ideal_payment_api.module

<?php
// $Id: q_menu.module,v 6-x-0.1 2008/07/08 15:31:52 qrios Exp $

// $Id$

/**
 * @file
 * Generic iDEAL payment API module for iDEAL payment processing. No shoppingcart module needed.
 * For iDEAL ING/PB Advanced & RABO Professional
 *
 * Development by Qrios | http://www.qrios.nl | c.kodde {at} qrios {dot} nl
 *
 *
 */

//First load include based on available lib
$lib = ideal_payment_api_get_lib();
$path_module = drupal_get_path('module', 'ideal_payment_api');
if ($lib == 'thinmpi'){
  require_once($path_module.'/ideal_payment_api_thinmpi.inc.php');
}
elseif ($lib == 'connector'){
  require_once($path_module.'/ideal_payment_api_connector.inc.php');
}

/**
 * Implementation of hook_help().
 */
function ideal_payment_api_help($section = '') {
  $output = '';
  switch ($section) {
    case "admin/help#ideal_payment_api":
      $output = t("Generic iDEAL payment API module for iDEAL payment processing. No shoppingcart module needed.");
      break;
  }
  return $output;
}

/**
 * Implementation of hook_cron().
 */
function ideal_payment_api_cron() {
  ideal_payment_api_refresh_issuerlist();
  ideal_payment_api_auto_recheck();
}

/**
 * Implementation of hook_menu().
 */
function ideal_payment_api_menu() {
  $items['admin/settings/ideal'] = array(
    'title' => 'iDEAL Payment API',
    'description' => 'iDEAL Payment API settings.',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('ideal_payment_api_admin_settings'),
    'access arguments' => array('administer iPAPI'),
    'type' => MENU_NORMAL_ITEM,
  );
  $items['ideal/payment_test'] = array(
    'title' => 'iDEAL Payment API Test',
    'description' => 'iDEAL Payment API Test.',
    'page callback' => 'ideal_payment_api_test',
    'access arguments' => array('administer iPAPI'),
    'type' => MENU_NORMAL_ITEM,
  );
  $items['ideal/payment_statreq'] = array(
    'title' => t('IDEAL Payment status request'),
    'page callback' => 'ideal_payment_api_statreq_call',
    'page arguments' => array(FALSE, FALSE),
    'access arguments' => array('access content'),
    'type' => MENU_CALLBACK,
  );
  $items['ideal/payment_statreq_recheck'] = array(
    'title' => t('iDEAL Statusrequest recheck'),
    'description' => t('Manual Statusrequest for iDEAL payments.'),
    'page callback' => 'ideal_payment_api_statreq_recheck',
    'access arguments' => array('access content'),
    'type' => MENU_CALLBACK,
  );

  return $items;
}

/**
 * Implementation of hook_perm().
 */
function ideal_payment_api_perm() {
  return array('administer iPAPI', 'make iPAPI payments');
}

