function get_page_content($name, $coID = '')
{
$mode = '';
$format = strtolower(MODULE_JANOLAW_FORMAT);
if ($format == 'html') {
$mode = '_include';
}
$url = 'http://www.janolaw.de/agb-service/shops/' . $this->m_user_id . '/' . $this->m_shop_id . '/' . $name . $mode . '.' . $format;
$content = get_external_content($url, '3', false);
if (strtolower(MODULE_JANOLAW_TYPE) == 'database') {
// update data in table
$sql_data_array = array('content_text' => $content, 'content_file' => '');
xtc_db_perform(TABLE_CONTENT_MANAGER, $sql_data_array, 'update', "content_group='" . (int) $coID . "' and languages_id='2'");
} else {
// write content to file
$file = DIR_FS_CATALOG . 'media/content/' . $name . '.' . $format;
$fp = @fopen($file, 'w+');
if (is_resource($fp)) {
fwrite($fp, $content);
fclose($fp);
}
// update data in table
$sql_data_array = array('content_file' => $name . '.' . $format, 'content_text' => '');
xtc_db_perform(TABLE_CONTENT_MANAGER, $sql_data_array, 'update', "content_group='" . (int) $coID . "' and languages_id='2'");
}
}
public function log($message, $level = 0)
{
$this->_logcount++;
$table = $this->_mode == 'api' ? 'payone_api_log' : 'payone_transactions_log';
$sql_data_array = array('event_id' => (int) $this->_event_id, 'date_created' => 'now()', 'log_count' => (int) $this->_logcount, 'log_level' => (int) $level, 'message' => $message, 'customers_id' => isset($_SESSION['customer_id']) ? $_SESSION['customer_id'] : '0');
xtc_db_perform($table, $sql_data_array);
}
public function testCheckedInLastWeekReturnsFalseWhenLastCheckIsLongerAgoThanAWeek()
{
$sql_data = array('configuration_key' => 'MODULE_PAYMENT_BARZAHLEN_LAST_UPDATE_CHECK', 'configuration_value' => '2013-01-01 00:00:00', 'configuration_group_id' => 6, 'date_added' => 'now()');
xtc_db_perform(TABLE_CONFIGURATION, $sql_data);
$versionCheck = $this->createVersionCheck();
$this->assertFalse($versionCheck->isCheckedInLastWeek());
}
function affiliate_insert($sql_data_array, $affiliate_parent = 0)
{
// LOCK TABLES
@mysql_query("LOCK TABLES " . TABLE_AFFILIATE . " WRITE");
if ($affiliate_parent > 0) {
$affiliate_root_query = xtc_db_query("select affiliate_root, affiliate_rgt, affiliate_lft�from " . TABLE_AFFILIATE . " where affiliate_id = '" . $affiliate_parent . "' ");
// Check if we have a parent affiliate
if ($affiliate_root_array = xtc_db_fetch_array($affiliate_root_query)) {
xtc_db_query("update " . TABLE_AFFILIATE . " SET affiliate_lft = affiliate_lft + 2 WHERE affiliate_root = '" . $affiliate_root_array['affiliate_root'] . "' and affiliate_lft > " . $affiliate_root_array['affiliate_rgt'] . " AND affiliate_rgt >= " . $affiliate_root_array['affiliate_rgt'] . " ");
xtc_db_query("update " . TABLE_AFFILIATE . " SET affiliate_rgt = affiliate_rgt + 2 WHERE affiliate_root = '" . $affiliate_root_array['affiliate_root'] . "' and affiliate_rgt >= " . $affiliate_root_array['affiliate_rgt'] . " ");
$sql_data_array['affiliate_root'] = $affiliate_root_array['affiliate_root'];
$sql_data_array['affiliate_lft'] = $affiliate_root_array['affiliate_rgt'];
$sql_data_array['affiliate_rgt'] = $affiliate_root_array['affiliate_rgt'] + 1;
xtc_db_perform(TABLE_AFFILIATE, $sql_data_array);
$affiliate_id = xtc_db_insert_id();
}
// no parent -> new root
} else {
$sql_data_array['affiliate_lft'] = '1';
$sql_data_array['affiliate_rgt'] = '2';
xtc_db_perform(TABLE_AFFILIATE, $sql_data_array);
$affiliate_id = xtc_db_insert_id();
xtc_db_query("update " . TABLE_AFFILIATE . " set affiliate_root = '" . $affiliate_id . "' where affiliate_id = '" . $affiliate_id . "' ");
}
// UNLOCK TABLES
@mysql_query("UNLOCK TABLES");
return $affiliate_id;
}
/**
* Checks if version was checked in last week
*
* @return boolean
*/
public function isCheckedInLastWeek()
{
$lastQuery = xtc_db_query("SELECT configuration_value\n FROM " . TABLE_CONFIGURATION . "\n WHERE configuration_key = 'MODULE_PAYMENT_BARZAHLEN_LAST_UPDATE_CHECK'");
$lastCheck = xtc_db_fetch_array($lastQuery);
if (!$lastCheck) {
$sql_data = array('configuration_key' => 'MODULE_PAYMENT_BARZAHLEN_LAST_UPDATE_CHECK', 'configuration_value' => 'now()', 'configuration_group_id' => 6, 'date_added' => 'now()');
xtc_db_perform(TABLE_CONFIGURATION, $sql_data);
return false;
} elseif (time() - strtotime($lastCheck['configuration_value']) > 60 * 60 * 24 * 7) {
xtc_db_query("UPDATE " . TABLE_CONFIGURATION . "\n SET configuration_value = NOW()\n WHERE configuration_key = 'MODULE_PAYMENT_BARZAHLEN_LAST_UPDATE_CHECK'");
return false;
}
return true;
}
function xtc_update_whos_online()
{
$crawler = 0;
if (isset($_SESSION['customer_id'])) {
$wo_customer_id = (int) $_SESSION['customer_id'];
$customer_query = xtc_db_query("select\n customers_firstname,\n customers_lastname\n from " . TABLE_CUSTOMERS . "\n where customers_id = '" . $wo_customer_id . "'");
$customer = xtc_db_fetch_array($customer_query);
$wo_full_name = xtc_db_prepare_input($customer['customers_firstname'] . ' ' . $customer['customers_lastname']);
} else {
$wo_customer_id = '';
$crawler = xtc_check_agent();
if ($crawler !== 0) {
$wo_full_name = '[' . TEXT_SEARCH_ENGINE_AGENT . ']';
} else {
$wo_full_name = TEXT_GUEST;
}
}
if ($crawler !== 0) {
$wo_session_id = '';
} else {
$wo_session_id = xtc_session_id();
}
$wo_ip_address = xtc_db_prepare_input($_SESSION['tracking']['ip']);
$wo_last_page_url = xtc_db_prepare_input(strip_tags($_SERVER['REQUEST_URI']));
$wo_referer = xtc_db_prepare_input(isset($_SERVER['HTTP_REFERER']) ? strip_tags($_SERVER['HTTP_REFERER']) : '---');
$current_time = time();
$time_last_click = 900;
if (defined('WHOS_ONLINE_TIME_LAST_CLICK')) {
$time_last_click = (int) WHOS_ONLINE_TIME_LAST_CLICK;
}
$xx_mins_ago = time() - $time_last_click;
// remove entries that have expired
xtc_db_query("delete from " . TABLE_WHOS_ONLINE . " where time_last_click < '" . $xx_mins_ago . "'");
$stored_customer_query = xtc_db_query("select count(*) as count from " . TABLE_WHOS_ONLINE . " where session_id = '" . $wo_session_id . "'");
$stored_customer = xtc_db_fetch_array($stored_customer_query);
$sql_data_array = array('customer_id' => $wo_customer_id, 'full_name' => xtc_db_prepare_input($wo_full_name), 'ip_address' => $wo_ip_address, 'time_last_click' => $current_time, 'last_page_url' => $wo_last_page_url);
if ($stored_customer['count'] > 0) {
xtc_db_perform(TABLE_WHOS_ONLINE, $sql_data_array, 'update', "session_id = '" . $wo_session_id . "'");
} else {
$sql_data_array['time_entry'] = $current_time;
$sql_data_array['session_id'] = $wo_session_id;
$sql_data_array['http_referer'] = $wo_referer;
xtc_db_perform(TABLE_WHOS_ONLINE, $sql_data_array);
}
}
function xtc_cfg_save_max_display_results($cfg_key)
{
if (isset($_POST[$cfg_key])) {
$configuration_value = preg_replace('/[^0-9-]/', '', $_POST[$cfg_key]);
$configuration_value = xtc_db_prepare_input($configuration_value);
$configuration_query = xtc_db_query("SELECT configuration_key,\n configuration_value\n FROM " . TABLE_CONFIGURATION . "\n WHERE configuration_key = '" . xtc_db_input($cfg_key) . "'\n ");
if (xtc_db_num_rows($configuration_query) > 0) {
//update
xtc_db_query("UPDATE " . TABLE_CONFIGURATION . "\n SET configuration_value ='" . xtc_db_input($configuration_value) . "',\n last_modified = NOW()\n WHERE configuration_key='" . xtc_db_input($cfg_key) . "'");
} else {
//new entry
$sql_data_array = array('configuration_key' => $cfg_key, 'configuration_value' => $configuration_value, 'configuration_group_id' => '1000', 'sort_order' => '-1', 'last_modified' => 'now()', 'date_added' => 'now()');
xtc_db_perform(TABLE_CONFIGURATION, $sql_data_array);
}
return $configuration_value;
}
return defined($cfg_key) && (int) constant($cfg_key) > 0 ? constant($cfg_key) : 20;
}
function _sess_write($key, $val)
{
global $SESS_LIFE;
$flag = '';
if (isset($_SESSION['customers_status']['customers_status_id']) && $_SESSION['customers_status']['customers_status_id'] == 0) {
$SESS_LIFE = defined('SESSION_LIFE_ADMIN') ? (int) SESSION_LIFE_ADMIN : (int) SESSION_LIFE_ADMIN_DEFAULT;
$flag = 'admin';
}
$expiry = time() + (int) $SESS_LIFE;
//$value = addslashes($val);
$value = base64_encode($val);
$check_query = xtc_db_query("-- includes/functions/sessions.php\n SELECT count(*) as total\n FROM " . TABLE_SESSIONS . "\n WHERE sesskey = '" . xtc_db_input($key) . "'");
$total = xtc_db_fetch_array($check_query);
if ($total['total'] > 0) {
return xtc_db_query("-- includes/functions/sessions.php\n UPDATE " . TABLE_SESSIONS . "\n SET expiry = '" . $expiry . "',\n value = '" . xtc_db_input($value) . "',\n flag = '" . xtc_db_input($flag) . "'\n WHERE sesskey = '" . xtc_db_input($key) . "'");
} else {
$sql_data_array = array('sesskey' => $key, 'expiry' => (int) $expiry, 'value' => $value, 'flag' => $flag);
return xtc_db_perform(TABLE_SESSIONS, $sql_data_array);
}
}
if ($status['customers_status_show_price_tax'] == 1) {
$tax_info = TEXT_ADD_TAX;
}
if ($status['customers_status_show_price_tax'] == 0) {
$tax_info = TEXT_NO_TAX;
}
$title = $tax_info . $title . ':';
//EOF web28 - 2010-12-04 - "inkl." oder "zzgl." hinzufügen
if ($ust['tax_value_new']) {
$text = $xtPrice->xtcFormat($ust['tax_value_new'], true);
//BOF - Dokuman - 2010-03-17 - added sort order directly to array
$sql_data_array = array('orders_id' => (int) $_POST['oID'], 'title' => xtc_db_prepare_input($title), 'text' => $text, 'value' => xtc_db_prepare_input($ust['tax_value_new']), 'class' => 'ot_tax', 'sort_order' => MODULE_ORDER_TOTAL_TAX_SORT_ORDER);
//$insert_sql_data = array ('sort_order' => MODULE_ORDER_TOTAL_TAX_SORT_ORDER);
//$sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data);
//EOF - Dokuman - 2010-03-17 - added sort order directly to array
xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
}
}
//BOF web28 - 2010-12-04 - Keine Mwst. auf Rechnung ausweisen
if ($status['customers_status_show_price_tax'] == 0 && $status['customers_status_add_tax_ot'] == 0) {
xtc_db_query("delete from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int) $_POST['oID'] . "' and class='ot_tax'");
}
//EOF web28 - 2010-12-04 - Keine Mwst. auf Rechnung ausweisen
//EOF####### MwSt. neu berechnen #######//
//BOF web28 - 2010-12-04 Errechne neue Gesamtsumme für Artikel
//Mwst feststellen
$add_tax = 0;
$price = 'b_price';
