Beispiel #1
0
function menu()
{
    $site_path_array = explode("/", LINK_FILE);
    if (Session::is_developer()) {
        $menu = array(array("url" => LINK_ABS . $site_path_array[0] . "/index.php", "text" => "System Status", "icon" => "home"), array("url" => LINK_ABS . $site_path_array[0] . "/fault.php", "text" => "My Fault Reports", "icon" => "list"), array("url" => LINK_ABS . $site_path_array[0] . "/assigned.php", "text" => "My Assigned Faults", "icon" => "inbox"), array("url" => LINK_ABS . $site_path_array[0] . "/report", "text" => "Report a Fault", "icon" => "flash"), array("url" => LINK_ABS . $site_path_array[0] . "/manage", "text" => "View Faults", "icon" => "list-alt"));
        $faults = Faults::get_open_faults();
        if ($faults > 0) {
            $menu[4]["badge"] = $faults;
        }
        $faults = Faults::get_open_faults_user(Session::get_id());
        if ($faults > 0) {
            $menu[2]["badge"] = $faults;
        }
    } else {
        $menu = array(array("url" => LINK_ABS . $site_path_array[0] . "/index.php", "text" => "System Status", "icon" => "home"), array("url" => LINK_ABS . $site_path_array[0] . "/fault.php", "text" => "My Fault Reports", "icon" => "list"), array("url" => LINK_ABS . $site_path_array[0] . "/report", "text" => "Report a Fault", "icon" => "flash"));
    }
    foreach ($menu as &$item) {
        if ($site_path_array[1] == array_pop(explode("/", $item["url"]))) {
            $item["active"] = true;
        }
    }
    return Bootstrap::list_group($menu);
}
Beispiel #2
0
    $parameters = array(':trackid' => $_REQUEST['trackid']);
    $result = DigiplayDB::query($query, $parameters);
    if ($result->rowCount() != 1) {
        echo Bootstrap::alert_message_basic("danger", "Couldn't find track ID in the digiplay audio DB.");
    } else {
        $track = $result->fetch();
        $query = "SELECT * FROM sustschedule order by id asc limit 1";
        $result = DigiplayDB::query($query);
        $scheduleslot = $result->fetch();
        if ($track['id'] != $scheduleslot['audioid']) {
            $query = "UPDATE sustschedule SET audioid=:trackid, trim_start_smpl=0, trim_end_smpl = :tracklength, fade_in = 0, fade_out = :tracklength WHERE id = :scheduleslot";
            $parameters = array(':trackid' => $track['id'], ':tracklength' => $track['length_smpl'], ':scheduleslot' => $scheduleslot['id']);
            DigiplayDB::query($query, $parameters);
            $query = "INSERT INTO sustlog (audioid,userid,timestamp) VALUES (:audioid,:userid,:timestamp)";
            date_default_timezone_set("Europe/London");
            $parameters = array(':audioid' => $track['id'], ':userid' => Session::get_id(), ':timestamp' => time());
            DigiplayDB::query($query, $parameters);
            echo Bootstrap::alert_message_basic("info", "Track Scheduled.");
        } else {
            echo Bootstrap::alert_message_basic("warning", "This track is already at the top of the queue.");
        }
    }
}
$currentQueue = Sustainer::get_queue();
$i = 0;
echo "<h3>Current queue:</h3>";
if (!is_null($currentQueue)) {
    if (array_key_exists('id', $currentQueue)) {
        $currentQueueTemp = array(0 => $currentQueue);
        $currentQueue = $currentQueueTemp;
    }
Beispiel #3
0
<?php

Output::set_title("System Information");
Output::add_stylesheet(LINK_ABS . "faults/comment.css");
MainTemplate::set_subtitle("View updates and report faults");
$faults = Faults::get(NULL, Session::get_id());
foreach ($faults as $fault) {
    $title = "<b>Fault ID: DIGI_" . $fault->get_id() . " </b><small>Assigned to: " . $fault->get_real_assignedto($fault->get_assignedto()) . "</small><span class=\"pull-right label label-" . $fault->get_panel_class() . "\">" . $fault->get_real_status() . "</span>";
    $footer = "<a data-toggle=\"modal\" href=\"#add-comment\" class=\"btn btn-primary btn-xs new-comment\" data-dps-id=" . $fault->get_id() . ">Add Comment</a>";
    if (Comments::get_fault_comments($fault->get_id()) != 0) {
        $footer .= "<span class=\"pull-right\"><a class=\"accordion-toggle\" data-toggle=\"collapse\" href=\"#collapse-" . $fault->get_id() . "\">" . Bootstrap::glyphicon("plus") . "</a></span></div><div id=\"collapse-" . $fault->get_id() . "\" class=\"panel-collapse collapse\"><div class=\"panel-body\">";
        $comments = Comments::get_by_fault($fault->get_id());
        foreach ($comments as $comment) {
            if ($comment->get_author() == -1) {
                $footer .= "<div class=\"row\">\r\n\t\t\t\t\t\t<div class=\"col-md-6 col-md-offset-3\"><hr></div>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t\t  \r\n\t\t\t\t\t\t\t  <div class=\"col-md-8 col-md-offset-2 system-comment\"><b style=\"color: #f0ad4e;\">System:</b> " . $comment->get_comment() . "<br><span>" . $comment->get_postdate() . "</span></div>\t\r\n\t\t\t\t</div>\r\n\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t<div class=\"col-md-6 col-md-offset-3\"><hr></div>\r\n\t\t\t\t\t\t</div>";
            } else {
                if ($comment->get_author() == $fault->get_author()) {
                    $footer .= "\r\n\t\t    \t<div class=\"panel panel-default\">\r\n\t\t\t\t\t<div class=\"panel-body\">\r\n\t\t\t\t\t\t" . $comment->get_comment() . "\r\n\t\t\t\t\t</div>\r\n\t\t\t\t\t<div class=\"panel-footer\"><span class=\"glyphicon glyphicon-time fault-time\" aria-hidden=\"true\"></span>" . $comment->get_postdate() . "<span class=\"glyphicon glyphicon-user fault-user\" aria-hidden=\"true\"></span>" . $comment->get_real_author($comment->get_author()) . "<span class=\"label label-success\">Customer</span></div>\r\n\t\t\t\t</div>\r\n\t\t\t\t";
                } else {
                    $footer .= "\t\t    \t<div class=\"panel panel-default\">\r\n\t\t\t\t\t<div class=\"panel-body\">\r\n\t\t\t\t\t\t" . $comment->get_comment() . "\r\n\t\t\t\t\t</div>\r\n\t\t\t\t\t<div class=\"panel-footer\"><span class=\"glyphicon glyphicon-time fault-time\" aria-hidden=\"true\"></span>" . $comment->get_postdate() . "<span class=\"glyphicon glyphicon-user fault-user\" aria-hidden=\"true\"></span>" . $comment->get_real_author($comment->get_author()) . "<span class=\"label label-danger\">Developer</span></div>\r\n\t\t\t\t</div>";
