Андрей (andy) wrote in changelog,
Андрей
andy
changelog

[ljcom] r9551: LJSUP-6936 (Webmoney integration): check...

Committer: ailyin
LJSUP-6936 (Webmoney integration): checkpoint commit; changes have not been tested yet
U   trunk/cgi-bin/LJ/Pay/Method/WebMoney.pm
U   trunk/cgi-bin/LJ/Pay/Method.pm
U   trunk/cvs/killfile-local.conf
D   trunk/htdocs/pay/paymeth/
A   trunk/ssldocs/shop/webmoney-callback.bml
U   trunk/templates/Shop/method/webmoney.tmpl
Modified: trunk/cgi-bin/LJ/Pay/Method/WebMoney.pm
===================================================================
--- trunk/cgi-bin/LJ/Pay/Method/WebMoney.pm	2010-09-27 04:01:26 UTC (rev 9550)
+++ trunk/cgi-bin/LJ/Pay/Method/WebMoney.pm	2010-09-27 06:53:50 UTC (rev 9551)
@@ -3,13 +3,12 @@
 use strict;
 use base qw(LJ::Pay::Method);
 
+use Digest::MD5 qw();
+
 sub code { 'webmoney' }
 
 sub checkout_should_redirect { 0 }
 
-## webmoney is temporary disabled 
-sub suitable_for { 0 }
-
 sub checkout_render {
     my ($class, $cart, $title, $body) = @_;
 
@@ -71,24 +70,30 @@
     my $remote = LJ::get_remote();
     my $amt = sprintf("%.02f", $cart->{amount});
 
-    my $format = BML::ml('/pay/modify.bml.webmoney.whattodo.comment.format', {
-        orderid => $cart->get_cart_as_string,
-        user => $remote->user,
-    });
+    my $form_intro = LJ::html_hidden(
+        'LMI_PAYEE_PURSE' => $LJ::PAY_WEBMONEY_PURSE_ID,
+        'LMI_PAYMENT_AMOUNT' => $amt,
+        'LMI_PAYMENT_NO' => $cart->get_payid,
+        'LMI_PAYMENT_DESC' => 'LiveJournal Shop payment',
+        'LMI_SIM_MODE' => $LJ::PAY_WEBMONEY_TEST_SIM_MODE,
+        'anum' => $cart->get_anum,
+    );
 
-    my $wmk_href = "wmk:payto?" .
-        "purse=$LJ::PAY_WEBMONEY_PURSE_ID&" .
-        "amount=$amt&" .
-        "desc=$format";
-
-    return { signup_aopts => "href='$LJ::PAY_WEBMONEY_SIGNUP_URL'",
-             amount => "\$$amt WMZ",
-             purseid => $LJ::PAY_WEBMONEY_PURSE_ID,
-             orderid => $cart->get_cart_as_string,
-             remote_user => $remote ? $remote->user : '[unknown user]',
-             format_aopts => "href='$wmk_href'", 
-             webmoney_url => $LJ::PAY_WEBMONEY_REDIR_URL,
+    return {
+        amt => $amt,
+        form_intro => $form_intro,
     };
 }
 
+sub check_signature {
+    my ($class, $string, $hash) = @_;
+
+    if ($LJ::PAY_WEBMONEY_SIGN_METHOD eq 'MD5') {
+        return uc(Digest::MD5::md5_hex($string)) eq $hash;
+    }
+
+    warn "unsupported signature method $LJ::PAY_WEBMONEY_SIGN_METHOD";
+    return;
+}
+
 1;

Modified: trunk/cgi-bin/LJ/Pay/Method.pm
===================================================================
--- trunk/cgi-bin/LJ/Pay/Method.pm	2010-09-27 04:01:26 UTC (rev 9550)
+++ trunk/cgi-bin/LJ/Pay/Method.pm	2010-09-27 06:53:50 UTC (rev 9551)
@@ -62,6 +62,7 @@
         'CreditCard',
         'PayPal',
         'YandexMoney',
+        'WebMoney',
     ],
     'other' => [
         'Free',

