s2dpaysp.php /// Art: Payment /// Inhalt: Transaktionsscript für Saferpay /// Beschreibung: Nimmt die Rückmeldung von Saferpay entgegen und wertet diese entsprechend aus. /// Benötigt: normal /// CCML-Parsing: notwendig /// //////////////////////////////////////////////////////////////////////////// /// /// Letzte Änderungen: /// //////////////////////////////////////////////////////////////////////////// ///<20.10.2008/6.0.3.2/> define('ROOT', './'); define('ASSETS', ROOT.'assets/'); require(ASSETS.'s2diconf.php'); require(CC_INCLUDE_INIT); if (!in_array(ini_get('allow_url_fopen'), array('1', 'On', 'on', 'ON'))) { @ini_set('allow_url_fopen', '1'); if (!in_array(ini_get('allow_url_fopen'), array('1', 'On', 'on', 'ON'))) die('Can not handle request due to provider restrictions'); } $log = handle_transaction(); // Log speichern if (LOG_PAYMENT) save_to_file(FILE_PAYMENTLOG, "\nSaferpay ".time()."\n".($log ? $log : 'OK')); if ($log) script_die(CC_RESSOURCE_FORBIDDEN, __FILE__, __LINE__); //////////////////////////////////////////////////////////////////////////// function handle_transaction() { $data = is_post('DATA') ? $_POST['DATA'] : null; $signature = is_post('SIGNATURE') ? $_POST['SIGNATURE'] : null; // Parameter überpüfen if (!$data || !$signature) return "Data and or signature missing\n"; // Prüfung ob Anfrage von Saferpay kommt $query = 'https://www.saferpay.com/hosting/VerifyPayConfirm.asp?'."DATA=".rawurlencode($data)."&SIGNATURE=$signature"; $response = join("", file($query)); if (!preg_match('/^OK:/', $response)) return "VerifyPayConfirm failed: $response\n"; //////////////////////////////////////////////////////////////////////////// Überprüfungen // Bezahlmethode einlesen $payment_id = is_get(PARAMETER_ID) ? get(PARAMETER_ID) : null; $payment = new payment(); if (!$pm = $payment->get($payment_id)) return "Cannot open payment $payment_id\n"; // Auccount ID auslesen und vergleichen preg_match('/ACCOUNTID="([\d\-]+)"/', $data, $parts); $account_id = $parts[1]; if ($account_id != $pm->parameter[1]) return "Account ID mismatch: '$account_id' and '".$pm->parameter[1]."'\n"; // Bestellnummer überprüfen $order_id = is_get(PARAMETER_ORDER) ? floor(get(PARAMETER_ORDER)) : null; preg_match('/ORDERID="(\d+)"/', $data, $parts); $order_id2 = $parts[1]; if ($order_id != $order_id2) return "Order ID mismatch: '$order_id' and '".$order_id2."' \n"; // Bestellung laden $myorder = new order($order_id); if ($myorder->order_id != $order_id) return "No such order $order_id\n"; // Schlüssel überprüfen $key = is_get(PARAMETER_KEY) ? get(PARAMETER_KEY) : null; if ($myorder->generate_key() != $key) return "Key mismatch: '$key' and '".$myorder->generate_key()."' \n"; // Gesamtpreis überprüfen preg_match('/AMOUNT="(\d+)"/', $data, $parts); $total = intval($parts[1]) / 100; if ($total != $myorder->get_totalprice()) return "Total mismatch: '$total' and '".$myorder->get_totalprice()."' \n"; // Währung überprüfen preg_match('/CURRENCY="([A-Z]+)"/', $data, $parts); $currency = $parts[1]; if ($currency != $pm->parameter[3]) return "Currency mismatch: '$currency' and '".$pm->parameter[3]."' \n"; //////////////////////////////////////////////////////////////////////////// Zahlung abschliessen // Zahlung abschliessen preg_match('/ ID="([a-zA-Z0-9]+)"/', $data, $parts); $id = $parts[1]; $query = 'https://www.saferpay.com/hosting/PayComplete.asp?'."ACCOUNTID=$account_id&ID=$id"; if (PAYMENT_TESTMODE) $query .= '&spPassword=XAjc3Kna'; $response = join("", file($query)); if (!preg_match('/^OK/', $response)) return "PayCompletey failed: $response\n"; // Falls Sofortspeicherung aktiviert ist, neuen Status eintragen if ($pm->autocharge) { $myorder->set_status(CC_RESSOURCE_ORDERSTATUSSHORT_WAITINGITEMS, true); $myorder->send_status_email(); } } ?>