fraudlabs-pro-for-woocommerce
/
vendor
/
fraudlabspro
/
fraudlabspro-php
/
src
/
FraudValidation.php
Configuration.php
5 years ago
FraudValidation.php
5 years ago
Http.php
5 years ago
SmsVerification.php
5 years ago
FraudValidation.php
235 lines
| 1 | <?php |
| 2 | |
| 3 | namespace FraudLabsPro; |
| 4 | |
| 5 | /** |
| 6 | * FraudLabsPro FraudValidation module. |
| 7 | * Validates order for possible fraud and feedback user decision. |
| 8 | */ |
| 9 | class FraudValidation |
| 10 | { |
| 11 | /** |
| 12 | * Order statuses. |
| 13 | * |
| 14 | * @const string |
| 15 | */ |
| 16 | const APPROVE = 'APPROVE'; |
| 17 | const REJECT = 'REJECT'; |
| 18 | const REJECT_BLACKLIST = 'REJECT_BLACKLIST'; |
| 19 | |
| 20 | /** |
| 21 | * Payment methods. |
| 22 | * |
| 23 | * @const string |
| 24 | */ |
| 25 | const CREDIT_CARD = 'CREDITCARD'; |
| 26 | const PAYPAL = 'PAYPAL'; |
| 27 | const GOOGLE_CHECKOUT = 'GOOGLECHECKOUT'; |
| 28 | const CASH_ON_DELIVERY = 'COD'; |
| 29 | const MONEY_ORDER = 'MONEYORDER'; |
| 30 | const WIRE_TRANSFER = 'WIRED'; |
| 31 | const BANK_DEPOSIT = 'BANKDEPOSIT'; |
| 32 | const BITCOIN = 'BITCOIN'; |
| 33 | const OTHERS = 'OTHERS'; |
| 34 | |
| 35 | /** |
| 36 | * ID types. |
| 37 | * |
| 38 | * @const string |
| 39 | */ |
| 40 | const FLP_ID = 'fraudlabspro_id'; |
| 41 | const ORDER_ID = 'user_order_id'; |
| 42 | |
| 43 | private $flpApiKey = ''; |
| 44 | |
| 45 | public function __construct($config) |
| 46 | { |
| 47 | $this->flpApiKey = $config->apiKey; |
| 48 | } |
| 49 | |
| 50 | /** |
| 51 | * Validate order for possible fraud. |
| 52 | * |
| 53 | * @param array $params parameters of order details |
| 54 | * |
| 55 | * @return object fraudLabs Pro result in JSON object |
| 56 | */ |
| 57 | public function validate($params = []) |
| 58 | { |
| 59 | $queries = [ |
| 60 | 'key' => $this->flpApiKey, |
| 61 | 'format' => 'json', |
| 62 | 'source' => 'FraudLabsPro PHP SDK', |
| 63 | 'source_version' => Configuration::VERSION, |
| 64 | 'session_id' => session_id(), |
| 65 | 'flp_check_sum' => (isset($_COOKIE['flp_checksum'])) ? $_COOKIE['flp_checksum'] : '', |
| 66 | |
| 67 | // Billing information |
| 68 | 'ip' => (isset($params['ip'])) ? $params['ip'] : $this->getClientIp(), |
| 69 | 'first_name' => (isset($params['billing']['firstName'])) ? $params['billing']['firstName'] : '', |
| 70 | 'last_name' => (isset($params['billing']['lastName'])) ? $params['billing']['lastName'] : '', |
| 71 | 'username_hash' => (isset($params['billing']['username'])) ? $this->doHash($params['billing']['username']) : '', |
| 72 | 'email' => (isset($params['billing']['email'])) ? $params['billing']['email'] : '', |
| 73 | 'email_domain' => (isset($params['billing']['email'])) ? substr($params['billing']['email'], strpos($params['billing']['email'], '@') + 1) : '', |
| 74 | 'email_hash' => (isset($params['billing']['email'])) ? $this->doHash($params['billing']['email']) : '', |
| 75 | 'user_phone' => (isset($params['billing']['phone'])) ? preg_replace('/\D/', '', $params['billing']['phone']) : '', |
| 76 | 'bill_addr' => (isset($params['billing']['address'])) ? $params['billing']['address'] : '', |
| 77 | 'bill_city' => (isset($params['billing']['city'])) ? $params['billing']['city'] : '', |
