Skip to content

Commit

Permalink
add fraud protection
Browse files Browse the repository at this point in the history
  • Loading branch information
@proseLA
proseLA committed May 6, 2023
1 parent 1f8f54a commit 2b45d8d
Show file tree
Hide file tree
Showing 3 changed files with 234 additions and 160 deletions.
3 changes: 2 additions & 1 deletion includes/languages/english/modules/payment/authorizenet_cim.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
released under GPU
https://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
04/2020 project: authorizenet_cim; file: authorizenet_cim.php; version 2.1.1
05/2023 project: authorizenet_cim; file: authorizenet_cim.php; version 2.3.3
*/

define('MODULE_PAYMENT_AUTHORIZENET_CIM_TEXT_ADMIN_TITLE',
Expand Down Expand Up @@ -43,6 +43,7 @@
define('MODULE_PAYMENT_AUTHORIZENET_CIM_TEXT_DECLINED_MESSAGE',
'Your credit card could not be authorized for this reason. Please correct the information and try again or contact us for further assistance.');
define('MODULE_PAYMENT_AUTHORIZENET_CIM_TEXT_ERROR', 'Credit Card Error!');
define('MODULE_PAYMENT_AUTHORIZENET_CIM_FRAUD_WARNING', 'Sorry, due to the increasing amount of fraud we are forced to limit credit card usage.')

define('MODULE_PAYMENT_AUTHORIZENET_CIM_ENTRY_REFUND_TITLE', '<strong>Refund Transactions</strong>');
define('MODULE_PAYMENT_AUTHORIZENET_CIM_ENTRY_REFUND', 'You may refund money to the customer\'s credit card here:');
Expand Down
312 changes: 161 additions & 151 deletions includes/modules/pages/card_update/header_php.php
View file
Original file line number Diff line number Diff line change
@@ -1,174 +1,184 @@
<?php
/* portions copyright by... zen-cart.com
/* portions copyright by... zen-cart.com
developed and brought to you by proseLA
https://rossroberts.com
developed and brought to you by proseLA
https://rossroberts.com
released under GPU
https://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
released under GPU
https://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
04/2021 project: authorizenet_cim; file: header_php.php; version 2.3.0
*/
04/2021 project: authorizenet_cim; file: header_php.php; version 2.3.3
*/

// if the customer is not logged on, redirect them to the login page
if (!zen_is_logged_in() || zen_in_guest_checkout()) {
$_SESSION['navigation']->set_snapshot();
zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
} else {
// validate customer
if (zen_get_customer_validate_session($_SESSION['customer_id']) == false) {
$_SESSION['navigation']->set_snapshot();
zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
}
}
$customer_id = $_SESSION['customer_id'];

$addressSelected = $_POST['address_selection'] ?? '';

require_once DIR_WS_MODULES . 'require_languages.php';

require_once DIR_FS_CATALOG . DIR_WS_LANGUAGES . $_SESSION['language'] . '/modules/payment/authorizenet_cim.php';
require DIR_WS_MODULES . 'payment/authorizenet_cim.php';

$cim = new authorizenet_cim();
$userProfile = $cim->getCustomerProfile($customer_id);
$user = $cim->getCustomer();

if ($userProfile == false) {
$messageStack->add_session(FILENAME_ACCOUNT, 'Sorry, you have no credit cards on file.', 'error');
zen_redirect(zen_href_link(FILENAME_ACCOUNT, '', 'SSL'));
}

if (isset($_POST['delete_cid'])) {
$payment_profile = $cim->checkValidPaymentProfile($customer_id, $_POST['delete_cid']);
if ($payment_profile['valid']) {
$delete_cid = $cim->deleteCustomerPaymentProfile($userProfile, $payment_profile['payment_profile_id']);

