From 6a11e736deeb6418227cd7d8d0a878706dcd9bb7 Mon Sep 17 00:00:00 2001 From: Bruce Atkinson Date: Thu, 7 Nov 2019 18:13:25 +0200 Subject: [PATCH] 2019-11-07: v1.0.3 : * Added check for valid token format in callback. * Added "Pay" button to invoicing. --- README.md | 4 +- modules/gateways/callback/payhostpaybatch.php | 49 +++++++++++++------ modules/gateways/payhostpaybatch.php | 47 +++++++++++++++--- .../gateways/payhostpaybatch/changelog.txt | 4 +- .../payhostpaybatch/lib/constants.php | 2 +- 5 files changed, 80 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 725fe05..40b7220 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ # PayBatch_PayHost_WHMCS -## PayGate PayBatch (with PayHost tokenization) plugin v1.0.2 for WHMCS v7.7.0 +## PayGate PayBatch (with PayHost tokenization) plugin v1.0.3 for WHMCS v7.7.0 This is the PayGate PayBatch (with PayHost tokenization) for WHMCS. Please feel free to contact the PayGate support team at support@paygate.co.za should you require any assistance. This module is in the first release; we suggest thorough testing with your use case before proceeding to a live enviroment ## Installation -Please navigate to the [releases page](https://github.com/PayGate/PayBatch_PayHost_WHMCS/releases), download the latest release (v1.0.2) and unzip. You will them be able to follow the integration guide which is included in the zip. +Please navigate to the [releases page](https://github.com/PayGate/PayBatch_PayHost_WHMCS/releases), download the latest release (v1.0.3) and unzip. You will them be able to follow the integration guide which is included in the zip. ## Collaboration diff --git a/modules/gateways/callback/payhostpaybatch.php b/modules/gateways/callback/payhostpaybatch.php index afc159c..c4d2d3f 100644 --- a/modules/gateways/callback/payhostpaybatch.php +++ b/modules/gateways/callback/payhostpaybatch.php @@ -80,6 +80,7 @@ function getQuery( $pgid, $key, $reqid ) $result = $sc->__soapCall( 'SingleFollowUp', [ new SoapVar( $soap, XSD_ANYXML ), ] ); + if ( $result ) { $vaultId = $result->QueryResponse->Status->VaultId; $reference = $result->QueryResponse->Status->Reference; @@ -145,36 +146,52 @@ function getQuery( $pgid, $key, $reqid ) } } else { // Validity not verified + // Failed + logTransaction( $gatewayModuleName, null, 'failed' ); + $url = $_SESSION['_PAYHOSTPAYBATCH_SYSTEM_URL'] . 'clientarea.php?action=invoices'; + header( 'Location: ' . $url ); } } else { // Transaction failed + // Failed + logTransaction( $gatewayModuleName, null, 'failed' ); + $url = $_SESSION['_PAYHOSTPAYBATCH_SYSTEM_URL'] . 'clientarea.php?action=invoices'; + header( 'Location: ' . $url ); } // Make a request to get the Vault Id if ( $verified ) { $response = getQuery( $payHostId, $payHostSecretKey, $payRequestId ); - $token = $response['token']; $reference = $response['reference']; $transactionId = $response['transactionId']; - // Store the token - $tblpayhostpaybatch = _DB_PREFIX_ . 'payhostpaybatch'; - $clientExists = Capsule::table( $tblpayhostpaybatch ) - ->where( 'recordtype', 'clientdetail' ) - ->where( 'recordid', $userId ) - ->value( 'recordval' ); + // Check for token and valid format + $vaultPattern = '/^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$/'; + $token = !empty( $response['token'] ) ? $response['token'] : null; + if ( preg_match( $vaultPattern, $token ) != 1 ) { + $token = null; + } - if ( strlen( $clientExists ) > 0 ) { - Capsule::table( $tblpayhostpaybatch ) + // Store the token if valid + if ( $token ) { + $tblpayhostpaybatch = _DB_PREFIX_ . 