Skip to content
Fetching contributors…
Cannot retrieve contributors at this time
executable file 622 lines (540 sloc) 21.6 KB
<?php // $Id$
// Authorize.net
define('AN_HOST', 'secure.authorize.net');
define('AN_HOST_TEST', 'certification.authorize.net');
define('AN_PORT', 443);
define('AN_PATH', '/gateway/transact.dll');
define('AN_APPROVED', '1');
define('AN_DECLINED', '2');
define('AN_ERROR', '3');
define('AN_DELIM', '|');
define('AN_ENCAP', '"');
/**
* New order. No transaction was made.
*/
define('AN_STATUS_NONE', 0x00);
/**
* Authorized.
*/
define('AN_STATUS_AUTH', 0x01);
/**
* Captured.
*/
define('AN_STATUS_CAPTURE', 0x02);
/**
* Refunded.
*/
define('AN_STATUS_CREDIT', 0x04);
/**
* Voided.
*/
define('AN_STATUS_VOID', 0x08);
/**
* Expired.
*/
define('AN_STATUS_EXPIRE', 0x10);
require_once("$CFG->dirroot/enrol/enrol.class.php");
/**
* enrolment_plugin_authorize
*
*/
class enrolment_plugin extends enrolment_base
{
/**
* Credit card error message.
*
* @var string
* @access public
*/
var $ccerrormsg;
/**
* Cron log.
*
* @var string
* @access public
*/
var $log;
/**
* Shows a credit card form for registration.
*
* @param object $course Course info
* @access public
*/
function print_entry($course)
{
global $CFG, $USER, $form;
if ($this->zero_cost($course) || isguest()) { // No money for guests ;)
parent::print_entry($course);
return;
}
// check payment
$this->prevent_double_paid($course);
// I want to pay on SSL.
if (empty($_SERVER['HTTPS'])) {
if (empty($CFG->loginhttps)) {
error(get_string("httpsrequired", "enrol_authorize"));
} else {
$wwwsroot = str_replace('http://','https://', $CFG->wwwroot);
$sdestination = "$wwwsroot/course/enrol.php?id=$course->id";
redirect($sdestination);
exit;
}
}
$formvars = array('password','ccfirstname','cclastname','cc','ccexpiremm','ccexpireyyyy','cctype','cvv','cczip');
foreach ($formvars as $var) {
if (!isset($form->$var)) {
$form->$var = '';
}
}
$teacher = get_teacher($course->id);
$strloginto = get_string("loginto", "", $course->shortname);
$strcourses = get_string("courses");
$userfirstname = empty($form->ccfirstname) ? $USER->firstname : $form->ccfirstname;
$userlastname = empty($form->cclastname) ? $USER->lastname : $form->cclastname;
$curcost = $this->get_course_cost($course);
print_header($strloginto, $course->fullname, "<a href=\"$CFG->wwwroot/course/\">$strcourses</a> -> $strloginto");
print_course($course, "80%");
if ($course->password) {
print_simple_box(get_string('choosemethod', 'enrol_authorize'), 'center');
$password = '';
include($CFG->dirroot . '/enrol/internal/enrol.html');
}
print_simple_box_start("center");
include($CFG->dirroot . '/enrol/authorize/enrol.html');
print_simple_box_end();
print_footer();
}
/**
* Checks form params.
*
* @param object $form Form parameters
* @param object $course Course info
* @access public
*/
function check_entry($form, $course) {
if ($this->zero_cost($course) || isguest() || (!empty($form->password))) {
parent::check_entry($form, $course);
} else {
$this->cc_submit($form, $course);
}
}
/**
* Credit card number mode.
* Send to authorize.net.
