| Index: trunk/extensions/DonationInterface/payflowpro_gateway/payflowpro_gateway.body.php |
| — | — | @@ -68,6 +68,7 @@ |
| 69 | 69 | |
| 70 | 70 | |
| 71 | 71 | $wgOut->addScript( Skin::makeVariablesScript( $scriptVars ) ); |
| | 72 | + |
| 72 | 73 | // establish the edit token to prevent csrf |
| 73 | 74 | global $wgPayflowGatewaySalt; |
| 74 | 75 | $token = $this->fnPayflowEditToken( $wgPayflowGatewaySalt ); //$wgUser->editToken( 'mrxc877668DwQQ' ); |
| — | — | @@ -259,9 +260,9 @@ |
| 260 | 261 | $stateMenu = ''; |
| 261 | 262 | |
| 262 | 263 | foreach( $states as $value => $fullName ) { |
| 263 | | - if ( $value == $data['state'] ) { |
| 264 | | - $stateMenu .= Xml::option( $fullName, $value, true ); |
| 265 | | - } else $stateMenu .= Xml::option( $fullName, $value, false ); |
| | 264 | + if ( $value == $data['state'] ) { |
| | 265 | + $stateMenu .= Xml::option( $fullName, $value, true ); |
| | 266 | + } else $stateMenu .= Xml::option( $fullName, $value, false ); |
| 266 | 267 | } |
| 267 | 268 | |
| 268 | 269 | //currencies |
| Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/custom_filters.body.php |
| — | — | @@ -0,0 +1,88 @@ |
| | 2 | +<?php |
| | 3 | + |
| | 4 | +class PayflowProGateway_Extras_CustomFilters extends PayflowProGateway_Extras { |
| | 5 | + /** |
| | 6 | + * A value for tracking the 'riskiness' of a transaction |
| | 7 | + * |
| | 8 | + * The action to take based on a transaction's riskScore is determined by |
| | 9 | + * $action_ranges. This is built assuming a range of possible risk scores |
| | 10 | + * as 0-100, although you can probably bend this as needed. |
| | 11 | + * @var public int |
| | 12 | + */ |
| | 13 | + public $risk_score; |
| | 14 | + |
| | 15 | + /** |
| | 16 | + * Define the action to take for a given $risk_score |
| | 17 | + * @var public array |
| | 18 | + */ |
| | 19 | + public $action_ranges; |
| | 20 | + |
| | 21 | + /** |
| | 22 | + * A container for the gateway object |
| | 23 | + * |
| | 24 | + * This gets populated on construction. |
| | 25 | + * @var object |
| | 26 | + */ |
| | 27 | + public $gateway_object; |
| | 28 | + |
| | 29 | + /** |
| | 30 | + * A container for data from the gateway |
| | 31 | + * |
| | 32 | + * This gets populated on construction. |
| | 33 | + */ |
| | 34 | + public $gateway_data; |
| | 35 | + |
| | 36 | + /** |
| | 37 | + * A container for an instance of self |
| | 38 | + */ |
| | 39 | + static $instance; |
| | 40 | + |
| | 41 | + public function __construct( &$pfp_gateway_object, &$data ) { |
| | 42 | + parent::__construct(); |
| | 43 | + |
| | 44 | + $this->gateway_object =& $pfp_gateway_object; |
| | 45 | + $this->gateway_data =& $data; |
| | 46 | + |
| | 47 | + // load user action ranges and risk score |
| | 48 | + global $wgPayflowGatewayCustomFiltersActionRanges, $wgPayflowGatewayCustomFiltersRiskScore; |
| | 49 | + if ( isset( $wgPayflowGatewayCustomFiltersActionRanges )) $this->action_ranges = $wgPayflowGatewayCustomFiltersActionRanges; |
| | 50 | + if ( isset( $wgPayflowGatewayCustomFiltersRiskScore )) $this->risk_score = $wgPayflowGatewayCustomFiltersRiskScore; |
| | 51 | + } |
| | 52 | + |
| | 53 | + /** |
| | 54 | + * Determine the action to take for a transaction based on its $risk_score |
| | 55 | + * |
| | 56 | + * @return string The action to take |
| | 57 | + */ |
| | 58 | + public function determineAction() { |
| | 59 | + foreach ( $this->action_ranges as $action => $range ) { |
| | 60 | + if ( $this->risk_score >= $range[0] && $this->risk_score <= $range[1] ) { |
