commerce_paypal.module in Commerce PayPal 7

<?php

/**
 * @file
 * Implements PayPal payment services for use with Drupal Commerce.
 */

/**
 * Implements hook_menu().
 */
function commerce_paypal_menu() {
  $items = array();

  // Define an always accessible path to receive IPNs.
  $items['commerce_paypal/ipn'] = array(
    'page callback' => 'commerce_paypal_process_ipn',
    'page arguments' => array(),
    'access callback' => TRUE,
    'type' => MENU_CALLBACK,
  );

  // Define an additional IPN path that is payment method / instance specific.
  $items['commerce_paypal/ipn/%commerce_payment_method_instance'] = array(
    'page callback' => 'commerce_paypal_process_ipn',
    'page arguments' => array(
      2,
    ),
    'access callback' => TRUE,
    'type' => MENU_CALLBACK,
  );
  return $items;
}

/**
 * Returns the IPN URL.
 *
 * @param $method_id
 *   Optionally specify a payment method ID to include in the URL.
 */
function commerce_paypal_ipn_url($method_id = NULL) {
  $parts = array(
    'commerce_paypal',
    'ipn',
  );
  if (!empty($method_id)) {
    $parts[] = $method_id;
  }
  return url(implode('/', $parts), array(
    'absolute' => TRUE,
  ));
}

/**
 * Processes an incoming IPN.
 *
 * @param $payment_method
 *   The payment method instance array that originally made the payment.
 * @param $debug_ipn
 *   Optionally specify an IPN array for debug purposes; if left empty, the IPN
 *     be pulled from the $_POST. If an IPN is passed in, validation of the IPN
 *     at PayPal will be bypassed.
 *
 * @return
 *   TRUE or FALSE indicating whether the IPN was successfully processed or not.
 */
function commerce_paypal_process_ipn($payment_method = NULL, $debug_ipn = array()) {

  // Retrieve the IPN from $_POST if the caller did not supply an IPN array.
  // Note that Drupal has already run stripslashes() on the contents of the
  // $_POST array at this point, so we don't need to worry about them.
  if (empty($debug_ipn)) {
    $ipn = $_POST;

    // Exit now if the $_POST was empty.
    if (empty($ipn)) {
      watchdog('commerce_paypal', 'IPN URL accessed with no POST data submitted.', array(), WATCHDOG_WARNING);
      return FALSE;
    }

    // Prepare an array to POST back to PayPal to validate the IPN.
    $variables = array(
      'cmd=_notify-validate',
    );
    foreach ($ipn as $key => $value) {
      $variables[] = $key . '=' . urlencode($value);
    }

    // Determine the proper PayPal server to POST to.
    if (!empty($ipn['test_ipn']) && $ipn['test_ipn'] == 1) {
      $host = 'https://www.sandbox.paypal.com/cgi-bin/webscr';
    }
    else {
      $host = 'https://www.paypal.com/cgi-bin/webscr';
    }

    // Process the HTTP request to validate the IPN.
    $response = drupal_http_request($host, array(
      'method' => 'POST',
      'data' => implode('&', $variables),
    ));

    // If an error occurred during processing, log the message and exit.
    if (property_exists($response, 'error')) {
      watchdog('commerce_paypal', 'Attempt to validate IPN failed with error @code: @error', array(
        '@code' => $response->code,
        '@error' => $response->error,
      ), WATCHDOG_ERROR);
      return FALSE;
    }

    // If the IPN was invalid, log a message and exit.
    if ($response->data == 'INVALID') {
      watchdog('commerce_paypal', 'Invalid IPN received and ignored.', array(), WATCHDOG_ALERT);
      return FALSE;
    }
  }
  else {
    $ipn = $debug_ipn;
  }

  // If the payment method specifies full IPN logging, do it now.
  if (!empty($payment_method['settings']['ipn_logging']) && $payment_method['settings']['ipn_logging'] == 'full_ipn') {
    if (!empty($ipn['txn_id'])) {
      watchdog('commerce_paypal', 'Attempting to process IPN @txn_id. !ipn_log', array(
        '@txn_id' => $ipn['txn_id'],
        '!ipn_log' => '<pre>' . check_plain(print_r($ipn, TRUE)) . '</pre>',
      ), WATCHDOG_NOTICE);
    }
    else {
      watchdog('commerce_paypal', 'Attempting to process an IPN. !ipn_log', array(
        '!ipn_log' => '<pre>' . check_plain(print_r($ipn, TRUE)) . '</pre>',
      ), WATCHDOG_NOTICE);
    }
  }