if ($status['customers_status_show_price_tax'] == 0 && $status['customers_status_add_tax_ot'] == 1) {
$tax_query = xtc_db_query("select SUM(value) as value from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int) $_POST['oID'] . "' and class='ot_tax'");
$tax = xtc_db_fetch_array($tax_query);
if ($error == false) {
// file upload
if ($select_file != 'default') {
$content_file_name = $select_file;
}
$accepted_file_upload_files_extensions = array("xls", "xla", "hlp", "chm", "ppt", "ppz", "pps", "pot", "doc", "dot", "pdf", "rtf", "swf", "cab", "tar", "zip", "au", "snd", "mp2", "rpm", "stream", "wav", "gif", "jpeg", "jpg", "jpe", "png", "tiff", "tif", "bmp", "csv", "txt", "rtf", "tsv", "mpeg", "mpg", "mpe", "qt", "mov", "avi", "movie", "rar", "7z");
$accepted_file_upload_files_mime_types = array("application/msexcel", "application/mshelp", "application/mspowerpoint", "application/msword", "application/pdf", "application/rtf", "application/x-shockwave-flash", "application/x-tar", "application/zip", "audio/basic", "audio/x-mpeg", "audio/x-pn-realaudio-plugin", "audio/x-qt-stream", "audio/x-wav", "image/gif", "image/jpeg", "image/png", "image/tiff", "image/bmp", "text/comma-separated-values", "text/plain", "text/rtf", "text/tab-separated-values", "video/mpeg", "video/quicktime", "video/x-msvideo", "video/x-sgi-movie", "application/x-rar-compressed", "application/x-7z-compressed");
if ($content_file = xtc_try_upload('file_upload', DIR_FS_CATALOG . 'media/content/', '644', $accepted_file_upload_files_extensions, $accepted_file_upload_files_mime_types)) {
$content_file_name = $content_file->filename;
}
// update data in table
$sql_data_array = array('languages_id' => $content_language, 'content_title' => $content_title, 'content_heading' => $content_header, 'content_text' => $content_text, 'content_file' => $content_file_name, 'content_status' => $content_status, 'parent_id' => $parent_id, 'group_ids' => $group_ids, 'content_group' => $group_id, 'sort_order' => $sort_order, 'file_flag' => $file_flag, 'content_meta_title' => $content_meta_title, 'content_meta_description' => $content_meta_description, 'content_meta_keywords' => $content_meta_keywords, 'content_meta_index' => $content_meta_index, 'change_date' => $time);
if ($id == 'update') {
xtc_db_perform(TABLE_CONTENT_MANAGER, $sql_data_array, 'update', "content_id = '" . $coID . "'");
} else {
xtc_db_perform(TABLE_CONTENT_MANAGER, $sql_data_array);
}
// if get id
xtc_redirect(xtc_href_link(FILENAME_CONTENT_MANAGER));
}
// if error
}
// if
require DIR_WS_INCLUDES . 'head.php';
?>
</head>
<body>
<!-- header //-->
<?php
require DIR_WS_INCLUDES . 'header.php';
?>
// referrer #todo sec
$ref_url = parse_url(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $current_domain . $_SERVER['REQUEST_URI']);
if (!isset($_SESSION['tracking']['http_referer'])) {
$_SESSION['tracking']['http_referer'] = $ref_url;
}
// IP
if (!isset($_SESSION['tracking']['ip'])) {
$_SESSION['tracking']['ip'] = $_SERVER['REMOTE_ADDR'];
}
// campaigns
if (!isset($_SESSION['tracking']['refID']) && isset($_GET['refID'])) {
$campaign_check_query_raw = "SELECT * FROM " . TABLE_CAMPAIGNS . " WHERE campaigns_refID = '" . xtc_db_input($_GET['refID']) . "'";
$campaign_check_query = xtc_db_query($campaign_check_query_raw);
if (xtc_db_num_rows($campaign_check_query) > 0) {
$_SESSION['tracking']['refID'] = xtc_db_input($_GET['refID']);
xtc_db_perform(TABLE_CAMPAIGNS_IP, array('user_ip' => $_SESSION['tracking']['ip'], 'campaign' => xtc_db_input($_GET['refID']), 'time' => 'now()'));
}
}
// datetime
if (!isset($_SESSION['tracking']['date'])) {
$_SESSION['tracking']['date'] = date("Y-m-d H:i:s");
}
// browser #todo sec
if (!isset($_SESSION['tracking']['browser'])) {
$_SESSION['tracking']['browser'] = $_SERVER['HTTP_USER_AGENT'];
}
// pageview history
if (!isset($_SESSION['tracking']['pageview_history'])) {
$_SESSION['tracking']['pageview_history'] = array();
}
$i = count($_SESSION['tracking']['pageview_history']);
/**
* Update orderstatuses in the database
*
* @param int $customer The order status id to show the customer
* @param int $admin The order status id to show in the administration page
*
* @return void
*/
public function updateOrderDatabase($customer, $admin)
{
global $insert_id;
$orderid = mysqli_real_escape_string(xtc_db_connect(), $insert_id);
$refno = mysqli_real_escape_string(xtc_db_connect(), $_SESSION['klarna_refno']);
$sql_data_arr = array('orders_id' => $orderid, 'orders_status_id' => $customer, 'comments' => "Accepted by Klarna. Reference #: {$refno}", 'customer_notified' => 1, 'date_added' => date("Y-m-d H:i:s"));
xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_arr);
$has_ordernum_table = xtc_db_fetch_array(xtc_db_query("SELECT COUNT(*) " . "FROM information_schema.tables " . "WHERE table_schema = '" . DB_DATABASE . "' " . "AND table_name = 'klarna_ordernum';"));
$has_ordernum_table = $has_ordernum_table['COUNT(*)'];
if ($has_ordernum_table > 0) {
xtc_db_query("INSERT INTO `klarna_ordernum` (orders_id, klarna_ref) " . "VALUES ({$orderid}, {$refno})");
}
// Set pending status and hide it from customer.
$status = $_SESSION['klarna_orderstatus'];
if (isset($status)) {
$orderStatusQuery = $this->_klarnaDB->query("SELECT orders_status_id FROM " . TABLE_ORDERS_STATUS . " WHERE orders_status_name = '{$status}'");
$orderStatusID = $orderStatusQuery->getArray();
$sql_data_arr = array('orders_id' => $orderid, 'orders_status_id' => $orderStatusID['orders_status_id'], 'comments' => "Klarna Orderstatus: {$status}", 'customer_notified' => 0, 'date_added' => date("Y-m-d H:i:s"));
xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_arr);
xtc_db_query("UPDATE " . TABLE_ORDERS . " SET orders_status='" . $orderStatusID['orders_status_id'] . "' WHERE orders_id='" . $orderid . "'");
}
try {
$this->_klarna->setEstoreInfo(KiTT_String::encode($orderid));
$this->_klarna->update($_SESSION['klarna_refno']);
} catch (Exception $e) {
Klarna::printDebug(__METHOD__, "{$e->getMessage()} #({$e->getCode()})");
}
//Delete Session with user details
unset($_SESSION['klarna_data']);
unset($_SESSION['klarna_refno']);
unset($_SESSION['klarna_orderstatus']);
}
function _process_order()
{
try {
/**
* Process the internal cartID to match the cartID in the $_SESSION
*/
if (isset($_SESSION['cart']->cartID) && isset($_SESSION['cartID'])) {
if ($_SESSION['cart']->cartID != $_SESSION['cartID']) {
return false;
}
}
$order = new order();
/**
* PropertiesControl Object
*/
$coo_properties = MainFactory::create_object('PropertiesControl');
$tmp_status = $order->info['order_status'];
if ($_SESSION['customers_status']['customers_status_ot_discount_flag'] == 1) {
$discount = $_SESSION['customers_status']['customers_status_ot_discount'];
} else {
$discount = '0.00';
}
if (gm_get_conf("GM_SHOW_IP") == '1' && gm_get_conf("GM_LOG_IP") == '1') {
$customers_ip = $_SESSION['user_info']['user_ip'];
}
$comments = '';
if (trim((string) $this->_request->comment_client) != '') {
$comments .= sprintf('Customer\'s Comment: %s', trim((string) $this->_request->comment_client) . "\n");
}
$comments .= sprintf('Rakuten Order No: %s', (string) $this->_request->order_no . "\n") . sprintf('Rakuten Client ID: %s', (string) $this->_request->client->client_id . "\n");
$order->info['comments'] = $comments;
$order->info['rakuten_order_no'] = (string) $this->_request->order_no;
$billing_addr = $this->_request->client;
$order->customer['email_address'] = (string) $billing_addr->email;
$order->customer['firstname'] = $this->_escape_str_revert((string) $billing_addr->first_name);
$order->customer['lastname'] = $this->_escape_str_revert((string) $billing_addr->last_name);
$order->customer['telephone'] = (string) $billing_addr->phone;
$billing_country_result = xtc_db_query("SELECT countries_id, countries_name from " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . (string) $billing_addr->country . "' ");
if (xtc_db_num_rows($billing_country_result)) {
$billing_country = xtc_db_fetch_array($billing_country_result);
} else {
$billing_country['countries_id'] = -1;
$billing_country['countries_name'] = (string) $billing_addr->country;
}
$order->billing['firstname'] = (string) $billing_addr->first_name;
$order->billing['lastname'] = (string) $billing_addr->last_name;
$order->billing['company'] = (string) $billing_addr->company;
$order->billing['street_address'] = (string) $billing_addr->street . " " . (string) $billing_addr->street_no . ((string) $billing_addr->address_add ? '<br />' . (string) $billing_addr->address_add : '');
$order->billing['city'] = (string) $billing_addr->city;
$order->billing['postcode'] = (string) $billing_addr->zip_code;
$order->billing['country']['title'] = $billing_country['countries_name'];
$order->billing['country']['iso_code_2'] = (string) $billing_addr->country;
$order->billing['format_id'] = '5';
$shipping_addr = $this->_request->delivery_address;
$shipping_country_result = xtc_db_query("SELECT countries_id, countries_name from " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . (string) $shipping_addr->country . "' ");
if (xtc_db_num_rows($shipping_country_result)) {
$shipping_country = xtc_db_fetch_array($shipping_country_result);
} else {
$shipping_country['countries_id'] = -1;
$shipping_country['countries_name'] = (string) $shipping_addr->country;
}
$order->delivery['firstname'] = (string) $shipping_addr->first_name;
$order->delivery['lastname'] = (string) $shipping_addr->last_name;
$order->delivery['company'] = (string) $shipping_addr->company;
$order->delivery['street_address'] = (string) $shipping_addr->street . " " . (string) $shipping_addr->street_no . ((string) $shipping_addr->address_add ? '<br />' . (string) $shipping_addr->address_add : '');
$order->delivery['city'] = (string) $shipping_addr->city;
$order->delivery['postcode'] = (string) $shipping_addr->zip_code;
$order->delivery['country']['title'] = $shipping_country['countries_name'];
$order->delivery['country']['iso_code_2'] = (string) $shipping_addr->country;
$order->delivery['format_id'] = '5';
$order->info['payment_method'] = 'rakuten';
$order->info['payment_class'] = '';
$order->info['shipping_method'] = 'rakuten';
$order->info['shipping_class'] = '';
$sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], 'customers_firstname' => $order->customer['firstname'], 'customers_lastname' => $order->customer['lastname'], 'customers_cid' => $order->customer['csID'], 'customers_vat_id' => $_SESSION['customer_vat_id'], 'customers_company' => $order->customer['company'], 'customers_status' => $_SESSION['customers_status']['customers_status_id'], 'customers_status_name' => $_SESSION['customers_status']['customers_status_name'], 'customers_status_image' => $_SESSION['customers_status']['customers_status_image'], 'customers_status_discount' => $discount, 'customers_street_address' => $order->customer['street_address'], 'customers_suburb' => $order->customer['suburb'], 'customers_city' => $order->customer['city'], 'customers_postcode' => $order->customer['postcode'], 'customers_state' => $order->customer['state'], 'customers_country' => $order->customer['country']['title'], 'customers_telephone' => $order->customer['telephone'], 'customers_email_address' => $order->customer['email_address'], 'customers_address_format_id' => $order->customer['format_id'], 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'], 'delivery_firstname' => $order->delivery['firstname'], 'delivery_lastname' => $order->delivery['lastname'], 'delivery_company' => $order->delivery['company'], 'delivery_street_address' => $order->delivery['street_address'], 'delivery_suburb' => $order->delivery['suburb'], 'delivery_city' => $order->delivery['city'], 'delivery_postcode' => $order->delivery['postcode'], 'delivery_state' => $order->delivery['state'], 'delivery_country' => $order->delivery['country']['title'], 'delivery_country_iso_code_2' => $order->delivery['country']['iso_code_2'], 'delivery_address_format_id' => $order->delivery['format_id'], 'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'], 'billing_firstname' => $order->billing['firstname'], 'billing_lastname' => $order->billing['lastname'], 'billing_company' => $order->billing['company'], 'billing_street_address' => $order->billing['street_address'], 'billing_suburb' => $order->billing['suburb'], 'billing_city' => $order->billing['city'], 'billing_postcode' => $order->billing['postcode'], 'billing_state' => $order->billing['state'], 'billing_country' => $order->billing['country']['title'], 'billing_country_iso_code_2' => $order->billing['country']['iso_code_2'], 'billing_address_format_id' => $order->billing['format_id'], 'payment_method' => $order->info['payment_method'], 'payment_class' => $order->info['payment_class'], 'shipping_method' => $order->info['shipping_method'], 'shipping_class' => $order->info['shipping_class'], 'cc_type' => $order->info['cc_type'], 'cc_owner' => $order->info['cc_owner'], 'cc_number' => $order->info['cc_number'], 'cc_expires' => $order->info['cc_expires'], 'cc_start' => $order->info['cc_start'], 'cc_cvv' => $order->info['cc_cvv'], 'cc_issue' => $order->info['cc_issue'], 'date_purchased' => 'now()', 'orders_status' => $tmp_status, 'currency' => $order->info['currency'], 'currency_value' => $order->info['currency_value'], 'customers_ip' => $customers_ip, 'language' => $_SESSION['language'], 'comments' => $order->info['comments'], 'rakuten_order_no' => $order->info['rakuten_order_no']);
xtc_db_perform(TABLE_ORDERS, $sql_data_array);
$insert_id = xtc_db_insert_id();
$_SESSION['tmp_oID'] = $insert_id;
$sql_data_array = array('orders_id' => $insert_id, 'title' => MODULE_PAYMENT_RAKUTEN_SUBTOTAL . ':', 'text' => ' ' . sprintf("%01.2f EUR", (double) $this->_request->total - (double) $this->_request->shipping - (double) $this->_request->total_tax_amount), 'value' => (double) $this->_request->total - (double) $this->_request->shipping - (double) $this->_request->total_tax_amount, 'class' => 'ot_subtotal', 'sort_order' => 10);
xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
$sql_data_array = array('orders_id' => $insert_id, 'title' => MODULE_PAYMENT_RAKUTEN_SHIPPING . ':', 'text' => ' ' . sprintf("%01.2f EUR", (double) $this->_request->shipping), 'value' => (double) $this->_request->shipping, 'class' => 'ot_shipping', 'sort_order' => 30);
xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
$sql_data_array = array('orders_id' => $insert_id, 'title' => MODULE_PAYMENT_RAKUTEN_TAX . ':', 'text' => ' ' . sprintf("%01.2f EUR", (double) $this->_request->total_tax_amount), 'value' => (double) $this->_request->total_tax_amount, 'class' => 'ot_tax', 'sort_order' => 97);
xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
$sql_data_array = array('orders_id' => $insert_id, 'title' => MODULE_PAYMENT_RAKUTEN_TOTAL . ':', 'text' => sprintf("<b> %01.2f EUR</b>", (double) $this->_request->total), 'value' => (double) $this->_request->total, 'class' => 'ot_total', 'sort_order' => 99);
xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
$customer_notification = '0';
$sql_data_array = array('orders_id' => $insert_id, 'orders_status_id' => $order->info['order_status'], 'date_added' => 'now()', 'customer_notified' => $customer_notification, 'comments' => $order->info['comments']);
xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
require_once DIR_FS_CATALOG . 'gm/inc/set_shipping_status.php';
for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
/**
* Stock update
*/
if (STOCK_LIMITED == 'true') {
if (DOWNLOAD_ENABLED == 'true') {
$stock_query_raw = "SELECT p.products_quantity, pad.products_attributes_filename\n FROM " . TABLE_PRODUCTS . " p\n LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n ON p.products_id=pa.products_id\n LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n ON pa.products_attributes_id=pad.products_attributes_id\n WHERE p.products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'";
$products_attributes = $order->products[$i]['attributes'];
if (is_array($products_attributes)) {
$stock_query_raw .= " AND pa.options_id = '" . $products_attributes[0]['option_id'] . "' AND pa.options_values_id = '" . $products_attributes[0]['value_id'] . "'";
}
$stock_query = xtc_db_query($stock_query_raw);
} else {
$stock_query = xtc_db_query("select products_quantity from " . TABLE_PRODUCTS . " where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'");
}
if (xtc_db_num_rows($stock_query) > 0) {
$stock_values = xtc_db_fetch_array($stock_query);
/**
* Do not decrement quantities if products_attributes_filename exists
*/
if (DOWNLOAD_ENABLED != 'true' || !$stock_values['products_attributes_filename']) {
$stock_left = $stock_values['products_quantity'] - $order->products[$i]['qty'];
} else {
$stock_left = $stock_values['products_quantity'];
}
xtc_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . $stock_left . "' where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'");
if ($stock_left < 1 && STOCK_ALLOW_CHECKOUT == 'false' && GM_SET_OUT_OF_STOCK_PRODUCTS == 'true') {
xtc_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'");
}
set_shipping_status($order->products[$i]['id']);
if ($stock_left <= STOCK_REORDER_LEVEL) {
$gm_get_products_name = xtc_db_query("SELECT products_name\n FROM products_description\n WHERE\n products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'\n AND language_id = '" . $_SESSION['languages_id'] . "'");
$gm_stock_data = mysql_fetch_array($gm_get_products_name);
$gm_subject = GM_OUT_OF_STOCK_NOTIFY_TEXT . ' ' . $gm_stock_data['products_name'];
$gm_body = GM_OUT_OF_STOCK_NOTIFY_TEXT . ': ' . (double) $stock_left . "\n\n" . HTTP_SERVER . DIR_WS_CATALOG . 'product_info.php?info=p' . xtc_get_prid($order->products[$i]['id']);
/**
* Send the email
*/
xtc_php_mail(STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, '', STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, '', '', $gm_subject, nl2br(htmlentities($gm_body)), $gm_body);
}
}
}
/**
* Update products_ordered (for bestsellers list)
*/
xtc_db_query("update " . TABLE_PRODUCTS . " set products_ordered = products_ordered + " . (double) $order->products[$i]['qty'] . " where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'");
$sql_data_array = array('orders_id' => $insert_id, 'products_id' => xtc_get_prid($order->products[$i]['id']), 'products_model' => $order->products[$i]['model'], 'products_name' => $order->products[$i]['name'], 'products_shipping_time' => $order->products[$i]['shipping_time'], 'products_price' => $order->products[$i]['price'], 'final_price' => $order->products[$i]['final_price'], 'products_tax' => xtc_get_tax_rate($order->products[$i]['tax_class_id'], $shipping_country['countries_id']), 'products_discount_made' => $order->products[$i]['discount_allowed'], 'products_quantity' => $order->products[$i]['qty'], 'allow_tax' => $_SESSION['customers_status']['customers_status_show_price_tax']);
xtc_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array);
$order_products_id = xtc_db_insert_id();
if (!empty($order->products[$i]['quantity_unit_id'])) {
xtc_db_query("INSERT INTO orders_products_quantity_units\n SET orders_products_id = '" . (int) $order_products_id . "',\n quantity_unit_id = '" . (int) $order->products[$i]['quantity_unit_id'] . "',\n unit_name = '" . xtc_db_input($order->products[$i]['unit_name']) . "'");
}
/**
* Save selected properties_combi in product
*/
$t_combis_id = $coo_properties->extract_combis_id($order->products[$i]['id']);
$GLOBALS['coo_debugger']->log('checkout_process: $order->products[$i][id] ' . $order->products[$i]['id'], 'Properties');
$GLOBALS['coo_debugger']->log('checkout_process: extract_combis_id ' . $t_combis_id, 'Properties');
if (empty($t_combis_id) == false) {
$coo_properties->add_properties_combi_to_orders_product($t_combis_id, $order_products_id);
/**
* Update properties_combi quantity
*/
$t_quantity_change = $order->products[$i]['qty'] * -1;
$val = $coo_properties->change_combis_quantity($t_combis_id, $t_quantity_change);
}
$specials_result = xtc_db_query("SELECT products_id, specials_quantity from " . TABLE_SPECIALS . " WHERE products_id = '" . xtc_get_prid($order->products[$i]['id']) . "' ");
if (xtc_db_num_rows($specials_result)) {
$spq = xtc_db_fetch_array($specials_result);
$new_sp_quantity = $spq['specials_quantity'] - $order->products[$i]['qty'];
if ($new_sp_quantity >= 1) {
xtc_db_query("update " . TABLE_SPECIALS . " set specials_quantity = '" . $new_sp_quantity . "' where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "' ");