$start = strpos($delete_cid, 'ERROR');
$startE0040 = strpos($delete_cid, 'E00040');
if (($start === false) || ($startE0040 !== false)) {
$messageStack->add_session(FILENAME_CARD_UPDATE, 'Your credit card has been deleted!', 'success');
} else {
$messageStack->add_session(FILENAME_CARD_UPDATE,
'There was a problem deleting your card. Please contact the store owner.', 'error');
}
} else {
$messageStack->add_session(FILENAME_CARD_UPDATE,
'There was a problem deleting your card. Please contact the store owner.', 'error');
trigger_error('trying to delete card not part of cust: ' . $customer_id . ' card_cid: ' . $_POST['delete_cid']);
}
}

if (isset($_POST['update_cid'])) {
$payment_profile = $cim->checkValidPaymentProfile($customer_id, $_POST['update_cid']);
$update_cid = $cim->updateCustomerPaymentProfile($userProfile, $payment_profile['payment_profile_id']);

$start = strpos($update_cid, 'ERROR');
if ($start === false) {
$messageStack->add_session(FILENAME_ACCOUNT, 'Your credit card has been UPDATED!', 'success');
$cim->updateDefaultCustomerBillto($addressSelected);
zen_redirect(zen_href_link(FILENAME_ACCOUNT, '', 'SSL'));
} else {
$messageStack->add_session(FILENAME_CARD_UPDATE, 'Problem updating your card: ' . $update_cid, 'error');
zen_redirect(zen_href_link(FILENAME_CARD_UPDATE, '', 'SSL'));
}
}

if (isset($_POST['new_cid'])) {
$new_cid = $cim->createCustomerPaymentProfileRequest();

$start = strpos($new_cid, 'ERROR');
if ($start === false) {
$messageStack->add_session(FILENAME_ACCOUNT, 'You have successfully added a new Credit Card!', 'success');
$cim->updateDefaultCustomerBillto($addressSelected);
zen_redirect(zen_href_link(FILENAME_ACCOUNT, '', 'SSL'));
} else {
$messageStack->add_session(FILENAME_CARD_UPDATE, 'There was a problem adding your card: ' . $new_cid,
'error');
zen_redirect(zen_href_link(FILENAME_CARD_UPDATE, '', 'SSL'));
}
}
$today = getdate();
for ($i = $today['year']; $i < $today['year'] + 10; $i++) {
$expires_year[] = [
'id' => strftime('%y', mktime(0, 0, 0, 1, 1, $i)),
'text' => strftime('%Y', mktime(0, 0, 0, 1, 1, $i))
];
}
for ($i = 1; $i < 13; $i++) {
$expires_month[] = [
'id' => sprintf('%02d', $i),
'text' => strftime('%B', mktime(0, 0, 0, $i, 1, 2000))
];
}

if (($messageStack->size('card_update') > 0) && (($_REQUEST['action'] ?? '') !== 'delete')) {
echo $messageStack->output('card_update');
$messageStack->reset();
}
$h2_title = 'Select Billing Address for Credit Card or Enter New Billing Address';
$div_id = 'cc_address';
$new_address_title = 'New Bill-To Address';

$breadcrumb->add(NAVBAR_TITLE_1, zen_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE);

if (($_SESSION['emp_admin_login'] ?? false) === true) {
$cards_saved = $cim->getCustomerCardsAsArray($customer_id, true);
} else {
$cards_saved = $cim->getCustomerCardsAsArray($customer_id);
}

$addresses_query = "SELECT address_book_id, entry_firstname as firstname, entry_lastname as lastname,
if (!zen_is_logged_in() || zen_in_guest_checkout()) {
$_SESSION['navigation']->set_snapshot();
zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
} else {
// validate customer
if (zen_get_customer_validate_session($_SESSION['customer_id']) == false) {
$_SESSION['navigation']->set_snapshot();
zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
}
}
$customer_id = $_SESSION['customer_id'];

$customers_orders = $db->Execute("SELECT o.orders_id, o.date_purchased, o.order_total, o.currency, o.currency_value,
cgc.amount
FROM " . TABLE_ORDERS . " o
LEFT JOIN " . TABLE_COUPON_GV_CUSTOMER . " cgc ON o.customers_id = cgc.customer_id
WHERE customers_id = " . (int)$customer_id . "
ORDER BY date_purchased desc");

if ($customers_orders->RecordCount() < 1) {
zen_redirect(zen_href_link(FILENAME_ACCOUNT, '', 'SSL'));
}
$addressSelected = $_POST['address_selection'] ?? '';

require_once DIR_WS_MODULES . 'require_languages.php';

require_once DIR_FS_CATALOG . DIR_WS_LANGUAGES . $_SESSION['language'] . '/modules/payment/authorizenet_cim.php';
require DIR_WS_MODULES . 'payment/authorizenet_cim.php';