  // Exit if the IPN has already been processed.
  if (!empty($ipn['txn_id']) && ($prior_ipn = commerce_paypal_ipn_load($ipn['txn_id']))) {
    if ($prior_ipn['payment_status'] == $ipn['payment_status']) {
      watchdog('commerce_paypal', 'Attempted to process an IPN that has already been processed with transaction ID @txn_id.', array(
        '@txn_id' => $ipn['txn_id'],
      ), WATCHDOG_NOTICE);
      return FALSE;
    }
  }

  // Load the order based on the IPN's invoice number.
  if (!empty($ipn['invoice']) && strpos($ipn['invoice'], '-') !== FALSE) {
    list($ipn['order_id'], $timestamp) = explode('-', $ipn['invoice']);
  }
  else {
    $ipn['order_id'] = 0;
    $timestamp = 0;
  }
  if (!empty($ipn['order_id'])) {
    $order = commerce_order_load($ipn['order_id']);
  }
  else {
    $order = FALSE;
  }

  // Give the payment method module an opportunity to validate the receiver
  // e-mail address and amount of the payment if possible. If a validate
  // function exists, it is responsible for setting its own watchdog message.
  if (!empty($payment_method)) {
    $callback = $payment_method['base'] . '_paypal_ipn_validate';

    // If a validator function existed...
    if (function_exists($callback)) {

      // Only exit if the function explicitly returns FALSE.
      if ($callback($order, $payment_method, $ipn) === FALSE) {
        return FALSE;
      }
    }
  }

  // Give the payment method module an opportunity to process the IPN.
  if (!empty($payment_method)) {
    $callback = $payment_method['base'] . '_paypal_ipn_process';

    // If a processing function existed...
    if (function_exists($callback)) {

      // Skip saving if the function explicitly returns FALSE, meaning the IPN
      // wasn't actually processed.
      if ($callback($order, $payment_method, $ipn) !== FALSE) {

        // Save the processed IPN details.
        commerce_paypal_ipn_save($ipn);
      }
    }
  }

  // Invoke the hook here so implementations have access to the order and
  // payment method if available and a saved IPN array that includes the payment
  // transaction ID if created in the payment method's default process callback.
  module_invoke_all('commerce_paypal_ipn_process', $order, $payment_method, $ipn);
}

/**
 * Loads a stored IPN by ID.
 *
 * @param $id
 *   The ID of the IPN to load.
 * @param $type
 *   The type of ID you've specified, either the serial numeric ipn_id or the
 *     actual PayPal txn_id. Defaults to txn_id.
 *
 * @return
 *   The original IPN with some meta data related to local processing.
 */
function commerce_paypal_ipn_load($id, $type = 'txn_id') {
  return db_select('commerce_paypal_ipn', 'cpi')
    ->fields('cpi')
    ->condition('cpi.' . $type, $id)
    ->execute()
    ->fetchAssoc();
}

/**
 * Saves an IPN with some meta data related to local processing.
 *
 * @param $ipn
 *   An IPN array with additional parameters for the order_id and Commerce
 *     Payment transaction_id associated with the IPN.
 *
 * @return
 *   The operation performed by drupal_write_record() on save; since the IPN is
 *     received by reference, it will also contain the serial numeric ipn_id
 *     used locally.
 */
function commerce_paypal_ipn_save(&$ipn) {
  if (!empty($ipn['ipn_id']) && commerce_paypal_ipn_load($ipn['txn_id'])) {
    $ipn['changed'] = REQUEST_TIME;
    return drupal_write_record('commerce_paypal_ipn', $ipn, 'ipn_id');
  }
  else {
    $ipn['created'] = REQUEST_TIME;
    $ipn['changed'] = REQUEST_TIME;
    return drupal_write_record('commerce_paypal_ipn', $ipn);
  }
}

/**
 * Deletes a stored IPN by ID.
 *
 * @param $id
 *   The ID of the IPN to delete.
 * @param $type
 *   The type of ID you've specified, either the serial numeric ipn_id or the
 *     actual PayPal txn_id. Defaults to txn_id.
 */
function commerce_paypal_ipn_delete($id, $type = 'txn_id') {
  db_delete('commerce_paypal_ipn')
    ->condition($type, $id)
    ->execute();
}

/**
 * Returns a unique invoice number based on the Order ID and timestamp.
 */
function commerce_paypal_ipn_invoice($order) {
  return $order->order_id . '-' . REQUEST_TIME;
}

