protected void Page_Load(object sender, System.EventArgs e)
{
// This page gets requested by the Ogone payment server, not the client's browser
if (AppLogic.ActivePaymentGatewayCleaned().ToLower() == "ogone")
{
// Check SHASIGN before proceeding
String OgoneSignatureSeed = CommonLogic.FormCanBeDangerousContent("orderID") + CommonLogic.FormCanBeDangerousContent("currency");
OgoneSignatureSeed += CommonLogic.FormCanBeDangerousContent("amount") + CommonLogic.FormCanBeDangerousContent("PM");
OgoneSignatureSeed += CommonLogic.FormCanBeDangerousContent("ACCEPTANCE") + CommonLogic.FormCanBeDangerousContent("STATUS");
OgoneSignatureSeed += CommonLogic.FormCanBeDangerousContent("CARDNO") + CommonLogic.FormCanBeDangerousContent("PAYID");
OgoneSignatureSeed += CommonLogic.FormCanBeDangerousContent("NCERROR") + CommonLogic.FormCanBeDangerousContent("BRAND");
if (CommonLogic.FormCanBeDangerousContent("SHASIGN") == Ogone.Signature(OgoneSignatureSeed))
{
// Valid Ogone request
if (CommonLogic.FormCanBeDangerousContent("STATUS").Substring(0, 1) == "5" || CommonLogic.FormCanBeDangerousContent("STATUS").Substring(0, 1) == "9")
{
String sCustomer = CommonLogic.FormCanBeDangerousContent("orderID").Split(new char[] { '-' }, 2, StringSplitOptions.None).GetValue(0).ToString();
int OgoneCustomerID = Localization.ParseNativeInt(sCustomer);
Customer OgoneCustomer = new Customer(OgoneCustomerID);
ShoppingCart cart = new ShoppingCart(1, OgoneCustomer, CartTypeEnum.ShoppingCart, 0, false);
int OrderNumber = AppLogic.GetNextOrderNumber();
String TransactionID = CommonLogic.FormCanBeDangerousContent("PAYID");
Address UseBillingAddress = new Address();
UseBillingAddress.LoadByCustomer(OgoneCustomer.CustomerID, OgoneCustomer.PrimaryBillingAddressID, AddressTypes.Billing);
String status = Gateway.MakeOrder(String.Empty, AppLogic.TransactionMode(), cart, OrderNumber, String.Empty, String.Empty, TransactionID, String.Empty);
String AVSResult = CommonLogic.FormCanBeDangerousContent("AAVCheck");
String CVCResult = CommonLogic.FormCanBeDangerousContent("CVCCheck");
if (CVCResult.Length > 0)
{
if (AVSResult.Length != 0)
{
AVSResult += ", ";
}
AVSResult += "CV Result: " + CVCResult;
}
String CardNo = CommonLogic.FormCanBeDangerousContent("CARDNO");
String Last4 = CardNo.Substring(CardNo.Length - 4, 4);
String sql = String.Format("update Orders set AVSResult={0}, AuthorizationCode={1}, Last4={2} where OrderNumber={3}",
DB.SQuote(AVSResult), DB.SQuote(CommonLogic.FormCanBeDangerousContent("ACCEPTANCE")), DB.SQuote(Last4), OrderNumber.ToString());
DB.ExecuteSQL(sql);
Response.Redirect(AppLogic.GetStoreHTTPLocation(true) + "orderconfirmation.aspx?ordernumber=" + OrderNumber.ToString() + "&paymentmethod=Credit+Card");
}
}
}
// if it was not a successful order then we will display a message to the customer
Response.Redirect(AppLogic.GetStoreHTTPLocation(true) + "ogone_return.aspx");
}
private string WriteOgonePane(Address BillingAddress)
{
StringBuilder s = new StringBuilder("");
Customer ThisCustomer = ((AspDotNetStorefrontPrincipal)Context.User).ThisCustomer;
String OgoneOrderID = ThisCustomer.CustomerID + "-" + Localization.ToDBDateTimeString(DateTime.Now); // Max length 30 chars, we don't know what the order number will be...