| 78 | 'bill_state' => (isset($params['billing']['state'])) ? $params['billing']['state'] : '', |
| 79 | 'bill_zip_code' => (isset($params['billing']['postcode'])) ? $params['billing']['postcode'] : '', |
| 80 | 'bill_country' => (isset($params['billing']['country'])) ? $params['billing']['country'] : '', |
| 81 | |
| 82 | // Order information |
| 83 | 'user_order_id' => (isset($params['order']['orderId'])) ? $params['order']['orderId'] : '', |
| 84 | 'user_order_memo' => (isset($params['order']['note'])) ? $params['order']['note'] : '', |
| 85 | 'amount' => (isset($params['order']['amount'])) ? number_format($params['order']['amount'], 2, '.', '') : 0, |
| 86 | 'quantity' => (isset($params['order']['quantity'])) ? $params['order']['quantity'] : 1, |
| 87 | 'currency' => (isset($params['order']['currency'])) ? $params['order']['currency'] : 'USD', |
| 88 | 'department' => (isset($params['order']['department'])) ? $params['order']['department'] : '', |
| 89 | 'payment_mode' => (isset($params['order']['paymentMethod'])) ? $params['order']['paymentMethod'] : '', |
| 90 | |
| 91 | // Credit card information |
| 92 | 'bin_no' => (isset($params['card']['number'])) ? substr($params['card']['number'], 0, 9) : '', |
| 93 | 'card_hash' => (isset($params['card']['number'])) ? $this->doHash($params['card']['number']) : '', |
| 94 | 'avs_result' => (isset($params['card']['avs'])) ? $params['card']['avs'] : '', |
| 95 | 'cvv_result' => (isset($params['card']['cvv'])) ? $params['card']['cvv'] : '', |
| 96 | |
| 97 | // Shipping information |
| 98 | 'ship_addr' => (isset($params['shipping']['address'])) ? $params['shipping']['address'] : '', |
| 99 | 'ship_city' => (isset($params['shipping']['city'])) ? $params['shipping']['city'] : '', |
| 100 | 'ship_state' => (isset($params['shipping']['state'])) ? $params['shipping']['state'] : '', |
| 101 | 'ship_zip_code' => (isset($params['shipping']['postcode'])) ? $params['shipping']['postcode'] : '', |
| 102 | 'ship_country' => (isset($params['shipping']['country'])) ? $params['shipping']['country'] : '', |
| 103 | ]; |
| 104 | |
| 105 | $http = new Http(); |
| 106 | $response = $http->post('https://api.fraudlabspro.com/v1/order/screen', $queries); |
| 107 | |
| 108 | if (($json = json_decode($response)) === null) { |
| 109 | return false; |
| 110 | } |
| 111 | |
| 112 | return $json; |
| 113 | } |
| 114 | |
| 115 | /** |
| 116 | * Sends decision back to FraudLabs Pro. |
| 117 | * |
| 118 | * @param array $params parameters of order details |
| 119 | * |
| 120 | * @return object fraudLabs Pro result in JSON object |
| 121 | */ |
| 122 | public function feedback($params = []) |
| 123 | { |
| 124 | $validStatuses = [ |
| 125 | self::APPROVE, self::REJECT, self::REJECT_BLACKLIST, |
| 126 | ]; |
| 127 | |
| 128 | $status = (isset($params['status'])) ? $params['status'] : ''; |
| 129 | |
| 130 | if (!in_array($status, $validStatuses)) { |
| 131 | throw new \RuntimeException('Invalid order status provided'); |
| 132 | } |
| 133 | |
| 134 | $queries = [ |
| 135 | 'key' => $this->flpApiKey, |
| 136 | 'format' => 'json', |
| 137 | 'source_version' => Configuration::VERSION, |
| 138 | 'id' => (isset($params['id'])) ? $params['id'] : '', |