                }
            }
        }
        $footer .= "</div>";
    }
    $body = "<p><i>Submitted by: <b>" . $fault->get_real_author($fault->get_author()) . "</b> on: <b>" . $fault->get_postdate() . "</b></i><hr></p>\r\n\t<p>" . $fault->get_content() . "</p>";
    echo Bootstrap::panel($fault->get_panel_class(), $body, $title, $footer);
}
$title = "<span id=\"comment-status-title\">Add a comment to the fault DIGI_</span>";
$body = "<form role=\"form\">\r\n  <div class=\"form-group\">\r\n  \t<input type=\"hidden\" class=\"fault-comment-id\">\r\n    <textarea class=\"form-control fault-comment-value\" rows=\"3\"></textarea>\r\n  </div>\r\n  <div class=\"form-group\">\r\n  <button type=\"submit\" class=\"btn btn-primary confirm-fault-comment\">Add Comment</button>\r\n  <a href=\"#\" data-dismiss=\"modal\" class=\"btn btn-default\">Cancel</a>\r\n  </div>\r\n</form>";
echo Bootstrap::modal("add-comment", $body, $title);
Beispiel #4
0
 function Validate($cId, $sUserCode, $bCaseInsensitive = true)
 {
     if ($bCaseInsensitive) {
         $sUserCode = strtoupper($sUserCode);
     }
     $code = db_get_field("SELECT ekey FROM ?:ekeys WHERE object_string = ?s AND ttl > ?i", Session::get_id() . ':' . $cId, TIME);
     // Cleanup bargage
     db_query("DELETE FROM ?:ekeys WHERE object_string = ?s", TIME, $cId);
     if (!empty($code) && $sUserCode == $code) {
         return true;
     }
     return false;
 }
<?php

$comment = new Comment();
// Relate comment to fault ID
$comment->set_faultid($_REQUEST['faultid']);
// Get the current users ID for the submission
// If it is a system message, use -1
if (isset($_REQUEST['system'])) {
    $comment->set_author(-1);
} else {
    $comment->set_author(Session::get_id());
}
// Grab content
$comment->set_comment($_REQUEST['comment']);
// Current time and date added to record
$comment->set_postdate(time());
if ($comment) {
    if ($comment->save()) {
        exit(json_encode(array('response' => 'success')));
    } else {
        exit(json_encode(array('error' => 'Unknown error.')));
    }
}
// if (is developer and isnt author) show in blue!!!!
Beispiel #6
0
    if (!empty($product_count)) {
        // Get all search params
        $search_params = $_REQUEST;
        unset($search_params['dispatch']);
        unset($search_params['page']);
        unset($search_params['result_ids']);
        unset($search_params['x']);
        unset($search_params['y']);
        $search_params['match'] = empty($search_params['match']) ? 'any' : $search_params['match'];
        // any, all, exact
        foreach ($search_params as $k => $v) {
            if (empty($v)) {
                unset($search_params[$k]);
                continue;
            }
            $search_params[$k] = $v;
        }
        ksort($search_params);
        $search_params = serialize($search_params);
        $md5_search_params = md5($search_params);
        // Save search params
        $sess_id = db_get_field("SELECT sess_id FROM ?:stat_sessions WHERE session = ?s AND expiry > ?i ORDER BY timestamp DESC LIMIT 1", Session::get_id(), TIME);
        if (!empty($sess_id)) {
            $record_exist = db_get_field("SELECT sess_id FROM ?:stat_product_search WHERE sess_id = ?i AND md5 = ?s", $sess_id, $md5_search_params);
            if (!$record_exist) {
                $_data = array('sess_id' => $sess_id, 'search_string' => $search_params, 'md5' => $md5_search_params, 'quantity' => $product_count);
                db_query('INSERT INTO ?:stat_product_search ?e', $_data);
            }
        }
    }
}
    // Query number of audiowalls that the user currently has
    // If an audiowall already exists for that user, deny creation
    $numberOfAudiowalls = AudiowallSets::count_by_user();
    if ($numberOfAudiowalls > 0 && !Session::is_group_user('Audiowalls Admin')) {
        http_response_code(400);
        exit(json_encode(array("error" => "Audiowall limit exceeded", "detail" => "You are limited to a single audiowall")));
        Errors::clear();
    }
    $aw_set = new AudiowallSet();
    $aw_set->set_name(pg_escape_string($_REQUEST["awname"]));
    $aw_set->set_description(pg_escape_string($_REQUEST["awdescription"]));
    $aw_set->save();
    // Add audiowall owner to the database
    $data = array('user_id' => Session::get_id(), 'set_id' => $aw_set->get_id());
    DigiplayDB::insert("aw_sets_owner", $data);
    // Add audiowall permissions to current user
    // The bitmask is as follows (view, edit, delete) where a value of 1 grants the permission
    // INSERT INTO aw_sets_permissions (user_id, set_id, permissions) VALUES (Session::get_id(), $aw_set->get_id(), '111');
    $data = array('user_id' => Session::get_id(), 'set_id' => $aw_set->get_id(), 'permissions' => '111');
    DigiplayDB::insert("aw_sets_permissions", $data);
    if (Errors::occured()) {
        http_response_code(400);
        exit(json_encode(array("error" => "Something went wrong. You may have discovered a bug!", "detail" => Errors::report("array"))));
        Errors::clear();
    } else {
        exit(json_encode(array('response' => 'success', 'id' => $aw_set->get_id())));
    }
} else {
    http_response_code(403);
    exit(json_encode(array('error' => 'Permission denied.')));
}
 public static function count_by_user()
 {
     return DigiplayDB::select("count(set_id) FROM aw_sets_owner WHERE user_id = :user_id", null, false, array(':user_id' => Session::get_id()));
 }
Beispiel #9
0
function fn_order_placement_routines($order_id, $force_notification = array(), $clear_cart = true, $action = '')
{
    $order_info = fn_get_order_info($order_id, true);
    if (!empty($_SESSION['cart']['placement_action'])) {
        if (empty($action)) {
            $action = $_SESSION['cart']['placement_action'];
        }
        unset($_SESSION['cart']['placement_action']);
    }
    if (AREA == 'C' && !empty($order_info['user_id'])) {
        $__fake = '';
        fn_save_cart_content($__fake, $order_info['user_id']);
    }
    $edp_data = fn_generate_ekeys_for_edp(array(), $order_info);
