1 package Business::OnlinePayment;
4 use vars qw($VERSION %_info_handler);
10 $VERSION = eval $VERSION; # modperlstyle: convert the string into a number
12 # Remember subclasses we have "wrapped" submit() with _pre_submit()
13 my %Presubmit_Added = ();
43 ( my $gw = $class ) =~ s/^Business::OnlinePayment:://;
45 'info_compat' => '0.00',
46 'gateway_name' => $gw,
47 'module_notes' => "Module does not yet provide info.",
51 #allow classes to declare info in a flexible way, but return normalized info
53 'supported_types' => sub {
54 my( $class, $v ) = @_;
55 my $types = ref($v) ? $v : defined($v) ? [ $v ] : [];
56 $types = { map { $_=>1 } @$types } if ref($types) eq 'ARRAY';
59 'supported_actions' => sub {
60 my( $class, $v ) = @_;
61 return %$v if ref($v) eq 'HASH';
62 $v = [ $v ] unless ref($v);
63 my $types = $class->info('supported_types') || {};
64 ( map { $_ => $v } keys %$types );
69 my $class = shift; #class or object
70 my $info = $class->_info;
73 exists($_info_handler{$key})
74 ? &{ $_info_handler{$key} }( $class, $info->{$key} )
77 wantarray ? ( keys %$info ) : [ keys %$info ];
82 my($class,$processor,%data) = @_;
84 croak("unspecified processor") unless $processor;
86 my $subclass = "${class}::$processor";
88 croak("unknown processor $processor ($@)") if $@;
90 my $self = bless {processor => $processor}, $subclass;
91 $self->build_subs(@methods);
93 if($self->can("set_defaults")) {
94 $self->set_defaults(%data);
99 my $value = $data{$_};
101 $self->build_subs($key);
105 # "wrap" submit with _pre_submit only once
106 unless ( $Presubmit_Added{$subclass} ) {
107 my $real_submit = $subclass->can('submit');
109 no warnings 'redefine';
112 *{"${subclass}::submit"} = sub {
114 return unless $self->_pre_submit(@_);
115 return $real_submit->($self, @_);
123 my ($self, $risk_transaction) = @_;
125 my %parent_content = $self->content();
126 $parent_content{action} = 'Fraud Detect';
127 $risk_transaction->content( %parent_content );
128 $risk_transaction->submit();
129 if ($risk_transaction->is_success()) {
130 $self->fraud_score( $risk_transaction->fraud_score );
131 $self->fraud_transaction_id( $risk_transaction->fraud_transaction_id );
132 if ( $risk_transaction->fraud_score <= $self->maximum_fraud_score()) {
135 $self->error_message('Excessive risk from risk management');
138 $self->error_message('Error in risk detection stage: ' . $risk_transaction->error_message);
140 $self->is_success(0);
144 my @Fraud_Class_Path = qw(Business::OnlinePayment Business::FraudDetect);
148 my $fraud_detection = $self->fraud_detect();
150 # early return if user does not want optional risk mgt
151 return 1 unless $fraud_detection;
153 # Search for an appropriate FD module
154 foreach my $fraud_class ( @Fraud_Class_Path ) {
155 my $subclass = $fraud_class . "::" . $fraud_detection;
156 eval "use $subclass ()";
158 croak("error loading fraud_detection module ($@)")
159 unless ( $@ =~ m/^Can\'t locate/ );
161 my $risk_tx = bless( { processor => $fraud_detection }, $subclass );
162 $risk_tx->build_subs(@methods);
163 if ($risk_tx->can('set_defaults')) {
164 $risk_tx->set_defaults();
166 $risk_tx->_glean_parameters_from_parent($self);
167 return $self->_risk_detect($risk_tx);
170 croak("Unable to locate fraud_detection module $fraud_detection"
171 . " in \@INC under Fraud_Class_Path (\@Fraud_Class_Path"
172 . " contains: @Fraud_Class_Path) (\@INC contains: @INC)");
176 my($self,%params) = @_;
179 if($params{'type'}) { $self->transaction_type($params{'type'}); }
180 %{$self->{'_content'}} = %params;
182 return exists $self->{'_content'} ? %{$self->{'_content'}} : ();
185 sub required_fields {
186 my($self,@fields) = @_;
189 my %content = $self->content();
191 push(@missing, $_) unless exists $content{$_};
194 croak("missing required field(s): " . join(", ", @missing) . "\n")
199 my($self, @fields) = @_;
201 my %content = $self->content();
204 #foreach(@fields) { $new{$_} = $content{$_}; }
206 map { $_ => $content{$_} } grep defined $content{$_}, @fields;
212 my %content = $self->content();
213 foreach( keys %map ) {
214 $content{$map{$_}} = $content{$_};
216 $self->content(%content);
222 croak("Processor subclass did not override submit function");
228 my %content = $self->content();
230 foreach(sort keys %content) {
231 $dump .= "$_ = $content{$_}\n";
236 # didnt use AUTOLOAD because Net::SSLeay::AUTOLOAD passes right to
237 # AutoLoader::AUTOLOAD, instead of passing up the chain
242 next if($self->can($_));
243 eval "sub $_ { my \$self = shift; if(\@_) { \$self->{$_} = shift; } return \$self->{$_}; }";
250 my( $self, $value ) = @_;
251 return 1 if $value =~ /^[yt]/i;
252 return 0 if $value =~ /^[fn]/i;
253 #return 1 if $value == 1;
254 #return 0 if $value == 0;
264 Business::OnlinePayment - Perl extension for online payment processing
268 use Business::OnlinePayment;
270 my $transaction = new Business::OnlinePayment($processor, %processor_info);
271 $transaction->content(
274 card_number => '1234123412341238',
275 expiration => '06/15',
276 name => 'John Q Doe',
278 $transaction->submit();
280 if($transaction->is_success()) {
281 print "Card processed successfully: ", $transaction->authorization(), "\n";
283 print "Card was rejected: ", $transaction->error_message(), "\n";
288 Business::OnlinePayment is a generic module for processing payments
289 through online credit card processors, electronic cash systems, etc.
