<%
' Copyright (C) 1998-2005 Cyberstrong Internet Services, Inc. All Rights Reserved
'
' This file has been seeded with unique information at point of sale and
' is traceable to its purchaser.
'
' Your license agreement forbids the removal of this notice.

%><!-- #include file="../lib/ginclude.asp" --><%

'
' CCAuth2.asp - Return from CC authorization gateway
'

Public Sub Main()
	Dim SQL, rs, FieldName, UseGateway
	Dim Result, Reason, AuthCode, ReturnValue, RedirectsAllowed
	
	' For debug only ...
	' Call DisplayFormFields()
	' Response.End
	
	' WorldPay and 2Checkout Version (Direct Response) call back in a way that
	' destroys our session and does not allow redirects to work.
	' Recover essential session variables from gateway form variables to continue.
	' NOTE: This really belongs in the gateway class, but with no session we cannot
	'       determine the identity of the calling gateway to invoke it's class.
	
	RedirectsAllowed = True ' Used in the following two special cases only...
	If (strIsEmpty(Session("OrderID"))) Then
		Select Case True
			Case Not strIsEmpty(Request.Form("MC_OrderID")) ' World Pay Junior
				Session("OrderID")             = CLng(Request.Form("MC_OrderID")) - cstOrderStartNo
				Session("PmtGatewayCalledBy")  = Request.Form("MC_PmtGatewayCalledBy")
				Session("PmtGatewayReceiptTo") = Request.Form("MC_PmtGatewayReceiptTo")
				RedirectsAllowed = False
				
 			Case Not strIsEmpty(Request.QueryString("TC_OrderID")) ' 2CheckOut Direct Method (Version 1)
 				Session("OrderID")             = CLng("0" & Request.QueryString("TC_OrderID")) - cstOrderStartNo
	   			Session("PmtGatewayCalledBy")  = Request.QueryString("TC_PmtGatewayCalledBy")
				Session("PmtGatewayReceiptTo") = Request.QueryString("TC_PmtGatewayReceiptTo")
				RedirectsAllowed = False
				
 			Case Not strIsEmpty(Request.Form("TC_OrderID")) ' 2CheckOut Direct Method (Version 2)
 				Session("OrderID")             = CLng("0" & GetFirstTCToken(Request.Form("TC_OrderID"))) - cstOrderStartNo
	   			Session("PmtGatewayCalledBy")  = GetFirstTCToken(Request.Form("TC_PmtGatewayCalledBy"))
				Session("PmtGatewayReceiptTo") = GetFirstTCToken(Request.Form("TC_PmtGatewayReceiptTo"))
				RedirectsAllowed = False
		End Select
	End If
	
	' Confirm no session timeout ...
	Call ConfirmSessionOk("PmtGatewayCalledBy")
	
	' Pick receipts data and preserve in session variables in the event
	' that we must redirect to another eShop running on this same domain.
	
	' For "GET" type receipts ...
	For Each FieldName in Request.QueryString
		' Note: Can't screen with GetURLValue() here because some gateways
		'       return restricted chars in response URL...
		Session("PmtGatewayReceipt-" & FieldName) = Request.QueryString(FieldName)
	Next
	
	' For "POST" type receipts ...
	For Each FieldName in Request.Form
		Session("PmtGatewayReceipt-" & FieldName) = Request.Form(FieldName)
	Next
	
	' VeriSign, and others, allow only a single receipt URL.
	' This code allows multiple eShop's to share the same CC gateway ...
	
	If (RedirectsAllowed) Then
		If (LCase(Session("PmtGatewayReceiptTo")) <> LCase(SecureURL("46CCAuth.asp"))) Then
			Response.Redirect(Session("PmtGatewayReceiptTo"))
		End If
	End If
	
	' Guarenteed to be in the correct eShop from here onward ...
	
	' Connect to the database ...
	Set Conn = dbOpen("rwl")
	
	set rs = Server.CreateObject("ADODB.Recordset")
	
	SQL = ""
	SQL = SQL & "SELECT * FROM Orders, Customers, PaymentMethods "
	SQL = SQL & "WHERE Orders.CustomerID = Customers.CustomerID  "
	SQL = SQL & "AND Orders.PaymentMethodDescription = PaymentMethods.PaymentMethod "
	SQL = SQL & "AND OrderId = " & CleanSQL(Session("OrderID"), "i")
	
	rs.Open SQL, Conn, adOpenKeyset, adLockOptimistic
	
	' Process return from payment gateway here.
	' Note: Some link-based gateways get this far on approval only,
	'       for declines they may require the customer to use the back
	'       button to try again.
	
	If (rs.RecordCount = 1) Then
		Set UseGateway = FeatureInstalled.Item("Payment Gateway:" & rs("PaymentGateway"))
		
		rs.Close
		Set rs = Nothing
		
		Call UseGateway.GetResult(Result, Reason, AuthCode)
		
		If (Result = pmtApproved) Then
			Set rs = Server.CreateObject("ADODB.Recordset")
			SQL = "SELECT * FROM Orders WHERE OrderID = " & CleanSQL(Session("OrderID"), "i")
			rs.Open SQL, Conn, adOpenKeyset, adLockOptimistic
			rs("CreditCardAuthorizationNumber") = AuthCode
			rs("CreditCardAuthorizationDate")   = Date()
			rs.Update
			
			' Call user exit on payment authorization ...
			Call UserExit(usrPmtAuthorized, Conn, _
				Session("OrderID"), _
				rs("PaymentAmount"), _
				rs, _
				ReturnValue)
				
			rs.Close : Set rs = Nothing
		End If
		
		dbClose(Conn)
		
		Call ReturnToCaller(Result, Reason, IIF(UseGateway.Supports(pmtNoRedirect), "l", "d"))
		
		Set UseGateway = Nothing
	Else
		dbClose(Conn)
		wl("CCAuth2.asp: Unexpected loss of order record.")
	End If
	
End Sub


' GetFirstTCToken() - Get first token from 2Checkout.com return.
'                   - For unknown reasons, 2Checkout returns some values duplicated
'                     and separated by commas.
'                   - Used only in this module.

Private Function GetFirstTCToken(ByVal argString)
	Dim TokenList
	
	TokenList = Split(argString & ",", ",")
	GetFirstTCToken = TokenList(0)
End Function


Call Main()

%>