/**
 * Returns an appropriate message given a pending reason.
 */
function commerce_paypal_ipn_pending_reason($pending_reason) {
  switch ($pending_reason) {
    case 'address':
      return t('The payment is pending because your customer did not include a confirmed shipping address and your Payment Receiving Preferences is set to allow you to manually accept or deny each of these payments.');
    case 'authorization':
      return t('You set the payment action to Authorization and have not yet captured funds.');
    case 'echeck':
      return t('The payment is pending because it was made by an eCheck that has not yet cleared.');
    case 'intl':
      return t('The payment is pending because you hold a non-U.S. account and do not have a withdrawal mechanism.');
    case 'multi-currency':
      return t('You do not have a balance in the currency sent, and you do not have your Payment Receiving Preferences set to automatically convert and accept this payment.');
    case 'order':
      return t('You set the payment action to Order and have not yet captured funds.');
    case 'paymentreview':
      return t('The payment is pending while it is being reviewed by PayPal for risk.');
    case 'unilateral':
      return t('The payment is pending because it was made to an e-mail address that is not yet registered or confirmed.');
    case 'upgrade':
      return t('The payment is pending because it was either made via credit card and you do not have a Business or Premier account or you have reached the monthly limit for transactions on your account.');
    case 'verify':
      return t('The payment is pending because you are not yet verified.');
    case 'other':
      return t('The payment is pending for a reason other than those listed above. For more information, contact PayPal Customer Service.');
  }
}

/**
 * Returns an appropriate message given an AVS code.
 */
function commerce_paypal_avs_code_message($code) {
  if (is_numeric($code)) {
    switch ($code) {
      case '0':
        return t('All the address information matched.');
      case '1':
        return t('None of the address information matched; transaction declined.');
      case '2':
        return t('Part of the address information matched.');
      case '3':
        return t('The merchant did not provide AVS information. Not processed.');
      case '4':
        return t('Address not checked, or acquirer had no response. Service not available.');
      case 'Null':
      default:
        return t('No AVS response was obtained.');
    }
  }
  switch ($code) {
    case 'A':
    case 'B':
      return t('Address matched; postal code did not');
    case 'C':
    case 'N':
      return t('Nothing matched; transaction declined');
    case 'D':
    case 'F':
    case 'X':
    case 'Y':
      return t('Address and postal code matched');
    case 'E':
      return t('Not allowed for MOTO transactions; transaction declined');
    case 'G':
      return t('Global unavailable');
    case 'I':
      return t('International unavailable');
    case 'P':
    case 'W':
    case 'Z':
      return t('Postal code matched; address did not');
    case 'R':
      return t('Retry for validation');
    case 'S':
      return t('Service not supported');
    case 'U':
      return t('Unavailable');
    default:
      return t('An unknown error occurred.');
  }
}

/**
 * Returns an appropriate message given a CVV2 match code.
 */
function commerce_paypal_cvv_match_message($code) {
  if (is_numeric($code)) {
    switch ($code) {
      case '0':
        return t('Matched');
      case '1':
        return t('No match');
      case '2':
        return t('The merchant has not implemented CVV2 code handling.');
      case '3':
        return t('Merchant has indicated that CVV2 is not present on card.');
      case '4':
        return t('Service not available');
      default:
        return t('Unkown error');
    }
  }
  switch ($code) {
    case 'M':
      return t('Match');
    case 'N':
      return t('No match');
    case 'P':
      return t('Not processed');
    case 'S':
      return t('Service not supported');
    case 'U':
      return t('Service not available');
    case 'X':
      return t('No response');
    default:
      return t('Not checked');
  }
}

/**
 * Returns an array of PayPal payment method icon img elements.
 *
 * @return
 *   The array of themed payment method icons keyed by name: visa, mastercard,
 *   amex, discover, echeck, paypal
 */
function commerce_paypal_icons() {
  $icons = array();
  $payment_methods = array(
    'visa' => t('Visa'),
    'mastercard' => t('Mastercard'),
    'amex' => t('American Express'),
    'discover' => t('Discover'),
    'echeck' => t('eCheck'),
    'paypal' => t('PayPal'),
  );
  foreach ($payment_methods as $name => $title) {
    $variables = array(
      'path' => drupal_get_path('module', 'commerce_paypal') . '/images/' . $name . '.gif',
      'title' => $title,
      'alt' => $title,
      'attributes' => array(
        'class' => array(
          'commerce-paypal-icon',
        ),
      ),
    );
    $icons[$name] = theme('image', $variables);
  }
  return $icons;
}