| | 61 | + return $action; |
| | 62 | + } |
| | 63 | + } |
| | 64 | + } |
| | 65 | + |
| | 66 | + /** |
| | 67 | + * Run the transaction through the custom filters |
| | 68 | + */ |
| | 69 | + public function validate() { |
| | 70 | + // expose a hook for custom filters |
| | 71 | + wfRunHooks( 'PayflowGatewayCustomFilter', array( $this )); |
| | 72 | + $this->gateway_object->action = $this->determineAction(); |
| | 73 | + |
| | 74 | + $log_msg = '"' . $this->gateway_object->action . "\"\t\"" . $this->risk_score . "\""; |
| | 75 | + $this->log( $this->gateway_data['contribution_tracking_id'], 'Filtered', $log_msg ); |
| | 76 | + return TRUE; |
| | 77 | + } |
| | 78 | + |
| | 79 | + static function onValidate( &$pfp_gateway_object, &$data ) { |
| | 80 | + return self::singleton( $pfp_gateway_object, $data )->validate(); |
| | 81 | + } |
| | 82 | + |
| | 83 | + static function singleton( &$pfp_gateway_object, &$data ) { |
| | 84 | + if ( !self::$instance ) { |
| | 85 | + self::$instance = new self( $pfp_gateway_object, $data ); |
| | 86 | + } |
| | 87 | + return self::$instance; |
| | 88 | + } |
| | 89 | +} |
| Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/custom_filters.php |
| — | — | @@ -0,0 +1,48 @@ |
| | 2 | +<?php |
| | 3 | +/** |
| | 4 | + * Provides a unified way to define and run custom filters for incoming transactions |
| | 5 | + * |
| | 6 | + * Running filters through 'custom filters' rather than directly through the validate hook in the gateway |
| | 7 | + * offers the advantage of simplifying the passage of relvent data between filters/validators that's |
| | 8 | + * needed to perform more complex validation/filtering of transactions. |
| | 9 | + * |
| | 10 | + * The actual filters themselves are regular MW extensions and can optional be organized in filters/ |
| | 11 | + * They should be invoked by using the 'PayflowGatewayCustomFilter' hook, which will pass the entire |
| | 12 | + * CustomFilter object to the filter. The gateway object and its data are included in the CustomFilter |
| | 13 | + * object. |
| | 14 | + */ |
| | 15 | + |
| | 16 | +if ( !defined( 'MEDIAWIKI' ) ) { |
| | 17 | + die( "This file is part of the MinFraud for PayflowPro Gateway extension. It is not a valid entry point.\n" ); |
| | 18 | +} |
| | 19 | + |
| | 20 | +$wgExtensionCredits['payflowprogateway_custom_filters'][] = array( |
| | 21 | + 'name' => 'custom filters', |
| | 22 | + 'author' =>'Arthur Richards', |
| | 23 | + 'url' => '', |
| | 24 | + 'description' => 'This extension provides a way to define custom filters for incoming transactions for the Payflow Pro gateway.' |
| | 25 | +); |
| | 26 | + |
| | 27 | +/** |
| | 28 | + * Define the action to take for a given $risk_score |
| | 29 | + */ |
| | 30 | +$wgPayflowGatewayCustomFiltersActionRanges = array( |
| | 31 | + 'process' => array( 0, 100 ), |
| | 32 | + 'review' => array( -1, -1 ), |
| | 33 | + 'challenge' => array( -1, -1 ), |
| | 34 | + 'reject' => array( -1, -1 ), |
| | 35 | +); |
| | 36 | + |
| | 37 | +/** |
| | 38 | + * A value for tracking the 'riskiness' of a transaction |
| | 39 | + * |
| | 40 | + * The action to take based on a transaction's riskScore is determined by |
| | 41 | + * $action_ranges. This is built assuming a range of possible risk scores |
| | 42 | + * as 0-100, although you can probably bend this as needed. |
| | 43 | + */ |
| | 44 | +$wgPayflowGatewayCustomFiltersRiskScore = 0; |
| | 45 | + |
