1 package Business::OnlinePayment;
10 $VERSION = eval $VERSION; # modperlstyle: convert the string into a number
12 # Remember subclasses we have "wrapped" submit() with _pre_submit()
13 my %Presubmit_Added = ();
39 my($class,$processor,%data) = @_;
41 croak("unspecified processor") unless $processor;
43 my $subclass = "${class}::$processor";
45 croak("unknown processor $processor ($@)") if $@;
47 my $self = bless {processor => $processor}, $subclass;
48 $self->build_subs(@methods);
50 if($self->can("set_defaults")) {
51 $self->set_defaults(%data);
56 my $value = $data{$_};
58 $self->build_subs($key);
62 # "wrap" submit with _pre_submit only once
63 unless ( $Presubmit_Added{$subclass} ) {
64 my $real_submit = $subclass->can('submit');
66 no warnings 'redefine';
69 *{"${subclass}::submit"} = sub {
71 return unless $self->_pre_submit(@_);
72 return $real_submit->($self, @_);
80 my ($self, $risk_transaction) = @_;
82 my %parent_content = $self->content();
83 $parent_content{action} = 'Fraud Detect';
84 $risk_transaction->content( %parent_content );
85 $risk_transaction->submit();
86 if ($risk_transaction->is_success()) {
87 $self->fraud_score( $risk_transaction->fraud_score );
88 $self->fraud_transaction_id( $risk_transaction->fraud_transaction_id );
89 if ( $risk_transaction->fraud_score <= $self->maximum_fraud_score()) {
92 $self->error_message('Excessive risk from risk management');
95 $self->error_message('Error in risk detection stage: ' . $risk_transaction->error_message);
101 my @Fraud_Class_Path = qw(Business::OnlinePayment Business::FraudDetect);
105 my $fraud_detection = $self->fraud_detect();
107 # early return if user does not want optional risk mgt
108 return 1 unless $fraud_detection;
110 # Search for an appropriate FD module
111 foreach my $fraud_class ( @Fraud_Class_Path ) {
112 my $subclass = $fraud_class . "::" . $fraud_detection;
113 eval "use $subclass ()";
115 croak("error loading fraud_detection module ($@)")
116 unless ( $@ =~ m/^Can\'t locate/ );
118 my $risk_tx = bless( { processor => $fraud_detection }, $subclass );
119 $risk_tx->build_subs(@methods);
120 if ($risk_tx->can('set_defaults')) {
121 $risk_tx->set_defaults();
123 $risk_tx->_glean_parameters_from_parent($self);
124 return $self->_risk_detect($risk_tx);
127 croak("Unable to locate fraud_detection module $fraud_detection"
128 . " in \@INC under Fraud_Class_Path (\@Fraud_Class_Path"
129 . " contains: @Fraud_Class_Path) (\@INC contains: @INC)");
133 my($self,%params) = @_;
136 if($params{'type'}) { $self->transaction_type($params{'type'}); }
137 %{$self->{'_content'}} = %params;
139 return exists $self->{'_content'} ? %{$self->{'_content'}} : ();
142 sub required_fields {
143 my($self,@fields) = @_;
146 my %content = $self->content();
148 push(@missing, $_) unless exists $content{$_};
151 croak("missing required field(s): " . join(", ", @missing) . "\n")
156 my($self, @fields) = @_;
158 my %content = $self->content();
161 #foreach(@fields) { $new{$_} = $content{$_}; }
163 map { $_ => $content{$_} } grep defined $content{$_}, @fields;
169 my %content = $self->content();
170 foreach( keys %map ) {
171 $content{$map{$_}} = $content{$_};
173 $self->content(%content);
179 croak("Processor subclass did not override submit function");
185 my %content = $self->content();
187 foreach(sort keys %content) {
188 $dump .= "$_ = $content{$_}\n";
193 # didnt use AUTOLOAD because Net::SSLeay::AUTOLOAD passes right to
194 # AutoLoader::AUTOLOAD, instead of passing up the chain
199 next if($self->can($_));
200 eval "sub $_ { my \$self = shift; if(\@_) { \$self->{$_} = shift; } return \$self->{$_}; }";
207 my( $self, $value ) = @_;
208 return 1 if $value =~ /^[yt]/i;
209 return 0 if $value =~ /^[fn]/i;
210 #return 1 if $value == 1;
211 #return 0 if $value == 0;
221 Business::OnlinePayment - Perl extension for online payment processing
225 use Business::OnlinePayment;
227 my $transaction = new Business::OnlinePayment($processor, %processor_info);
228 $transaction->content(
231 card_number => '1234123412341238',
232 expiration => '0100',
233 name => 'John Q Doe',
235 $transaction->submit();
237 if($transaction->is_success()) {
238 print "Card processed successfully: ", $transaction->authorization(), "\n";
240 print "Card was rejected: ", $transaction->error_message(), "\n";
245 Business::OnlinePayment is a generic module for processing payments
246 through online credit card processors, electronic cash systems, etc.
