s2dpaycb.php /// Art: Payment /// Inhalt: Transaktionsscript für ClickandBuy /// Beschreibung: Nimmt die Rückmeldung von ClickandBuy entgegen und wertet diese entsprechend aus. /// Benötigt: normal /// CCML-Parsing: notwendig /// //////////////////////////////////////////////////////////////////////////// /// /// Letzte Änderungen: /// //////////////////////////////////////////////////////////////////////////// ///<13.11.2008/6.0.3.5/> define('ROOT', './'); define('ASSETS', ROOT.'assets/'); require(ASSETS.'s2diconf.php'); require(CC_INCLUDE_INIT); $log = handle_transaction(); // Log speichern if (LOG_PAYMENT) save_to_file(FILE_PAYMENTLOG, "\nClick and Buy in ".time()."\n".($log ? $log : 'OK')); if ($log) { if ($myorder && $payment_id) redirect(CC_FILENAME_COMPLETE.'?'.PARAMETER_MODE.'=error&'.PARAMETER_ORDER.'='.$myorder->order_id.'&'.PARAMETER_KEY.'='.$myorder->generate_key().'&'.PARAMETER_ID.'='.$payment_id.'&result=error'); else script_die(CC_RESSOURCE_FORBIDDEN, __FILE__, __LINE__); } else redirect(CC_FILENAME_COMPLETE.'?'.PARAMETER_MODE.'=success&'.PARAMETER_ORDER.'='.$myorder->order_id.'&'.PARAMETER_KEY.'='.$myorder->generate_key().'&'.PARAMETER_ID.'='.$payment_id.'&result=success'); //////////////////////////////////////////////////////////////////////////// function handle_transaction() { global $payment_id, $myorder; // Parameter einlesen $order_id = is_get('oid') ? floor(get('oid')) : null; $external_bdrid = is_get('externalBDRID') ? get('externalBDRID') : null; $price = isset($_SERVER["HTTP_X_PRICE"]) ? floor(floor($_SERVER["HTTP_X_PRICE"]) / 1000) : null; //Price in Millicents! $rand = intval(substr($external_bdrid, 22, 2)); $session_cipher = substr($external_bdrid, 24, 10); // External BDRID überprüfen if ($session_cipher != substr(md5(CC_SITE_ENCRYPTIONKEY), $rand, 10)) return "ExternalBDRID not valid\nO: $order_id\nEB: $external_bdrid\nP: $price\nR: $rand\nSC: $session_cipher\n"; // Order_info überprüfen $order_info = substr($external_bdrid, 0, 22).substr($external_bdrid, 34, 10); if ($order_info != md5($order_id.floor($price).$session_cipher)) return "Orderinfo not valid\nO: $order_id\nEB: $external_bdrid\nP: $price\nR: $rand\nSC: $session_cipher\nOI: $order_info\nOIC: ".md5($order_id.floor($price).$session_cipher)."\n"; // ClickandBuy UID validieren $user_id = isset($_SERVER["HTTP_X_USERID"]) ? $_SERVER["HTTP_X_USERID"] : null; //Click&Buy Customer if (empty($user_id) || is_nan($user_id)) return "User_id not valid\n"; // IP Adresse überprüfen $ip = $_SERVER["REMOTE_ADDR"]; //Server IP from Click&Buy if (substr($ip, 0, 11) != '217.22.128.') return "IP not valid\n"; //////////////////////////////////////////////////////////////////////////// Überprüfungen // Bestellung laden und Bestellnummer überprüfen $myorder = new order($order_id); if ($myorder->order_id != $order_id) return "Order ID mismatch: '$order_id' and '".$myorder->order_id."' \n"; // Kundennummer überprüfen $client_id = is_get('cid') ? floor(get('cid')) : null; if ($myorder->client->client_id != $client_id) return "Client ID mismatch: '$client_id' and '".$myorder->client->client_id."' \n"; // Preis überprüfen if ($price != floor($myorder->get_totalprice() * 100)) return "Price mismatch: '$price' and '".$myorder->get_totalprice()."' \n"; // Bezahlmethode einlesen $payment_id = is_get('pid') ? get('pid') : null; $payment = new payment(); if (!$pm = $payment->get($payment_id)) return "Cannot open payment $payment_id\n"; //////////////////////////////////////////////////////////////////////////// Zahlung abschliessen // Falls Sofortspeicherung aktiviert ist, neuen Status eintragen if ($pm->autocharge) { $myorder->set_status(CC_RESSOURCE_ORDERSTATUSSHORT_WAITINGITEMS, true); $myorder->send_status_email(); } } ?>