modules/ec_linkpoint/ec_linkpoint.module

<?php
// $Id: ec_linkpoint.module
/*
 *   20081110
 *   A lot of comments left in for developing, final
 *   may want to remove comments, or have a commented
 *   file and then file with comments removed for module file
 *
 *   A module used for Linkpoint API payment gateway 
 *   with Drupal e-commerce, not ubercart
 *   
 *   This derivation done by Paul Pruett, ec_linkpoint@cocoavillage.com
 *   because, well I needed a linkpoint api for myself ;).
 *   If someone wants to run with this module full time, or help, let me know!
 *
 ********************************************************************
 * OTHER NOTES:
 *
 * ACHTUNG!  The codes expects that the website supports SSL, https
 * and if your website does not allow redirect to https, or is not
 * forced to be https it may fail in a way not explaining. SO be sure
 * to setup webserver so same address with either http or https works!
 *
 * This is a credit card processing interface using the Linkpoint API payment
 * gateway. It requires php to support CURL and SSL.
 *
 * Configuration:
 * From Linkpoint, you get a Store ID, and a certificate (.pem) file.
 * Upload the .pem file to your web server, preferrably NOT under the
 * public_html/www directory.
 *
 * Enter your Store ID, and the location of the .pem file. You can
 * use relative path names. For example, if you uploaded the file to
 * your home directory (the one above your public_html directory), then
 * you can use "../12345.pem"
 * 
 * Note: providing full path recommended - relative path might not work
 * on some systems resulting the following error:
 * "unable to use client certificate (no key found or wrong pass phrase?)"
 *
 ********************************************************************
*/


// We set these defines php constants here at runtime, and why 
// They are used later in the function ec_linkpoint_format_not_accepted
define('LINKPOINT_ERROR_SHORT_VIEW', 0);
define('LINKPOINT_ERROR_MEDIUM_VIEW', 1);
define('LINKPOINT_ERROR_LARGE_VIEW', 2);


/********************************************************************
* Drupal Hooks
********************************************************************/


/**
* Implementation of hook_menu().
*/
function ec_linkpoint_menu($may_cache) {

  $items = array();

  if ($may_cache) {
   $items[] = array(
     'path' => 'store/payment/ec_linkpoint',
     'title' => t('Credit Card Payment'),
     'callback' => 'drupal_get_form',
     'callback arguments' => array('ec_linkpoint_form'),
     'access' => true,
     'type' => MENU_CALLBACK,
     ); 
  $items[] = array(
      'path' => 'admin/ecsettings/ec_linkpoint',
      'title' => 'Linkpoint',
      'callback' => 'drupal_get_form',
      'callback arguments' => array('ec_linkpoint_ec_settings'),
      'access' => user_access('administer store'),
      'type' => MENU_NORMAL_ITEM,
      'description' => t('Configure for the Linkpoint payment gateway'),
    );
  } 
  return $items;
}


/**
* Implementation of hook_help().
*/
function ec_linkpoint_help($section = 'admin/help#ec_linkpoint') {
  switch ($section) {
    case 'admin/ecsettings/ec_linkpoint':
      return t("You need to have a linkpoint merchant account in order to use this module.");
    case 'ec_linkpoint/form_submit_guidlines':
      return t("Be carefull not submit this form again if already paid, or you may be double billed!");
  }
}


// This function provides the settings that you will fill out under menu e-commerce settings/linkpoint
// and the sttings like linkpoint store id will be used to transact
function ec_linkpoint_ec_settings() {

$form['ec_linkpoint_help'] = array(
      '#type' => 'textarea',
      '#title' => t('Explanation or submission guidelines'),
      '#description' => t('This text will be displayed at the top of the credit card submission form.'),
      '#rows' => 5,
      '#required' => TRUE,
      '#default_value' => variable_get('ec_linkpoint_help', ec_linkpoint_help('ec_linkpoint/form_submit_guidlines')),
    );

$form['ec_linkpoint_login'] = array(
      '#type' => 'textfield',
      '#title' => t('Store ID'),
      '#description' => t("Enter your merchant Store ID."),
      '#required' => TRUE,
      '#maxlength' => 70,
      '#default_value' => variable_get('ec_linkpoint_login', ''),
    );