*
* @param object $form Form parameters
* @param object $course Course info
* @access private
*/
function cc_submit($form, $course)
{
global $CFG, $USER, $SESSION;
require_once($CFG->dirroot . '/enrol/authorize/ccval.php');
require_once($CFG->dirroot . '/enrol/authorize/action.php');
if (empty($form->ccfirstname) || empty($form->cclastname) ||
empty($form->cc) || empty($form->cvv) || empty($form->cctype) ||
empty($form->ccexpiremm) || empty($form->ccexpireyyyy) || empty($form->cczip)) {
$this->ccerrormsg = get_string("allfieldsrequired");
return;
}
$this->prevent_double_paid($course);
$exp_date = ($form->ccexpiremm < 10) ? strval('0'.$form->ccexpiremm) : strval($form->ccexpiremm);
$exp_date .= $form->ccexpireyyyy;
$valid_cc = CCVal($form->cc, $form->cctype, $exp_date);
$curcost = $this->get_course_cost($course);
$useripno = getremoteaddr(); // HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, REMOTE_ADDR
if (!$valid_cc) {
$this->ccerrormsg = get_string( (($valid_cc===0) ? 'ccexpired' : 'ccinvalid'), 'enrol_authorize' );
return;
}
// NEW ORDER
$timenow = time();
$order = new stdClass();
$order->cclastfour = substr($form->cc, -4);
$order->ccexp = $exp_date;
$order->cvv = $form->cvv;
$order->ccname = $form->ccfirstname . " " . $form->cclastname;
$order->courseid = $course->id;
$order->userid = $USER->id;
$order->avscode = 'P';
$order->status = AN_STATUS_NONE; // it will be changed...
$order->timeupdated = 0; // cron changes this.
$order->timecreated = $timenow;
$order->amount = $curcost['cost'];
$order->currency = $curcost['currency'];
$order->id = insert_record("enrol_authorize", $order);
if (!$order->id) {
$this->email_to_admin("Error while trying to insert new data", $order);
$this->ccerrormsg = "Insert record error. Admin has been notified!";
return;
}
$extra = new stdClass();
$extra->x_first_name = $form->ccfirstname;
$extra->x_last_name = $form->cclastname;
$extra->x_address = $USER->address;
$extra->x_city = $USER->city;
$extra->x_zip = $form->cczip;
$extra->x_country = $USER->country;
$extra->x_state = '';
$extra->x_card_num = $form->cc;
$extra->x_card_code = $form->cvv;
$extra->x_currency_code = $curcost['currency'];
$extra->x_amount = $curcost['cost'];
$extra->x_exp_date = $exp_date;
$extra->x_email = $USER->email;
$extra->x_email_customer = 'TRUE';
$extra->x_cust_id = $USER->id;
$extra->x_customer_ip = $useripno;
$extra->x_phone = '';
$extra->x_fax = '';
$extra->x_invoice_num = $order->id;
$extra->x_description = $course->shortname;
$message = NULL;
$an_review = !empty($CFG->an_review);
$action = $an_review ? AN_ACTION_AUTH_ONLY : AN_ACTION_AUTH_CAPTURE;
$success = authorizenet_action($order, $message, $action, $extra);
if ($success) {
$SESSION->ccpaid = 1; // security check: don't duplicate payment
if ($an_review) { // review enabled, inform admin and redirect to main page the user.
$order->timeupdated = 0; //no time() - REVIEW: cron or admin will change this.
if (update_record("enrol_authorize", $order)) {
// notification: new transaction (AUTH_ONLY)
}
else {
$this->email_to_admin("Error while trying to update data. Please edit manually this record: " .
"ID=$order->id in enrol_authorize table.", $order);
}
redirect($CFG->wwwroot, get_string("reviewnotify", "enrol_authorize"), '60');
return;
}
// credit card captured, ENROL...
if (!update_record("enrol_authorize", $order)) {
$this->email_to_admin( "Error while trying to update data. Please edit manually this record: " .
"ID=$order->id in enrol_authorize table.", $order);
// no error occured??? enrol student??? return??? Database busy???