String OgoneAmount = Localization.CurrencyStringForGatewayWithoutExchangeRate((NetTotal)).Replace(".", "");
String OgoneSignatureSeed = OgoneOrderID + OgoneAmount + Localization.StoreCurrency() + AppLogic.AppConfig("Ogone.PSPID");
s.Append("<script type=\"text/javascript\">\n");
s.Append("function OgoneForm_Validator(theForm)\n");
s.Append(" {\n");
s.Append(" submitenabled(theForm);\n");
s.Append(" return (true);\n");
s.Append(" }\n");
s.Append("</script>\n");
s.Append("<body onload=\"javascript:document.forms.OgoneForm.submit();\" >");
s.Append("<form id=\"OgoneForm\" name=\"OgoneForm\" target=\"_top\" action=\"" + CommonLogic.IIF(AppLogic.AppConfigBool("UseLiveTransactions"), AppLogic.AppConfig("Ogone.LivePostURL"), AppLogic.AppConfig("Ogone.TestPostURL")) + "\" method=\"post\" onsubmit=\"return (validateForm(this) && OgoneForm_Validator(this))\">\n");
s.Append("<input type=\"hidden\" name=\"PSPID\" value=\"" + AppLogic.AppConfig("Ogone.PSPID") + "\">\n");
s.Append("<input type=\"hidden\" name=\"amount\" value=\"" + OgoneAmount + "\">\n");
s.Append("<input type=\"hidden\" name=\"orderID\" value=\"" + OgoneOrderID + "\">\n");
s.Append("<input type=\"hidden\" name=\"CN\" value=\"" + BillingAddress.FirstName + " " + BillingAddress.LastName + "\">\n");
s.Append("<input type=\"hidden\" name=\"owneraddress\" value=\"" + BillingAddress.Address1 + "\">\n");
s.Append("<input type=\"hidden\" name=\"ownertown\" value=\"" + BillingAddress.City + "\">\n");
s.Append("<input type=\"hidden\" name=\"ownerZIP\" value=\"" + BillingAddress.Zip + "\">\n");
s.Append("<input type=\"hidden\" name=\"ownercty\" value=\"" + AppLogic.GetCountryTwoLetterISOCode(BillingAddress.Country) + "\">\n");
s.Append("<input type=\"hidden\" name=\"EMAIL\" value=\"" + BillingAddress.EMail + "\">\n");
s.Append("<input type=\"hidden\" name=\"ownertelno\" value=\"" + BillingAddress.Phone + "\">\n");
s.Append("<input type=\"hidden\" name=\"currency\" value=\"" + Localization.StoreCurrency() + "\">\n");
s.Append("<input type=\"hidden\" name=\"language\" value=\"" + ThisCustomer.LocaleSetting.Replace("-", "_") + "\">\n");
s.Append("<input type=\"hidden\" name=\"SHASign\" value=\"" + Ogone.Signature(OgoneSignatureSeed) + "\">\n");
s.Append("<input type=\"hidden\" name=\"accepturl\" value=\"" + AppLogic.GetStoreHTTPLocation(true) + "ogone_postsale.aspx\">\n");
s.Append("<input type=\"hidden\" name=\"declineurl\" value=\"" + AppLogic.GetStoreHTTPLocation(true) + "ogone_postsale.aspx\">\n");
s.Append("<input type=\"hidden\" name=\"exceptionurl\" value=\"" + AppLogic.GetStoreHTTPLocation(true) + "ogone_postsale.aspx\">\n");
s.Append("<input type=\"hidden\" name=\"cancelurl\" value=\"" + AppLogic.GetStoreHTTPLocation(true) + "ogone_postsale.aspx\">\n");
s.Append("</form>\n");
s.Append("</body>");
return(s.ToString());
}