$form['ec_linkpoint_ssl_certificate'] = array(
      '#type' => 'textfield',
      '#title' => t('SSL Certificate'),
      '#description' => t("Enter your merchant SSL certificate (.pem). It is preferred that you enter full server path (like /home/smb/1234567.pem, not ./1234567.pem) "),
      '#required' => TRUE,
      '#maxlength' => 255,
      '#default_value' => variable_get('ec_linkpoint_ssl_certificate', ''),
    );

$form['ec_linkpoint_url'] = array(
      '#type' => 'textfield',
      '#title' => t('Linkpoint processing URL'),
      '#description' => t('URL of the secure payment processing page, including the port number.'),
      '#required' => TRUE,
      '#maxlength' => 70,
      '#default_value' => variable_get('ec_linkpoint_url', 'https://secure.linkpt.net:1129/LSGSXML'),
    );

$form['ec_linkpoint_success_url'] = array(
      '#type' => 'textfield',
      '#title' => t('Successful payment URL'),
      '#description' => t("This is the destination to which you would like to send your customers when their payment has been successfully completed. The URL must be a Drupal system path (without leading slash), e.g. 'product'. If not set, user will see transaction invoice (recommended)."),
      '#required' => FALSE,
      '#maxlength' => 70,
      '#default_value' => variable_get('ec_linkpoint_success_url', ''),
    );

// DEBUG linkpoint payment; Note the code uses a variable set to decide 
// to use LIVE or GOOD for Transaction mode when order processing
// Note, the ubercart linkpoint api appears to use the aliases of Production 
// for LIVE, and Test for GOOD, instead of debug enabled/disabled.
$form['ec_linkpoint_debug'] = array(
      '#type' => 'radios',
      '#title' => t('LinkPoint test mode'),
      '#options' => array(t('Disabled'), t('Enabled')),
      '#description' =>  t('If enabled, transactions will be sent in test GOOD mode - any card numbers will be approved and cards will not be charged. Also, in test mode full connection error description is shown instead of Sorry - Could not connect to payment gateway.'),
      '#default_value' => variable_get('ec_linkpoint_debug', 0),
    );


// We could add this setting option that is not in authorize.net module, may want to not make it an option
// will need to if/then the later checks for https...
//$form['ec_linkpoint_httpsforce'] = array(
//      '#type' => 'radios',
//      '#title' => t('For security verify using url with https for transaction or fault with access denied.'),
//      '#options' => array(t('Disabled'), t('Enabled')),
//      '#description' =>  t('If enabled, this module will redirect and expect url for transaction to support https, ssl. Recommend that this be always enabled and only disable for testing if necessary.'),
//      '#default_value' => variable_get('ec_linkpoint_httpsforce', 1),
//    );
//


// later in the xml we give the ordertype, transaction method.  the orig code set
// this to "SALE" but here we are giving a setting to have option to set to either
// preauth or sale, but default to "SALE" maybe.  For tangible shipped items, you
// should perhaps use PREAUTH, it authorizes a credit card but does not charge it
// But then go back on your linkpoint vitual terminal and AUTH it when shipping?
// Will set default to PREAUTH to be conservative.
$form['ec_linkpoint_ordertype'] = array(
    '#type' => 'radios',
    '#title' => t('Transaction Type'),
    '#default_value' => variable_get('ec_linkpoint_ordertype', 'PREAUTH'),
    '#options' => array(
      'PREAUTH' => t('PREAUTH'), 
      'SALE' => t('SALE'),
  ),
    '#description' => t('Linkpoint states for tangible items or anything that will be shipped to always use PREAUTH. If you are selling a download item etc, use SALE. PREAUTH authorizes a credit card but does not charge it. Go to <a target="_blank" href="http://www.linkpointcentral.com">Linkpoint Central</a> > Reports > Transctions to complete the transaction. SALE automatically charges the card.'),
  );

$form['ec_linkpoint_format_not_accepted'] = array(
      '#type' => 'radios',
      '#title' => t('How to format error message if card is not accepted'),
      '#options' => array(
        LINKPOINT_ERROR_SHORT_VIEW => t('Simply Accepted, Declined or Duplicate'),
        LINKPOINT_ERROR_MEDIUM_VIEW => t('Linkpoint\'s error message without code (e.g. "The order already exists in the database")'),
        LINKPOINT_ERROR_LARGE_VIEW => t('Full Linkpoint\'s error message (e.g. "SGS-005003: The order already exists in the database.")'),
      ),
      '#default_value' => variable_get('ec_linkpoint_format_not_accepted', 0),
    );

return system_settings_form($form);
}


/********************************************************************
 * E-commerce Hooks
 ********************************************************************/

