forked from zencart/zencart
-
Notifications
You must be signed in to change notification settings - Fork 1
/
header_php.php
executable file
·206 lines (185 loc) · 9.67 KB
/
header_php.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
<?php
/**
* payer_auth_verifier page
*
* @package paymentMethod
* @copyright Copyright 2003-2013 Zen Cart Development Team
* @copyright Portions Copyright 2005 CardinalCommerce
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version $Id: header_php.php 15898 2010-04-12 15:12:09Z drbyte $
*/
/**
* Purpose:
* This is the page that the Card Issuer's Access Control Server (ACS)
* will return the customer to. The Card Issuer will POST the results
* of the authentication to this page. The authentication data will be
* verified using the Cardinal Centinel code in the payment module.
* The response will contain the XID, CAVV, ECI, Authentication Status
* and Signature values.
*
* Checking these values will determine what the next step in the flow
* should be. If the authentication is successful, then the CAVV, ECI,
* and XID values are used by the next stages of the payment module.
*
* If the authentication was unsuccessful or resulted in an error, the
* business rules ('Proceed without Chargeback Protection') in the
* module configuration will be used to determine if the transaction
* should continue.
*
* A configuration value of 'Yes', will allow both authenticated and
* transactions that are unable to be authenticated to complete and
* proceed to authorization. This will result in liability protection
* for only those transactions that were authenticated.
*
* A configuration value of 'No', will require all consumers to
* successfully authenticate themselves prior to completing the
* purchase. This will result in liability protection granted by the
* Verified by Visa, MasterCard SecureCode, and JCB J/Secure programs
* on all completed transactions. By using this configuration value,
* you may prevent consumers from using certain credit cards
* (commercial credit cards, prepaid credit cards) that are simply not
* eligible for the program. In the event that a consumer attempts to
* use a credit card that is not eligible for authentication, they will
* be redirected to the payment details page and prompted for another
* form of payment.
*/
// if the customer is not logged on, redirect them to the login page
if (!$_SESSION['customer_id']) {
die(WARNING_SESSION_TIMEOUT);
}
// Get the MD back and set it as the session id
if (isset($_REQUEST["MD"]) && $_REQUEST["MD"] != null && strlen($_REQUEST["MD"]) != 0) {
session_id($_REQUEST["MD"]);
}
// load all enabled modules
if (!isset($_SESSION['payment']) || $_SESSION['payment'] == '') zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
require(DIR_WS_CLASSES . 'payment.php');
$payment_modules = new payment($_SESSION['payment']);
$payment_module = $_SESSION['payment'];
unset($_SESSION['3Dsecure_acsURL']);
unset($_SESSION['3Dsecure_payload']);
require(DIR_WS_CLASSES . 'order.php');
$order = new order;
require(DIR_WS_CLASSES . 'order_total.php');
$order_total_modules = new order_total;
$order_totals = $order_total_modules->process();
if ($_SESSION['3Dsecure_transactionId'] == '') {
// validate if the card enrolled lookup requirements have been met
if ($_SESSION['3Dsecure_requires_lookup'] == true && strcasecmp('Y', $_SESSION['3Dsecure_enroll_lookup_attempted']) != 0) {
// enrollment lookup was required for the card type, but was not completed
$error = ERROR_PAYMENT_FAILURE_TEXT;
$messageStack->add_session('checkout_payment', $error . '<!-- ['.$payment_module->code.'] -->', 'error');
$redirectPage = zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false);
} else {
// enrollment lookup was either not required for the card type or was required and completed
$redirectPage = zen_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', true);
}
} else {
/////////////////////////////////////////////////////////////////////////////////////////
// Retrieve the PaRes and MD values from the Card Issuer's Form POST to this Term URL page.