'payhostpaybatch'; + $clientExists = Capsule::table( $tblpayhostpaybatch ) ->where( 'recordtype', 'clientdetail' ) ->where( 'recordid', $userId ) - ->update( ['recordval' => $token] ); - } else { - Capsule::table( $tblpayhostpaybatch ) - ->insert( ['recordtype' => 'clientdetail', - 'recordid' => $userId, - 'recordval' => $token, - ] ); + ->value( 'recordval' ); + + if ( strlen( $clientExists ) > 0 ) { + Capsule::table( $tblpayhostpaybatch ) + ->where( 'recordtype', 'clientdetail' ) + ->where( 'recordid', $userId ) + ->update( ['recordval' => $token] ); + } else { + Capsule::table( $tblpayhostpaybatch ) + ->insert( ['recordtype' => 'clientdetail', + 'recordid' => $userId, + 'recordval' => $token, + ] ); + } } // Check the reference validity diff --git a/modules/gateways/payhostpaybatch.php b/modules/gateways/payhostpaybatch.php index b87ddb2..13bbc0a 100644 --- a/modules/gateways/payhostpaybatch.php +++ b/modules/gateways/payhostpaybatch.php @@ -12,6 +12,11 @@ * */ +// Require libraries needed for gateway module functions +require_once __DIR__ . '/../../init.php'; +require_once __DIR__ . '/../../includes/gatewayfunctions.php'; +require_once __DIR__ . '/../../includes/invoicefunctions.php'; + require_once 'payhostpaybatch/lib/constants.php'; require_once 'payhostpaybatch/lib/payhostsoap.class.php'; @@ -44,6 +49,11 @@ function createPayhostpaybatchTable() createPayhostpaybatchTable(); +if ( isset( $_POST['INITIATE'] ) && $_POST['INITIATE'] == 'initiate' ) { + $params = json_decode( base64_decode( $_POST['jparams'] ), true ); + payhostpaybatch_initiate( $params ); +} + /** * Define module related meta data * @@ -144,6 +154,27 @@ function payhostpaybatch_config() * @return string */ function payhostpaybatch_link( $params ) +{ + $jparams = base64_encode( json_encode( $params ) ); + $html = << + + + + +HTML; + + return $html; +} + +/** + * Payment process + * + * Process payment to PayHost + * + * @return string + */ +function payhostpaybatch_initiate( $params ) { // Check if test mode or not $testMode = $params['testMode']; @@ -233,8 +264,13 @@ function payhostpaybatch_link( $params ) $data['retUrl'] = $returnUrl; $data['notifyURL'] = $notifyUrl; $data['recurring'] = $usePayBatch; - $data['vaulting'] = $vaulting; - $data['vaultId'] = $vaultId; + if ( $vaulting ) { + $data['vaulting'] = true; + } + if ( $vaultId != '' && $vaulting ) { + $data['vaultId'] = $vaultId; + } + $payhostSoap->setData( $data ); $xml = $payhostSoap->getSOAP(); @@ -273,10 +309,9 @@ function payhostpaybatch_link( $params ) - + HTML; + echo $html; } } else { // Process response - doesn't happen @@ -284,7 +319,7 @@ function payhostpaybatch_link( $params ) } catch ( SoapFault $f ) { var_dump( $f ); } - return $html; + echo $html; } /** diff --git a/modules/gateways/payhostpaybatch/changelog.txt b/modules/gateways/payhostpaybatch/changelog.txt index 4120d47..df921e7 100755 --- a/modules/gateways/payhostpaybatch/changelog.txt +++ b/modules/gateways/payhostpaybatch/changelog.txt @@ -7,4 +7,6 @@ Date : Version: Description Added redirect to PayBatch as well. Added redirect to client invoices on failure. Added PayBatch notify. -2019-10-31: v1.0.2 : Better recurring handling using dedicated PayBatch cron scripts. \ No newline at end of file +2019-10-31: v1.0.2 : Better recurring handling using dedicated PayBatch cron scripts. +2019-11-07: v1.0.3 : Added check for valid token format in callback. + Added "Pay" button to invoicing. \ No newline at end of file diff --git a/modules/gateways/payhostpaybatch/lib/constants.php b/modules/gateways/payhostpaybatch/lib/constants.php index a470a0b..67c1c01 100644 --- a/modules/gateways/payhostpaybatch/lib/constants.php +++ b/modules/gateways/payhostpaybatch/lib/constants.php @@ -15,7 +15,7 @@ define( "PAYBATCHAPI", 'https://secure.paygate.co.za/paybatch/1.2/process.trans' ); define( "PAYBATCHAPIWSDL", 'https://secure.paygate.co.za/paybatch/1.2/PayBatch.wsdl' ); define( "PAYGATETESTID", '10011072130' ); -define( "PAYGATETESTKEY", 'secret' ); +define( "PAYGATETESTKEY", 'test' ); define( "GATEWAY", 'payhostpaybatch' ); $docroot = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['SERVER_NAME'];