/**
 * Menu callback; presents the sitemap settings page.
 */
function ideal_payment_api_admin_settings() {
  $form['ideal_payment_api_privatekey'] = array(
    '#type' => 'textfield',
    '#title' => t('privatekey'),
    '#default_value' => variable_get('ideal_payment_api_privatekey', 'priv.pem'),
    '#description' => t('The private key .pem file located in  */security.'),
  );
  $form['ideal_payment_api_privatekeypass'] = array(
    '#type' => 'textfield',
    '#title' => t('privatekeypass'),
    '#default_value' => variable_get('ideal_payment_api_privatekeypass', ''),
    '#description' => t('The private key password used for generating the key file.'),
    '#required' => TRUE,
  );
  $form['ideal_payment_api_privatecert'] = array(
    '#type' => 'textfield',
    '#title' => t('privatecert'),
    '#default_value' => variable_get('ideal_payment_api_privatecert', 'cert.cer'),
    '#description' => t('The private certificate .cer file located in  */security.'),
    '#required' => TRUE,
  );
  $form['ideal_payment_api_authenticationtype'] = array(
    '#type' => 'textfield',
    '#title' => t('authenticationtype'),
    '#default_value' => variable_get('ideal_payment_api_authenticationtype', 'SHA1_RSA'),
    '#description' => t('Authentication type protocol. Leave SHA1_RSA default if unsure.'),
    '#required' => TRUE,
  );
  $form['ideal_payment_api_certificate0'] = array(
    '#type' => 'textfield',
    '#title' => t('certificate0'),
    '#default_value' => variable_get('ideal_payment_api_certificate0', 'ideal.cer'),
    '#description' => t('Certificate0 contains the signing certificate of your acquirer. This would probably be ideal.cer or webserver.cer.'),
    '#required' => TRUE,
  );
  $form['ideal_payment_api_acquirerurl'] = array(
    '#type' => 'textfield',
    '#title' => t('acquirerurl'),
    '#default_value' => variable_get('ideal_payment_api_acquirerurl', 'ssl://idealtest.secure-ing.com:443/ideal/iDeal'),
    '#description' => t('Address of the iDEAL acquiring server. Use ssl://idealtest.secure-ing.com:443/ideal/iDeal during integration/test. Use ssl://ideal.secure-ing.com:443/ideal/iDeal only for production. Look into integration documents for Rabo equivalents.'),
    '#required' => TRUE,
  );
  $form['ideal_payment_api_acquirertimeout'] = array(
    '#type' => 'textfield',
    '#title' => t('acquirertimeout'),
    '#default_value' => variable_get('ideal_payment_api_acquirertimeout', '10'),
    '#description' => t('Do not change AcquirerTimeout unless you have specific reasons to do so.'),
    '#required' => TRUE,
  );
  $form['ideal_payment_api_merchantid'] = array(
    '#type' => 'textfield',
    '#title' => t('merchantid'),
    '#default_value' => variable_get('ideal_payment_api_merchantid', '000000000'),
    '#description' => t('Default MerchantID enables you to test the example demoshop. Your own Merchant ID can be retrieved via the iDEAL Dashboard.'),
    '#required' => TRUE,
  );
  $form['ideal_payment_api_subid'] = array(
    '#type' => 'textfield',
    '#title' => t('subid'),
    '#default_value' => variable_get('ideal_payment_api_subid', '0'),
    '#description' => t('Do not change subID unless you have specific reasons to do so.'),
  );
  $form['ideal_payment_api_currency'] = array(
    '#type' => 'textfield',
    '#title' => t('currency'),
    '#default_value' => variable_get('ideal_payment_api_currency', 'EUR'),
    '#description' => t('Do not change currency unless you have specific reasons to do so'),
    '#required' => TRUE,
  );
  $form['ideal_payment_api_expirationperiod'] = array(
    '#type' => 'textfield',
    '#title' => t('expirationperiod'),
    '#default_value' => variable_get('ideal_payment_api_expirationperiod', 'PT10M'),
    '#description' => t('ExpirationPeriod is the timeframe during which the transaction is allowed to take place. Maximum is PT1H (1 hour).'),
    '#required' => TRUE,
  );
  $form['ideal_payment_api_language'] = array(
    '#type' => 'textfield',
    '#title' => t('language'),
    '#default_value' => variable_get('ideal_payment_api_language', 'nl'),
    '#description' => t('Language is only used for showing errormessages in the prefered language. nl/en.'),
    '#required' => TRUE,
  );

  return system_settings_form($form);
}

//The Payment Page API
/**
 * Arguments:
 *  $order_id, $order_desc, $order_total, $path_back_error, $path_back_succes
 *
 *  $order_id, integer, must be unique, or else payment will be rejected
 *  $order_desc, string
 *  $order_total, decimal number ###,##
 *  $path_back_error, string, drupal path to redirect to on unsuccesfull payment. Probably the originating product/order form.
 *  $path_back_succes, string, drupal path to redirect to on succesfull payment. Probably the home page or a "thank you" page.
 *	All arguments are required
 */
function ideal_payment_api_payment_page($order_id, $order_desc, $order_total, $path_back_error, $path_back_succes) {
  //Check permissions
  if (user_access('make iPAPI payments')) {
    //Fill TransReq session var
    $order = array(
      'order_id' => $order_id,
      'description' => $order_desc,
      'amount' => $order_total * 100,   //amount *100
      'path_back_error' => $path_back_error,
      'path_back_succes' => $path_back_succes,
    );

    $form_html = drupal_get_form('ideal_payment_api_issuer_form', $order);

    return $form_html;
  }
  else{
    drupal_set_message(t('Sorry, you have no privelidges to make payments.') . $order_id, 'warning');
    return FALSE;
  }
}