250 =head2 new($processor, %processor_options)
252 Create a new Business::OnlinePayment object, $processor is required,
253 and defines the online processor to use. If necessary, processor
254 options can be specified, currently supported options are 'Server',
255 'Port', and 'Path', which specify how to find the online processor
256 (https://server:port/path), but individual processor modules should
257 supply reasonable defaults for this information, override the defaults
258 only if absolutely necessary (especially path), as the processor
259 module was probably written with a specific target script in mind.
261 =head1 TRANSACTION SETUP METHODS
263 =head2 content(%content)
265 The information necessary for the transaction, this tends to vary a
266 little depending on the processor, so we have chosen to use a system
267 which defines specific fields in the frontend which get mapped to the
268 correct fields in the backend. The currently defined fields are:
270 =head3 PROCESSOR FIELDS
276 Your login name to use for authentication to the online processor.
280 Your password to use for authentication to the online processor.
284 =head3 REQUIRED TRANSACTION FIELDS
290 Transaction type, supported types are: CC (credit card), ECHECK
291 (electronic check) and LEC (phone bill billing). Deprecated types
292 are: Visa, MasterCard, American Express, Discover, Check. Not all
293 processors support all transaction types.
297 What to do with the transaction (currently available are: Normal
298 Authorization, Authorization Only, Credit, Post Authorization,
299 Recurring Authorization, Modify Recurring Authorization,
300 Cancel Recurring Authorization)
304 The amount of the transaction. No dollar signs or currency identifiers,
305 just a whole or floating point number (i.e. 26, 26.1 or 26.13).
309 =head3 OPTIONAL TRANSACTION FIELDS
315 A description of the transaction (used by some processors to send
316 information to the client, normally not a required field).
320 An invoice number, for your use and not normally required, many
321 processors require this field to be a numeric only field.
325 Purchase order number (normally not required).
329 Tax amount (portion of amount field, not added to it).
333 Freight amount (portion of amount field, not added to it).
337 Duty amount (portion of amount field, not added to it).
341 Tax exempt flag (i.e. TRUE, FALSE, T, F, YES, NO, Y, N, 1, 0).
345 =head3 CUSTOMER INFO FIELDS
351 A customer identifier, again not normally required.
355 The customer's name, your processor may not require this.
361 The customer's first and last name as separate fields.
365 The customer's company name, not normally required.
369 The customer's address (your processor may not require this unless you
370 are requiring AVS Verification).
374 The customer's city (your processor may not require this unless you
375 are requiring AVS Verification).
379 The customer's state (your processor may not require this unless you
380 are requiring AVS Verification).
384 The customer's zip code (your processor may not require this unless
385 you are requiring AVS Verification).
391 =item ship_first_name
407 These shipping address fields may be accepted by your processor.
408 Refer to the description for the corresponding non-ship field for
409 general information on each field.
413 Customer's phone number.
417 Customer's fax number.
421 Customer's email address.
425 IP Address from which the transaction originated.
429 =head3 CREDIT CARD FIELDS
439 CVV2 number (also called CVC2 or CID) is a three- or four-digit
440 security code used to reduce credit card fraud.
444 Credit card expiration.
448 Track 1 on the magnetic stripe (Card present only)
452 Track 2 on the magnetic stripe (Card present only)
454 =item recurring billing
456 Recurring billing flag
460 =head3 ELECTRONIC CHECK FIELDS
466 Bank account number for electronic checks or electronic funds
471 Bank's routing code for electronic checks or electronic funds
476 Account type for electronic checks or electronic funds transfer. Can be
477 (case-insensitive): B<Personal Checking>, B<Personal Savings>,
478 B<Business Checking> or B<Business Savings>.
482 Account holder's name for electronic checks or electronic funds
487 Bank's name for electronic checks or electronic funds transfer.
491 Check type for electronic checks or electronic funds transfer.
495 Customer organization type.
499 Customer's social security number. Typically only required for
500 electronic checks or electronic funds transfer.
504 Customer's driver's license number. Typically only required for
505 electronic checks or electronic funds transfer.
509 Customer's date of birth. Typically only required for electronic
510 checks or electronic funds transfer.
514 =head3 RECURRING BILLING FIELDS
520 Interval expresses the amount of time between billings: digits, whitespace
521 and units (currently "days" or "months" in either singular or plural form).
525 The date of the first transaction (used for processors which allow delayed
526 start) expressed as YYYY-MM-DD.