| | 46 | +$dir = dirname( __FILE__ ) . "/"; |
| | 47 | +$wgAutoloadClasses['PayflowProGateway_Extras_CustomFilters'] = $dir . "custom_filters.body.php"; |
| | 48 | + |
| | 49 | +$wgHooks["PayflowGatewayValidate"][] = array( 'PayflowProGateway_Extras_CustomFilters::onValidate' ); |
| Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/filters/minfraud/minfraud.body.php |
| — | — | @@ -0,0 +1,44 @@ |
| | 2 | +<?php |
| | 3 | +/** |
| | 4 | + * Wrapper for using minFraud extra as a custom filter |
| | 5 | + * |
| | 6 | + * Essentially runs minfraud query as the regular minFraud extra extension does |
| | 7 | + * with slight modifications. So all we do here is overload validate() |
| | 8 | + * and add in some extra customFilters specific stuff. |
| | 9 | + */ |
| | 10 | + |
| | 11 | +class PayflowProGateway_Extras_CustomFilters_MinFraud extends PayflowProGateway_Extras_MinFraud { |
| | 12 | + static $instance; |
| | 13 | + |
| | 14 | + public function validate( &$custom_filter_object ) { |
| | 15 | + $pfp_gateway_object =& $custom_filter_object->gateway_object; |
| | 16 | + $data =& $custom_filter_object->gateway_data; |
| | 17 | + |
| | 18 | + // see if we can bypass minfraud |
| | 19 | + if ( $this->can_bypass_minfraud( $pfp_gateway_object, $data )) return TRUE; |
| | 20 | + |
| | 21 | + $minfraud_query = $this->build_query( $data ); |
| | 22 | + $this->query_minfraud( $minfraud_query ); |
| | 23 | + $pfp_gateway_object->action = 'Filter';//$this->determine_action( $this->minfraud_response[ 'riskScore' ] ); |
| | 24 | + |
| | 25 | + $custom_filter_object->risk_score = $custom_filter_object->risk_score + $this->minfraud_response['riskScore']; |
| | 26 | + |
| | 27 | + // Write the query/response to the log |
| | 28 | + // @fixme this will cause the 'action' to be logged even though it's premature here |
| | 29 | + $this->log_query( $pfp_gateway_object, $data ); |
| | 30 | + return TRUE; |
| | 31 | + |
| | 32 | + } |
| | 33 | + |
| | 34 | + static function onValidate( &$custom_filter_object ) { |
| | 35 | + return self::singleton()->validate( $custom_filter_object ); |
| | 36 | + } |
| | 37 | + |
| | 38 | + static function singleton() { |
| | 39 | + if ( !self::$instance ) { |
| | 40 | + self::$instance = new self; |
| | 41 | + } |
| | 42 | + return self::$instance; |
| | 43 | + } |
| | 44 | + |
| | 45 | +} |
| Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/filters/minfraud/minfraud.php |
| — | — | @@ -0,0 +1,46 @@ |
| | 2 | +<?php |
| | 3 | +/** |
| | 4 | + * Custom filter using minFraud |
| | 5 | + * |
| | 6 | + * Essentially acts as a wrapper for the minFraud extra and runs minFraud |
| | 7 | + * queries via custom filter paradigm. This allows us to capture the |
| | 8 | + * riskScore from minfraud and adjust it with our own custom filters and |
| | 9 | + * risk score modifications. |
| | 10 | + * |
| | 11 | + * This inherits minFraud settings form the main minFraud extension. To make |
| | 12 | + * transactions run through minFraud outside of custom filters, set |
| | 13 | + * $wgMinFraudStandalone = TRUE |
| | 14 | + * |
| | 15 | + * To install: |
| | 16 | + * require_once( "$IP/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/filters/minfraud.php" ); |
| | 17 | + */ |
| | 18 | + |
| | 19 | + $wgExtensionCredits['payflowprogateway_extras_customfilters_minfraud'][] = array( |
| | 20 | + 'name' => 'minfraud custom filter', |
| | 21 | + 'author' =>'Arthur Richards', |
| | 22 | + 'url' => '', |