    fn_order_notification($order_info, $edp_data, $force_notification);
    $_error = false;
    if ($action == 'save') {
        fn_set_notification('N', fn_get_lang_var('congratulations'), fn_get_lang_var('text_order_saved_successfully'));
    } else {
        if ($order_info['status'] == STATUS_PARENT_ORDER) {
            $child_orders = db_get_hash_single_array("SELECT order_id, status FROM ?:orders WHERE parent_order_id = ?i", array('order_id', 'status'), $order_id);
            $status = reset($child_orders);
            $child_orders = array_keys($child_orders);
        } else {
            $status = $order_info['status'];
        }
        if (substr_count('OP', $status) > 0) {
            if ($action == 'repay') {
                fn_set_notification('N', fn_get_lang_var('congratulations'), fn_get_lang_var('text_order_repayed_successfully'));
            } else {
                fn_set_notification('N', fn_get_lang_var('order_placed'), fn_get_lang_var('text_order_placed_successfully'));
            }
        } elseif ($status == 'B') {
            fn_set_notification('N', fn_get_lang_var('order_placed'), fn_get_lang_var('text_order_backordered'));
        } else {
            if (AREA == 'A' || $action == 'repay') {
                if ($status != 'I') {
                    fn_set_notification('E', fn_get_lang_var('order_placed'), fn_get_lang_var('text_order_placed_error'));
                }
            } else {
                $_error = true;
                if (!empty($child_orders)) {
                    array_unshift($child_orders, $order_id);
                } else {
                    $child_orders = array();
                    $child_orders[] = $order_id;
                }
                $_SESSION['cart'][$status == 'N' ? 'processed_order_id' : 'failed_order_id'] = $child_orders;
            }
            if ($status == 'N' || $action == 'repay' && $status == 'I') {
                fn_set_notification('N', fn_get_lang_var('cancelled'), fn_get_lang_var('text_transaction_cancelled'));
            }
        }
    }
    // Empty cart
    if ($clear_cart == true && $_error == false) {
        $_SESSION['cart'] = array('user_data' => !empty($_SESSION['cart']['user_data']) ? $_SESSION['cart']['user_data'] : array(), 'profile_id' => !empty($_SESSION['cart']['profile_id']) ? $_SESSION['cart']['profile_id'] : 0, 'user_id' => !empty($_SESSION['cart']['user_id']) ? $_SESSION['cart']['user_id'] : 0);
        db_query('DELETE FROM ?:user_session_products WHERE session_id = ?s AND type = ?s', Session::get_id(), 'C');
    }
    fn_set_hook('order_placement_routines', $order_id, $force_notification, $order_info);
    $prefix = Registry::get('settings.General.secure_auth') == 'Y' && AREA == 'C' ? Registry::get('config.https_location') . '/' : '';
    if (AREA == 'A' || $action == 'repay') {
        fn_redirect($prefix . INDEX_SCRIPT . "?dispatch=orders.details&order_id={$order_id}", true);
    } else {
        fn_redirect($prefix . INDEX_SCRIPT . "?dispatch=checkout." . ($_error == true ? Registry::get('settings.General.one_page_checkout') == 'Y' ? "checkout" : "summary" : "complete&order_id={$order_id}"), true);
    }
}
Beispiel #10
0
function fn_stat_save_session_data(&$stat_data)
{
    $stat_data['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
    $ip = fn_get_ip(true);
    $stat_data['host_ip'] = $ip['host'];
    $stat_data['proxy_ip'] = $ip['proxy'];
    $stat_data['client_language'] = strtoupper(empty($stat_data['client_language']) ? empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? '' : $_SERVER['HTTP_ACCEPT_LANGUAGE'] : $stat_data['client_language']);
    $stat_data['session'] = Session::get_id();
    $stat_data['host_ip'] = $ip['host'];
    $stat_data['proxy_ip'] = $ip['proxy'];
    $stat_data['ip_id'] = fn_stat_ip_exist($ip);
    if (!empty($stat_data['browser'])) {
        $browser_id = db_get_field("SELECT browser_id FROM ?:stat_browsers WHERE browser = ?s AND version = ?s", $stat_data['browser'], $stat_data['browser_version']);
        if (empty($browser_id)) {
            $browser_id = db_query('INSERT INTO ?:stat_browsers ?e', array('browser' => $stat_data['browser'], 'version' => $stat_data['browser_version']));
        }
        $stat_data['browser_id'] = $browser_id;
    }
    $parse_url = parse_url(@$stat_data['referrer']);
    $stat_data['referrer_scheme'] = empty($parse_url['scheme']) ? '' : $parse_url['scheme'];
    $stat_data['referrer_host'] = empty($parse_url['host']) ? '' : $parse_url['host'];
    $search_data = fn_get_search_words(@$stat_data['referrer']);
    if (!empty($search_data['engine'])) {
        //$stat_data['engine'] = $search_data['engine'];
        $engine_id = db_get_field("SELECT engine_id FROM ?:stat_search_engines WHERE engine = ?s", $search_data['engine']);
        if (empty($engine_id)) {
            $engine_id = db_query('INSERT INTO ?:stat_search_engines ?e', array('engine' => $search_data['engine']));
        }
        $stat_data['engine_id'] = empty($engine_id) ? 0 : $engine_id;
    }
    if (!empty($search_data['phrase'])) {
        $phrase_id = db_get_field("SELECT phrase_id FROM ?:stat_search_phrases WHERE phrase = ?s", $search_data['phrase']);
        if (empty($phrase_id)) {
            $phrase_id = db_query('INSERT INTO ?:stat_search_phrases ?e', array('phrase' => $search_data['phrase']));
        }
        $stat_data['phrase_id'] = empty($phrase_id) ? 0 : $phrase_id;
    }
    if (!empty($stat_data['client_language'])) {
        $is_lang = db_get_field("SELECT lang_code FROM ?:stat_languages WHERE lang_code = ?s", $stat_data['client_language']);
        // If there is not long language code in DB then save short language code
        if (empty($is_lang)) {
            $stat_data['client_language'] = substr($stat_data['client_language'], 0, 2);
        }
    }
    $stat_data['expiry'] = TIME + SESSION_ALIVE_TIME;
    $session_data = fn_check_table_fields($stat_data, 'stat_sessions');
    $sess_id = db_query('INSERT INTO ?:stat_sessions ?e', $session_data);
    // Set the cookie 'stat_uniq_code' to identify unique clients.
