diff --git a/cgi/procdonate.cgi b/cgi/procdonate.cgi
index eeff19b..578b529 100755
--- a/cgi/procdonate.cgi
+++ b/cgi/procdonate.cgi
@@ -1,1039 +1,1022 @@
#!/usr/bin/perl -T
# procdonate.cgi - Donation payment processor for gnupg.org
# Copyright (C) 2014 g10 Code GmbH
#
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
use strict;
#use CGI qw/:standard -debug/;
use CGI;
use Cwd qw(realpath);
use IO::Socket::UNIX;
realpath($0) =~ /^(.*)\/.*$/;
my %config = do $1 . '/config.rc';
my $baseurl = $config{baseurl};
my $htdocs = $config{htdocs};
my $stripepubkey = $config{stripepubkey};
my $socket_name = $config{payprocd_socket};
my $error_marker = '* error';
# The form variables are accessed via Q.
my $q = new CGI;
# This is a multi-purpose CGI. The mode decides what to do.
my $mode = $q->param("mode");
my $sessid = $q->param("sessid");
my $lang = $q->param("lang");
# Variables used in the template pages.
my $amount = "";
my $paytype = "";
my $stripeamount = "";
my $euroamount = "";
my $currency = "";
my $recur = "";
my $name = "";
my $mail = "";
my $message = "";
my $separef = "";
my $errorstr = "";
# We use a dictionary to track error. Those errors will then be
# inserted into the output by write_template.
my %errdict = ();
# Prototypes
sub fail ($);
sub get_paypal_approval ();
sub complete_sepa ();
# Write a template file. A template is a proper HTML file with
# variables enclosed in HTML comments. To allow inserting data into
# a value attribute of an input field, such a tag needs to be written as
#
# the result after processing will be
#
# assuming that the value of FOO is foo. Note that this substitution
# rules work for all tags and thus you better take care to add an
# extra space if you do not want this to happen.
sub write_template ($) {
my $fname = shift;
my $tname;
my $errorpanel = $errorstr;
my $err_amount = '';
my $err_name = '';
my $err_mail = '';
my $err_paytype = '';
my $check_checked = ' checked="checked"';
my $sel_eur = '';
my $sel_usd = '';
my $sel_gbp = '';
my $sel_jpy = '';
my $chk_amt500 = '';
my $chk_amt200 = '';
my $chk_amt100 = '';
my $chk_amt50 = '';
my $chk_amt20 = '';
my $chk_amt10 = '';
my $chk_amt5 = '';
my $chk_amtx = '';
my $amt_other = '';
my $recur_none = '';
my $recur_month = '';
my $recur_quarter = '';
my $recur_year = '';
my $recur_text = '';
my $message_fmt;
my $publishname;
my $check_paytype = 'none';
my $stripe_data_email = '';
my $stripe_data_label_value;
my $xamount;
my $stripelocale;
# Avoid broken HTML attributes.
$amount =~ s/\x22/\x27/g;
$stripeamount =~ s/\x22/\x27/g;
$currency =~ s/\x22/\x27/g;
$recur =~ s/\x22/\x27/g;
$name =~ s/\x22/\x27/g;
$mail =~ s/\x22/\x27/g;
$message =~ s/\x22/\x27/g;
$separef =~ s/\x22/\x27/g;
$lang =~ s/\x22/\x27/g;
# Clean possible user provided data
$sessid =~ s/\x26lt;/g;
$lang =~ s/\x26lt;/g;
$amount =~ s/\x26lt;/g;
$stripeamount =~ s/\x26lt;/g;
$currency =~ s/\x26lt;/g;
$recur =~ s/\x26lt;/g;
$name =~ s/\x26lt;/g;
$mail =~ s/\x26lt;/g;
$message =~ s/\x26lt;/g;
$separef =~ s/\x26lt;/g;
