* @copyright 2007-2014 PrestaShop SA * @license http://addons.prestashop.com/en/content/12-terms-and-conditions-of-use * International Registered Trademark & Property of PrestaShop SA */ include(dirname(__FILE__).'/../../config/config.inc.php'); if (version_compare(_PS_VERSION_, '1.5', '<')) include(dirname(__FILE__).'/../../init.php'); include(dirname(__FILE__).'/paybox.php'); $error = ''; $paybox = new Paybox(); $values = Tools::strtolower($_SERVER['REQUEST_METHOD']) == 'post' ? $_POST : $_GET; $needed_vars = array('m', 'r', 't', 'p', 'c', 's'); $test_mode = (int)Configuration::get('PBX_DEMO_MODE'); foreach ($needed_vars as $key => $value) { if (!isset($values[$value])) $error .= '- Data from the payment site answer are missing ('.$value.')
'; } unset($needed_vars, $key, $value); if (!empty($error)) { Logger::addLog($error, 4); die($error); } $auth_remote_addr = array('217.64.63.215', '37.187.137.153','90.63.178.63','195.101.99.76','195.101.99.77','195.101.99.72','62.39.109.166','194.50.38.6','80.13.22.107','194.2.122.158','194.2.122.190','194.2.160.66','195.25.7.166','195.25.67.22','194.2.160.64','194.2.160.75','194.2.160.80','194.2.160.82','194.2.160.91','195.25.7.146','195.25.7.157','195.25.7.159','195.25.67.0','195.25.67.2','195.25.67.11'); if (!in_array($_SERVER['REMOTE_ADDR'], $auth_remote_addr)) { Logger::addLog('Answer does not come from a secure remote address', 4); die('Answer does not come from a secure remote addres'); } if ($_SERVER['REMOTE_ADDR'] != '90.63.178.63' && $_SERVER['REMOTE_ADDR']!='37.187.137.153' && $_SERVER['REMOTE_ADDR']!='217.64.63.215') { $qrystr = $paybox->PbxVerSign($_SERVER['QUERY_STRING'], 'pubkey.pem', true); if ($qrystr == 1) $error .= ''; elseif ($qrystr == 0) { Logger::addLog('Signature has been falsified', 4); die('Signature has been falsified'); } elseif ($qrystr == -1) { Logger::addLog('Error during the signature verification', 4); die('Error during the signature verification'); } } if ((!isset($values['a']) || empty($values['a']))) { Logger::addLog('No autorisation number', 4); die('No autorisation number'); } // Wrong authorization number in live mode if ($values['a'] == 'XXXXXX' && $test_mode === 1) $error .= '- error payment - wrong authorization number
'."\n"; $x3 = false; if (substr($values['r'],0, 1) == 'x') { $x3 = true; $id_cart = substr($values['r'],1); } else $id_cart = $values['r']; $cart = new Cart((int)$id_cart); if (!$cart->id) { Logger::addLog('Cart not valid', 4); die('Cart not valid'); } if ($id_order = (int)Order::getOrderByCartId($cart->id)) { $paybox->saveInformationPaiement($values); if (empty($error)) { $order = new Order($id_order); $order->valid = 1; $order->total_paid_real = $values['m'] / 100; $order->update(); if ($order->getCurrentState() != _PS_OS_PAYMENT_) { $products = $cart->getProducts(); foreach ($products as $product) { Product::updateQuantity($product); Hook::updateQuantity($product, $order); } } $history = new OrderHistory(); $history->id_order = $id_order; $history->changeIdOrderState((int)_PS_OS_PAYMENT_, $id_order); $history->addWithemail(true, array()); $order_message = ''; foreach ($values as $key => $value) $order_message .= $key.': '.$value.'
'; if (isset($order_message) && !empty($order_message)) { $msg = new Message(); $message = $order_message; if (Validate::isCleanHtml($order_message)) { $msg->message = $order_message; $msg->id_order = (int)$order->id; $msg->private = 1; $msg->add(); } } } die($error); } $customer = new Customer((int)$cart->id_customer); if (version_compare(_PS_VERSION_, '1.5.0.0') >= 0) // forge - PSCFV-9300 Context::getContext()->customer = $customer; if ($x3) { $total_paid = ($values['m'] * 3) / 100; if (($cart->getOrderTotal() - $total_paid) < 2) $total_paid = $cart->getOrderTotal(); } else $total_paid = $values['m'] / 100; $pbx_error = trim($values['e']); if ($test_mode === 0) { if (empty($error) && $pbx_error == '00000') { $error = '***TEST*** : Validated Payment
'."\n"; $statut = _PS_OS_PAYMENT_; } else { $error = '***TEST*** : Invalid Payment
'."\n".$error; $statut = _PS_OS_ERROR_; } } elseif ($test_mode === 1) { if ($pbx_error == '00000' && empty($error)) $statut = _PS_OS_PAYMENT_; else $statut = _PS_OS_ERROR_; } switch ($pbx_error) { case '00001': $error .= 'Connection to the authorization center failed or an internal error occurred
'."\n"; break; case '00003': $error .= 'Paybox error
'."\n"; break; case '00004': $error .= 'Card number invalid or visual cryptogram invalid
'."\n"; break; case '00006': $error .= 'Access refused or site/rank/identifier incorrect
'."\n"; break; case '00008': $error .= 'Incorrect expiry date.
