UPGRADE NOTE: Do not edit or add to this file if you wish to upgrade AbanteCart to newer versions in the future. If you wish to customize AbanteCart for your needs please refer to http://www.AbanteCart.com for more information. ------------------------------------------------------------------------------*/ if ( !defined ( 'DIR_CORE' )) { header ( 'Location: static_pages/' ); } class ModelExtensionDefaultRealex extends Model { public function getMethod($address) { $this->load->language('default_realex/default_realex'); if ($this->config->get('default_realex_status')) { $query = $this->db->query("SELECT * FROM `" . $this->db->table("zones_to_locations") . "` WHERE location_id = '" . (int)$this->config->get('default_realex_location_id') . "' AND country_id = '" . (int)$address['country_id'] . "' AND (zone_id = '" . (int)$address['zone_id'] . "' OR zone_id = '0')"); if (!$this->config->get('default_realex_location_id')) { $status = TRUE; } elseif ($query->num_rows) { $status = TRUE; } else { $status = FALSE; } } else { $status = FALSE; } $payment_data = array(); if ($status) { $payment_data = array( 'id' => 'default_realex', 'title' => $this->language->get('text_title'), 'sort_order' => $this->config->get('default_realex_sort_order') ); } return $payment_data; } public function check3DEnrollment($account, $amount, $currency, $order_ref, $data) { $timestamp = strftime("%Y%m%d%H%M%S"); $merchant_id = $this->config->get('default_realex_merchant_id'); $secret = $this->config->get('default_realex_secret'); $tmp = $timestamp . '.' . $merchant_id . '.' . $order_ref . '.' . $amount . '.' . $currency . '.' . $data['cc_number']; $hash = sha1($tmp); $tmp = $hash . '.' . $secret; $hash = sha1($tmp); $xml = ''."\n"; $xml .= '' . $merchant_id . ''."\n"; $xml .= '' . $account . ''."\n"; $xml .= '' . $order_ref . ''."\n"; $xml .= '' . $amount . ''."\n"; $xml .= ''."\n"; $xml .= '' . $data['cc_number'] . ''."\n"; $xml .= '' . $data['cc_expire_date_month'] . $data['cc_expire_date_year'] . ''."\n"; $xml .= '' . $data['cc_type'] . ''."\n"; $xml .= '' . $data['cc_owner'] . ''."\n"; $xml .= ''."\n"; $xml .= '' . $hash . ''."\n"; $xml .= ''."\n"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://epage.payandshop.com/epage-3dsecure.cgi"); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_USERAGENT, "AbanteCart " . VERSION); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $xml); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $response = curl_exec ($ch); curl_close ($ch); return simplexml_load_string($response); } public function processPayment($pd, $v3d) { $this->load->model('checkout/order'); $this->load->language('default_realex/default_realex'); $timestamp = strftime("%Y%m%d%H%M%S"); $merchant_id = $this->config->get('default_realex_merchant_id'); $secret = $this->config->get('default_realex_secret'); $tmp = $timestamp.'.'.$merchant_id.'.'.$pd['order_ref'].'.'.$pd['amount'].'.'.$pd['currency'].'.'.$pd['cc_number']; $hash = sha1($tmp); $tmp = $hash.'.'.$secret; $hash = sha1($tmp); $order_info = $this->model_checkout_order->getOrder($pd['order_id']); $xml = ''."\n"; $xml .= '' . $merchant_id . ''."\n"; if ($pd['account']) { $xml .= '' . $pd['account'] . ''."\n"; } $xml .= '' . $pd['order_ref'] . ''."\n"; $xml .= '' . $pd['amount'] . ''."\n"; $xml .= ''."\n"; $xml .= 'AbanteCart'."\n"; $xml .= ''."\n"; $xml .= ''."\n"; $xml .= '' . $pd['cc_number'] . ''."\n"; $xml .= '' . $pd['cc_expire'] . ''."\n"; $xml .= '' . $pd['cc_type'] . ''."\n"; $xml .= '' . $pd['cc_owner'] . ''."\n"; $xml .= ''."\n"; $xml .= '' . (int)$pd['cc_cvv2'] . ''."\n"; $xml .= '2'."\n"; $xml .= ''."\n"; if (has_value($pd['cc_issue'])) { $xml .= '' . (int)$pd['cc_issue'] . ''."\n"; } $xml .= ''."\n"; if ($this->config->get('default_realex_settlement') == 'delayed') { $xml .= ''."\n"; } elseif ($this->config->get('default_realex_settlement') == 'auto') { $xml .= ''."\n"; } elseif ($this->config->get('default_realex_settlement') == 'multi') { $xml .= ''."\n"; } else { $xml .= ''."\n"; } if ( has_value($v3d['eci']) || has_value($v3d['cavv']) || has_value($v3d['xid']) ) { $xml .= ''."\n"; if (has_value($v3d['eci'])) { $xml .= '' . (string)$v3d['eci'] . ''."\n"; } if (has_value($v3d['cavv'])) { $xml .= '' . (string)$v3d['cavv'] . ''."\n"; } if (has_value($v3d['xid'])) { $xml .= '' . (string)$v3d['xid'] . ''."\n"; } $xml .= ''."\n"; } $xml .= '' . $hash . ''."\n"; if ($this->config->get('default_realex_tss_check')) { $xml .= ''."\n"; $xml .= '' . $order_info['ip'] . ''."\n"; //if not guest checkout if ($this->customer->getId() > 0) { $xml .= '' . (int)$this->customer->getId() . ''."\n"; } if (has_value($order_info['payment_iso_code_2']) || has_value($order_info['payment_postcode'])) { $xml .= '