// If you like, the MD data passed to the Card Issuer could contain the TransactionId
// that would enable you to reestablish the transaction session. This would be the
// alternative to using the Client Session Cookies
/////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////
// If the PaRes is Not Empty then process the cmpi_authenticate message
/////////////////////////////////////////////////////////////////////////////////////////
if (isset($_POST["PaRes"]) && $_POST["PaRes"] != '') {
$authenticate_data_array = array('transaction_id' => $_SESSION['3Dsecure_transactionId'],
'payload' => $_POST["PaRes"]);
if (is_object(${$payment_module})) {
$authenticate_resp_array = ${$payment_module}->get3DSecureAuthenticateResponse($authenticate_data_array);
}
$shouldContinue = $authenticate_resp_array['continue_flag'];
$auth_status = $authenticate_resp_array['auth_status'];
$sig_status = $authenticate_resp_array['sig_status'];
$error_no = $authenticate_resp_array['error_no'];
$error_desc = $authenticate_resp_array['error_desc'];
$auth_xid = $authenticate_resp_array['auth_xid'];
$auth_cavv = $authenticate_resp_array['auth_cavv'];
$auth_eci = $authenticate_resp_array['auth_eci'];
$_POST['paypalwpp_cc_number'] = $authenticate_resp_array['cc3d_card_number'];
$_POST['paypalwpp_cc_checkcode'] = $authenticate_resp_array['cc3d_checkcode'];
$_POST['paypalwpp_cc_expires_month'] = $authenticate_resp_array['cc3d_exp_month'];
$_POST['paypalwpp_cc_expires_year'] = $authenticate_resp_array['cc3d_exp_year'];
$merchantData = unserialize($_SESSION['3Dsecure_merchantData']);
$_POST['paypalwpp_cc_issue_month'] = $merchantData['im'];
$_POST['paypalwpp_cc_issue_year'] = $merchantData['iy'];
$_POST['paypalwpp_cc_issuenumber'] = $merchantData['in'];
$_POST['paypalwpp_cc_firstname'] = $merchantData['fn'];
$_POST['paypalwpp_cc_lastname'] = $merchantData['ln'];
$_SESSION['3Dsecure_auth_status'] = $auth_status;
$_SESSION['3Dsecure_auth_xid'] = $auth_xid;
$_SESSION['3Dsecure_auth_cavv'] = $auth_cavv;
$_SESSION['3Dsecure_auth_eci'] = $auth_eci;
unset($_SESSION['3Dsecure_transactionId']);
/////////////////////////////////////////////////////////////////////////////////////////
// Determine if the result was Successful or Error
//
// If the Authentication results (PAResStatus) is a Y or A, and the SignatureVerification is Y, then
// the Payer Authentication was successful. The Authorization Message should be processed,
// and the User taken to a Order Confirmation location.
//
/////////////////////////////////////////////////////////////////////////////////////////
// If the following condition is met, then the authentication result was acceptable.
/////////////////////////////////////////////////////////////////////////////////////////
if (strcasecmp("Y", $shouldContinue) == 0) {
////////////////////////////////////////////////////////////////////
// Business rules are set to continue to authorization
////////////////////////////////////////////////////////////////////
$redirectPage = zen_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', false);
} else {
////////////////////////////////////////////////////////////////////
// Business rules are set to prompt for another form of payment
////////////////////////////////////////////////////////////////////
$error = ${$payment_module}->get_authentication_error();
$messageStack->add_session('checkout_payment', $error . '<!-- ['.${$payment_module}->code.'] -->', 'error');
$redirectPage = zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false);
}
} else {
////////////////////////////////////////////////////////////////////
// Business rules are set to continue to authorization
////////////////////////////////////////////////////////////////////
$redirectPage = zen_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', true, false);
}
}
header("Cache-Control: max-age=1"); // stores for only 1 second, which prevents page from being re-displayed
?>
<html>
<head>
<title>Payer Authentication Window</title>
<script>
function onLoadHandler(){
setTimeout(document.frmResultPage.submit(), 2);
}
</script>
</head>
<body onLoad="onLoadHandler();">
<center>
<form name="frmResultPage" target="_top" method="post" action="<?php echo $redirectPage; ?>">
<br />Processing. Please wait.
<br /><br /><em>This may take a few moments...</em>
<br /><br /><?php echo zen_image(DIR_WS_IMAGES.'3ds/pleasewait.gif');?>
<?php
// Call pre_confirmation_check on the underlying payment module.
${$payment_module}->pre_confirmation_check();
// output the appropriate POST vars so form can be processed for submission to gateway
echo ${$payment_module}->process_button();
?>
<noscript>
<br><br>
<center>
<font color="red">
<h1>Processing your Payer Authentication Transaction</h1>
<h2>JavaScript is currently disabled or is not supported by your browser.<br></h2>
<h3>Please click Submit to continue the processing of your transaction.</h3>
</font>
<input type="submit" value="Submit">
</center>
</noscript>
</form>
</center>
</body>
</html>
<?php die(); ?>