modules/quickpay/quickpay.module

<?php
// $Id: quickpay.module,v 1.5 2009/10/03 09:21:27 xen Exp $

define('QUICKPAY_VERSION', '3');
/**
 * Implementation of hook_menu().
 */
function quickpay_menu() {
  $items['quickpay'] = array(
    'title' => 'QuickPay callback page',
    'page callback' => 'quickpay_callback',
    'page arguments' => array(1),
    'access callback' => TRUE,
    'type' => MENU_CALLBACK,
  );

  $items['quickpay_popdown'] = array(
    'title' => 'QuickPay popdown page',
    'page callback' => 'quickpay_popdown',
    'page arguments' => array(1, 2),
    'access callback' => 'variable_get',
    'access arguments' => array('quickpay_hosted_popup', TRUE),
    'type' => MENU_CALLBACK,
  );

  return $items;
}

/**
 * Returns a list of all quickpay supported payment methods.
 */
function quickpay_all_cards() {
  static $cards;
  if (!$cards) {
    $cards = array();
    $tmp =  "dan:Dankort:dan.jpg
edan:eDankort:edan.jpg
visa:Visa:visa.jpg
visael:Visa Electron:visaelectron.jpg
mastercard:Mastercard:mastercard.jpg
maestro:Maestro:maestro.gif
jcb:JCB:jcb.jpg
din:Diners:diners.jpg
amex:American Express:amexpress.jpg
danskebank:Danske Netbetaling:danskebank.jpg
nordea:Nordea Netbetaling:nordea.jpg
ff:Forbrugsforeningen:forbrugsforeningen.gif
ikano:Ikano:ikano.jpg";
    foreach (explode("\n", $tmp) as $card) {
      list($key, $name, $img) = explode(':', $card);
      $cards[$key] = array('name' => t($name),
                           'image' => drupal_get_path('module', 'quickpay') .
                           '/images/' . $img);
    }
  }
  return $cards;
}

function quickpay_cards($list) {
  return array_intersect_key(quickpay_all_cards(), array_flip($list));
}

function quickpay_settings_form() {
  $form['quickpay_merchant'] = array(
    '#type' => 'textfield',
    '#title' => t('Merchant number'),
    '#description' => t('Merchant id as shown in the QuickPay admin. NOTE: <em>not</em> PBS id'),
    '#default_value' => variable_get('quickpay_merchant', ''),
    '#required' => TRUE,
  );

  $form['quickpay_secret'] = array(
    '#type' => 'textfield',
    '#title' => t('MD5 secret'),
    '#description' => t('MD5 secret as shown in the Quickpay admin.'),
    '#default_value' => variable_get('quickpay_secret', ''),
    '#required' => TRUE,
  );

  $form['quickpay_order_prefix'] = array(
    '#type' => 'textfield',
    '#title' => t('Order id prefix'),
    '#description' => t('Prefix for order ids. Order ids must be uniqe when sent to QuickPay, use this to resolve clashes.'),
    '#default_value' => variable_get('quickpay_order_prefix', ''),
    '#element_validate' => array('quickpay_order_prefix_validate'),
  );

  $options = array();
  foreach (quickpay_cards(array('dan', 'visa', 'visael', 'mastercard',
                                'maestro', 'jcb', 'din', 'amex', 'ff',
                                'ikano')) as $key => $card) {
    $options[$key] = theme('image', $card['image']) . '&nbsp;' . $card['name'];
  }

  $form['quickpay_accepted_cards'] = array(
    '#type' => 'checkboxes',
    '#title' => t('Accepted payment methods'),
    '#description' => t('Which cards or other payment methods to show as accepted in the block. NOTE: Some require special agreements.'),
    '#default_value' => variable_get('quickpay_accepted_cards', array('dan')),
    '#options' => $options,
  );

  $form['hosted'] = array(
    '#type' => 'fieldset',
    '#title' => t('Payment window options'),
  );

