set_snapshot(array('mode' => 'SSL', 'page' => FILENAME_CHECKOUT_PAYMENT));
// tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
}
if (!tep_session_is_registered('sendto')) {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
}
if ( (tep_not_null(MODULE_PAYMENT_INSTALLED)) && (!tep_session_is_registered('payment')) ) {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
}
// avoid hack attempts during the checkout procedure by checking the internal cartID
if (isset($cart->cartID) && tep_session_is_registered('cartID')) {
if ($cart->cartID != $cartID) {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
}
}
require(DIR_WS_CLASSES . 'order_total.php');// CCGV
// if (!tep_session_is_registered('payment')) tep_session_register('payment');
// if (isset($HTTP_POST_VARS['payment'])) $payment = $HTTP_POST_VARS['payment'];
ini_set('session.gc_probability','100');
include_once("includes/gatewayapi/inc_gatewayapi.php");
$_SESSION['amount'];
$_SESSION['address1'];
$_SESSION['address2'];
$_SESSION['city'];
$_SESSION['state'];
$_SESSION['zip'];
$_SESSION['country'];
$_SESSION['name'];
$_SESSION['email'];
/* // random key generator for partial transaction id
function getrand() {
// random key paramters
$keyset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$length = 4; // first 14 chars of transaction_id are date, last 4 random
// Random Key Generator
$randkey = "";
$max = strlen($keyset)-1;
for ($i=0; $i<$length; $i++) {
$randkey .= substr($keyset, rand(0,$max), 1);
}
return $randkey;
}
// end function getrand()*/
// This section grabs all the information that was entered into the order form page and creates all the variables
// Get values needed for xml string
// get date for first part of transaction id and use getrand() for second part
$date = date("YmdHis"); //puts in format YYYYMMDDhhmmss
$rand_str = getrand();
$transactionID = $date . $rand_str;
$name = $_SESSION['jet_pay_cc_owner'];
// echo "jet_pay_process_transaction:
"; echo "\nsession:
";print_r($_SESSION);echo "
\npost:
";print_r($_POST);die;
// get cardnum and expdate
$cardnum = $_SESSION['jet_pay_cc_number'];
$cvv2 = $_SESSION['jet_pay_cc_cvv2'];
// break down expiration date from MMYY to two variables
$expmo = $_SESSION['jet_pay_cc_expires_month'];
if($_SESSION['jet_pay_cc_expires_year']>=10){
$expyr=substr($_SESSION['jet_pay_cc_expires_year'],2,2);
}else{
$expyr=$_SESSION['jet_pay_cc_expires_year'];
}
// $expyr = $_SESSION['jet_pay_cc_expires_year'];
$amount = round($_SESSION['jet_pay_cc_total'],2);
$amount = $amount * 100;
// AVS Checking
$address1 = $_SESSION['jet_pay_cc_address'];
$address2 = $_SESSION['address2'];
$city = $_SESSION['jet_pay_cc_city'];
$state = $_SESSION['jet_pay_cc_state'];
$zip = $_SESSION['jet_pay_cc_zip'];
$country = $_SESSION['jet_pay_cc_zip_country'];
// End of section for capturing data from order form page
// Section where error checking occurs
// Holds all the generated error messages
$errorString = "";
// Name field checking
if ( $name == "" )
{
$errorString .= "We are sorry, please enter your name as it appers on your credit card.";
}
// Address field checking
if ( $address1 == "" )
{
$errorString .= "We are sorry, please enter the billing address for this card.";
}
// City field checking
if ( $city == "" )
{
$errorString .= "We are sorry, please enter the billing city for this card.
";
}
//State filed checking
if( $state == "Select A State")
{
$errorString .= "We are sorry, please enter the billing state for this card.";
}
// Zip Code Checking
if ( $zip == "" )
{
$errorString .= "We are sorry, please enter the billing zip/postal code for this card.