# No need to clean $euroamount.
# Check whether a translated template is available.
$tname = $htdocs . $fname;
$tname =~ s/\.html$/.$lang.html/;
if ( not -f $tname ) { $tname = $htdocs . $fname; }
# Create a formatted message.
$message_fmt = $message;
$message_fmt =~ s/\n/
/g;
# Check the currency and predefined amount.
if ( $currency =~ /EUR/i ) {
$sel_eur = ' selected="selected"';
- $xamount = int $amount;
- if ( $xamount == 5 ) {
- $chk_amt5 = $check_checked;
- } elsif ( $xamount == 10 ) {
- $chk_amt10 = $check_checked;
- } elsif ( $xamount = 20 ) {
- $chk_amt20 = $check_checked;
- } elsif ( $xamount == 50 ) {
- $chk_amt50 = $check_checked;
- } elsif ( $xamount == 100 ) {
- $chk_amt100 = $check_checked;
- } elsif ( $xamount == 200 ) {
- $chk_amt200 = $check_checked;
- } elsif ( $xamount == 500 ) {
- $chk_amt500 = $check_checked;
- } else {
- $chk_amtx = $check_checked;
- $amt_other = $amount;
- }
+ $chk_amtx = $check_checked;
+ $amt_other = $amount;
} elsif ( $currency =~ /USD/i ) {
$sel_usd = ' selected="selected"';
$chk_amtx = $check_checked;
$amt_other = $amount;
} elsif ( $currency =~ /GBP/i ) {
$sel_gbp = ' selected="selected"';
$chk_amtx = $check_checked;
$amt_other = $amount;
} elsif ( $currency =~ /JPY/i ) {
$sel_jpy = ' selected="selected"';
$chk_amtx = $check_checked;
$amt_other = $amount;
} else {
$chk_amtx = $check_checked;
$amt_other = $amount;
}
# For non-recurring Stripe donations we do not want to send a
# data-email="$mail"
# line to Stripe so to enable the user to use a a different mail
# address for use with them. This is implemented using a
# STRIPE_DATA_EMAIL template variable.
$stripe_data_email = 'data-email="' . $mail . '"';
if ( $recur =~ /0/ ) {
$stripe_data_email = '';
$recur_none = ' selected="selected"';
$recur_text = '';
if ($lang eq 'de') {
$stripe_data_label_value = 'Einmalig spenden';
} elsif ($lang eq 'ja') {
$stripe_data_label_value = '一回の寄付する';
} else {
$stripe_data_label_value = 'Make one-time donation';
}
} elsif ( $recur =~ /12/ ) {
$recur_month = ' selected="selected"';
if ($lang eq 'de') {
$recur_text = 'monatlich';
$stripe_data_label_value = 'Monatlich spenden';
} elsif ($lang eq 'ja') {
$recur_text = '毎月';
$stripe_data_label_value = '毎月寄付する';
} else {
$recur_text = 'monthly';
$stripe_data_label_value = 'Donate monthly';
}
} elsif ( $recur =~ /4/ ) {
$recur_quarter = ' selected="selected"';
if ($lang eq 'de') {
$recur_text = 'vierteljährlich';
$stripe_data_label_value = 'Vierteljährlich spenden';
} elsif ($lang eq 'ja') {
$recur_text = '3ヶ月毎';
$stripe_data_label_value = '3ヶ月毎に寄付する';
} else {
$recur_text = 'quarterly';
$stripe_data_label_value = 'Donate quarterly';
}
} elsif ( $recur =~ /1/ ) {
$recur_year = ' selected="selected"';
if ($lang eq 'de') {
$recur_text = 'jährlich';
$stripe_data_label_value = 'Jährlich spenden';
} elsif ($lang eq 'ja') {
$recur_text = '毎年';
$stripe_data_label_value = '毎年寄付する';
} else {
$recur_text = 'yearly';
$stripe_data_label_value = 'Donate yearly';
}
} else { # invalid
$stripe_data_label_value = '';
}
if ( $paytype eq "cc" ) {
$check_paytype = "CC";
} elsif ( $paytype eq "pp" ) {
$check_paytype = "PP";
} elsif ( $paytype eq "se" ) {
$check_paytype = "SE";
} elsif ( $paytype eq "bc" ) {
$check_paytype = "BC";
}
# Set var for the paypal button
if ( $name eq 'Anonymous' or $name eq '') {
$publishname = 'No';
} else {
$publishname = 'Yes';