  $form['hosted']['quickpay_hosted_popup'] = array(
    '#type' => 'checkbox',
    '#title' => t('Use popup'),
    '#default_value' => variable_get('quickpay_hosted_popup', TRUE),
    '#description' => t('Whether to show the credit card from in a popup window.'),
  );

  // FIXME: Remove, not used anymore.
  $form['hosted']['quickpay_hosted_link_message'] = array(
    '#type' => 'textfield',
    '#title' => t('Link page message'),
    '#default_value' => variable_get('quickpay_hosted_link_message',
                                     'In order to complete the payment, continue to QuickPay to enter your credit card information.'),
    '#description' => t('The message displayed on the page before sending the customer to QuickPays credit card form. Subject to translation.')
  );

  $languages = array('da' => t('Danish'), 'en' => t('English'),
                     'no' => t('Norwegian'), 'se' => t('Swedish'));
  // FIXME: work together with i18n
  $form['hosted']['quickpay_hosted_language'] = array(
    '#type' => 'select',
    '#title' => t('Language'),
    '#description' => t('The language for the credit card form.'),
    '#options' => $languages,
    '#default_value' => variable_get('quickpay_hosted_language', 'en'),
  );

  $form['hosted']['quickpay_hosted_link_button'] = array(
    '#type' => 'textfield',
    '#title' => t('Link button text'),
    '#default_value' => variable_get('quickpay_hosted_link_button',
                                     'Continue to QuickPay'),
    '#description' => t('Text of the button to open the credit card form. Subject to translation.')
  );

  return $form;
}

function quickpay_order_prefix_validate($element, &$form_state) {
  if (!preg_match('/^[a-zA-Z0-9]{0,15}$/', $element['#value'])) {
    form_error($element, t('Order prefix must only contain alphanumerics and no longer than 15 characters.'));
  }
}

function quickpay_api_success_message($txn) {
  if ($txn->uid == 0) {
    $message = variable_get('quickpay_api_success_message', 'Payment completed, we will process your order as soon as possible. Your order number: %id');
    if ($message != '<none>')
      return t($message);
  } else {
    $message = variable_get('quickpay_api_success_message', 'Payment completed, we will process your order as soon as possible. Your order number: %id');
    if ($message != '<none>')
      return t($message, array('!uid' => $txn->uid,
                               '!transaction_id' => $txn->txnid));
  }
  return NULL;
}

/**
 * Implementation of hook_simpletest().
 */
function quickpay_simpletest() {
  $dir = drupal_get_path('module', 'quickpay'). '/tests';
  $tests = file_scan_directory($dir, '\.test$');
  return array_keys($tests);
}

function quickpay_block($op = 'list', $delta = 0, $edit = array()) {
  switch($op) {
  case 'list':
    $blocks[0] = array('info' => t('Shows QuickPay supported payment methods.'));
    return $blocks;
  case 'configure':
  case 'save':
    return;
  case 'view':
    $block = array('subject' => t('We accept'),
                   'content' => theme('quickpay_cards', quickpay_supported_cards()));
    return $block;
  }
}

/**
 * Returns a list of the cards that the shop is configured for.
 */
function quickpay_supported_cards() {
  return quickpay_cards(variable_get('quickpay_accepted_cards', array('dan')));
}

function quickpay_theme() {
  return array(
    'quickpay_cards' => array(
      'arguments' => array('cards' => array()),
    ),
  );
}


function theme_quickpay_cards($cards) {
  drupal_add_css(drupal_get_path('module', 'quickpay') . '/quickpay.css');
  $output = "<div class='quickpay-cards'>";
  $i = 1;
  foreach ($cards as $card) {
    $output .= theme('image', $card['image'], $card['name'], $card['name'],
                     array('class' => 'card-' . $i++), TRUE);
  }
  $output .= '</div>';
  return $output;
}

