/**
* WARNING: UNCHECKED ACCESS! On purpose unchecked access for M2M operations
* Generates the HTML to display for a specific component-like page for the tab. WARNING: unchecked access !
* @param TabTable|null $tab the tab database entry
* @param UserTable $user the user being displayed
* @param int $ui 1 for front-end, 2 for back-end
* @param array $postdata _POST data for saving edited tab content as generated with getEditTab
* @return mixed either string HTML for tab content, or false if ErrorMSG generated
*/
public function getTabComponent( /** @noinspection PhpUnusedParameterInspection */ $tab, $user, $ui, $postdata ) {
global $_CB_database, $_CB_framework, $_POST;
$return = '';
$paid = false;
$oldignoreuserabort = ignore_user_abort(true);
$allowHumanHtmlOutput = true; // this will be reverted in case of M2M server-to-server notifications
$act = $this->base->_getReqParam( 'act' );
$actPosted = isset($_POST[$this->base->_getPagingParamName('act')]);
if ( $act === null ) {
$act = $this->base->input( 'act', null, GetterInterface::COMMAND );
$actPosted = $this->base->input( 'post/act', null, GetterInterface::COMMAND ) !== null;
}
$post_user_id = (int) cbGetParam( $_GET, 'user', 0 );
if ( $actPosted && ( $post_user_id > 0 ) ) {
$access = false;
$myId = $_CB_framework->myId();
if ( is_object( $user ) ) {
if ( $myId == 0 ) {
if ( in_array( $act, array( 'saveeditinvoiceaddress', 'saveeditbasketintegration', 'showbskt' ) ) ) {
$access = true;
} else {
$paidsubsManager =& cbpaidSubscriptionsMgr::getInstance();
if ( ! $paidsubsManager->checkExpireMe( __FUNCTION__, $user->id, false ) ) {
// expired subscriptions: we will allow limited access to:
if ( in_array( $act, array( 'upgrade', 'pay', 'reactivate', 'resubscribe', 'display_subscriptions' ) ) ) {
$access = true;
}
}
}
} else {
if ( ( $ui == 1 && ( $user->id == $myId ) )
|| ( cbpaidApp::authoriseAction( 'cbsubs.usersubscriptionmanage' ) ) ) {
$access = true;
}
}
} else {
$return = CBPTXT::T("User does not exist") . '.';
}
if ( ! $access ) {
$return .= '<br />' . CBPTXT::T("Not authorized action") . '.';
return $return;
}
cbSpoofCheck( 'plugin' ); // anti-spoofing check
// renew or upgrade subscription payment form:
$params = $this->params;
$now = $_CB_framework->now();
$subscriptionsGUI = new cbpaidControllerUI();
$subscriptionIds = $subscriptionsGUI->getEditPostedBoxes( 'id' );
if ( $subscriptionIds == array( 0 ) ) {
$subscriptionIds = array();
}
if ( $post_user_id && ( $user->id == $post_user_id ) ) {
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
switch ( $act ) {
case 'upgrade': // upgrade an existing subscription
// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$chosenPlans = $subscriptionsGUI->getAndCheckChosenUpgradePlans( $postdata, $user, $now );
if ( ( ! is_array( $chosenPlans ) ) || ( count( $chosenPlans ) == 0 ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= ( is_string( $chosenPlans ) ? $chosenPlans . '<br />' : '' )
. sprintf( CBPTXT::Th("Please press back button and select the %s plan to which you would like to upgrade."), $subTxt );
break;
}
$introText = CBPTXT::Th( $params->get( 'intro_text_upgrade', null ) );
//TBD: check if already exists (reload protection):
$paymentBasket = cbpaidControllerOrder::createSubscriptionsAndPayment( $user, $chosenPlans, $postdata, $subscriptionIds, null, 'R', CBPTXT::T("Upgrade"), 'U' );
if ( is_object( $paymentBasket ) ) {
$return = cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$return = $paymentBasket; // show messages as nothing to pay.
}
break;
case 'pay': // pay for an unpaid subscription
// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$plan = $this->base->_getReqParam( 'plan' );
if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
break;
}
$plansMgr =& cbpaidPlansMgr::getInstance();
$chosenPlans = array();
$chosenPlans[(int) $plan] = $plansMgr->loadPlan( (int) $plan );
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$paymentStatus = null;
$return = cbpaidControllerOrder::showPaymentForm( $user, $chosenPlans, $introText, $subscriptionIds, $paymentStatus );
break;
case 'renew': // renew a still valid subscription
case 'reactivate': // reactivate an expired subscription
case 'resubscribe': // resubscribe a cancelled subscription
// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$plan = $this->base->_getReqParam( 'plan' );
if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
break;
}
$plansMgr =& cbpaidPlansMgr::getInstance();
$chosenPlans = array();
$chosenPlans[(int) $plan] = $plansMgr->loadPlan( (int) $plan );
$paidSomethingMgr =& cbpaidSomethingMgr::getInstance();
$subscription = $paidSomethingMgr->loadSomething( $subscriptionIds[$plan][0], $subscriptionIds[$plan][1] );
global $_PLUGINS;
$_PLUGINS->loadPluginGroup( 'user', 'cbsubs.' );
$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin');
$_PLUGINS->trigger( 'onCPayAfterPlanRenewalSelected', array( &$chosenPlans[(int) $plan], &$subscription, $act ) );
if ( $_PLUGINS->is_errors() ) {
$return .= $_PLUGINS->getErrorMSG();
break;
}
$introText = CBPTXT::Th( $params->get( 'intro_text_renew', null ) );
//TBD: check if already exists (reload protection):
$paymentBasket = cbpaidControllerOrder::createSubscriptionsAndPayment( $user, $chosenPlans, $postdata, $subscriptionIds, null, null, CBPTXT::T("Renew"), 'R' );
if ( is_object( $paymentBasket ) ) {
$return = cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$return = $paymentBasket; // show messages as nothing to pay.