| 139 | 'action' => $status, |
| 140 | 'note' => (isset($params['note'])) ? $params['note'] : '', |
| 141 | 'source' => (isset($params['source'])) ? $params['source'] : 'FraudLabsPro PHP SDK', |
| 142 | ]; |
| 143 | |
| 144 | $http = new Http(); |
| 145 | $response = $http->post('https://api.fraudlabspro.com/v1/order/feedback', $queries); |
| 146 | |
| 147 | if (($json = json_decode($response)) === null) { |
| 148 | return false; |
| 149 | } |
| 150 | |
| 151 | return $json; |
| 152 | } |
| 153 | |
| 154 | /** |
| 155 | * Gets transaction result. |
| 156 | * |
| 157 | * @param string $id |
| 158 | * @param string $type |
| 159 | * |
| 160 | * @return object fraudLabs Pro result in JSON object |
| 161 | */ |
| 162 | public function getTransaction($id, $type = 'fraudlabspro_id') |
| 163 | { |
| 164 | if (empty($id)) { |
| 165 | throw new \RuntimeException('Invalid transaction ID'); |
| 166 | } |
| 167 | |
| 168 | $queries = [ |
| 169 | 'key' => $this->flpApiKey, |
| 170 | 'format' => 'json', |
| 171 | 'id' => $id, |
| 172 | 'id_type' => ($type == self::FLP_ID) ? self::FLP_ID : self::ORDER_ID, |
| 173 | ]; |
| 174 | |
| 175 | $http = new Http(); |
| 176 | $response = $http->get('https://api.fraudlabspro.com/v1/order/result?' . http_build_query($queries)); |
| 177 | |
| 178 | if (($json = json_decode($response)) === null) { |
| 179 | return false; |
| 180 | } |
| 181 | |
| 182 | return $json; |
| 183 | } |
| 184 | |
| 185 | /** |
| 186 | * Gets client IP address. |
| 187 | * |
| 188 | * @return string IP address |
| 189 | */ |
| 190 | private function getClientIp() |
| 191 | { |
| 192 | // If website is hosted behind CloudFlare protection. |
| 193 | if (isset($_SERVER['HTTP_CF_CONNECTING_IP']) && filter_var($_SERVER['HTTP_CF_CONNECTING_IP'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) { |
| 194 | return $_SERVER['HTTP_CF_CONNECTING_IP']; |
| 195 | } |
| 196 | |
| 197 | // Some load balancer using this header. |
| 198 | if (isset($_SERVER['X-Real-IP']) && filter_var($_SERVER['X-Real-IP'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) { |
| 199 | return $_SERVER['X-Real-IP']; |
| 200 | } |
| 201 | |
| 202 | // Common header when web server is running behind a reversed proxy server. |
| 203 | if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { |
| 204 | $ip = trim(current(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']))); |
| 205 | |
| 206 | if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) { |
| 207 | return $ip; |
| 208 | } |
| 209 | } |
| 210 | |
| 211 | return $_SERVER['REMOTE_ADDR']; |
| 212 | } |
| 213 | |
| 214 | /** |
| 215 | * Hashes a string to protect its real value. |
| 216 | * |
| 217 | * @param mixed $value |
| 218 | * @param mixed $prefix |
| 219 | * |
| 220 | * @return string hashed string |
| 221 | */ |
| 222 | private function doHash($value, $prefix = 'fraudlabspro_') |
| 223 | { |
| 224 | $hash = $prefix . $value; |
| 225 | |
| 226 | for ($i = 0; $i < 65536; ++$i) { |
| 227 | $hash = sha1($prefix . $hash); |
| 228 | } |
| 229 | |
| 230 | return $hash; |
| 231 | } |
| 232 | } |
| 233 | |
| 234 | class_alias('FraudLabsPro\FraudValidation', 'FraudLabsPro_FraudValidation'); |
| 235 |