Modified: trunk/cvs/killfile-local.conf
===================================================================
--- trunk/cvs/killfile-local.conf	2010-09-27 04:01:26 UTC (rev 9550)
+++ trunk/cvs/killfile-local.conf	2010-09-27 06:53:50 UTC (rev 9551)
@@ -2,3 +2,5 @@
 cgi-bin/LJ/Widget/ShopVGiftItem.pm
 cgi-bin/LJ/Bitly.pm
 cgi-bin/LJ/API/Twitter.pm
+htdocs/pay/paymeth/webmoney.bml
+htdocs/pay/paymeth

Added: trunk/ssldocs/shop/webmoney-callback.bml
===================================================================
--- trunk/ssldocs/shop/webmoney-callback.bml	                        (rev 0)
+++ trunk/ssldocs/shop/webmoney-callback.bml	2010-09-27 06:53:50 UTC (rev 9551)
@@ -0,0 +1,121 @@
+<?_code
+{
+    use strict;
+
+    my $act = LJ::Request->get_param('act');
+
+    return LJ::Lang::ml('error.invalidform')
+        unless $act && $act =~ /^(?:success|fail|result)$/;
+
+    my $payid = LJ::Request->post_param('LMI_PAYMENT_NO');
+    my $anum = LJ::Request->post_param('anum');
+
+    my $cart = LJ::Pay::Payment->load(
+        'payid' => $payid,
+        'anum' => $anum,
+    );
+
+    return 'cannot load cart' unless $cart;
+
+    if ($act =~ /^(?:success|fail)$/) {
+        # user is directed here, and we're supposed to show
+        # him some interface related to his successful or failed
+        # payment
+
+        # TBD: log something at this point?
+
+        if ($act eq 'success') {
+            return LJ::Request->redirect(
+                "$LJ::SITEROOT/shop/thankyou.bml?" .
+                'cart=' . $cart->get_cart_as_string
+            );
+        }
+
+        if ($act eq 'fail') {
+            return LJ::Request->redirect(
+                "$LJ::SSLROOT/shop/checkout.bml?" .
+                'cart=' . $cart->get_cart_as_string
+            );
+        }
+    }
+
+    if ($act eq 'result') {
+        # either it is a prerequest, or it is a payment
+        # notification. either way, let's check some
+        # basic things first.
+
+        # alias we're going to use repeatedly
+        my %form = LJ::Request->post_params;
+
+        # they must pay to our purse
+        return 'invalid purse'
+            unless $form{'LMI_PAYEE_PURSE'} eq $LJ::PAY_WEBMONEY_PURSE_ID;
+
+        # they must pay as much money as we need
+        return 'invalid payment amount'
+            unless $form{'LMI_PAYMENT_AMOUNT'} == $cart->get_amount;
+
+        # they must use the same test mode
+        return 'invalid test mode'
+            unless $form{'LMI_MODE'} == $LJ::PAY_WEBMONEY_TEST_MODE;
+
+        # alright, now this depends on whether this is a prerequest
+
+        if ($form{'LMI_PREREQUEST'}) {
+            # in fact, there is no further checking we need to do;
+            # let's tell webmoney that we're willing to accept that.
+
+            # TBD: log the PAYER_WM here?
+
+            return 'YES';
+        } else {
+            # alright, so now webmoney tells us that the
+            # transaction is complete. the last thing we
+            # need to check if whether it really is webmoney
+            # (digital signature), and then we need to
+            # log it and mark the cart as paid for
+
+            # signature
+            my @signed_parts = qw(
+                LMI_PAYEE_PURSE
+                LMI_PAYMENT_AMOUNT
+                LMI_PAYMENT_NO
+                LMI_MODE
+                LMI_SYS_INVS_NO
+                LMI_SYS_TRANS_NO
+                LMI_SYS_TRANS_DATE
+                LMI_SECRET_KEY
+                LMI_PAYER_PURSE
+                LMI_PAYER_WM
+            );
+
+            my %sign_data = map { $_ => $form{$_} } @signed_parts;
+            $sign_data{'LMI_SECRET_KEY'} = $LJ::PAY_WEBMONEY_SECRET_KEY;
+
+            my $sign_str = '';
+            $sign_str .= $sign_data{$_} foreach (@signed_parts);
+
+            # we consider the logic of signing stuff to be complex
+            # enough, so it is done in Pay::Method::WebMoney
+            return 'invalid signature'
+                unless LJ::Pay::Method::WebMoney->check_signature(
+                    $sign_str, $form{'LMI_HASH'}
+                );
+
+            # set some payvars with the transaction details
+            my %payvars_map = (
+                'LMI_MODE'              => 'webmoney-mode',
+                'LMI_SYS_INVS_NO'       => 'webmoney-invs-no',
+                'LMI_SYS_TRANS_NO'      => 'webmoney-trans-no',
+                'LMI_SYS_TRANS_DATE'    => 'webmoney-trans-date',
+                'LMI_PAYER_PURSE'       => 'webmoney-payer-purse',
+                'LMI_PAYER_WM'          => 'webmoney-payer-wmid',
+            );
+
+            foreach my $k (keys %payvars_map) {
+                $cart->payvar_add( $payvars_map{$k} => $form{$k} );
+            }
+        }
+    }
+}
+_code?>

