1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
|
<?php
class ModelExtensionFraudFraudLabsPro extends Model {
public function check($data) {
// Do not perform fraud check if FraudLabs Pro is disabled or API key is not provided.
if (!$this->config->get('fraud_fraudlabspro_status') ||!$this->config->get('fraud_fraudlabspro_key')) {
return;
}
$risk_score = 0;
$query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "fraudlabspro` WHERE order_id = '" . (int)$data['order_id'] . "'");
// Do not call FraudLabs Pro API if order is already screened.
if ($query->num_rows) {
return;
}
$ip = $data['ip'];
// Detect client IP is store is behind CloudFlare protection.
if(isset($_SERVER['HTTP_CF_CONNECTING_IP']) && filter_var($_SERVER['HTTP_CF_CONNECTING_IP'], FILTER_VALIDATE_IP)){
$ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
}
// Get real client IP is they are behind proxy server.
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && filter_var($_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP)){
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
// Overwrite client IP if simulate IP is provided.
if (filter_var($this->config->get('fraud_fraudlabspro_simulate_ip'), FILTER_VALIDATE_IP)) {
$ip = $this->config->get('fraud_fraudlabspro_simulate_ip');
}
$request['key'] = $this->config->get('fraud_fraudlabspro_key');
$request['ip'] = $ip;
$request['first_name'] = $data['firstname'];
$request['last_name'] = $data['lastname'];
$request['bill_city'] = $data['payment_city'];
$request['bill_state'] = $data['payment_zone'];
$request['bill_country'] = $data['payment_iso_code_2'];
$request['bill_zip_code'] = $data['payment_postcode'];
$request['email_domain'] = utf8_substr(strrchr($data['email'], '@'), 1);
$request['user_phone'] = $data['telephone'];
if ($data['shipping_method']) {
$request['ship_addr'] = $data['shipping_address_1'];
$request['ship_city'] = $data['shipping_city'];
$request['ship_state'] = $data['shipping_zone'];
$request['ship_zip_code'] = $data['shipping_postcode'];
$request['ship_country'] = $data['shipping_iso_code_2'];
}
$request['email'] = $data['email'];
$request['email_hash'] = $this->hashIt($data['email']);
$request['amount'] = $this->currency->format($data['total'], $data['currency_code'], $data['currency_value'], false);
$request['quantity'] = 1;
$request['currency'] = $data['currency_code'];
$request['payment_mode'] = $data['payment_code'];
$request['user_order_id'] = $data['order_id'];
$request['flp_checksum'] = (isset($_COOKIE['flp_checksum'])) ? $_COOKIE['flp_checksum'] : '';
$request['format'] = 'json';
$request['source'] = 'opencart';
$request['source_version'] = '2.1.0.2';
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://api.fraudlabspro.com/v1/order/screen?' . http_build_query($request));
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_FORBID_REUSE, 1);
curl_setopt($curl, CURLOPT_FRESH_CONNECT, 1);
$response = curl_exec($curl);
curl_close($curl);
$risk_score = 0;
if (is_null($json = json_decode($response)) === FALSE) {
$this->db->query("REPLACE INTO `" . DB_PREFIX . "fraudlabspro` SET order_id = '" . (int)$data['order_id'] . "',
is_country_match = '" . $this->db->escape($json->is_country_match) . "',
is_high_risk_country = '" . $this->db->escape($json->is_high_risk_country) . "',
distance_in_km = '" . $this->db->escape($json->distance_in_km) . "',
distance_in_mile = '" . $this->db->escape($json->distance_in_mile) . "',
ip_country = '" . $this->db->escape($json->ip_country) . "',
ip_region = '" . $this->db->escape($json->ip_region) . "',
ip_city = '" . $this->db->escape($json->ip_city) . "',
