s2dpaysu.php /// Art: Payment /// Inhalt: Transaktionsscript für sofortueberweisung.de /// Beschreibung: Nimmt die Rückmeldung von sofortueberweisung.de entgegen und wertet diese entsprechend aus. /// Benötigt: normal /// CCML-Parsing: notwendig /// //////////////////////////////////////////////////////////////////////////// /// /// Letzte Änderungen: /// 20.03.2009 Sofortueberweisung md5 auf sha1 geändert /// //////////////////////////////////////////////////////////////////////////// ///<20.03.2009/6.0.4.3/> define('ROOT', './'); define('ASSETS', ROOT.'assets/'); require(ASSETS.'s2diconf.php'); require(CC_INCLUDE_INIT); $log = handle_transaction(); // Log speichern if (LOG_PAYMENT) save_to_file(FILE_PAYMENTLOG, "\nsofortueberweisung.de ".time()."\n".($log ? $log : 'OK')); // Ggf. 403 Header setzen für sofortueberweisung.de if ($log) { header(HTTP_FORBIDDEN); script_die(CC_RESSOURCE_FORBIDDEN, __FILE__, __LINE__); } //////////////////////////////////////////////////////////////////////////// function handle_transaction() { // Bezahlmethode einlesen $payment_id = is_post('user_variable_2') ? post('user_variable_2') : null; $payment = new payment(); if (!$pm = $payment->get($payment_id)) return "Cannot open payment $payment_id\n"; // Hash-Prüfung $fields = array( 'transaction', 'user_id', 'project_id', 'sender_holder', 'sender_account_number', 'sender_bank_code', 'sender_bank_name', 'sender_bank_bic', 'sender_iban', 'sender_country_id', 'recipient_holder', 'recipient_account_number', 'recipient_bank_code', 'recipient_bank_name', 'recipient_bank_bic', 'recipient_iban', 'recipient_country_id', 'international_transaction', 'amount', 'currency_id', 'reason_1', 'reason_2', 'security_criteria', 'user_variable_0', 'user_variable_1', 'user_variable_2', 'user_variable_3', 'user_variable_4', 'user_variable_5', 'created' ); foreach($fields as $field) $data[] = is_post($field) ? $_POST[$field] : ''; $data[] = $pm->parameter[3]; $hash = sha1(implode('|', $data)); if (!is_post('hash') || post('hash') != $hash) return "Hash mismatch\n"; //////////////////////////////////////////////////////////////////////////// Überprüfungen // Bestellnummer überprüfen und Bestellung laden $order_id = is_post('user_variable_0') ? post('user_variable_0') : null; $myorder = new order($order_id); if ($myorder->order_id != $order_id) return "No such order $order_id\n"; // Schlüssel überprüfen $key = is_post('user_variable_1') ? post('user_variable_1') : null; if ($myorder->generate_key() != $key) return "Key mismatch: '$key' and '".$myorder->generate_key()."' \n"; // Gesamtpreis überprüfen $total = is_post('amount') ? floatval(post('amount')) : 0; if ($total != $myorder->get_totalprice()) return "Total mismatch: '$total' and '".$myorder->get_totalprice()."' \n"; // Währung überprüfen $currency_id = is_post('currency_id') ? floatval(post('currency_id')) : ''; if ($currency_id != $pm->parameter[4]) return "Currency mismatch: '$currency_id' and '".$pm->parameter[4]."' \n"; // User ID überprüfen $user_id = is_post('user_id') ? floatval(post('user_id')) : ''; if ($user_id != $pm->parameter[1]) return "User mismatch: '$user_id' and '".$pm->parameter[1]."' \n"; // Projekt ID überprüfen $project_id = is_post('project_id') ? floatval(post('project_id')) : ''; if ($project_id != $pm->parameter[2]) return "Project mismatch: '$project_id' and '".$pm->parameter[2]."' \n"; //////////////////////////////////////////////////////////////////////////// Zahlung abschliessen // Falls Sofortspeicherung aktiviert ist, neuen Status eintragen if ($pm->autocharge) { $myorder->set_status(CC_RESSOURCE_ORDERSTATUSSHORT_WAITINGITEMS, true); $myorder->send_status_email(); } } ?>