293 =head2 new($processor, %processor_options)
295 Create a new Business::OnlinePayment object, $processor is required,
296 and defines the online processor to use. If necessary, processor
297 options can be specified, currently supported options are 'Server',
298 'Port', and 'Path', which specify how to find the online processor
299 (https://server:port/path), but individual processor modules should
300 supply reasonable defaults for this information, override the defaults
301 only if absolutely necessary (especially path), as the processor
302 module was probably written with a specific target script in mind.
304 =head1 TRANSACTION SETUP METHODS
306 =head2 content(%content)
308 The information necessary for the transaction, this tends to vary a
309 little depending on the processor, so we have chosen to use a system
310 which defines specific fields in the frontend which get mapped to the
311 correct fields in the backend. The currently defined fields are:
313 =head3 PROCESSOR FIELDS
319 Your login name to use for authentication to the online processor.
323 Your password to use for authentication to the online processor.
327 =head3 REQUIRED TRANSACTION FIELDS
333 Transaction type, supported types are: CC (credit card), ECHECK
334 (electronic check) and LEC (phone bill billing). Deprecated types
335 are: Visa, MasterCard, American Express, Discover, Check. Not all
336 processors support all transaction types.
340 What action being taken by this transaction. Currently available are:
344 =item Normal Authorization
346 =item Authorization Only
348 =item Post Authorization
350 =item Reverse Authorization
356 =item Recurring Authorization
358 =item Modify Recurring Authorization
360 =item Cancel Recurring Authorization
366 The amount of the transaction. No dollar signs or currency identifiers,
367 just a whole or floating point number (i.e. 26, 26.1 or 26.13).
371 =head3 OPTIONAL TRANSACTION FIELDS
377 A description of the transaction (used by some processors to send
378 information to the client, normally not a required field).
382 An invoice number, for your use and not normally required, many
383 processors require this field to be a numeric only field.
387 Purchase order number (normally not required).
391 Tax amount (portion of amount field, not added to it).
395 Freight amount (portion of amount field, not added to it).
399 Duty amount (portion of amount field, not added to it).
403 Tax exempt flag (i.e. TRUE, FALSE, T, F, YES, NO, Y, N, 1, 0).
407 Currency, specified as an ISO 4217 three-letter code, such as USD, CAD, EUR,
408 AUD, DKK, GBP, JPY, NZD, etc.
412 =head3 CUSTOMER INFO FIELDS
418 A customer identifier, again not normally required.
422 The customer's name, your processor may not require this.
428 The customer's first and last name as separate fields.
432 The customer's company name, not normally required.
436 The customer's address (your processor may not require this unless you
437 are requiring AVS Verification).
441 The customer's city (your processor may not require this unless you
442 are requiring AVS Verification).
446 The customer's state (your processor may not require this unless you
447 are requiring AVS Verification).
451 The customer's zip code (your processor may not require this unless
452 you are requiring AVS Verification).
458 =item ship_first_name
474 These shipping address fields may be accepted by your processor.
475 Refer to the description for the corresponding non-ship field for
476 general information on each field.
480 Customer's phone number.
484 Customer's fax number.
488 Customer's email address.
492 IP Address from which the transaction originated.
496 =head3 CREDIT CARD FIELDS
506 Credit card expiration, MM/YY.
510 CVV2 number (also called CVC2 or CID) is a three- or four-digit
511 security code used to reduce credit card fraud.
515 If supported by your gateway, you can pass a card_token instead of a
516 card_number and expiration.
522 #Some card_token schemes implement a challenge/response handshake. In those
523 #cases, this field is used for the response. In most cases the handshake
524 #it taken care of by the gateway module.
528 Track 1 on the magnetic stripe (Card present only)
532 Track 2 on the magnetic stripe (Card present only)
534 =item recurring_billing
536 Recurring billing flag
540 =head3 ELECTRONIC CHECK FIELDS
554 Account type. Can be (case-insensitive): B<Personal Checking>,
555 B<Personal Savings>, B<Business Checking> or B<Business Savings>.
559 Account holder's name.
579 Customer organization type.
583 Customer's social security number.
587 Customer's driver's license number.
591 Customer's date of birth.
595 =head3 RECURRING BILLING FIELDS
601 Interval expresses the amount of time between billings: digits, whitespace
602 and units (currently "days" or "months" in either singular or plural form).