/**
 * Callback page.
 * Modules implementing hook_quickpay_callback should return NULL if not
 * handled, and TRUE or FALSE if the transaction was handled successfully
 * or not.
 *
 * In most cases there should only be one module implementing
 * hook_quickpay_callback, but implementations should never the less
 * check whether the transaction is one they created by checking
 * whether the id corresponds to an active transaction.
 */
function quickpay_callback($id) {
  $args = func_get_args();
  $transaction = quickpay_from_callback();
  if (!$transaction) {
    // quickpay_from_callback already logged it.
    drupal_access_denied();
    return;
  }

  // Let the first module that returns !NULL handle it.
  foreach (module_implements('quickpay_callback') as $module) {
    if (module_invoke($module, 'quickpay_callback', $id, $transaction, $args)
        !== NULL)
      break;
  }
}

/**
 * The popup closer.
 *
 * Modules implementing hook_quickpay_popdown should return an url to
 * redirect to if they accepted handling the transaction, or
 * NULL/FALSE if not.
 *
 * In most cases there should only be one module implementing this
 * hook, but implementations should never the less check whether the
 * transaction is one they created by checking whether the id
 * corresponds to an active transaction.
 */
function quickpay_popdown($id, $status) {
  if ($status != 'success') {
    $status == 'cancel';
  }

  // Let the first module that returns an url handle it.
  foreach (module_implements('quickpay_popdown') as $module) {
    if ($url = module_invoke($module, 'quickpay_popdown', $id, $status))
      break;
  }
  if ($url) {
    echo '<html><head>
<script type="text/javascript">
<!--
opener.location = "' . $url . '";
self.close();
// -->
</script></head><body></body></html>';
    return NULL;
  } else
    drupal_access_denied();
}

/**
 * Returns the form for redirecting users to quickpay.
 */
function quickpay_hosted_form($amount, $currency, $order_id, $form_id, $continue_url,
                              $cancel_url, $callback_url) {
  $md5_order = array(
    'protocol',
    'msgtype',
    'merchant',
    'language',
    'ordernumber',
    'amount',
    'currency',
    'continueurl',
    'cancelurl',
    'callbackurl',
    'autocapture',
    'cardtypelock',
    'description',
    'ipaddress',
    'testmode',
  );

  // Required variables.
  $data['protocol'] = "3";
  $data['msgtype'] = "authorize"; // TODO: support subscribe.
  $data['merchant'] = variable_get('quickpay_merchant', '');
  // FIXME: work together with i18n/locale
  $data['language'] = variable_get('quickpay_hosted_language', 'en');
  $prefix = variable_get('quickpay_order_prefix', '');
  $data['ordernumber'] = $prefix . $order_id;
  // Ensure that Order number is at least 4 characters.
  if (strlen($data['ordernumber']) < 4) {
    $data['ordernumber'] = $prefix . substr('0000' . $order_id,
                                            -4+strlen($prefix));
  }
  list($amount, $currency) =
    _quickpay_validate_amount($amount, $currency);
  if (!$currency) {
    // FIXME: better error handling.
    drupal_set_message(t('Internal error.'), 'error');
    drupal_not_found();
    return;
  }
  $data['amount'] = $amount;
  // FIXME: any other option than using default currency?
  $data['currency'] = $currency;
  $data['continueurl'] = $continue_url;
  $data['cancelurl'] = $cancel_url;
  // End of required variables.
  $data['callbackurl'] = $callback_url;

  // FIXME: should depend on whether order needs shipping, which means that
  // the caller need to specify it.
  $data['autocapture'] = '0';

  // Other possible variables:
  // $data['cardtypelock'];
  // $data['description'];
  // $data['ipaddress'];
  // $data['testmode'];
  // $data['CUSTOM_*'];

  $md5_string = "";
  foreach ($md5_order as $field) {
    $md5_string .= $data[$field];
  }
  $data['md5check'] = md5($md5_string . variable_get('quickpay_secret', ''));

