crm.fsf.org/20131203/files/sites/all/modules-old/civicrm/CRM/Core/Payment/AuthorizeNetIPN.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | CiviCRM version 4.6                                                |
   5  +--------------------------------------------------------------------+
   6  | Copyright CiviCRM LLC (c) 2004-2015                                |
   7  +--------------------------------------------------------------------+
   8  | This file is a part of CiviCRM.                                    |
   9  |                                                                    |
  10  | CiviCRM is free software; you can copy, modify, and distribute it  |
  11  | under the terms of the GNU Affero General Public License           |
  12  | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  13  |                                                                    |
  14  | CiviCRM is distributed in the hope that it will be useful, but     |
  15  | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  17  | See the GNU Affero General Public License for more details.        |
  18  |                                                                    |
  19  | You should have received a copy of the GNU Affero General Public   |
  20  | License and the CiviCRM Licensing Exception along                  |
  21  | with this program; if not, contact CiviCRM LLC                     |
  22  | at info[AT]civicrm[DOT]org. If you have questions about the        |
  23  | GNU Affero General Public License or the licensing of CiviCRM,     |
  24  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  25  +--------------------------------------------------------------------+
  26  */
  27
  28 /**
  29  *
  30  * @package CRM
  31  * @copyright CiviCRM LLC (c) 2004-2015
  32  * $Id$
  33  *
  34  */
  35 class CRM_Core_Payment_AuthorizeNetIPN extends CRM_Core_Payment_BaseIPN {
  36
  37   /**
  38    * Constructor function.
  39    *
  40    * @param array $inputData
  41    *   contents of HTTP REQUEST.
  42    *
  43    * @throws CRM_Core_Exception
  44    */
  45   public function __construct($inputData) {
  46     $this->setInputParameters($inputData);
  47     parent::__construct();
  48   }
  49
  50   /**
  51    * @param string $component
  52    *
  53    * @return bool|void
  54    */
  55   public function main($component = 'contribute') {
  56
  57     //we only get invoice num as a key player from payment gateway response.
  58     //for ARB we get x_subscription_id and x_subscription_paynum
  59     $x_subscription_id = $this->retrieve('x_subscription_id', 'String');
  60     $ids = $objects = $input = array();
  61
  62     if ($x_subscription_id) {
  63       //Approved
  64
  65       $input['component'] = $component;
  66
  67       // load post vars in $input
  68       $this->getInput($input, $ids);
  69
  70       // load post ids in $ids
  71       $this->getIDs($ids, $input);
  72
  73       $paymentProcessorID = CRM_Core_DAO::getFieldValue('CRM_Financial_DAO_PaymentProcessorType',
  74         'AuthNet', 'id', 'name'
  75       );
  76
  77       if (!$this->validateData($input, $ids, $objects, TRUE, $paymentProcessorID)) {
  78         return FALSE;
  79       }
  80
  81       if ($component == 'contribute' && $ids['contributionRecur']) {
  82         // check if first contribution is completed, else complete first contribution
  83         $first = TRUE;
  84         if ($objects['contribution']->contribution_status_id == 1) {
  85           $first = FALSE;
  86         }
  87         return $this->recur($input, $ids, $objects, $first);
  88       }
  89     }
  90     return TRUE;
  91   }
  92
  93   /**
  94    * @param array $input
  95    * @param array $ids
  96    * @param array $objects
  97    * @param $first
  98    *
  99    * @return bool
 100    */
 101   public function recur(&$input, &$ids, &$objects, $first) {
 102     $this->_isRecurring = TRUE;
 103     $recur = &$objects['contributionRecur'];
 104
 105     // do a subscription check
 106     if ($recur->processor_id != $input['subscription_id']) {
 107       CRM_Core_Error::debug_log_message("Unrecognized subscription.");
 108       echo "Failure: Unrecognized subscription<p>";
 109       return FALSE;
 110     }
 111
 112     // At this point $object has first contribution loaded.
 113     // Lets do a check to make sure this payment has the amount same as that of first contribution.
 114     if ($objects['contribution']->total_amount != $input['amount']) {
 115       CRM_Core_Error::debug_log_message("Subscription amount mismatch.");
 116       echo "Failure: Subscription amount mismatch<p>";
 117       return FALSE;
 118     }
 119
 120     $contributionStatus = CRM_Contribute_PseudoConstant::contributionStatus(NULL, 'name');
 121
 122     $transaction = new CRM_Core_Transaction();
 123
 124     $now = date('YmdHis');
 125
 126     // fix dates that already exist
 127     $dates = array('create_date', 'start_date', 'end_date', 'cancel_date', 'modified_date');
 128     foreach ($dates as $name) {
 129       if ($recur->$name) {
 130         $recur->$name = CRM_Utils_Date::isoToMysql($recur->$name);
 131       }
 132     }
 133
 134     //load new contribution object if required.