}
break;
case 'unsubscribe': // request to unsubscribe an active subscription
// display unsubscribe confirmation form:
$plan = $this->base->_getReqParam( 'plan' );
if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
break;
}
$introText = CBPTXT::Th( $params->get( 'unsubscribe_intro_text' , null ) );
$return = $subscriptionsGUI->showUnsubscribeForm( $user, $introText, (int) $plan, (int) $subscriptionIds[$plan][1] );
break;
case 'confirm_unsubscribe': // confirm previous request to unsubscribe an active subscription
// unsubscribe confirmed:
$plan = $this->base->_getReqParam( 'plan' );
if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
break;
}
if ( ( $plan ) && ( count( $subscriptionIds ) == 1 ) ) {
$unsubscribeConfText = CBPTXT::Th( $params->get( 'unsubscribe_confirmation_text', null ) );
$return = cbpaidControllerOrder::doUnsubscribeConfirm( $user, $unsubscribeConfText, (int) $plan, (int) $subscriptionIds[$plan][1] );
}
break;
case 'display_subscriptions':
// unsubscribe cancelled: display subscriptions:
$return = $this->base->displayUserTab( $user );
break;
case 'showinvoice':
// shows a particular user invoice:
if ( $params->get( 'show_invoices', 1 ) ) {
$invoiceNo = $this->base->_getReqParam( 'invoice' );
$return = $this->showInvoice( $invoiceNo, $user );
}
break;
case 'saveeditinvoiceaddress':
case 'editinvoiceaddress': // this is the case of reload of invoicing address
$invoicingAddressQuery = $params->get( 'invoicing_address_query' );
if ( $invoicingAddressQuery > 0 ) {
$basketId = $this->base->_getReqParam( 'basket', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
if ( ( $act == 'saveeditinvoiceaddress' ) && $this->base->input( 'actbutton', null, GetterInterface::COMMAND ) ) { // IE7-8 will return text instead of value and IE6 will return button all the time http://www.dev-archive.net/articles/forms/multiple-submit-buttons.html
$return = $paymentBasket->saveInvoicingAddressForm( $user );
if ( $return === null ) {
$paymentBasket->storeInvoicingDefaultAddress();
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
}
} else {
// invoice has reloaded itself (e.g. for country change):
$return = $paymentBasket->renderInvoicingAddressForm( $user );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'saverecordpayment':
case 'editrecordpayment': // this is the case of reload of the form
$basketId = $this->base->_getReqParam( 'basket', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status != 'Completed' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
if ( $paymentBasket->authoriseAction( 'cbsubs.recordpayments' ) ) {
if ( ( $act == 'saverecordpayment' ) && $this->base->input( 'actbutton', null, GetterInterface::COMMAND ) ) { // IE7-8 will return text instead of value and IE6 will return button all the time http://www.dev-archive.net/articles/forms/multiple-submit-buttons.html
$return = cbpaidRecordBasketPayment::saveRecordPayment( $paymentBasket->id );
if ( $return === null ) {
$return .= CBPTXT::T("Payment recorded.")