    $stat_uniq_code = fn_get_cookie('stat_uniq_code');
    if (!empty($sess_id) && (empty($stat_uniq_code) || $stat_uniq_code >= $sess_id)) {
        $stat_uniq_code = $sess_id;
    }
    fn_set_cookie('stat_uniq_code', $stat_uniq_code, 365 * 24 * 3600);
    if (!empty($sess_id)) {
        db_query('UPDATE ?:stat_sessions SET ?u WHERE sess_id = ?i', array('uniq_code' => $stat_uniq_code), $sess_id);
    }
    return $sess_id;
}
Beispiel #11
0
/**
 * Make cmpi_lookup request to 3-D Secure sevice provider
 *
 * @param array $processor_data Payment processor data
 * @param array $order_info Order information
 * @return boolean true
 */
function fn_cmpi_lookup($processor_data, $order_info)
{
    unset($_SESSION['cmpi']);
    $amount = preg_replace('/\\D/', '', $order_info['total']);
    // array with ISO codes of currencies. //TODO: move to database.
    $iso4217 = array('USD' => 840, 'GBP' => 826, 'EUR' => 978, 'AUD' => 036, 'CAD' => 124, 'JPY' => 392);
    $settings = array('processor_id', 'merchant_id', 'transaction_password', 'transaction_url');
    foreach ($settings as $setting) {
        $_SESSION['cmpi'][$setting] = $processor_data['params'][$setting];
    }
    $cardinal_request = <<<EOT
<CardinalMPI>
<MsgType>cmpi_lookup</MsgType>
<Version>1.7</Version>
<ProcessorId>{$_SESSION['cmpi']['processor_id']}</ProcessorId>
<MerchantId>{$_SESSION['cmpi']['merchant_id']}</MerchantId>
<TransactionPwd>{$_SESSION['cmpi']['transaction_password']}</TransactionPwd>
<TransactionType>C</TransactionType>
<Amount>{$amount}</Amount>
<CurrencyCode>{$iso4217[$processor_data['params']['currency']]}</CurrencyCode>
<CardNumber>{$order_info['payment_info']['card_number']}</CardNumber>
<CardExpMonth>{$order_info['payment_info']['expiry_month']}</CardExpMonth>
<CardExpYear>20{$order_info['payment_info']['expiry_year']}</CardExpYear>
<OrderNumber>{$order_info['order_id']}</OrderNumber>
<OrderDesc>Order #{$order_info['order_id']}; customer: {$order_info['b_firstname']} {$order_info['b_lastname']};</OrderDesc>
<BrowserHeader>*/*</BrowserHeader>
<EMail>{$order_info['email']}</EMail>
<IPAddress>{$_SERVER['REMOTE_ADDR']}</IPAddress>
<BillingFirstName>{$order_info['b_firstname']}</BillingFirstName>
<BillingLastName>{$order_info['b_lastname']}</BillingLastName>
<BillingAddress1>{$order_info['b_address']}</BillingAddress1>
<BillingAddress2>{$order_info['b_address_2']}</BillingAddress2>
<BillingCity>{$order_info['b_city']}</BillingCity>
<BillingState>{$order_info['b_state']}</BillingState>
<BillingPostalCode>{$order_info['b_zipcode']}</BillingPostalCode>
<BillingCountryCode>{$order_info['b_country']}</BillingCountryCode>
<ShippingFirstName>{$order_info['s_firstname']}</ShippingFirstName>
<ShippingLastName>{$order_info['s_lastname']}</ShippingLastName>
<ShippingAddress1>{$order_info['s_address']}</ShippingAddress1>
<ShippingAddress2>{$order_info['s_address_2']}</ShippingAddress2>
<ShippingCity>{$order_info['s_city']}</ShippingCity>
<ShippingState>{$order_info['s_state']}</ShippingState>
<ShippingPostalCode>{$order_info['s_zipcode']}</ShippingPostalCode>
<ShippingCountryCode>{$order_info['s_country']}</ShippingCountryCode>
</CardinalMPI>
EOT;
    /*
    <Item_Name_1>Three Stone Princess Cut Diamond Ring</Item_Name_1>
    <Item_Desc_1>This classic women's diamond ring in 18K white gold features 3 brilliant diamonds. The diamonds are Channel-Set and weigh a total of 1.98 ctw. Gift Box included.</Item_Desc_1>
    <Item_Price_1>39999</Item_Price_1>
    <Item_Quantity_1>1</Item_Quantity_1>
    <Item_SKU_1>SKU17513</Item_SKU_1>
    */
    Registry::set('log_cut_data', array('CardNumber', 'CardExpMonth', 'CardExpYear'));
    list($headers, $response_data) = fn_https_request('POST', $_SESSION['cmpi']['transaction_url'], array("cmpi_msg=" . $cardinal_request));
    $cmpi = @simplexml_load_string($response_data);
    $err_no = 0;
    $_SESSION['cmpi']['enrolled'] = 'U';
    $acs_url = '';
    if ($headers == '0' || $cmpi === false) {
        // array with EciFlag for different cards, if payer authentication is unavailable
        $cards_eci_flags = array('mcd' => 1, 'vis' => 7, 'jcb' => 7);
        $_SESSION['cmpi']['eci_flag'] = isset($cards_eci_flags[$order_info['payment_info']['card']]) ? $cards_eci_flags[$order_info['payment_info']['card']] : '';
        $err_desc = 'Connection problem';
    } else {
        $err_no = intval((string) $cmpi->ErrorNo);
        $err_desc = (string) $cmpi->ErrorDesc;
        $acs_url = (string) $cmpi->ACSUrl;
        $_SESSION['cmpi']['enrolled'] = (string) $cmpi->Enrolled;
        $_SESSION['cmpi']['transaction_id'] = (string) $cmpi->TransactionId;
        $_SESSION['cmpi']['eci_flag'] = (string) $cmpi->EciFlag;
    }
    if ($err_no == 0 && $_SESSION['cmpi']['enrolled'] == 'Y' && !empty($acs_url)) {
        $sess = '&' . SESS_NAME . '=' . Session::get_id();
        $_SESSION['cmpi']['acs_url'] = $acs_url;
