Payment API Evaluation Params

3aa92ce8 · iWallet Dev · 3dea8b6c · 3aa92ce8 · 3aa92ce8 · 3aa92ce8
Commit 3aa92ce8 authored May 03, 2023 by iWallet Dev
8 changed files
--- a/api/mids/Settle.php
+++ b/api/mids/Settle.php
@@ -79,6 +79,12 @@ class Settle extends System {
     */
    private $language;
    
+    private $checkingDetails;
+    private $checkFirstName;
+    private $checkLastName;
+    private $checkDateOfBirth;
+    private $checkEmail;
+    
    /**
     * 
     * api-param
@@ -132,15 +138,20 @@ class Settle extends System {
       if($this -> checkJSONString($this -> payload)){
           $payObject = json_decode($this -> payload, true);
           
-           $this -> pnum        = $this -> getColumnData($payObject, PARAM_P_NUM);
-           $this -> currency    = $this -> getColumnData($payObject, PARAM_CURRENCY);
-           $this -> signature   = $this -> getColumnData($payObject, PARAM_SIGNATURE);
-           $this -> amount      = $this -> getColumnData($payObject, PARAM_AMOUNT);
-           $this -> title       = $this -> getColumnData($payObject, PARAM_TITLE);
-           $this -> language    = $this -> getColumnData($payObject, PARAM_LANGUAGE);
-           $this -> successUrl  = $this -> getColumnData($payObject, PARAM_SUCCESS_URL);
-           $this -> returnUrl   = $this -> getColumnData($payObject, PARAM_RETURN_URL);
-           $this -> failedUrl   = $this -> getColumnData($payObject, PARAM_FAIL_URL);
+           $this -> pnum                = $this -> getColumnData($payObject, PARAM_P_NUM);
+           $this -> currency            = $this -> getColumnData($payObject, PARAM_CURRENCY);
+           $this -> signature           = $this -> getColumnData($payObject, PARAM_SIGNATURE);
+           $this -> amount              = $this -> getColumnData($payObject, PARAM_AMOUNT);
+           $this -> title               = $this -> getColumnData($payObject, PARAM_TITLE);
+           $this -> language            = $this -> getColumnData($payObject, PARAM_LANGUAGE);
+           $this -> successUrl          = $this -> getColumnData($payObject, PARAM_SUCCESS_URL);
+           $this -> returnUrl           = $this -> getColumnData($payObject, PARAM_RETURN_URL);
+           $this -> failedUrl           = $this -> getColumnData($payObject, PARAM_FAIL_URL);
+           $this -> checkingDetails     = $this -> getColumnData($payObject, PARAM_CHECK_DETAILS);
+           $this -> checkFirstName      = $this -> getColumnData($payObject, PARAM_CHECK_FNAME);
+           $this -> checkLastName       = $this -> getColumnData($payObject, PARAM_CHECK_LNAME);
+           $this -> checkDateOfBirth    = $this -> getColumnData($payObject, PARAM_CHECK_DOB);
+           $this -> checkEmail          = $this -> getColumnData($payObject, PARAM_CHECK_EMAIL);
           
           $freePs = $this -> getColumnData($payObject, "free_params");
           
@@ -275,34 +286,48 @@ class Settle extends System {
     * 
     */
    public function listen(){
+        $middlewareSettings = $this -> getSettingConfiguration("middleware_conf");
+        $settlementSettings = $this -> getSettingConfiguration("payment_api_conf");
        
+        $paramsToStore = [
+            PARAM_P_NUM => $this -> pnum,
+            PARAM_SIGNATURE => $this -> signature,
+            PARAM_TITLE => $this -> title,
+            PARAM_LANGUAGE => $this -> language,
+            PARAM_AMOUNT => $this -> amount,
+            PARAM_CURRENCY => $this -> currency,
+            PARAM_SUCCESS_URL => $this -> successUrl,
+            PARAM_FAIL_URL => $this -> failedUrl,
+            PARAM_RETURN_URL => $this -> returnUrl,
+            PARAM_SETTLEMENT_ORIGIN => "server_to_server",
+            PARAM_SETTLEMENT_FREE_PARAMS => $this -> freeParams
+        ];
+        
+        $this -> checkingDetails = filter_var($this -> checkingDetails, FILTER_VALIDATE_BOOLEAN);
+        
+        if($this -> checkingDetails){
+            $paramsToStore = array_merge($paramsToStore, [
+                PARAM_CHECK_DETAILS => $this -> checkingDetails,
+                PARAM_CHECK_FNAME => $this -> checkFirstName,
+                PARAM_CHECK_LNAME => $this -> checkLastName,
+                PARAM_CHECK_DOB => $this -> checkDateOfBirth,
+                PARAM_CHECK_EMAIL => $this -> checkEmail
+            ]);
+        }
+        
+        $paramsToStore = json_encode($paramsToStore);
        