Modified: trunk/templates/Shop/method/webmoney.tmpl
===================================================================
--- trunk/templates/Shop/method/webmoney.tmpl	2010-09-27 04:01:26 UTC (rev 9550)
+++ trunk/templates/Shop/method/webmoney.tmpl	2010-09-27 06:53:50 UTC (rev 9551)
@@ -1,15 +1,11 @@
 <div class="b-wmpay">
-	<h2><TMPL_VAR expr="ml('/pay/modify.bml.webmoney.title')"></h2>
-	<p><strong><TMPL_VAR expr="ml('/pay/modify.bml.webmoney.intro')"></strong></p>
-	<p><TMPL_VAR expr="ml('/pay/modify.bml.webmoney.whattodo')"></p>
-	<ol class="b-wmpay-options">
-		<li><TMPL_VAR expr="ml('/pay/modify.bml.webmoney.whattodo.signin', 'aopts', signup_aopts)"></li>
-		<li><TMPL_VAR expr="ml('/pay/modify.bml.webmoney.whattodo.sendmoney', 'amount', amount, 'purseid', purseid)"></li>
-		<li><TMPL_VAR expr="ml('/pay/modify.bml.webmoney.whattodo.comment', 'orderid', orderid, 'sitename', lj_sitename )"><br />"<TMPL_VAR expr="ml('/pay/modify.bml.webmoney.whattodo.comment.format', 'orderid', orderid, 'user', remote_user)">". <TMPL_VAR expr="ml('/pay/modify.bml.webmoney.whattodo.comment.format.link', 'aopts', format_aopts)"></li>
-		<li><TMPL_VAR expr="ml('/pay/modify.bml.webmoney.whattodo.time')"></li>
-	</ol>
-	<p><TMPL_VAR expr="ml('/pay/modify.bml.webmoney.thankyou')"></p>
-	<form method='get' action='<TMPL_VAR webmoney_url>'>
-		<button type="submit"><TMPL_VAR expr="ml('/pay/modify.bml.btn.continue_webmoney')"></button>
-	</form>
+<form action="https://merchant.webmoney.ru/lmi/payment.asp" method="post">
+<TMPL_VAR form_intro>
+
+<p>The cost of your order is <TMPL_VAR amt> WMZ.</p>
+
+<p><button type="submit">Proceed with WebMoney</button></p>
+
+</form>
+
 </div>

Tags: andy, bml, conf, ljcom, pm, tmpl
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments