function _commerce_worldpay_bg_payment_response_authenticate in Commerce Worldpay 7
Verifies the response has come from WorldPay.
1 call to _commerce_worldpay_bg_payment_response_authenticate()
- commerce_worldpay_bg_response_page in includes/
commerce_worldpay_bg.page.inc - Page callback that listens for transaction information from WorldPay.
File
- includes/
commerce_worldpay_bg.page.inc, line 268 - Various page callback related functions.
Code
function _commerce_worldpay_bg_payment_response_authenticate($order_wrapper, &$wppr, &$payment_method = NULL, &$wp_transaction = NULL) {
$failed_authenticaion = FALSE;
$message = '';
$settings = $payment_method['settings'];
// If the merchant set a password compare them callbackPW.
if ($settings['payment_security']['use_password'] && !empty($settings['payment_security']['password'])) {
if ($settings['payment_security']['password'] != $wppr['callbackPW']) {
$failed_authenticaion = TRUE;
$message = 'WorldPay passwords do not match. Make sure you have the same password set in the Commerce WorldPay settings page as set in your WorldPay installtion.';
}
}
// @todo - Is it worth checking the User agent is the one WorldPay uses
// which is: User-Agent: WJHRO/1.0 (WorldPay Java HTTP Request Object).
// @todo Reverse DNS lookup on IP address.
if ($failed_authenticaion) {
drupal_add_http_header('Status', '403 Forbidden');
$ip = ip_address();
watchdog('commerce_worldpay_bg', 'Access denied! ' . $message . ' Clients details: <em>@ip</em> with request method <b>@method</b>. Refered by: <b>@referer</b>.', array(
'@ip' => !empty($ip) ? $ip : '0.0.0.0',
'@method' => !empty($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : '',
'@referer' => !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'UNKNOWN',
), WATCHDOG_WARNING);
return FALSE;
}
return TRUE;
}