private bool IsFromReceiver(PayPalIPNParameters ipn)
{
// Receiver_email MUST BE equal to the PayPal account ID
bool verified = string.Compare(ipn.receiver_email, _settings.PayPalID, true) == 0;
// If Secure Merchand ID is present and equal to the receiver ID
if (verified && !string.IsNullOrEmpty(_settings.SecureID))
{
verified = verified & (string.Compare(_settings.SecureID, ipn.receiver_id, true) == 0);
}
return(verified);
}
protected void Page_Load(object sender, EventArgs e)
{
_portalLanguage = PortalSettings.DefaultLanguage;
string subject = string.Empty;
string reason = string.Empty;
bool sendEmail = false;
PayPalIPNParameters ipn = new PayPalIPNParameters(Request.Form, Request.BinaryRead(Request.ContentLength));
_settings = new PayPalSettings(StoreSettings.GatewaySettings);
_verificationURL = _settings.UseSandbox ? SandboxVerificationURL : _settings.VerificationURL;
// Verify payment with PayPal
PaymentStatus status = VerifyPayment(ipn);
// What's the user language?
_userLanguage = Request.QueryString["language"];
switch (status)
{
case PaymentStatus.Payed:
int portalId = PortalSettings.PortalId;
// Set order status to "Paid"...
OrderInfo order = UpdateOrderStatus(ipn.invoice, OrderInfo.OrderStatusList.Paid, _userLanguage);
// Add User to Product Roles
OrderController orderController = new OrderController();
orderController.AddUserToRoles(portalId, order);
// Add User to Order Role
StoreInfo storeSetting = StoreController.GetStoreInfo(portalId);
if (storeSetting.OnOrderPaidRoleID != Null.NullInteger)
{
orderController.AddUserToPaidOrderRole(portalId, order.CustomerID, storeSetting.OnOrderPaidRoleID);
}
break;
case PaymentStatus.Pending:
// Inform Store Admin
subject = Localization.GetString("StorePayPalGateway", LocalResourceFile, _portalLanguage) + Localization.GetString("IPNInfo", LocalResourceFile, _portalLanguage);
reason = Localization.GetString("PendingReason_" + ipn.pending_reason, LocalResourceFile, _portalLanguage);
sendEmail = true;
break;
case PaymentStatus.Refunded:
// Inform Store Admin
subject = Localization.GetString("StorePayPalGateway", LocalResourceFile, _portalLanguage) + Localization.GetString("IPNInfo", LocalResourceFile, _portalLanguage);
reason = Localization.GetString("ReasonCode_" + ipn.reason_code, LocalResourceFile, _portalLanguage);
sendEmail = true;
break;
case PaymentStatus.Reversed:
// Inform Store Admin
subject = Localization.GetString("StorePayPalGateway", LocalResourceFile, _portalLanguage) + Localization.GetString("IPNInfo", LocalResourceFile, _portalLanguage);
reason = Localization.GetString("ReasonCode_" + ipn.reason_code, LocalResourceFile, _portalLanguage);
sendEmail = true;
break;
case PaymentStatus.Unattended:
// Alert Store Admin
subject = Localization.GetString("StorePayPalGateway", LocalResourceFile, _portalLanguage) + Localization.GetString("IPNAlert", LocalResourceFile, _portalLanguage);
reason = Localization.GetString("ReasonCode_" + ipn.reason_code, LocalResourceFile, _portalLanguage);
sendEmail = true;
break;
default:
break;
}
// Do we need to send an email to the store admin?
if (sendEmail)
{
if (string.IsNullOrEmpty(reason))
{
reason = ipn.reason_code;
}
string paymentType = Localization.GetString("PaymentType_" + ipn.payment_type, LocalResourceFile, _portalLanguage);
if (string.IsNullOrEmpty(paymentType))
{
paymentType = ipn.payment_type;
}
string paymentStatus = Localization.GetString("PaymentStatus_" + ipn.payment_status, LocalResourceFile, _portalLanguage);
if (string.IsNullOrEmpty(paymentStatus))
{
paymentStatus = ipn.payment_status;
}
string emailIPN = Localization.GetString("EmailIPN", LocalResourceFile, _portalLanguage);
string body = string.Format(emailIPN, ipn.invoice, ipn.txn_id, paymentType, paymentStatus, reason);
SendEmailToAdmin(subject, body);
}
}
private PaymentStatus VerifyPayment(PayPalIPNParameters ipn)
{
PaymentStatus status = PaymentStatus.Invalid;
// Default Alert Reason
string alertReason = Localization.GetString("InvalidIPN", LocalResourceFile, _portalLanguage);
if (ipn.IsValid)
{
// Process notification validation
HttpWebRequest request = WebRequest.Create(_verificationURL) as HttpWebRequest;
if (request != null)
{
request.Method = "POST";
request.ContentLength = ipn.PostString.Length;
request.ContentType = "application/x-www-form-urlencoded";
using (StreamWriter writer = new StreamWriter(request.GetRequestStream()))
{
writer.Write(ipn.PostString);
writer.Close();
}
HttpWebResponse response = request.GetResponse() as HttpWebResponse;
if (response != null)
{
string responseString;
using (StreamReader reader = new StreamReader(response.GetResponseStream()))
{
responseString = reader.ReadToEnd();
reader.Close();
}
// If the transaction is VERIFIED by PayPal
if (string.Compare(responseString, "VERIFIED", true) == 0)
{
// Security checking: is this request come from right PayPal account ID
if (IsFromReceiver(ipn))
{
// Security checking: compares some PayPal fields with order fields
alertReason = Localization.GetString("WrongOrderInfos", LocalResourceFile, _portalLanguage);
OrderController orderController = new OrderController();
OrderInfo order = orderController.GetOrder(PortalSettings.PortalId, ipn.invoice);
// If this order exist
if (order != null)
{
// Currency MUST BE the same!