 135     if (!$first) {
 136       // create a contribution and then get it processed
 137       $contribution = new CRM_Contribute_BAO_Contribution();
 138       $contribution->contact_id = $ids['contact'];
 139       $contribution->financial_type_id = $objects['contributionType']->id;
 140       $contribution->contribution_page_id = $ids['contributionPage'];
 141       $contribution->contribution_recur_id = $ids['contributionRecur'];
 142       $contribution->receive_date = $now;
 143       $contribution->currency = $objects['contribution']->currency;
 144       $contribution->payment_instrument_id = $objects['contribution']->payment_instrument_id;
 145       $contribution->amount_level = $objects['contribution']->amount_level;
 146       $contribution->address_id = $objects['contribution']->address_id;
 147       $contribution->campaign_id = $objects['contribution']->campaign_id;
 148
 149       $objects['contribution'] = &$contribution;
 150     }
 151     $objects['contribution']->invoice_id = md5(uniqid(rand(), TRUE));
 152     $objects['contribution']->total_amount = $input['amount'];
 153     $objects['contribution']->trxn_id = $input['trxn_id'];
 154
 155     // since we have processor loaded for sure at this point,
 156     // check and validate gateway MD5 response if present
 157     $this->checkMD5($ids, $input);
 158
 159     if ($input['response_code'] == 1) {
 160       // Approved
 161       if ($first) {
 162         $recur->start_date = $now;
 163         $recur->trxn_id = $recur->processor_id;
 164         $this->_isFirstOrLastRecurringPayment = CRM_Core_Payment::RECURRING_PAYMENT_START;
 165       }
 166       $statusName = 'In Progress';
 167       if (($recur->installments > 0) &&
 168         ($input['subscription_paynum'] >= $recur->installments)
 169       ) {
 170         // this is the last payment
 171         $statusName = 'Completed';
 172         $recur->end_date = $now;
 173         $this->_isFirstOrLastRecurringPayment = CRM_Core_Payment::RECURRING_PAYMENT_END;
 174       }
 175       $recur->modified_date = $now;
 176       $recur->contribution_status_id = array_search($statusName, $contributionStatus);
 177       $recur->save();
 178     }
 179     else {
 180       // Declined
 181       // failed status
 182       $recur->contribution_status_id = array_search('Failed', $contributionStatus);
 183       $recur->cancel_date = $now;
 184       $recur->save();
 185
 186       $message = ts("Subscription payment failed - %1", array(1 => htmlspecialchars($input['response_reason_text'])));
 187       CRM_Core_Error::debug_log_message($message);
 188
 189       // the recurring contribution has declined a payment or has failed
 190       // so we just fix the recurring contribution and not change any of
 191       // the existing contributions
 192       // CRM-9036
 193       return TRUE;
 194     }
 195
 196     // check if contribution is already completed, if so we ignore this ipn
 197     if ($objects['contribution']->contribution_status_id == 1) {
 198       $transaction->commit();
 199       CRM_Core_Error::debug_log_message("Returning since contribution has already been handled.");
 200       echo "Success: Contribution has already been handled<p>";
 201       return TRUE;
 202     }
 203
 204     $this->completeTransaction($input, $ids, $objects, $transaction, $recur);
 205   }
 206
 207   /**
 208    * @param $input
 209    * @param $ids
 210    *
 211    * @return bool
 212    */
 213   public function getInput(&$input, &$ids) {
 214     $input['amount'] = $this->retrieve('x_amount', 'String');
 215     $input['subscription_id'] = $this->retrieve('x_subscription_id', 'Integer');
 216     $input['response_code'] = $this->retrieve('x_response_code', 'Integer');
 217     $input['MD5_Hash'] = $this->retrieve('x_MD5_Hash', 'String', FALSE, '');
 218     $input['response_reason_code'] = $this->retrieve('x_response_reason_code', 'String', FALSE);
 219     $input['response_reason_text'] = $this->retrieve('x_response_reason_text', 'String', FALSE);
 220     $input['subscription_paynum'] = $this->retrieve('x_subscription_paynum', 'Integer', FALSE, 0);
 221     $input['trxn_id'] = $this->retrieve('x_trans_id', 'String', FALSE);
 222
 223     if ($input['trxn_id']) {
 224       $input['is_test'] = 0;
 225     }
 226     // Only assume trxn_id 'should' have been returned for success.
 227     // Per CRM-17611 it would also not be passed back for a decline.