. ' <a href="' . $_CB_framework->userProfileUrl( $paymentBasket->user_id, true ) . '">'
. CBPTXT::Th("View user profile")
. '</a>';
}
} else {
// invoice has reloaded itself (e.g. for country change):
$return = cbpaidRecordBasketPayment::displayRecordPaymentForm( $paymentBasket->id );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
break;
default:
cbNotAuth();
return '';
break;
}
}
} elseif ( $this->base->_getReqParam( 'account' ) && ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) {
$account = $this->base->_getReqParam( 'account' );
$post_user_id = (int) cbGetParam( $_GET, 'user', 0 );
$user = CBuser::getUserDataInstance( (int) $post_user_id );
if ( $user->id ) {
if ( isset( $_SESSION['cbsubs']['expireduser'] ) && ( $_SESSION['cbsubs']['expireduser'] == $user->id ) ) {
// expired subscriptions of membership: show possibilities:
$subscriptionsGUI = new cbpaidControllerUI();
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
switch ( $account ) {
case 'expired':
$paidsubsManager =& cbpaidSubscriptionsMgr::getInstance();
if ( ! $paidsubsManager->checkExpireMe( __FUNCTION__, $user->id, false ) ) {
// no valid membership:
$return = $subscriptionsGUI->getShowSubscriptionUpgrades( $user, true );
}
break;
default:
break;
}
} else {
$return = CBPTXT::Th("Browser cookies must be enabled.");
}
}
} elseif ( in_array( $act, array( 'setbsktpmtmeth', 'setbsktcurrency' ) ) ) {
cbSpoofCheck( 'plugin' ); // anti-spoofing check
$params = $this->params;
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
$basketId = $this->base->_getReqParam( 'bskt', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
switch ( $act ) {
case 'setbsktpmtmeth':
if ( $params->get( 'payment_method_selection_type' ) == 'radios' ) {
$chosenPaymentMethod = cbGetParam( $_POST, 'payment_method' );
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return = $paymentBasket->saveBasketPaymentMethodForm( $user, $introText, $chosenPaymentMethod );
if ( $return === null ) {
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'setbsktcurrency':
if ( $params->get( 'allow_select_currency', '0' ) ) {
$newCurrency = cbGetParam( $_POST, 'currency' );
if ( $newCurrency ) {
if ( in_array( $newCurrency, cbpaidControllerPaychoices::getInstance()->getAllCurrencies() ) ) {
$paymentBasket->changeCurrency( $newCurrency );
} else {
$this->base->_setErrorMSG( CBPTXT::T("This currency is not allowed") );
}
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Changes of currency of orders are not authorized") );
}
break;
default:
cbNotAuth();
return '';
break;
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
} elseif ( $act == 'cbsubsclass' ) {
$pluginName = $this->base->_getReqParam( 'class' );
if ( preg_match( '/^[a-z]+$/', $pluginName ) ) {
$element = 'cbsubs.' . $pluginName;
global $_PLUGINS;
$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin', $element );
$loadedPlugins =& $_PLUGINS->getLoadedPluginGroup( 'user/plug_cbpaidsubscriptions/plugin' );
$params = $this->params;
foreach ($loadedPlugins as $p ) {
if ( $p->element == $element ) {
$pluginId = $p->id;
$args = array( &$user, &$params, &$postdata );
/** @noinspection PhpUndefinedCallbackInspection */
$return = $_PLUGINS->call( $pluginId, 'executeTask', 'getcbsubs' . $pluginName . 'Tab', $args, null );
break;
}
}
}
} elseif ( $act && ( ! in_array( $act, array( 'showbskt', 'setbsktpmtmeth' ) ) ) && ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) {
if ( ! is_object( $user ) ) {
return CBPTXT::T("User does not exist.");
}
$params = $this->params;
$post_user_id = (int) cbGetParam( $_GET, 'user', 0 );
if ( $post_user_id && ( ( $user->id == $post_user_id ) || ( cbpaidApp::authoriseAction( 'cbsubs.usersubscriptionmanage' ) ) ) ) {
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
switch ( $act ) {
case 'showinvoice':
if ( $params->get( 'show_invoices', 1 ) ) {
$invoiceNo = $this->base->_getReqParam( 'invoice', 0 );
// This also checks for cbpaidApp::authoriseAction on cbsubs.sales or cbsubs.financial access permissions:
$return = $this->showInvoice( $invoiceNo, $user );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'showinvoiceslist':
$showInvoices = $params->get( 'show_invoices', 1 );
$invoicesShowPeriod = $params->get( 'invoices_show_period', '0000-06-00 00:00:00' );
$itsmyself = ( $_CB_framework->myId() == $user->id );
if ( $showInvoices && ( $itsmyself || ( cbpaidApp::authoriseAction( 'cbsubs.sales' ) || cbpaidApp::authoriseAction( 'cbsubs.financial' ) ) ) ) {
$subscriptionsGUI = new cbpaidControllerUI();
$invoices = $this->_getInvoices( $user, $invoicesShowPeriod, false );
if ( $invoicesShowPeriod && ( $invoicesShowPeriod != '0000-00-00 00:00:00' ) ) {
$cbpaidTimes =& cbpaidTimes::getInstance();
$periodText = $cbpaidTimes->renderPeriod( $invoicesShowPeriod, 1, false );
} else {
$periodText = '';
}
$return .= $subscriptionsGUI->showInvoicesList( $invoices, $user, $itsmyself, $periodText );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'editinvoiceaddress': // this is the case of the initial edit address link
if ( $params->get( 'invoicing_address_query' ) > 0 ) {
$basketId = $this->base->_getReqParam( 'basket', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