if (_settings.Currency == ipn.mc_currency)
{
// Everything looks good, validate the transaction!
switch (ipn.payment_status.ToLower())
{
case "completed":
// Grand Total MUST BE the same!
if (Math.Round(order.GrandTotal, 2, MidpointRounding.AwayFromZero) == ipn.mc_gross)
{
status = PaymentStatus.Payed;
}
break;
case "pending":
case "in-progress":
// Grand Total MUST BE the same!
if (Math.Round(order.GrandTotal, 2, MidpointRounding.AwayFromZero) == ipn.mc_gross)
{
status = PaymentStatus.Pending;
}
break;
case "refunded":
status = PaymentStatus.Refunded;
break;
case "reversed":
status = PaymentStatus.Reversed;
break;
default:
status = PaymentStatus.Unattended;
break;
}
}
}
}
else
{
alertReason = Localization.GetString("DifferentReceiverEmail", LocalResourceFile, _portalLanguage);
}
}
else
{
alertReason = Localization.GetString("VerificationFailed", LocalResourceFile, _portalLanguage);
}
}
}
}
// If the transaction is invalid
if ((status == PaymentStatus.Invalid) || (status == PaymentStatus.Unattended))
{
// Add an Admin Alert to the DNN Log
string paypalGateway = Localization.GetString("StorePayPalGateway", LocalResourceFile, _portalLanguage);
string adminAlert = Localization.GetString("SecurityAlert", LocalResourceFile, _portalLanguage);
LogProperties properties = new LogProperties
{
new LogDetailInfo(paypalGateway, adminAlert),
new LogDetailInfo(Localization.GetString("AlertReason", LocalResourceFile, _portalLanguage), alertReason),
new LogDetailInfo(Localization.GetString("FromIP", LocalResourceFile, _portalLanguage), Request.UserHostAddress),
new LogDetailInfo(Localization.GetString("IPNPOSTString", LocalResourceFile, _portalLanguage), ipn.PostString)
};
AddEventLog(EventLogController.EventLogType.ADMIN_ALERT.ToString(), properties, true);
// Send an email to the store admin
SendEmailToAdmin(paypalGateway + " " + adminAlert, Localization.GetString("EmailAlert", LocalResourceFile, _portalLanguage) + "\r\n\r\n" + alertReason);
}
return(status);
}
protected void Page_Load(object sender, EventArgs e)
{
// Do we have any special handling?
PayPalNavigation nav = new PayPalNavigation(Request.QueryString);
switch (nav.GatewayExit.ToUpper())
{
case "CANCEL":
{
InvokePaymentCancelled();
CheckoutControl.Hide();
pnlProceedToPayPal.Visible = false;
return;
}
case "RETURN":
{
PayPalIPNParameters ipn = new PayPalIPNParameters(Request.Form, Request.BinaryRead(Request.ContentLength));
// Here there is no check about the validity of the PayPal response (IPN),
// because it's just a message displayed to the customer.
// Everything is checked in the NOTIFY case received from PayPal in the PayPalIPN.aspx page.
switch (ipn.payment_status.ToLower())
{
case "completed":
InvokePaymentSucceeded();
break;
default:
InvokePaymentRequiresConfirmation();
break;
}
CheckoutControl.Hide();
pnlProceedToPayPal.Visible = false;
return;
}
}
if (nav.GatewayExit.Length > 0)
{
//If the PayPalExit is anything else with length > 0, then don't do any processing
HttpContext.Current.Response.Redirect(Common.Globals.NavigateURL(PortalSettings.ActiveTab.TabID), false);
return;
}
// Continue with display of payment control...
if (Page.IsPostBack == false)
{
PayPalSettings settings = new PayPalSettings(StoreSettings.GatewaySettings);
if (!settings.IsValid())
{
lblError.Text = Localization.GetString("GatewayNotConfigured", LocalResourceFile);
lblError.Visible = true;
pnlProceedToPayPal.Visible = false;
return;
}
SurchargePercent = settings.SurchargePercent;
SurchargeFixed = settings.SurchargeFixed;
btnConfirmOrder.Attributes.Add("OnClick", ScriptAvoidDoubleClick(btnConfirmOrder, Localization.GetString("Processing", this.LocalResourceFile)));
string message = Localization.GetString("lblConfirmMessage", LocalResourceFile);
lblConfirmMessage.Text = string.Format(message, PortalSettings.PortalName);
message = Localization.GetString("paypalimage", LocalResourceFile);
paypalimage.AlternateText = message;
lblError.Text = string.Empty;
lblError.Visible = false;
paypalimage.ImageUrl = settings.ButtonURL;
}
}