530 The number of cycles of interval length for which billing should occur
531 (inclusive of 'trial periods' if the processor supports recurring billing
532 at more than one rate)
536 =head2 test_transaction()
538 Most processors provide a test mode, where submitted transactions will
539 not actually be charged or added to your batch, calling this function
540 with a true argument will turn that mode on if the processor supports
541 it, or generate a fatal error if the processor does not support a test
542 mode (which is probably better than accidentally making real charges).
546 Providing a true argument to this module will turn on address
547 verification (if the processor supports it).
549 =head1 TRANSACTION SUBMISSION METHOD
553 Submit the transaction to the processor for completion
555 =head1 TRANSACTION RESULT METHODS
559 Returns true if the transaction was submitted successfully, false if
560 it failed (or undef if it has not been submitted yet).
562 =head2 error_message()
564 If the transaction has been submitted but was not accepted, this
565 function will return the provided error message (if any) that the
568 =head2 failure_status()
570 If the transaction failed, it can optionally return a specific failure
571 status (normalized, not gateway-specific). Currently defined statuses
572 are: "expired", "nsf" (non-sufficient funds), "stolen", "pickup",
573 "blacklisted" and "declined" (card/transaction declines only, not
576 Note that (as of Aug 2006) this is only supported by some of the
577 newest processor modules, and that, even if supported, a failure
578 status is an entirely optional field that is only set for specific
581 =head2 authorization()
583 If the transaction has been submitted and accepted, this function will
584 provide you with the authorization code that the processor returned.
585 Store this if you would like to run inquiries or refunds on the transaction
588 =head2 order_number()
590 The unique order number for the transaction generated by the gateway. Store
591 this if you would like to run inquiries or refunds on the transaction later.
595 Retrieve or change the fraud score from any Business::FraudDetect plugin
597 =head2 fraud_transaction_id()
599 Retrieve or change the transaction id from any Business::FraudDetect plugin
601 =head2 response_code()
603 =head2 response_headers()
605 =head2 response_page()
607 These three fields are set by some processors (especially those which use
608 HTTPS) when the transaction fails at the communication level rather than
611 response_code is the HTTP response code and message, i.e.
612 '500 Internal Server Error'.
614 response_headers is a hash reference of the response headers
616 response_page is the raw content.
620 Returns the precise result code that the processor returned, these are
621 normally one letter codes that don't mean much unless you understand
622 the protocol they speak, you probably don't need this, but it's there
627 =head2 cvv2_response()
629 =head1 MISCELLANEOUS INTERNAL METHODS
631 =head2 transaction_type()
633 Retrieve the transaction type (the 'type' argument to contents()).
634 Generally only used internally, but provided in case it is useful.
638 Retrieve or change the processor submission server address (CHANGE AT
643 Retrieve or change the processor submission port (CHANGE AT YOUR OWN
648 Retrieve or change the processor submission path (CHANGE AT YOUR OWN
651 =head1 HELPER METHODS FOR GATEWAY MODULE AUTHORS
653 =head2 build_subs( @sub_names )
655 Build setter/getter subroutines for new return values.
657 =head2 get_fields( @fields )
659 Get the named fields if they are defined.
661 =head2 remap_fields( %map )
663 Remap field content (and stuff it back into content).
665 =head2 required_fields( @fields )
667 Croaks if any of the required fields are not present.
671 =head2 silly_bool( $value )
673 Returns 0 if the value starts with y, Y, t or T.
674 Returns 1 if the value starts with n, N, f or F.
675 Otherwise returns the value itself.
677 Use this for handling boolean content like tax_exempt.
681 Jason Kohles, email@jasonkohles.com
683 (v3 rewrite) Ivan Kohler <ivan-business-onlinepayment@420.am>
685 Phil Lobbes E<lt>phil at perkpartners dot comE<gt>
689 Homepage: http://420.am/business-onlinepayment/
691 Development: http://420.am/business-onlinepayment/ng.html
695 Please direct current development questions, patches, etc. to the mailing list:
696 http://420.am/cgi-bin/mailman/listinfo/bop-devel/
700 The code is available from our public CVS repository:
702 export CVSROOT=":pserver:anonymous@cvs.freeside.biz:/home/cvs/cvsroot"
704 # The password for the user `anonymous' is `anonymous'.
705 cvs checkout Business-OnlinePayment
709 http://freeside.biz/cgi-bin/viewvc.cgi/Business-OnlinePayment/
711 Many (but by no means all!) processor plugins are also available in the same
714 http://freeside.biz/cgi-bin/viewvc.cgi/
718 THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
719 WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
720 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
724 http://420.am/business-onlinepayment/
726 For verification of credit card checksums, see L<Business::CreditCard>.