Index: uc_worldpay.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/uc_worldpay/uc_worldpay.module,v
retrieving revision 1.2
diff -u -p -r1.2 uc_worldpay.module
--- uc_worldpay.module	5 Dec 2008 18:28:29 -0000	1.2
+++ uc_worldpay.module	24 Jul 2009 11:43:27 -0000
@@ -7,12 +7,12 @@
  *
  * Original development sponsored by www.catorg.co.uk.
  */
-
+DEFINE('UC_WORLDPAY_CALLBACK_URL', 'cart/worldpay/complete');
 /**
  * Implementation of hook_menu().
  */
 function uc_worldpay_menu() {
-  $items['cart/worldpay/complete'] = array(
+  $items[UC_WORLDPAY_CALLBACK_URL] = array(
     'title' => t('Order complete'),
     'page callback' => 'uc_worldpay_complete',
     'access arguments' => array('access content'),
@@ -42,13 +42,14 @@ function uc_worldpay_payment_method() { 
 
 function theme_uc_worldpay_cards() {
   $image_path = drupal_get_path('module', 'uc_worldpay') .'/images/';
-  $title = variable_get('uc_worldpay_method_title', t('Worldpay'));
-  $output = theme('image', $image_path .'worldpay.png', $title .': ', $title, array('style' => 'position:relative; top:6px;'));
+  $title = t('Powered by RBS Worldpay');
+  /* Use new logo - can be downloaded from http://www.rbsworldpay.com/images/cardlogos/poweredByRBSWorldPay.gif */
+  $output = theme('image', $image_path .'poweredByRBSWorldPay.gif', $title, $title, array('style' => 'position:relative; top:6px;'));
 
   $card_types = variable_get('uc_worldpay_payment_methods', array('visa', 'electron', 'mastercard', 'maestro', 'switch', 'solo'));
   foreach ($card_types as $card => $title) {
     if ($title != "0") {
-      $output .= theme('image', $image_path . $card .'.gif', '', '', array('style' => 'position:relative; top:5px; margin-right:4px;'));
+      $output .= theme('image', $image_path . $card .'.gif', $title, $title, array('style' => 'position:relative; top:5px; margin-right:4px;'));
     }
   }
 
@@ -71,7 +72,7 @@ function uc_payment_method_worldpay($op,
         '#prefix' => '<div class="help">',
         '#value' => t('<h4><strong>Installation instructions</strong></h4>
           <p>For this module to work properly you must configure a few specific options in your Worldpay account under <em>Installation Administration</em> settings:</p>
-          <ul><li><strong>Payment Response URL</strong> should be set to: %response_url</li>
+          <ul><li><strong>Payment Response URL</strong> should be set to: %response_url <em>OR</em> should be set to &lt;wpdisplay item=MC_callback&gt; which allows multiple sites to use the same worldpay account</li>
           <li><strong>Payment Response enabled?</strong> should be <em>enabled</em></li>
           <li><strong>Enable the Shopper Response</strong> should be <em>enabled</em> to get the Ubercart response page (optional)',
           array('%response_url' => url('cart/worldpay/complete', array()))),
@@ -111,7 +112,8 @@ function uc_payment_method_worldpay($op,
           'electron' => t('Visa Electron'),
           'mastercard' => t('Mastercard'),
           'maestro' => t('Maestro'),
-          'switch' => t('Switch'), 
+          /* Switch no longer exsits
+           * 'switch' => t('Switch'), */
           'solo' => t('Solo'),
           'amex' => t('Amex'),
           'diners' => t('Diners'),
@@ -166,6 +168,23 @@ function uc_payment_method_worldpay($op,
         '#maxlength' => 6,
         '#default_value' => variable_get('uc_worldpay_lang', 'en-GB'),
       );
+      $form['payment_parameters']['uc_worldpay_md5'] = array(
+        '#type' => 'textfield',
+        '#title' => t('Worldpay MD5 secret'),
+        '#description' => t('WorldPay MD5 Secret. This can be used to secure your worldpay account so only your server can send transactions to Worldpay. This needs to be configured on your Worldpay account first.'),
+        '#size' => 20,
+        '#maxlength' => 255,
+        '#default_value' => variable_get('uc_worldpay_md5', ''),
+      );
+      //Auth valid to
+      $wp_minutes = array(0,5,10,15,30,60);
+      $form['payment_parameters']['uc_worldpay_min_valid'] = array(
+        '#type' => 'select',
+        '#title' => t('Worldpay number of minutes valid'),
+        '#default_value' => variable_get('uc_worldpay_min_valid', '0'),
+        '#options' => $wp_minutes,
+        '#description' => t('WorldPay Auth Valid to. Set the number of minutes the current transaction is valid for. 0 leaves this unset'),
+      );
       return $form;
   }
 }
@@ -197,6 +216,8 @@ function uc_worldpay_form_alter(&$form, 
         );
       }
 