  $form['#method'] = 'POST';
  // FIXME: Make quickpay.php url settable?
  $form['#action'] = 'https://secure.quickpay.dk/form/';

  foreach ($data as $name => $value) {
    $form[$name] = array('#type' => 'hidden', '#value' => $value);
  }

  $form['submit'] =
    array('#type' => 'submit',
          '#value' => t(variable_get('quickpay_hosted_link_button',
                                     'Continue to QuickPay')),
    );
  // The oddity of setting the return urls by JavaScript, ensures that
  // we're only using the JavaScript requiring popdown page if JavaScript is
  // enabled.
  // This assumes that the module implements hook_quickpay_popdown.
  // And we need to recalculate the md5 sum as the data changed.
  $data['continueurl'] = url('quickpay_popdown/' . $order_id . '/success', array( 'absolute' => TRUE));
  $data['cancelurl'] = url('quickpay_popdown/' . $order_id . '/cancel', array('absolute' => TRUE));
  $md5_string = "";
  foreach ($md5_order as $field) {
    $md5_string .= $data[$field];
  }
  $data['md5check'] = md5($md5_string . variable_get('quickpay_secret', ''));
  // Interpolation of arrays in strings is iffy. Lets just use regular scalars.
  $continueurl = $data['continueurl'];
  $cancelurl = $data['cancelurl'];
  $md5check = $data['md5check'];
  if (variable_get('quickpay_hosted_popup', TRUE)) {
    $js = <<<EOF
      $(document).ready(function() {
          $('#$form_id').submit(function() {
              var left = (screen.width) ? (screen.width-670)/2 : 0;
              var top = (screen.height) ? (screen.height-500)/2 : 0;
              $(this).find('#edit-continueurl').val('$continueurl');
              $(this).find('#edit-cancelurl').val('$cancelurl');
              $(this).find('#edit-md5check').val('$md5check');
              window.open('','quickpay_payment', 'top=' + top + ',left=' + left + ',height=500,width=670,scrollbars=yes,toolbars=no,statusbar=yes,location=0');
              $(this).attr('target', 'quickpay_payment');
              return true;
            });
        });
EOF;
    drupal_add_js($js, 'inline');
  }
  return $form;
}

/**
 * Helper function returns all supported currencies.
 */
function quickpay_supported_currencies() {
  return array_keys(_quickpay_currencies());
}


// --- Core API functions ---

function quickpay_successful($txn) {
  if ($txn === FALSE) {
    return FALSE;
  }
  return $txn['qpstat'] == '000';
}
/**
 * Returns whether a given transaction was successful or not.
 * Use this to check a transaction, it returns 'success' when successful,
 * 'failed' if the transaction was rejected, 'error' on errors and 'unknown'
 * if the transaction had an unknown return code.
 */
function quickpay_result($txn) {
  if ($txn === FALSE) {
    return 'error';
  }
  switch ($txn['qpstat']) {
  case '000': // Accepted
    return 'success';
    break;
  case '001': // Rejected
  case '003': // Expired
  case '008': // Bad parameters sent to quickpay (could be user error)
    // Handled as failed.
    return 'failed';
    break;
  case '002': // Communication error
  case '004': // Wrong status (not authorized)
  case '005': // Authorization expired
  case '006': // Error at PBS
  case '007': // Error at QuickPay
    // All these are handled as internal error.
    return 'error';
  default:
    return 'unknown';
  }
}

/**
 * Fetches a transaction from $_POST, in the way callbackurl is called.
 *
 * Primarily for internal use.
 *
 * @return array the transaction.
 */
function quickpay_from_callback() {
  static $md5_order = array(
    'msgtype',
    'ordernumber',
    'amount',
    'currency',
    'time',
    'state',
    'qpstat',
    'qpstatmsg',
    'chstat',
    'chstatmsg',
    'merchant',
    'merchantemail',
    'transaction',
    'cardtype',
    'cardnumber',
  );