} elseif (STOCK_CHECK == 'true') {
xtc_db_query("update " . TABLE_SPECIALS . " set status = '0', specials_quantity = '" . $new_sp_quantity . "' where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "' ");
}
}
if (isset($order->products[$i]['attributes'])) {
$attributes_exist = '1';
for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) {
if (DOWNLOAD_ENABLED == 'true') {
$attributes_query = "select popt.products_options_name,\n poval.products_options_values_name,\n pa.options_values_price,\n pa.price_prefix,\n pad.products_attributes_maxdays,\n pad.products_attributes_maxcount,\n pad.products_attributes_filename\n from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n on pa.products_attributes_id=pad.products_attributes_id\n where pa.products_id = '" . $order->products[$i]['id'] . "'\n and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n and pa.options_id = popt.products_options_id\n and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n and pa.options_values_id = poval.products_options_values_id\n and popt.language_id = '" . $_SESSION['languages_id'] . "'\n and poval.language_id = '" . $_SESSION['languages_id'] . "'";
$attributes = xtc_db_query($attributes_query);
} else {
$attributes = xtc_db_query("select popt.products_options_name,\n poval.products_options_values_name,\n pa.options_values_price,\n pa.price_prefix\n from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n where pa.products_id = '" . $order->products[$i]['id'] . "'\n and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n and pa.options_id = popt.products_options_id\n and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n and pa.options_values_id = poval.products_options_values_id\n and popt.language_id = '" . $_SESSION['languages_id'] . "'\n and poval.language_id = '" . $_SESSION['languages_id'] . "'");
}
/**
* update attribute stock
*/
xtc_db_query("UPDATE " . TABLE_PRODUCTS_ATTRIBUTES . " set\n attributes_stock=attributes_stock - '" . $order->products[$i]['qty'] . "'\n where\n products_id='" . $order->products[$i]['id'] . "'\n and options_values_id='" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n and options_id='" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n ");
$attributes_values = xtc_db_fetch_array($attributes);
$sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'products_options' => $attributes_values['products_options_name'], 'products_options_values' => $attributes_values['products_options_values_name'], 'options_values_price' => $attributes_values['options_values_price'], 'price_prefix' => $attributes_values['price_prefix']);
xtc_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);
if (DOWNLOAD_ENABLED == 'true' && isset($attributes_values['products_attributes_filename']) && xtc_not_null($attributes_values['products_attributes_filename'])) {
$sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'orders_products_filename' => $attributes_values['products_attributes_filename'], 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 'download_count' => $attributes_values['products_attributes_maxcount']);
xtc_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);
}
/**
* BOF GM_MOD attributes stock_notifier
*/
$gm_get_attributes_stock = xtc_db_query("SELECT\n pd.products_name,\n pa.attributes_stock,\n po.products_options_name,\n pov.products_options_values_name\n FROM\n products_description pd,\n products_attributes pa,\n products_options po,\n products_options_values pov\n WHERE pa.products_id = '" . $order->products[$i]['id'] . "'\n AND pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n AND pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n AND po.products_options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n AND po.language_id = '" . $_SESSION['languages_id'] . "'\n AND pov.products_options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n AND pov.language_id = '" . $_SESSION['languages_id'] . "'\n AND pd.products_id = '" . $order->products[$i]['id'] . "'\n AND pd.language_id = '" . $_SESSION['languages_id'] . "'");
if (xtc_db_num_rows($gm_get_attributes_stock) == 1) {
$gm_attributes_stock_data = xtc_db_fetch_array($gm_get_attributes_stock);
if ($gm_attributes_stock_data['attributes_stock'] <= STOCK_REORDER_LEVEL) {
$gm_subject = GM_OUT_OF_STOCK_NOTIFY_TEXT . ' ' . $gm_attributes_stock_data['products_name'] . ' - ' . $gm_attributes_stock_data['products_options_name'] . ': ' . $gm_attributes_stock_data['products_options_values_name'];
$gm_body = GM_OUT_OF_STOCK_NOTIFY_TEXT . ': ' . (double) $gm_attributes_stock_data['attributes_stock'] . ' (' . $gm_attributes_stock_data['products_name'] . ' - ' . $gm_attributes_stock_data['products_options_name'] . ': ' . $gm_attributes_stock_data['products_options_values_name'] . ")\n\n" . HTTP_SERVER . DIR_WS_CATALOG . 'product_info.php?info=p' . xtc_get_prid($order->products[$i]['id']);
xtc_php_mail(STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, '', STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, '', '', $gm_subject, nl2br(htmlentities($gm_body)), $gm_body);
}
}
}
}
$total_weight += $order->products[$i]['qty'] * $order->products[$i]['weight'];
$total_cost += $total_products_price;
}
if (isset($_SESSION['tracking']['refID'])) {
xtc_db_query("update " . TABLE_ORDERS . " set\n refferers_id = '" . $_SESSION['tracking']['refID'] . "'\n where orders_id = '" . $insert_id . "'");
/**
* Check if late or direct sale
*/
$customers_logon_query = "SELECT customers_info_number_of_logons\n FROM " . TABLE_CUSTOMERS_INFO . "\n WHERE customers_info_id = '" . $_SESSION['customer_id'] . "'";
$customers_logon_query = xtc_db_query($customers_logon_query);
$customers_logon = xtc_db_fetch_array($customers_logon_query);
if ($customers_logon['customers_info_number_of_logons'] == 0) {
/**
* direct sale
*/
xtc_db_query("update " . TABLE_ORDERS . " set\n conversion_type = '1'\n where orders_id = '" . $insert_id . "'");
} else {
/**
* late sale
*/
xtc_db_query("update " . TABLE_ORDERS . " set\n conversion_type = '2'\n where orders_id = '" . $insert_id . "'");
}
} else {
$customers_query = xtc_db_query("SELECT refferers_id as ref FROM " . TABLE_CUSTOMERS . " WHERE customers_id='" . $_SESSION['customer_id'] . "'");
$customers_data = xtc_db_fetch_array($customers_query);
if (xtc_db_num_rows($customers_query)) {
xtc_db_query("update " . TABLE_ORDERS . " set\n refferers_id = '" . $customers_data['ref'] . "'\n where orders_id = '" . $insert_id . "'");
/**
* check if late or direct sale
*/
$customers_logon_query = "SELECT customers_info_number_of_logons\n FROM " . TABLE_CUSTOMERS_INFO . "\n WHERE customers_info_id = '" . $_SESSION['customer_id'] . "'";
$customers_logon_query = xtc_db_query($customers_logon_query);
$customers_logon = xtc_db_fetch_array($customers_logon_query);
if ($customers_logon['customers_info_number_of_logons'] == 0) {
/**
* Direct sale
*/
xtc_db_query("update " . TABLE_ORDERS . " set\n conversion_type = '1'\n where orders_id = '" . $insert_id . "'");
} else {
/**
* Late sale
*/
xtc_db_query("update " . TABLE_ORDERS . " set\n conversion_type = '2'\n where orders_id = '" . $insert_id . "'");
}
}
}
$_SESSION['cart']->reset(true);
/**
* Unregister session variables used during checkout
*/
unset($_SESSION['sendto']);
unset($_SESSION['billto']);
unset($_SESSION['shipping']);
unset($_SESSION['payment']);
unset($_SESSION['comments']);
unset($_SESSION['last_order']);
unset($_SESSION['tmp_oID']);
unset($_SESSION['cc']);
unset($_SESSION['nvpReqArray']);
unset($_SESSION['reshash']);
$last_order = $insert_id;
if (isset($_SESSION['credit_covers'])) {
unset($_SESSION['credit_covers']);
}
} catch (Exception $e) {
throw $e;
}
return true;
}
/**
* xtc_set_groups()
*
* @param mixed $categories_id
* @param mixed $permission_array
* @return
*/
function xtc_set_groups($categories_id, $permission_array)
{
// get products in categorie
$products_query = xtc_db_query("SELECT products_id FROM " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id='" . $categories_id . "'");
while ($products = xtc_db_fetch_array($products_query)) {
xtc_db_perform(TABLE_PRODUCTS, $permission_array, 'update', 'products_id = \'' . $products['products_id'] . '\'');
}
// set status of categorie
xtc_db_perform(TABLE_CATEGORIES, $permission_array, 'update', 'categories_id = \'' . $categories_id . '\'');
// look for deeper categories and go rekursiv
$categories_query = xtc_db_query("SELECT categories_id FROM " . TABLE_CATEGORIES . " where parent_id='" . $categories_id . "'");
while ($categories = xtc_db_fetch_array($categories_query)) {
xtc_set_groups($categories['categories_id'], $permission_array);
}
}
function _parse_response_payone_api($redirect = true)
{
global $insert_id;
if ($this->response instanceof Payone_Api_Response_Preauthorization_Approved || $this->response instanceof Payone_Api_Response_Authorization_Approved) {
$sql_data_array = array('bankaccountholder' => $this->response->getClearingBankaccountholder(), 'bankcountry' => $this->response->getClearingBankcountry(), 'bankaccount' => $this->response->getClearingBankaccount(), 'bankcode' => $this->response->getClearingBankcode(), 'bankiban' => $this->response->getClearingBankiban(), 'bankbic' => $this->response->getClearingBankbic(), 'bankcity' => $this->response->getClearingBankcity(), 'bankname' => $this->response->getClearingBankname(), 'orders_id' => (int) $insert_id);
xtc_db_perform('payone_clearingdata', $sql_data_array);
}
if ($this->response instanceof Payone_Api_Response_Preauthorization_Approved) {
$this->payone->log("preauthorization approved");
$this->payone->saveTransaction($insert_id, $this->response->getStatus(), $this->response->getTxid(), $this->response->getUserid());
$this->_updateOrdersStatus($insert_id, $this->response->getTxid(), strtolower((string) $this->response->getStatus()), COMMENT_PREAUTH_APPROVED);
} elseif ($this->response instanceof Payone_Api_Response_Authorization_Approved) {
$this->payone->log("authorization approved");
$this->payone->saveTransaction($insert_id, $this->response->getStatus(), $this->response->getTxid(), $this->response->getUserid());
$this->_updateOrdersStatus($insert_id, $this->response->getTxid(), strtolower((string) $this->response->getStatus()), COMMENT_AUTH_APPROVED);