}
# Set a specific locale.
if ($lang eq 'de') { $stripelocale = "de"; }
elsif ($lang eq 'ja') { $stripelocale = "ja"; }
elsif ($lang eq 'en') { $stripelocale = "en"; }
else { $stripelocale = "auto"; }
# Build error strings.
foreach (keys %errdict)
{
my $fieldname;
if ($lang eq 'de') { $fieldname = "Feld $_: "; }
elsif ($lang eq 'ja') { $fieldname = "欄 $_: "; }
else { $fieldname = "Field $_: "; }
if (/amount/) { $err_amount = $error_marker; }
elsif (/name/) { $err_name = $error_marker; }
elsif (/mail/) { $err_mail = $error_marker; }
elsif (/paytype/){ $err_paytype = $error_marker; }
$errorpanel = $errorpanel . $fieldname . $errdict{$_} . "
\n"
}
if ( $errorpanel ne '' )
{
$errorpanel =
"
\n" . $errorpanel . "
The system is currently processing too many requests.
' . 'Please retry later.
'; &write_template("donate/error.html"); } sub write_cancel_page () { print $q->header(-type=>'text/html', -charset=>'utf-8'); print "\n"; &write_template("donate/paypal-can.html"); } # Write an internal error page sub fail ($) { my $desc = shift; # FIXME: write the detailed error only to the log. print $q->header(-type=>'text/html', -charset=>'utf-8'); print "\n"; $errorstr = 'An internal error occured:
' . "$desc
"; write_template("donate/error.html"); exit 0; } # Write a the initial donation page. This is usallay done to show # errors. The page is intially shown as static page. sub write_main_page () { print $q->header(-type=>'text/html', -charset=>'utf-8'); print "\n"; write_template("donate/donate.html"); } # Write a page with all the data inserted. sub write_checkout_page () { print $q->header(-type=>'text/html', -charset=>'utf-8'); print "\n"; if ( $paytype eq "cc" ) { write_template("donate/checkout-cc.html"); } elsif ( $paytype eq "pp" ) { write_template("donate/checkout-pp.html"); } elsif ( $paytype eq "bc" ) { # For Bitcoins this is the final page write_template("donate/checkout-bc.html"); } else { # For SEPA this is the final page write_template("donate/checkout-se.html"); } } # Write the final thank you page. sub write_thanks_page () { print $q->header(-type=>'text/html', -charset=>'utf-8'); print "\n"; write_template("donate/donate-thanks.html"); } # Check the values entered at the donation page. Return true if # everything is alright. On error the donation page is send again. sub check_donation () { my %data; my %sepa; my $anyerr = 0; my $msg; $amount = $q->param("amount"); if ($amount eq 'other') { $amount = $q->param("amountother"); $currency = $q->param("currency"); } else { $currency = 'EUR'; } $recur = $q->param("recur"); $name = $q->param("name"); $name = 'Anonymous' if $name eq ''; $mail = $q->param("mail"); $message = $q->param("message"); $stripeamount = "0"; # Check the amount and the recurring value $data{"Amount"} = $amount; $data{"Currency"} = $currency; $data{"Recur"} = $recur; if (not payproc ('CHECKAMOUNT', \%data )) { $errdict{"amount"} = $data{"ERR_Description"}; $anyerr = 1; } $stripeamount = $data{"_amount"}; $amount = $data{"Amount"}; $recur = $data{"Recur"}; $currency = $data{"Currency"}; $euroamount = $data{"Euro"}; # Check that at least some Euros are given. Due to Stripe # processing fees and our own costs for bookkeeping we need to ask # for a minimum amount. if ( (not $anyerr) and ($euroamount < 4.00) ) { if ($lang eq 'de') { $msg= 'Um unsere Verwaltungskosten niedrig zu halten,' . 