Custom Authorize.Net AIM api call for GravityForms

1. # use at your own risk :)
2.  
3. /**
4.  * E-COMM -- Custom Authorize.Net AIM api call for GravityForms
5.  *
6.  * GravityForms AuthorizeNet Add-on does NOT handle eChecks, so we bypass the add-on entirely for the API call, but keep it installed and activated, just to use it's Credit Card field on the form. We bypass it by enabling the Authorize.net Condition (in the GF Authorizet.net Feed settings), and creating a condition that should never happen (like: if Email = "disable-me@xyz.com").
7.  * Of course, modify the input/field/form IDs based on YOUR form.
8.  * This setup assumes your form has a field to allow the user to select a Payment Method: either "Credit Card" or "eCheck".
9.  */
10.  
11. add_action("gform_validation_6", "my_anet_aim", 10, 2); // Form-ID 6 only
12.  
13. function my_anet_aim($validation_result){  // already has $form
14.    
15.     # get Form object // only since hook is for Validation
16.     $form = $validation_result["form"];
17.  
18.     # AUTH-NET PHP SDK
19.     // require (TEMPLATEPATH.'/authorize-net/anet_php_sdk/AuthorizeNet.php');
20.     // This is ALREADY included by GravityForms AuthNet Add-on, just be activated (which we do for the nice credit-card field-group), even if the feed Condition blocks GF from sending the transaction. So we don't want to re-require it here.
21.    
22.     # CONFIG
23.         # todo secure these creds better!
24.         # todo change for prod
25.     define("AUTHORIZENET_API_LOGIN_ID", "xxxxxxxx"); // enter YOURS
26.     define("AUTHORIZENET_TRANSACTION_KEY", "xxxxxxxxxxx");  // enter YOURS
27.     define("AUTHORIZENET_SANDBOX", true); //dev: true
28.     define("TEST_REQUEST", "FALSE");  // You may want to set to true if testing against production
29.    
30.     $sale = new AuthorizeNetAIM;
31.    
32.     # BASIC FIELDS
33.     $sale->amount       = str_replace('$','',rgpost("input_8"));
34.     $sale->cust_id      = rgpost("input_14"); // my Customer Account Number
35.     $sale->invoice_num  = rgpost("input_7"); // my Invoice Number
36.     $sale->email        = rgpost('input_2');
37.  
38.     # UNIQUE ID -- GF puts a Unique ID in the AuthNet Invoice field. But we use that field for the my Invoice. But it's nice to have the Unique ID somewhere in AuthNet, so let's add it to the Description field.
39.     $web_submission_id = uniqid();
40.     $sale->description  =
41.         "Web-Form: ".$form["title"] .", ".
42.         "Web-Submission-ID: ".$web_submission_id;
43.  
44.     # ADDRESS
45.    $form_data["address1"] = rgpost('input_3_1');
46.     $form_data["address2"] = rgpost('input_3_2'); // not required
47.     $form_data["address"] = trim($form_data["address1"] . " " . $form_data["address2"]);
48.  
49.     $sale->address      = $form_data["address"];
50.     $sale->city         = rgpost('input_3_3');
51.     $sale->state        = rgpost('input_3_4');
52.     $sale->zip          = rgpost('input_3_5');
53.     $sale->country      = rgpost('input_3_6');
54.  
55.  
56.  
57.     # PAYMENT METHOD: CREDIT CARD
58.     $payment_method = rgpost('input_4');
59.     if($payment_method == "Credit Card"){
60.    
61.         # EXP DATE
62.         $exp_date = rgpost("input_5_2"); // array of two dropdowns
63.         $form_data['exp_date'] = str_pad($exp_date[0], 2, "0", STR_PAD_LEFT) ."-". $exp_date[1];
64.            
65.         # NAME ON CARD
66.         $form_data["card_name"] = rgpost("input_5_5"); // single field
67.         $names = explode(" ", $form_data["card_name"]); // explode to array
68.         $form_data["first_name"] = rgar($names,0); // first-name
69.         $form_data["last_name"] = ""; // last-name
70.         if(count($names) > 0){
71.             unset($names[0]);
72.             $form_data["last_name"] = implode(" ", $names);
73.         }
74.    
75.         # CC FIELDS
76.         $sale->card_num     = rgpost("input_5_1");
77.         $sale->exp_date     = $form_data["exp_date"];
78.         $sale->card_code    = rgpost("input_5_3"); //ccv
79.         $sale->first_name   = $form_data["first_name"]; //api needs separate fields
80.         $sale->last_name    = $form_data["last_name"]; //api needs separate fields  
81.    
82.     } //credit cards
83.     else {
84.         # PAYMENT METHOD: E-CHECK
85.        
86.         # NAME - Credit-card has a single "name on card" field, exploded to First-name and Last-name. E-checks doesn't have access to that field, so we use the normal FName/LName fields here. Then the "name on bank acct" field is used for "bank_acct_name" api-field.