} elseif ($this->response instanceof Payone_Api_Response_Authorization_Redirect) {
$this->payone->log("authorization for order " . $insert_id . " initiated, txid = " . $this->response->getTxid());
if ($this->response->getStatus() == 'REDIRECT') {
$this->payone->saveTransaction($insert_id, $this->response->getStatus(), $this->response->getTxid(), $this->response->getUserid());
$this->payone->log("redirecting to payment service");
$this->_updateOrdersStatus($insert_id, $this->response->getTxid(), strtolower((string) $this->response->getStatus()), COMMENT_REDIRECTION_INITIATED);
$redirect_url = $this->response->getRedirecturl();
if ($redirect_url != '') {
xtc_redirect($redirect_url);
}
}
} elseif ($this->response instanceof Payone_Api_Response_Error) {
$this->payone->log("authorization for order " . $insert_id . " failed, status " . $this->response->getStatus() . ", code " . $this->response->getErrorcode() . ", message " . $this->response->getErrormessage());
$this->_updateOrdersStatus($insert_id, '', strtolower((string) $this->response->getStatus()), COMMENT_ERROR);
$_SESSION['payone_error'] = $this->response->getCustomermessage();
$this->_remove_order($insert_id);
if ($_SESSION[$this->code]['installment_type'] == 'klarna') {
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_CONFIRMATION, 'conditions=true&payment_error=' . $this->code));
} else {
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code));
}
} else {
die('unhandled response type');
}
}
$sql = "\n SELECT sum(affiliate_payment) as affiliate_payment\n FROM " . TABLE_AFFILIATE_SALES . " \n WHERE affiliate_id='" . $affiliate_payment['affiliate_id'] . "' and affiliate_billing_status=99 \n ";
$affiliate_billing_query = xtc_db_query($sql);
$affiliate_billing = xtc_db_fetch_array($affiliate_billing_query);
// Get affiliate Informations
$sql = "\n SELECT a.*, c.countries_id, c.countries_name, c.countries_iso_code_2, c.countries_iso_code_3, c.address_format_id \n from " . TABLE_AFFILIATE . " a \n left join " . TABLE_ZONES . " z on (a.affiliate_zone_id = z.zone_id) \n left join " . TABLE_COUNTRIES . " c on (a.affiliate_country_id = c.countries_id)\n WHERE affiliate_id = '" . $affiliate_payment['affiliate_id'] . "' \n ";
$affiliate_query = xtc_db_query($sql);
$affiliate = xtc_db_fetch_array($affiliate_query);
// Get need tax informations for the affiliate
$affiliate_tax_rate = xtc_get_affiliate_tax_rate(AFFILIATE_TAX_ID, $affiliate['affiliate_country_id'], $affiliate['affiliate_zone_id']);
$affiliate_tax = xtc_round($affiliate_billing['affiliate_payment'] * $affiliate_tax_rate / 100, 2);
// Netto-Provision
$affiliate_payment_total = $affiliate_billing['affiliate_payment'];
// Bill the order
$affiliate['affiliate_state'] = xtc_get_zone_code($affiliate['affiliate_country_id'], $affiliate['affiliate_zone_id'], $affiliate['affiliate_state']);
$sql_data_array = array('affiliate_id' => $affiliate_payment['affiliate_id'], 'affiliate_payment' => $affiliate_billing['affiliate_payment'] - $affiliate_tax, 'affiliate_payment_tax' => $affiliate_tax, 'affiliate_payment_total' => $affiliate_payment_total, 'affiliate_payment_date' => 'now()', 'affiliate_payment_status' => '0', 'affiliate_firstname' => $affiliate['affiliate_firstname'], 'affiliate_lastname' => $affiliate['affiliate_lastname'], 'affiliate_street_address' => $affiliate['affiliate_street_address'], 'affiliate_suburb' => $affiliate['affiliate_suburb'], 'affiliate_city' => $affiliate['affiliate_city'], 'affiliate_country' => $affiliate['countries_name'], 'affiliate_postcode' => $affiliate['affiliate_postcode'], 'affiliate_company' => $affiliate['affiliate_company'], 'affiliate_state' => $affiliate['affiliate_state'], 'affiliate_address_format_id' => $affiliate['address_format_id']);
xtc_db_perform(TABLE_AFFILIATE_PAYMENT, $sql_data_array);
$insert_id = xtc_db_insert_id();
// Set the Sales to Final State
xtc_db_query("update " . TABLE_AFFILIATE_SALES . " set affiliate_payment_id = '" . $insert_id . "', affiliate_billing_status = 1, affiliate_payment_date = now() where affiliate_id = '" . $affiliate_payment['affiliate_id'] . "' and affiliate_billing_status = 99");
// Notify Affiliate
if (AFFILIATE_NOTIFY_AFTER_BILLING == 'true') {
$check_status_query = xtc_db_query("select af.affiliate_email_address, ap.affiliate_lastname, ap.affiliate_firstname, ap.affiliate_payment_status, ap.affiliate_payment_date, ap.affiliate_payment_date from " . TABLE_AFFILIATE_PAYMENT . " ap, " . TABLE_AFFILIATE . " af where affiliate_payment_id = '" . $insert_id . "' and af.affiliate_id = ap.affiliate_id ");
$check_status = xtc_db_fetch_array($check_status_query);
$email = STORE_NAME . "\n" . EMAIL_SEPARATOR . "\n" . EMAIL_TEXT_AFFILIATE_PAYMENT_NUMBER . ' ' . $insert_id . "\n" . EMAIL_TEXT_INVOICE_URL . ' ' . xtc_catalog_href_link(FILENAME_CATALOG_AFFILIATE_PAYMENT_INFO, 'payment_id=' . $insert_id, 'SSL') . "\n" . EMAIL_TEXT_PAYMENT_BILLED . ' ' . xtc_date_long($check_status['affiliate_payment_date']) . "\n\n" . EMAIL_TEXT_NEW_PAYMENT;
xtc_php_mail(AFFILIATE_EMAIL_ADDRESS, EMAIL_SUPPORT_NAME, $check_status['affiliate_email_address'], $check_status['affiliate_firstname'] . ' ' . $check_status['affiliate_lastname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_TEXT_SUBJECT, nl2br($email), $email);
}
}
$messageStack->add_session(SUCCESS_BILLING, 'success');
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_PAYMENT, xtc_get_all_get_params(array('action')) . 'action=edit'));
break;
case 'update_payment':
include DIR_WS_MODULES . 'new_attributes_include.php';
}
if (!isset($_GET['option_order_by'])) {
$_POST['action'] = isset($_POST['action']) ? $_POST['action'] : '';
// EOF - Tomcraft - 2009-11-11 - NEW SORT SELECTION
switch ($_POST['action']) {
case 'edit':
if ($_POST['copy_product_id'] != 0) {
//new copy handling by web28
$attrib_query = xtc_db_query("SELECT *\n FROM " . TABLE_PRODUCTS_ATTRIBUTES . "\n WHERE products_id = " . $_POST['copy_product_id']);
while ($attrib_res_array = xtc_db_fetch_array($attrib_query)) {
//set new data (overrides)
unset($attrib_res_array['products_attributes_id']);
$attrib_res_array['products_id'] = $_POST['current_product_id'];
//write data to DB
xtc_db_perform(TABLE_PRODUCTS_ATTRIBUTES, $attrib_res_array);
}
}
$pageTitle = TITLE_EDIT . ': ' . xtc_findTitle($_POST['current_product_id'], $languageFilter);
include DIR_WS_MODULES . 'new_attributes_include.php';
break;
case 'change':
$pageTitle = TITLE_UPDATED;
include DIR_WS_MODULES . 'new_attributes_change.php';
include DIR_WS_MODULES . 'new_attributes_select.php';
break;
default:
$pageTitle = TITLE_EDIT;
include DIR_WS_MODULES . 'new_attributes_select.php';
break;
}
protected function after_process()
{
if (isset($this->document->document->documentNumber) && xtc_not_null($this->document->document->documentNumber)) {
$process_array = array('orders_id' => xtc_db_prepare_input($this->info['order_id']), 'customers_id' => xtc_db_prepare_input($this->customer['id']), 'easybill_customers_id' => xtc_db_prepare_input($this->customers->customerID), 'billing_id' => xtc_db_prepare_input($this->document->document->documentNumber), 'billing_date' => 'now()');
xtc_db_perform(TABLE_EASYBILL, $process_array);
if (MODULE_EASYBILL_DO_STATUS_CHANGE == 'True') {
$status_array = array('orders_id' => $this->info['order_id'], 'orders_status_id' => MODULE_EASYBILL_STATUS_CHANGE, 'date_added' => 'now()', 'customer_notified' => '0', 'comments' => EASYBILL_STATUS_CHANGE_COMMENT);
xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $status_array);
xtc_db_query("UPDATE " . TABLE_ORDERS . "\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tSET orders_status = " . MODULE_EASYBILL_STATUS_CHANGE . ",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tlast_modified = now()\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE orders_id = " . $this->info['order_id']);
}
}
}
function complete_payment_paypal_installment()
{
global $insert_id;
if (isset($_SESSION['paypal']['paymentId']) && isset($_SESSION['paypal']['PayerID'])) {
// auth
$apiContext = $this->apiContext();
try {
// Get the payment Object by passing paymentId
$payment = Payment::get($_SESSION['paypal']['paymentId'], $apiContext);
} catch (Exception $ex) {
$this->LoggingManager->log(print_r($ex, true), 'DEBUG');
// redirect
unset($_SESSION['paypal']);
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code, 'SSL'));
}
// PaymentExecution
$execution = new PaymentExecution();
$execution->setPayerId($_SESSION['paypal']['PayerID']);
try {
// Execute the payment
$payment->execute($execution, $apiContext);
} catch (Exception $ex) {
$this->LoggingManager->log(print_r($ex, true), 'DEBUG');
$this->remove_order($insert_id);
unset($_SESSION['paypal']);
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code, 'SSL'));
}
// capture
if (($this->transaction_type == 'order' || $this->transaction_type == 'authorize') && $this->get_config('PAYPAL_CAPTURE_MANUELL') == '0') {
$this->capture_payment($payment);
}
$sql_data_array = array('orders_id' => $insert_id, 'payment_id' => $_SESSION['paypal']['paymentId'], 'payer_id' => $_SESSION['paypal']['PayerID']);
xtc_db_perform(TABLE_PAYPAL_PAYMENT, $sql_data_array);
try {
// Get the payment Object by passing paymentId
$payment = Payment::get($_SESSION['paypal']['paymentId'], $apiContext);
} catch (Exception $ex) {
$this->LoggingManager->log(print_r($ex, true), 'DEBUG');
$this->remove_order($insert_id);
unset($_SESSION['paypal']);
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code, 'SSL'));
}
$status = $this->get_orders_status($payment);
$status['status_id'] = $this->get_config('PAYPAL_ORDER_STATUS_ACCEPTED_ID');
if ($status['status_id'] < 0) {
$check_query = xtc_db_query("SELECT orders_status\n FROM " . TABLE_ORDERS . " \n WHERE orders_id = '" . (int) $insert_id . "'");
$check = xtc_db_fetch_array($check_query);
$status['status_id'] = $check['orders_status'];
}
$this->update_order($status['comment'], $status['status_id'], $insert_id);
} else {
// redirect
unset($_SESSION['paypal']);
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code, 'SSL'));
}
}
/**
* Checks if automatic cancelation run more than one hour ago.
