From 005fe63ec76356b7b4a0e9b61485125025e7d7b5 Mon Sep 17 00:00:00 2001 From: Eli Diaz Date: Sat, 4 May 2024 08:51:48 -0400 Subject: [PATCH 1/2] Implement SecureToken for Authorization and Purchase --- src/Message/AuthorizeRequest.php | 103 +++++++++++++++++++++++++++---- 1 file changed, 90 insertions(+), 13 deletions(-) diff --git a/src/Message/AuthorizeRequest.php b/src/Message/AuthorizeRequest.php index 688f7d1..a26fd4b 100644 --- a/src/Message/AuthorizeRequest.php +++ b/src/Message/AuthorizeRequest.php @@ -47,6 +47,16 @@ * echo "Transaction reference = " . $sale_id . "\n"; * } * + * + * ## Secure Token + Transparent Redirect Work Flow + * + * To avoid PCI compliance auditing on your server, you can use + * Payflow's secure token and transparent redirect. The work flow + * for authorization is similar to a sale with a divided data flow + * for the card and non-card data: + * + * @see https://developer.paypal.com/docs/classic/payflow/integration-guide/#pci-compliance-without-hosted-pages---transparent-redirect + * */ class AuthorizeRequest extends AbstractRequest { @@ -198,6 +208,56 @@ public function getPoNum() return $this->getParameter('ponum'); } + public function getSecureTokenId() + { + return $this->getParameter('securetokenid'); + } + + public function setSecureTokenId($value) + { + return $this->setParameter('securetokenid', $value); + } + + public function getCreateSecureToken() + { + return $this->getParameter('createsecuretoken'); + } + + public function setCreateSecureToken($value) + { + return $this->setParameter('createsecuretoken', $value); + } + + public function getSilentTran() + { + return $this->getParameter('silenttran'); + } + + public function setSilentTran($value) + { + return $this->setParameter('silenttran', $value); + } + + public function getReturnUrl() + { + return $this->getParameter('returnurl'); + } + + public function setReturnUrl($value) + { + return $this->setParameter('returnurl', $value); + } + + public function getErrorUrl() + { + return $this->getParameter('errorurl'); + } + + public function setErrorUrl($value) + { + return $this->setParameter('errorurl', $value); + } + /** * @deprecated */ @@ -237,25 +297,42 @@ public function getData() $this->validate('amount'); $data = $this->getBaseData(); + /* what if we're wanting a secure ref? */ if ($this->getCardReference()) { $data['ORIGID'] = $this->getCardReference(); if ($this->getCard()) { $data['CVV2'] = $this->getCard()->getCvv(); } } else { - $this->validate('card'); - $this->getCard()->validate(); - - $data['ACCT'] = $this->getCard()->getNumber(); - $data['EXPDATE'] = $this->getCard()->getExpiryDate('my'); - $data['CVV2'] = $this->getCard()->getCvv(); - $data['BILLTOFIRSTNAME'] = $this->getCard()->getFirstName(); - $data['BILLTOLASTNAME'] = $this->getCard()->getLastName(); - $data['BILLTOSTREET'] = $this->getCard()->getAddress1(); - $data['BILLTOCITY'] = $this->getCard()->getCity(); - $data['BILLTOSTATE'] = $this->getCard()->getState(); - $data['BILLTOZIP'] = $this->getCard()->getPostcode(); - $data['BILLTOCOUNTRY'] = $this->getCard()->getCountry(); + if ($this->getSecureTokenId() && !is_null($this->getCreateSecureToken())) { + $this->validate('securetokenid', 'createsecuretoken', 'silenttran', 'returnurl', 'errorurl'); + + $data['SECURETOKENID'] = $this->getSecureTokenId(); + $data['CREATESECURETOKEN'] = $this->getCreateSecureToken() ? 'Y' : 'N'; + $data['SILENTTRAN'] = $this->getSilentTran() ? 'TRUE' : 'FALSE'; + + if ($this->getReturnUrl()) { + $data['RETURNURL'] = $this->getReturnUrl(); + } + + if ($this->getErrorUrl()) { + $data['ERRORURL'] = $this->getErrorUrl(); + } + } else { + $this->validate('card'); + $this->getCard()->validate(); + + $data['ACCT'] = $this->getCard()->getNumber(); + $data['EXPDATE'] = $this->getCard()->getExpiryDate('my'); + $data['CVV2'] = $this->getCard()->getCvv(); + $data['BILLTOFIRSTNAME'] = $this->getCard()->getFirstName(); + $data['BILLTOLASTNAME'] = $this->getCard()->getLastName(); + $data['BILLTOSTREET'] = $this->getCard()->getAddress1(); + $data['BILLTOCITY'] = $this->getCard()->getCity(); + $data['BILLTOSTATE'] = $this->getCard()->getState(); + $data['BILLTOZIP'] = $this->getCard()->getPostcode(); + $data['BILLTOCOUNTRY'] = $this->getCard()->getCountry(); + } } $data['TENDER'] = 'C'; From d957d11f87beee623bbf7d5b1cf7c1c7ab60cd65 Mon Sep 17 00:00:00 2001 From: Eliurkis Diaz Date: Tue, 8 Oct 2024 18:46:34 -0400 Subject: [PATCH 2/2] Fix issue with strlen receiving null instead of string strlen(): Passing null to parameter #1 ($string) of type string is deprecated in /var/www/php/vendor/omnipay/payflow/src/Message/AuthorizeRequest.php on line 379 --- src/Message/AuthorizeRequest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Message/AuthorizeRequest.php b/src/Message/AuthorizeRequest.php index a26fd4b..afb372e 100644 --- a/src/Message/AuthorizeRequest.php +++ b/src/Message/AuthorizeRequest.php @@ -376,7 +376,7 @@ public function encodeData(array $data) { $output = array(); foreach ($data as $key => $value) { - $output[] = $key.'['.strlen($value).']='.$value; + $output[] = $key.'['.strlen((string) $value).']='.$value; } return implode('&', $output);