From bedb08df506062649b130d4c28f307725fcdafbb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 8 Apr 2022 15:15:55 +0200 Subject: [PATCH] Clean and debug online payment code --- htdocs/adherents/class/adherent.class.php | 6 +- htdocs/don/class/paymentdonation.class.php | 7 +- htdocs/public/payment/newpayment.php | 144 ++------------------- htdocs/public/payment/paymentok.php | 33 +++-- 4 files changed, 36 insertions(+), 154 deletions(-) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 60311518ef8..39b6eaa97d0 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -1534,9 +1534,9 @@ class Adherent extends CommonObject * * @param int $date Date of effect of subscription * @param double $amount Amount of subscription (0 accepted for some members) - * @param int $accountid Id bank account - * @param string $operation Type of payment (if Id bank account provided). Example: 'CB', ... - * @param string $label Label operation (if Id bank account provided) + * @param int $accountid Id bank account. NOT USED. + * @param string $operation Code of payment mode (if Id bank account provided). Example: 'CB', ... NOT USED. + * @param string $label Label operation (if Id bank account provided). * @param string $num_chq Numero cheque (if Id bank account provided) * @param string $emetteur_nom Name of cheque writer * @param string $emetteur_banque Name of bank of cheque diff --git a/htdocs/don/class/paymentdonation.class.php b/htdocs/don/class/paymentdonation.class.php index 0f8db03597d..6de83f5570e 100644 --- a/htdocs/don/class/paymentdonation.class.php +++ b/htdocs/don/class/paymentdonation.class.php @@ -64,7 +64,8 @@ class PaymentDonation extends CommonObject public $amounts = array(); // Array of amounts - public $typepayment; + public $fk_typepayment; // Payment mode ID + public $paymenttype; // Payment mode ID public $num_payment; @@ -268,7 +269,8 @@ class PaymentDonation extends CommonObject $this->tms = $this->db->jdate($obj->tms); $this->datep = $this->db->jdate($obj->datep); $this->amount = $obj->amount; - $this->fk_typepayment = $obj->fk_typepayment; + $this->fk_typepayment = $obj->fk_typepayment; // For backward compatibility + $this->paymenttype = $obj->fk_typepayment; $this->num_payment = $obj->num_payment; $this->note_public = $obj->note_public; $this->fk_bank = $obj->fk_bank; @@ -545,6 +547,7 @@ class PaymentDonation extends CommonObject $this->datep = ''; $this->amount = ''; $this->fk_typepayment = ''; + $this->paymenttype = ''; $this->num_payment = ''; $this->note_public = ''; $this->fk_bank = ''; diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index cc77c2b7e81..b61a2e22a06 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -2170,6 +2170,13 @@ print '
'; // Add more content on page for some services if (preg_match('/^dopayment/', $action)) { // If we choosed/click on the payment mode + // Save some data for the paymentok + $remoteip = getUserRemoteIP(); + $_SESSION["currencyCodeType"] = $currency; + $_SESSION["FinalPaymentAmt"] = $amount; + $_SESSION['ipaddress'] = ($remoteip ? $remoteip : 'unknown'); // Payer ip + $_SESSION["paymentType"] = ''; + // For Stripe if (GETPOST('dopayment_stripe', 'alpha')) { // Personalized checkout @@ -2634,141 +2641,6 @@ if (preg_match('/^dopayment/', $action)) { // If we choosed/click on the payme } ?> - - // Old code for payment with option STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION off and STRIPE_USE_NEW_CHECKOUT off - - // Create a Stripe client. - var stripe = Stripe(''); - - // Create an instance of Elements - var elements = stripe.elements(); - - // Custom styling can be passed to options when creating an Element. - // (Note that this demo uses a wider set of styles than the guide below.) - var style = { - base: { - color: '#32325d', - lineHeight: '24px', - fontFamily: '"Helvetica Neue", Helvetica, sans-serif', - fontSmoothing: 'antialiased', - fontSize: '16px', - '::placeholder': { - color: '#aab7c4' - } - }, - invalid: { - color: '#fa755a', - iconColor: '#fa755a' - } - }; - - // Create an instance of the card Element - var card = elements.create('card', {style: style}); - - // Add an instance of the card Element into the `card-element`