*
* @return bool
*/
function checkLastAutoCancel()
{
$lastQuery = xtc_db_query("SELECT configuration_value\n FROM " . TABLE_CONFIGURATION . "\n WHERE configuration_key = 'MODULE_PAYMENT_BARZAHLEN_LAST_AUTO_CANCEL'");
$lastCheck = xtc_db_fetch_array($lastQuery);
if (!$lastCheck) {
$sql_data = array('configuration_key' => 'MODULE_PAYMENT_BARZAHLEN_LAST_AUTO_CANCEL', 'configuration_value' => 'now()', 'configuration_group_id' => 6, 'date_added' => 'now()');
xtc_db_perform(TABLE_CONFIGURATION, $sql_data);
return true;
} elseif (time() - strtotime($lastCheck['configuration_value']) > 3600) {
xtc_db_query("UPDATE " . TABLE_CONFIGURATION . "\n SET configuration_value = NOW()\n WHERE configuration_key = 'MODULE_PAYMENT_BARZAHLEN_LAST_AUTO_CANCEL'");
return true;
}
return false;
}
function writeStatusHistory($_statusID)
{
require_once DIR_FS_CATALOG . 'lang/' . $this->customer_lang . '/masterpayment_callback.php';
$history_message = "status: " . $this->status . "\r";
$history_message .= $_masterpaymentCallbackMessages[$this->status];
$sql_data_array = array('orders_id' => $this->order_ID, 'orders_status_id' => $_statusID, 'date_added' => 'now()', 'customer_notified' => '0', 'comments' => $history_message);
xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
}
function payment_action()
{
global $order, $xtPrice, $insert_id;
$customer_id = $_SESSION['customer_id'];
$order_id = $insert_id;
$_SESSION['cart_pn_sofortueberweisung_ID'] = $_SESSION['cart']->cartID . '-' . $insert_id;
if ($_SESSION['customers_status']['customers_status_show_price_tax'] == 0 && $_SESSION['customers_status']['customers_status_add_tax_ot'] == 1) {
$total = $order->info['total'] + $order->info['tax'];
} else {
$total = $order->info['total'];
}
// Fix for XTC Bug
// $order->info['total'] is in 'before_process' String without Tax, after email it is TEXT with currency
// so it has to be set here
$amount = round($total, $xtPrice->get_decimal_places($_SESSION['currency']));
$amount = number_format($amount, 2, '.', '');
$_SESSION['sofortueberweisung_total'] = $amount;
$parameter = array();
$currency = $_SESSION['currency'];
$reason_1 = str_replace('{{order_id}}', $order_id, MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_REASON_1);
$reason_1 = str_replace('{{customer_id}}', $customer_id, $reason_1);
$reason_1 = substr($reason_1, 0, 27);
$reason_2 = str_replace('{{order_id}}', $order_id, MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_TEXT_REASON_2);
$reason_2 = str_replace('{{customer_id}}', $customer_id, $reason_2);
$reason_2 = str_replace('{{order_date}}', strftime(DATE_FORMAT_SHORT), $reason_2);
$reason_2 = str_replace('{{customer_name}}', $order->customer['firstname'] . ' ' . $order->customer['lastname'], $reason_2);
$reason_2 = str_replace('{{customer_company}}', $order->customer['company'], $reason_2);
$reason_2 = str_replace('{{customer_email}}', $order->customer['email_address'], $reason_2);
$reason_2 = substr($reason_2, 0, 27);
$user_variable_0 = $order_id;
$user_variable_1 = $customer_id;
$session = session_name() . '=' . session_id();
if (ENABLE_SSL == true) {
$server = HTTPS_SERVER;
} else {
$server = HTTP_SERVER;
}
$server = str_replace('https://', '', $server);
$server = str_replace('http://', '', $server);
// success return url:
$user_variable_2 = $server . DIR_WS_CATALOG . FILENAME_CHECKOUT_PROCESS . '?' . $session;
// cancel return url:
$user_variable_3 = $server . DIR_WS_CATALOG . FILENAME_CHECKOUT_PAYMENT . '?payment_error=pn_sofortueberweisung&' . $session;
// notification url:
$user_variable_4 = $server . DIR_WS_CATALOG . 'callback/pn_sofortueberweisung/callback.php';
//deprecated
$user_variable_5 = $_SESSION['cart']->cartID;
// Additionally update status
$sql_data_array = array('orders_id' => (int) $order_id, 'orders_status_id' => MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_TMP_STATUS_ID, 'date_added' => 'now()', 'customer_notified' => '0', 'comments' => MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_TEXT_TITLE);
xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
$url = $this->pnSofortueberweisung->getPaymentUrl(MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_USER_ID, MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_PROJECT_ID, $amount, $currency, $reason_1, $reason_2, $user_variable_0, $user_variable_1, $user_variable_2, $user_variable_3, $user_variable_4, $user_variable_5);
xtc_redirect($url);
}
function callback_process($data, $charset)
{
// Keine Session da !
// Stand: 29.06.2011
global $_GET;
$this->data = $data;
//$this->_logTrans($data);
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
if (EMAIL_TRANSPORT == 'smtp') {
require_once DIR_WS_CLASSES . 'class.smtp.php';
}
require_once DIR_FS_INC . 'xtc_Security.inc.php';
$xtc_order_id = (int) substr($this->data['invoice'], strlen(PAYPAL_INVOICE));
if (isset($xtc_order_id) && is_numeric($xtc_order_id) && $xtc_order_id > 0) {
// order suchen
$order_query = xtc_db_query("SELECT currency, currency_value\n FROM " . TABLE_ORDERS . "\n WHERE orders_id = '" . xtc_db_prepare_input($xtc_order_id) . "'");
if (xtc_db_num_rows($order_query) > 0) {
// order gefunden
$ipn_charset = xtc_db_prepare_input($this->data['charset']);
$ipn_data = array();
$ipn_data['reason_code'] = xtc_db_prepare_input($this->data['reason_code']);
$ipn_data['xtc_order_id'] = xtc_db_prepare_input($xtc_order_id);
$ipn_data['payment_type'] = xtc_db_prepare_input($this->data['payment_type']);
$ipn_data['payment_status'] = xtc_db_prepare_input($this->data['payment_status']);
$ipn_data['pending_reason'] = xtc_db_prepare_input($this->data['pending_reason']);
$ipn_data['invoice'] = xtc_db_prepare_input($this->data['invoice']);
$ipn_data['mc_currency'] = xtc_db_prepare_input($this->data['mc_currency']);
$ipn_data['first_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['first_name'], $ipn_charset, $charset));
$ipn_data['last_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['last_name'], $ipn_charset, $charset));
$ipn_data['address_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_name'], $ipn_charset, $charset));
$ipn_data['address_street'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_street'], $ipn_charset, $charset));
$ipn_data['address_city'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_city'], $ipn_charset, $charset));
$ipn_data['address_state'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_state'], $ipn_charset, $charset));
$ipn_data['address_zip'] = xtc_db_prepare_input($this->data['address_zip']);
$ipn_data['address_country'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_country'], $ipn_charset, $charset));
$ipn_data['address_status'] = xtc_db_prepare_input($this->data['address_status']);
$ipn_data['payer_email'] = xtc_db_prepare_input($this->data['payer_email']);
$ipn_data['payer_id'] = xtc_db_prepare_input($this->data['payer_id']);
$ipn_data['payer_status'] = xtc_db_prepare_input($this->data['payer_status']);
$ipn_data['payment_date'] = xtc_db_prepare_input($this->datetime_to_sql_format($this->data['payment_date']));
$ipn_data['business'] = xtc_db_prepare_input($this->IPNdecode($this->data['business'], $ipn_charset, $charset));
$ipn_data['receiver_email'] = xtc_db_prepare_input($this->data['receiver_email']);
$ipn_data['receiver_id'] = xtc_db_prepare_input($this->data['receiver_id']);
$ipn_data['txn_id'] = xtc_db_prepare_input($this->data['txn_id']);
$ipn_data['txn_type'] = $this->ipn_determine_txn_type($this->data['txn_type']);
$ipn_data['parent_txn_id'] = xtc_db_prepare_input($this->data['parent_txn_id']);
$ipn_data['mc_gross'] = xtc_db_prepare_input($this->data['mc_gross']);
$ipn_data['mc_fee'] = xtc_db_prepare_input($this->data['mc_fee']);
$ipn_data['mc_shipping'] = xtc_db_prepare_input($this->data['mc_shipping']);
$ipn_data['payment_gross'] = xtc_db_prepare_input($this->data['payment_gross']);
$ipn_data['payment_fee'] = xtc_db_prepare_input($this->data['payment_fee']);
$ipn_data['notify_version'] = xtc_db_prepare_input($this->data['notify_version']);
$ipn_data['verify_sign'] = xtc_db_prepare_input($this->data['verify_sign']);
$ipn_data['num_cart_items'] = xtc_db_prepare_input($this->data['num_cart_items']);
if ($ipn_data['num_cart_items'] > 1) {
$verspos = $ipn_data['num_cart_items'];
for ($p = 1; $p <= $verspos; $p++) {
if ($this->data['item_name' . $p] == substr(SUB_TITLE_OT_DISCOUNT, 0, 127) || $this->data['item_name' . $p] == substr(PAYPAL_GS, 0, 127) || $this->data['item_name' . $p] == "Handling" || $this->data['item_name' . $p] == substr(PAYPAL_TAX, 0, 127) || $this->data['item_name' . $p] == "Differenz") {
// Artikel Nummer aus den Details für Sonderzeilen
$ipn_data['num_cart_items']--;
}
if ($this->data['item_name' . $p] == substr(SHIPPING_COSTS, 0, 127)) {
// Versandkosten
$ipn_data['mc_shipping'] = $this->data['mc_gross_' . $p];
$ipn_data['num_cart_items']--;
}
}
}
$_transQuery = "SELECT paypal_ipn_id FROM " . TABLE_PAYPAL . " WHERE txn_id = '" . $ipn_data['txn_id'] . "'";
$_transQuery = xtc_db_query($_transQuery);
$_transQuery = xtc_db_fetch_array($_transQuery);
if ($_transQuery['paypal_ipn_id'] != '') {
$insert_id = $_transQuery['paypal_ipn_id'];
