Skip to content
Fetching contributors…
Cannot retrieve contributors at this time
executable file 716 lines (628 sloc) 25.3 KB
<?php // $Id$
// Authorize.net
define('AN_HOST', 'secure.authorize.net');
define('AN_HOST_TEST', 'certification.authorize.net');
define('AN_PORT', 443);
define('AN_PATH', '/gateway/transact.dll');
define('AN_APPROVED', '1');
define('AN_DECLINED', '2');
define('AN_ERROR', '3');
define('AN_DELIM', '|');
define('AN_ENCAP', '"');
/**
* New order. No transaction was made.
*/
define('AN_STATUS_NONE', 0x00);
/**
* Authorized.
*/
define('AN_STATUS_AUTH', 0x01);
/**
* Captured.
*/
define('AN_STATUS_CAPTURE', 0x02);
/**
* Auth_Captured.
*/
define('AN_STATUS_AUTHCAPTURE', AN_STATUS_AUTH|AN_STATUS_CAPTURE);
/**
* Refunded.
*/
define('AN_STATUS_CREDIT', 0x04);
/**
* Voided.
*/
define('AN_STATUS_VOID', 0x08);
/**
* Expired.
*/
define('AN_STATUS_EXPIRE', 0x10);
require_once("$CFG->dirroot/enrol/enrol.class.php");
/**
* enrolment_plugin_authorize
*
*/
class enrolment_plugin extends enrolment_base
{
/**
* Credit card error message.
*
* @var string
* @access public
*/
var $ccerrormsg;
/**
* Cron log.
*
* @var string
* @access public
*/
var $log;
/**
* Shows a credit card form for registration.
*
* @param object $course Course info
* @access public
*/
function print_entry($course)
{
global $CFG, $USER, $form;
if ($this->zero_cost($course) || isguest()) { // No money for guests ;)
parent::print_entry($course);
return;
}
// check payment
$this->prevent_double_paid($course);
// I want to pay on SSL.
if (empty($_SERVER['HTTPS'])) {
if (empty($CFG->loginhttps)) {
error(get_string("httpsrequired", "enrol_authorize"));
} else {
$wwwsroot = str_replace('http://','https://', $CFG->wwwroot);
$sdestination = "$wwwsroot/course/enrol.php?id=$course->id";
redirect($sdestination);
exit;
}
}
$formvars = array('password','ccfirstname','cclastname','cc','ccexpiremm','ccexpireyyyy','cctype','cvv','cczip');
foreach ($formvars as $var) {
if (!isset($form->$var)) {
$form->$var = '';
}
}
$teacher = get_teacher($course->id);
$strloginto = get_string("loginto", "", $course->shortname);
$strcourses = get_string("courses");
$userfirstname = empty($form->ccfirstname) ? $USER->firstname : $form->ccfirstname;
$userlastname = empty($form->cclastname) ? $USER->lastname : $form->cclastname;
$curcost = $this->get_course_cost($course);
print_header($strloginto, $course->fullname, "<a href=\"$CFG->wwwroot/course/\">$strcourses</a> -> $strloginto");
print_course($course, "80%");
if ($course->password) {
print_simple_box(get_string('choosemethod', 'enrol_authorize'), 'center');
$password = '';
include($CFG->dirroot . '/enrol/internal/enrol.html');
}
print_simple_box_start("center");
include($CFG->dirroot . '/enrol/authorize/enrol.html');
print_simple_box_end();
print_footer();
}
/**
* Checks form params.
*
* @param object $form Form parameters
* @param object $course Course info
* @access public
*/
function check_entry($form, $course) {
if ($this->zero_cost($course) || isguest() || (!empty($form->password))) {
parent::check_entry($form, $course);
} else {
$this->cc_submit($form, $course);
}
}
/**
* Credit card number mode.
* Send to authorize.net.
