PageRenderTime 47ms CodeModel.GetById 21ms RepoModel.GetById 1ms app.codeStats 0ms

/catalog/model/fraud/fraudlabspro.php

https://gitlab.com/hazelnuts23/unitedfoodstuff
PHP | 156 lines | 126 code | 24 blank | 6 comment | 18 complexity | c09a24e395555b6b555b3186ad0991ca MD5 | raw file
    

  1. <?php
    2. 

  2. class ModelFraudFraudLabsPro extends Model {
    3. 

  3. 	public function check($data) {
    4. 

  4. 		// Do not performat fraud check if FraudLabs Pro is disabled or API key is not provided.
    5. 

  5. 		if (!$this->config->get('fraudlabspro_status') ||!$this->config->get('fraudlabspro_key')) {
    6. 

  6. 			return;
    7. 

  7. 		}
    8. 

  8. 

  9. 		$risk_score = 0;
    10. 

  10. 

  11. 		$query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "fraudlabspro` WHERE order_id = '" . (int)$data['order_id'] . "'");
    12. 

  12. 

  13. 		// Do not call FraudLabs Pro API if order is already screened.
    14. 

  14. 		if ($query->num_rows) {
    15. 

  15. 			return;
    16. 

  16. 		}
    17. 

  17. 

  18. 		$ip = $_SERVER['REMOTE_ADDR'];
    19. 

  19. 

  20. 		// Detect client IP is store is behind CloudFlare protection.
    21. 

  21. 		if(isset($_SERVER['HTTP_CF_CONNECTING_IP']) && filter_var($_SERVER['HTTP_CF_CONNECTING_IP'], FILTER_VALIDATE_IP)){
    22. 

  22. 			$ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
    23. 

  23. 		}
    24. 

  24. 

  25. 		// Get real client IP is they are behind proxy server.
    26. 

  26. 		if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && filter_var($_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP)){
    27. 

  27. 			$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    28. 

  28. 		}
    29. 

  29. 

  30. 		// Overwrite client IP if simulate IP is provided.
    31. 

  31. 		if (filter_var($this->config->get('fraudlabspro_simulate_ip'), FILTER_VALIDATE_IP)) {
    32. 

  32. 			$ip = $this->config->get('fraudlabspro_simulate_ip');
    33. 

  33. 		}
    34. 

  34. 

  35. 		$request['key'] = $this->config->get('fraudlabspro_key');
    36. 

  36. 		$request['ip'] = $ip;
    37. 

  37. 		$request['bill_city'] = $data['payment_city'];
    38. 

  38. 		$request['bill_state'] = $data['payment_zone'];
    39. 

  39. 		$request['bill_country'] = $data['payment_iso_code_2'];
    40. 

  40. 		$request['bill_zip_code'] = $data['payment_postcode'];
    41. 

  41. 		$request['email_domain'] = utf8_substr(strrchr($data['email'], '@'), 1);
    42. 

  42. 		$request['user_phone'] = $data['telephone'];
    43. 

  43. 

  44. 		if ($data['shipping_method']) {
    45. 

  45. 			$request['ship_addr'] = $data['shipping_address_1'];
    46. 

  46. 			$request['ship_city'] = $data['shipping_city'];
    47. 

  47. 			$request['ship_state'] = $data['shipping_zone'];
    48. 

  48. 			$request['ship_zip_code'] = $data['shipping_postcode'];
    49. 

  49. 			$request['ship_country'] = $data['shipping_iso_code_2'];
    50. 

  50. 		}
    51. 

  51. 

  52. 		$request['email_hash'] = $this->hashIt($data['email']);
    53. 

  53. 		$request['amount'] = $this->currency->format($data['total'], $data['currency_code'], $data['currency_value'], false);
    54. 

  54. 		$request['quantity'] = 1;
    55. 

  55. 		$request['currency'] = $data['currency_code'];
    56. 

  56. 		$request['user_order_id'] = $data['order_id'];
    57. 