$cim = new authorizenet_cim();
$userProfile = $cim->getCustomerProfile($customer_id);
$user = $cim->getCustomer();

if ($userProfile == false) {
$messageStack->add_session(FILENAME_ACCOUNT, 'Sorry, you have no credit cards on file.', 'error');
zen_redirect(zen_href_link(FILENAME_ACCOUNT, '', 'SSL'));
}

if (isset($_POST['delete_cid'])) {
$payment_profile = $cim->checkValidPaymentProfile($customer_id, $_POST['delete_cid']);
if ($payment_profile['valid']) {
$delete_cid = $cim->deleteCustomerPaymentProfile($userProfile, $payment_profile['payment_profile_id']);

$start = strpos($delete_cid, 'ERROR');
$startE0040 = strpos($delete_cid, 'E00040');
if (($start === false) || ($startE0040 !== false)) {
$messageStack->add_session(FILENAME_CARD_UPDATE, 'Your credit card has been deleted!', 'success');
} else {
$messageStack->add_session(FILENAME_CARD_UPDATE,
'There was a problem deleting your card. Please contact the store owner.', 'error');
}
} else {
$messageStack->add_session(FILENAME_CARD_UPDATE,
'There was a problem deleting your card. Please contact the store owner.', 'error');
trigger_error('trying to delete card not part of cust: ' . $customer_id . ' card_cid: ' . $_POST['delete_cid']);
}
}

if (isset($_POST['update_cid'])) {
$payment_profile = $cim->checkValidPaymentProfile($customer_id, $_POST['update_cid']);
$update_cid = $cim->updateCustomerPaymentProfile($userProfile, $payment_profile['payment_profile_id']);

$start = strpos($update_cid, 'ERROR');
if ($start === false) {
$messageStack->add_session(FILENAME_ACCOUNT, 'Your credit card has been UPDATED!', 'success');
$cim->updateDefaultCustomerBillto($addressSelected);
zen_redirect(zen_href_link(FILENAME_ACCOUNT, '', 'SSL'));
} else {
$messageStack->add_session(FILENAME_CARD_UPDATE, 'Problem updating your card: ' . $update_cid, 'error');
zen_redirect(zen_href_link(FILENAME_CARD_UPDATE, '', 'SSL'));
}
}

if (isset($_POST['new_cid'])) {
$new_cid = $cim->createCustomerPaymentProfileRequest();

$start = strpos($new_cid, 'ERROR');
if ($start === false) {
$messageStack->add_session(FILENAME_ACCOUNT, 'You have successfully added a new Credit Card!', 'success');
$cim->updateDefaultCustomerBillto($addressSelected);
zen_redirect(zen_href_link(FILENAME_ACCOUNT, '', 'SSL'));
} else {
$messageStack->add_session(FILENAME_CARD_UPDATE, 'There was a problem adding your card: ' . $new_cid,
'error');
zen_redirect(zen_href_link(FILENAME_CARD_UPDATE, '', 'SSL'));
}
}
$today = getdate();
for ($i = $today['year']; $i < $today['year'] + 10; $i++) {
$expires_year[] = [
'id' => strftime('%y', mktime(0, 0, 0, 1, 1, $i)),
'text' => strftime('%Y', mktime(0, 0, 0, 1, 1, $i)),
];
}
for ($i = 1; $i < 13; $i++) {
$expires_month[] = [
'id' => sprintf('%02d', $i),
'text' => strftime('%B', mktime(0, 0, 0, $i, 1, 2000)),
];
}

if (($messageStack->size('card_update') > 0) && (($_REQUEST['action'] ?? '') !== 'delete')) {
echo $messageStack->output('card_update');
$messageStack->reset();
}
$h2_title = 'Select Billing Address for Credit Card or Enter New Billing Address';
$div_id = 'cc_address';
$new_address_title = 'New Bill-To Address';

