search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
chore: ci mariadb stuff - added 11.1 and removed 10.9 (#6834)
[openemr.git] / sphere / process_revert_response.php
blob11c1805e0e6f137048878f9051a6f96ac1d6d7d5
1 <?php
2
3 /**
4 * process_revert_response.php
5 *
6 * Receives the middleman (initial_response.php) script from Sphere to avoid cross origin breakage.
7 * Csrf prevention is maintained.
8 *
9 * @package OpenEMR
10 * @link http://www.open-emr.org
11 * @author Brady Miller <brady.g.miller@gmail.com>
12 * @copyright Copyright (c) 2021 Brady Miller <brady.g.miller@gmail.com>
13 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
14 */
15
16 require_once(__DIR__ . "/../interface/globals.php");
17
18 use OpenEMR\Common\Acl\AclMain;
19 use OpenEMR\Common\Csrf\CsrfUtils;
20 use OpenEMR\Core\Header;
21 use OpenEMR\PaymentProcessing\PaymentProcessing;
22 use OpenEMR\PaymentProcessing\Sphere\SphereRevert;
23
24 if (!CsrfUtils::verifyCsrfToken($_GET["csrf_token"], 'sphere_revert')) {
25 CsrfUtils::csrfNotVerified();
26 }
27
28 if ($GLOBALS['payment_gateway'] != 'Sphere') {
29 die(xlt("Feature not activated"));
30 }
31
32 if (!AclMain::aclCheckCore('acct', 'rep_a')) {
33 die(xlt("Unauthorized access."));
34 }
35 ?>
36
37 <html>
38 <head>
39 <?php
40 Header::setupHeader('opener');
41
42 $auditData = ['get' => $_GET, 'post' => $_POST];
43
44 if (!empty($_POST['status']) && (($_POST['status'] == 'baddata') || ($_POST['status'] == 'error'))) {
45 PaymentProcessing::saveRevertAudit($_POST['uuid_tx'], $_POST['action'], $auditData, 0);
46 echo "<script>opener.sphereRevertNotSuccess(" . js_escape(xl("Aborted since unable to submit transaction") . ": " . $_POST['status'] . " " . $_POST['error'] . " " . $_POST['offenders']) . ");dlgclose();</script>";
47 } else if (!empty($_POST['hash']) && !empty($_POST['token'])) {
48 $sphereRevert = new SphereRevert($_GET['front']);
49
50 // verify that the querystring hash from sphere is authentic and not modified
51 if (!$sphereRevert->checkQuerystringHash($_POST['hash'], $_POST['querystring'])) {
52 $auditData['check_querystring_hash'] = false;
53 PaymentProcessing::saveRevertAudit($_POST['uuid_tx'], $_POST['action'], $auditData, 0);
54 echo "<script>opener.sphereRevertNotSuccess(" . xlj("Aborted since querystring hash was invalid") . ");dlgclose();</script></head><body></body></html>";
55 exit;
56 }
57 $auditData['check_querystring_hash'] = true;
58
59 // complete the transaction
60 $completeRevert = $sphereRevert->completeTransaction($_POST['token']);
61 $auditData['complete_transaction'] = $completeRevert;
62
63 if ($completeRevert['status'] != 'accepted') {
64 PaymentProcessing::saveRevertAudit($_POST['uuid_tx'], $_POST['action'], $auditData, 0, $completeRevert['transid']);
65 $completeRevertToString = "\n";
66 foreach ($completeRevert as $key => $value) {
67 if (!empty($key) || !empty($value)) {
68 $completeRevertToString .= $key . ": " . $value . "\n";
69 }
70 }
71 echo "<script>opener.sphereRevertNotSuccess(" . js_escape(xl("Aborted since unable to complete transaction") . ": " . $completeRevertToString) . ");dlgclose();</script></head><body></body></html>";
72 exit;
73 }
74
75 // Successful revert
76 PaymentProcessing::saveRevertAudit($_POST['uuid_tx'], $_POST['action'], $auditData, 1, $completeRevert['transid']);
77 echo "<script>opener.sphereRevertSuccess(" . js_escape(xl("Successful") . " " . $_POST['action']) . ");dlgclose();</script>";
78 } else {
79 // catch all for errors that are not caught above
80 $auditData['error_custom'] = "Unclear revert error with following querystring: " . $_POST['querystring'];
81 PaymentProcessing::saveRevertAudit($_POST['uuid_tx'], $_POST['action'], $auditData, 0);
82 echo "<script>opener.sphereRevertNotSuccess(" . js_escape(xl("Revert Error") . ": " . $_POST['querystring']) . ");dlgclose();</script>";
83 }
84 ?>
85 </head>
86 <body>
87 </body>
88 </html>
Mirror of official OpenEMR Sourceforge repository