$return = $paymentBasket->renderInvoicingAddressForm( $user );
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'showrecordpayment':
$paymentBasketId = $this->base->_getReqParam( 'recordpayment', 0 );
if ( $paymentBasketId ) {
$paymentBasket = new cbpaidPaymentBasket();
if ( $paymentBasket->load( (int) $paymentBasketId ) && $paymentBasket->authoriseAction( 'cbsubs.recordpayments' ) ) {
// Auto-loads class: and authorization is checked inside:
$return = cbpaidRecordBasketPayment::displayRecordPaymentForm( $paymentBasketId );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
default:
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
break;
}
}
} elseif ( $act == 'showbskt' && ( ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) || ( $this->base->_getReqParam( 'bskt', 0 ) && $this->base->_getReqParam( 'bck' ) ) ) {
$basketId = $this->base->_getReqParam( 'bskt', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
// Basket integrations saving/editing url:
if ( in_array($act, array( 'saveeditbasketintegration', 'editbasketintegration' ) ) ) { // edit is the case of edit or reload of integration form
$integration = $this->base->_getReqParam( 'integration' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( preg_match( '/^[a-z]+$/', $integration ) && $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
global $_PLUGINS;
$element = 'cbsubs.' . $integration;
$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin', $element );
$results = $_PLUGINS->trigger( 'onCPayEditBasketIntegration', array( $integration, $act, &$paymentBasket ) );
$return = null;
foreach ( $results as $r ) {
if ( $r ) {
$return .= $r;
}
}
if ( $act == 'editbasketintegration' ) {
if ( $return !== null ) {
return $return;
}
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
}
$post_user_id = (int) cbGetParam( $_GET, 'user', 0 );
if ( $post_user_id && ! ( ( is_object( $user ) && ( $user->id == $post_user_id ) ) ) ) {
return CBPTXT::T("User does not exist.");
}
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
$params = $this->params;
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) ) {
if ( ! $post_user_id ) {
$cbUser =& CBuser::getInstance( (int) $paymentBasket->user_id );
$user =& $cbUser->getUserData();
if ( ( ! is_object( $user ) ) || ! $user->id ) {
return CBPTXT::T("User does not exist.");
}
}
if ( ( $hashToCheck && $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) )
|| ( ( ! $hashToCheck ) && $paymentBasket->user_id && ( $paymentBasket->user_id == $_CB_framework->myId() ) ) )
{
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
// } elseif ( isset($_REQUEST['result']) && isset( $_REQUEST['user'] ) && ( $_REQUEST['user'] > 0 ) ) {
} elseif ( isset($_REQUEST['result']) && ( $this->base->_getReqParam('method') || $this->base->_getReqParam('gacctno') ) ) {
// don't check license here so initiated payments can complete !
$params = $this->params;
$method = $this->base->_getReqParam('method');
if ( ( $method == 'freetrial' ) || ( $method == 'cancelpay' ) ) {
cbpaidApp::import( 'processors.freetrial.freetrial' );
cbpaidApp::import( 'processors.cancelpay.cancelpay' );
$className = 'cbpaidGatewayAccount' . $method;
$payAccount = new $className( $_CB_database );
} else {
$gateAccount = $this->base->_getReqParam('gacctno');
$payAccount = cbpaidControllerPaychoices::getInstance()->getPayAccount( $gateAccount );
if ( ! $payAccount ) {
return '';
}
}
$payClass = $payAccount->getPayMean();
$paymentBasket = new cbpaidPaymentBasket($_CB_database);
if ( $payClass && ( ( $this->base->_getReqParam('method') == $payClass->getPayName() ) || ( $this->base->_getReqParam('method') == null ) ) && $payClass->hashPdtBackCheck( $this->base->_getReqParam('pdtback') ) ) {
// output for resultNotification: $return and $allowHumanHtmlOutput
$return = $payClass->resultNotification( $paymentBasket, $postdata, $allowHumanHtmlOutput );
}
if ( ! $paymentBasket->id ) {
$this->base->_setErrorMSG(CBPTXT::T("No suitable basket found."));
} else {
$user =& CBuser::getUserDataInstance( (int) $paymentBasket->user_id );
if ( $paymentBasket->payment_status == 'RegistrationCancelled' ) {
// registration cancelled: delete payment basket and delete user after checking that he is not yet active:
if ( $paymentBasket->load( (int) $paymentBasket->id ) ) {
if ( $payClass->hashPdtBackCheck( $this->base->_getReqParam('pdtback') ) && ( ( $paymentBasket->payment_status == 'NotInitiated' ) || ( ( $paymentBasket->payment_status === 'Pending' ) && ( $paymentBasket->payment_method === 'offline' ) ) ) ) {
$notification = new cbpaidPaymentNotification();
$notification->initNotification( $payClass, 0, 'P', $paymentBasket->payment_status, $paymentBasket->payment_type, null, $_CB_framework->now(), $paymentBasket->charset );
$payClass->updatePaymentStatus( $paymentBasket, 'web_accept', 'RegistrationCancelled', $notification, 0, 0, 0, true );
// This is a notification or a return to site after payment, we want to log any error happening in third-party stuff in case:
cbpaidErrorHandler::keepTurnedOn();
}
}
}
if ( $allowHumanHtmlOutput ) {
// If frontend, we display result, otherwise, If Server-to-server notification: do not display any additional text here !
