PluginProbe ʕ •ᴥ•ʔ
FraudLabs Pro for WooCommerce / 2.24.2
FraudLabs Pro for WooCommerce v2.24.2
2.24.2 2.24.1 2.24.0 trunk 2.10.0 2.10.1 2.10.10 2.10.11 2.10.12 2.10.13 2.10.14 2.10.2 2.10.3 2.10.4 2.10.5 2.10.6 2.10.7 2.10.8 2.10.9 2.11.0 2.11.1 2.11.10 2.11.11 2.11.2 2.11.3 2.11.4 2.11.5 2.11.6 2.11.7 2.11.8 2.11.9 2.12.0 2.12.1 2.12.2 2.12.3 2.12.4 2.12.5 2.12.6 2.13.0 2.13.1 2.13.10 2.13.2 2.13.3 2.13.4 2.13.5 2.13.6 2.13.7 2.13.8 2.13.9 2.14.0 2.14.1 2.14.10 2.14.11 2.14.2 2.14.3 2.14.4 2.14.5 2.14.6 2.14.7 2.14.8 2.14.9 2.15.0 2.16.0 2.16.1 2.16.10 2.16.11 2.16.12 2.16.13 2.16.14 2.16.15 2.16.16 2.16.17 2.16.18 2.16.19 2.16.2 2.16.3 2.16.4 2.16.5 2.16.6 2.16.7 2.16.8 2.16.9 2.17.0 2.17.1 2.17.2 2.17.3 2.17.4 2.17.5 2.17.6 2.17.7 2.17.8 2.18.0 2.18.1 2.18.2 2.18.3 2.18.4 2.18.5 2.19.0 2.19.1 2.19.2 2.19.3 2.20.0 2.20.1 2.20.2 2.20.3 2.21.0 2.21.1 2.22.0 2.22.1 2.22.10 2.22.11 2.22.12 2.22.13 2.22.14 2.22.15 2.22.2 2.22.3 2.22.4 2.22.5 2.22.6 2.22.7 2.22.8 2.22.9 2.23.0 2.23.1 2.23.2 2.23.3 2.23.4 2.23.5 2.23.6 2.23.7 2.8.17 2.9.0 2.9.1 2.9.2 2.9.3 2.9.4 2.9.5
fraudlabs-pro-for-woocommerce / vendor / fraudlabspro / fraudlabspro-php / src / FraudValidation.php
fraudlabs-pro-for-woocommerce / vendor / fraudlabspro / fraudlabspro-php / src Last commit date
Configuration.php 5 years ago FraudValidation.php 5 years ago Http.php 5 years ago SmsVerification.php 5 years ago
FraudValidation.php
235 lines
1 <?php
2
3 namespace FraudLabsPro;
4
5 /**
6 * FraudLabsPro FraudValidation module.
7 * Validates order for possible fraud and feedback user decision.
8 */
9 class FraudValidation
10 {
11 /**
12 * Order statuses.
13 *
14 * @const string
15 */
16 const APPROVE = 'APPROVE';
17 const REJECT = 'REJECT';
18 const REJECT_BLACKLIST = 'REJECT_BLACKLIST';
19
20 /**
21 * Payment methods.
22 *
23 * @const string
24 */
25 const CREDIT_CARD = 'CREDITCARD';
26 const PAYPAL = 'PAYPAL';
27 const GOOGLE_CHECKOUT = 'GOOGLECHECKOUT';
28 const CASH_ON_DELIVERY = 'COD';
29 const MONEY_ORDER = 'MONEYORDER';
30 const WIRE_TRANSFER = 'WIRED';
31 const BANK_DEPOSIT = 'BANKDEPOSIT';
32 const BITCOIN = 'BITCOIN';
33 const OTHERS = 'OTHERS';
34
35 /**
36 * ID types.