'können wir leider keine Spenden unter 4 Euro annehmen.'; } elsif ($lang eq 'ja') { $msg = '申し訳ありません。間接経費のため、4ユーロ未満の寄付' . 'は受け付けることができません。'; } else { $msg = 'Sorry, due to overhead costs we do' . ' not accept donations of less than 4 Euro.'; } $errdict{"amount"} = $msg; $anyerr = 1; } # Check the payment type $paytype = $q->param("paytype"); if ( $paytype eq "bc" ) { # No further checks - this is kind of a hack. } elsif ( $paytype ne "cc" and $paytype ne "pp" and $paytype ne "se" ) { if ($lang eq 'de') { $msg= 'Keine Zahlungsart angegeben.' . ' Bitte "Kreditkarte", "PayPal" oder "SEPA" auswählen.'; } elsif ($lang eq 'ja') { $msg= '支払い方式が選択されていません。' . '"クレジットカード", "PayPal", または "SEPA" が選択できます。'; } else { $msg= 'No payment type selected.' . ' Use "Credit Card", "PayPal", or "SEPA".'; } $errdict{"paytype"} = $msg; $anyerr = 1; } # SEPA credit transfers are only possible in Euro. # (yes, this may overwrite an earlier error message). if ( $paytype eq "se" and $currency ne "EUR" ) { $errdict{"amount"} = 'SEPA transfers are only possible in EUR.'; $anyerr = 1; } # Check the mail address if ($mail ne '' and $mail !~ /\S+@\S+\.\S+/ ) { $errdict{"mail"} = 'invalid mail address'; $anyerr = 1; } # If needed present errors and ask again. */ if ($anyerr) { write_main_page(); return; } # Now create a session. $data{"lang"} = $lang; $data{"Stripeamount"} = $stripeamount; $data{"Euroamount"} = $euroamount; $data{"Recur"} = $recur; $data{"Name"} = $name; $data{"Mail"} = $mail; $data{"Message"} = $message; $data{"Paytype"} = $paytype; payproc ('SESSION create', \%data ) or fail $data{"ERR_Description"}; $sessid = $data{"_SESSID"}; # Send the checkout page or redirect to paypal if ( $paytype eq "pp" ) { get_paypal_approval (); } elsif ( $paytype eq "se" ) { complete_sepa (); } else { write_checkout_page(); } } # This simply resends the main page again. sub resend_main_page () { my %data; payproc ('SESSION get ' . $sessid, \%data) or fail $data{"ERR_Description"}; # If the session has a lang value use that. if ($data{"lang"} ne '') { $lang = $data{"lang"}; } $amount = $data{"Amount"}; $currency = $data{"Currency"}; $recur = $data{"Recur"}; $paytype = $data{"Paytype"}; $stripeamount = $data{"Stripeamount"}; $euroamount = $data{"Euroamount"}; $name = $data{"Name"}; $mail = $data{"Mail"}; $message = $data{"Message"}; write_main_page(); } # This is called by FIXME sub complete_stripe_checkout () { my %data; my %stripe; my $recur; my $recur_text = ''; # fixme: Change the error message to note that the card has not # been charged. Somehow delete the token payproc ('SESSION get ' . $sessid, \%data) or fail $data{"ERR_Description"}; # If the session has a lang value use that. if ($data{"lang"} ne '') { $lang = $data{"lang"}; } # Do the checkout. $stripe{"Card-Token"} = $q->param("stripeToken"); $stripe{"Currency"} = $data{"Currency"}; $stripe{"Amount"} = $data{"Amount"}; $stripe{"Desc"} = "GnuPG