respose
287 $nvpArray[$keyval] = $valval;
288 $result = substr($result, $valuepos +
1, strlen($result));
290 // get the result code to validate.
291 $result_code = $nvpArray['RESULT'];
293 echo "<p>Params array</p><br>";
296 echo "<p>Values to Payment Processor</p><br>";
297 print_r($payflow_query_array);
299 echo "<p>Results from Payment Processor</p><br>";
304 switch ($result_code) {
307 /*******************************************************
309 * This is a successful transaction. PayFlow Pro does return further information
310 * about transactions to help you identify fraud including whether they pass
311 * the cvv check, the avs check. This is stored in
312 * CiviCRM as part of the transact
313 * but not further processing is done. Business rules would need to be defined
315 *******************************************************/
316 $params['trxn_id'] = $nvpArray['PNREF'] . $nvpArray['TRXPNREF'];
317 //'trxn_id' is varchar(255) field. returned value is length 12
318 $params['trxn_result_code'] = $nvpArray['AUTHCODE'] . "-Cvv2:" . $nvpArray['CVV2MATCH'] . "-avs:" . $nvpArray['AVSADDR'];
320 if ($params['is_recur'] == TRUE) {
321 $params['recur_trxn_id'] = $nvpArray['PROFILEID'];
322 //'trxn_id' is varchar(255) field. returned value is length 12
327 return self
::errorExit(9008, "There is a payment processor configuration problem. This is usually due to invalid account information or ip restrictions on the account. You can verify ip restriction by logging // into Manager. See Service Settings >> Allowed IP Addresses. ");
330 // Hard decline from bank.
331 return self
::errorExit(9009, "Your transaction was declined ");
334 // Voice authorization required.
335 return self
::errorExit(9010, "Your Transaction is pending. Contact Customer Service to complete your order.");
338 // Issue with credit card number or expiration date.
339 return self
::errorExit(9011, "Invalid credit card information. Please re-enter.");
342 return self
::errorExit(9012, "You have not configured your payment processor with the correct credentials. Make sure you have provided both the <vendor> and the <user> variables ");
345 return self
::errorExit(9013, "Error - from payment processor: [" . $result_code . " " . $nvpArray['RESPMSG'] . "] ");
348 return self
::errorExit(9014, "Check the code - all transactions should have been headed off before they got here. Something slipped through the net");
352 * Checks to see if invoice_id already exists in db
354 * @param int $invoiceId The ID to check
356 * @return bool True if ID exists, else false
358 function _checkDupe($invoiceId) {
359 //copied from Eway but not working and not really sure it should!
360 $contribution = new CRM_Contribute_DAO_Contribution();
361 $contribution->invoice_id
= $invoiceId;
362 return $contribution->find();
366 * Produces error message and returns from class
368 function &errorExit($errorCode = NULL, $errorMessage = NULL) {
369 $e = CRM_Core_Error
::singleton();
371 $e->push($errorCode, 0, NULL, $errorMessage);
374 $e->push(9000, 0, NULL, 'Unknown System Error.');
381 * NOTE: 'doTransferCheckout' not implemented
383 function doTransferCheckout(&$params, $component) {
384 CRM_Core_Error
::fatal(ts('This function is not implemented'));
388 * This public function checks to see if we have the right processor config values set
390 * NOTE: Called by Events and Contribute to check config params are set prior to trying
391 * register any credit card details
393 * @param string $mode the mode we are operating in (live or test) - not used
395 * returns string $errorMsg if any errors found - null if OK
399 // function checkConfig( $mode ) // CiviCRM V1.9 Declaration
401 // CiviCRM V2.0 Declaration
402 function checkConfig() {
404 if (empty($this->_paymentProcessor
['user_name'])) {
405 $errorMsg[] = ' ' . ts('ssl_merchant_id is not set for this payment processor');
408 if (empty($this->_paymentProcessor
['url_site'])) {
409 $errorMsg[] = ' ' . ts('URL is not set for %1', array(1 => $this->_paymentProcessor
['name']));
412 if (!empty($errorMsg)) {
413 return implode('<p>', $errorMsg);
422 * convert to a name/value pair (nvp) string
424 function convert_to_nvp($payflow_query_array) {
425 foreach ($payflow_query_array as $key => $value) {
426 $payflow_query[] = $key . '[' . strlen($value) . ']=' . $value;
428 $payflow_query = implode('&', $payflow_query);
430 return $payflow_query;
434 * Submit transaction using CuRL
435 * @submiturl string Url to direct HTTPS GET to
436 * @payflow_query value string to be posted
439 function submit_transaction($submiturl, $payflow_query) {
441 * Submit transaction using CuRL
444 // get data ready for API
445 $user_agent = $_SERVER['HTTP_USER_AGENT'];
446 // Here's your custom headers; adjust appropriately for your setup:
447 $headers[] = "Content-Type: text/namevalue";
448 //or text/xml if using XMLPay.