+      $callback_url = url(UC_WORLDPAY_CALLBACK_URL,array('absolute' => TRUE));
+
       $data += array(
         'instId' => variable_get('uc_worldpay_sid', ''),
         'amount' => uc_currency_format($order->order_total, FALSE, FALSE, '.'),
@@ -214,6 +235,7 @@ function uc_worldpay_form_alter(&$form, 
         'M_uc_cart_id' => uc_cart_get_id(),
         'lang' => variable_get('uc_worldpay_lang', 'en-GB'),
         'M_http_host' => $_SERVER['HTTP_HOST'],
+        'MC_callback' => $callback_url,
       );
 
       if (variable_get('uc_worldpay_desc', FALSE)) {
@@ -234,6 +256,22 @@ function uc_worldpay_form_alter(&$form, 
         );
       }
 
+      $worldpay_md5 = variable_get('uc_worldpay_md5', '');
+      if (drupal_strlen($worldpay_md5) > 0) {
+        $data += array(
+          'signatureFields' => "currency:cartId:amount",
+          'signature' => md5($worldpay_md5 .':'. $data['currency'] .':'. $data['cartId'] .":". $data['amount']),
+        );
+      }
+
+      $worldpay_min_valid = variable_get('uc_worldpay_min_valid', 0);
+      if ($worldpay_min_valid > 0) {
+        // valid to time in milliseconds in standard unix time
+        $data += array(
+          'authValidTo' => (time() + ($worldpay_min_valid * 60)) * 1000,
+        );
+      }
+
       foreach ($data as $name => $value) {
         $form[$name] = array(
           '#type' => 'hidden',
@@ -260,70 +298,82 @@ function uc_worldpay_complete($cart_id =
   $card_type = $_POST['cardType'];
   $uc_cart_id = $_POST['M_uc_cart_id'];
 
-  // Stop orders being processed for orders from different hosts.
-  if ($_SERVER['HTTP_HOST'] != $_POST['M_http_host']) {
-    print t('There was an error with the transaction. The host did not match.');
-    exit();
-  }
+  global $base_url;
+  drupal_set_html_head("<base href=\"$base_url/\" />\n");
 
-  // Log a new order notification to watchdog.
-  $log_entry = t('New order notification for order !order_id.', array('!order_id' => $cart_id));
-  $message = t('Returned parameters: <pre>!post</pre>', array('!post' => print_r($_POST, TRUE)));
-
-  // If debug mode is set appropriately, append the returned parameters to the log entry.
-  $debug = variable_get('uc_worldpay_debug', 'log');
-  if ($debug == 'log' || $debug == 'both') {
-    $log_entry .= '<br/>'. $message;
-  }
-  watchdog('uc_worldpay', $log_entry);
-
-  // If debug mode is set appropriately, print the returned parameters to the screen.
-  if ($debug == 'screen' || $debug == 'both') {
-    $output .= $message;
-  }
-
-  // If the order could not be loaded print an error message and exit.
-  if (!$order = uc_order_load($cart_id)) {
-    print t('The order could not be found and this transaction cannot continue.');
-    exit();
-  }
+  // Run a reverse DNS lookup on the IP Address the callback is coming from and verify it is from Worldpay
+  $ip = $_SERVER['REMOTE_ADDR'];
+  $fullhost = gethostbyaddr($ip);
+  $host = preg_replace("/^[^.]+./", "*.", $fullhost);
+  if ($host == '*.worldpay.com' || $host == '*.outbound.wp3.rbsworldpay.com') {
+    // Stop orders being processed for orders from different hosts.
+    if ($_SERVER['HTTP_HOST'] != $_POST['M_http_host']) {
+      $output = t('There was an error with the transaction. The host did not match.');
+    }
+    else {
+      // Log a new order notification to watchdog.
+      $log_entry = t('New order notification for order !order_id.', array('!order_id' => $cart_id));
+      $message = t('Returned parameters: <pre>!post</pre>', array('!post' => print_r($_POST, TRUE)));
+
+      // If debug mode is set appropriately, append the returned parameters to the log entry.
+      $debug = variable_get('uc_worldpay_debug', 'log');
+      if ($debug == 'log' || $debug == 'both') {
+        $log_entry .= '<br/>'. $message;
+      }
+      watchdog('uc_worldpay', $log_entry);
 