*
* @param object $form Form parameters
* @param object $course Course info
* @access private
*/
function cc_submit($form, $course)
{
global $CFG, $USER, $SESSION;
require_once($CFG->dirroot . '/enrol/authorize/ccval.php');
require_once($CFG->dirroot . '/enrol/authorize/action.php');
if (empty($form->ccfirstname) || empty($form->cclastname) ||
empty($form->cc) || empty($form->cvv) || empty($form->cctype) ||
empty($form->ccexpiremm) || empty($form->ccexpireyyyy) || empty($form->cczip)) {
$this->ccerrormsg = get_string("allfieldsrequired");
return;
}
if (!empty($CFG->an_test)) {
error("Credit card module cannot be present because of test mode");
return;
}
$this->prevent_double_paid($course);
$exp_date = ($form->ccexpiremm < 10) ? strval('0'.$form->ccexpiremm) : strval($form->ccexpiremm);
$exp_date .= $form->ccexpireyyyy;
$valid_cc = CCVal($form->cc, $form->cctype, $exp_date);
$curcost = $this->get_course_cost($course);
$useripno = getremoteaddr(); // HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, REMOTE_ADDR
if (!$valid_cc) {
$this->ccerrormsg = get_string( (($valid_cc===0) ? 'ccexpired' : 'ccinvalid'), 'enrol_authorize' );
return;
}
// NEW ORDER
$timenow = time();
$order = new stdClass();
$order->cclastfour = substr($form->cc, -4);
$order->ccname = $form->ccfirstname . " " . $form->cclastname;
$order->courseid = $course->id;
$order->userid = $USER->id;
$order->status = AN_STATUS_NONE; // it will be changed...
$order->settletime = 0; // cron changes this.
$order->timecreated = $timenow;
$order->amount = $curcost['cost'];
$order->currency = $curcost['currency'];
$order->id = insert_record("enrol_authorize", $order);
if (!$order->id) {
$this->email_to_admin("Error while trying to insert new data", $order);
$this->ccerrormsg = "Insert record error. Admin has been notified!";
return;
}
$extra = new stdClass();
$extra->x_first_name = $form->ccfirstname;
$extra->x_last_name = $form->cclastname;
$extra->x_address = $USER->address;
$extra->x_city = $USER->city;
$extra->x_zip = $form->cczip;
$extra->x_country = $USER->country;
$extra->x_state = '';
$extra->x_card_num = $form->cc;
$extra->x_card_code = $form->cvv;
$extra->x_currency_code = $curcost['currency'];
$extra->x_amount = $curcost['cost'];
$extra->x_exp_date = $exp_date;
$extra->x_email = $USER->email;
$extra->x_email_customer = 'TRUE';
$extra->x_cust_id = $USER->id;
$extra->x_customer_ip = $useripno;
$extra->x_phone = '';
$extra->x_fax = '';
$extra->x_invoice_num = $order->id;
$extra->x_description = $course->shortname;
$message = '';
$an_review = !empty($CFG->an_review);
$action = $an_review ? AN_ACTION_AUTH_ONLY : AN_ACTION_AUTH_CAPTURE;
$success = authorizenet_action($order, $message, $extra, $action);
if (!$success) {
$this->email_to_admin($message, $order);
$this->ccerrormsg = $message;
return;
}
if (intval($order->transid) == 0) { // I know it is test mode. :)
error("Credit card module cannot be present because of test mode");
return;
}
$SESSION->ccpaid = 1; // security check: don't duplicate payment
if ($an_review) { // review enabled, inform admin and redirect to main page.