  // Check that it validates.
  $md5_string = "";
  foreach ($md5_order as $field) {
    $md5_string .= $_POST[$field];
  }
  if (md5($md5_string . variable_get('quickpay_secret', '')) !=
          $_POST['md5check']) {
    watchdog('quickpay', 'Transaction callback md5 didn\'t verify.',
             array(), WATCHDOG_ERROR);
    return NULL;
  }

  $txn = array();
  $fields = array('amount', 'time', 'ordernumber', 'pbsstat', 'qpstat',
                  'qpstatmsg', 'merchantemail', 'merchant', 'currency',
                  'cardtype', 'transaction', 'cardnumber');
  foreach ($fields as $field) {
    $txn[$field] = $_POST[$field];
  }

  // Reverse amount
  if ($txn['amount'] and $txn['currency']) {
    list($txn['amount'], $txn['currency']) =
      _quickpay_reverse_currency($txn['amount'], $txn['currency']);
    if (!$txn['amount'])
      return NULL;
  }
  return $txn;
}

/**
 * Attempt payment authorization.
 *
 * When a payment is authorized, it is reserved in the customers
 * account for later withdrawal using quickpay_capture(). Payment can
 * be cancelled with quickpay_cancel().
 *
 * Autocapture allows for transferring the money immediately, but is
 * only allowed for merchants where the customer gets the goods strait
 * away, like music downloads and online services. Goods that will be
 * shipped to the customer must first be captured when the goods are
 * shipped.
 *
 * For subscriptions use quickpay_recurring() instead.
 *
 * @see quickpay_capture()
 * @see quickpay_cancel()
 * @see quickpay_recurring()
 * @see _quickpay_request()
 * @see _quickpay_carddata()
 *
 * @param array $carddata
 *   Customer card data, as expected by _quickpay_carddata()
 * @param mixed $orderid
 *   order id, must be unique alphanummeric and underscore only.
 * @param mixed $amount
 *   the amount to charge the customer
 * @param string $currency
 *   the currency, NULL for default
 * @param boolean $autocapture
 *   whether to capture the transaction immediately
 * @return
 *   result from _quickpay_request()
 */
function quickpay_authorize($carddata, $orderid, $amount, $currency = NULL,
                            $autocapture = FALSE) {
  $request_data = _quickpay_carddata($carddata);
  list($request_data['amount'], $request_data['currency']) =
       _quickpay_validate_amount($amount, $currency);
  if (!$request_data['amount'])
    return FALSE;
  $request_data['autocapture'] = $autocapture ? '1' : '0';
  $request_data['ordernumber'] = variable_get('quickpay_order_prefix', '') .
    $orderid;
  return _quickpay_request('authorize', $request_data);
}

/**
 * Attempt authorization on subscription payment.
 *
 * As quickpay_authorize, but for payments set up using
 * quickpay_subscribe().  Payment still needs to be withdrawn using
 * quickpay_capture() or cancelled with quickpay_cancel().
 *
 * See quickpay_authorize() for details on common parameters.
 *
 * @see quickpay_subscribe()
 * @see quickpay_capture()
 * @see quickpay_cancel()
 * @see quickpay_authorize()
 *
 * @param array $txn
 *   the result of a previous subscribe transaction. Only
 *   the 'transaction' key is used
 *
 * @param string $orderid
 *   the order id
 * @param mixed $amount
 *   the amount to charge
 * @param string $currency
 *   the currency to charge in
 * @param boolean $autocapture
 *   whether to capture immediately
 * @return
 *   result from _quickpay_request()
 */
function quickpay_recurring($txn, $orderid, $amount, $currency = NULL, $autocapture = FALSE) {
  $request_data = array('transaction' => $txn['transaction']);
  list($request_data['amount'], $request_data['currency']) =
       _quickpay_validate_amount($amount, $currency);
  if (!$request_data['amount'])
    return FALSE;
  $request_data['autocapture'] = $autocapture ? '1' : '0';
  $request_data['ordernumber'] = variable_get('quickpay_order_prefix', '') .
    $orderid;
  return _quickpay_request('recurring', $request_data);
}