 228     elseif ($input['response_code'] == 1) {
 229       $input['is_test'] = 1;
 230       $input['trxn_id'] = md5(uniqid(rand(), TRUE));
 231     }
 232
 233     if (!$this->getBillingID($ids)) {
 234       return FALSE;
 235     }
 236     $billingID = $ids['billing'];
 237     $params = array(
 238       'first_name' => 'x_first_name',
 239       'last_name' => 'x_last_name',
 240       "street_address-{$billingID}" => 'x_address',
 241       "city-{$billingID}" => 'x_city',
 242       "state-{$billingID}" => 'x_state',
 243       "postal_code-{$billingID}" => 'x_zip',
 244       "country-{$billingID}" => 'x_country',
 245       "email-{$billingID}" => 'x_email',
 246     );
 247     foreach ($params as $civiName => $resName) {
 248       $input[$civiName] = $this->retrieve($resName, 'String', FALSE);
 249     }
 250   }
 251
 252   /**
 253    * @param $ids
 254    * @param $input
 255    */
 256   public function getIDs(&$ids, &$input) {
 257     $ids['contact'] = $this->retrieve('x_cust_id', 'Integer', FALSE, 0);
 258     $ids['contribution'] = $this->retrieve('x_invoice_num', 'Integer');
 259
 260     // joining with contribution table for extra checks
 261     $sql = "
 262     SELECT cr.id, cr.contact_id
 263       FROM civicrm_contribution_recur cr
 264 INNER JOIN civicrm_contribution co ON co.contribution_recur_id = cr.id
 265      WHERE cr.processor_id = '{$input['subscription_id']}' AND
 266            (cr.contact_id = {$ids['contact']} OR co.id = {$ids['contribution']})
 267      LIMIT 1";
 268     $contRecur = CRM_Core_DAO::executeQuery($sql);
 269     $contRecur->fetch();
 270     $ids['contributionRecur'] = $contRecur->id;
 271     if ($ids['contact'] != $contRecur->contact_id) {
 272       $message = ts("Recurring contribution appears to have been re-assigned from id %1 to %2, continuing with %2.", array(1 => $ids['contact'], 2 => $contRecur->contact_id));
 273       CRM_Core_Error::debug_log_message($message);
 274       $ids['contact'] = $contRecur->contact_id;
 275     }
 276     if (!$ids['contributionRecur']) {
 277       $message = ts("Could not find contributionRecur id");
 278       $log = new CRM_Utils_SystemLogger();
 279       $log->error('payment_notification', array('message' => $message, 'ids' => $ids, 'input' => $input));
 280       throw new CRM_Core_Exception($message);
 281     }
 282
 283     // get page id based on contribution id
 284     $ids['contributionPage'] = CRM_Core_DAO::getFieldValue('CRM_Contribute_DAO_Contribution',
 285       $ids['contribution'],
 286       'contribution_page_id'
 287     );
 288
 289     if ($input['component'] == 'event') {
 290       // FIXME: figure out fields for event
 291     }
 292     else {
 293       // get the optional ids
 294
 295       // Get membershipId. Join with membership payment table for additional checks
 296       $sql = "
 297     SELECT m.id
 298       FROM civicrm_membership m
 299 INNER JOIN civicrm_membership_payment mp ON m.id = mp.membership_id AND mp.contribution_id = {$ids['contribution']}
 300      WHERE m.contribution_recur_id = {$ids['contributionRecur']}
 301      LIMIT 1";
 302       if ($membershipId = CRM_Core_DAO::singleValueQuery($sql)) {
 303         $ids['membership'] = $membershipId;
 304       }
 305
 306       // FIXME: todo related_contact and onBehalfDupeAlert. Check paypalIPN.
 307     }
 308   }
 309
 310   /**
 311    * @param string $name
 312    *   Parameter name.
 313    * @param string $type
 314    *   Parameter type.
 315    * @param bool $abort
 316    *   Abort if not present.
 317    * @param null $default
 318    *   Default value.
 319    *
 320    * @throws CRM_Core_Exception
 321    * @return mixed
 322    */
 323   public function retrieve($name, $type, $abort = TRUE, $default = NULL) {
 324     $value = CRM_Utils_Type::validate(
 325       empty($this->_inputParameters[$name]) ? $default : $this->_inputParameters[$name],
 326       $type,
 327       FALSE
 328     );
 329     if ($abort && $value === NULL) {
 330       throw new CRM_Core_Exception("Could not find an entry for $name");
 331     }
 332     return $value;
 333   }
 334
 335   /**
 336    * Check that the MDs is valid.
 337    *
 338    * Note that this only checks if it is provided.
 339    *
 340    * @param array $ids
 341    * @param array $input
 342    *
 343    * @throws CRM_Core_Exception
 344    */
 345   public function checkMD5($ids, $input) {
 346     if (empty($input['trxn_id'])) {
 347       // For decline we have nothing to check against.
 348       return;
 349     }
 350     $paymentProcessor = CRM_Financial_BAO_PaymentProcessor::getPayment($ids['paymentProcessor'],
 351       $input['is_test'] ? 'test' : 'live'
 352     );
 353     $paymentObject = CRM_Core_Payment::singleton($input['is_test'] ? 'test' : 'live', $paymentProcessor);
 354
 355     if (!$paymentObject->checkMD5($input['MD5_Hash'], $input['trxn_id'], $input['amount'], TRUE)) {
 356       $message = "Failure: Security verification failed";
 357       $log = new CRM_Utils_SystemLogger();
 358       $log->error('payment_notification', array('message' => $message, 'ids' => $ids, 'input' => $input));
 359       throw new CRM_Core_Exception($message);
 360     }
 361   }
 362
 363 }