if (update_record("enrol_authorize", $order)) {
$a->url = "$CFG->wwwroot/enrol/authorize/index.php?order=$order->id";
$a->orderid = $order->id;
$a->transid = $order->transid;
$a->amount = "$order->currency $order->amount";
$a->expireon = getsettletime($timenow + (30 * 3600 * 24));
$a->captureon = getsettletime($timenow + (intval($CFG->an_review_day) * 3600 * 24));
$a->course = $course->fullname;
$a->user = fullname($USER);
$a->acstatus = ($CFG->an_review_day > 0) ? get_string('yes') : get_string('no');
$emailmessage = get_string('adminneworder', 'enrol_authorize', $a);
$a->course = $course->shortname;
$a->orderid = $order->id;
$emailsubject = get_string('adminnewordersubject', 'enrol_authorize', $a);
$admins = get_admins();
foreach ($admins as $admin) {
email_to_user($admin, $USER, $emailsubject, $emailmessage);
}
}
else {
$this->email_to_admin("Error while trying to update data. Please edit manually this record: " .
"ID=$order->id in enrol_authorize table.", $order);
}
redirect($CFG->wwwroot, get_string("reviewnotify", "enrol_authorize"), '30');
return;
}
// credit card captured, ENROL student...
if (!update_record("enrol_authorize", $order)) {
$this->email_to_admin("Error while trying to update data. Please edit manually this record: " .
"ID=$order->id in enrol_authorize table.", $order);
// no error occured??? enrol student??? return??? Database busy???
}
if ($course->enrolperiod) {
$timestart = $timenow;
$timeend = $timestart + $course->enrolperiod;
} else {
$timestart = $timeend = 0;
}
if (enrol_student($USER->id, $course->id, $timestart, $timeend, 'authorize')) {
$teacher = get_teacher($course->id);
if (!empty($CFG->enrol_mailstudents)) {
$a->coursename = "$course->fullname";
$a->profileurl = "$CFG->wwwroot/user/view.php?id=$USER->id";
email_to_user($USER,
$teacher,
get_string("enrolmentnew", '', $course->shortname),
get_string('welcometocoursetext', '', $a));
}
if (!empty($CFG->enrol_mailteachers)) {
$a->course = "$course->fullname";
$a->user = fullname($USER);
email_to_user($teacher,
$USER,
get_string("enrolmentnew", '', $course->shortname),
get_string('enrolmentnewuser', '', $a));
}
if (!empty($CFG->enrol_mailadmins)) {
$a->course = "$course->fullname";
$a->user = fullname($USER);
$admins = get_admins();
foreach ($admins as $admin) {
email_to_user($admin,
$USER,
get_string("enrolmentnew", '', $course->shortname),
get_string('enrolmentnewuser', '', $a));
}
}
} else {
$this->email_to_admin("Error while trying to enrol ".fullname($USER)." in '$course->fullname'", $order);
}
if ($SESSION->wantsurl) {
$destination = $SESSION->wantsurl; unset($SESSION->wantsurl);
} else {
$destination = "$CFG->wwwroot/course/view.php?id=$course->id";
}
redirect($destination);
}
/**
* zero_cost
*
* @param unknown_type $course
* @return number
* @access private
*/
function zero_cost($course) {
$curcost = $this->get_course_cost($course);
return (abs($curcost['cost']) < 0.01);
}
/**
* get_course_cost
*
* @param unknown_type $course
* @return unknown
* @access private
*/
function get_course_cost($course)
{
global $CFG;
$cost = (float)0;
$currency = (!empty($course->currency))
? $course->currency :( empty($CFG->enrol_currency)
? 'USD' : $CFG->enrol_currency );
if (!empty($course->cost)) {
$cost = (float)(((float)$course->cost) < 0) ? $CFG->enrol_cost : $course->cost;
}
$cost = format_float($cost, 2);
$ret = array('cost' => $cost, 'currency' => $currency);
return $ret;
}
/**
* Gets access icons.