$breadcrumb->add(NAVBAR_TITLE_1, zen_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE);

if (($_SESSION['emp_admin_login'] ?? false) === true) {
$cards_saved = $cim->getCustomerCardsAsArray($customer_id, true);
} else {
$cards_saved = $cim->getCustomerCardsAsArray($customer_id);
}

$addresses_query = "SELECT address_book_id, entry_firstname as firstname, entry_lastname as lastname,
entry_company as company, entry_street_address as street_address, entry_suburb as suburb, entry_city as city,
entry_postcode as postcode,
entry_state as state, entry_zone_id as zone_id, entry_country_id as country_id
FROM " . TABLE_ADDRESS_BOOK . "
WHERE customers_id = :customersID
ORDER BY firstname, lastname";

$addresses_query = $db->bindVars($addresses_query, ':customersID', $customer_id, 'integer');
$addresses = $db->Execute($addresses_query);

while (!$addresses->EOF) {
$format_id = zen_get_address_format_id($addresses->fields['country_id']);
$addressArray[] = [
'firstname' => $addresses->fields['firstname'],
'lastname' => $addresses->fields['lastname'],
'address_book_id' => $addresses->fields['address_book_id'],
'format_id' => $format_id,
'address' => $addresses->fields
];
$addresses->MoveNext();
}
$entry_query = "SELECT entry_country_id
$addresses_query = $db->bindVars($addresses_query, ':customersID', $customer_id, 'integer');
$addresses = $db->Execute($addresses_query);

while (!$addresses->EOF) {
$format_id = zen_get_address_format_id($addresses->fields['country_id']);
$addressArray[] = [
'firstname' => $addresses->fields['firstname'],
'lastname' => $addresses->fields['lastname'],
'address_book_id' => $addresses->fields['address_book_id'],
'format_id' => $format_id,
'address' => $addresses->fields,
];
$addresses->MoveNext();
}
$entry_query = "SELECT entry_country_id
FROM " . TABLE_ADDRESS_BOOK . " a, " . TABLE_CUSTOMERS . " c
WHERE a.customers_id = :customersID
AND a.customers_id = c.customers_id
AND a.address_book_id = c.customers_default_address_id";

$entry_query = $db->bindVars($entry_query, ':customersID', $_SESSION['customer_id'], 'integer');
$entry = $db->Execute($entry_query);
$entry_query = $db->bindVars($entry_query, ':customersID', $_SESSION['customer_id'], 'integer');
$entry = $db->Execute($entry_query);

if ($entry->EOF) {
$entry->fields['entry_country_id'] = '223';
}
$zone_id = 0;
if ($entry->EOF) {
$entry->fields['entry_country_id'] = '223';
}
$zone_id = 0;


$entry->fields['entry_gender'] = 'm';
$entry->fields['entry_firstname'] = '';
$entry->fields['entry_lastname'] = '';
$entry->fields['entry_company'] = '';
$entry->fields['entry_street_address'] = '';
$entry->fields['entry_suburb'] = '';
$entry->fields['entry_city'] = '';
$entry->fields['entry_state'] = '';
$entry->fields['entry_zone_id'] = 0;
$entry->fields['entry_postcode'] = '';
$entry->fields['entry_gender'] = 'm';
$entry->fields['entry_firstname'] = '';
$entry->fields['entry_lastname'] = '';
$entry->fields['entry_company'] = '';
$entry->fields['entry_street_address'] = '';
$entry->fields['entry_suburb'] = '';
$entry->fields['entry_city'] = '';
$entry->fields['entry_state'] = '';
$entry->fields['entry_zone_id'] = 0;
$entry->fields['entry_postcode'] = '';

$flag_show_pulldown_states = true;
$selected_country = 223;
$state_field_label = ENTRY_STATE;
$flag_show_pulldown_states = true;
$selected_country = 223;
$state_field_label = ENTRY_STATE;

include_once(DIR_WS_CLASSES . 'cc_validation.php');
include_once(DIR_WS_CLASSES . 'cc_validation.php');
Loading

0 comments on commit 2b45d8d

Please sign in to comment.