// here is something different than ubercart, the newer e-commerce core has
// hooks for payment interface, like hook_paymentapi
// for the hook_paymentapi we need to return:
// &$txn  The transaction object for an order. This keeps growing in data from screen to screen.
// $op    What kind of action is being performed. 
// see: http://drupalecommerce.org/api/function/hook_paymentapi/53
//
// BTW, we could set form variables so that the return could be custom, but for
// now we will leave it 'Pay with credit card'
//
// notes for $op parameters 
// "display name" 
//   The name of the method displayed to customers.
//   This is purely for display purposes and my be descriptive.
// "on checkout" 
//   Called after the customer selects their payment method. 
//   This can be used for any specific validation the payment method needs to impose. 
//   Be sure to call form_set_error() to raise a warning to the system.
// "form" 
//   Called durring the checkout process. This is used to display options 
//   to the user for choosing between payment options. Nothing wil be displayed 
//   if only one payment option exists.
// "update/insert"
//   Called after the user has submitted the payment page so any additional 
//   payment details can be stored in the database.
// "payment page"
//   Display the form for accepting credit card information or redirect to a 
//   third party payment processor.
// "delete" 
//   Called when the transaction is being deleted 
//
/**
* Implementation of hook_paymentapi().
*/
function ec_linkpoint_paymentapi(&$txn, $op) {
  switch ($op) {
    case 'display name':
      return t('Pay with Credit Card');
    // we have them type the credit card on our site with the ec_linkpoint_goto form
    // then we curl the xml info with linkpoint, therefore we use "payment page" case.
    case 'payment page':
      return ec_linkpoint_goto($txn);
  }
}


// fyi, another hook that ubercart does not use but we need, 
// because e-commerce gateways payment modules
/*
* Implementation of hook_ec_transactionapi().
*
* http://drupalecommerce.org/api/function/hook_ec_transactionapi/53
*
*   Handle store transaction actions.
*
* &$txn 
*   A transaction object, passed by reference.
*
* $op 
*   A string containing the name of the ec_transactionapi operation. Possible values:
*
* "insert"
*   A new transaction is being created. Called by e.g. store_transaction_save(), with 
*   $txn an object containing edit fields Standard records in ec_transaction etc. have 
*   already been inserted. No return value.
* "load"
*   A transaction is being loaded from the database. Called by e.g. store_transaction_load(),
*   with $txn containing the transaction loaded so far.
* "update"
*   A transaction is being updated. Called by e.g. store_transaction_save(), with $txn 
*   an object containing edit fields Standard records in ec_transaction etc. have already
*   been updated. No return value.
* "delete"
*   A transaction is being deleted. The parameter $txn contains all the transaction 
*   information, since the standard records in ec_transaction etc. have already been 
*   deleted. No return value.
* "validate"
*   Transaction $txn is being inserted. Argument $a3 contains the section to validate. 
*   Errors should be set with form_set_error(). No return value. Called by e.g. 
*   store_transaction_validate(), from e.g. 
*   Menu: ?q=admin/store with $_POST['op'] == [ t('Update transaction') or t('Create new transaction')
*   ] on submission of a form to create a new transaction or update an existing transaction. 
*
* $a3 Additional argument, depending on $op.
*
* For "validate", this is the section to validate, in upper case. Possible values include:
*    o 'OVERVIEW':
*    o 'ADDRESSES':
*    o 'ITEMS':
*    o 'ALL' (default): Validate all sections. 
* 
*/ 

function ec_linkpoint_ec_transactionapi(&$txn, $op, $a3 = NULL, $a4 = NULL) {
  // sanity check, we should not be here if not using ec_linkpont
  // maybe we sould check for curl_ini here also?
  if ($txn->payment_method != 'ec_linkpoint') return NULL;
  switch ($op) {
    case 'load':
      $txn->payment = db_fetch_object(db_query("SELECT * FROM {ec_linkpoint_transaction} WHERE txnid = %d", $txn->txnid));
      break;
    case 'insert':
    case 'update':
      ec_linkpoint_save($txn);
      break;
    case 'delete':
      ec_linkpoint_delete($txn);
      break;
  }
}