*
* @param object $course
* @return string
* @access public
*/
function get_access_icons($course) {
$str = parent::get_access_icons($course);
$curcost = $this->get_course_cost($course);
if (abs($curcost['cost']) > 0.00) {
$strrequirespayment = get_string("requirespayment");
$strcost = get_string("cost");
$currency = $curcost['currency'];
switch ($currency) {
case 'USD': $currency = 'US$'; break;
case 'CAD': $currency = 'C$'; break;
case 'EUR': $currency = '&euro;'; break;
case 'GBP': $currency = '&pound;'; break;
case 'JPY': $currency = '&yen;'; break;
}
$str .= '<div class="cost" title="'.$strrequirespayment.'">'.$strcost.': ';
$str .= $currency . ' ' . $curcost['cost'].'</div>';
}
return $str;
}
/**
* Shows config form & errors
*
* @param object $frm
* @access public
*/
function config_form($frm)
{
global $CFG;
if (!$this->check_openssl_loaded()) {
notify('PHP must be compiled with SSL support (--with-openssl)');
}
if (data_submitted()) {
// something POSTed, Some required fields
if (empty($frm->an_login)) {
notify("an_login required");
}
if (empty($frm->an_tran_key) && empty($frm->an_password)) {
notify("an_tran_key or an_password required");
}
if (empty($CFG->loginhttps)) {
notify("\$CFG->loginhttps must be ON");
}
// ******************* AUTOCAPTURE *******************
if (!(empty($frm->an_review) || $frm->an_review_day < 1)) {
// ++ENABLED++
// Cron must be runnig!!! Check last cron...
$mconfig = get_config('enrol/authorize');
$lastcron = intval($mconfig->an_lastcron);
if (time() - $lastcron > 3600 * 24) {
// Cron must be enabled if you want to use autocapture feature.
// Setup cron or disable an_review again...
// Otherwise, transactions will be cancelled unless you review it within 30 days.
notify(get_string('cronwarning', 'admin'));
}
} else {
// --DISABLED--
// Cron will NOT run anymore, because autocapture runs with cron.
// Transactions with AN_STATUS_AUTH will be cancelled and we can display this warning to admin!
// Admin can check (Accept|Deny) new transactions manually.
if ($count = count_records('enrol_authorize', 'status', AN_STATUS_AUTH)) {
notify("CRON DISABLED. TRANSACTIONS WITH A STATUS OF AN_STATUS_AUTH WILL BE CANCELLED UNLESS YOU CHECK IT. TOTAL $count");
}
}
// ***************************************************
}
include($CFG->dirroot.'/enrol/authorize/config.html');
}
/**
* process_config
*
* @param object $config
* @return bool true if it will be saved.
* @access public
*/
function process_config($config)
{
global $CFG;
// ENROL config
set_config('enrol_cost', optional_param('enrol_cost', 5, PARAM_INT) );
set_config('enrol_currency', optional_param('enrol_currency', 'USD', PARAM_ALPHA) );
set_config('enrol_mailstudents', optional_param('enrol_mailstudents', '') );
set_config('enrol_mailteachers', optional_param('enrol_mailteachers', '') );
set_config('enrol_mailadmins', optional_param('enrol_mailadmins', '') );
// AUTHORIZE.NET config
// not required!
set_config('an_test', optional_param('an_test', '') );
set_config('an_referer', optional_param('an_referer', 'http://', PARAM_URL) );
set_config('an_cutoff_hour', optional_param('an_cutoff_hour', '0') );
set_config('an_cutoff_min', optional_param('an_cutoff_min', '5') );
// required!
// if is it OK, process next config.
if (empty($CFG->loginhttps)) return false;
if (!$this->check_openssl_loaded()) return false;
$login_val = optional_param('an_login', '');
if (empty($login_val)) return false;
set_config('an_login', $login_val);
$tran_val = optional_param('an_tran_key', '');
$password_val = optional_param('an_password', '');
if (empty($tran_val) && empty($password_val)) return false;
set_config('an_password', $password_val);
set_config('an_tran_key', $tran_val);
// an_review & an_review_day & cron depencies...
$review_val = optional_param('an_review', '');
if (empty($review_val)) {
// review disabled. cron is not required. AUTH_CAPTURE works.
set_config('an_review', $review_val);
} else {
// review enabled.