ip_continent = '" . $this->db->escape($json->ip_continent) . "',
ip_latitude = '" . $this->db->escape($json->ip_latitude) . "',
ip_longitude = '" . $this->db->escape($json->ip_longitude) . "',
ip_timezone = '" . $this->db->escape($json->ip_timezone) . "',
ip_elevation = '" . $this->db->escape($json->ip_elevation) . "',
ip_domain = '" . $this->db->escape($json->ip_domain) . "',
ip_mobile_mnc = '" . $this->db->escape($json->ip_mobile_mnc) . "',
ip_mobile_mcc = '" . $this->db->escape($json->ip_mobile_mcc) . "',
ip_mobile_brand = '" . $this->db->escape($json->ip_mobile_brand) . "',
ip_netspeed = '" . $this->db->escape($json->ip_netspeed) . "',
ip_isp_name = '" . $this->db->escape($json->ip_isp_name) . "',
ip_usage_type = '" . $this->db->escape($json->ip_usage_type) . "',
is_free_email = '" . $this->db->escape($json->is_free_email) . "',
is_new_domain_name = '" . $this->db->escape($json->is_new_domain_name) . "',
is_proxy_ip_address = '" . $this->db->escape($json->is_proxy_ip_address) . "',
is_bin_found = '" . $this->db->escape($json->is_bin_found) . "',
is_bin_country_match = '" . $this->db->escape($json->is_bin_country_match) . "',
is_bin_name_match = '" . $this->db->escape($json->is_bin_name_match) . "',
is_bin_phone_match = '" . $this->db->escape($json->is_bin_phone_match) . "',
is_bin_prepaid = '" . $this->db->escape($json->is_bin_prepaid) . "',
is_address_ship_forward = '" . $this->db->escape($json->is_address_ship_forward) . "',
is_bill_ship_city_match = '" . $this->db->escape($json->is_bill_ship_city_match) . "',
is_bill_ship_state_match = '" . $this->db->escape($json->is_bill_ship_state_match) . "',
is_bill_ship_country_match = '" . $this->db->escape($json->is_bill_ship_country_match) . "',
is_bill_ship_postal_match = '" . $this->db->escape($json->is_bill_ship_postal_match) . "',
is_ip_blacklist = '" . $this->db->escape($json->is_ip_blacklist) . "',
is_email_blacklist = '" . $this->db->escape($json->is_email_blacklist) . "',
is_credit_card_blacklist = '" . $this->db->escape($json->is_credit_card_blacklist) . "',
is_device_blacklist = '" . $this->db->escape($json->is_device_blacklist) . "',
is_user_blacklist = '" . $this->db->escape($json->is_user_blacklist) . "',
fraudlabspro_score = '" . $this->db->escape($json->fraudlabspro_score) . "',
fraudlabspro_distribution = '" . $this->db->escape($json->fraudlabspro_distribution) . "',
fraudlabspro_status = '" . $this->db->escape($json->fraudlabspro_status) . "',
fraudlabspro_id = '" . $this->db->escape($json->fraudlabspro_id) . "',
fraudlabspro_error = '" . $this->db->escape($json->fraudlabspro_error_code) . "',
fraudlabspro_message = '" . $this->db->escape($json->fraudlabspro_message) . "',
fraudlabspro_credits = '" . $this->db->escape($json->fraudlabspro_credits) . "',
api_key = '" . $this->config->get('fraud_fraudlabspro_key') . "',
ip_address = '" . $ip . "'"
);
$risk_score = (int)$json->fraudlabspro_score;
}
// Do not perform any action if error found
if ($json->fraudlabspro_error_code) {
return;
}
if ($risk_score > $this->config->get('fraud_fraudlabspro_score')) {
return $this->config->get('fraud_fraudlabspro_order_status_id');
}
if ($json->fraudlabspro_status == 'REVIEW') {
return $this->config->get('fraud_fraudlabspro_review_status_id');
}
if ($json->fraudlabspro_status == 'APPROVE') {
return $this->config->get('fraud_fraudlabspro_approve_status_id');
}
if ($json->fraudlabspro_status == 'REJECT') {
return $this->config->get('fraudlabspro_reject_status_id');
}
}
private function hashIt($s) {
$hash = 'fraudlabspro_' . $s;
for ($i = 0; $i < 65536; $i++)
$hash = sha1('fraudlabspro_' . $hash);
return $hash;
}
}
|