// ?? I guess this is okay, to call our own function from function ec_linkpoint_ec_transactionapi
// here use save to return the 'update' case and  delete to take action for 'delete' case  ??

function ec_linkpoint_save($txn) {
  if (is_numeric($txn->txnid) && is_numeric($txn->anid)) {

    if (db_result(db_query("SELECT COUNT(txnid) FROM {ec_linkpoint_transaction} WHERE txnid = '%s'", $txn->txnid))) {
      db_query("UPDATE {ec_linkpoint_transaction} SET anid = '%s', amount = '%f' WHERE txnid = %d", $txn->anid, $txn->amount, $txn->txnid);
    }
    else {
      db_query("INSERT INTO {ec_linkpoint_transaction} (txnid, anid, amount) VALUES (%d, '%s', '%f')", $txn->txnid, $txn->anid, $txn->amount);
    }
  }
}

function ec_linkpoint_delete($txn) {
  db_query('DELETE FROM {ec_linkpoint_transaction} WHERE txnid = %d', $txn->txnid);
}


/**
 * This funcition is Called immediately after the user 
 * has clicked the checkout button.
 * Redirect the user to the secure server if not already using https
 * to collect credit card information.
 * (note we are assuming the secure serer is same URL except https instead of http.)
 */
function ec_linkpoint_goto($txn) {

  global $base_url;
  $payment_url = str_replace('http://', 'https://', url('store/payment/ec_linkpoint/'. $txn->txnid, NULL, NULL, TRUE));

  drupal_goto($payment_url);
  exit();
}


// ???? do we need this? I think so, this calls the form to get credit card info from customer?
// Don't see similar function for authorize_net.module ???
// think we pasted this snippet from http://drupal.org/node/142150 to see if could be used ???
/**
* Controller for collecting and processing credit card data.
*/
//function ec_linkpoint_page($txnid = null) {
//
//  $output = ec_linkpoint_form($txnid);
//  print theme('page', $output);
//
//}


/**
* Build the credit card form.
*/
function ec_linkpoint_form($txnid) {
  global $user, $base_url;

  $t = store_transaction_load($txnid);

  // Make sure the user owns the transaction or is an admin.
  if ($user->uid != $t->uid && $user->uid != 1  && !user_access('administer store')) {
    return drupal_access_denied();
  }

  // Make sure the user is connected via SSL by checking the URL for https prefix

  if (!$_SERVER['HTTPS']) {
    drupal_access_denied();
    return;
  }

//not sure this code is correct???
//  if ($t->items) {
//    foreach ($t->items as $p) {
//      $product = product_load($p);
//      $subtotal += $p->qty * $p->price;
//      $items[] = t('%order of <b>%title</b> at %price each', array('%order' => format_plural($p->qty, '1 order', '@count orders'), '%title' => $p->title, '%price' => payment_format($product->price))). "\n";
//    }
//  }
//
//code from authorize.net
  if ($t->items) {
    foreach ($t->items as $p) {
      $subtotal += $p->qty * $p->price;
      $items[] = t('%order of <b>%title</b> at %price each', array('%order' =>
        format_plural($p->qty, '1 order', '@count orders'), '%title' => $p->title,
        '%price' => payment_format($p->price)));
    }
  }

 
  $form['help'] = array('#value' => t('<div class="help">%ec_linkpoint_help</div>', array('%ec_linkpoint_help' => variable_get('ec_linkpoint_help', ec_linkpoint_help('ec_linkpoint/form_submit_guidlines')))));

  $form['items'] = array('#value' => theme('item_list', $items, t('Your items')). '</p>');

  // Prepare the values of the form fields.
  // note, linkpoint expecting 2 digit year, will use php substr during xml generation to convert
  $years  = drupal_map_assoc(range(2008, 2021)); 
  $months = drupal_map_assoc(array('01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12'));