'."\n"; if (has_value($order_info['payment_postcode'])) { $xml .= '' . filter_var($order_info['payment_postcode'], FILTER_SANITIZE_NUMBER_INT) . '|' . filter_var($order_info['payment_address_1'], FILTER_SANITIZE_NUMBER_INT) . ''."\n"; } if (has_value($order_info['payment_iso_code_2'])) { $xml .= '' . $order_info['payment_iso_code_2'] . ''."\n"; } $xml .= '

'."\n"; } if (has_value($order_info['shipping_iso_code_2']) || has_value($order_info['shipping_postcode'])) { $xml .= '

'."\n"; if (has_value($order_info['shipping_postcode'])) { $xml .= '' . filter_var($order_info['shipping_postcode'], FILTER_SANITIZE_NUMBER_INT) . '|' . filter_var($order_info['shipping_address_1'], FILTER_SANITIZE_NUMBER_INT) . ''."\n"; } if (has_value($order_info['shipping_iso_code_2'])) { $xml .= '' . $order_info['shipping_iso_code_2'] . ''."\n"; } $xml .= '

'."\n"; } $xml .= ''."\n"; } $xml .= ''."\n"; ADebug::variable('Processing realex payment request: ', $xml); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://epage.payandshop.com/epage-remote.cgi"); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_USERAGENT, "AbanteCart ".VERSION); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $xml); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $response = curl_exec ($ch); curl_close ($ch); ADebug::variable('Processing realex payment response: ', $response); $response = simplexml_load_string($response); //Note: no language support as this UK based payment $message .= 'Order Reference: ' . (string)$pd['order_ref'] . "\n"; $message .= 'Transaction Timestamp: ' . (string)$timestamp; $message = 'Response Result: ' . (int)$response->result . "\n"; $message .= 'Response Message: ' . (string) $result->message . "\n"; if (isset($result->authcode)) { $message .= 'AuthCode: ' . (string) $result->authcode . "\n"; } if (isset($result->cvnresult)) { $message .= 'CVNResult: ' . (string) $result->cvnresult . "\n"; } if (isset($result->avsaddressresponse)) { $message .= 'AvsAddressResponse: ' . (string) $result->avsaddressresponse . "\n"; } if (isset($result->avspostcoderesponse)) { $message .= 'AvsPostCodeResponse: ' . (string) $result->avspostcoderesponse . "\n"; } if (has_value($v3d['eci_ref'])) { $text_arr = array(); $text_arr[0] = 'ECI (3D secure) '; $text_arr[1] = 'Cardholder Not Enrolled, liability shift'; $text_arr[2] = 'Unable To Verify Enrolment, no liability shift'; $text_arr[3] = 'Invalid Response From Enrolment Server, no liability shift'; $text_arr[4] = 'Enrolled, But Invalid Response From ACS (Access Control Server), no liability shift'; $text_arr[5] = 'Successful Authentication, liability shift'; $text_arr[6] = 'Authentication Attempt Acknowledged, liability shift'; $text_arr[7] = 'Incorrect Password Entered, no liability shift'; $text_arr[8] = 'Authentication Unavailable, no liability shift'; $text_arr[9] = 'Invalid Response From ACS, no liability shift'; $text_arr[10] = 'RealMPI Fatal Error, no liability shift'; $message .= $text_arr[0].': (' . (int)$v3d['eci'] . ') ' . $text_arr[(int)$v3d['eci_ref']]; } if (has_value($response->tss->result)) { $message .