'."\n"; break; case '00009': $error .= 'Error when during subscriber creation
'."\n"; break; case '00010': $error .= 'Unknown currency
'."\n"; break; case '00011': $error .= 'Amount incorrect
'."\n"; break; case '00015': $error .= 'Payment already done
'."\n"; break; case '00016': $error .= 'Subscriber already exists
'."\n"; break; case '00021': $error .= 'Not authorized bin card
'."\n"; break; case '00029': $error .= 'Not the same card used for the first payment.
'."\n"; break; case '00030': $error .= 'Time-out > 15 mn before validation by the buyer when the buyer is on the page of payments of PAYBOX
'."\n"; break; case '00031': case '00032': $error .= 'Reserved
'."\n"; break; case '00033': $error .= 'Unauthorized country code of the IP address of the cardholder’s browser
'."\n"; break; case '00040': $error .= 'Operation without 3DSecure authentication, blocked by the fraud filter.
'."\n"; break; case '99999': $error .= 'Payment waiting confirmation from the issuer
'."\n"; break; // Card schemes Carte Bancaire, American Express and Diners case '00100': $error .= 'Transaction approved or successfully processed.
'."\n"; break; case '00101': case '00102': $error .= 'Contact the card issuer
'."\n"; break; case '00103': $error .= 'Invalid retailer
'."\n"; break; case '00104': $error .= 'Keep the card
'."\n"; break; case '00105': $error .= 'Do not honor
'."\n"; break; case '00107': $error .= 'Keep the card, special conditions
'."\n"; break; case '00108': $error .= 'Approve after holder identification
'."\n"; break; case '00112': $error .= 'Invalid transaction
'."\n"; break; case '00113': $error .= 'Invalid amount
'."\n"; break; case '00114': $error .= 'Invalid holder number
'."\n"; break; case '00115': $error .= 'Card issuer unknown
'."\n"; break; case '00117': $error .= 'Client cancellation
'."\n"; break; case '00119': $error .= 'Repeat the transaction later
'."\n"; break; case '00120': $error .= 'Error in reply (error in the server’s domain).
'."\n"; break; case '00124': $error .= 'File update not withstood
'."\n"; break; case '00125': $error .= 'Impossible to situate the record in the file
'."\n"; break; case '00126': $error .= 'Record duplicated, former record replaced
'."\n"; break; case '00127': $error .= 'Error in ‘edit’ in file update field
'."\n"; break; case '00128': $error .= 'Access to file denied
'."\n"; break; case '00129': $error .= 'File update impossible
'."\n"; break; case '00130': $error .= 'Error in format
'."\n"; break; case '00133': $error .= 'Expired card
'."\n"; break; case '00138': $error .= 'Too many attempts at secret code.
'."\n"; break; case '00151': $error .= 'provision insuffisante.
'."\n"; break; case '00159': $error .= 'Suspicion of fraud.
'."\n"; break; case '00000': default: $error .= 'Successful operation
'."\n\n"; break; } $error .= 'PayBox version: '.$paybox->version."\n".'
POST '.print_r($_POST, true)."\n".'
GET '.print_r($_GET, true)."\n"; $paybox->validateOrder((int)$cart->id, $statut, $total_paid, $paybox->displayName, $error, array(), NULL, false, $customer->secure_key, $values); // save info paiement BDD $paybox->saveInformationPaiement($values); if (version_compare(_PS_VERSION_, '1.5.0.0') >= '0') { $order_id = Order::getOrderByCartId((int)$cart->id); $order = new Order((int)$order_id); if ($order_state == _PS_OS_PAYMENT_) { $order->valid = 1; $order->save(); } $id_order_payment = Db::getInstance()->getValue('SELECT id_order_payment FROM `'._DB_PREFIX_.'order_payment` WHERE `order_reference` LIKE \'%'.pSQL($order->reference).'%\''); if ($id_order_payment == false) $order->addOrderPayment($total_paid, null, trim($values['t'])); else { $order_payment = new OrderPayment((int)$id_order_payment); $order_payment->transaction_id = trim($values['t']); $order_payment->save(); } }