switch ( $paymentBasket->payment_status ) {
case 'Completed':
// PayPal recommends including the following information with the confirmation:
// - Item name
// - Amount paid
// - Payer email
// - Shipping address
$newMsg = sprintf( CBPTXT::Th("Thank you for your payment of %s for the %s %s."), $paymentBasket->renderPrice(),
$paymentBasket->item_name,
htmlspecialchars( $payClass->getTxtUsingAccount( $paymentBasket ) ) ) // ' using your paypal account ' . $paymentBasket->payer_email
. ' ' . $payClass->getTxtNextStep( $paymentBasket );
// . "Your transaction has been completed, and a receipt for your purchase has been emailed to you by PayPal. "
// . "You may log into your account at www.paypal.com to view details of this transaction.</p>\n";
if ( $params->get( 'show_invoices' ) ) {
$itsmyself = ( $_CB_framework->myId() == $user->id );
$subscriptionsGUI = new cbpaidControllerUI();
$newMsg .= '<p id="cbregviewinvoicelink">'
. $subscriptionsGUI->getInvoiceShowAhtml( $paymentBasket, $user, $itsmyself, CBPTXT::Th("View printable invoice") )
. '</p>'
;
}
$paid = true;
break;
case 'Pending':
$newMsg = sprintf( CBPTXT::Th("Thank you for initiating the payment of %s for the %s %s."), $paymentBasket->renderPrice(),
$paymentBasket->item_name,
htmlspecialchars( $payClass->getTxtUsingAccount( $paymentBasket ) ) ) // ' using your paypal account ' . $paymentBasket->payer_email
. ' ' . $payClass->getTxtNextStep( $paymentBasket );
// . "Your payment is currently being processed. "
// . "A receipt for your purchase will be emailed to you by PayPal once processing is complete. "
// . "You may log into your account at www.paypal.com to view status details of this transaction.</p>\n";
break;
case 'RegistrationCancelled':
$newMsg = $payClass->getTxtNextStep( $paymentBasket );
break;
case 'FreeTrial':
$newMsg = CBPTXT::Th("Thank you for subscribing to") . ' ' . $paymentBasket->item_name . '.'
. ' ' . $payClass->getTxtNextStep( $paymentBasket );
break;
case null:
$newMsg = CBPTXT::T("Payment basket does not exist.");
break;
case 'NotInitiated':
$newMsg = '';
break;
case 'RedisplayOriginalBasket':
if ( $paymentBasket->load( (int) $paymentBasket->id ) && ( $paymentBasket->payment_status == 'NotInitiated' ) ) {
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
}
$newMsg = '';
break;
case 'Processed':
case 'Denied':
case 'Reversed':
case 'Refunded':
case 'Partially-Refunded':
default:
$newMsg = $payClass->getTxtNextStep( $paymentBasket );
// "<p>Your transaction is not cleared and has currently following status: <strong>" . $paymentBasket->payment_status . ".</strong></p>"
// . "<p>You may log into your account at www.paypal.com to view status details of this transaction.</p>";
break;
}
if ( in_array( $paymentBasket->payment_status, array( 'Completed', 'Pending' ) ) ) {
$subscriptions = $paymentBasket->getSubscriptions();
$texts = array(); // avoid repeating several times identical texts:
if ( is_array( $subscriptions ) ) {
foreach ( $subscriptions as $sub ) {
/** @var $sub cbpaidSomething */
$thankYouParam = ( $paymentBasket->payment_status == 'Completed') ? 'thankyoutextcompleted' : 'thankyoutextpending';
$thankYouText = $sub->getPersonalized( $thankYouParam, true );
if ( $thankYouText && ! in_array( $thankYouText, $texts ) ) {
$texts[] = $thankYouText;
if ( strpos( $thankYouText, '<' ) === false ) {
$msgTag = 'p';
} else {
$msgTag = 'div';
}
$newMsg .= '<' . $msgTag . ' class="cbregThanks" id="cbregThanks' . $sub->plan_id . '">' . $thankYouText . '</' . $msgTag . ">\n";
}
}
}
}
if ( $newMsg ) {
$return .= '<div>' . $newMsg . '</div>';
}
if ( $paid && ( $_CB_framework->myId() < 1 ) && ( cbGetParam( $_REQUEST, 'user', 0 ) == $paymentBasket->user_id ) ) {
$_CB_database->setQuery( "SELECT * FROM #__comprofiler c, #__users u WHERE c.id=u.id AND c.id=".(int) $paymentBasket->user_id );
if ( $_CB_database->loadObject( $user ) && ( $user->lastvisitDate == '0000-00-00 00:00:00' ) ) {
$return = '<p>' . implode( '', getActivationMessage( $user, 'UserRegistration' ) ) . '</p>' . $return;
}
}
}
}
} else {
cbNotAuth();
return ' ' . CBPTXT::T("No result.");
}
if ( $allowHumanHtmlOutput ) {
$allErrorMsgs = $this->base->getErrorMSG( '</div><div class="error">' );
if ( $allErrorMsgs ) {
$errorMsg = '<div class="error">' . $allErrorMsgs . '</div>';
} else {
$errorMsg = null;
}
/** @var string $return */
if ( ( $return == '' ) && ( $errorMsg ) ) {
$this->base->outputRegTemplate();
$return = $errorMsg . '<br /><br />' . $return;
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, '' );
} else {