37 *
38 * @const string
39 */
40 const FLP_ID = 'fraudlabspro_id';
41 const ORDER_ID = 'user_order_id';
42
43 private $flpApiKey = '';
44
45 public function __construct($config)
46 {
47 $this->flpApiKey = $config->apiKey;
48 }
49
50 /**
51 * Validate order for possible fraud.
52 *
53 * @param array $params parameters of order details
54 *
55 * @return object fraudLabs Pro result in JSON object
56 */
57 public function validate($params = [])
58 {
59 $queries = [
60 'key' => $this->flpApiKey,
61 'format' => 'json',
62 'source' => 'FraudLabsPro PHP SDK',
63 'source_version' => Configuration::VERSION,
64 'session_id' => session_id(),
65 'flp_check_sum' => (isset($_COOKIE['flp_checksum'])) ? $_COOKIE['flp_checksum'] : '',
66
67 // Billing information
68 'ip' => (isset($params['ip'])) ? $params['ip'] : $this->getClientIp(),
69 'first_name' => (isset($params['billing']['firstName'])) ? $params['billing']['firstName'] : '',
70 'last_name' => (isset($params['billing']['lastName'])) ? $params['billing']['lastName'] : '',
71 'username_hash' => (isset($params['billing']['username'])) ? $this->doHash($params['billing']['username']) : '',
72 'email' => (isset($params['billing']['email'])) ? $params['billing']['email'] : '',
73 'email_domain' => (isset($params['billing']['email'])) ? substr($params['billing']['email'], strpos($params['billing']['email'], '@') + 1) : '',
74 'email_hash' => (isset($params['billing']['email'])) ? $this->doHash($params['billing']['email']) : '',
75 'user_phone' => (isset($params['billing']['phone'])) ? preg_replace('/\D/', '', $params['billing']['phone']) : '',
76 'bill_addr' => (isset($params['billing']['address'])) ? $params['billing']['address'] : '',
77 'bill_city' => (isset($params['billing']['city'])) ? $params['billing']['city'] : '',
78 'bill_state' => (isset($params['billing']['state'])) ? $params['billing']['state'] : '',
79 'bill_zip_code' => (isset($params['billing']['postcode'])) ? $params['billing']['postcode'] : '',
80 'bill_country' => (isset($params['billing']['country'])) ? $params['billing']['country'] : '',
81
82 // Order information
83 'user_order_id' => (isset($params['order']['orderId'])) ? $params['order']['orderId'] : '',
84 'user_order_memo' => (isset($params['order']['note'])) ? $params['order']['note'] : '',
85 'amount' => (isset($params['order']['amount'])) ? number_format($params['order']['amount'], 2, '.', '') : 0,
86 'quantity' => (isset($params['order']['quantity'])) ? $params['order']['quantity'] : 1,
87 'currency' => (isset($params['order']['currency'])) ? $params['order']['currency'] : 'USD',
88 'department' => (isset($params['order']['department'])) ? $params['order']['department'] : '',
89 'payment_mode' => (isset($params['order']['paymentMethod'])) ? $params['order']['paymentMethod'] : '',
90
91 // Credit card information
92 'bin_no' => (isset($params['card']['number'])) ? substr($params['card']['number'], 0, 9) : '',
93 'card_hash' => (isset($params['card']['number'])) ? $this->doHash($params['card']['number']) : '',
94 'avs_result' => (isset($params['card']['avs'])) ? $params['card']['avs'] : '',
95 'cvv_result' => (isset($params['card']['cvv'])) ? $params['card']['cvv'] : '',
96
97 // Shipping information
98 'ship_addr' => (isset($params['shipping']['address'])) ? $params['shipping']['address'] : '',
99 'ship_city' => (isset($params['shipping']['city'])) ? $params['shipping']['city'] : '',
100 'ship_state' => (isset($params['shipping']['state'])) ? $params['shipping']['state'] : '',
101 'ship_zip_code' => (isset($params['shipping']['postcode'])) ? $params['shipping']['postcode'] : '',
102 'ship_country' => (isset($params['shipping']['country'])) ? $params['shipping']['country'] : '',
103 ];
104
105 $http = new Http();
106 $response = $http->post('https://api.fraudlabspro.com/v1/order/screen', $queries);
107
108 if (($json = json_decode($response)) === null) {
109 return false;
110 }
111
112 return $json;
113 }
114
115 /**
116 * Sends decision back to FraudLabs Pro.