/**
 * Capture an authorized payment.
 *
 * Attempts to transfer the meoney from the customers account to the
 * merchants.  Can charge less that specified in the authorization,
 * but not more.
 *
 * @param $txn
 *   the previously authorized transaction
 * @param
 *   $amount the amount to transfer
 * @return
 *   result from _quickpay_request()
 */
function quickpay_capture($txn, $amount) {
  $request_data = array('transaction' => $txn['transaction']);
  list($request_data['amount'], $dummy) =
    _quickpay_validate_amount($amount, $txn['currency']);
  return _quickpay_request('capture', $request_data);
}

function quickpay_subscribe($carddata, $orderid, $description) {
  $request_data = _quickpay_carddata($carddata);
  $request_data['description'] = $description;
  $request_data['ordernumber'] = variable_get('quickpay_order_prefix', '') .
    $orderid;
  return _quickpay_request('subscribe', $request_data);
}

/**
 * Cancel a transaction.
 * Cancels the authorization and erases the transaction without transferring
 * any money,
 * @param $txn the transaction to be cancelled
 */
function quickpay_cancel($txn) {
  $request_data = array('transaction' => $txn['transaction']);
  return _quickpay_request('cancel', $request_data);
}

function quickpay_refund($txn, $amount) {
  $request_data = array('transaction' => $txn['transaction']);
  list($request_data['amount'], $dummy) =
    _quickpay_validate_amount($amount, $txn['currency']);
  return _quickpay_request('refund', $request_data);
}

function quickpay_status($txn) {
  $request_data = array('transaction' => $txn['transaction']);
  return _quickpay_request('status', $request_data);
}

// --- Internal functions ---

/**
 * Currencies and their multipliers. Internal use only.  Used by other
 * functions as a central place for currency information.
 */
function _quickpay_currencies() {
  static $currencies = array('DKK' => 100, 'USD' => 100, 'EUR' => 100,
                             'GBP' => 100);
  return $currencies;
}

/**
 * Utility function to convert a $carddata object/array to a proper
 * request array. Internal use only.  Card data is an array/object
 * with the following keys/properties:
 *
 * * number: the card number
 * * exp_month: expiration month
 * * exp_year: expriration year
 * * cvd: card verification number
 */
function _quickpay_carddata($carddata) {
  $carddata = (array) $carddata;
  return array('cardnumber' => $carddata['number'],
               'expirationdate' => sprintf('%02d%02d', $carddata['exp_year'],
                                          $carddata['exp_month']),
               'cvd' => $carddata['cvd']);
}

/**
 * Executes a request to QuickPay. Internal use only.
 * @param $msg_type the type of message.
 * @param $request_data the contents of the request.
 * @return mixed a response array or FALSE on serious errors.
 */
function _quickpay_request($msg_type, $request_data) {
  if (!is_array($request_data))
    $request_data = (array) $request_data;

  $message = array();
  // Order is impotant here.
  $md5fields =
    array(
          'protocol' => NULL,
          'msgtype' => NULL,
          'merchant' => NULL,
          'ordernumber' => NULL,
          'amount' => NULL,
          'currency' => NULL,
          'autocapture' => NULL,
          'cardnumber' => NULL,
          'expirationdate' => NULL,
          'cvd' => NULL,
          'cardtypelock' => NULL,
          'transaction' => NULL,
          'description' => NULL,
          );

  $merchant = variable_get('quickpay_merchant', NULL);
  $secret = variable_get('quickpay_secret', NULL);
  if (!$merchant or !$secret) {
    if (!$merchant)
      _quickpay_error(t('Merchant number not set, transaction failed.'));
    if (!$secret)
      _quickpay_error(t('MD5 secret not set, transaction failed.'));
    return FALSE;
  }

