Totally rewritten Datatrans payment module, for Isotope 1.3 only!

Author: aschempp

PaymentDatatrans.php

@@ -23,18 +23,17 @@
  * PHP version 5
  * @copyright  Isotope eCommerce Workgroup 2009-2011
  * @author     Andreas Schempp <[email protected]>
- * @author     Leo Unglaub <leo[email protected]>
+ * @author     Leo Unglaub <leo@leo-unglaub.net>
  * @license    http://opensource.org/licenses/lgpl-3.0.html
  * @version    $Id: $
  */
 
 
 class PaymentDatatrans extends IsotopePayment
 {
+
 	/**
 	 * Return a list of status options.
-	 *
-	 * @access public
 	 * @return array
 	 */
 	public function statusOptions()
@@ -44,78 +43,96 @@ public function statusOptions()
 
 
 	/**
-	 * Server 2 Server check
+	 * Perform server to server data check
 	 */
 	public function processPostSale()
 	{
-		$this->import('Input');
-
-		// stop if something went wrong
+		// Verify payment status
 		if ($this->Input->post('status') != 'success')
 		{
-			$this->log('Order ID "' . $this->Input->post('refno') . '" has NOT succeedet. UPP Transaction Id: ' . $this->Input->post('uppTransactionId'), __METHOD__, TL_ERROR);
-			return;
+			$this->log('Payment for order ID "' . $this->Input->post('refno') . '" failed.', __METHOD__, TL_ERROR);
+			return false;
 		}
-
+		
 		$objOrder = new IsotopeOrder();
 
 		if (!$objOrder->findBy('id', $this->Input->post('refno')))
 		{
 			$this->log('Order ID "' . $this->Input->post('refno') . '" not found', __METHOD__, TL_ERROR);
-			return;
+			return false;
 		}
 
-		// check if the details are okay
-		if ($this->Input->post('merchantId') == $this->datatrans_id)
+		// Validate HMAC sign
+		if ($this->Input->post('sign2') != hash_hmac('md5', $this->datatrans_id.$this->Input->post('amount').$this->Input->post('currency').$this->Input->post('uppTransactionId'), $this->datatrans_sign))
 		{
-			// do the optional sign check
-			if ($this->datatrans_sign == 1)
-			{
-				if ($this->datatrans_sign_value != $this->Input->post('sign'))
-				{
-					$this->log('Call without a valid sign id', __METHOD__, TL_ERROR);
-					return;
-				}
-			}
-
-			// new in isotope 1.3
-			if (version_compare(ISO_VERSION, '0.2', '>'))
-			{
-				$objOrder->checkout();
-			}
-
-			$objOrder->date_payed = time();
-			$objOrder->save();
+			$this->log('Invalid HMAC signature for Order ID ' . $this->Input->post('refno'), __METHOD__, TL_ERROR);
+			return false;
+		}
 
+		// For maximum security, also validate individual parameters
+		if (!$this->validateParameters(array
+		(
+			'refno'		=> $objOrder->id,
+			'currency'	=> $objOrder->currency,
+			'amount'	=> round($objOrder->grandTotal * 100),
+			'reqtype'	=> ($this->trans_type == 'auth' ? 'NOA' : 'CAA'),
+		)))
+		{
+			return false;
 		}
+		
+		$objOrder->checkout();
+		$objOrder->date_payed = time();
+		$objOrder->save();
 	}
 
 
 	/**
-	 * Check if the server to server check was sucessfull before we tag the order as payed
+	 * Validate post parameters and complete order
 	 * @return bool
 	 */
 	public function processPayment()
 	{
 		$objOrder = new IsotopeOrder();
-
 		if (!$objOrder->findBy('cart_id', $this->Isotope->Cart->id))
 		{
-			$this->log('Cart ID "' . $this->Isotope->Cart->id . '" not found', __METHOD__, TL_ERROR);
-			$this->redirect($this->addToUrl('step=failed', true));
+			return false;
 		}
 