/**
 * Refresh issuer list
 */
function ideal_payment_api_refresh_issuerlist() {
  $arr_issuers = ideal_payment_api_dirreq_call();
  if (is_array($arr_issuers) && count($arr_issuers) > 0) {
    db_query("TRUNCATE TABLE {ideal_payment_api_issuers}");
    foreach ($arr_issuers as $issuer) {
      db_query("INSERT INTO {ideal_payment_api_issuers} (iss_id, iss_name) VALUES (%d, '%s')", $issuer->issuerID, $issuer->issuerName );
    }
  }
  else {
    //@TODO: move into watchdog. And present error in hook_requirements.
    print_r($arr_issuers); //Contains error message
  }
}

/**
 * Load issuer form
 */
function ideal_payment_api_issuer_form($order) {
  
  $form['order'] = array(
    '#type' => 'value',
    '#value' => $order,
  );
  
  //Load issuers
  $options['choose'] = t('Choose your bank...');
  $result = db_query('SELECT * FROM {ideal_payment_api_issuers} ORDER BY iss_id ASC');
  while ($row = db_fetch_object($result)) {
    $options[$row->iss_id] = $row->iss_name;
  }
  
  $form['ideal_dirreq_form'] = array(
    '#type' => 'fieldset',
    '#title' => t('Please choose your bank'),
    '#collapsible' => FALSE,
    '#description' => t('You will be returned to this website after completing your IDEAL payment transaction.'),
  );
  $form['ideal_dirreq_form']['issuer'] = array(
    '#type' => 'select',
    '#default_value' => NULL,
    '#options' => $options,
    '#disabled' => empty($options) ? TRUE : FALSE,
    '#required' => TRUE,
    '#weight' => 0,
  );
  $form['ideal_dirreq_form']['submit'] = array(
    '#type' => 'submit',
    '#value' => t('Go to my bank') .' ->',
    '#weight' => 1,
  );

  return $form;
}

/**
 * Validate issuer form
 */
function ideal_payment_api_issuer_form_validate($form, $form_state) {
  $issuer = $form_state['values']['issuer'];
  if ($issuer == 'choose') {
    form_set_error('issuer', t('Please select your bank.'));
  }
  if (empty($form_state['order'])) {
    form_set_error('order', t('You did not provide an order, probably due to a technical issue.'));
  }
}

/**
 * Submit issuer form
 */
function ideal_payment_api_issuer_form_submit($form, &$form_state) {
  ideal_payment_api_transreq_call($form_state['values']['issuer']);
}


/**
 * Theme issuer form/
 * @ingroup theme
 */
function theme_ideal_payment_api_issuer_form($form) {
dpm($form['order']);
  $output = '';
  $output .= '<div class="order">';
  $output .= $form['order']['#value']['description']; //no filter_xss, because often we get a table. Passer should escape XSS!
  $output .= '</div>';

  $output .= drupal_render($form);
  return $output;
}

/**
 * Recheck payment status manually
 */
function ideal_payment_api_statreq_recheck() {
  $form_html = drupal_get_form('ideal_payment_api_statreq_recheck_form', $form);
}

/*
 * Load status recheck form
 */
function ideal_payment_api_statreq_recheck_form() {
  $form['ideal_dirreq_form']['submit'] = array(
    '#type' => 'submit',
    '#value' => t('Recheck my payment status') .' ->',
    '#weight' => 1,
  );

  return $form;
}

/*
 * Load status recheck form
 */
function ideal_payment_api_statreq_recheck_form_submit($form, &$form_state) {
  $order = ideal_payment_api_order_load($form_state['order']['order_id']);
  ideal_payment_api_statreq_call($order);
}

/*
 * Automated status request
 */
function ideal_payment_api_auto_recheck() {
  $result = db_query('SELECT * FROM {ideal_payment_api_orders} WHERE payment_status = 0');
  while ($order = db_fetch_array($result)) {
    $order['order_id'] = $order['oid']; //To be compatible with order session var
    ideal_payment_api_statreq_call($order, TRUE);
  }
}