  57. 		$request['format'] = 'json';
    58. 

  58. 

  59. 		$curl = curl_init();
    60. 

  60. 		curl_setopt($curl, CURLOPT_URL, 'https://api.fraudlabspro.com/v1/order/screen?' . http_build_query($request));
    61. 

  61. 		curl_setopt($curl, CURLOPT_HEADER, 0);
    62. 

  62. 		curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
    63. 

  63. 		curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    64. 

  64. 		curl_setopt($curl, CURLOPT_FORBID_REUSE, 1);
    65. 

  65. 		curl_setopt($curl, CURLOPT_FRESH_CONNECT, 1);
    66. 

  66. 

  67. 		$response = curl_exec($curl);
    68. 

  68. 

  69. 		curl_close($curl);
    70. 

  70. 

  71. 		$risk_score = 0;
    72. 

  72. 

  73. 		if (is_null($json = json_decode($response)) === FALSE) {
    74. 

  74. 			$this->db->query("REPLACE INTO `" . DB_PREFIX . "fraudlabspro` SET order_id = '" . (int)$data['order_id'] . "',
    75. 

  75. 				is_country_match = '" . $this->db->escape($json->is_country_match) . "',
    76. 

  76. 				is_high_risk_country = '" . $this->db->escape($json->is_high_risk_country) . "',
    77. 

  77. 				distance_in_km = '" . $this->db->escape($json->distance_in_km) . "',
    78. 

  78. 				distance_in_mile = '" . $this->db->escape($json->distance_in_mile) . "',
    79. 

  79. 				ip_country = '" . $this->db->escape($json->ip_country) . "',
    80. 

  80. 				ip_region = '" . $this->db->escape($json->ip_region) . "',
    81. 

  81. 				ip_city = '" . $this->db->escape($json->ip_city) . "',
    82. 

  82. 				ip_continent = '" . $this->db->escape($json->ip_continent) . "',
    83. 

  83. 				ip_latitude = '" . $this->db->escape($json->ip_latitude) . "',
    84. 

  84. 				ip_longitude = '" . $this->db->escape($json->ip_longitude) . "',
    85. 

  85. 				ip_timezone = '" . $this->db->escape($json->ip_timezone) . "',
    86. 

  86. 				ip_elevation = '" . $this->db->escape($json->ip_elevation) . "',
    87. 

  87. 				ip_domain = '" . $this->db->escape($json->ip_domain) . "',
    88. 

  88. 				ip_mobile_mnc = '" . $this->db->escape($json->ip_mobile_mnc) . "',
    89. 

  89. 				ip_mobile_mcc = '" . $this->db->escape($json->ip_mobile_mcc) . "',
    90. 

  90. 				ip_mobile_brand = '" . $this->db->escape($json->ip_mobile_brand) . "',
    91. 

  91. 				ip_netspeed = '" . $this->db->escape($json->ip_netspeed) . "',
    92. 

  92. 				ip_isp_name = '" . $this->db->escape($json->ip_isp_name) . "',
    93. 

  93. 				ip_usage_type = '" . $this->db->escape($json->ip_usage_type) . "',
    94. 

  94. 				is_free_email = '" . $this->db->escape($json->is_free_email) . "',
    95. 

  95. 				is_new_domain_name = '" . $this->db->escape($json->is_new_domain_name) . "',
    96. 

  96. 				is_proxy_ip_address = '" . $this->db->escape($json->is_proxy_ip_address) . "',
    97. 

  97. 				is_bin_found = '" . $this->db->escape($json->is_bin_found) . "',
    98. 

  98. 				is_bin_country_match = '" . $this->db->escape($json->is_bin_country_match) . "',
    99. 

  99. 				is_bin_name_match = '" . $this->db->escape($json->is_bin_name_match) . "',
    100. 

  100. 				is_bin_phone_match = '" . $this->db->escape($json->is_bin_phone_match) . "',
    101. 

  101. 				is_bin_prepaid = '" . $this->db->escape($json->is_bin_prepaid) . "',
    102. 