-		if ($objOrder->date_payed > 0)
+		if ($objOrder->date_payed > 0 && $objOrder->date_payed <= time())
+		{
+			unset($_SESSION['PAYMENT_TIMEOUT']);
 			return true;
+		}
+
+		if (!isset($_SESSION['PAYMENT_TIMEOUT']))
+		{
+			$_SESSION['PAYMENT_TIMEOUT'] = 60;
+		}
+		else
+		{
+			$_SESSION['PAYMENT_TIMEOUT'] = $_SESSION['PAYMENT_TIMEOUT'] - 5;
+		}
+
+		if ($_SESSION['PAYMENT_TIMEOUT'] === 0)
+		{
+			global $objPage;
+			$this->log('Payment could not be processed.', __METHOD__, TL_ERROR);
+			$this->redirect($this->generateFrontendUrl($objPage->row(), '/step/failed'));
+		}
+
+		// Reload page every 5 seconds and check if payment was successful
+		$GLOBALS['TL_HEAD'][] = '<meta http-equiv="refresh" content="5,' . $this->Environment->base . $this->Environment->request . '">';
 
-		$this->redirect($this->addToUrl('step=failed', true));
+		$objTemplate = new FrontendTemplate('mod_message');
+		$objTemplate->type = 'processing';
+		$objTemplate->message = $GLOBALS['TL_LANG']['MSC']['payment_processing'];
+		return $objTemplate->parse();
 	}
 
 
 	/**
-	 * Generate the submit form for datatrans and if javascript
-	 * is enabled redirect automaticly
-	 *
+	 * Generate the submit form for datatrans and if javascript is enabled redirect automaticly
 	 * @return string
 	 */
 	public function checkoutForm()
@@ -126,33 +143,67 @@ public function checkoutForm()
 		{
 			$this->redirect($this->addToUrl('step=failed', true));
 		}
+		
+		$arrAddress = $this->Isotope->Cart->billing_address;
 
-		$this->loadLanguageFile('tl_iso_payment_modules');
 		$arrParams = array
 		(
-			'merchantId'	=> $objOrder->Payment->datatrans_id,
-			'amount'		=> $this->Isotope->Cart->grandTotal,
-			'currency'		=> $this->Isotope->Config->currency,
-			'refno'			=> $objOrder->id, // Order or transaction ID
-			'mod'			=> 'pay',
-			'id'			=> $this->id
+			'merchantId'			=> $this->datatrans_id,
+			'amount'				=> round($this->Isotope->Cart->grandTotal * 100),
+			'currency'				=> $this->Isotope->Config->currency,
+			'refno'					=> $objOrder->id,
+			'language'				=> $GLOBALS['TL_LANGUAGE'],
+			'reqtype'				=> ($this->trans_type == 'auth' ? 'NOA' : 'CAA'),
+			'uppCustomerDetails'	=> 'yes',
+			'uppCustomerTitle'		=> $arrAddress['salutation'],
+			'uppCustomerFirstName'	=> $arrAddress['firstname'],
+			'uppCustomerLastName'	=> $arrAddress['lastname'],
+			'uppCustomerStreet'		=> $arrAddress['street_1'],
+			'uppCustomerStreet2'	=> $arrAddress['street_2'],
+			'uppCustomerCity'		=> $arrAddress['city'],
+			'uppCustomerCountry'	=> $arrAddress['country'],
+			'uppCustomerZipCode'	=> $arrAddress['postal'],
+			'uppCustomerPhone'		=> $arrAddress['phone'],
+			'uppCustomerEmail'		=> $arrAddress['email'],
+			'successUrl'			=> ampersand($this->Environment->base . $this->addToUrl('step=complete', true)),
+			'errorUrl'				=> ampersand($this->Environment->base . $this->addToUrl('step=failed', true)),
+			'cancelUrl'				=> ampersand($this->Environment->base . $this->addToUrl('step=failed', true)),
+			'mod'					=> 'pay',
+			'id'					=> $this->id,
 		);
-
-		// add the security sign
-		if ($this->datatrans_sign == 1)
-		{
-			$arrParams['sign'] = $this->datatrans_sign_value;
-		}
+		
+		// Security signature (see Security Level 2)
+		$arrParams['sign'] = hash_hmac('md5', $arrParams['merchantId'].$arrParams['amount'].$arrParams['currency'].$arrParams['refno'], $this->datatrans_sign);
 