449 $headers[] = "Content-Length : " . strlen($data);
450 // Length of data to be passed
451 // Here the server timeout value is set to 45, but notice
452 // below in the cURL section, the timeout
453 // for cURL is 90 seconds. You want to make sure the server
454 // timeout is less, then the connection.
455 $headers[] = "X-VPS-Timeout: 45";
456 //random unique number - the transaction is retried using this transaction ID
457 // in this function but if that doesn't work and it is re- submitted
458 // it is treated as a new attempt. PayflowPro doesn't allow
459 // you to change details (e.g. card no) when you re-submit
460 // you can only try the same details
461 $headers[] = "X-VPS-Request-ID: " . rand(1, 1000000000);
462 // optional header field
463 $headers[] = "X-VPS-VIT-Integration-Product: CiviCRM";
464 // other Optional Headers. If used adjust as necessary.
466 //$headers[] = "X-VPS-VIT-OS-Name: Linux";
468 //$headers[] = "X-VPS-VIT-OS-Version: RHEL 4";
469 // What you are using
470 //$headers[] = "X-VPS-VIT-Client-Type: PHP/cURL";
472 //$headers[] = "X-VPS-VIT-Client-Version: 0.01";
474 //$headers[] = "X-VPS-VIT-Client-Architecture: x86";
475 // Application version
476 //$headers[] = "X-VPS-VIT-Integration-Version: 0.01";
478 curl_setopt($ch, CURLOPT_URL
, $submiturl);
479 curl_setopt($ch, CURLOPT_HTTPHEADER
, $headers);
480 curl_setopt($ch, CURLOPT_USERAGENT
, $user_agent);
481 curl_setopt($ch, CURLOPT_HEADER
, 1);
482 // tells curl to include headers in response
483 curl_setopt($ch, CURLOPT_RETURNTRANSFER
, 1);
484 // return into a variable
485 curl_setopt($ch, CURLOPT_TIMEOUT
, 90);
486 // times out after 90 secs
487 curl_setopt($ch, CURLOPT_FOLLOWLOCATION
, 0);
488 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER
, CRM_Core_BAO_Setting
::getItem(CRM_Core_BAO_Setting
::SYSTEM_PREFERENCES_NAME
, 'verifySSL'));
489 // this line makes it work under https
490 curl_setopt($ch, CURLOPT_POSTFIELDS
, $payflow_query);
492 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST
, CRM_Core_BAO_Setting
::getItem(CRM_Core_BAO_Setting
::SYSTEM_PREFERENCES_NAME
, 'verifySSL') ?
2 : 0);
493 //verifies ssl certificate
494 curl_setopt($ch, CURLOPT_FORBID_REUSE
, TRUE);
495 //forces closure of connection when done
496 curl_setopt($ch, CURLOPT_POST
, 1);
499 // Try to submit the transaction up to 3 times with 5 second delay. This can be used
500 // in case of network issues. The idea here is since you are posting via HTTPS there
501 // could be general network issues, so try a few times before you tell customer there
506 $responseData = curl_exec($ch);
507 $responseHeaders = curl_getinfo($ch);
508 if ($responseHeaders['http_code'] != 200) {
509 // Let's wait 5 seconds to see if its a temporary network issue.