        $_SESSION['cmpi']['order_id'] = $order_info['order_id'];
        $_SESSION['cmpi']['frame_data'] = array('PaReq' => (string) $cmpi->Payload, 'TermUrl' => Registry::get('config.current_location') . '/' . INDEX_SCRIPT . '?dispatch=payment_notification.bank&payment=cmpi' . $sess, 'MD' => '');
        $frame_src = Registry::get('config.current_location') . '/' . INDEX_SCRIPT . '?dispatch=payment_notification.frame&payment=cmpi' . $sess;
        $msg = fn_get_lang_var('text_cmpi_frame_message');
        $back_link_msg = fn_get_lang_var('text_cmpi_go_back');
        $dispatch = MODE == 'repay' ? 'orders.details&order_id=' . $order_info['order_id'] : 'checkout.checkout';
        $back_link = Registry::get('config.current_location') . '/' . INDEX_SCRIPT . '?dispatch=' . $dispatch . $sess;
        echo <<<EOT
<table width="100%" cellspacing="0" cellpadding="0">
\t<tr>
    \t<td valign="top" align="center">
    \t\t<div style="width:500px;">
\t    \t\t{$msg}
\t\t\t\t<br /><br />
\t\t\t</div>
    \t</td>
    </tr>
\t<tr>
    \t<td valign="top" align="center">
\t\t\t<iframe width="420" height="420" marginwidth="0" marginheight="0" src="{$frame_src}"></iframe><br />
\t\t\t<br />
\t\t\t<div>
\t\t\t\t<a href="{$back_link}>{$back_link_msg}</a>
\t\t\t</div>
\t\t</td>
\t</tr>
</table>
EOT;
        exit;
    } else {
        $_SESSION['cmpi']['err_no'][0] = $err_no;
        $_SESSION['cmpi']['err_desc'][0] = $err_desc;
        define('DO_DIRECT_PAYMENT', true);
    }
    return true;
}
Beispiel #12
0
fn_init_user();
// Third-level (a) cache: different for dispatch-user-language-currency
define('CACHE_LEVEL_USER', AREA . '_' . $_SERVER['REQUEST_METHOD'] . '_' . str_replace('.', '_', $_REQUEST['dispatch']) . '.' . (!empty($_SESSION['auth']['usergroup_ids']) ? implode('_', $_SESSION['auth']['usergroup_ids']) : '') . '.' . (defined('CART_LOCALIZATION') ? CART_LOCALIZATION . '_' : '') . CART_LANGUAGE . '.' . CART_SECONDARY_CURRENCY);
// Third-level (b) cache: different for user(logged in/not)-usergroup-language-currency
define('CACHE_LEVEL_LOCALE_AUTH', AREA . '_' . $_SERVER['REQUEST_METHOD'] . '_' . (!empty($_SESSION['auth']['user_id']) ? 1 : 0) . '.' . (!empty($_SESSION['auth']['usergroup_ids']) ? implode('_', $_SESSION['auth']['usergroup_ids']) : '') . (defined('CART_LOCALIZATION') ? CART_LOCALIZATION . '_' : '') . CART_LANGUAGE . '.' . CART_SECONDARY_CURRENCY);
// Set timezone
date_default_timezone_set(Registry::get('settings.Appearance.timezone'));
// Set root template
Registry::set('root_template', 'index.tpl');
if (defined('SKINS_PANEL')) {
    Registry::get('view')->assign('demo_skin', Registry::get('demo_skin'));
}
// URL's assignments
Registry::set('config.current_url', Registry::get('config.' . AREA_NAME . '_index') . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''));
Registry::get('view')->assign('controller', CONTROLLER);
Registry::get('view')->assign('mode', MODE);
Registry::get('view')->assign('action', ACTION);
Registry::get('view')->assign('demo_username', Registry::get('config.demo_username'));
Registry::get('view')->assign('demo_password', Registry::get('config.demo_password'));
Registry::get('view')->assign('settings', Registry::get('settings'));
Registry::get('view')->assign('addons', Registry::get('addons'));
Registry::get('view')->assign('config', Registry::get('config'));
Registry::get('view')->assign('_REQUEST', $_REQUEST);
// we need escape the request array too (access via $smarty.request in template)
Registry::get('view')->assign('SESS_ID', Session::get_id());
// Mail template assignments
Registry::get('view_mail')->assign('addons', Registry::get('addons'));
Registry::get('view_mail')->assign('settings', Registry::get('settings'));
Registry::get('view_mail')->assign('config', Registry::get('config'));
// init content search
fn_init_search();
Beispiel #13
0
    if ($_REQUEST['transStatus'] == 'Y') {
        $pp_response["reason_text"] = $_REQUEST['rawAuthMessage'];
        $pp_response["transaction_id"] = $_REQUEST['transId'];
        $pp_response['descr_avs'] = "CVV (Security Code): " . $avs_res[substr($_REQUEST['AVS'], 0, 1)] . "; Postcode: " . $avs_res[substr($_REQUEST['AVS'], 1, 1)] . "; Address: " . $avs_res[substr($_REQUEST['AVS'], 2, 1)] . "; Country: " . $avs_res[substr($_REQUEST['AVS'], 3)];
    }
    if (!empty($_REQUEST['testMode'])) {
        $pp_response["reason_text"] .= "; This a TEST Transaction";
    }
    fn_finish_payment($order_id, $pp_response, false);
    echo "<head><meta http-equiv='refresh' content='0; url=" . Registry::get('config.current_location') . "/{$index_script}?dispatch=payment_notification.notify&payment=worldpay&order_id={$order_id}'></head><body><wpdisplay item=banner></body>";
} else {
    if (!defined('AREA')) {
        die('Access denied');
    }
    $_order_id = $order_info['repaid'] ? $order_id . '_' . $order_info['repaid'] : $order_id;
    $s_id = Session::get_id();