  $form['expiry_date'] = array(
    '#type' => 'fieldset',
    '#title' => t('Expiration Date'),
  );
  $form['expiry_date']['cc_month'] = array(
    '#type' => 'select',
    '#title' => t('Month'),
    '#default_value' => ($month ? $month : date('m')),
    '#options' => $months,
    '#description' => null,
    '#extra' => 0,
    '#multiple' => false,
    '#required' => true,
  );
  $form['expiry_date']['cc_year'] = array(
    '#type' => 'select',
    '#title' => t('Year'),
    '#default_value' => ($year ? $year : date('Y')),
    '#options' => $years,
    '#description' => null,
    '#extra' => 0,
    '#multiple' => false,
    '#required' => true,
  );

  $form['details'] = array(
    '#type' => 'fieldset',
    '#title' => t('Card details'),
  );

  $form['details']['cc_firstname'] = array(
    '#type' => 'textfield',
    '#title' => t('Cardholder\'s first name'),
    '#default_value' => $t->address['billing']->firstname,
    '#size' => 50,
    '#maxlength' => 50,
  );

  $form['details']['cc_lastname'] = array(
    '#type' => 'textfield',
    '#title' => t('Cardholder\'s last name'),
    '#default_value' => $t->address['billing']->lastname,
    '#size' => 50,
    '#maxlength' => 50,
  );

  $form['details']['cc_number'] = array(
    '#type' => 'textfield',
    '#title' => t('Credit Card Number'),
    '#default_value' => '',
    '#size' => 21,
    '#maxlength' => 21,
    '#description' => t('Just the credit card number without dashes nor spaces'),
    '#attributes' => null,
    '#required' => true,
  );

  $form['details']['cc_ccv'] = array(
    '#type' => 'textfield',
    '#title' => t('CCV Security Code'),
    '#description' => t('Three digit number on back of card'),
    '#size' => 3,
    '#maxlength' => 3,
    '#required' => true,
  );

  $form['txnid'] = array(
    '#type' => 'value',
    '#value' => $txnid,
  );

  $form['submit'] = array(
    '#type' => 'submit',
    '#value' => t('Place your order'),
  );

  $form['#method'] = 'POST';
//  added option to configuration, httpsforce, if disabled don't use https
//  ??????  need to put an if/then here
  $form['#action'] = str_replace('http://', 'https://', url("store/payment/ec_linkpoint/$txnid", NULL, NULL, TRUE));
  return $form;
}


/**
* Ensure the integrity of the user-submitted data.
*/
// we may want to go further here and make sure
// the credit card is a credit card number and 
// the username and other information makes sense...
//
// some things the XML needs to have...
//   1. Make sure the amount for chargetotal is not blank.
//   2. Make sure expiration year is only 2 digits
//   3. Make sure there is no dollar sign for the amount.
//   4. Make sure there are no symbols like an ampersand, apostrophe, or letters with accents
//   5. If there is no shipping make sure you pass zero for the amount
//   6. Make sure there are no commas in the amount for chargetotal
//
function ec_linkpoint_form_validate($form_id, $edit) {
  $errors = array();
  if (!$edit['cc_number']) {
    $errors['cc_number'] = t('You must enter a credit card number.');
  }
  elseif (!is_numeric($edit['cc_number'])) {
    $errors['cc_number'] = t('Error in credit card number. Please make sure it is typed correctly and without dashes nor spaces.');
  }
  // sanity check that the credit card number is not to small of a number, 
  // usually 16 characters like 41111111111111
  // could do by length, but since its a number we could just simply do a greater than hack...
  elseif ($edit['cc_number']<100000000) {
    $errors['cc_number'] = t('Check you credit card number, seems to be to small.');
  }
  // while we are at it, we can also say the CCV number should be numeric and not to small
  elseif (!is_numeric($edit['cc_ccv']))  {
    $errors['cc_ccv'] = t('Check your CCV security code, expecting a number without spaces nor dashes.');
  }
  // and that CCV is not to small of a number
  elseif ($edit['cc_ccv'] < 10) {
    $errors['cc_ccv'] = t('Check your CCV security code, seems to be to small of a number.');
  }
  // ? Card Holders first name should not be blank and a least a few characters long...
  //   if so another elseif here?
  // ??? Cardholders last name should not be blank and a least a few characters long...
  //   if so another elseif here?