= 'TSS: ' . (int)$response->tss->result; } if ($response->result == '00') { //finalize order only if payment is a success $realex_order_id = $this->recordOrder($order_info, $response, $pd['account'], $pd['order_ref']); if ($this->config->get('default_realex_settlement') == 'auto') { $this->addTransaction($realex_order_id, 'payment', $order_info); //auto complete the order in sattled mode $this->model_checkout_order->confirm( $pd['order_id'], $this->config->get('default_realex_status_success_settled') ); } else { $this->addTransaction($realex_order_id, 'auth', 0); //complete the order in unsattled mode $this->model_checkout_order->confirm( $pd['order_id'], $this->config->get('default_realex_status_success_unsettled') ); } } elseif ($response->result == "101") { // Transaction Declined $this->model_checkout_order->addHistory( $pd['order_id'], $this->config->get('default_realex_status_decline'), $message ); } elseif ($response->result == "102") { $this->model_checkout_order->addHistory( $pd['order_id'], $this->config->get('default_realex_status_decline_pending'), $message ); } elseif ($response->result == "103") { $this->model_checkout_order->addHistory( $pd['order_id'], $this->config->get('default_realex_status_decline_stolen'), $message ); } elseif (in_array($response->result, array("200", "204", "205"))) { $this->model_checkout_order->addHistory( $pd['order_id'], $this->config->get('default_realex_status_decline_bank'), $message ); } else { // Some other error $this->model_checkout_order->addHistory( $pd['order_id'], $this->config->get('default_realex_status_decline'), $message ); } return $response; } //Check 3D Signature public function verify3DSignature( $data, $pares) { $this->load->model('checkout/order'); $timestamp = strftime("%Y%m%d%H%M%S"); $merchant_id = $this->config->get('default_realex_merchant_id'); $secret = $this->config->get('default_realex_secret'); $tmp = $timestamp.'.'.$merchant_id.'.'.$data['order_ref'].'.'.$data['amount'].'.'.$data['currency'].'.'.$data['cc_number']; $hash = sha1($tmp); $tmp = $hash . '.' . $secret; $hash = sha1($tmp); $xml = ''; $xml .= ''."\n"; $xml .= '' . $merchant_id . ''."\n"; $xml .= '' . $data['account'] . ''."\n"; $xml .= '' . $data['order_ref'] . ''."\n"; $xml .= '' . (int)$data['amount'] . ''."\n"; $xml .= ''."\n"; $xml .= '' . $data['cc_number'] . ''."\n"; $xml .= '' . $data['cc_expire'] . ''."\n"; $xml .= '' . $data['cc_type'] . ''."\n"; $xml .= '' . $data['cc_owner'] . ''."\n"; $xml .= ''."\n"; $xml .= '' . $pares . ''."\n"; $xml .= '' . $hash . ''."\n"; $xml .= ''."\n"; ADebug::variable('Running verify3DSignature: ', $xml); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://epage.payandshop.com/epage-3dsecure.cgi"); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_USERAGENT, "AbanteCart " . VERSION); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $xml); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $response = curl_exec ($ch); curl_close ($ch); ADebug::variable('Response from verify3DSignature: ', $response); return simplexml_load_string($response); } //record order with realex database public function recordOrder($order_info, $response, $account, $order_ref) { if ($this->config->get('default_realex_settlement') == 'auto') { $settle_status = 1; } else { $settle_status = 0; } $this->db->query("INSERT INTO `" . $this->db->table("realex_orders") . "` SET `order_id` = '" . (int)$order_info['order_id'] . "', `settle_type` = '" . (int)$this->config->get('default_realex_settlement') . "', `order_ref` = '" . $this->db->escape($order_ref) . "', `order_ref_previous` = '" . $this->db->escape($order_ref) . "', `capture_status` = '" . (int)$settle_status . "', `currency_code` = '" . $this->db->escape($order_info['currency']) . "', `pasref` = '" . $this->db->escape($response->pasref) . "', `pasref_previous` = '" . $this->db->escape($response->pasref) . "', `authcode` = '" . $this->db->escape($response->authcode) . "', `account` = '" . $this->db->escape($account) . "', `total` = '" . $this->currency->convert($order_info['total'],$this->config->get('config_currency'), $order_info['currency']) . "', `date_added` = now() "); return $this->db->getLastId(); } public function addTransaction($realex_order_id, $type, $order_info) { $this->db->query("INSERT INTO `" . $this->db->table("realex_order_transactions") . "` SET `realex_order_id` = '" . (int)$realex_order_id . "', `type` = '" . $this->db->escape($type) . "', `amount` = '" . $this->currency->convert($order_info['total'],$this->config->get('config_currency'), $order_info['currency']) . "', `date_added` = now() "); } }