        $this -> accessModifyCommon('INSERT_LOG_POST', array(
            $this -> ipAddress,
            $this -> pnum,
            $this -> getColumnData($_SERVER, "HTTP_REFERER"),
-            "[SERVER_TO_SERVER]{$this -> payload}"));
-        
-        $middlewareSettings = $this -> getSettingConfiguration("middleware_conf");
-        $settlementSettings = $this -> getSettingConfiguration("payment_api_conf");
+            "[SERVER_TO_SERVER]{$paramsToStore}"));
        
        $jwtPayload = [
            "purpose" => "PaymentAPI",
            "created" => date("Y-m-d H:i:s"),
            "expiration" => date("Y-m-d H:i:s", strtotime($settlementSettings -> link_duration)),
-            "data" => base64_encode(json_encode([
-                PARAM_P_NUM => $this -> pnum,
-                PARAM_SIGNATURE => $this -> signature,
-                PARAM_TITLE => $this -> title,
-                PARAM_LANGUAGE => $this -> language,
-                PARAM_AMOUNT => $this -> amount,
-                PARAM_CURRENCY => $this -> currency,
-                PARAM_SUCCESS_URL => $this -> successUrl,
-                PARAM_FAIL_URL => $this -> failedUrl,
-                PARAM_RETURN_URL => $this -> returnUrl,
-                PARAM_SETTLEMENT_ORIGIN => "server_to_server",
-                PARAM_SETTLEMENT_FREE_PARAMS => $this -> freeParams
-            ]))
+            "data" => base64_encode($paramsToStore)
        ];
                
        $jwtToken = JWT::encode($jwtPayload, 

--- a/logic/settlement/model.php
+++ b/logic/settlement/model.php
@@ -45,6 +45,14 @@ class SettlementModelClass extends ModelClassEx {
 	private $midconf                   = null;
 	private $settleForm                = null;
 	private $paymentAPIConf            = null;
+	private $checkingDetails           = false;
+	
+	// 詳細確認の変数
+	private $checkFirstName            = NO_STRING;
+	private $checkLastName             = NO_STRING;
+	private $checkDateOfBirth          = NO_STRING;
+	private $checkEmail                = NO_STRING;
+	
 	
 	private $ignoreParamNames = [
 	    PARAM_SIGNATURE,
@@ -65,7 +73,12 @@ class SettlementModelClass extends ModelClassEx {
 	    PARAM_FROM_ACCOUNT,
 	    PARAM_MESSAGE,
 	    PARAM_RATE,
-	    PARAM_DEBIT_AMOUNT
+	    PARAM_DEBIT_AMOUNT,
+	    PARAM_CHECK_DETAILS,
+	    PARAM_CHECK_FNAME,
+	    PARAM_CHECK_LNAME,
+	    PARAM_CHECK_DOB,
+	    PARAM_CHECK_EMAIL
 	];
 	
 	/*-------------------------------------------------------------------------
@@ -128,7 +141,13 @@ class SettlementModelClass extends ModelClassEx {
        $this -> failUrl		      = $this -> getDataPost(PARAM_FAIL_URL);			    // 失敗URL
        $this -> cancelUrl		      = $this -> getDataPost(PARAM_CANCEL_URL);		        // キャンセルURL
        $this -> returnUrl		      = $this -> getDataPost(PARAM_RETURN_URL);		        // 返却URL
-        $this -> rate			      = $this -> getDataPost(PARAM_RATE, true);				// 取引レート
+        $this -> rate			      = $this -> getDataPost(PARAM_RATE, true);				// 取引
+        $this -> checkingDetails      = $this -> getDataPost(PARAM_CHECK_DETAILS);          // 口座詳細の試し
+        // trueがあったら、以下の詳細をマッチングする必要がある。
+        $this -> checkFirstName       = $this -> getDataPost(PARAM_CHECK_FNAME);            
+        $this -> checkLastName        = $this -> getDataPost(PARAM_CHECK_LNAME);
+        $this -> checkDateOfBirth     = $this -> getDataPost(PARAM_CHECK_DOB);
+        $this -> checkEmail           = $this -> getDataPost(PARAM_CHECK_EMAIL);
 		$this -> setRateEx($this -> rate);										            // 取引レート
 		