606 The date of the first transaction (used for processors which allow delayed
607 start) expressed as YYYY-MM-DD.
611 The number of cycles of interval length for which billing should occur
612 (inclusive of 'trial periods' if the processor supports recurring billing
613 at more than one rate)
617 =head2 test_transaction()
619 Most processors provide a test mode, where submitted transactions will
620 not actually be charged or added to your batch, calling this function
621 with a true argument will turn that mode on if the processor supports
622 it, or generate a fatal error if the processor does not support a test
623 mode (which is probably better than accidentally making real charges).
627 Providing a true argument to this module will turn on address
628 verification (if the processor supports it).
630 =head1 TRANSACTION SUBMISSION METHOD
634 Submit the transaction to the processor for completion
636 =head1 TRANSACTION RESULT METHODS
640 Returns true if the transaction was approved by the gateway, false if
641 it was submitted but not approved, or undef if it has not been
644 =head2 error_message()
646 If the transaction has been submitted but was not accepted, this
647 function will return the provided error message (if any) that the
650 =head2 failure_status()
652 If the transaction failed, it can optionally return a specific failure
653 status (normalized, not gateway-specific). Currently defined statuses
654 are: "expired", "nsf" (non-sufficient funds), "stolen", "pickup",
655 "blacklisted" and "declined" (card/transaction declines only, not
658 Note that (as of Aug 2006) this is only supported by some of the
659 newest processor modules, and that, even if supported, a failure
660 status is an entirely optional field that is only set for specific
663 =head2 authorization()
665 If the transaction has been submitted and accepted, this function will
666 provide you with the authorization code that the processor returned.
667 Store this if you would like to run inquiries or refunds on the transaction
670 =head2 order_number()
672 The unique order number for the transaction generated by the gateway. Store
673 this if you would like to run inquiries or refunds on the transaction later.
677 If supported by your gateway, a card_token can be used in a subsequent
678 transaction to refer to a card number.
682 Retrieve or change the fraud score from any Business::FraudDetect plugin
684 =head2 fraud_transaction_id()
686 Retrieve or change the transaction id from any Business::FraudDetect plugin
688 =head2 response_code()
690 =head2 response_headers()
692 =head2 response_page()
694 These three fields are set by some processors (especially those which use
695 HTTPS) when the transaction fails at the communication level rather than
698 response_code is the HTTP response code and message, i.e.
699 '500 Internal Server Error'.
701 response_headers is a hash reference of the response headers
703 response_page is the raw content.
707 Returns the precise result code that the processor returned, these are
708 normally one letter codes that don't mean much unless you understand
709 the protocol they speak, you probably don't need this, but it's there
714 =head2 cvv2_response()
716 =head1 MISCELLANEOUS INTERNAL METHODS
718 =head2 transaction_type()
720 Retrieve the transaction type (the 'type' argument to contents()).
721 Generally only used internally, but provided in case it is useful.
725 Retrieve or change the processor submission server address (CHANGE AT
730 Retrieve or change the processor submission port (CHANGE AT YOUR OWN
735 Retrieve or change the processor submission path (CHANGE AT YOUR OWN
738 =head1 HELPER METHODS FOR GATEWAY MODULE AUTHORS
740 =head2 build_subs( @sub_names )
742 Build setter/getter subroutines for new return values.
744 =head2 get_fields( @fields )
746 Get the named fields if they are defined.
748 =head2 remap_fields( %map )
750 Remap field content (and stuff it back into content).
752 =head2 required_fields( @fields )
754 Croaks if any of the required fields are not present.
758 =head2 silly_bool( $value )
760 Returns 0 if the value starts with y, Y, t or T.
761 Returns 1 if the value starts with n, N, f or F.
762 Otherwise returns the value itself.
764 Use this for handling boolean content like tax_exempt.
770 Jason Kohles, email@jasonkohles.com
774 Ivan Kohler <ivan-business-onlinepayment@420.am>
776 Phil Lobbes E<lt>phil at perkpartners dot comE<gt>
780 Copyright (c) 1999-2004 Jason Kohles
781 Copyright (c) 2004 Ivan Kohler
782 Copyright (c) 2007-2014 Freeside Internet Services, Inc.
786 This program is free software; you can redistribute it and/or modify it under
787 the same terms as Perl itself.
791 Homepage: http://420.am/business-onlinepayment/
793 Development: http://420.am/business-onlinepayment/ng.html
797 Please direct current development questions, patches, etc. to the mailing list:
798 http://420.am/cgi-bin/mailman/listinfo/bop-devel/
802 The code is available from our public git repository:
804 git clone git://git.freeside.biz/Business-OnlinePayment.git
808 http://freeside.biz/gitweb/?p=Business-OnlinePayment.git
810 Many (but by no means all!) processor plugins are also available in the same
813 http://freeside.biz/gitweb/
817 THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
818 WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
819 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
823 http://420.am/business-onlinepayment/
825 For verification of credit card checksums, see L<Business::CreditCard>.