-  // If the status of the order is not 'in_checkout' print an error and exit.
-  if (uc_order_status_data($order->order_status, 'state') != 'in_checkout') {
-    print t('An error has occurred during payment.  Please contact us to ensure your order has submitted.');
-    exit();
-  }
+      // If debug mode is set appropriately, print the returned parameters to the screen.
+      if ($debug == 'screen' || $debug == 'both') {
+        $output .= $message;
+      }
 
-  if (is_numeric($amount)) {
-    switch ($trans_status) {
-      case 'Y':
-        $output .= t('Your order is complete and payment has been confirmed.');
-        $comment = t('Paid by !type, Worldpay order #!order.', array('!type' => $card_type , '!order' => $cart_id));
-        uc_payment_enter($order->order_id, 'Worldpay', $amount, 0, NULL, $comment);
-        break;
-      case 'C':
-        $output .= t('Your order has been cancelled.');
-        drupal_set_message(t('Your order has been cancelled.'));
-        uc_order_comment_save($order->order_id, 0, t('Payment cancelled by user.'), 'admin');
-        print $output;
-        exit();
-        break;
-      default:
-        $output .= t('Your order is pending.');
-        drupal_set_message(t('Your order will be processed as soon as your payment clears at Worldpay.'));
-        uc_order_comment_save($order->order_id, 0, t('!type payment is pending approval at Worldpay.', array('!type' => $card_type)), 'admin');
-        break;
+      // If the order could not be loaded print an error message and exit.
+      if (!$order = uc_order_load($cart_id)) {
+        $output .= t('The order could not be found and this transaction cannot continue.');
+      }
+      else {
+      // If the status of the order is not 'in_checkout' print an error and exit.
+        if (uc_order_status_data($order->order_status, 'state') != 'in_checkout') {
+          $output .= t('An error has occurred during payment.  Please contact us to ensure your order has submitted.');
+        }
+        else {
+
+          if (is_numeric($amount)) {
+            switch ($trans_status) {
+              case 'Y':
+                $output .= t('Your order is complete and payment has been confirmed.');
+                $comment = t('Paid by !type, Worldpay order #!order.', array('!type' => $card_type , '!order' => $cart_id));
+                uc_payment_enter($order->order_id, 'Worldpay', $amount, 0, NULL, $comment);
+                $output .= uc_cart_complete_sale($order);
+                // Add a comment to let sales team know this came in through the site.
+                uc_order_comment_save($order->order_id, 0, t('Order created through website.'), 'admin');
+                break;
+              case 'C':
+                $output .= t('Your order has been cancelled.');
+                drupal_set_message(t('Your order has been cancelled.'));
+                uc_order_comment_save($order->order_id, 0, t('Payment cancelled by user.'), 'admin');
+                break;
+              default:
+                $output .= t('Your order is pending.');
+                drupal_set_message(t('Your order will be processed as soon as your payment clears at Worldpay.'));
+                uc_order_comment_save($order->order_id, 0, t('!type payment is pending approval at Worldpay.', array('!type' => $card_type)), 'admin');
+                $output .= uc_cart_complete_sale($order);
+                // Add a comment to let sales team know this came in through the site.
+                uc_order_comment_save($order->order_id, 0, t('Order created through website.'), 'admin');
+                break;
+            }
+          }
+          uc_cart_empty($uc_cart_id);
+        }
+      }
     }
   }
-
-  $output .= uc_cart_complete_sale($order);
-  uc_cart_empty($uc_cart_id);
-
-  // Add a comment to let sales team know this came in through the site.
-  uc_order_comment_save($order->order_id, 0, t('Order created through website.'), 'admin');
-
-  print $output;
-  exit();
+  else {
+    //request not from a worldpay host
+    $output = t('There was an error with the transaction. We were unable to validate your request with the RBS WorldPay(tm) server.');
+  }
+  print theme('page', $output);
+  return;
 }
 
 /**