$return = $errorMsg . $return;
}
}
if ( ! is_null( $oldignoreuserabort ) ) {
ignore_user_abort($oldignoreuserabort);
}
return $return;
}
/**
* @param cbautoactionsActionTable $trigger
* @param UserTable $user
*/
public function execute( $trigger, $user )
{
global $_CB_framework;
if ( ( ! $user->get( 'id' ) ) || ( ! $this->installed() ) ) {
if ( $trigger->getParams()->get( 'debug', false, GetterInterface::BOOLEAN ) ) {
var_dump( CBTxt::T( 'AUTO_ACTION_CBSUBS_NOT_INSTALLED', ':: Action [action] :: CB Paid Subscriptions is not installed', array( '[action]' => (int) $trigger->get( 'id' ) ) ) );
}
return;
}
foreach ( $trigger->getParams()->subTree( 'cbsubs' ) as $row ) {
/** @var ParamsInterface $row */
$plans = $row->get( 'plans' );
if ( $plans ) {
$plans = explode( '|*|', $plans );
cbArrayToInts( $plans );
$mode = $row->get( 'mode', 1, GetterInterface::INT );
$subscriptions = cbpaidSomethingMgr::getAllSomethingOfUser( $user, null );
$activePlans = array();
if ( $subscriptions ) foreach ( $subscriptions as $type ) {
foreach ( array_keys( $type ) as $typeId ) {
/** @var cbpaidSomething $subscription */
$subscription = $type[$typeId];
$subscriptionId = (int) $subscription->get( 'id' );
$subscriptionStatus = $subscription->get( 'status' );
$planId = (int) $subscription->get( 'plan_id' );
if ( in_array( $planId, $plans ) ) {
switch ( $mode ) {
case 2:
if ( $subscriptionStatus != 'A' ) {
$subscription->activate( $user, $_CB_framework->now(), true, 'R' );
}
break;
case 3:
if ( $subscriptionStatus == 'A' ) {
cbpaidControllerOrder::doUnsubscribeConfirm( $user, null, $planId, $subscriptionId );
}
break;
case 4:
if ( $subscription->canDelete() ) {
$subscription->revert( $user, 'Denied' );
$subscription->delete();
}
break;
case 1:
default:
if ( ( $subscriptionStatus == 'A' ) && ( ! in_array( $planId, $activePlans ) ) ) {
$activePlans[] = $planId;
}
break;
}
}
}
}
if ( $mode == 1 ) {
$plansMgr = cbpaidPlansMgr::getInstance();
$postData = array();
$chosenPlans = array();
foreach ( $plans as $planId ) {
if ( ! in_array( $planId, $activePlans ) ) {
$chosenPlans[$planId] = $plansMgr->loadPlan( $planId );
}
}
if ( $chosenPlans ) {
cbpaidControllerOrder::createSubscriptionsAndPayment( $user, $chosenPlans, $postData, null, null, 'A', null, 'U', 'free' );
}
}
}
}
}
/**
* CB user activation interception
*
* @param UserTable $user + moscomprofile the user being displayed
* @param int $ui 1 for front-end, 2 for back-end
* @param string $returnURL URL to redirect to (using cbRedirect) (can be changed here !)
* @return array with keys (or null if not intercepting/changing behavior):
* string ['messagesToUser'] html text to display to user (within a div-tag)
* string ['alertMessage'] false if should not display any JS popup, true otherwise
* boolean ['showSysMessage'] false if should not show the CB standard result error messages to user, true otherwise
* boolean ['stopLogin'] true if should not login, false otherwise
*/
public function onDuringLogin( &$user, $ui, &$returnURL ) {
global $_CB_framework, $_POST;
cbpaidErrorHandler::on();
$params = $this->params;
$registrationPlansEnabled = $params->get( 'registrationPlansEnabled', 0 );
$enableFreeRegisteredUser = $params->get( 'enableFreeRegisteredUser', 1 );
$result = null; // no interception or change by default
$paidsubsManager =& cbpaidSubscriptionsMgr::getInstance();
$paidsubsManager->checkExpireMe( __FUNCTION__, $user->id );
if ( $registrationPlansEnabled ) {
// any unpaid basket pending ?
$basketsMgr =& cbpaidOrdersMgr::getInstance();
$paymentBasket = $basketsMgr->loadCurrentUnpaidBasket( $user->id );
// $paymentBasket = new cbpaidPaymentBasket( $_CB_database );
// if ( $paymentBasket->loadLatestBasketFromUser( $user->id, true ) ) {
if ( $paymentBasket ) {
// if there is an unpaid basket, show it to the user, and keep user logged-in or not, depending of $user->block status:
$introText = $params->get('intro_text', null);
$paymentFormHtml = cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
$result = array( 'messagesToUser' => $paymentFormHtml,
'alertMessage' => null,
'showSysMessage' => false,
'stopLogin' => false // $user->block will be tested by CB later // ( ! $enableFreeRegisteredUser )
);
$_POST['loginfrom'] = 'noLoginFormDisplay';
$this->outputRegTemplate();
$returnURL = null;
} else {
// this is now user-subciptions-plans specific stuff:
$paidUserExtension =& cbpaidUserExtension::getInstance( $user->id );
$subscriptions = $paidUserExtension->getUserSubscriptions();
// user blocked in frontend while not enabling free registered users ?