- card.mount('#card-element'); - - // Handle real-time validation errors from the card Element. - card.addEventListener('change', function(event) { - var displayError = document.getElementById('card-errors'); - if (event.error) { - displayError.textContent = event.error.message; - } else { - displayError.textContent = ''; - } - }); - - // Handle form submission - var form = document.getElementById('payment-form'); - console.log(form); - form.addEventListener('submit', function(event) { - event.preventDefault(); - global->STRIPE_USE_3DSECURE)) { // Ask credit card directly, no 3DS test - ?> - /* Use token */ - stripe.createToken(card).then(function(result) { - if (result.error) { - // Inform the user if there was an error - var errorElement = document.getElementById('card-errors'); - errorElement.textContent = result.error.message; - } else { - // Send the token to your server - stripeTokenHandler(result.token); - } - }); - - /* Use 3DS source */ - stripe.createSource(card).then(function(result) { - if (result.error) { - // Inform the user if there was an error - var errorElement = document.getElementById('card-errors'); - errorElement.textContent = result.error.message; - } else { - // Send the source to your server - stripeSourceHandler(result.source); - } - }); - - }); - - - /* Insert the Token into the form so it gets submitted to the server */ - function stripeTokenHandler(token) { - // Insert the token ID into the form so it gets submitted to the server - var form = document.getElementById('payment-form'); - - var hiddenInput = document.createElement('input'); - hiddenInput.setAttribute('type', 'hidden'); - hiddenInput.setAttribute('name', 'stripeToken'); - hiddenInput.setAttribute('value', token.id); - form.appendChild(hiddenInput); - - var hiddenInput2 = document.createElement('input'); - hiddenInput2.setAttribute('type', 'hidden'); - hiddenInput2.setAttribute('name', 'token'); - hiddenInput2.setAttribute('value', ''); - form.appendChild(hiddenInput2); - - // Submit the form - jQuery('#buttontopay').hide(); - jQuery('#hourglasstopay').show(); - console.log("submit token"); - form.submit(); - } - - /* Insert the Source into the form so it gets submitted to the server */ - function stripeSourceHandler(source) { - // Insert the source ID into the form so it gets submitted to the server - var form = document.getElementById('payment-form'); - - var hiddenInput = document.createElement('input'); - hiddenInput.setAttribute('type', 'hidden'); - hiddenInput.setAttribute('name', 'stripeSource'); - hiddenInput.setAttribute('value', source.id); - form.appendChild(hiddenInput); - - var hiddenInput2 = document.createElement('input'); - hiddenInput2.setAttribute('type', 'hidden'); - hiddenInput2.setAttribute('name', 'token'); - hiddenInput2.setAttribute('value', ''); - form.appendChild(hiddenInput2); - - // Submit the form - jQuery('#buttontopay').hide(); - jQuery('#hourglasstopay').show(); - console.log("submit source"); - form.submit(); - } - $paymentmethod, - 'amount' => price2num(GETPOST("newamount"), 'MT'), + 'amount' => $amount, 'currency' => $currency, 'tag' => GETPOST("tag", 'alpha'), 'dopayment' => GETPOST('dopayment', 'alpha') diff --git a/htdocs/public/payment/paymentok.php b/htdocs/public/payment/paymentok.php index b1a3213ec33..0ee6fa10bc7 100644 --- a/htdocs/public/payment/paymentok.php +++ b/htdocs/public/payment/paymentok.php @@ -243,9 +243,9 @@ if (!empty($conf->paypal->enabled)) { $fulltag = $FULLTAG; $payerID = $PAYPALPAYERID; // Set by newpayment.php - $paymentType = $_SESSION['PaymentType']; // Value can be 'Mark', 'Sole', 'Sale' for example $currencyCodeType = $_SESSION['currencyCodeType']; $FinalPaymentAmt = $_SESSION["FinalPaymentAmt"]; + $paymentType = $_SESSION['PaymentType']; // Value can be 'Mark', 'Sole', 'Sale' for example // From env $ipaddress = $_SESSION['ipaddress']; @@ -317,12 +317,14 @@ if (!empty($conf->paypal->enabled)) { if (!empty($conf->paybox->enabled)) { if ($paymentmethod == 'paybox') { + // TODO Add a check to validate that payment is ok. $ispaymentok = true; // We call this page only if payment is ok on payment system } } if (!empty($conf->stripe->enabled)) { if ($paymentmethod == 'stripe') { + // TODO Add a check to validate that payment is ok. We can request Stripe with payment_intent and payment_intent_client_secret $ispaymentok = true; // We call this page only if payment is ok on payment system } } @@ -334,16 +336,21 @@ if (empty($ipaddress)) { } if (empty($TRANSACTIONID)) { $TRANSACTIONID = $_SESSION['TRANSACTIONID']; + if (empty($TRANSACTIONID) && GETPOST('payment_intent', 'alphanohtml')) { + // For the case we use STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION = 2 + $TRANSACTIONID = GETPOST('payment_intent', 'alphanohtml'); + } } if (empty($FinalPaymentAmt)) { $FinalPaymentAmt = $_SESSION["FinalPaymentAmt"]; } -if (empty($paymentType)) { - $paymentType = $_SESSION["paymentType"]; -} if (empty($currencyCodeType)) { $currencyCodeType = $_SESSION['currencyCodeType']; } +// Seems used onyl by Paypal +if (empty($paymentType)) { + $paymentType = $_SESSION["paymentType"]; +} $fulltag = $FULLTAG; $tmptag = dolExplodeIntoArray($fulltag, '.', '='); @@ -419,7 +426,7 @@ if ($ispaymentok) { } } - dol_syslog("FinalPaymentAmt=".