  foreach ($errors as $name => $message) {
    form_set_error($name, $message);
  }

  return count($errors) == 0;
}

/**
* Send the HTTPS POST request and process the returned data.
*
*  similar to uc_linkpoint_api_charge for ubercart ?
*
*/
function ec_linkpoint_form_submit($form_id, $edit) {

  // we need to get the order information to make our xml for curl
  // can use store_transacton_load from drupal ecommerce store module
  // http://ecommerce.heydon.com.au/api/function/store_transaction_load/53
  // could some data in load may be serialized requiring unserialize() ???
  $storeOrder = store_transaction_load($edit['txnid']);

  global $user;
  global $base_url;

  //Make sure the user owns the transaction or is admin.
  if ($user->uid != $storeOrder->uid && $user->uid != 1 && !user_access('administer store')) {
    drupal_access_denied();
  }

  //Make sure the user is connected via SSL
  if (!$_SERVER['HTTPS']) {
    drupal_access_denied();
  }

  // default result is live, but if debug change to GOOD
  $linkptResult = 'LIVE';
  
  if (variable_get('ec_linkpoint_debug', 1)) {
    $linkptResult = 'GOOD';
  }

  $d['cert'] = variable_get('ec_linkpoint_ssl_certificate', '');


  // build order description to pass in comment to linkpoint xml 
  $orderdescript = '';

  // need some code here to generate a brief description of order
  // to pass to linkpoint comment in the generated xml  ??????????????
  // maybe we can use something like items[] array  in ec_linkpoit_form function ?

  // makesure it is less than 255 characters
  $orderdescript = substr($orderdescript, 0, 255);


// ***********************************************
//  Creaton of the XML string to send to linkpoint
// ***********************************************
// note, added address2/street2 to old code
// note, added PREAUTH/SALE choice to ordertype
 
  $xml ="<order>";

  $xml .="<billing>";
  $xml .="<name>" . $edit['cc_firstname'] . " " . $edit['cc_lastname'] ."</name>";
  $xml .="<company>" . $storeOrder->address['billing']->company . "</company>";
  $xml .="<address1>" . $storeOrder->address['billing']->street1 . "</address1>";
  $xml .="<address2>" . $storeOrder->address['billing']->street2 . "</address2>";
  $xml .="<city>" . $storeOrder->address['billing']->city . "</city>";
  $xml .="<state>" . $storeOrder->address['billing']->state . "</state>";
  $xml .="<zip>" . $storeOrder->address['billing']->zip . "</zip>";
  $xml .="<country>" . store_get_country($storeOrder->address['billing']->country) . "</country>";
  $xml .="<phone>" . $storeOrder->address['billing']->phone . "</phone>";
  $xml .="<email>" . $storeOrder->mail . "</email>";
  $xml .="</billing>";

  $xml .="<shipping>";
  $xml .="<name>" . $storeOrder->address['shipping']->firstname . " " . $storeOrder->address['shipping']->lastname ."</name>";
  $xml .="<address1>" . $storeOrder->address['shipping']->street1 . "</address1>";
  $xml .="<address2>" . $storeOrder->address['shipping']->street2 . "</address2>";
  $xml .="<city>" . $storeOrder->address['shipping']->city . "</city>";
  $xml .="<state>" . $storeOrder->address['shipping']->state . "</state>";
  $xml .="<zip>" . $storeOrder->address['shipping']->zip . "</zip>";
  $xml .="<country>" . store_get_country($storeOrder->address['shipping']->country) . "</country>";
  $xml .="</shipping>";

  $xml .="<orderoptions>";
  $xml .="<result>" . $linkptResult . "</result>";
  $xml .="<ordertype>" . variable_get('ec_linkpoint_ordertype', '') . "</ordertype>";
  $xml .="</orderoptions>";

  $xml .="<merchantinfo>";
  $xml .="<configfile>" . variable_get('ec_linkpoint_login', '') . "</configfile>";
  $xml .="</merchantinfo>";