";
}
// Credit card number error checking
$cardnum = StripNonNumeric ($cardnum);
if ( $cardnum == "" )
{
$errorString .= "We are sorry, please enter your credit card number.";
}
else
{
if(!CheckLuhn10($cardnum))
{
$errorString .= "We are sorry, the credit card number entered is not valid.
";
}
else
{
if (cardTypeAccepted($cardnum))
{
//DONT DO ANYTHING
//print "Credit Card Success.";
}
else
{
$errorString .= "We are sorry, we cannot accept this type of card. Please use a different one.";
error_log($GatewaySettings . ' - ' . cardTypeAccepted($cardnum) . ' ' . $errorString);
}
}
}
// End credit card error checking
// Expiration date error checking
if ( $expmo == "" )
{
$errorString .= "We are sorry, please enter credit card expiration month.";
}
if ( $expyr == "" )
{
$errorString .= "We are sorry, please enter credit card expiration year.";
}
if ( $expmo !== "" && $expyr !== "" )
{
if ( checkMonthIsNotPast ( $expmo, $expyr ) )
{
//DO NOTHING
//print "Expiration Date Success.";
}
else
{
$errorString .= "We are sorry, the credit card has expired. Please try another card or enter correct expiration date.";
}
}
// End expiration date error checking
// CVV2/CVC2/CID Error Checking
if ( $cvv2 == "" )
{
$errorString .= "We are sorry. Please enter security code found on the credit card.";
}
else
{
$type = getCardType($cardnum);
$length = strlen($cvv2);
if ( $type == "Amex" )
{
if ( $length !== 4 )
{
$errorString .= "We are sorry. Security code for American Express must be four digits long.";
}
else
{
//print "Security Code Success.";
}
}
else
{
if ( $length !== 3 )
{
$errorString .= "We are sorry. Security code must be three digits long.";
}
else
{
//print "Security Code Success.";
}
}
}
// End Security Code Error Checking
// Amount Checking
/* if ( $amount < $minTransAmount )
{
$errorString .= "We are sorry. The amount is too low.";
}
elseif ( $amount > $maxTransAmount )
{
$errorString .= "We are sorry. The amount is too over $maxTransAmount.";
}*/
// End Amount Error Checking
// E-mail Error Checking
/* print "error string is >$errorString<";*/
//-------------------------------------------------------------------------
//End Error Checking Section
//XML Section
//--------------------------------------------------------------------------
if ( $errorString == "" )
{
//Create XML String
$xmlString = "";
$xmlString .= "" . $transactionType . "";
$xmlString .= "" . $tid . "";
$xmlString .= "" . $transactionID . "";
$xmlString .= "" . $cardnum . "";
$xmlString .= "" . $cvv2 . "";
$xmlString .= "" . $expmo . "";
$xmlString .= "" . $expyr . "";
$xmlString .= "" . $name . "";
$xmlString .= "" . $amount . "";
$xmlString .= "" . $address1 . "";
$xmlString .= "" . $city . "";
$xmlString .= "" . $state . "";
$xmlString .= "" . $zip . "";
if( isset( $_SESSION['auth_cavv'] ) && (strlen($_SESSION['auth_cavv'])>2) || isset($_SESSION['auth_xid']) && (strlen($_SESSION['auth_xid'])>2) ){
if($type=='Mastercard'){
$xmlString .= '';
}elseif($type=='Visa'){
$xmlString .= '';
}
$xmlString .= '' . $_SESSION['auth_cavv'] . '';
$xmlString .= '' . $_SESSION['auth_xid'] . '';
$xmlString .= '' . $_SESSION['auth_eci'] . '';
$xmlString .= '';
$xmlString .= "" . $verSub . "";
}
// if(isset($_SESSION['auth_xid'])){
$xmlString .= "";
// echo nl2br($xmlString) . "
\n";
//Send XML to JetPay
$xmlResponse = sendXMLString($xmlString);
//echo $xmlResponse . "
";
//Check for curl error
if ( $xmlResponse == "" )
