tpayPaymentCard

Class PaymentCard.

Defined (1)

The class is defined in the following location(s).

/includes/lib/src/_class_tpay/paymentCard.php  
  1. class PaymentCard 
  2. const RESULT = 'result'; 
  3. const ORDERID = 'order_id'; 
  4. const STRING = 'string'; 
  5. const SALE_AUTH = 'sale_auth'; 
  6. const REMOTE_ADDR = 'REMOTE_ADDR'; 
  7. /** 
  8. * Merchant id 
  9. * @var int 
  10. */ 
  11. protected $merchantId = '[MERCHANT_ID]'; 
  12.  
  13. /** 
  14. * Merchant secret 
  15. * @var string 
  16. */ 
  17. private $merchantSecret = '[MERCHANT_SECRET]'; 
  18.  
  19. /** 
  20. * Card API key 
  21. * @var string 
  22. */ 
  23. private $apiKey = '[CARD_API_KEY]'; 
  24.  
  25. /** 
  26. * Card API password 
  27. * @var string 
  28. */ 
  29. private $apiPass = '[CARD_API_PASSWORD]'; 
  30.  
  31. /** 
  32. * Card API code 
  33. * @var string 
  34. */ 
  35. private $code = '[CARD_API_CODE]'; 
  36.  
  37. /** 
  38. * Card RSA key 
  39. * @var string 
  40. */ 
  41. private $keyRSA = '[CARD_RSA_KEY]'; 
  42.  
  43. /** 
  44. * Card hash algorithm 
  45. * @var string 
  46. */ 
  47. private $hashAlg = '[CARD_HASH_ALG]'; 
  48.  
  49. /** 
  50. * Currency code 
  51. * @var string 
  52. */ 
  53. private $currency = '985'; 
  54.  
  55. /** 
  56. * tpay payment url 
  57. * @var string 
  58. */ 
  59. private $apiURL = 'https://secure.transferuj.pl/cards/'; 
  60.  
  61. /** 
  62. * tpay response IP 
  63. * @var string 
  64. */ 
  65. private $secureIP = array( 
  66. '176.119.38.175' 
  67. ); 
  68.  
  69. /** 
  70. * If false library not validate tpay server IP 
  71. * @var bool 
  72. */ 
  73. private $validateServerIP = true; 
  74.  
  75. /** 
  76. * PaymentCard class constructor for payment: 
  77. * - card by panel 
  78. * - card direct sale 
  79. * - for saved cards 
  80. * @param string|bool $merchantId merchant id 
  81. * @param string|bool $merchantSecret merchant secret 
  82. * @param string|bool $apiKey card api key 
  83. * @param string|bool $apiPass card API password 
  84. * @param string|bool $code card API code 
  85. * @param string|bool $hashAlg card hash algorithm 
  86. * @param string|bool $keyRSA card RSA key 
  87. */ 
  88. public function __construct( 
  89. $merchantId = false,  
  90. $merchantSecret = false,  
  91. $apiKey = false,  
  92. $apiPass = false,  
  93. $code = false,  
  94. $hashAlg = false,  
  95. $keyRSA = false 
  96. ) { 
  97. if ($merchantId !== false) { 
  98. $this->merchantId = $merchantId; 
  99. if ($merchantSecret !== false) { 
  100. $this->merchantSecret = $merchantSecret; 
  101. if ($apiKey !== false) { 
  102. $this->apiKey = $apiKey; 
  103. if ($apiPass !== false) { 
  104. $this->apiPass = $apiPass; 
  105. if ($code !== false) { 
  106. $this->code = $code; 
  107. if ($hashAlg !== false) { 
  108. $this->hashAlg = $hashAlg; 
  109. if ($keyRSA !== false) { 
  110. $this->keyRSA = $keyRSA; 
  111.  
  112. require_once(dirname(__FILE__) . '/util.php'); 
  113. Util::loadClass('validate'); 
  114. Util::loadClass('exception'); 
  115. Util::loadClass('lang'); 
  116. Util::checkVersionPHP(); 
  117.  
  118. Validate::validateMerchantId($this->merchantId); 
  119. Validate::validateMerchantSecret($this->merchantSecret); 
  120.  
  121. Validate::validateCardApiKey($this->apiKey); 
  122. Validate::validateCardApiPassword($this->apiPass); 
  123. Validate::validateCardCode($this->code); 
  124. Validate::validateCardHashAlg($this->hashAlg); 
  125. Validate::validateCardRSAKey($this->keyRSA); 
  126.  
  127. Util::loadClass('cardApi'); 
  128.  
  129. /** 
  130. * Disabling validation of payment notification server IP 
  131. * Validation of tpay server ip is very important. 
  132. * Use this method only in test mode and be sure to enable validation in production. 
  133. */ 
  134. public function disableValidationServerIP() 
  135. $this->validateServerIP = false; 
  136.  
  137. /** 
  138. * Enabling validation of payment notification server IP 
  139. */ 
  140. public function enableValidationServerIP() 
  141. $this->validateServerIP = true; 
  142.  
  143. /** 
  144. * Create HTML form for panel payment based on transaction config 
  145. * More information about config fields @see Validate::$cardPaymentRequestFields 
  146. * @param array $config transaction config 
  147. * @return string 
  148. * @throws TException 
  149. */ 
  150. public function getTransactionForm($config) 
  151. $config = Validate::validateConfig(Validate::PAYMENT_TYPE_CARD, $config); 
  152.  
  153. $curr = isset($config['currency']) ? $config['currency'] : $this->currency; 
  154.  
  155. $api = new CardAPI($this->apiKey, $this->apiPass, $this->code, $this->hashAlg); 
  156. $apiResponse = $api->registerSale( 
  157. $config['name'],  
  158. $config['email'],  
  159. $config['desc'],  
  160. $config['amount'],  
  161. $curr,  
  162. $config[static::ORDERID] 
  163. ); 
  164.  
  165. Util::log('card register sale', print_r($apiResponse, true)); 
  166. if (!is_array($apiResponse) 
  167. || 
  168. !isset($apiResponse[static::RESULT]) 
  169. || 
  170. !isset($apiResponse[static::SALE_AUTH]) 
  171. ) { 
  172. throw new TException('Invalid api response code'); 
  173.  
  174. $data = array( 
  175. 'action_url' => $this->apiURL,  
  176. 'merchant_id' => $this->merchantId,  
  177. static::SALE_AUTH => $apiResponse[static::SALE_AUTH],  
  178. ); 
  179.  
  180. return Util::parseTemplate('card/_tpl/paymentForm', $data); 
  181.  
  182. /** 
  183. * Check cURL request from tpay server after payment. 
  184. * This method check server ip, required fields and md5 checksum sent by payment server. 
  185. * Display information to prevent sending repeated notifications. 
  186. * @return mixed 
  187. * @throws TException 
  188. */ 
  189. public function handleNotification() 
  190. Util::log('card handle notification', print_r($_POST, true)); 
  191.  
  192. $notificationType = Util::post('type', static::STRING); 
  193. if ($notificationType === 'sale') { 
  194. $response = Validate::getResponse(Validate::PAYMENT_TYPE_CARD); 
  195. } elseif ($notificationType === 'deregister') { 
  196. $response = Validate::getResponse(Validate::CARD_DEREGISTER); 
  197. } else { 
  198. throw new TException('Unknown notification type'); 
  199.  
  200. if ($this->validateServerIP === true && $this->checkServer() === false) { 
  201. throw new TException('Request is not from secure server'); 
  202.  
  203. echo json_encode(array(static::RESULT => '1')); 
  204.  
  205. if ($notificationType === 'sale' && $response['status'] === 'correct') { 
  206. $resp = array( 
  207. static::ORDERID => $response[static::ORDERID],  
  208. 'sign' => $response['sign'],  
  209. static::SALE_AUTH => $response[static::SALE_AUTH],  
  210. 'date' => $response['date'],  
  211. 'card' => $response['card'] 
  212. ); 
  213. if (isset($response['test_mode'])) { 
  214.  
  215. $resp['test_mode'] = $response['test_mode']; 
  216. return $resp; 
  217. } elseif ($notificationType === 'deregister') { 
  218. return $response; 
  219. } else { 
  220. throw new TException('Incorrect payment'); 
  221.  
  222. /** 
  223. * Check if request is called from secure tpay server 
  224. * @return bool 
  225. */ 
  226. private function checkServer() 
  227. if (!isset($_SERVER[static::REMOTE_ADDR]) 
  228. || !in_array($_SERVER[static::REMOTE_ADDR], $this->secureIP) 
  229. ) { 
  230. return false; 
  231.  
  232. return true; 
  233.  
  234. /** 
  235. * Get HTML form for direct sale gate. Using for payment in merchant shop 
  236. * @param string $staticFilesURL path to library static files 
  237. * @param string $paymentRedirectPath payment redirect path 
  238. * @return string 
  239. * @throws TException 
  240. */ 
  241. public function getDirectCardForm($staticFilesURL = '', $paymentRedirectPath = 'index.html') 
  242.  
  243. if (!is_string($this->keyRSA) || $this->keyRSA === '') { 
  244. throw new TException('Invalid api response code'); 
  245.  
  246. $data = array( 
  247. 'rsa_key' => $this->keyRSA,  
  248. 'static_files_url' => $staticFilesURL,  
  249. 'payment_redirect_path' => $paymentRedirectPath 
  250. ); 
  251.  
  252. return Util::parseTemplate('card/_tpl/gate', $data); 
  253.  
  254. /** 
  255. * Get HTML form for saved card transaction. Using for payment in merchant shop 
  256. * @param string $cliAuth client auth sign form prev payment 
  257. * @param string $desc transaction description 
  258. * @param float $amount amount 
  259. * @param string $confirmationUrl url to send confirmation 
  260. * @param string $orderId order id 
  261. * @param string $language language 
  262. * @param string $currency currency 
  263. * @return string 
  264. * @throws TException 
  265. */ 
  266. public function getCardSavedForm( 
  267. $cliAuth,  
  268. $desc,  
  269. $amount,  
  270. $confirmationUrl,  
  271. $orderId = '',  
  272. $language = 'pl',  
  273. $currency = '985' 
  274. ) { 
  275. $api = new CardAPI($this->apiKey, $this->apiPass, $this->code, $this->hashAlg); 
  276.  
  277. $resp = $api->presale($cliAuth, $desc, $amount, $currency, $orderId, $language); 
  278.  
  279. Util::log('Card saved presale response', print_r($resp, true)); 
  280.  
  281. if ((int)$resp[static::RESULT] === 1) { 
  282. $data = array( 
  283. static::SALE_AUTH => $resp[static::SALE_AUTH],  
  284. 'confirmation_url' => $confirmationUrl,  
  285. static::ORDERID => $orderId 
  286. ); 
  287.  
  288. return Util::parseTemplate('card/_tpl/savedCard', $data); 
  289. } else { 
  290. throw new TException('Order data is invalid'); 
  291.  
  292. /** 
  293. * Card direct sale. Handle request from card gate form in merchant site 
  294. * from method getDirectCardForm 
  295. * Validate transaction config and all input fields 
  296. * @param float $orderAmount amount of payment 
  297. * @param int $orderID order id 
  298. * @param string $orderDesc order description 
  299. * @param string $currency transaction currency 
  300. * @return bool|mixed 
  301. * @throws TException 
  302. */ 
  303. public function directSale($orderAmount, $orderID, $orderDesc, $currency = '985') 
  304. $cardData = Util::post('carddata', static::STRING); 
  305. $clientName = Util::post('client_name', static::STRING); 
  306. $clientEmail = Util::post('client_email', static::STRING); 
  307. $saveCard = Util::post('card_save', static::STRING); 
  308.  
  309. Util::log('Card direct post params', print_r(INPUT_POST, true)); 
  310.  
  311. $oneTimeTransaction = ($saveCard !== 'on'); 
  312. $amount = number_format(str_replace(array(', ', ' '), array('.', ''), $orderAmount), 2, '.', ''); 
  313. $amount = (float)$amount; 
  314.  
  315. $api = new CardAPI($this->apiKey, $this->apiPass, $this->code, $this->hashAlg); 
  316.  
  317. $tmpConfig = array( 
  318. 'amount' => $amount,  
  319. 'name' => $clientName,  
  320. 'email' => $clientEmail,  
  321. 'desc' => $orderDesc,  
  322. static::ORDERID => $orderID,  
  323.  
  324. ); 
  325.  
  326.  
  327. Validate::validateConfig(Validate::PAYMENT_TYPE_CARD_DIRECT, $tmpConfig); 
  328. $currency = Validate::validateCardCurrency($currency); 
  329. $response = $api->directSale( 
  330. $clientName,  
  331. $clientEmail,  
  332. $orderDesc,  
  333. $amount,  
  334. $cardData,  
  335. $currency,  
  336. $orderID,  
  337. $oneTimeTransaction 
  338.  
  339. ); 
  340.  
  341. Util::log('card direct sale response', print_r($response, true)); 
  342.  
  343. return $response; 
  344.  
  345. public function secureSale( 
  346. $orderAmount,  
  347. $orderID,  
  348. $orderDesc,  
  349. $currency = '985',  
  350. $enablePowUrl = false,  
  351. $language = 'pl',  
  352. $powUrl = '',  
  353. $powUrlBlad = '' 
  354. ) { 
  355. $cardData = Util::post('carddata', static::STRING); 
  356. $clientName = Util::post('client_name', static::STRING); 
  357. $clientEmail = Util::post('client_email', static::STRING); 
  358. $saveCard = Util::post('card_save', static::STRING); 
  359.  
  360. Util::log('Card secureSale post params', print_r($_POST, true)); 
  361.  
  362. $oneTimeTransaction = ($saveCard !== 'on'); 
  363. $amount = number_format(str_replace(array(', ', ' '), array('.', ''), $orderAmount), 2, '.', ''); 
  364. $amount = (float)$amount; 
  365.  
  366. $api = new CardAPI($this->apiKey, $this->apiPass, $this->code, $this->hashAlg); 
  367.  
  368. $tmpConfig = array( 
  369. 'amount' => $amount,  
  370. 'name' => $clientName,  
  371. 'email' => $clientEmail,  
  372. 'desc' => $orderDesc,  
  373. static::ORDERID => $orderID,  
  374. 'enable_pow_url' => $enablePowUrl,  
  375. 'pow_url' => $powUrl,  
  376. 'pow_url_blad' => $powUrlBlad 
  377. ); 
  378.  
  379.  
  380. Validate::validateConfig(Validate::PAYMENT_TYPE_CARD_DIRECT, $tmpConfig); 
  381. $currency = Validate::validateCardCurrency($currency); 
  382.  
  383.  
  384. $response = $api->secureSale( 
  385. $clientName,  
  386. $clientEmail,  
  387. $orderDesc,  
  388. $amount,  
  389. $cardData,  
  390. $currency,  
  391. $orderID,  
  392. $oneTimeTransaction,  
  393. $language,  
  394. $enablePowUrl,  
  395. $powUrl,  
  396. $powUrlBlad 
  397. ); 
  398.  
  399. Util::log('card secure sale response', print_r($response, true)); 
  400.  
  401. return $response; 
  402.  
  403. /** 
  404. * Register sale for client saved card 
  405. * @param string $cliAuth client auth sign 
  406. * @param string $saleAuth client sale sign 
  407. * @return bool|mixed 
  408. */ 
  409. public function cardSavedSale($cliAuth, $saleAuth) 
  410. $api = new CardAPI($this->apiKey, $this->apiPass, $this->code, $this->hashAlg); 
  411.  
  412. return $api->sale($cliAuth, $saleAuth); 
  413.  
  414. /** 
  415. * Check md5 sum to validate tpay response. 
  416. * The values of variables that md5 sum includes are available only for 
  417. * merchant and tpay system. 
  418. * @param string $sign 
  419. * @param string $testMode 
  420. * @param string $saleAuth 
  421. * @param string $orderId 
  422. * @param string $card 
  423. * @param float $amount 
  424. * @param string $saleDate 
  425. * @param string $currency 
  426. * @throws TException 
  427. */ 
  428. public function validateSign( 
  429. $sign,  
  430. $saleAuth,  
  431. $card,  
  432. $amount,  
  433. $saleDate,  
  434. $status,  
  435. $currency = '985',  
  436. $testMode = '',  
  437. $orderId = '',  
  438. $sale = 'sale',  
  439. $cliAuth = '',  
  440. $reason = '' 
  441. ) { 
  442. $hash = hash($this->hashAlg, $sale . $testMode . $saleAuth . $orderId . $cliAuth . $card . 
  443. $currency . $amount . $saleDate . $status . $reason . $this->code); 
  444.  
  445. if ($sign !== $hash) { 
  446. throw new TException('Card payment - invalid checksum'); 
  447.