| | 23 | + 'description' => 'This extension uses the MaxMind minFraud service as a validator for the Payflow Pro gateway via custom filters.' |
| | 24 | +); |
| | 25 | + |
| | 26 | +/** |
| | 27 | + * Set minFraud to NOT run in standalone mode. |
| | 28 | + * |
| | 29 | + * If minFraud is set to run in standalone mode, it will not be run |
| | 30 | + * through custom filters. If you do not know what you're doing |
| | 31 | + * or otherwise have this set up incorrectly, you may have unexpected |
| | 32 | + * results. If you want minFraud to run OUTSIDE of custom filters, |
| | 33 | + * you will want to make sure you know whether minFraud queries are |
| | 34 | + * happening before or after custom filters, defined by the order of |
| | 35 | + * your require statements in LocalSettings. |
| | 36 | + */ |
| | 37 | +$wgMinFraudStandalone = FALSE; |
| | 38 | + |
| | 39 | +$dir = dirname( __FILE__ ) . "/"; |
| | 40 | +$wgAutoloadClasses['PayflowProGateway_Extras_MinFraud'] = $dir . "../../../minfraud/minfraud.body.php"; |
| | 41 | +$wgAutoloadClasses['PayflowProGateway_Extras_CustomFilters_MinFraud'] = $dir . "minfraud.body.php"; |
| | 42 | +$wgExtensionFunctions[] = 'efCustomFiltersMinFraudSetup'; |
| | 43 | + |
| | 44 | +function efCustomFiltersMinFraudSetup() { |
| | 45 | + global $wgMinFraudStandalone, $wgHooks; |
| | 46 | + if ( !$wgMinFraudStandalone ) $wgHooks[ 'PayflowGatewayCustomFilter' ][] = array( "PayflowProGateway_Extras_CustomFilters_MinFraud::onValidate" ); |
| | 47 | +} |
| Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/minfraud.body.php |
| — | — | @@ -35,6 +35,7 @@ |
| 36 | 36 | parent::__construct(); |
| 37 | 37 | $dir = dirname( __FILE__ ) .'/'; |
| 38 | 38 | require_once( $dir . "ccfd/CreditCardFraudDetection.php" ); |
| | 39 | + require_once( $dir . "../../includes/countryCodes.inc" ); |
| 39 | 40 | global $wgMinFraudLicenseKey, $wgMinFraudActionRanges; |
| 40 | 41 | |
| 41 | 42 | // set the minfraud license key, go no further if we don't have it |
| — | — | @@ -65,8 +66,16 @@ |
| 66 | 67 | if ( isset( $data[ 'data_hash' ] )) unset( $data[ 'data_hash' ] ); |
| 67 | 68 | $data[ 'action' ] = $this->generate_hash( $pfp_gateway_object->action ); |
| 68 | 69 | $data[ 'data_hash' ] = $this->generate_hash( serialize( $data )); |
| 69 | | - |
| 70 | | - // log the message if the user has specified a log file |
| | 70 | + |
| | 71 | + // Write the query/response to the log |
| | 72 | + $this->log_query( $pfp_gateway_object, $data ); |
| | 73 | + return TRUE; |
| | 74 | + } |
| | 75 | + |
| | 76 | + /** |
| | 77 | + * Logs a minFraud query and its response |
| | 78 | + */ |
| | 79 | + public function log_query( $pfp_gateway_object, $data ) { |
| 71 | 80 | if ( $this->log_fh ) { |
| 72 | 81 | $log_message = '"' . addslashes( $data[ 'comment' ] ) . '"'; |
| 73 | 82 | $log_message .= "\t" . '"' . addslashes( $data[ 'amount' ] . ' ' . $data[ 'currency' ] ) . '"'; |
| — | — | @@ -76,7 +85,6 @@ |
| 77 | 86 | $log_message .= "\t" . '"' . addslashes( $data[ 'referrer' ] ) . '"'; |
| 78 | 87 | $this->log( $data[ 'contribution_tracking_id' ], 'minFraud query', $log_message ); |
| 79 | 88 | } |
| 80 | | - return TRUE; |
| 81 | 89 | } |
| 82 | 90 | |
| 83 | 91 | /** |
| — | — | @@ -159,7 +167,7 @@ |
| 160 | 168 | $minfraud_array[ "license_key" ] = $this->minfraud_license_key; |
| 161 | 169 | |
| 162 | 170 | // user's IP address |
| 163 | | - $minfraud_array[ "i" ] ='12.12.12.12';// wfGetIP(); |
| | 171 | + $minfraud_array[ "i" ] = wfGetIP(); |
| 164 | 172 | |
