function __construct()
{
$settings = DbManager::i()->select("sf_settings", array("settings"));
if ($settings !== false && !is_array($settings)) {
$prefs = Crypto::DecryptString(base64_decode(base64_decode(ADMIN_KEY)), base64_decode(base64_decode(ADMIN_IV)), base64_decode(base64_decode($settings->settings)));
$prefs = (array) json_decode(base64_decode($prefs));
if (isset($prefs['cms_settings'])) {
$settings = (array) $prefs['cms_settings'];
if (isset($settings['title']) && strlen($settings['title']) > 0) {
$this->title = stripslashes(filter_var(htmlspecialchars($settings['title'])));
}
if (isset($settings['captcha_public']) && strlen($settings['captcha_public']) > 0) {
$this->captcha_public = stripslashes(filter_var(htmlspecialchars($settings['captcha_public'])));
}
if (isset($settings['captcha_secret']) && strlen($settings['captcha_private']) > 0) {
$this->captcha_private = stripslashes(filter_var(htmlspecialchars($settings['captcha_private'])));
}
}
if (isset($prefs['paypal'])) {
$settings = (array) $prefs['paypal'];
if (isset($settings['username']) && strlen($settings['username']) > 0) {
$this->paypal_email = stripslashes(filter_var(htmlspecialchars($settings['username'])));
}
if (isset($settings['password']) && strlen($settings['password']) > 0) {
$this->paypal_api_pass = stripslashes(filter_var(htmlspecialchars($settings['password'])));
}
if (isset($settings['signature']) && strlen($settings['signature']) > 0) {
$this->paypal_api_signature = stripslashes(filter_var(htmlspecialchars($settings['signature'])));
}
}
if (isset($prefs['btc'])) {
$settings = (array) $prefs['btc'];
if (isset($settings['api_key']) && strlen($settings['api_key']) > 0) {
$this->btc_api_key = stripslashes(filter_var(htmlspecialchars($settings['api_key'])));
}
if (isset($settings['api_pin']) && strlen($settings['api_pin']) > 0) {
$this->btc_api_pin = stripslashes(filter_var(htmlspecialchars($settings['api_pin'])));
}
}
unset($prefs);
}
}
public function getLogs($filter = 'all')
{
$logs = array();
$find = DbManager::i()->select("sf_logs", array("message", "mode"));
if ($find !== false && !is_array($find)) {
$find = array($find);
}
foreach ($find as $log) {
$log->message = Crypto::DecryptString(base64_decode(base64_decode(ADMIN_KEY)), base64_decode(base64_decode(ADMIN_IV)), base64_decode(base64_decode($log->message)));
$log->message = stripslashes(filter_var(htmlentities($log->message)));
if ($filter == 'all') {
array_push($logs, $log);
} else {
if ($filter == $log->mode) {
array_push($logs, $log);
}
}
}
return $logs;
}
$response = $paypal->doRequest("DoExpressCheckoutPayment", array("TOKEN" => $response['TOKEN'], "PAYERID" => $response['PAYERID'], "PAYMENTACTION" => "Sale", "PAYMENTREQUEST_0_AMT" => $response['PAYMENTREQUEST_0_AMT'], "PAYMENTREQUEST_0_CURRENCYCODE" => $response['PAYMENTREQUEST_0_CURRENCYCODE']));
if ($response) {
if ($response['PAYMENTINFO_0_PAYMENTSTATUS'] == "Completed" && $response['ACK'] == "Success" && $response['PAYMENTINFO_0_ACK'] == "Success") {
//did pay
$userid = intval($_SESSION['userid']);
if (isset($_SESSION['shopping-cart'])) {
$token = base64_encode(DbManager::i()->escapeString($_GET['token']));
$payerid = base64_encode(DbManager::i()->escapeString($_GET['PayerID']));
$cart = DbManager::i()->escapeString($_SESSION['shopping-cart']);
$amount = floatval($response['PAYMENTINFO_0_AMT']);
DbManager::i()->insert("sf_purchases", array("token", "payerid", "type", "userid", "cart", "date", "ip", "amount", "pending"), array(base64_encode($response['PAYMENTINFO_0_TRANSACTIONID']), $payerid, base64_encode("PayPal"), $userid, $cart, time(), base64_encode($_SERVER['REMOTE_ADDR']), $amount, 0));
$_SESSION['shopping-cart'] = base64_encode("{}");
DbManager::i()->update("sf_carts", array("cart" => $_SESSION['shopping-cart']), array("userid" => $userid));
$find = DbManager::i()->select("sf_members", array("email", "key", "iv"), array("userid" => $_SESSION['userid']));
if ($find !== false && !is_array($find)) {
$recipient = Crypto::DecryptString(base64_decode(base64_decode($find->key)), base64_decode(base64_decode($find->iv)), base64_decode(base64_decode($find->email)));
$subject = Settings::i()->title . ' Payment received';
$message = generateMessage($first_name, (array) json_decode(base64_decode($cart)), $response['PAYMENTINFO_0_TRANSACTIONID']);
$header = 'From: shopfix@' . $_SERVER['SERVER_NAME'] . "\r\n" . 'Reply-To: shopfix@' . $_SERVER['SERVER_NAME'] . "\r\n" . 'X-Mailer: PHP/' . phpversion();
mail($recipient, $subject, $message, $header);
Logger::i()->writeLog("PayPal Transaction registered: " . $response['PAYMENTINFO_0_TRANSACTIONID']);
}
header("Location: index.php");
die;
} else {
header("Location: index.php");
}
} else {
header("Location: index.php");