if ( ( $ui == 1 ) && $user->block /* && ! $enableFreeRegisteredUser */ ) {
$subsToPay = null;
$couldPayNow = false;
if ( $user->confirmed && ( $user->approved == 1 ) ) {
// all fine to login on joomla and CB side
$couldPayNow = true;
} else {
foreach ( $subscriptions as $sub ) {
if ( in_array( $sub->status, array( 'R', 'X') ) && ( ! $sub->checkifValid() ) ) {
if ( $sub->status == 'R' ) {
$reason = 'N';
} else {
$reason = 'R';
}
$now = $_CB_framework->now();
$price = $sub->getPriceOfNextPayment( null, $now, 1, $reason );
if ( $price > 0 ) {
if ( ( ( ! $user->confirmed ) && ( $sub->getPlanAttribute( 'confirmed' ) != 3 ) ) // unconfirmed but payment not after confirmation
|| ( $user->confirmed && ( $user->approved != 1 ) && ( $sub->getPlanAttribute( 'approved' ) != 3 ) )
) // or confirmed but unapproved & payment not after approval
{
$couldPayNow = true;
$subsToPay[] = array( $sub->plan_id, $sub->id );
}
}
}
}
}
if ( $couldPayNow ) {
// any unpaid payment basket ?
$introText = $params->get('intro_text', null);
$paymentStatus = null;
$paymentFormHtml = cbpaidControllerOrder::showPaymentForm( $user, null, $introText, $subsToPay, $paymentStatus );
if ($paymentFormHtml ) {
if ( ( ( $paymentStatus == null ) || ( $paymentStatus == 'NotInitiated' ) )
// if unpaid: display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
|| ( $paymentStatus != 'Completed' ) )
// if payment not completed: display payment basket current status:
{
$result = array( 'messagesToUser' => $paymentFormHtml,
'alertMessage' => null,
'showSysMessage' => false,
'stopLogin' => ( ! $enableFreeRegisteredUser )
);
$_POST['loginfrom'] = 'noLoginFormDisplay';
$this->outputRegTemplate();
$returnURL = null;
}
}
}
} else {
if ( ( strpos( $returnURL, 'getTabComponent' ) || strpos( $returnURL, 'tabclass' ) || strpos( $returnURL, 'pluginclass' ) ) && strpos( $returnURL, 'cbpaidsubscriptions' ) ) {
// avoid displaying the thank you page again (specially that the registration basket will not be found:
$returnURL = null;
}
if ( $user->lastvisitDate == '0000-00-00 00:00:00' ) {
// user has a paid subscription plan, and it's his first login:
$firstLoginUrl = null;
$paidUserExtension =& cbpaidUserExtension::getInstance( $user->id );
$subscriptions = $paidUserExtension->getUserSubscriptions( 'A' );
foreach ( $subscriptions as $sub ) {
if ( $sub->checkifValid() && $sub->getPlanAttribute( 'firstloginurl' ) ) {
$firstLoginUrl = $sub->getPlanAttribute( 'firstloginurl' );
}
}
if ( $firstLoginUrl ) {
$returnURL = cbSef( $firstLoginUrl );
}
} else {
// it's a paid subscription user and see if we need to redirect him to his login-home page URL:
$eachLoginUrl = null;
$paidUserExtension =& cbpaidUserExtension::getInstance( $user->id );
$subscriptions = $paidUserExtension->getUserSubscriptions( 'A' );
foreach ( $subscriptions as $sub ) {
if ( $sub->checkifValid() && $sub->getPlanAttribute( 'eachloginurl' ) ) {
$eachLoginUrl = $sub->getPlanAttribute( 'eachloginurl' );
}
}
if ( $eachLoginUrl ) {
$returnURL = cbSef( $eachLoginUrl );
}
}
}
}
/*
// any paid subscription plan on the way ?
$chosenPlans = $this->_getChosenUserPlans( $user );
if ( count( $chosenPlans ) > 0 ) {
// user blocked in frontend while not enabling free registered users ?
if ( ( $ui == 1 ) && $user->block /* && ! $enableFreeRegisteredUser * / ) {
$couldPayNow = false;
if ( $user->confirmed && ( $user->approved == 1 ) ) {
// all fine to login on joomla and CB side
$couldPayNow = true;
} else {
foreach ( $chosenPlans as $plan ) {
if ( $plan->get( 'rate' ) != 0 ) {
if ( ( ( ! $user->confirmed ) && ( $plan->get( 'confirmed' ) != 3 ) ) // unconfirmed but payment not after confirmation
|| ( $user->confirmed && ( $user->approved != 1 ) && ( $plan->get( 'approved' ) != 3 ) )
) // or confirmed but unapproved & payment not after approval
{
$couldPayNow = true;
}
}
}
}
if ( $couldPayNow ) {
// any unpaid payment basket ?