    $sess_name = SESS_NAME;
    $card_holder = $processor_data['params']['test'] == $mode_test_declined ? $card_holder_for_declined_test : $order_info['b_firstname'] . ' ' . $order_info['b_lastname'];
    $test_mode_id = $processor_data['params']['test'] == $mode_test_declined ? $mode_test : $processor_data['params']['test'];
    echo <<<EOT
<html>
<body onLoad="javascript: document.process.submit();">
<form method="post" action="https://secure.wp3.rbsworldpay.com/wcc/purchase" name="process">
\t<input type="hidden" name="instId" value="{$processor_data['params']['account_id']}" />
\t<input type="hidden" name="cartId" value="{$_order_id}" />
\t<input type="hidden" name="amount" value="{$order_info['total']}" />
\t<input type="hidden" name="currency" value="{$processor_data['params']['currency']}" />
\t<input type="hidden" name="testMode" value="{$test_mode_id}" />
\t<input type="hidden" name="authMode" value="{$processor_data['params']['authmode']}" />
\t<input type="hidden" name="name" value="{$card_holder}" />
\t<input type="hidden" name="tel" value="{$order_info['phone']}" />
Beispiel #14
0
    echo "</td><td><strong>" . $set->get_name() . "</strong><br /><span class=\"description\">" . $set->get_description() . "</span></td>";
    $station_aw = DigiplayDB::select("val FROM configuration WHERE parameter = 'station_aw_set' AND location = '1'");
    if (!($set->get_id() == (int) $station_aw)) {
        if ($set->user_can_delete() || Session::is_group_user('Audiowalls Admin')) {
            echo "<td class=\"delete-aw-btn\" data-aw-name=\"" . $set->get_name() . "\" data-dps-set-id=\"" . $set->get_id() . "\" style=\"width:65px\"><a href=\"#\" class=\"btn btn-danger\">Delete</a></td>";
        } else {
            echo "<td style=\"width:65px\"></td>";
        }
    } else {
        echo "<td style=\"width:65px\"></td>";
    }
    if ($set->user_can_edit() || Session::is_group_user('Audiowalls Admin')) {
        echo "<td style=\"width:65px\"><a href=\"edit.php?id=" . $set->get_id() . "\" class=\"btn btn-primary\">Edit</a></td>";
    } else {
        echo "<td style=\"width:65px\"></td>";
    }
    echo "<td style=\"width:185px\">";
    if ($set->get_id() == $active) {
        echo "<a href=\"#\" class=\"btn btn-success disabled\" id=\"active-aw\" data-user-id=\"" . Session::get_id() . "\" onclick=\"javascript: return false;\">Active Personal Audiowall</a>";
    } else {
        echo "<a href=\"#\" data-aw-id=\"" . $set->get_id() . "\" class=\"btn btn-default set-personal-audiowall\" onclick=\"javascript: return false;\">Use as Personal Audiowall</a>";
    }
    echo "</td></tr>";
}
echo "</tbody></table></div>";
echo Bootstrap::modal("add-audiowall-modal", "\n\t\t<form class=\"form-horizontal\" action=\"?\" method=\"POST\">\n\t\t\t<fieldset>\n\t\t\t\t<div class=\"control-group\">\n\t\t\t\t\t<label class=\"control-label\" for=\"audiowall-name\">Audiowall Name</label>\n\t\t\t\t\t<div class=\"controls\">\n\t\t\t\t\t\t<input type=\"text\" class=\"form-control add_aw_text\" id=\"audiowall-name\" placeholder=\"Enter audiowall title.\">\n\t\t\t\t\t</div>\n\t\t\t\t\t<br>\n\t\t\t\t\t<label class=\"control-label\" for=\"audiowall-description\">Audiowall Description</label>\n\t\t\t\t\t<div class=\"controls\">\n\t\t\t\t\t\t<textarea class=\"form-control add_aw_text\" id=\"audiowall-description\" placeholder=\"Enter audiowall description.\"></textarea>\n\t\t\t\t\t</div>\n\t\t\t\t</div>\n\t\t\t</fieldset>\n\t\t\t<input type=\"hidden\"class=\"update-id\" name=\"updateid\">\n\t\t</form>\n\t", "Create New Audiowall", "<a class=\"btn btn-success\" id=\"create-audiowall\" href=\"#\">Create New Audiowall</a><a class=\"btn btn-default\" data-dismiss=\"modal\">Cancel</a>");
echo "<div id=\"delete-audiowall-modal\" class=\"modal fade\">\n  <div class=\"modal-dialog\">\n    <div class=\"modal-content\"> \n      <div class=\"modal-header\">\n        <button type=\"button\" class=\"close\" data-dismiss=\"modal\" aria-hidden=\"true\">&times;</button><h4 class=\"modal-title\">Delete Audiowall</h4>\n      </div>\n      <div class=\"modal-body\">\n        <div class=\"row\">\n          <div class=\"col-md-8\">\n            Are you sure you want to delete the page: \n          </div>\n          <div class=\"col-md-4\" id=\"wall-to-delete\"></div>\n      </div>\n      <p>&nbsp;</p>\n      <div class=\"modal-footer clearfix\">\n        <a href=\"#\" class=\"btn btn-primary\">Yes</a>\n        <a href=\"#\" class=\"btn btn-danger\">No</a>\n      </div>\n    </div>\n  </div>\n</div>\n</div>";