}
if ($course->enrolperiod) {
$timestart = $timenow;
$timeend = $timestart + $course->enrolperiod;
} else {
$timestart = $timeend = 0;
}
if (enrol_student($USER->id, $course->id, $timestart, $timeend, 'authorize')) {
$teacher = get_teacher($course->id);
if (!empty($CFG->enrol_mailstudents)) {
$a->coursename = "$course->fullname";
$a->profileurl = "$CFG->wwwroot/user/view.php?id=$USER->id";
email_to_user($USER,
$teacher,
get_string("enrolmentnew", '', $course->shortname),
get_string('welcometocoursetext', '', $a));
}
if (!empty($CFG->enrol_mailteachers)) {
$a->course = "$course->fullname";
$a->user = fullname($USER);
email_to_user($teacher,
$USER,
get_string("enrolmentnew", '', $course->shortname),
get_string('enrolmentnewuser', '', $a));
}
if (!empty($CFG->enrol_mailadmins)) {
$a->course = "$course->fullname";
$a->user = fullname($USER);
$admins = get_admins();
foreach ($admins as $admin) {
email_to_user($admin,
$USER,
get_string("enrolmentnew", '', $course->shortname),
get_string('enrolmentnewuser', '', $a));
}
}
} else {
$this->email_to_admin("Error while trying to enrol ".fullname($USER)." in '$course->fullname'", $order);
}
if ($SESSION->wantsurl) {
$destination = $SESSION->wantsurl;
unset($SESSION->wantsurl);
} else {
$destination = "$CFG->wwwroot/course/view.php?id=$course->id";
}
redirect($destination);
} else {
$this->ccerrormsg = $message;
}
}
/**
* zero_cost
*
* @param unknown_type $course
* @return number
* @access private
*/
function zero_cost($course) {
$curcost = $this->get_course_cost($course);
return (abs($curcost['cost']) < 0.01);
}
/**
* get_course_cost
*
* @param unknown_type $course
* @return unknown
* @access private
*/
function get_course_cost($course)
{
global $CFG;
$cost = (float)0;
$currency = (!empty($course->currency))
? $course->currency :( empty($CFG->enrol_currency)
? 'USD' : $CFG->enrol_currency );
if (!empty($course->cost)) {
$cost = (float)(((float)$course->cost) < 0) ? $CFG->enrol_cost : $course->cost;
}
$cost = format_float($cost, 2);
$ret = array('cost' => $cost, 'currency' => $currency);
return $ret;
}
/**
* Gets access icons.
*
* @param object $course
* @return string
* @access public
*/
function get_access_icons($course) {
$str = parent::get_access_icons($course);
$curcost = $this->get_course_cost($course);
if (abs($curcost['cost']) > 0.00) {
$strrequirespayment = get_string("requirespayment");
$strcost = get_string("cost");
$currency = $curcost['currency'];
switch ($currency) {
case 'USD': $currency = 'US$'; break;
case 'CAD': $currency = 'C$'; break;
case 'EUR': $currency = '&euro;'; break;
case 'GBP': $currency = '&pound;'; break;
case 'JPY': $currency = '&yen;'; break;
}
$str .= '<div class="cost" title="'.$strrequirespayment.'">'.$strcost.': ';
$str .= $currency . ' ' . $curcost['cost'].'</div>';
}
return $str;
}
/**
* Shows config form & errors
*
* @param object $frm
* @access public
*/
function config_form($frm)
{
global $CFG;
if (!$this->check_openssl_loaded()) {
notify('PHP must be compiled with SSL support (--with-openssl)');
}
if (data_submitted()) {
// something POSTed, Some required fields
if (empty($frm->an_login)) {
notify("an_login required");
}
if (empty($frm->an_tran_key) && empty($frm->an_password)) {
notify("an_tran_key or an_password required");
}
if (empty($CFG->loginhttps)) {
notify("\$CFG->loginhttps must be ON");
}
// ******************* AUTOCAPTURE *******************
if (!(empty($frm->an_review) || $frm->an_review_day < 1)) {
// ++ENABLED++
// Cron must be runnig!!! Check last cron...