donation by " . $data{"Name"} . " <" . $data{"Mail"} . ">"; $stripe{"Stmt-Desc"} = "GnuPG donation"; $stripe{"Email"} = $q->param("stripeEmail"); $stripe{"Recur"} = $data{"Recur"}; $stripe{"Meta[name]"} = $data{"Name"} unless $data{"Name"} eq 'Anonymous'; if ($data{"Mail"} ne $q->param("stripeEmail")) { $stripe{"Meta[mail]"} = $data{"Mail"}; } if ($data{"Message"} ne '') { $stripe{"Meta[message]"} = $data{"Message"}; } if (not payproc ('CHARGECARD', \%stripe)) { $errorstr = 'Error: ' . $stripe{"failure"} . '
' . $stripe{"failure-mesg"} . '
'; # Again. write_checkout_page (); return; } # Print thanks $recur = $stripe{"Recur"}; if ( $recur =~ /12/ ) { if ($lang eq 'de') { $recur_text = 'monatlich'; } elsif ($lang eq 'ja') { $recur_text = '毎月'; } else { $recur_text = 'Monthly'; } } elsif ( $recur =~ /4/ ) { if ($lang eq 'de') { $recur_text = 'vierteljährlich'; } elsif ($lang eq 'ja') { $recur_text = '3ヶ月毎'; } else { $recur_text = 'Quarterly'; } } elsif ( $recur =~ /1/ ) { if ($lang eq 'de') { $recur_text = 'jährlich'; } elsif ($lang eq 'ja') { $recur_text = '毎年'; } else { $recur_text = 'Yearly'; } } else { if ($lang eq 'de') { $recur_text = 'nein'; } elsif ($lang eq 'ja') { $recur_text = '一回だけ'; } else { $recur_text = 'Just once'; } } if ($lang eq 'de') { $message = <Error: ' . $request{"failure"} . '
' . $request{"failure-mesg"} . '
'; print $q->header(-type=>'text/html', -charset=>'utf-8'); print "\n"; write_template("donate/error.html"); return; } # Print thanks $message = <OK
\n"; } } # # Main # #print STDERR "CGI called with mode=$mode\n"; #print STDERR "CGI called with sessid=$sessid\n"; if ($q->param('url') ne '') { # If the URL field has been filled out, the client did not follow # the instructions and thus failed the Turing test. Provide an # innocent error page. write_overload_page () } elsif ($mode eq '') { # No mode: Show empty template. write_main_page(); } elsif ($mode eq 'preset') { # Show a a template with certain preset values. $currency = 'EUR'; $recur = '12'; $paytype = 'cc'; if ($q->param('plan') eq '12-5-eur' ) { $amount = '5'; } elsif ($q->param('plan') eq '12-10-eur' ) { $amount = '10'; } elsif ($q->param('plan') eq '12-20-eur' ) { $amount = '20'; } write_main_page(); } elsif ($mode eq 'ping') { # Check aliveness ping_pong(); } elsif ($mode eq 'main') { # Returning from the donation start page check_donation(); } elsif ($mode eq 're-main') { # Returning from the donation start page resend_main_page(); } elsif ($mode eq 'checkout-stripe') { # we have the stripe token - charge the card. complete_stripe_checkout(); } elsif ($mode eq 'cancel-paypal') { # Fixme: Destroy the alias of the session. write_cancel_page(); } elsif ($mode eq 'confirm-paypal') { # We have approval from Paypal - show the confirm checkout page. confirm_paypal_checkout(); } elsif ($mode eq 'checkout-paypal') { # The approved Paypal payment has been approved - charge. complete_paypal_checkout(); } elsif ($mode eq 'pong') { # Helper to test a script checking PING. fail "Error connecting to payprocd: Forced to fail"; } else { fail('Internal error: Unknown mode'); }