  102. 				is_address_ship_forward = '" . $this->db->escape($json->is_address_ship_forward) . "',
    103. 

  103. 				is_bill_ship_city_match = '" . $this->db->escape($json->is_bill_ship_city_match) . "',
    104. 

  104. 				is_bill_ship_state_match = '" . $this->db->escape($json->is_bill_ship_state_match) . "',
    105. 

  105. 				is_bill_ship_country_match = '" . $this->db->escape($json->is_bill_ship_country_match) . "',
    106. 

  106. 				is_bill_ship_postal_match = '" . $this->db->escape($json->is_bill_ship_postal_match) . "',
    107. 

  107. 				is_ip_blacklist = '" . $this->db->escape($json->is_ip_blacklist) . "',
    108. 

  108. 				is_email_blacklist = '" . $this->db->escape($json->is_email_blacklist) . "',
    109. 

  109. 				is_credit_card_blacklist = '" . $this->db->escape($json->is_credit_card_blacklist) . "',
    110. 

  110. 				is_device_blacklist = '" . $this->db->escape($json->is_device_blacklist) . "',
    111. 

  111. 				is_user_blacklist = '" . $this->db->escape($json->is_user_blacklist) . "',
    112. 

  112. 				fraudlabspro_score = '" . $this->db->escape($json->fraudlabspro_score) . "',
    113. 

  113. 				fraudlabspro_distribution = '" . $this->db->escape($json->fraudlabspro_distribution) . "',
    114. 

  114. 				fraudlabspro_status = '" . $this->db->escape($json->fraudlabspro_status) . "',
    115. 

  115. 				fraudlabspro_id = '" . $this->db->escape($json->fraudlabspro_id) . "',
    116. 

  116. 				fraudlabspro_error = '" . $this->db->escape($json->fraudlabspro_error_code) . "',
    117. 

  117. 				fraudlabspro_message = '" . $this->db->escape($json->fraudlabspro_message) . "',
    118. 

  118. 				fraudlabspro_credits = '" .  $this->db->escape($json->fraudlabspro_credits) . "',
    119. 

  119. 				api_key = '" .  $this->config->get('fraudlabspro_key') . "',
    120. 

  120. 				ip_address = '" .  $ip . "'"
    121. 

  121. 			);
    122. 

  122. 

  123. 			$risk_score = (int)$json->fraudlabspro_score;
    124. 

  124. 		}
    125. 

  125. 

  126. 		// Do not perform any action if error found
    127. 

  127. 		if ($json->fraudlabspro_error_code) {
    128. 

  128. 			return;
    129. 

  129. 		}
    130. 

  130. 

  131. 		if ($risk_score > $this->config->get('fraudlabspro_score')) {
    132. 

  132. 			return $this->config->get('fraudlabspro_order_status_id');
    133. 

  133. 		}
    134. 

  134. 

  135. 		if ($json->fraudlabspro_status == 'REVIEW') {
    136. 

  136. 			return $this->config->get('fraudlabspro_review_status_id');
    137. 

  137. 		}
    138. 

  138. 

  139. 		if ($json->fraudlabspro_status == 'APPROVE') {
    140. 

  140. 			return $this->config->get('fraudlabspro_approve_status_id');
    141. 

  141. 		}
    142. 

  142. 

  143. 		if ($json->fraudlabspro_status == 'REJECT') {
    144. 

  144. 			return $this->config->get('fraudlabspro_reject_status_id');
    145. 

  145. 		}
    146. 

  146. 	}
    147. 

  147. 

  148. 	private function hashIt($s) {
    149. 

  149. 		$hash = 'fraudlabspro_' . $s;
    150. 

  150. 

  151. 		for ($i = 0; $i < 65536; $i++)
    152. 

  152. 			$hash = sha1('fraudlabspro_' . $hash);
    153. 

  153. 

  154. 		return $hash;
    155. 

  155. 	}
    156. 

  156. }
    157.