$sql_data_array = array('payment_status' => $ipn_data['payment_status'], 'pending_reason' => $ipn_data['pending_reason'], 'payer_email' => $ipn_data['payer_email'], 'num_cart_items' => $ipn_data['num_cart_items'], 'mc_fee' => $ipn_data['mc_fee'], 'mc_shipping' => $ipn_data['mc_shipping'], 'address_name' => $ipn_data['address_name'], 'address_street' => $ipn_data['address_street'], 'address_city' => $ipn_data['address_city'], 'address_state' => $ipn_data['address_state'], 'address_zip' => $ipn_data['address_zip'], 'address_country' => $ipn_data['address_country'], 'address_status' => $ipn_data['address_status'], 'payer_status' => $ipn_data['payer_status'], 'receiver_email' => $ipn_data['receiver_email'], 'last_modified ' => 'now()');
xtc_db_perform(TABLE_PAYPAL, $sql_data_array, 'update', "paypal_ipn_id = '" . (int) $insert_id . "'");
} else {
$ipn_data['date_added'] = 'now()';
$ipn_data['last_modified'] = 'now()';
xtc_db_perform(TABLE_PAYPAL, $ipn_data);
$insert_id = xtc_db_insert_id();
}
$paypal_order_history = array('paypal_ipn_id' => $insert_id, 'txn_id' => $ipn_data['txn_id'], 'parent_txn_id' => $ipn_data['parent_txn_id'], 'payment_status' => $ipn_data['payment_status'], 'pending_reason' => $ipn_data['pending_reason'], 'mc_amount' => $ipn_data['mc_gross'], 'date_added' => 'now()');
xtc_db_perform(TABLE_PAYPAL_STATUS_HISTORY, $paypal_order_history);
$crlf = "\n";
$comment_status = xtc_db_prepare_input($this->data['payment_status']) . ' ' . xtc_db_prepare_input($this->data['mc_gross']) . xtc_db_prepare_input($this->data['mc_currency']) . $crlf;
$comment_status .= ' ' . xtc_db_prepare_input($this->data['first_name']) . ' ' . xtc_db_prepare_input($this->data['last_name']) . ' ' . xtc_db_prepare_input($this->data['payer_email']);
if (isset($this->data['payer_status'])) {
$comment_status .= ' is ' . xtc_db_prepare_input($this->data['payer_status']);
}
$comment_status .= '.' . $crlf;
if (isset($this->data['test_ipn']) && is_numeric($this->data['test_ipn']) && $_POST['test_ipn'] > 0) {
$comment_status .= '(Sandbox-Test Mode)' . $crlf;
}
$comment_status .= 'Total=' . xtc_db_prepare_input($this->data['mc_gross']) . xtc_db_prepare_input($this->data['mc_currency']);
if (isset($this->data['pending_reason'])) {
$comment_status .= $crlf . ' Pending Reason=' . xtc_db_prepare_input($this->data['pending_reason']);
}
if (isset($this->data['reason_code'])) {
$comment_status .= $crlf . ' Reason Code=' . xtc_db_prepare_input($this->data['reason_code']);
}
$comment_status .= $crlf . ' Payment=' . xtc_db_prepare_input($this->data['payment_type']);
$comment_status .= $crlf . ' Date=' . xtc_db_prepare_input($this->data['payment_date']);
if (isset($this->data['parent_txn_id'])) {
$comment_status .= $crlf . ' ParentID=' . xtc_db_prepare_input($this->data['parent_txn_id']);
}
$comment_status .= $crlf . ' ID=' . xtc_db_prepare_input($_POST['txn_id']);
//Set status for default (Pending)
$order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID;
$parameters = 'cmd=_notify-validate';
foreach ($this->data as $key => $value) {
$parameters .= '&' . $key . '=' . urlencode(stripslashes($value));
}
//$this->_logTransactions($parameters);
// 08.01.2008 auch ohne cURL
$mit_curl = 0;
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $this->IPN_URL);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $parameters);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$result = curl_exec($ch);
if (!curl_errno($ch)) {
$mit_curl = 1;
}
curl_close($ch);
}
// cURL fehlt oder ist fehlgeschlagen
if ($mit_curl == 0) {
$request_post = array('http' => array('method' => 'POST', 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'content' => $parameters));
$request = stream_context_create($request_post);
$result = file_get_contents($this->IPN_URL, false, $request);
}
if (strtoupper($result) == 'VERIFIED' || $result == '1') {
// Steht auf Warten
if (strtolower($this->data['payment_status']) == 'completed') {
if (PAYPAL_ORDER_STATUS_SUCCESS_ID > 0) {
$order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID;
}
//Set status for Denied, Failed
} elseif (strtolower($this->data['payment_status']) == 'denied' or strtolower($this->data['payment_status']) == 'failed') {
$order_status_id = PAYPAL_ORDER_STATUS_REJECTED_ID;
//Set status for Reversed
} elseif (strtolower($this->data['payment_status']) == 'reversed') {
$order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID;
//Set status for Canceled-Reversal
} elseif (strtolower($this->data['payment_status']) == 'canceled-reversal') {
$order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID;
//Set status for Refunded
} elseif (strtolower($this->data['payment_status']) == 'refunded') {
$order_status_id = DEFAULT_ORDERS_STATUS_ID;
//Set status for Pendign - eigentlich nicht nötig?
} elseif (strtolower($this->data['payment_status']) == 'pending') {
$order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID;
//Set status for Processed - wann kommt das ?
} elseif (strtolower($this->data['payment_status']) == 'processed') {
if (PAYPAL_ORDER_STATUS_SUCCESS_ID > 0) {
$order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID;
}
}
} else {
$order_status_id = PAYPAL_ORDER_STATUS_REJECTED_ID;
$error_reason = 'Received INVALID responce but invoice and Customer matched.';
}
$xtc_order_id = (int) substr($this->data['invoice'], strlen(PAYPAL_INVOICE));
xtc_db_query("UPDATE " . TABLE_ORDERS . "\n SET orders_status = '" . $order_status_id . "', last_modified = now()\n WHERE orders_id = '" . xtc_db_prepare_input($xtc_order_id) . "'");
$sql_data_array = array('orders_id' => xtc_db_prepare_input($xtc_order_id), 'orders_status_id' => $order_status_id, 'date_added' => 'now()', 'customer_notified' => '0', 'comments' => 'PayPal IPN ' . $comment_status . '');
xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
} else {
$error_reason = 'IPN-Fehler: Keine Order Nr.=' . xtc_db_prepare_input($this->data['invoice']) . ' mit Kunden=' . (int) $this->data['custom'] . ' gefunden.';
}
} else {
$error_reason = 'IPN-Fehler: Keine Order gefunden zu den empfangenen Daten.';
}
if (xtc_not_null(EMAIL_SUPPORT_ADDRESS) && strlen($error_reason)) {
$email_body = $error_reason . "\n\n" . '<br>';
$email_body .= $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REMOTE_ADDR'] . " - " . $_SERVER['HTTP_REFERER'] . " - " . $_SERVER['HTTP_ACCEPT'] . "\n\n" . '<br>';
$email_body .= '$_POST:' . "\n\n" . '<br>';
foreach ($this->data as $key => $value) {
$email_body .= $key . '=' . $value . "\n" . '<br>';
}
$email_body .= "\n" . '$_GET:' . "\n\n" . '<br>';
foreach ($_GET as $key => $value) {
$email_body .= $key . '=' . $value . "\n" . '<br>';
}
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_ADDRESS, '', EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, false, false, 'PayPal IPN Invalid Process', $email_body, $email_body);
}
}
if (!xtc_not_null($cross_sell_id)) {
$next_id_query = xtc_db_query("select max(products_xsell_grp_name_id) as products_xsell_grp_name_id from " . TABLE_PRODUCTS_XSELL_GROUPS . "");
$next_id = xtc_db_fetch_array($next_id_query);
$cross_sell_id = $next_id['products_xsell_grp_name_id'] + 1;
}
$insert_sql_data = array('products_xsell_grp_name_id' => $cross_sell_id, 'language_id' => $language_id);
$sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data);
xtc_db_perform(TABLE_PRODUCTS_XSELL_GROUPS, $sql_data_array);
} elseif ($_GET['action'] == 'save') {
//BOF - web28 - 2010-07-11 - BUGFIX no entry stored for previous deactivated languages
$cross_sell_query = xtc_db_query("select * from " . TABLE_PRODUCTS_XSELL_GROUPS . " where language_id = '" . $language_id . "' and products_xsell_grp_name_id = '" . xtc_db_input($cross_sell_id) . "'");
if (xtc_db_num_rows($cross_sell_query) == 0) {
xtc_db_perform(TABLE_PRODUCTS_XSELL_GROUPS, array('products_xsell_grp_name_id' => xtc_db_input($cross_sell_id), 'language_id' => $language_id));
}
//EOF - web28 - 2010-07-11 - BUGFIX no entry stored for previous deactivated languages
xtc_db_perform(TABLE_PRODUCTS_XSELL_GROUPS, $sql_data_array, 'update', "products_xsell_grp_name_id = '" . xtc_db_input($cross_sell_id) . "' and language_id = '" . $language_id . "'");
}
}
xtc_redirect(xtc_href_link(FILENAME_XSELL_GROUPS, 'page=' . $_GET['page'] . '&oID=' . $cross_sell_id));
} else {
$_SESSION['repopulate_form'] = $_REQUEST;
$_SESSION['errors'] = $error;
xtc_redirect(xtc_href_link(FILENAME_XSELL_GROUPS, 'page=' . $_GET['page'] . '&oID=' . $cross_sell_id . '&action=' . $url_action . '&errors=1'));
}
break;
case 'deleteconfirm':
$oID = xtc_db_prepare_input($_GET['oID']);
xtc_db_query("delete from " . TABLE_PRODUCTS_XSELL_GROUPS . " where products_xsell_grp_name_id = '" . xtc_db_input($oID) . "'");
xtc_redirect(xtc_href_link(FILENAME_XSELL_GROUPS, 'page=' . $_GET['page']));
break;
case 'delete':
function saveSpecialsData($products_id)
{
// decide whether to insert a new special,
// or to update an existing one
if ($_POST['specials_action'] == "insert" && isset($_POST['specials_price']) && !empty($_POST['specials_price'])) {
// insert a new special, code taken from /admin/specials.php, and modified
if (!isset($_POST['specials_quantity']) or empty($_POST['specials_quantity'])) {
$_POST['specials_quantity'] = 0;
}
if (PRICE_IS_BRUTTO == 'true' && substr($_POST['specials_price'], -1) != '%') {