echo "<script type=\"text/javascript\">\n\t\t\$('.delete-aw-btn').click(function(){\n\t\t\t\$('#wall-to-delete').html(\$(this).data('aw-name'));\n\t\t\t\$('#wall-to-delete').attr('data-dps-aw-set', \$(this).data('dps-set-id'));\n\t\t\t\$('#delete-audiowall-modal').modal('show');\n\t\t});\n\t\t\$('#delete-audiowall-modal .btn-danger').click(function(){\n\t\t\t\$('#delete-audiowall-modal').modal('hide');\n\t\t});\n\t\t\$('#delete-audiowall-modal .btn-primary').click(function(){\n\t\t\t\$('#delete-audiowall-modal .btn-primary').addClass(\"disabled\");\n\t\t\t\$.ajax({\n\t\t\t\turl: '" . LINK_ABS . "ajax/delete-audiowall-set.php',\n\t\t\t\tdata: { setid: \$('#wall-to-delete').attr('data-dps-aw-set') },\n\t\t\t\ttype: 'POST',\n\t\t\t\terror: function(xhr,text,error) {\n\t\t\t\t\tvalue = \$.parseJSON(xhr.responseText);\n\t\t\t\t\talert(value.error);\n\t\t\t\t},\n\t\t\t\tsuccess: function(data,text,xhr) {\n\t\t\t\t\twindow.location.reload(true); \n\t\t\t\t}\n\t\t\t});\n\t\t});\n\t\t</script>\n\t\t";
echo "<script type=\"text/javascript\">\n\t\tboxes = \$('#create');\n\t\tboxes.click(function(){\n\t\t\t\$('#add-audiowall-modal').modal('show');\n\t\t});\n\t\t\n\t\tfunction add_aw() {\n\t\t\tif (\$('#audiowall-description').val() == \"\" || \$('#audiowall-name').val() == \"\") {\n\t\t\t\talert(\"Audiowalls must have both name and description!\");\n\t\t\t\treturn false;\n\t\t\t} else {\n\t\t\t\t\$.ajax({\n\t\t\t\t\turl: '" . LINK_ABS . "ajax/add-audiowall-set.php',\n\t\t\t\t\tdata: { awname: \$('#audiowall-name').val().replace(\"'\", \"''\"), awdescription: \$('#audiowall-description').val().replace(\"'\", \"''\") },\n\t\t\t\t\ttype: 'POST',\n\t\t\t\t\terror: function(xhr,text,error) {\n\t\t\t\t\t\tvalue = \$.parseJSON(xhr.responseText);\n\t\t\t\t\t\talert(value.error);\n\t\t\t\t\t},\n\t\t\t\t\tsuccess: function(data,text,xhr) {\n\t\t\t\t\t\twindow.location.reload(true); \n\t\t\t\t\t}\n\t\t\t\t});\n\t\t\t}\n\t\t\treturn false;\n\t\t}\n\n\t\t\$('#create-audiowall').click(function() {\n\t\t\tadd_aw();\n\t\t});\n\n\t\t\$('.add_aw_text').on('keypress', function(e) {\n \t\t\t\tvar code = (e.keyCode ? e.keyCode : e.which);\n \t\t\t\tif(code == 13) {\n   \t\t\t\t\tadd_aw();\n   \t\t\t\t\te.preventDefault();\n \t\t\t\t}\n\t\t\t});\t\n</script>";
echo "<script type=\"text/javascript\">\n\t\$('.set-personal-audiowall').click(function(){\n\t\t\t\t\$.ajax({\n\t\t\t\t\turl: '" . LINK_ABS . "ajax/update-audiowall-config.php',\n\t\t\t\t\tdata: { awid: \$(this).attr('data-aw-id'), userid: " . Session::get_id() . "},\n\t\t\t\t\ttype: 'POST',\n\t\t\t\t\terror: function(xhr,text,error) {\n\t\t\t\t\t\tvalue = \$.parseJSON(xhr.responseText);\n\t\t\t\t\t\talert(value.error);\n\t\t\t\t\t},\n\t\t\t\t\tsuccess: function(data,text,xhr) {\n\t\t\t\t\t\twindow.location.reload(true); \n\t\t\t\t\t}\n\t\t\t\t});\n\t\t\t});\n</script>";
    // Form a surcharge part of the payment
    if (!empty($_payment_id)) {
        $_data = db_get_row("SELECT a_surcharge, p_surcharge FROM ?:payments WHERE payment_id = ?i", $_payment_id);
        $cart['payment_surcharge'] = 0;
        if (floatval($_data['a_surcharge'])) {
            $cart['payment_surcharge'] += $_data['a_surcharge'];
        }
        if (floatval($_data['p_surcharge'])) {
            $cart['payment_surcharge'] += fn_format_price($cart['total'] * $_data['p_surcharge'] / 100);
        }
        if (!empty($cart['payment_surcharge'])) {
            $_items .= "\n\t\t\t  <item>\n\t\t\t\t<item-name>" . fn_get_lang_var('surcharge') . "</item-name>\n\t\t\t\t<item-description>" . fn_get_lang_var('surcharge_for_the_payment') . "</item-description>\n\t\t\t\t<unit-price currency='" . $_currency . "'>" . $cart['payment_surcharge'] . "</unit-price>\n\t\t\t\t<quantity>1</quantity>\n\t\t\t\t<tax-table-selector>no_tax</tax-table-selector>\n\t\t\t  </item>";
        }
    }
    // The cart in XML format
    $xml_cart = "<?xml version='1.0' encoding='UTF-8'?>\n\t<checkout-shopping-cart xmlns='http://checkout.google.com/schema/2'>\n\t  <shopping-cart>\n\t\t<merchant-private-data>\n\t\t  <additional_data>\n\t\t   <session_id>" . Session::get_id() . "</session_id>\n\t\t   <currency_code>" . $_currency . "</currency_code>" . $private_ship_data . "</additional_data>\n\t\t</merchant-private-data>\n\t\t<items>" . $_items . "</items>\n\t  </shopping-cart>\n\t  <checkout-flow-support>\n\t\t<merchant-checkout-flow-support>\n\t\t  <platform-id>971865505315434</platform-id>\n\t\t  <request-buyer-phone-number>true</request-buyer-phone-number>\n\t\t  <edit-cart-url>" . $edit_cart_url . "</edit-cart-url>\n\t\t  <merchant-calculations>\n\t\t\t<merchant-calculations-url>" . $calculation_url . "</merchant-calculations-url>\n\t\t\t" . fn_google_coupons_calculation($cart) . "\n\t\t  </merchant-calculations>\n\t\t  <continue-shopping-url>" . $return_url . "</continue-shopping-url>\n\t\t" . $shippings . $taxes . "\n\t\t</merchant-checkout-flow-support>\n\t  </checkout-flow-support>\n\t</checkout-shopping-cart>";
    $signature = fn_calc_hmac_sha1($xml_cart, $processor_data['params']['merchant_key']);
    $b64_cart = base64_encode($xml_cart);
    $b64_signature = base64_encode($signature);
    $checkout_buttons[] = '
	<html>
	<body>
	<form method="post" action="' . $checkout_url . '" name="BB_BuyButtonForm">