 		$objTemplate = new FrontendTemplate('iso_payment_datatrans');
-		$objTemplate->params = $arrParams;
-		$objTemplate->action = 'https://pilot.datatrans.biz/upp/jsp/upStart.jsp'; // Live URL: https://payment.datatrans.biz/upp/jsp/upStart.jsp
-		$objTemplate->slabel = $GLOBALS['TL_LANG']['tl_iso_payment_modules']['datatrans_label_pay'];
 		$objTemplate->id = $this->id;
+		$objTemplate->action = ('https://' . ($this->debug ? 'pilot' : 'payment') . '.datatrans.biz/upp/jsp/upStart.jsp');
+		$objTemplate->params = $arrParams;
+		$objTemplate->headline = $GLOBALS['TL_LANG']['MSC']['pay_with_redirect'][0];
+		$objTemplate->message = $GLOBALS['TL_LANG']['MSC']['pay_with_redirect'][1];
+		$objTemplate->slabel = specialchars($GLOBALS['TL_LANG']['MSC']['pay_with_redirect'][2]);
 
 		return $objTemplate->parse();
 	}
+	
+	
+	/**
+	 * Validate array of post parameter agains required values
+	 * @param array
+	 * @return boolean
+	 */
+	private function validateParameters(array $arrData)
+	{
+		foreach ($arrData as $key => $value)
+		{
+			if ($this->Input->post($key) != $value)
+			{
+				$this->log('Wrong data for parameter "' . $key . '" (Order ID "' . $this->Input->post('refno') . ').', __METHOD__, TL_ERROR);
+				return false;
+			}
+		}
+		
+		return true;
+	}
 }
 
-
-?>

config/config.php

@@ -22,7 +22,8 @@
  *
  * PHP version 5
  * @copyright  Isotope eCommerce Workgroup 2009-2011
- * @author     Leo Unglaub <[email protected]>
+ * @author     Andreas Schempp <[email protected]>
+ * @author     Leo Unglaub <[email protected]>
  * @license    http://opensource.org/licenses/lgpl-3.0.html
  * @version    $Id: $
  */
@@ -33,4 +34,3 @@
  */
 $GLOBALS['ISO_PAY']['datatrans'] = 'PaymentDatatrans';
 
-?>

config/database.sql

@@ -13,7 +13,7 @@
 --
 
 CREATE TABLE `tl_iso_payment_modules` (
-  `datatrans_id` varchar(100) NOT NULL default '',
-  `datatrans_sign` char(1) NOT NULL default '0',
-  `datatrans_sign_value` varchar(100) NOT NULL default '',
-) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+  `datatrans_id` varchar(16) NOT NULL default '',
+  `datatrans_sign` varchar(128) NOT NULL default '',
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+

dca/tl_iso_payment_modules.php

@@ -22,22 +22,16 @@
  *
  * PHP version 5
  * @copyright  Isotope eCommerce Workgroup 2009-2011
- * @author     Leo Unglaub <[email protected]>
+ * @author     Andreas Schempp <[email protected]>
+ * @author     Leo Unglaub <[email protected]>
  * @license    http://opensource.org/licenses/lgpl-3.0.html
  * @version    $Id: $
  */
 