 		$this -> params = [];
@@ -184,14 +203,14 @@ class SettlementModelClass extends ModelClassEx {
 	    if($this -> checkJSONString($data)){
 	        $data = json_decode($data, true);
 	        	        
-	        $this -> signature     = $this -> getColumnData($data, PARAM_SIGNATURE);
-	        $this -> pNum          = $this -> getColumnData($data, PARAM_P_NUM);
-	        $this -> amount        = $this -> getColumnData($data, PARAM_AMOUNT);
-	        $this -> currency      = $this -> getColumnData($data, PARAM_CURRENCY);
-	        $this -> title         = $this -> getColumnData($data, PARAM_TITLE);
-	        $this -> successUrl    = $this -> getColumnData($data, PARAM_SUCCESS_URL);
-	        $this -> failUrl       = $this -> getColumnData($data, PARAM_FAIL_URL);
-	        $this -> returnUrl     = $this -> getColumnData($data, PARAM_RETURN_URL);
+	        $this -> signature         = $this -> getColumnData($data, PARAM_SIGNATURE);
+	        $this -> pNum              = $this -> getColumnData($data, PARAM_P_NUM);
+	        $this -> amount            = $this -> getColumnData($data, PARAM_AMOUNT);
+	        $this -> currency          = $this -> getColumnData($data, PARAM_CURRENCY);
+	        $this -> title             = $this -> getColumnData($data, PARAM_TITLE);
+	        $this -> successUrl        = $this -> getColumnData($data, PARAM_SUCCESS_URL);
+	        $this -> failUrl           = $this -> getColumnData($data, PARAM_FAIL_URL);
+	        $this -> returnUrl         = $this -> getColumnData($data, PARAM_RETURN_URL);
 	        
 	        $apiSignature          = $this -> getRowData($this -> getAPISignatureCommon($this -> pNum));
 	        $this -> userAccount   = $this -> getColumnData($apiSignature, PARAM_USER_ACCOUNT);
@@ -536,6 +555,11 @@ class SettlementModelClass extends ModelClassEx {
 	        if($this -> uniqueSubmission == $this -> formName.md5($this -> paymentAPIConf -> middleware_sig_passphrase)){
 	            $this -> setData();
 	            $this -> arrangeFreeParams();
+	            $checkDet = $this -> evaluateImportantDetails();
+	            
+	            if(is_array($checkDet)){
+	                $this -> invalidFormParams = array_merge($this -> invalidFormParams, $checkDet);
+	            }
 	            
 	            if($this -> balance < ($this -> debitAmount + $this -> getFeeEx()) && !$mismatchedAccountNum) {
 	                $this -> invalidFormParams[] = $this -> getMessage(ERROR, 'E_INSUFFICIENT_FUNDS',
@@ -581,7 +605,19 @@ class SettlementModelClass extends ModelClassEx {
 	        PARAM_SETTLEMENT_ORIGIN => "standard_form",
 	        PARAM_SETTLEMENT_FREE_PARAMS => $freeParams
 	    ];
-	    	    
+	    	
+	    if($this -> checkingDetails){
+	        $checkDetailParams = [
+	            PARAM_CHECK_DETAILS => $this -> checkingDetails,
+	            PARAM_CHECK_FNAME => $this -> checkFirstName,
+	            PARAM_CHECK_LNAME => $this -> checkLastName,
+	            PARAM_CHECK_DOB => $this -> checkDateOfBirth,
+	            PARAM_CHECK_EMAIL => $this -> checkEmail
+	        ];
+	        
+	        $settlementPayload = array_merge($settlementPayload, $checkDetailParams);
+	    }
+	    
 	    $jwtPayload = [
 	        "purpose" => "PaymentAPI",
 	        "created" => date("Y-m-d H:i:s"),
@@ -604,6 +640,7 @@ class SettlementModelClass extends ModelClassEx {
 	    $formData = json_decode(base64_decode($this -> getColumnData($this -> settleForm, "form_data")), true);
 	    
 	    $freeParams   = $this -> getColumnData($formData, PARAM_SETTLEMENT_FREE_PARAMS);
+
 	    foreach(array_keys($freeParams) as $optParamName){
 	        if(isset($_POST[$optParamName])){
 	            $value = NO_STRING;
@@ -625,6 +662,42 @@ class SettlementModelClass extends ModelClassEx {
 	    }
 	}
 	