$lastcron = get_field_sql('SELECT max(lastcron) FROM ' . $CFG->prefix . 'modules');
if (time() - $lastcron > 3600 * 24) {
// Cron must be enabled if you want to use autocapture feature.
// Setup cron or disable an_review again...
// Otherwise, transactions will be cancelled unless you review it within 30 days.
notify(get_string('cronwarning', 'admin'));
}
} else {
// --DISABLED--
// Cron will NOT run anymore, because autocapture runs with cron.
// Transactions with AN_STATUS_AUTH will be cancelled and we can display this warning to admin!
// Admin can check (Accept|Deny) new transactions manually.
if ($count = count_records('enrol_authorize', 'status', AN_STATUS_AUTH)) {
notify("CRON DISABLED. TRANSACTIONS WITH A STATUS OF AN_STATUS_AUTH WILL BE CANCELLED UNLESS YOU CHECK IT. TOTAL $count");
}
}
// ***************************************************
}
include($CFG->dirroot.'/enrol/authorize/config.html');
}
/**
* process_config
*
* @param object $config
* @return bool true if it will be saved.
* @access public
*/
function process_config($config)
{
global $CFG;
// ENROL config
set_config('enrol_cost', optional_param('enrol_cost', 5, PARAM_INT) );
set_config('enrol_currency', optional_param('enrol_currency', 'USD', PARAM_ALPHA) );
set_config('enrol_mailstudents', optional_param('enrol_mailstudents', '') );
set_config('enrol_mailteachers', optional_param('enrol_mailteachers', '') );
set_config('enrol_mailadmins', optional_param('enrol_mailadmins', '') );
// AUTHORIZE.NET config
// not required!
set_config('an_test', optional_param('an_test', '') );
set_config('an_referer', optional_param('an_referer', 'http://', PARAM_URL) );
// required!
// if is it OK, process next config.
if (empty($CFG->loginhttps)) return false;
if (!$this->check_openssl_loaded()) return false;
$login_val = optional_param('an_login', '');
if (empty($login_val)) return false;
set_config('an_login', $login_val);
$tran_val = optional_param('an_tran_key', '');
$password_val = optional_param('an_password', '');
if (empty($tran_val) && empty($password_val)) return false;
set_config('an_password', $password_val);
set_config('an_tran_key', $tran_val);
// an_review & an_review_day & cron depencies...
$review_val = optional_param('an_review', '');
if (empty($review_val)) {
// review disabled. cron is not required. AUTH_CAPTURE works.
set_config('an_review', $review_val);
} else {
// review enabled.
$review_day_val = optional_param('an_review_day', 5, PARAM_INT);
if ($review_day_val < 0) $review_day_val = 0;
elseif ($review_day_val > 29) $review_day_val = 29;
if ($review_day_val > 0) {
// cron is required.
$lastcron = get_field_sql('SELECT max(lastcron) FROM ' . $CFG->prefix . 'modules');
if (time() - $lastcron > 3600 * 24) {
// No!!! I am not lucky. No changes please...