  $request_data['protocol'] = QUICKPAY_VERSION;
  $request_data['msgtype'] = $msg_type;
  $request_data['merchant'] = $merchant;
  foreach ($request_data as $k => $v) {
    $message[$k] = $v;
    if (array_key_exists($k, $md5fields)) {
      $md5fields[$k] = $v;
    }
  }
  $md5fields['secret'] = $secret;
  $message['md5check'] = md5(implode('', $md5fields));
  if (!_quickpay_validate($message)) {
    _quickpay_error(t('Request message didn\'t pass validation.'));
    return FALSE;
  }
  $response = drupal_http_request('https://secure.quickpay.dk/api',
                                  array('Content-Type' =>
                                        'application/x-www-form-urlencoded'),
                                  'POST',
                                  http_build_query($message, FALSE, '&'), 0);
  if ($response->code != 200 or empty($response->data)) {
    _quickpay_error(t('Server returned non-success code or empty result'));
    return FALSE;
  }
  return _quickpay_response($response->data);
}

/**
 * Validates that the request fields is formatted as expected by QuickPay.
 * @param $data Associative array of params.
 * @returns boolean TRUE if the data is valid.
 */
function _quickpay_validate($data) {
  static $fields =
    array(
          'protocol' => '/^3$/',
          'msgtype' => '/^[a-z]+$/',
          'merchant' => '/^[0-9]{8}$/',
          'ordernumber' => '/^[\w_]{4,20}$/',
          'amount' => '/^[0-9]{1,10}$/',
          'currency' => '/^[A-Z]{3}$/',
          'autocapture' => '/^[0-1]{1}$/',
          'cardnumber' => '/^[0-9]{13,19}$/',
          'expirationdate' => '/^[0-9]{4}$/',
          'cvd' => '/^[0-9]{0,4}$/',
          'cardtypelock' => '/^[a-zA-Z,]{0,128}$/',
          'transaction' => '/^[0-9]{1,32}$/',
          'description' => '/^[\w _\-\.]{0,20}$/',
          'md5check' => '/^[a-z0-9]{32}$/',
          'CUSTOM_' => '/^[\w _\-\.]{0,20}$/'
          );

  foreach ($data as $field => $value) {
    // No NULL values please
    if (is_NULL($value)) {
      _quickpay_error(t('%field cannot be NULL', array('%field' => $field)));
      return FALSE;
    } elseif ($fields[$field]) {
      if (!preg_match($fields[$field], $value)) {
        // We're not logging the actual value, as that might be
        // sensitive information
        _quickpay_error(t('%field didn\'t pass validation.',
                          array('%field' => $field)));
        return FALSE;
      }
    } elseif (preg_match('/^CUSTOM_/', $field)) {
      if (!preg_match($fields['CUSTOM_'], $value)) {
        _quickpay_error(t('%field didn\'t pass validation.',
                          array('%field' => $field)));
        return FALSE;
      }
    } else {
      _quickpay_error(t('Unknown %field.',
                        array('%field' => $field)));
      return FALSE;
    }
  }
  return TRUE;
}

/**
 * Parses the XML response from QuickPay into an associative
 * array. Internal use only.
 *
 * The success or failure of the request can be determined with
 * quickpay_successful() or quickpay_result().
 *
 * The array contains all the data from QuickPays response, but their
 * use is discouraged. If you find yourself needing something from the
 * response, please contact the maintainers of this module and tell
 * them what you need and why, so they can implement a proper way to
 * get that data.
 *
 * @param string $response the XML response.
 * @return array associative array
 */
function _quickpay_response($response) {
  // TODO: PHP4 support?
  // Load XML in response into DOM
  $result = array();
  $dom = new DOMDocument;
  $dom->loadXML($response);
  // Find elements en response and put them in an associative array
  $xpath = new DOMXPath($dom);
  $elements = $xpath->query('/response/*');
  foreach ($elements as $cn) {
    // If the element has (real) children - this is the case for status->history and chstatus->entry
    if ($cn->childNodes->length > 1) {
      foreach ($cn->childNodes as $hn) {
        $result[$cn->nodeName][intval($i)][$hn->nodeName] = $hn->nodeValue;
      }
      $i++;
    } else {
      $result[$cn->nodeName] = $cn->nodeValue;
    }
  }