$introText = $params->get('intro_text', null);
$paymentStatus = null;
$paymentFormHtml = cbpaidControllerOrder::showPaymentForm( $user, $chosenPlans, $introText, null, $paymentStatus );
if ( ( ( $paymentStatus == null ) || ( $paymentStatus == 'NotInitiated' ) )
// if unpaid: display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
|| ( $paymentStatus != 'Completed' ) )
// if payment not completed: display payment basket current status:
{
$result = array( 'messagesToUser' => $paymentFormHtml,
'alertMessage' => null,
'showSysMessage' => false,
'stopLogin' => ( ! $enableFreeRegisteredUser )
);
$this->_outputRegTemplate();
$returnURL = null;
}
}
} elseif ( $user->lastvisitDate == '0000-00-00 00:00:00' ) {
// user has a paid subscription plan, and it's his first login:
if ( strpos( $returnURL, 'getTabComponent' ) && strpos( $returnURL, 'cbpaidsubscriptions' ) ) {
// avoid displaying the thank you page again (specially that the registration basket will not be found:
$returnURL = null;
}
$firstLoginUrl = null;
foreach ( $chosenPlans as $plan ) {
if ( $plan->get( 'firstloginurl' ) ) {
$firstLoginUrl = $plan->get( 'firstloginurl' );
}
}
if ( $firstLoginUrl ) {
$returnURL = cbSef( $firstLoginUrl );
}
} else {
// it's a paid subscription user and see if we need to redirect him to his login-home page URL:
$eachLoginUrl = null;
foreach ( $chosenPlans as $plan ) {
if ( $plan->get( 'firstloginurl' ) ) {
$eachLoginUrl = $plan->get( 'eachloginurl' );
}
}
if ( $eachLoginUrl ) {
$returnURL = cbSef( $eachLoginUrl );
}
}
}
*/
}
cbpaidErrorHandler::off();
return $result;
}
/** *** From PAY and onDuringLogin For Now !
* Shows a payment form corresponding to the latest payment basket (otpionally of a given subscription) and gives its status
*
* @param UserTable $user
* @param cbpaidProduct[]|null $chosenPlans array of cbpaidProduct : Chosen plans to pay
* @param string $introText
* @param array $subscriptionIds array of int: Subscription ids to pay
* @param string $paymentStatus returns one of following: 'noBasketFound', and all cpayPaymentBasket statuses: treated here: null (payment not made), 'Pending', 'Completed'
* @return string|null
*/
public static function showPaymentForm( &$user, $chosenPlans, $introText, $subscriptionIds, &$paymentStatus ) {
// get the most recent payment basket for that user and plan, and with that subscription if $subscriptionId != null:
$paymentBasket = new cbpaidPaymentBasket();
if ( is_array( $chosenPlans ) ) {
/** @var $lastPlan cbpaidProduct|boolean */
$lastPlan = end( $chosenPlans );
reset( $chosenPlans );
if ( $lastPlan === false ) {
$lastPlanId = null;
} else {
$lastPlanId = $lastPlan->get( 'id' );
}
} else {
$lastPlanId = (int) $chosenPlans;
if ( ! $lastPlanId ) {
$lastPlanId = null;
}
}
if ( is_array( $subscriptionIds ) && ( count( $subscriptionIds ) > 0 ) ) {
$lastPlanAndSubId = end( $subscriptionIds );
reset( $subscriptionIds );
if ( count( $lastPlanAndSubId ) == 2 ) {
list( $lastPlanId, $lastSubId ) = $lastPlanAndSubId;
} else {
$lastSubId = null;
}
} else {
$lastSubId = null;
}
$basketLoaded = $paymentBasket->loadLatestBasketOfUserPlanSubscription( $user->id, $lastPlanId, $lastSubId );
if ( $basketLoaded ) {
$paymentStatus = $paymentBasket->payment_status;
// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$result = self::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$basketLoaded = $paymentBasket->loadLatestBasketOfUserPlanSubscription( $user->id, $lastPlanId, $lastSubId, 'Pending' );
if ( ! $basketLoaded ) {
// This is an error condition, subscription has been created, and is called for payment but no basket is found in database, so create a new one:
// $paymentStatus = 'noBasketFound';
// cbpaidApp::getBaseClass()->_setErrorMSG("No payment basket found, creating new one.");
// $result = null;
cbpaidApp::getBaseClass()->_setErrorMSG(CBPTXT::T("No payment basket found, creating new one."));
}
if ( $chosenPlans && ( count( $chosenPlans ) > 0 ) ) {
$paymentBasket = cbpaidControllerOrder::createSubscriptionsAndPayment( $user, $chosenPlans, array(), null, $subscriptionIds, null, null );
if ( is_object( $paymentBasket ) ) {
if ( $basketLoaded ) {
cbpaidApp::getBaseClass()->_setErrorMSG( CBPTXT::T("A payment basket is pending in progress for payment for this. Are you sure that you didn't already pay for this ?. Here you can pay again:") );
}
$paymentStatus = $paymentBasket->payment_status;
$result = self::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$result = $paymentBasket; // display messages as nothing has to be paid.
}
} else {
// can be called with chosenPlans null to try loading a valid payment basket from the user:
// trigger_error( 'cbpaid:_showPaymentForm: no chosen plans.', E_USER_NOTICE );
$result = null;
}
}
return $result;
}