return false;
}
}
set_config('an_review', $review_val);
set_config('an_review_day', $review_day_val);
}
return true;
}
/**
* email_to_admin
*
* @param string $subject
* @param mixed $data
* @access private
*/
function email_to_admin($subject, $data) {
$admin = get_admin();
$site = get_site();
$data = (array)$data;
$message = "$site->fullname: Transaction failed.\n\n$subject\n\n";
foreach ($data as $key => $value) {
$message .= "$key => $value\n";
}
email_to_user($admin, $admin, "CC ERROR: ".$subject, $message);
}
/**
* prevent_double_paid
*
* @param object $course
* @access private
*/
function prevent_double_paid($course)
{
global $CFG, $SESSION, $USER;
if (isset($SESSION->ccpaid)) {
unset($SESSION->ccpaid);
redirect($CFG->wwwroot . '/login/logout.php');
return;
}
if ($rec = get_record('enrol_authorize', 'userid',$USER->id, 'courseid',$course->id, 'status',AN_STATUS_AUTH, 'id')) {
$a->orderid = $rec->id;
redirect($CFG->wwwroot, get_string("paymentpending", "enrol_authorize", $a), '20');
return;
}
}
/**
* check_openssl_loaded
*
* @return bool
* @access private
*/
function check_openssl_loaded() {
return extension_loaded('openssl');
}
/**
* cron
* @access public
*/
function cron()
{
global $CFG;
parent::cron();
srand((double)microtime() * 10000000);
$random100 = rand(0, 100);
$timenow = time();
$timediff30 = $timenow - (30 * 3600 * 24);
if ($random100 < 15) { // delete very old records: status=AN_STATUS_NONE & timecreated=-60day.
// no credit card transaction is made in status AN_STATUS_NONE.
$timediff60 = $timenow - (60 * 3600 * 24);
$select = "(status = '" .AN_STATUS_NONE. "') AND (timecreated < '$timediff60')";
if (count_records_select('enrol_authorize', $select)) {
mtrace("Deleting records in authorize table older than 60 days (status=AN_STATUS_NONE).");
delete_records_select('enrol_authorize', $select);
}
}
if ($random100 > 80) { // EXPIRED: Transactions with auth_only will be expired 30 days later.
$select = "(status = '" .AN_STATUS_AUTH. "') AND (timeupdated = '0') AND (timecreated < '$timediff30')";
execute_sql("UPDATE {$CFG->prefix}enrol_authorize SET timeupdated = '$timenow', status = '" .AN_STATUS_EXPIRE. "' WHERE $select", false);
}
if (empty($CFG->an_review) || empty($CFG->an_review_day) || $CFG->an_review_day < 1) {
// AUTOCAPTURE disabled. admin, teacher review it manually
return;
}
// AUTO-CAPTURE: it must be captured within 30 days. Otherwise it will expired.
$timediffcnf = $timenow - (intval($CFG->an_review_day) * 3600 * 24);
$select = "(status = '" . AN_STATUS_AUTH . "') AND (timeupdated = '0') AND (timecreated < '$timediffcnf') AND (timecreated > '$timediff30')";
if ($orders = get_records_select('enrol_authorize', $select)) {
require_once("$CFG->dirroot/enrol/authorize/action.php");
@set_time_limit(0);
$this->log = "AUTHORIZE.NET AUTOCAPTURE CRON: " . userdate($timenow) . "\n";
$message = NULL;
foreach ($orders as $order) {
$success = authorizenet_action($order, $message, AN_ACTION_PRIOR_AUTH_CAPTURE);
if ($success) {
if (!update_record("enrol_authorize", $order)) {
$this->email_to_admin("Error while trying to update data. Please edit manually this record: " .
"ID=$order->id in enrol_authorize table.", $order);
}
$timestart = $timeend = 0;
if ($course = get_record_sql("SELECT enrolperiod FROM {$CFG->prefix}course WHERE id='$order->courseid'")) {
if ($course->enrolperiod) {
$timestart = $timenow;
$timeend = $timestart + $course->enrolperiod;
}
}
if (enrol_student($order->userid, $order->courseid, $timestart, $timeend, 'authorize')) {
$this->log .= "user($order->userid) enrolled to course($order->courseid)\n";
}
else {
$this->email_to_admin("Error while trying to enrol ".fullname($USER)." in '$course->fullname'", $order);
}
}
else { // not success
$this->log .= $message . "\n";
}
}
$this->log .= "AUTHORIZE.NET CRON FINISHED: " . userdate(time());
if (!empty($CFG->enrol_mailadmins)) {
email_to_user(get_admin(), get_admin(), "AUTHORIZE.NET CRON LOG", $this->log);
}
}
}
}
?>
Jump to Line
Something went wrong with that request. Please try again.