87.         $sale->first_name       = rgpost("input_1_3");
88.         $sale->last_name        = rgpost("input_1_6");
89.        
90.         # BANK INFO
91.         $sale->bank_aba_code    = rgpost("input_9");
92.         $sale->bank_acct_num    = rgpost("input_10");
93.         $sale->bank_acct_type   = 'CHECKING';
94.         $sale->bank_name        = rgpost("input_11");
95.         $sale->bank_acct_name   = rgpost("input_12"); //name on bank account
96.         $sale->echeck_type      = 'WEB';
97.         // NOT using AuthNet PHP-SDK's setECheck() here. But.. it has wrong var. Should be bank_acct_name, but uses bank_acct_type, so AuthNet Merch-Interface shows "CHECKING" instead of the person's name. For this my site, we fixed the bug in the php-sdk (plugins/gravityformsauthorizenet/api/lib/AuthorizeNetAIM.php). If the wp-addon is ever updated, this fix will be lost, and must be re-implemented.
98.     } //eChecks
99.    
100.    
101.    
102.     # API RESPONSE
103.     $response = $sale->authorizeAndCapture();
104.  
105.     # DEBUG
106.     /*  
107.         echo "<h1>response</h1> <pre>"; print_r($response); echo "</pre> <hr />";
108.         echo "<h1>sale</h1> <pre>"; print_r($sale); echo "</pre> <hr /> ";
109.         echo "<h1>form</h1> <pre>"; print_r($form); echo "</pre> <hr />";
110.         //echo "<h1>entry</h1> <pre>"; print_r($entry); echo "</pre> <hr />"; //not available on "gform_validation" hook.
111.     */ 
112.    
113.     # VALIDATION based on AuthNet Response
114.    
115.     // if card was declined, show message, and dont do Entry.
116.     global $my_payment_error;
117.     $my_payment_error = 0; //default= 0 (ok, no error)
118.    
119.     if($response->approved != 1){ // NOT Approved
120.  
121.         $validation_result["is_valid"] = false;
122.         $message = $response->response_reason_text;
123.         $code = $response->response_reason_code;
124.         $my_payment_error = $code; // error! Used for generic validation message, in change_message
125.  
126.         # Validation Messages for each field
127.        foreach($form["fields"] as &$field){
128.        
129.             if($payment_method == "Credit Card"){
130.            
131.                 # credit-card field group
132.                 if($field["id"] == "5"){  
133.                     $field["failed_validation"] = true;
134.                     $field["validation_message"] = $message;
135.                     break;
136.                 }
137.             }//cc
138.             else { //eChecks
139.            
140.                 # aba/routing number
141.                 if($code == "9"){
142.                     if($field["id"] == "9"){ //bank-aba field
143.                         $field["failed_validation"] = true;
144.                         $field["validation_message"] = $message;
145.                         break;
146.                     }
147.                 }
148.  
149.                 # bank acct number
150.                 if($code == "10"){
151.                     if($field["id"] == "10"){ //bank-acct field
152.                         $field["failed_validation"] = true;
153.                         $field["validation_message"] = $message;
154.                         break;
155.                     }
156.                 }
157.                            
158.             }//echecks
159.            
160.         } //foreach($form["fields"]
161.     } //if($response->approved != 1)
162.  
163.  
164.     # ADD SYSTEM DATA
165.     # Since we're bypassing the GF AuthNet Add-on, we don't get the benefit of the special payment fields it creates and populates. So instead, we created hidden fields in the form, to contain data from the AuthNet Response (the Transaction ID), and any other data generated by our api call (the Web Submission ID).
166.     $_POST['input_16'] = $response->transaction_id;
167.     $_POST['input_18'] = $web_submission_id;
168.  
169.  
170.     # WRAP UP VALIDATION
171.     // Ref: http://www.gravityhelp.com/documentation/page/Using_the_Gravity_Forms_%22gform_validation%22_Hook
172.     $validation_result['form'] = $form;
173.     return $validation_result;
174.  
175.        
176. } //function my_anet_aim_echeck
177.  
178.  
179.  
180. /**
181.  * E-COMM -- VALIDATION MESSAGE (for GravityForms)
182.  *
183.  * The general message at the top of the page. If the error is from AuthNet Response (a decline or error), then use this message (with the Error Code), instead of the default.
184.  */
185. add_filter("gform_validation_message", "change_message", 10, 2);
186. function change_message($message, $form){
187.     global $my_payment_error;
188.    
189.     if($my_payment_error != 0){
190.         $message = "<div class='validation_payment_error'><strong>Sorry!</strong> There was a problem with your payment. Please check your information below. If you need assistance, please contact us and mention ERROR ".$my_payment_error.".</div> ";
191.     }
192.    
193.     return $message;
194. }