<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2005  Stefan Neufeind                             |
// +----------------------------------------------------------------------+
// | This source file is subject to the New BSD license, That is bundled  |
// | with this package in the file LICENSE, and is available through      |
// | the world-wide-web at                                                |
// | http://www.opensource.org/licenses/bsd-license.php                   |
// | If you did not receive a copy of the new BSDlicense and are unable   |
// | to obtain it through the world-wide-web, please send a note to       |
// | pajoye@php.net so we can mail you a copy immediately.                |
// +----------------------------------------------------------------------+
// | Author: Stefan Neufeind <pear.neufeind@speedpartner.de>              |
// +----------------------------------------------------------------------+
//
/**
 * Validation methods for credit card related data
 *
 * @category   Validate
 * @package    Validate_Finance_CreditCard
 * @author     Philippe Jausions <Philippe.Jausions@11abacus.com>
 * @copyright  1997-2005  Stefan Neufeind
 * @license    http://www.opensource.org/licenses/bsd-license.php  New BSD License
 * @version    CVS: $Id: CreditCard.php,v 1.12 2005/11/01 13:12:31 pajoye Exp $
 * @link       http://pear.php.net/package/Validate_Finance_CreditCard
 */

/**
 * Credit card related information validation class
 *
 * This class provides methods to validate:
 *  - Credit card number
 *  - Card security code
 *  - Card type (i.e. Visa, Mastercard...)
 *
 * The methods only check the format of the data. For instance
 * the package does NOT check if a card is a legitimate card registered
 * with a card issuer, or if the card is reported stolen, etc...
 *
 * @category   Validate
 * @package    Validate_Finance_CreditCard
 * @author     Philippe Jausions <Philippe.Jausions@11abacus.com>
 * @author     Ondrej Jombik <nepto@pobox.sk>
 * @copyright  1997-2005  Stefan Neufeind
 * @license    http://www.opensource.org/licenses/bsd-license.php  New BSD License
 * @version    Release: @package_version@
 * @link       http://pear.php.net/package/Validate_Finance_CreditCard
 */
class Validate_Finance_CreditCard
{
    /**
     * Validates a number according to Luhn check algorithm
     *
     * This function checks given number according Luhn check
     * algorithm. It is published on several places, also here:
     *
     * @link http://www.webopedia.com/TERM/L/Luhn_formula.html
     * @link http://www.merriampark.com/anatomycc.htm
     * @link http://hysteria.sk/prielom/prielom-12.html#3 (Slovak language)
     * @link http://www.speech.cs.cmu.edu/~sburke/pub/luhn_lib.html (Perl lib)
     *
     * @param  string  $number to check
     * @return bool    TRUE if number is valid, FALSE otherwise
     * @access public
     * @static
     * @author Ondrej Jombik <nepto@pobox.sk>
     */
    static function Luhn($number)
    {
        $len_number = strlen($number);
        $sum = 0;
        for ($k = $len_number % 2; $k < $len_number; $k += 2) {
            if ((intval($number[$k]) * 2) > 9) {
                $sum += (intval($number[$k]) * 2) - 9;
            } else {
                $sum += intval($number[$k]) * 2;
            }
        }
        for ($k = ($len_number % 2) ^ 1; $k < $len_number; $k += 2) {
            $sum += intval($number[$k]);
        }
        return ($sum % 10) ? false : true;
    }


    /**
     * Validates a credit card number
     *
     * If a type is passed, the card will be checked against it.
     * This method only checks the number locally. No banks or payment
     * gateways are involved.
     * This method doesn't guarantee that the card is legitimate. It merely
     * checks the card number passes a mathematical algorithm.
     *
     * @param string  $creditCard number (spaces and dashes tolerated)
     * @param string  $cardType type/brand of card (case insensitive)
     *               "MasterCard", "Visa", "AMEX", "AmericanExpress",
     *               "American Express", "Diners", "DinersClub", "Diners Club",
     *               "CarteBlanche", "Carte Blanche", "Discover", "JCB",
     *               "EnRoute", "Eurocard", "Eurocard/MasterCard".
     * @return bool   TRUE if number is valid, FALSE otherwise
     * @access public
     * @static
     * @see Luhn()
     */
    static function number($creditCard, $cardType = null)
    {
        $cc = str_replace(array('-', ' '), '', $creditCard);
        if (($len = strlen($cc)) < 13
            || strspn($cc, '0123456789') != $len) {