+	private function evaluateImportantDetails(){
+	    $invalidRemarks = [];
+	    
+	    $formData = json_decode(base64_decode($this -> getColumnData($this -> settleForm, "form_data")), true);
+	    
+	    // restoring the values for final checking
+	    $this -> checkingDetails   = $this -> getColumnData($formData, PARAM_CHECK_DETAILS);
+	    $this -> checkFirstName    = $this -> getColumnData($formData, PARAM_CHECK_FNAME);
+	    $this -> checkLastName     = $this -> getColumnData($formData, PARAM_CHECK_LNAME);
+	    $this -> checkDateOfBirth  = $this -> getColumnData($formData, PARAM_CHECK_DOB);
+	    $this -> checkEmail        = $this -> getColumnData($formData, PARAM_CHECK_EMAIL);
+	    
+	    $this -> checkingDetails      = filter_var($this -> checkingDetails, FILTER_VALIDATE_BOOLEAN);
+	    
+	    if($this -> checkingDetails){
+	        $fromDetails = $this -> getRowData($this -> getAccountCommon($this -> fromAccount));
+	        
+	        $toEvaluate = [
+	            [$this -> checkFirstName, PARAM_FIRST_NAME, "E_ERROR_UNMATCHED_FIRST_NAME"],
+	            [$this -> checkLastName, PARAM_LAST_NAME, "E_ERROR_UNMATCHED_LAST_NAME"],
+	            [$this -> checkDateOfBirth, PARAM_BIRTH_STRING, "E_ERROR_UNMATCHED_DATE_OF_BIRTH"],
+	            [$this -> checkEmail, PARAM_MAIL, "E_ERROR_UNMATCHED_EMAIL"]
+	        ];
+	        
+	        foreach($toEvaluate as $data){
+	            if($data[0] !== $this -> getColumnData($fromDetails, $data[1]))
+	                $invalidRemarks[] = $this -> getMessage(ERROR, $data[2], []);
+	        }
+	        
+	        if(count($invalidRemarks))
+	            return $invalidRemarks;
+	    }
+	    
+	    return true;
+	}
+	
 	/*-------------------------------------------------------------------------
 	* @function_name: サーバ側データチェック
 	* @parameter	: なし

--- a/system/lib/core/post_keys.php
+++ b/system/lib/core/post_keys.php
@@ -339,6 +339,11 @@ define('PARAM_AMOUNT_TYPE', 'amount_type');
 define('PARAM_NEW_PW', 'new_pw');
 define('PARAM_NEW_PW2', 'new_pw2');
 define('PARAM_ID', 'id');
+define('PARAM_CHECK_DETAILS', 'check_details');
+define('PARAM_CHECK_FNAME', 'check_first_name');
+define('PARAM_CHECK_LNAME', 'check_last_name');
+define('PARAM_CHECK_DOB', 'check_date_of_birth');
+define('PARAM_CHECK_EMAIL', 'check_email');
 define('PARAM_EXCHANGE_FROM_BALANCE', 'from_balance');
 define('PARAM_EXCHANGE_TO_BALANCE', 'to_balance');
 define('PARAM_FROM_FEE', 'from_fee');

--- a/system/lib/message.xml
+++ b/system/lib/message.xml
@@ -408,6 +408,19 @@
 		<E_ERROR_STRING_LENGTH_ANY_2>
 			__MEGELM01__の長さは、最大__MEGELM02__文字です。
 		</E_ERROR_STRING_LENGTH_ANY_2>
+		<E_ERROR_UNMATCHED_FIRST_NAME>
+			名は合いません
+		</E_ERROR_UNMATCHED_FIRST_NAME>
+		<E_ERROR_UNMATCHED_LAST_NAME>
+			姓は合いません
+		</E_ERROR_UNMATCHED_LAST_NAME>
+		<E_ERROR_UNMATCHED_DATE_OF_BIRTH>
+			生年月日は合いません
+		</E_ERROR_UNMATCHED_DATE_OF_BIRTH>
+		<E_ERROR_UNMATCHED_EMAIL>
+			メールは合いません
+		</E_ERROR_UNMATCHED_EMAIL>
+