/**
 *----------------
 *Helper functions
 */
/**
 * Get configuration
 */
function LoadConfiguration() {
  $url_base = url(NULL, array('absolute' => TRUE));
  //Load configuration in array
  $arr_conf = array(
    'PRIVATEKEY' =>         filter_xss(variable_get('ideal_payment_api_privatekey', 'priv.pem')),
    'PRIVATEKEYPASS' =>     filter_xss(variable_get('ideal_payment_api_privatekeypass', FALSE)),
    'PRIVATECERT' =>        filter_xss(variable_get('ideal_payment_api_privatecert', 'cert.cer')),
    'AUTHENTICATIONTYPE' => filter_xss(variable_get('ideal_payment_api_authenticationtype', 'SHA1_RSA')),
    'CERTIFICATE0' =>       filter_xss(variable_get('ideal_payment_api_certificate0', 'ideal.cer')),
    'ACQUIRERURL' =>        filter_xss(variable_get('ideal_payment_api_acquirerurl', 'ssl://idealtest.secure-ing.com:443/ideal/iDeal')),
    'ACQUIRERTIMEOUT' =>    filter_xss(variable_get('ideal_payment_api_acquirertimeout', 10)),
    'MERCHANTID' =>         check_plain(variable_get('ideal_payment_api_merchantid', '000000000')),
    'SUBID' =>              filter_xss(variable_get('ideal_payment_api_subid', 0)),
    'MERCHANTRETURNURL' =>  $url_base.'ideal/payment_statreq',
    'CURRENCY' =>           filter_xss(variable_get('ideal_payment_api_currency', 'EUR')),
    'EXPIRATIONPERIOD' =>   filter_xss(variable_get('ideal_payment_api_expirationperiod', 'PT10M')),
    'LANGUAGE' =>           filter_xss(variable_get('ideal_payment_api_language', 'nl')),
    //debug
    //'LOGFILE' =>           'Connector_log.txt',
		//'TraceLevel' => 'DEBUG,ERROR',

  );

  //IMPORTANT, 'DESCRIPTION' is bound to max. 32 chars!!
	$arr_conf['DESCRIPTION'] = t('order# ') . $_SESSION['ideal_payment_api_order_data']['order_id'];

  return $arr_conf;
}

/**
 * Lookup installed PHP iDEAL lib
 */
function ideal_payment_api_get_lib() {
  $path_module = drupal_get_path('module', 'ideal_payment_api');
  if (file_exists($path_module.'/lib/ThinMPI.php')) {
    $lib = 'thinmpi'; //Rabo + old ING
  }
  elseif (file_exists($path_module.'/lib/iDEALConnector.php')) {
    $lib = 'connector'; //New ING
  }
  return $lib;
}

/**
 * Save order
 */
function ideal_payment_api_order_save($order_id, $user_id, $description, $amount, $issuer_id, $transaction_id, $payment_status) {
	//Save order
	if ($order_id = NULL) {
	  $order_id = db_next_id('ideal_payment_api_orders');
	  $inserted = db_query("INSERT INTO {ideal_payment_api_orders} (user_id, description, amount, issuer_id, transaction_id, payment_status) VALUES
					(%d,'%s', %d, '%s', '%s', %d)", $user_id, $description, $amount, $issuer_id, $transaction_id, $payment_status);
	}
	else {
	  $inserted = db_query("INSERT INTO {ideal_payment_api_orders} (oid, user_id, description, amount, issuer_id, transaction_id, payment_status) VALUES
					(%d, %d,'%s', %d, '%s', '%s', %d)", $order_id, $user_id, $description, $amount, $issuer_id, $transaction_id, $payment_status);
	}

	if ($inserted) {
		return $order_id;
	}
	else {
		return 0;
	}
}

/**
 * Update order status
 */
function ideal_payment_api_order_update($order_id, $payment_status) {
	if (db_query("UPDATE {ideal_payment_api_orders} SET payment_status = %d WHERE oid = %d", $payment_status, $order_id)) {
		if ($payment_status == 1) {
			//Destroy session order var when payment is OK
			unset($_SESSION['ideal_payment_api_order_data']);
		}
    return TRUE;
	}
	else {
		return FALSE;
	}
}

/**
 * Delete order
 */
function ideal_payment_api_order_delete($order_id) {
	if (db_query("DELETE FROM {ideal_payment_api_orders} WHERE oid = %d", $order_id)) {
		return TRUE;
	}
	else {
		return FALSE;
	}
}

/**
 * Load order
 */
function ideal_payment_api_order_load($order_id) {
	$result = db_query("SELECT * FROM {ideal_payment_api_orders} WHERE oid = %d", $order_id);
	$order = db_fetch_array($result);
	if (is_array($order)) {
		return $order;
	}
	else {
		return FALSE;
	}
}

/**
 * Test this API
 */
function ideal_payment_api_test() {
  $order_id = 800;
  $order_desc = 'test opmerking';
  $order_total = '315';
  $path_back_error = 'ideal/payment_test';
  $path_back_succes = NULL; // = home

  return ideal_payment_api_payment_page($order_id, $order_desc, $order_total, $path_back_error, $path_back_succes);
}