            return false;
        }

        // Only apply the Luhn algorithm for cards other than enRoute
        // So check if we have a enRoute card now
        if (strlen($cc) != 15
            || (substr($cc, 0, 4) != '2014'
                && substr($cc, 0, 4) != '2149')) {

            if (!Validate_Finance_CreditCard::Luhn($cc)) {
                return false;
            }
        }

        if (is_string($cardType)) {
            return Validate_Finance_CreditCard::type($cc, $cardType);
        }

        return true;
    }


    /**
     * Validates the credit card number against a type
     *
     * This method only checks for the type marker. It doesn't
     * validate the card number. Some card "brands" share the same
     * numbering system, so checking the card type against any of the
     * sister brand will return the same result.
     *
     * For instance, if a $card is a MasterCard, type($card, 'EuroCard')
     * will also return true.
     *
     * @param string  $creditCard number (spaces and dashes tolerated)
     * @param string  $cardType type/brand of card (case insensitive)
     *               "MasterCard", "Visa", "AMEX", "AmericanExpress",
     *               "American Express", "Diners", "DinersClub", "Diners Club",
     *               "CarteBlanche", "Carte Blanche", "Discover", "JCB",
     *               "EnRoute", "Eurocard", "Eurocard/MasterCard".
     * @return bool   TRUE is type matches, FALSE otherwise
     * @access public
     * @static
     * @link http://www.beachnet.com/~hstiles/cardtype.html
     */
    static function type($creditCard, $cardType)
    {
        switch (strtoupper($cardType)) {
            case 'MASTERCARD':
            case 'EUROCARD':
            case 'EUROCARD/MASTERCARD':
                $regex = '5[1-5][0-9]{14}';
                break;
            case 'VISA':
                $regex = '4([0-9]{12}|[0-9]{15})';
                break;
            case 'AMEX':
            case 'AMERICANEXPRESS':
            case 'AMERICAN EXPRESS':
                $regex = '3[47][0-9]{13}';
                break;
            case 'DINERS':
            case 'DINERSCLUB':
            case 'DINERS CLUB':
            case 'CARTEBLANCHE':
            case 'CARTE BLANCHE':
                $regex = '3(0[0-5][0-9]{11}|[68][0-9]{12})';
                break;
            case 'DISCOVER':
                $regex = '6011[0-9]{12}';
                break;
            case 'JCB':
                $regex = '(3[0-9]{15}|(2131|1800)[0-9]{11})';
                break;
            case 'ENROUTE':
                $regex = '2(014|149)[0-9]{11}';
                break;
            default:
                return false;
        }
        $regex = '/^' . $regex . '$/';

        $cc = str_replace(array('-', ' '), '', $creditCard);
        return (bool)preg_match($regex, $cc);
    }


    /**
     * Validates a card verification value format
     *
     * This method only checks for the format. It doesn't
     * validate that the value is the one on the card.
     *
     * CVV is also known as
     *  - CVV2 Card Validation Value 2 (Visa)
     *  - CVC  Card Validation Code (MasterCard)
     *  - CID  Card Identification (American Express and Discover)
     *  - CIN  Card Identification Number
     *  - CSC  Card Security Code
     *
     * Important information regarding CVV:
     *    If you happen to have to store credit card information, you must
     *    NOT retain the CVV after transaction is complete. Usually this
     *    means you cannot store it in a database, not even in an encrypted
     *    form.
     *
     * This method returns FALSE for card types that don't support CVV.
     *
     * @param string  $cvv value to verify
     * @param string  $cardType type/brand of card (case insensitive)
     *               "MasterCard", "Visa", "AMEX", "AmericanExpress",
     *               "American Express", "Discover", "Eurocard/MasterCard",
     *               "Eurocard"
     * @return bool   TRUE if format is correct, FALSE otherwise
     * @access public
     * @static
     */
    static function cvv($cvv, $cardType)
    {
        switch (strtoupper($cardType)) {
            case 'MASTERCARD':
            case 'EUROCARD':
            case 'EUROCARD/MASTERCARD':
            case 'VISA':
            case 'DISCOVER':
                $digits = 3;
                break;
            case 'AMEX':
            case 'AMERICANEXPRESS':
            case 'AMERICAN EXPRESS':
                $digits = 4;
                break;
            default:
                return false;
        }

        if (strlen($cvv) == $digits
            && strspn($cvv, '0123456789') == $digits) {
            return true;
        }

        return false;
    }
}

?>