{
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode("Transaction error. Please try again."), 'SSL'));
}
else
{
// Parse XML response
$xml_parser = xml_parser_create();
// set to not change to uppercase
xml_parser_set_option($xml_parser, XML_OPTION_CASE_FOLDING, 0);
// ignore white space
xml_parser_set_option($xml_parser, XML_OPTION_SKIP_WHITE, 1);
// puts values in an array of xml tags (vals)
xml_parse_into_struct($xml_parser, $xmlResponse, $vals, $index);
xml_parser_free($xml_parser);
$retTransID = "";
$retActionCode = "";
$retApproval = "";
$retCVV2 = "";
$retResponseText = "";
$retAddressMatch = "";
$retZipMatch ="";
$retAVS = "";
$retErrMsg = "";
$numTags = $index[JetPayResponse][1]; // number of tags including JetPayResponse
$numTags = 9;
$return_message = 'Please try again.';
for ($x=0; $x<$numTags; $x++)
{
$key = $vals[$x][tag];
switch ($key)
{
case "TransactionID":
$retTransID = $vals[$x][value];
break;
case "ActionCode":
$retActionCode = $vals[$x][value];
break;
case "Approval":
$retApproval = $vals[$x][value];
break;
case "CVV2":
$retCVV2 = $vals[$x][value];
break;
case "ResponseText":
$retResponseText = $vals[$x][value];
break;
case "AddressMatch":
$retAddressMatch = $vals[$x][value];
$return_message = 'Address does not match';
break;
case "ZipMatch":
$retZipMatch = $vals[$x][value];
$return_message = 'Zip code does not match';
break;
case "AVS":
$retAVS = $vals[$x][value];
break;
case "JetPayResponse":
// wrappers - can be ignored
break;
case "ErrMsg":
$retErrMsg = $vals[$x][value];
break;
default:
// if other message could be error
$retErrMsg = $vals[$x][value];
break;
} // end switch
} // end for loop
tep_db_query("INSERT INTO jbrunner_osc1.jet_pay_payment_processing (transaction_id, action_code, approval_code, response_text, error_message, cvv2_approval, address_match, zip_match, avs, ip_address, amount, cc_number, cvv2, expmo, expyr, cardholder) VALUES ('$retTransID', '$retActionCode', '$retApproval', '$retResponseText', '$retErrMsg', '$retCVV2', '$retAddressMatch', '$retZipMatch', '$retAVS', '" . $_SERVER['REMOTE_ADDR'] . "', '$amount', $cardnum, $cvv2, $expmo, $expyr, '$name')");
$_SESSION['transaction_id'] = $transactionID;
$newAmount = number_format(($amount)/100, 2, '.', '');$amount/100;
if ( $retActionCode == "000" )
{
/* header("Location: " . $GatewaySettings['PaymentApprovedPage'] . "?TransactionID=" . rawurlencode($retTransID) . "&ApprovalCode=" . rawurlencode($retApproval)
. "&amount=" . rawurlencode($newAmount));*/
/* print_r($_SESSION);
print_r($_POST);*/
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS_OSC, '', 'SSL'));
}
else
{
//Function that takes retActionCode -> String based on code
// echo 'url:' . $url . "
\n";
// echo 'here'; echo $retActionCode;die;
error_log($xmlString);
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode("Transaction error. " . $return_message), 'SSL'));
//header("Location: " . $GatewaySettings['PaymentDeniedPage'] . "?gateway_error=" . rawurlencode($retActionCode));
}
}
}
else
{
// echo date("Y-m-d h:G:s"); print_r($_SESSION); echo "
\n"; print_r($GLOBALS); echo die;
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode($errorString), 'SSL'));
// //header("Location: " . $GatewaySettings['PaymentDeniedPage'] . "?gateway_error=" . rawurlencode($errorString));
}
//echo $errorString;
//---------------------------------------------------------------------------
//End XML Section
?>