 		<E_LIMIT_DEPOSIT_SOME_TIMES_1_HOUR>
 			お客様は、既に入金回数上限を超えています。しばらく時間をおいてお試しください。

--- a/system/lib/message_en.xml
+++ b/system/lib/message_en.xml
@@ -411,6 +411,18 @@
 		<E_ERROR_STRING_LENGTH_ANY_2>
 			In __MEGELM01__ field, input should be within __MEGELM02__ characters in length.
 		</E_ERROR_STRING_LENGTH_ANY_2>
+		<E_ERROR_UNMATCHED_FIRST_NAME>
+			First name didn't match
+		</E_ERROR_UNMATCHED_FIRST_NAME>
+		<E_ERROR_UNMATCHED_LAST_NAME>
+			Last name didn't match
+		</E_ERROR_UNMATCHED_LAST_NAME>
+		<E_ERROR_UNMATCHED_DATE_OF_BIRTH>
+			Date of Birth didn't match
+		</E_ERROR_UNMATCHED_DATE_OF_BIRTH>
+		<E_ERROR_UNMATCHED_EMAIL>
+			Email didn't match
+		</E_ERROR_UNMATCHED_EMAIL>




--- a/system/lib/message_id.xml
+++ b/system/lib/message_id.xml
@@ -190,6 +190,19 @@
 		<E_ERROR_STRING_LENGTH_ANY>
 			__MEGELM01__ panjangnya sama dengan __MEGELM02__～__MEGELM03__ karakter.
 		</E_ERROR_STRING_LENGTH_ANY>
+		<E_ERROR_UNMATCHED_FIRST_NAME>
+			First name didn't match
+		</E_ERROR_UNMATCHED_FIRST_NAME>
+		<E_ERROR_UNMATCHED_LAST_NAME>
+			Last name didn't match
+		</E_ERROR_UNMATCHED_LAST_NAME>
+		<E_ERROR_UNMATCHED_DATE_OF_BIRTH>
+			Date of Birth didn't match
+		</E_ERROR_UNMATCHED_DATE_OF_BIRTH>
+		<E_ERROR_UNMATCHED_EMAIL>
+			Email didn't match
+		</E_ERROR_UNMATCHED_EMAIL>
+		
 		<E_ERROR_LOGIN_FAIL_COUNT>
 			Jumlah gagal masuk melebihi standar sistem. Tidak dapat masuk kembali dalam waktu 24 jam.
 		</E_ERROR_LOGIN_FAIL_COUNT>

--- a/system/lib/message_sc.xml
+++ b/system/lib/message_sc.xml
@@ -196,6 +196,19 @@
 		<E_ERROR_STRING_LENGTH_ANY>
 			__MEGELM01__内容需为__MEGELM02__～__MEGELM03__个字符以内。
 		</E_ERROR_STRING_LENGTH_ANY>
+		<E_ERROR_UNMATCHED_FIRST_NAME>
+			First name didn't match
+		</E_ERROR_UNMATCHED_FIRST_NAME>
+		<E_ERROR_UNMATCHED_LAST_NAME>
+			Last name didn't match
+		</E_ERROR_UNMATCHED_LAST_NAME>
+		<E_ERROR_UNMATCHED_DATE_OF_BIRTH>
+			Date of Birth didn't match
+		</E_ERROR_UNMATCHED_DATE_OF_BIRTH>
+		<E_ERROR_UNMATCHED_EMAIL>
+			Email didn't match
+		</E_ERROR_UNMATCHED_EMAIL>
+		
 		<E_ERROR_LOGIN_FAIL_COUNT>
 			错误次数超过上限。账户锁定24小时。
 		</E_ERROR_LOGIN_FAIL_COUNT>

--- a/system/lib/message_tc.xml
+++ b/system/lib/message_tc.xml
@@ -196,6 +196,19 @@
 		<E_ERROR_STRING_LENGTH_ANY>
 		__MEGELM01__長度需為__MEGELM02__～__MEGELM03__個字符以内。
 		</E_ERROR_STRING_LENGTH_ANY>
+		<E_ERROR_UNMATCHED_FIRST_NAME>
+			First name didn't match
+		</E_ERROR_UNMATCHED_FIRST_NAME>
+		<E_ERROR_UNMATCHED_LAST_NAME>
+			Last name didn't match
+		</E_ERROR_UNMATCHED_LAST_NAME>
+		<E_ERROR_UNMATCHED_DATE_OF_BIRTH>
+			Date of Birth didn't match
+		</E_ERROR_UNMATCHED_DATE_OF_BIRTH>
+		<E_ERROR_UNMATCHED_EMAIL>
+			Email didn't match
+		</E_ERROR_UNMATCHED_EMAIL>
+		
 		<E_ERROR_LOGIN_FAIL_COUNT>
 			錯誤次數超過上限。帳戶鎖定24小時。
 		</E_ERROR_LOGIN_FAIL_COUNT>