You are here

Home » API reference » Commerce robokassa 7.2 » commerce_robokassa.module

function _commerce_robokassa_validate_post in Commerce robokassa 7.2

Helper to validate robokassa $_POST data.

Parameters

mixed $data: $_POST to be validated.

mixed $payment_method: Drupal commerce payment method instance passed via url param.

bool $is_interaction: Fallback call flag.

Return value

bool|mixed Transaction according to POST data or due.

1 call to _commerce_robokassa_validate_post()
commerce_robokassa_result in ./commerce_robokassa.module
Page callback: commerce_robokassa/%commerce_robokassa_pm/result.

File

./commerce_robokassa.module, line 176
Drupal Commerce Robokassa payment method.

Code

function _commerce_robokassa_validate_post($data, $payment_method = FALSE, $is_interaction = TRUE) {

  // Exit now if the $_POST was empty.
  if (empty($data)) {
    watchdog('commerce_robokassa', 'Interaction URL accessed with no POST data submitted.', array(), WATCHDOG_WARNING);
    print 'bad data';
    drupal_exit();
  }

  // Exit now if any required keys are not exists in $_POST.
  $required_keys = array(
    'OutSum',
    'InvId',
  );
  if ($is_interaction) {
    $required_keys[] = 'SignatureValue';
  }
  $unavailable_required_keys = array_diff_key(array_flip($required_keys), $data);
  if (!empty($unavailable_required_keys)) {
    watchdog('commerce_robokassa', 'Missing POST keys. POST data: <pre>!data</pre>', array(
      '!data' => print_r($unavailable_required_keys, TRUE),
    ), WATCHDOG_WARNING);
    print "bad data";
    drupal_exit();
  }
  $settings = isset($payment_method['settings']) ? $payment_method['settings'] : commerce_robokassa_default_settings();

  // Exit now if missing Checkout ID.
  if (empty($settings['MrchLogin'])) {
    $info = array(
      '!settings' => print_r($payment_method, 1),
      '!data' => print_r($data, TRUE),
    );
    watchdog('commerce_robokassa !data', 'Missing merchant ID.  POST data: <pre>!data</pre> <pre>!settings</pre>', $info, WATCHDOG_WARNING);
    print 'bad data';
    drupal_exit();
  }
  if ($is_interaction) {
    if ($payment_method) {

      // Robokassa Signature.
      $robo_sign = $data['SignatureValue'];

      // Create own Signature.
      $signature_data = array(
        $data['OutSum'],
        $data['InvId'],
        $settings['pass2'],
      );
      if (isset($data['shp_trx_id'])) {
        $signature_data[] = 'shp_trx_id=' . $data['shp_trx_id'];
      }
      $sign = hash($settings['hash_type'], implode(':', $signature_data));

      // Exit now if missing Signature.
      if (drupal_strtoupper($robo_sign) != drupal_strtoupper($sign)) {
        watchdog('commerce_robokassa', 'Missing Signature.  POST data: !data', array(
          '!data' => print_r($data, TRUE),
        ), WATCHDOG_WARNING);
        print "bad sign";
        drupal_exit();
      }
    }
  }

  // This parameter availability is flag for 7.x.2.x transactions.
  $shp_trx_id = isset($data['shp_trx_id']) ? $data['shp_trx_id'] : FALSE;
  $transaction = _commerce_robokassa_transaction_load($data['InvId'], $shp_trx_id, $data['OutSum'], $payment_method);
  if (!$transaction) {
    watchdog('commerce_robokassa', 'Missing transaction id.  POST data: !data', array(
      '!data' => print_r($data, TRUE),
    ), WATCHDOG_WARNING);
    print 'bad data';
    drupal_exit();
  }
  $amount = commerce_currency_amount_to_decimal($transaction->amount, $transaction->currency_code);
  if ($amount != $data['OutSum']) {
    watchdog('commerce_robokassa', 'Missing transaction id amount.  POST data: !data', array(
      '!data' => print_r($data, TRUE),
    ), WATCHDOG_WARNING);
    print 'bad data';
    drupal_exit();
  }
  return $transaction;
}