| 165 | 173 | // user's user agent |
| 166 | 174 | global $wgRequest; |
| — | — | @@ -244,7 +252,6 @@ |
| 245 | 253 | * @return array of actions to be taken |
| 246 | 254 | */ |
| 247 | 255 | public function determine_action( $risk_score ) { |
| 248 | | - $actions = array(); |
| 249 | 256 | foreach ( $this->action_ranges as $action => $range ) { |
| 250 | 257 | if ( $risk_score >= $range[0] && $risk_score <= $range[1] ) { |
| 251 | 258 | return $action; |
| Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/minfraud.php |
| — | — | @@ -48,11 +48,24 @@ |
| 49 | 49 | 'reject' => array( -1, -1 ) |
| 50 | 50 | ); |
| 51 | 51 | |
| | 52 | +/** |
| | 53 | + * Define whether or not to run minFraud in stand alone mode |
| | 54 | + * |
| | 55 | + * If this is set to run in standalone, these scripts will be |
| | 56 | + * accessed directly via the "PayflowGatewayValidate" hook. |
| | 57 | + * You may not want to run this in standalone mode if you prefer |
| | 58 | + * to use this in conjunction with Custom Filters. This has the |
| | 59 | + * advantage of sharing minFraud info with other filters. |
| | 60 | + */ |
| | 61 | +$wgMinFraudStandalone = TRUE; |
| | 62 | + |
| 52 | 63 | $dir = dirname( __FILE__ ) . "/"; |
| 53 | | -require_once( $dir . "../../includes/countryCodes.inc" ); |
| 54 | 64 | $wgAutoloadClasses['PayflowProGateway_Extras_MinFraud'] = $dir . "minfraud.body.php"; |
| 55 | 65 | |
| 56 | | -/** |
| 57 | | - * Sets minFraud as a validator for transactions |
| 58 | | - */ |
| 59 | | -$wgHooks["PayflowGatewayValidate"][] = array( 'PayflowProGateway_Extras_MinFraud::onValidate' ); |
| | 66 | +$wgExtensionFunctions[] = 'efMinFraudSetup'; |
| | 67 | + |
| | 68 | +function efMinFraudSetup() { |
| | 69 | + // if we're in standalone mode, use the PayflowGatewayValidate hook |
| | 70 | + global $wgMinFraudStandalone, $wgHooks; |
| | 71 | + if ( $wgMinFraudStandalone ) $wgHooks["PayflowGatewayValidate"][] = array( 'PayflowProGateway_Extras_MinFraud::onValidate' ); |
| | 72 | +} |
| Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/ccfd/CreditCardFraudDetection.php |
| — | — | @@ -26,8 +26,8 @@ |
| 27 | 27 | var $API_VERSION; |
| 28 | 28 | |
| 29 | 29 | function __construct() { |
| 30 | | - $this->HTTPBase(); |
| 31 | | - $this->isSecure = 1; // use HTTPS by default |
| | 30 | + parent::__construct(); |
| | 31 | + $this->isSecure = 1; // use HTTPS by default |
| 32 | 32 | |
| 33 | 33 | //set the allowed_fields hash |
| 34 | 34 | $this->allowed_fields["i"] = 1; |
| Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/ccfd/TelephoneVerification.php |
| — | — | @@ -5,8 +5,8 @@ |
| 6 | 6 | var $numservers; |
| 7 | 7 | var $API_VERSION; |
| 8 | 8 | function __construct(){ |
| 9 | | - $this->HTTPBase(); |
| 10 | | - $this->isSecure = 1; // use HTTPS by default |
| | 9 | + parent::__construct(); |
| | 10 | + $this->isSecure = 1; // use HTTPS by default |
| 11 | 11 | |
| 12 | 12 | //set the allowed_fields hash |
| 13 | 13 | $this->allowed_fields["l"] = 1; |
| Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/ccfd/LocationVerification.php |
| — | — | @@ -26,8 +26,8 @@ |
| 27 | 27 | var $API_VERSION; |
| 28 | 28 | |
| 29 | 29 | function __construct() { |
| 30 | | - $this->HTTPBase(); |
| 31 | | - $this->isSecure = 1; // use HTTPS by default |
| | 30 | + parent::__construct(); |
| | 31 | + $this->isSecure = 1; // use HTTPS by default |
| 32 | 32 | |
| 33 | 33 | //set the allowed_fields hash |
| 34 | 34 | $this->allowed_fields["i"] = 1; |