$FinalPaymentAmt." paymentTypeId=".$paymentTypeId." paymentType=".$paymentType." currencyCodeType=".$currencyCodeType, LOG_DEBUG, 0, '_payment'); + dol_syslog("FinalPaymentAmt=".$FinalPaymentAmt." paymentTypeId=".$paymentTypeId." currencyCodeType=".$currencyCodeType, LOG_DEBUG, 0, '_payment'); // Do action only if $FinalPaymentAmt is set (session variable is cleaned after this page to avoid duplicate actions when page is POST a second time) if (!empty($FinalPaymentAmt) && $paymentTypeId > 0) { @@ -520,7 +527,7 @@ if ($ispaymentok) { dol_syslog("Failed to get the bank account to record payment: ".$errmsg, LOG_ERR, 0, '_payment'); } - $operation = $paymentType; // Payment mode code + $operation = dol_getIdFromCode($db, $paymentTypeId, 'c_paiement', 'id', 'code', 1); // Payment mode code returned from payment mode id $num_chq = ''; $emetteur_nom = ''; $emetteur_banque = ''; @@ -879,7 +886,7 @@ if ($ispaymentok) { $db->rollback(); } } else { - $postactionmessages[] = 'Failed to get a valid value for "amount paid" ('.$FinalPaymentAmt.') or "payment type" ('.$paymentType.') to record the payment of invoice '.$tmptag['INV'].'. May be payment was already recorded.'; + $postactionmessages[] = 'Failed to get a valid value for "amount paid" ('.$FinalPaymentAmt.') or "payment type id" ('.$paymentTypeId.') to record the payment of invoice '.$tmptag['INV'].'. May be payment was already recorded.'; $ispostactionok = -1; } } else { @@ -994,7 +1001,7 @@ if ($ispaymentok) { $ispostactionok = -1; } } else { - $postactionmessages[] = 'Failed to get a valid value for "amount paid" (' . $FinalPaymentAmt . ') or "payment type" (' . $paymentType . ') to record the payment of order ' . $tmptag['ORD'] . '. May be payment was already recorded.'; + $postactionmessages[] = 'Failed to get a valid value for "amount paid" (' . $FinalPaymentAmt . ') or "payment type id" (' . $paymentTypeId . ') to record the payment of order ' . $tmptag['ORD'] . '. May be payment was already recorded.'; $ispostactionok = -1; } } else { @@ -1054,7 +1061,7 @@ if ($ispaymentok) { } $paiement->fk_donation = $don->id; - $paiement->datepaid = $now; + $paiement->datep = $now; $paiement->paymenttype = $paymentTypeId; $paiement->num_payment = ''; $paiement->note_public = 'Online payment '.dol_print_date($now, 'standard').' from '.$ipaddress; @@ -1108,7 +1115,7 @@ if ($ispaymentok) { $db->rollback(); } } else { - $postactionmessages[] = 'Failed to get a valid value for "amount paid" ('.$FinalPaymentAmt.') or "payment type" ('.$paymentType.') to record the payment of donation '.$tmptag['DON'].'. May be payment was already recorded.'; + $postactionmessages[] = 'Failed to get a valid value for "amount paid" ('.$FinalPaymentAmt.') or "payment type id" ('.$paymentTypeId.') to record the payment of donation '.$tmptag['DON'].'. May be payment was already recorded.'; $ispostactionok = -1; } } else { @@ -1299,7 +1306,7 @@ if ($ispaymentok) { } } } else { - $postactionmessages[] = 'Failed to get a valid value for "amount paid" ('.$FinalPaymentAmt.') or "payment type" ('.$paymentType.') to record the payment of invoice '.$tmptag['ATT'].'. May be payment was already recorded.'; + $postactionmessages[] = 'Failed to get a valid value for "amount paid" ('.$FinalPaymentAmt.') or "payment type id" ('.$paymentTypeId.') to record the payment of invoice '.$tmptag['ATT'].'. May be payment was already recorded.'; $ispostactionok = -1; } } else { @@ -1492,7 +1499,7 @@ if ($ispaymentok) { } } } else { - $postactionmessages[] = 'Failed to get a valid value for "amount paid" ('.$FinalPaymentAmt.') or "payment type" ('.$paymentType.') to record the payment of invoice '.$tmptag['ATT'].'. May be payment was already recorded.'; + $postactionmessages[] = 'Failed to get a valid value for "amount paid" ('.$FinalPaymentAmt.') or "payment type id" ('.$paymentTypeId.') to record the payment of invoice '.$tmptag['ATT'].'. May be payment was already recorded.'; $ispostactionok = -1; } } else { @@ -1509,9 +1516,9 @@ if ($ispaymentok) { $onlinetoken = empty($PAYPALTOKEN) ? $_SESSION['onlinetoken'] : $PAYPALTOKEN; $payerID = empty($PAYPALPAYERID) ? $_SESSION['payerID'] : $PAYPALPAYERID; // Set by newpayment.php - $paymentType = $_SESSION['PaymentType']; $currencyCodeType = $_SESSION['currencyCodeType']; $FinalPaymentAmt = $_SESSION["FinalPaymentAmt"]; + $paymentType = $_SESSION['PaymentType']; // Seems used by paypal only if (is_object($object) && method_exists($object, 'call_trigger')) { // Call trigger