bebeboutik/modules/atos_cyberplus/validation.php
Srv Bebeboutik 6c0978166c add modules
2016-01-04 12:49:26 +01:00

182 lines
5.5 KiB
PHP

<?php
include(dirname(__FILE__).'/../../config/config.inc.php');
include(dirname(__FILE__).'/atos_cyberplus.php');
if (!isset($_POST['DATA']))
throw new Exception('error in atos module: data is required');
else
{
$result = exec('/home/www/bebeboutik.com/cgi/www/response pathfile='.dirname(__FILE__).'/pathfile message='.$_POST['DATA']);
$resultArray = explode('!', $result);
// @mail('perron@antadis.com', 'bbb', serialize($resultArray));
if (!sizeof($resultArray) OR !isset($resultArray[3]) OR !isset($resultArray[6]))
{
$message = 'error in atos payment module : can\'t execute request';
$orderState = _PS_OS_ERROR_;
// TODO: mail merchant
}
elseif ($resultArray[1] == -1)
{
$message = 'error in atos payment module : '.$resultArray[2];
$orderState = _PS_OS_ERROR_;
// TODO: mail merchant
}
else
{
$message = 'Transaction ID: '.$resultArray[6].'<br />Payment mean: '.$resultArray[7].'<br />Payment has began at: '.$resultArray[8].'<br />
Payment received at: '.$resultArray[10].' '.$resultArray[9].'<br />Authorization ID: '.$resultArray[13].'<br />Currency: '.$resultArray[14].'<br />
Customer IP address: '.$resultArray[29].'<br />';
$orderState = _PS_OS_PAYMENT_;
/* We need to perform some checks */
/* Checking whether merchant ID is OK */
$merchantId = Configuration::get('ATOS_MERCHANT_ID');
if(Db::getInstance()->getValue('SELECT `id_customer` FROM `'._DB_PREFIX_.'cart` WHERE `id_cart` = '.(int) $resultArray[6]) == 2 || Db::getInstance()->getValue('SELECT `id_customer` FROM `'._DB_PREFIX_.'cart` WHERE `id_cart` = '.(int) $resultArray[6]) == 286342) {
//$merchantId = '082584341411111';
$merchantId = '075028916700025';
}
if ($resultArray[3] != $merchantId)
{
$orderState = _PS_OS_ERROR_;
$message .= '<span style="color: red;">Merchant ID is not valid ('.$resultArray[3].' should be '.$merchantId.')</span>';
}
/* Checking for cur rency */
if ($orderState == _PS_OS_PAYMENT_)
{
$cart = new Cart($resultArray[6]);
$currencies = array(1 => '978');
if (isset($currencies[$cart->id_currency]))
{
if ($currencies[$cart->id_currency] != strtoupper($resultArray[14]))
{
$orderState = _PS_OS_ERROR_;
$message .= '<span style="color: red;">Currency is not the right one (should be '.$currencies[$cart->id_currency].')</span>';
}
}
}
/* Checking for bank code response */
if ($orderState == _PS_OS_PAYMENT_)
{
$responseCode = intval($resultArray[11]);
switch ($responseCode)
{
case 3:
$message .= '<span style="color: red;">Merchand ID is not valid</span>';
$orderState = _PS_OS_ERROR_;
break;
case 5:
$message .= '<span style="color: red;">Bank has rejected payment</span>';
$orderState = _PS_OS_ERROR_;
break;
case 12:
$message .= '<span style="color: red;">Customer has canceled its order</span>';
$orderState = _PS_OS_CANCELED_;
break;
case 17:
$message .= '<span style="color: red;">Customer has canceled its order</span>';
$orderState = _PS_OS_CANCELED_;
break;
case 30:
$message .= '<span style="color: red;">Format error</span>';
$orderState = _PS_OS_ERROR_;
break;
case 34:
$message .= '<span style="color: red;">Bank said that transaction might be fraudulous</span>';
$orderState = _PS_OS_ERROR_;
break;
case 75:
$message .= '<span style="color: red;">Customer has exceeded max tries for its card number</span>';
$orderState = _PS_OS_ERROR_;
break;
case 90:
$message .= '<span style="color: red;">Bank server was unavailable</span>';
$orderState = _PS_OS_ERROR_;
break;
}
}
if($orderState == _PS_OS_PAYMENT_) {
// Fraud detection
$count_orders = Db::getInstance()->getRow('
SELECT COUNT(*) AS `total`
FROM `ps_orders`
WHERE `id_customer` = '.(int) $cart->id_customer.'
AND `date_add` >= DATE_SUB(NOW(), INTERVAL 7 DAY)
');
$count_products = Db::getInstance()->getRow('
SELECT COUNT(*)
FROM `ps_cart_product`
WHERE `id_cart` = '.(int) $cart->id.'
');
$count_total_paid = $cart->getOrderTotal();
$count_order_ip = Db::getInstance()->getRow('
SELECT COUNT(*) AS `total`
FROM `ps_payment_iplog`
WHERE `ipaddr` = "'.pSQL($resultArray[29]).'"
AND `date_add` >= DATE_SUB(NOW(), INTERVAL 7 DAY)
');
$reason = '';
if($count_orders['total'] + 1 > 3) {
$reason .= 'le client a passé plus de 3 commandes sur 7 jours'."\n";
}
if($count_products['total'] > 7 && $count_total_paid > 500.0) {
$reason .= 'la commande contient plus de 7 produits et est de plus de 500€'."\n";
}
if($count_order_ip['total'] > 3) {
$reason .= 'l\'ip a passé plus de 3 commandes sur 7 jours'."\n";
}
if($reason != '') {
@mail('frederic+paiement@bebeboutik.com', '[BEBEBOUTIK] Suspicion de fraude', 'Une commande suspecte a été détectée.
Détails de la commande :
- client : '.(int) $cart->id_customer.'
- panier : '.(int) $cart->id.'
- raison de l\'alerte :
'.$reason.'
', 'Content-Type: text/plain; charset="utf-8"'."\r\n".'From: paiement@bebeboutik.com'."\r\n".'Reply-To: perron@antadis.com'."\r\n".'Return-Path: perron@antadis.com'."\r\n");
}
Db::getInstance()->ExecuteS('
INSERT INTO `'._DB_PREFIX_.'payment_iplog` VALUES (
'.(int) $cart->id_customer.',
'.(int) $cart->id.',
"'.pSQL($resultArray[29]).'",
NOW()
)
');
//
}
$atos = new Atos_cyberplus();
$atos->validateOrder($resultArray[6], $orderState, ($resultArray[5] / 100), $atos->displayName, $message);
}
}
?>