117 *
118 * @param array $params parameters of order details
119 *
120 * @return object fraudLabs Pro result in JSON object
121 */
122 public function feedback($params = [])
123 {
124 $validStatuses = [
125 self::APPROVE, self::REJECT, self::REJECT_BLACKLIST,
126 ];
127
128 $status = (isset($params['status'])) ? $params['status'] : '';
129
130 if (!in_array($status, $validStatuses)) {
131 throw new \RuntimeException('Invalid order status provided');
132 }
133
134 $queries = [
135 'key' => $this->flpApiKey,
136 'format' => 'json',
137 'source_version' => Configuration::VERSION,
138 'id' => (isset($params['id'])) ? $params['id'] : '',
139 'action' => $status,
140 'note' => (isset($params['note'])) ? $params['note'] : '',
141 'source' => (isset($params['source'])) ? $params['source'] : 'FraudLabsPro PHP SDK',
142 ];
143
144 $http = new Http();
145 $response = $http->post('https://api.fraudlabspro.com/v1/order/feedback', $queries);
146
147 if (($json = json_decode($response)) === null) {
148 return false;
149 }
150
151 return $json;
152 }
153
154 /**
155 * Gets transaction result.
156 *
157 * @param string $id
158 * @param string $type
159 *
160 * @return object fraudLabs Pro result in JSON object
161 */
162 public function getTransaction($id, $type = 'fraudlabspro_id')
163 {
164 if (empty($id)) {
165 throw new \RuntimeException('Invalid transaction ID');
166 }
167
168 $queries = [
169 'key' => $this->flpApiKey,
170 'format' => 'json',
171 'id' => $id,
172 'id_type' => ($type == self::FLP_ID) ? self::FLP_ID : self::ORDER_ID,
173 ];
174
175 $http = new Http();
176 $response = $http->get('https://api.fraudlabspro.com/v1/order/result?' . http_build_query($queries));
177
178 if (($json = json_decode($response)) === null) {
179 return false;
180 }
181
182 return $json;
183 }
184
185 /**
186 * Gets client IP address.
187 *
188 * @return string IP address
189 */
190 private function getClientIp()
191 {
192 // If website is hosted behind CloudFlare protection.
193 if (isset($_SERVER['HTTP_CF_CONNECTING_IP']) && filter_var($_SERVER['HTTP_CF_CONNECTING_IP'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
194 return $_SERVER['HTTP_CF_CONNECTING_IP'];
195 }
196
197 // Some load balancer using this header.
198 if (isset($_SERVER['X-Real-IP']) && filter_var($_SERVER['X-Real-IP'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
199 return $_SERVER['X-Real-IP'];
200 }
201
202 // Common header when web server is running behind a reversed proxy server.
203 if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
204 $ip = trim(current(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])));
205
206 if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
207 return $ip;
208 }
209 }
210
211 return $_SERVER['REMOTE_ADDR'];
212 }
213
214 /**
215 * Hashes a string to protect its real value.
216 *
217 * @param mixed $value
218 * @param mixed $prefix
219 *
220 * @return string hashed string
221 */
222 private function doHash($value, $prefix = 'fraudlabspro_')
223 {
224 $hash = $prefix . $value;
225
226 for ($i = 0; $i < 65536; ++$i) {
227 $hash = sha1($prefix . $hash);
228 }
229
230 return $hash;
231 }
232 }
233
234 class_alias('FraudLabsPro\FraudValidation', 'FraudLabsPro_FraudValidation');
235