$review_day_val = optional_param('an_review_day', 5, PARAM_INT);
if ($review_day_val < 0) $review_day_val = 0;
elseif ($review_day_val > 29) $review_day_val = 29;
if ($review_day_val > 0) {
// Cron must change an_lastcron. :))
$mconfig = get_config('enrol/authorize');
$lastcron = intval($mconfig->an_lastcron);
if (time() - $lastcron > 3600 * 24) {
// No!!! I am not lucky. No changes please...
return false;
}
}
set_config('an_review', $review_val);
set_config('an_review_day', $review_day_val);
}
return true;
}
/**
* email_to_admin
*
* @param string $subject
* @param mixed $data
* @access private
*/
function email_to_admin($subject, $data) {
$admin = get_admin();
$site = get_site();
$data = (array)$data;
$message = "$site->fullname: Transaction failed.\n\n$subject\n\n";
foreach ($data as $key => $value) {
$message .= "$key => $value\n";
}
email_to_user($admin, $admin, "CC ERROR: ".$subject, $message);
}
/**
* prevent_double_paid
*
* @param object $course
* @access private
*/
function prevent_double_paid($course)
{
global $CFG, $SESSION, $USER;
if ($rec = get_record('enrol_authorize', 'userid', $USER->id, 'courseid', $course->id, 'status', AN_STATUS_AUTH, 'id')) {
$a->orderid = $rec->id;
redirect($CFG->wwwroot, get_string("paymentpending", "enrol_authorize", $a), '20');
return;
}
if (isset($SESSION->ccpaid)) {
unset($SESSION->ccpaid);
redirect($CFG->wwwroot . '/login/logout.php');
return;
}
}
/**
* check_openssl_loaded
*
* @return bool
* @access private
*/
function check_openssl_loaded() {
return extension_loaded('openssl');
}
/**
* cron
* @access public
*/
function cron()
{
global $CFG;
parent::cron();
require_once("$CFG->dirroot/enrol/authorize/action.php");
$timenow = time();
$timenowsettle = getsettletime($timenow);
$timediff30 = $timenowsettle - (30 * 3600 * 24);
// These 2 lines must be HERE and must be EXUCUTED. See process_config.
// We use an_lastcron when processing AUTOCAPTURE feature.
// Order is important. 1. get_config 2. set_config
$mconfig = get_config('enrol/authorize'); // MUST be 1st.
set_config('an_lastcron', $timenow, 'enrol/authorize'); // MUST be 2nd.
$random100 = mt_rand(0, 100);
if ($random100 < 33) {
$select = "(status = '" .AN_STATUS_NONE. "') AND (timecreated < '$timediff30')";
delete_records_select('enrol_authorize', $select);
}
elseif ($random100 > 66) {
$select = "(status = '" .AN_STATUS_AUTH. "') AND (timecreated < '$timediff30')";
execute_sql("UPDATE {$CFG->prefix}enrol_authorize SET status = '" .AN_STATUS_EXPIRE. "' WHERE $select", false);
}
else {
$timediff60 = $timenowsettle - (60 * 3600 * 24);
$select = "(status = '" .AN_STATUS_EXPIRE. "') AND (timecreated < '$timediff60')";
delete_records_select('enrol_authorize', $select);
}
if (!empty($CFG->an_test)) {
return; // AUTOCAPTURE doesn't work in test mode.
}
if (empty($CFG->an_review) || empty($CFG->an_review_day) || $CFG->an_review_day < 1) {
return; // AUTOCAPTURE disabled. admin, teacher review it manually
}
// AUTO-CAPTURE: Transaction must be captured within 30 days. Otherwise it will expired.
$timediffcnf = $timenowsettle - (intval($CFG->an_review_day) * 3600 * 24);
$sql = "SELECT E.*, C.fullname, C.enrolperiod " .
