You are here

Home » API reference » Commerce Worldpay 7 » commerce_worldpay_bg.page.inc

function _commerce_worldpay_bg_payment_response_authenticate in Commerce Worldpay 7

Verifies the response has come from WorldPay.

1 call to _commerce_worldpay_bg_payment_response_authenticate()
commerce_worldpay_bg_response_page in includes/commerce_worldpay_bg.page.inc
Page callback that listens for transaction information from WorldPay.

File

includes/commerce_worldpay_bg.page.inc, line 268
Various page callback related functions.

Code

function _commerce_worldpay_bg_payment_response_authenticate($order_wrapper, &$wppr, &$payment_method = NULL, &$wp_transaction = NULL) {
  $failed_authenticaion = FALSE;
  $message = '';
  $settings = $payment_method['settings'];

  // If the merchant set a password compare them callbackPW.
  if ($settings['payment_security']['use_password'] && !empty($settings['payment_security']['password'])) {
    if ($settings['payment_security']['password'] != $wppr['callbackPW']) {
      $failed_authenticaion = TRUE;
      $message = 'WorldPay passwords do not match. Make sure you have the same password set in the Commerce WorldPay settings page as set in your WorldPay installtion.';
    }
  }

  // @todo - Is it worth checking the User agent is the one WorldPay uses
  //   which is: User-Agent: WJHRO/1.0 (WorldPay Java HTTP Request Object).
  // @todo Reverse DNS lookup on IP address.
  if ($failed_authenticaion) {
    drupal_add_http_header('Status', '403 Forbidden');
    $ip = ip_address();
    watchdog('commerce_worldpay_bg', 'Access denied! ' . $message . ' Clients details: <em>@ip</em> with request method <b>@method</b>. Refered by: <b>@referer</b>.', array(
      '@ip' => !empty($ip) ? $ip : '0.0.0.0',
      '@method' => !empty($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : '',
      '@referer' => !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'UNKNOWN',
    ), WATCHDOG_WARNING);
    return FALSE;
  }
  return TRUE;
}