512 elseif ($responseHeaders['http_code'] == 200) {
513 // we got a good response, drop out of loop.
519 * Transaction submitted -
520 * See if we had a curl error - if so tell 'em and bail out
522 * NOTE: curl_error does not return a logical value (see its documentation), but
523 * a string, which is empty when there was no error.
525 if ((curl_errno($ch) > 0) ||
(strlen(curl_error($ch)) > 0)) {
527 $errorNum = curl_errno($ch);
528 $errorDesc = curl_error($ch);
530 //Paranoia - in the unlikley event that 'curl' errno fails
534 // Paranoia - in the unlikley event that 'curl' error fails
535 if (strlen($errorDesc) == 0)
536 $errorDesc = "Connection to payment gateway failed";
537 if ($errorNum = 60) {
538 return self
::errorExit($errorNum, "Curl error - " . $errorDesc .
539 " Try this link for more information http://curl.haxx.se/d
544 return self
::errorExit($errorNum, "Curl error - " . $errorDesc .
545 " processor response = " . $processorResponse
550 * If null data returned - tell 'em and bail out
552 * NOTE: You will not necessarily get a string back, if the request failed for
553 * any reason, the return value will be the boolean false.
555 if (($responseData === FALSE) ||
(strlen($responseData) == 0)) {
557 return self
::errorExit(9006, "Error: Connection to payment gateway failed - no data
558 returned. Gateway url set to $submiturl");
562 * If gateway returned no data - tell 'em and bail out
564 if (empty($responseData)) {
566 return self
::errorExit(9007, "Error: No data returned from payment gateway.");
570 * Success so far - close the curl and check the data
573 return $responseData;
575 //end submit_transaction
577 function getRecurringTransactionStatus($recurringProfileID, $processorID) {
578 if (!defined('CURLOPT_SSLCERT')) {
579 CRM_Core_Error
::fatal(ts('PayFlowPro requires curl with SSL support'));
583 * define variables for connecting with the gateway
586 //if you have not set up a separate user account the vendor name is used as the username
587 if (!$this->_paymentProcessor
['subject']) {
588 $user = $this->_paymentProcessor
['user_name'];
591 $user = $this->_paymentProcessor
['subject'];
593 //$recurringProfileID = "RT0000000001";
594 // c $trythis = $this->getRecurringTransactionStatus($recurringProfileID,17);
598 *Create the array of variables to be sent to the processor from the $params array
599 * passed into this function
603 $payflow_query_array = array(
605 'VENDOR' => $this->_paymentProcessor
['user_name'],
606 'PARTNER' => $this->_paymentProcessor
['signature'],
607 'PWD' => $this->_paymentProcessor
['password'],
608 // C - Direct Payment using credit card
610 // A - Authorization, S - Sale
613 //A for add recurring
614 //(M-modify,C-cancel,R-reactivate,
615 //I-inquiry,P-payment
616 'ORIGPROFILEID' => $recurringProfileID,
617 'PAYMENTHISTORY' => 'Y',
620 $payflow_query = $this->convert_to_nvp($payflow_query_array);
622 $submiturl = $this->_paymentProcessor
['url_site'];
623 //ie. url at payment processor to submit to.
624 $responseData = self
::submit_transaction($submiturl, $payflow_query);
626 * Payment successfully sent to gateway - process the response now
629 $result = strstr($responseData, "RESULT");
631 while (strlen($result)) {
633 $keypos = strpos($result, '=');
634 $keyval = substr($result, 0, $keypos);
636 $valuepos = strpos($result, '&') ?
strpos($result, '&') : strlen($result);
637 $valval = substr($result, $keypos +
1, $valuepos - $keypos - 1);
638 // decoding the respose
639 $nvpArray[$keyval] = $valval;
640 $result = substr($result, $valuepos +
1, strlen($result));
642 // get the result code to validate.
643 $result_code = $nvpArray['RESULT'];
644 print_r($responseData);
646 //RESPMSG=Invalid Profile ID: Invalid recurring profile ID