die;
}
require ROOT_DIR . '/admin/admin_config.php';
if (!SessionManager::i()->isAdminLoggedIn()) {
Logger::i()->writeLog("Admin is not logged in", 'dev');
die(Submission::createResult("Permission denied"));
}
$request_method = $_SERVER['REQUEST_METHOD'];
if ($request_method == "GET") {
unset($request_method);
if (!SessionManager::i()->validateToken("SettingsToken", "csrf", "GET")) {
Logger::i()->writeLog("Token to get settings is missing", 'dev');
die(Submission::createResult("Permission denied"));
}
header("Content-Type: application/json; charset=UTF-8");
$settings = DbManager::i()->select("sf_settings", array("settings"));
if ($settings !== false && !is_array($settings)) {
$prefs = Crypto::DecryptString(base64_decode(base64_decode(ADMIN_KEY)), base64_decode(base64_decode(ADMIN_IV)), base64_decode(base64_decode($settings->settings)));
echo json_encode(array("settings" => json_decode(base64_decode($prefs))));
unset($prefs);
} else {
Logger::i()->writeLog("Could not load settings, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Could not load Settings"));
}
} else {
if ($request_method == "POST") {
unset($request_method);
if (!SessionManager::i()->validateToken("SettingsToken", "token")) {
Logger::i()->writeLog("Token to set settings is missing", 'dev');
die(Submission::createResult("Permission denied"));
}
if (isset($_POST['settings'])) {
$settings = (array) json_decode(base64_decode($_POST['settings']));
require_once ROOT_DIR . '/class.submission.php';
require_once ROOT_DIR . '/class.sessionmanager.php';
if (SessionManager::i()->isLoggedIn()) {
$request_method = $_SERVER['REQUEST_METHOD'];
$userid = intval($_SESSION['userid']);
$userinfo = DbManager::i()->select("sf_members", array("key", "iv", "username", "email", "password"), array("userid" => $userid));
if ($request_method == "GET") {
unset($request_method);
if (!SessionManager::i()->validateToken("AccountSettingsToken", "token", "GET")) {
Logger::i()->writeLog("Token to access account settings is missing", 'access');
die(Submission::createResult("Permission denied"));
}
if ($userinfo !== false && !is_array($userinfo)) {
$username = Crypto::DecryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), base64_decode(base64_decode($userinfo->username)));
$email = Crypto::DecryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), base64_decode(base64_decode($userinfo->email)));
$password = Crypto::DecryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), base64_decode(base64_decode($userinfo->password)));
echo json_encode(array("username" => $username, "email" => $email, "password" => $password));
unset($username);
unset($email);
unset($password);
unset($userinfo);
} else {
Logger::i()->writeLog("No user found in the database for UserID = {$userid}, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Could not find user"));
}
} else {
if ($request_method == "POST") {
unset($request_method);
if (!SessionManager::i()->validateToken("UpdateAccountSettingsToken", "token")) {
Logger::i()->writeLog("Token to update account settings is missing", 'access');
die(Submission::createResult("Permission denied"));
require_once ROOT_DIR . '/class.dbmanager.php';
require_once ROOT_DIR . '/class.logger.php';
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.submission.php';
if (!SessionManager::i()->isAdminLoggedIn()) {
Logger::i()->writeLog("Tried to access this script without permissions. Was that you?", 'access');
die(Submission::createResult("Permission denied"));
}
if (!SessionManager::i()->validateToken("GetCustomersToken", "token")) {
Logger::i()->writeLog("Token to access customers is missing", 'access');
die(Submission::createResult("Token mismatch"));
}
header("Content-Type: application/json; charset=UTF-8");
$customers = DbManager::i()->select("sf_members", array("userid", "username", "email", "register_date", "ip", "key", "iv"));
if ($customers !== false) {
$members = array();
if (!is_array($customers)) {
$customers = array($customers);
}
foreach ($customers as $customer) {
$key = base64_decode(base64_decode($customer->key));
$iv = base64_decode(base64_decode($customer->iv));
array_push($members, array("customerid" => $customer->userid, "name" => Crypto::DecryptString($key, $iv, base64_decode(base64_decode($customer->username))), "email" => Crypto::DecryptString($key, $iv, base64_decode(base64_decode($customer->email))), "date" => strtotime($customer->register_date) * 1000, "ip" => Crypto::DecryptString($key, $iv, base64_decode(base64_decode($customer->ip)))));
}
echo json_encode(array("customers" => $members));
unset($members);
unset($customers);
} else {
Logger::i()->writeLog("Could not get customers, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Could not load customers"));
}