		<input type="hidden" name="cart" value="' . $b64_cart . '" />
		<input type="hidden" name="signature" value="' . $b64_signature . '" />
		<input alt="" src="' . $base_domain . '/buttons/checkout.gif?merchant_id=' . $processor_data['params']['merchant_id'] . '&amp;w=160&amp;h=43&amp;style=' . $processor_data['params']['button_type'] . '&amp;variant=text&amp;loc=en_US" type="image"/>
		</form>
	 </body>
	</html>';
}
//
Beispiel #16
0
/**
* Generate security hash to protect forms from CRSF attacks
*
* @return string salted hash
*/
function fn_generate_security_hash()
{
    if (empty($_SESSION['security_hash'])) {
        $_SESSION['security_hash'] = md5($config['crypt_key'] . Session::get_id());
    }
    return $_SESSION['security_hash'];
}
<?php

$fault = new Fault();
// Get the current users ID for the submission
$fault->set_author(Session::get_id());
// Grab content
$fault->set_content($_REQUEST['content']);
// Set default status to unread
$fault->set_status(1);
// Current time and date added to record
$fault->set_postdate(time());
$fault->save();
if (Errors::occured()) {
    http_response_code(400);
    exit(json_encode(array("error" => "Something went wrong. You may have discovered a bug!", "detail" => Errors::report("array"))));
    Errors::clear();
} else {
    exit(json_encode(array('response' => 'success', 'id' => $fault->get_id())));
}
Beispiel #18
0
        } elseif ($mode == 'finish') {
            $order_info = fn_get_order_info($order_id);
            if ($order_info['status'] == 'O') {
                $pp_response = array();
                $pp_response['order_status'] = 'F';
                $pp_response['reason_text'] = fn_get_lang_var('merchant_response_was_not_received');
                $pp_response['transaction_id'] = '';
                fn_finish_payment($order_id, $pp_response);
            }
            fn_order_placement_routines($order_id, false);
        }
    }
} else {
    $current_location = Registry::get('config.current_location');
    $lang_code = CART_LANGUAGE == 'TH' ? 'TH' : 'EN';
    $sess = '&' . SESS_NAME . '=' . Session::get_id();
    $_SESSION['thaiepay_refno'] = $order_id;
    echo <<<EOT
<html>
<body onLoad="document.process.submit();">
<form method="post" action="https://www.thaiepay.com/epaylink/payment.aspx" name="process">
\t<input type="hidden" name="refno" value="{$order_id}">
\t<input type="hidden" name="merchantid" value="{$processor_data['params']['merchantid']}">
\t<input type="hidden" name="customeremail" value="{$order_info['email']}">
\t<input type="hidden" name="productdetail" value="{$processor_data['params']['details']}">
\t<input type="hidden" name="total" value="{$order_info['total']}">
\t<input type="hidden" name="cc" value="{$processor_data['params']['currency']}">
\t<input type="hidden" name="lang" value="{$lang_code}">
\t<input type="hidden" name="returnurl" value="{$current_location}/{$index_script}?dispatch=payment_notification.finish&payment=thaiepay&refno={$order_id}{$sess}">
EOT;
    $msg = fn_get_lang_var('text_cc_processor_connection');
Beispiel #19
0
    $view->assign('user_types', fn_get_user_types());
    $view->assign('countries', fn_get_countries(CART_LANGUAGE, true));
    $view->assign('states', fn_get_all_states());
    $view->assign('usergroups', fn_get_usergroups('F', DESCR_SL));
} elseif ($mode == 'act_as_user') {
    if (fn_is_restricted_admin($_REQUEST) == true) {
        return array(CONTROLLER_STATUS_DENIED);
    }
    $condition = fn_get_company_condition();
    $user_data = db_get_row("SELECT * FROM ?:users WHERE user_id = ?i {$condition}", $_REQUEST['user_id']);
    if (!empty($user_data)) {
        $user_type = empty($_REQUEST['area']) ? $user_data['user_type'] == 'A' ? 'A' : 'C' : $_REQUEST['area'];
        // 'area' variable was used for loging in to the area different from the user type.
        $sess_data = array('auth' => fn_fill_auth($user_data, array(), true, $user_type));
        fn_init_user_session_data($sess_data, $_REQUEST['user_id']);
        Session::save(Session::get_id(), $sess_data, $user_type);
        return array(CONTROLLER_STATUS_REDIRECT, $user_type == 'A' ? Registry::get('config.admin_index') : Registry::get('config.customer_index'));
    }
} elseif ($mode == 'picker') {
    $params = $_REQUEST;
    $params['exclude_user_types'] = array('A', 'S');
    $params['skip_view'] = 'Y';
    list($users, $search) = fn_get_users($params, $auth, Registry::get('settings.Appearance.admin_elements_per_page'));
    $view->assign('users', $users);
    $view->assign('search', $search);
    $view->assign('countries', fn_get_countries(CART_LANGUAGE, true));
    $view->assign('states', fn_get_all_states());
    $view->assign('usergroups', fn_get_usergroups('F', CART_LANGUAGE));
    $view->display('pickers/users_picker_contents.tpl');
    exit;
} elseif ($mode == 'update' || $mode == 'add') {