"FROM {$CFG->prefix}enrol_authorize E " .
"INNER JOIN {$CFG->prefix}course C ON C.id = E.courseid " .
"WHERE (status = '" .AN_STATUS_AUTH. "') " .
" AND (E.timecreated < '$timediffcnf') AND (E.timecreated > '$timediff30')";
if (!$orders = get_records_sql($sql)) {
return;
}
// Calculate connection speed for each transaction. Default: 3 secs.
$everyconnection = empty($mconfig->an_eachconnsecs) ? 3 : intval($mconfig->an_eachconnsecs);
$ordercount = count((array)$orders);
$maxsecs = $everyconnection * $ordercount;
if ($maxsecs + intval($mconfig->an_lastcron) > $timenow) {
return; // autocapture runs every eachconnsecs*count.
}
$faults = '';
$sendem = array();
$elapsed = time();
@set_time_limit(0);
$this->log = "AUTHORIZE.NET AUTOCAPTURE CRON: " . userdate($timenow) . "\n";
foreach ($orders as $order) {
$message = '';
$extra = NULL;
$oldstatus = $order->status;
$success = authorizenet_action($order, $message, $extra, AN_ACTION_PRIOR_AUTH_CAPTURE);
if ($success) {
if (!update_record("enrol_authorize", $order)) {
$this->email_to_admin("Error while trying to update data. Please edit manually this record: " .
"ID=$order->id in enrol_authorize table.", $order);
}
$timestart = $timeend = 0;
if ($order->enrolperiod) {
$timestart = $timenow;
$timeend = $order->settletime + $order->enrolperiod;
}
if (enrol_student($order->userid, $order->courseid, $timestart, $timeend, 'authorize')) {
$this->log .= "User($order->userid) has been enrolled to course($order->courseid).\n";
$sendem[] = $order->id;
}
else {
$user = get_record('user', 'id', $order->userid);
$faults .= "Error while trying to enrol ".fullname($user)." in '$order->fullname' \n";
foreach ($order as $okey => $ovalue) {
$faults .= " $okey = $ovalue\n";
}
}
}
else { // not success
$this->log .= "Order $order->id: " . $message . "\n";
if ($order->status != $oldstatus) { //expired
update_record("enrol_authorize", $order);
}
}
}
$timenow = time();
$elapsed = $timenow - $elapsed;
$everyconnection = ceil($elapsed / $ordercount);
set_config('an_eachconnsecs', $everyconnection, 'enrol/authorize');
$this->log .= "AUTHORIZE.NET CRON FINISHED: " . userdate($timenow);
$adminuser = get_admin();
if (!empty($faults)) {
email_to_user($adminuser, $adminuser, "AUTHORIZE.NET CRON FAULTS", $faults);
}
if (!empty($CFG->enrol_mailadmins)) {
email_to_user($adminuser, $adminuser, "AUTHORIZE.NET CRON LOG", $this->log);
}
// send emails
if (empty($sendem) || empty($CFG->enrol_mailstudents)) {
return;
}
$select = "SELECT E.id, E.courseid, E.userid, C.fullname " .
"FROM {$CFG->prefix}enrol_authorize E " .
"INNER JOIN {$CFG->prefix}course C ON C.id = E.courseid " .
"WHERE E.id IN(" . implode(',', $sendem) . ") " .
"ORDER BY E.courseid";
$lastcourse = 0;
$orders = get_records_sql($select);
foreach ($orders as $order) {
if ($lastcourse != $order->courseid) {
$teacher = get_teacher($order->courseid);
}
$user = get_record('user', 'id', $order->userid);
$a->coursename = $order->fullname;
$a->profileurl = "$CFG->wwwroot/user/view.php?id=$user->id";
email_to_user($user, $teacher,
get_string("enrolmentnew", '', $order->fullname),
get_string('welcometocoursetext', '', $a));
}
}
}
?>
Jump to Line
Something went wrong with that request. Please try again.