$_POST['specials_price'] = $_POST['specials_price'] / ($_POST['tax_rate'] + 100) * 100;
//web28 - 2010-07-27 - tax_rate from hidden field
}
if (substr($_POST['specials_price'], -1) == '%') {
$_POST['specials_price'] = $_POST['products_price_hidden'] - $_POST['specials_price'] / 100 * $_POST['products_price_hidden'];
//web28 - 2010-07-27 - products_price_hidden from hidden field
}
$expires_date = '';
if ($_POST['specials_expires']) {
$expires_date = str_replace("-", "", $_POST['specials_expires']);
}
$sql_data_array = array('products_id' => $products_id, 'specials_quantity' => (int) $_POST['specials_quantity'], 'specials_new_products_price' => xtc_db_prepare_input($_POST['specials_price']), 'specials_date_added' => 'now()', 'expires_date' => $expires_date, 'status' => '1');
xtc_db_perform(TABLE_SPECIALS, $sql_data_array);
} elseif ($_POST['specials_action'] == "update" && isset($_POST['specials_price']) && isset($_POST['specials_quantity'])) {
// update the existing special for this product, code taken from /admin/specials.php, and modified
if (PRICE_IS_BRUTTO == 'true' && substr($_POST['specials_price'], -1) != '%') {
$sql = "SELECT tr.tax_rate\n FROM " . TABLE_TAX_RATES . " tr,\n " . TABLE_PRODUCTS . " p\n WHERE tr.tax_class_id = p. products_tax_class_id\n AND p.products_id = '" . $products_id . "' ";
$tax_query = xtc_db_query($sql);
$tax = xtc_db_fetch_array($tax_query);
$_POST['specials_price'] = $_POST['specials_price'] / ($_POST['tax_rate'] + 100) * 100;
//web28 - 2010-07-27 - tax_rate from hidden field
}
if (substr($_POST['specials_price'], -1) == '%') {
$_POST['specials_price'] = $_POST['products_price_hidden'] - $_POST['specials_price'] / 100 * $_POST['products_price_hidden'];
//web28 - 2010-07-27 - products_price_hidden from hidden field
}
$expires_date = 'NULL';
if ($_POST['specials_expires'] && $_POST['specials_status'] == 1) {
//DokuMan - 2011-11-8 - from SP1b
$expires_date = str_replace("-", "", $_POST['specials_expires']);
}
$sql_data_array = array('specials_quantity' => (int) $_POST['specials_quantity'], 'specials_new_products_price' => xtc_db_prepare_input($_POST['specials_price']), 'specials_date_added' => 'now()', 'expires_date' => $expires_date, 'status' => (int) $_POST['specials_status']);
//$sql_data_array['specials_attribute'] = (int)$_POST['specials_attribute'];
xtc_db_perform(TABLE_SPECIALS, $sql_data_array, 'update', "specials_id = '" . xtc_db_input($_POST['specials_id']) . "'");
}
if (isset($_POST['specials_delete'])) {
// delete existing special for this product, code taken from /admin/specials.php, and modified
xtc_db_query("DELETE FROM " . TABLE_SPECIALS . " WHERE specials_id = '" . xtc_db_input($_POST['specials_id']) . "'");
}
}
function insertPtoCconnection($pID, $cID)
{
$prod2cat_query = xtc_db_query("SELECT *\n\t\t\t\t\t\t\t\t\t\t FROM " . TABLE_PRODUCTS_TO_CATEGORIES . "\n\t\t\t\t\t\t\t\t\t\t WHERE\n\t\t\t\t\t\t\t\t\t\t categories_id='" . $cID . "'\n\t\t\t\t\t\t\t\t\t\t and products_id='" . $pID . "'");
if (!xtc_db_num_rows($prod2cat_query)) {
$insert_data = array('products_id' => $pID, 'categories_id' => $cID);
xtc_db_perform(TABLE_PRODUCTS_TO_CATEGORIES, $insert_data);
}
}
function status_install($stati = '')
{
// install order status
if (!is_array($stati) || is_array($stati) && count($stati) < 1) {
$stati = array('PAYPAL_INST_ORDER_STATUS_TMP_NAME' => 'PAYPAL_ORDER_STATUS_TMP_ID', 'PAYPAL_INST_ORDER_STATUS_SUCCESS_NAME' => 'PAYPAL_ORDER_STATUS_SUCCESS_ID', 'PAYPAL_INST_ORDER_STATUS_PENDING_NAME' => 'PAYPAL_ORDER_STATUS_PENDING_ID', 'PAYPAL_INST_ORDER_STATUS_CAPTURED_NAME' => 'PAYPAL_ORDER_STATUS_CAPTURED_ID', 'PAYPAL_INST_ORDER_STATUS_REFUNDED_NAME' => 'PAYPAL_ORDER_STATUS_REFUNDED_ID', 'PAYPAL_INST_ORDER_STATUS_REJECTED_NAME' => 'PAYPAL_ORDER_STATUS_REJECTED_ID');
}
foreach ($stati as $statusname => $statusid) {
$languages_query = xtc_db_query("SELECT * \n FROM " . TABLE_LANGUAGES . " \n ORDER BY sort_order");
while ($languages = xtc_db_fetch_array($languages_query)) {
if (file_exists(DIR_FS_LANGUAGES . $languages['directory'] . '/admin/paypal_config.php')) {
include DIR_FS_LANGUAGES . $languages['directory'] . '/admin/paypal_config.php';
}
if (${$statusname} != '') {
$check_query = xtc_db_query("SELECT orders_status_id \n FROM " . TABLE_ORDERS_STATUS . " \n WHERE orders_status_name = '" . xtc_db_input(${$statusname}) . "' \n AND language_id = '" . (int) $languages['languages_id'] . "' \n LIMIT 1");
$status = xtc_db_fetch_array($check_query);
if (xtc_db_num_rows($check_query) < 1 || ${$statusid} && $status['orders_status_id'] != ${$statusid}) {
if (!${$statusid}) {
$status_query = xtc_db_query("SELECT max(orders_status_id) as status_id FROM " . TABLE_ORDERS_STATUS);
$status = xtc_db_fetch_array($status_query);
${$statusid} = $status['status_id'] + 1;
}
$check_query = xtc_db_query("SELECT orders_status_id \n FROM " . TABLE_ORDERS_STATUS . " \n WHERE orders_status_id = '" . (int) ${$statusid} . "' \n AND language_id='" . (int) $languages['languages_id'] . "'");
if (xtc_db_num_rows($check_query) < 1) {
$sql_data_array = array('orders_status_id' => (int) ${$statusid}, 'language_id' => (int) $languages['languages_id'], 'orders_status_name' => ${$statusname});
xtc_db_perform(TABLE_ORDERS_STATUS, $sql_data_array);
$sql_data_array = array(array('config_key' => $statusid, 'config_value' => (int) ${$statusid}));
$this->save_config($sql_data_array);
}
} else {
${$statusid} = $status['orders_status_id'];
}
}
}
}
}
$parcel_link_txt .= $parcel_link . "\n\n";
}
}
$smarty->assign('PARCEL_COUNT', $parcel_count);
$smarty->assign('PARCEL_LINK_HTML', $parcel_link_html);
$smarty->assign('PARCEL_LINK_TXT', $parcel_link_txt);
$html_mail = $smarty->fetch('db:change_order_mail.html');
$txt_mail = $smarty->fetch('db:change_order_mail.txt');
$order_subject_search = array('{$nr}', '{$date}', '{$lastname}', '{$firstname}');
$order_subject_replace = array($oID, strftime(DATE_FORMAT_LONG), $order->customer['lastname'], $order->customer['firstname']);
$order_subject = str_replace($order_subject_search, $order_subject_replace, EMAIL_BILLING_SUBJECT);
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $check_status['customers_email_address'], $check_status['customers_name'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', $order_subject, $html_mail, $txt_mail);
$customer_notified = 1;
}
$sql_data_array = array('orders_id' => $oID, 'orders_status_id' => $status, 'date_added' => 'now()', 'customer_notified' => $customer_notified, 'comments' => $comments, 'comments_sent' => $_POST['notify_comments'] == 'on' ? 1 : 0);
xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
$order_updated = true;
}
// BOF - Fishnet Services - Nicolas Gemsjäger
// PDF Rechnung automatisch generieren und per E-Mail versenden
if (ENABLE_PDFBILL == 'true') {
$pdfbill_send_check_qry = xtc_db_query("SELECT pdfbill_send FROM " . TABLE_ORDERS_STATUS . " WHERE orders_status_id = '" . $status . "' AND language_id = '" . $_SESSION['languages_id'] . "' AND pdfbill_send = '1' LIMIT 1");
if (xtc_db_num_rows($pdfbill_send_check_qry) == 1) {
// Rechnungsnummer erzeugen (Fakturieren)
if ($order->info['ibn_billnr'] == 0) {
require_once DIR_FS_INC . 'xtc_get_next_ibillnr.inc.php';
require_once DIR_FS_INC . 'xtc_set_ibillnr.inc.php';
require_once DIR_FS_INC . 'xtc_inc_next_ibillnr.inc.php';
$ibillnr = xtc_get_next_ibillnr();
xtc_set_ibillnr($oID, $ibillnr);
xtc_inc_next_ibillnr();
if (ACCOUNT_STATE == 'true') {
if ($entry_zone_id > 0) {
$sql_data_array['entry_zone_id'] = $entry_zone_id;
$sql_data_array['entry_state'] = '';
} else {
$sql_data_array['entry_zone_id'] = '0';
$sql_data_array['entry_state'] = $entry_state;
}
}
if ($address_book_id == 0) {
$sql_data_array['address_date_added'] = 'now()';
$sql_data_array['customers_id'] = $customers_id;
xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'insert');
} else {
//xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '".xtc_db_input($customers_id)."' AND address_book_id = '".xtc_db_input($default_address_id)."'");
xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' AND address_book_id = '" . xtc_db_input($address_book_id) . "'");
}
xtc_redirect(xtc_href_link(FILENAME_CUSTOMERS, xtc_get_all_get_params(array('cID', 'action')) . 'cID=' . (int) $customers_id));
} elseif ($error == true) {
$cInfo = new objectInfo($_POST);
$processed = true;
}
break;
case 'deleteconfirm':
$customers_id = xtc_db_prepare_input($_GET['cID']);
if ($_POST['delete_reviews'] == 'on') {
$reviews_query = xtc_db_query("SELECT reviews_id FROM " . TABLE_REVIEWS . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
while ($reviews = xtc_db_fetch_array($reviews_query)) {
xtc_db_query("DELETE FROM " . TABLE_REVIEWS_DESCRIPTION . " WHERE reviews_id = '" . $reviews['reviews_id'] . "'");
}
xtc_db_query("DELETE FROM " . TABLE_REVIEWS . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
/**
* Add history comment to database.
*
* @param integer $statusId
* @param string $comment
*/
public function addOrderHistory($statusId, $comment)
{
$sql_data_history = array('orders_id' => $this->receivedData['order_id'], 'orders_status_id' => $statusId, 'date_added' => 'now()', 'customer_notified' => 1, 'comments' => $comment);
xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_history);
}