  $xml .="<creditcard>";
  // something screwy, don't clarify edit array.... and works.. my bad syntax...
  //$xml .="<cardnumber>" . $edit['details']['cc_number'] . "</cardnumber>";
  $xml .="<cardnumber>" . $edit['cc_number'] . "</cardnumber>";
  //$xml .="<cardexpmonth>" . $edit['expiry_date']['cc_month'] . "</cardexpmonth>";
  $xml .="<cardexpmonth>" . $edit['cc_month'] . "</cardexpmonth>"; 
  // linkpoint expecting two digit year, 
  // thus php substr to return 2 characters starting at positon 2 the 3rd characer
  //$xml .="<cardexpyear>" . substr($edit['expiry_date']['cc_year'],2,2) . "</cardexpyear>";
  $xml .="<cardexpyear>" . substr($edit['cc_year'],2,2) . "</cardexpyear>";
  //$xml .="<cvmvalue>" . $edit['details']['cc_cvv'] . "</cvmvalue>";
  $xml .="<cvmvalue>" . $edit['cc_ccv'] . "</cvmvalue>";
  // not sure about cvmindicator, other implementations have $cvmindicator but from where?
  $xml .="<cvmindicator>provided</cvmindicator>";
  $xml .="</creditcard>";

  $xml .="<payment>";
  $xml .="<chargetotal>" . $storeOrder->gross . "</chargetotal>";
  $xml .="</payment>";

  $xml .="<transactiondetails>";
  $xml .="<transactionorigin>ECI</transactionorigin>";
  $xml .="<oid>" . $edit['txnid'] . "</oid>";
  $xml .="<ip>" . $_SERVER['REMOTE_ADDR'] . "</ip>";
  $xml .="</transactiondetails>";

  $xml .="<notes>";
  $xml .="<comments>" . $orderdescript . "</comments>";
  $xml .="</notes>";


  $xml .="</order>";


// Start CURL session
 $ch = curl_init();
  // set our options to be used by curl session, like the website and that we are posting
  curl_setopt($ch, CURLOPT_URL, variable_get('ec_linkpoint_url', 'https://secure.linkpt.net:1129/LSGSXML'));
  curl_setopt($ch, CURLOPT_POST, 1);
  curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
  curl_setopt($ch, CURLOPT_SSLCERT, $d['cert']);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
// not sure we need want this line?
//  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); // this line is used to fix errors on some systems
// Some other implementations include the CURLOPT_VERBOSE setting
//  curl_setopt($ch, CURLOPT_VERBOSE, 0);
//
// now we have the curl session initiated and have set options, 
// next we do the buffer to execute
$buffer = curl_exec($ch);
  if (curl_errno($ch)) {
    // oops the conection did not go correctly... 
    // use if/then to check debug setting to see how to report
    if (variable_get('ec_linkpoint_debug', 0)) {
      //debug set so we display error to screen 
      drupal_set_message(curl_error($ch),'error');
    } else {
      //debug not set, so let viewer know we could not connect, but do not dispaly why
      drupal_set_message(t('Sorry - Could not connect to payment gateway.'),'error');
    }
    // we can also let the watchdog know about unable to connect to gateway
    watchdog('ec_linkpoint', curl_error($ch), WATCHDOG_ERROR);
    // return to next web page.... 
    return str_replace('http://', 'https://', $base_url) . url('store/payment/ec_linkpoint/'. $edit['txnid']);
  } else {
    // hopefully we had a good connect to gateway so now we close curl connection
    curl_close($ch);
  }


  // use php preg_match_all to perform a global regular expression match...
  // preg_set_order tells it to order results to that $outara[0] is an array of the 
  // first set of matches, $outarra[1] is an array of the second set and so on...
  preg_match_all ("/<(.*?)>(.*?)\</", $buffer, $outarr, PREG_SET_ORDER);

  // loop through arrray to strip HTML and PHP tags from $outarr 
  // and create array $retarr with the LinkPoint information
  $n = 0;
  while (isset($outarr[$n])) {
    $retarr[$outarr[$n][1]] = strip_tags($outarr[$n][0]);
    $n++;
  }


// We can take a moment here to create some strings 
// like concatenating returns for approval,
$approval_text = "status: " . $retarr['r_approved'];
$approval_text .= "approval code: " . $retarr['r_code'];
$approval_text .= " " . $retarr['r_message'];


// our array $retarr has the information from LinkPoint
// now we can do a case switch to act upon the results
//
// for inside the array 'r_approved'
// if the value of r_aproved is exactly "APPROVED" then...
// we are approved so take appropriate action
//
//   fyi, make sure we give them the approval code somewhere..... ????
//
  switch ($retarr['r_approved']) {

    case "APPROVED": // Credit card successfully processed (depends if SALE or AUTH for how)