  // Reverse amount
  if ($result['amount'] and $result['currency']) {
    list($result['amount'], $result['currency']) =
      _quickpay_reverse_currency($result['amount'], $result['currency']);
    if (!$result['amount'])
      return NULL;
  }
  return $result;
}

/**
 * Validate currency. Internal use only.
 *
 * Returns the multiplier for the currency or NULL for non-valid
 * currencies.
 *
 * @todo Check up against http://www.iso.org/iso/support/faqs/faqs_widely_used_standards/widely_used_standards_other/currency_codes/currency_codes_list-1.htm
 */
function _quickpay_validate_currency($currency) {
  $currencies = _quickpay_currencies();
  return $currencies[$currency];
}

/**
 * Validates an amount. Internal use only.
 *
 * Returns an array of the amount multiplied to integer, if the currency
 * demands it, and the currency itself.
 * Uses default currency if $currency is NULL.
 * Uses arbitrary precision if available.
 */
function _quickpay_validate_amount($amount, $currency) {
  if (!$currency)
    $currency = variable_get('quickpay_default_currency', NULL);
  $multiplyer = _quickpay_validate_currency($currency);
  if (!$multiplyer)
    return array(FALSE, FALSE);
  return array((function_exists('bcmul') ?
                bcmul($amount, $multiplyer, 0) :
                $amount * $multiplyer), $currency);
}

/**
 * Reverses _quickpay_validate_currency().
 *
 * Used to revert the amount from integer to decimal if the currency
 * requires it. Used to get the original floating point amount from
 * the integer returned by QuickPay.
 */
function _quickpay_reverse_currency($amount, $currency) {
  $multiplyer = _quickpay_validate_currency($currency);
  if (!$multiplyer)
    return array(FALSE, FALSE);
  return array((function_exists('bcdiv') ?
                bcdiv($amount, $multiplyer, 2) :
                $amount / $multiplyer), $currency);
}

/**
 * Log an error, and show it to the user if it's user 1.
 */
function _quickpay_error($string) {
  global $user;
  watchdog('quickpay', $string, array(), WATCHDOG_ERROR);
  // TODO: check user perms instead.
  if ($user->uid == 1)
    drupal_set_message($string, 'error');
}

/**
 * Returns an array that maps state codes to human readable strings.
 */
function _quickpay_state_codes() {
  static $codes = array(
    1 => 'Authorized',
    2 => 'Authorize failed',
    3 => 'Captured',
    4 => 'Capture failed',
    5 => 'Cancelled',
    6 => 'Cancel failed',
    7 => 'Refunded',
    8 => 'Refund failed',
    9 => 'Subscribed',
    10 => 'Subscription failed',
  );
  return $codes;
}

/**
 * Maps qpstat status codes to human readable strings.
 *
 * Returns the string for the given code, or all known state codes if
 * no code was given.
 */
function _quickpay_qpstat_codes($code = NULL) {
  static $codes;
  if (!$codes)
    $codes = array(
      '000' => t('Approved'),
      '001' => t('Rejected by PBS'),
      '002' => t('Communication error'),
      '003' => t('Card expired'),
      '004' => t('Wrong status (not authorized)'),
      '005' => t('Authorization expired'),
      '006' => t('Error at PBS'),
      '007' => t('Error at QuickPay'),
      '008' => t('Errors in parameteres sent to QuickPay'),
    );
  if ($code)
    return $codes[$code];
  else
    return $codes;
}