 /**
  * Palettes
  */
-$GLOBALS['TL_DCA']['tl_iso_payment_modules']['palettes']['__selector__'][] = 'datatrans_sign';
-$GLOBALS['TL_DCA']['tl_iso_payment_modules']['palettes']['datatrans'] = '{type_legend},name,label,type;{config_legend},new_order_status,trans_type,postsale_mail,minimum_total,maximum_total,countries,shipping_modules,product_types;{gateway_legend},datatrans_id,datatrans_sign;{expert_legend:hide},guests,protected;{enabled_legend},enabled';
-
-
-/**
- * Subpalettes
- */
-$GLOBALS['TL_DCA']['tl_iso_payment_modules']['subpalettes']['datatrans_sign'] = 'datatrans_sign_value';
+$GLOBALS['TL_DCA']['tl_iso_payment_modules']['palettes']['datatrans'] = '{type_legend},name,label,type;{note_legend:hide},note;{config_legend},new_order_status,trans_type,minimum_total,maximum_total,countries,shipping_modules,product_types;{gateway_legend},datatrans_id,datatrans_sign;{price_legend:hide},price,tax_class;{expert_legend:hide},guests,protected;{enabled_legend},debug,enabled';
 
 
 /**
@@ -55,15 +49,7 @@
 (
 	'label'		=> &$GLOBALS['TL_LANG']['tl_iso_payment_modules']['datatrans_sign'],
 	'exclude'	=> true,
-	'inputType'	=> 'checkbox',
-	'eval'		=> array('tl_class'=>'clr', 'submitOnChange'=>true)
-);
-
-$GLOBALS['TL_DCA']['tl_iso_payment_modules']['fields']['datatrans_sign_value'] = array
-(
-	'label'		=> &$GLOBALS['TL_LANG']['tl_iso_payment_modules']['datatrans_sign_value'],
-	'exclude'	=> true,
 	'inputType'	=> 'text',
-	'eval'		=> array('mandatory'=>true, 'tl_class'=>'w50')
+	'eval'		=> array('mandatory'=>true, 'decodeEntities'=>true, 'tl_class'=>'w50')
 );
-?>
+

languages/de/default.php

@@ -0,0 +1,35 @@
+<?php if (!defined('TL_ROOT')) die('You cannot access this file directly!');
+
+/**
+ * Contao Open Source CMS
+ * Copyright (C) 2005-2011 Leo Feyer
+ *
+ * Formerly known as TYPOlight Open Source CMS.
+ *
+ * This program is free software: you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation, either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program. If not, please visit the Free
+ * Software Foundation website at <http://www.gnu.org/licenses/>.
+ *
+ * PHP version 5
+ * @copyright  Isotope eCommerce Workgroup 2009-2011
+ * @author     Andreas Schempp <[email protected]>
+ * @license    http://opensource.org/licenses/lgpl-3.0.html
+ * @version    $Id$
+ */
+
+
+/**
+ * Payment modules
+ */
+$GLOBALS['ISO_LANG']['PAY']['datatrans'] = array('Datatrans', 'Ein Zahlungsmodul für den Schweizer Anbieter "Datatrans".');
+

languages/de/modules.php

@@ -0,0 +1,35 @@
+<?php if (!defined('TL_ROOT')) die('You cannot access this file directly!');
+
+/**
+ * Contao Open Source CMS
+ * Copyright (C) 2005-2011 Leo Feyer
+ *
+ * Formerly known as TYPOlight Open Source CMS.
+ *
+ * This program is free software: you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation, either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program. If not, please visit the Free
+ * Software Foundation website at <http://www.gnu.org/licenses/>.
+ *
+ * PHP version 5
+ * @copyright  Isotope eCommerce Workgroup 2009-2011
+ * @author     Andreas Schempp <[email protected]>
+ * @license    http://opensource.org/licenses/lgpl-3.0.html
+ * @version    $Id$
+ */
+
+
+/**
+ * Extension folder
+ */
+$GLOBALS['TL_LANG']['MOD']['isotope_datatrans'] = array('Isotope eCommerce: Datatrans Zahlungsmodul');
+