      // if we have debug enabled....
      if ((!$retarr['r_ordernum']) && (!variable_get('ec_linkpoint_debug', 1))) {
        drupal_set_message(t('No ordernumber received from Linkpoint'),'error');
      }
      $storeOrder->anid      = $retarr['r_ordernum'];
      $storeOrder->amount    = $t->gross;
      $storeOrder->payment_status = payment_get_status_id('completed');
      $storeOrder->payment_method = 'ec_linkpoint';

      // unset some credit card information like cc_number to prevent accidently saving elsewhere
      // ?????????????????????????????????????????????
      //unset($edit['details']['cc_ccv']);
      //unset($edit['details']['cc_number']); 

      $is_new = (db_result(db_query('SELECT COUNT(txnid) FROM {ec_linkpoint_transaction} WHERE txnid = %d', $edit['txnid']))) ? false : true;

      $txnid = store_transaction_save((array)$storeOrder);

      if ($is_new && $txnid) {
        // Compose and send confirmation email to the user
        store_send_invoice_email($txnid);
      }

      // note if we are PREAUTH it was approved, but if we are SALE, it was charged.
       if (variable_get('ec_linkpoint_ordertype', '')=="SALE") {
           drupal_set_message("Credit card was charged: $approval_text <br> You will also receive confirmation by email.");
       } else {
           drupal_set_message("Credit card was approved: $approval_text <br> You will also receive confirmation by email.");
       }

      $url=trim(variable_get('ec_linkpoint_success_url', ''));
      if ($url) {
        // We want to go to a http, not https.
        return str_replace('https://', 'http://', $base_url). '/' . $url;
      } else {
        return str_replace('https://', 'http://', $base_url). '/store/transaction/view/' . $edit['txnid'];
      }
      break;


// for this case switch, default, the above was not matched, r_approved did not have "APPROVED" 
// so then we failed... so default is card not chared, but why?
// the approach is to do another case switch for default to handle the not approved situation....
   default: // Credit card error: card was not charged.

      // this case switch sets $error to be displayed for customer from earlier array saved when declined
      // using the varialbe set for How to format error message if card is not accepted
      // from beginning of this module:
      //  define('LINKPOINT_ERROR_SHORT_VIEW', 0);
      //  define('LINKPOINT_ERROR_MEDIUM_VIEW', 1);
      //  define('LINKPOINT_ERROR_LARGE_VIEW', 2);
      //
      switch (variable_get('ec_linkpoint_format_not_accepted',0)) {
        case 0:
          // short view of returned error
          // instead of APPROVED, something else is sent for this value by linkpoint
          $error=$retarr['r_approved'];
          break;
        case 1:
          // medium view of returned error
          // use preg_replace blank for part of r_error to shortn ?
          $error=preg_replace('/^(.*?: )/','',$retarr['r_error']);
          break;
        case 2:
          // large view of returned error
          $error=$retarr['r_error'];
          break;
      }

      // If we have an error message include it.. else generic decline message
      if (variable_get('ec_linkpoint_debug', 0)) {
         //debug set so we display error and xml to screen
         drupal_set_message('Debug, Your card was not billed. The following error was received:<br>' . $error . '<br>The following xml for gateway was used:<br>' . $xml,'error');
      } elseif ((is_string($error)) && ($error != '')){
          drupal_set_message('Your card was not billed. The following error was received:<br>' . $error, 'error');
      } else {
          drupal_set_message('Your card was not billed. Apologies but the transaction did not complete.', 'error');
      }


      // Log the error also to watchdog?
      // note ??? the userlink in log does not work.... to be fixed? seems same as authorize.net contrib ?
      watchdog('ec_linkpoint', t('Linkpoint payment error for transaction %txnid for user %user_link, response: %lverror', array('%txnid' => $edit['txnid'], '%user_link' => l($storeOrder->uid, 'user/'. $storeOrder->uid), '%lverror' => $retarr['r_error']),WATCHDOG_ERROR, l(t('view'), 'admin/store/transaction')));

      return str_replace('http://', 'https://', $base_url) . url('/store/payment/ec_linkpoint/'. $edit['txnid']);
      break;
  }
}


// eof
?>