public function validate(&$error = '')
{
$answer = awpcp_post_param('captcha');
$expected = awpcp_post_param('captcha-hash');
$is_valid = strcmp($expected, $this->hash($answer)) === 0;
if (empty($answer)) {
$error = __('You did not solve the math problem. Please solve the math problem to proceed.', 'AWPCP');
} else {
if (!$is_valid) {
$error = __('Your solution to the math problem was incorrect. Please try again.', 'AWPCP');
}
}
return $is_valid;
}
protected function get_posted_billing_information()
{
$data['country'] = awpcp_post_param('country');
$data['credit_card_number'] = awpcp_post_param('credit_card_number');
$data['credit_card_type'] = awpcp_post_param('credit_card_type');
$data['exp_month'] = awpcp_post_param('exp_month');
$data['exp_year'] = awpcp_post_param('exp_year');
$data['csc'] = awpcp_post_param('csc');
$data['first_name'] = awpcp_post_param('first_name');
$data['last_name'] = awpcp_post_param('last_name');
$data['address_1'] = awpcp_post_param('address_1');
$data['address_2'] = awpcp_post_param('address_2');
$data['city'] = awpcp_post_param('city');
$data['state'] = awpcp_post_param('state');
$data['postal_code'] = awpcp_post_param('postal_code');
$data['email'] = awpcp_post_param('email');
$data['direct-payment-step'] = awpcp_post_param('direct-payment-step');
$data['transaction_id'] = awpcp_post_param('transaction_id');
$data['step'] = awpcp_post_param('step');
return $this->sanitize_billing_information($data);
}
public function __construct($items, $default = null)
{
foreach ($items as $type => $terms) {
$this->items = array_merge($this->items, $terms);
}
$selected = awpcp_post_param('payment_term', $default);
if ($selected) {
$this->selected = $selected;
} else {
if (count($this->items) > 0) {
$item = reset($this->items);
$columns = $this->get_columns();
if (isset($columns['price'])) {
$this->selected = $this->item_id($item, AWPCP_Payment_Transaction::PAYMENT_TYPE_MONEY);
} else {
if (isset($columns['credits'])) {
$this->selected = $this->item_id($item, AWPCP_Payment_Transaction::PAYMENT_TYPE_CREDITS);
}
}
}
}
}
private function validate_transaction($transaction)
{
$errors = $transaction->errors;
// PayPal can redirect users using a GET request and issuing
// a POST request in the background. If the transaction was
// already verified during the POST transaction the result
// should be stored in the transaction's validated attribute
if (empty($_POST)) {
return $transaction->get('validated', false);
}
$business = awpcp_post_param('business');
$mc_gross = $mcgross = number_format((double) awpcp_post_param('mc_gross'), 2);
$payment_gross = number_format((double) awpcp_post_param('payment_gross'), 2);
$txn_id = awpcp_post_param('txn_id');
$txn_type = awpcp_post_param('txn_type');
$custom = awpcp_post_param('custom');
$receiver_email = awpcp_post_param('receiver_email');
$payer_email = awpcp_post_param('payer_email');
// this variables are not used for verification purposes
$item_name = awpcp_post_param('item_name');
$item_number = awpcp_post_param('item_number');
$quantity = awpcp_post_param('quantity');
$mc_fee = awpcp_post_param('mc_fee');
$tax = awpcp_post_param('tax');
$payment_currency = awpcp_post_param('mc_currency');
$exchange_rate = awpcp_post_param('exchange_rate');
$payment_status = awpcp_post_param('payment_status');
$payment_type = awpcp_post_param('payment_type');
$payment_date = awpcp_post_param('payment_date');
$first_name = awpcp_post_param('first_name');
$last_name = awpcp_post_param('last_name');
$address_street = awpcp_post_param('address_street');
$address_zip = awpcp_post_param('address_zip');
$address_city = awpcp_post_param('address_city');
$address_state = awpcp_post_param('address_state');
$address_country = awpcp_post_param('address_country');
$address_country_code = awpcp_post_param('address_country_code');
$residence_country = awpcp_post_param('residence_country');
// TODO: Add support for recurring payments and subscriptions?
if (!in_array($txn_type, array('web_accept', 'cart'))) {
// we do not support other forms of payment right now
return;
}
$totals = $transaction->get_totals();
$amount = number_format($totals['money'], 2);
$amount_before_tax = number_format($mc_gross - $tax, 2);
if ($amount != $mc_gross && $amount != $payment_gross && $amount != $amount_before_tax) {
$message = __("The amount you have paid does not match the required amount for this transaction. Please contact us to clarify the problem.", "AWPCP");
$transaction->errors['validation'] = $message;
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_INVALID;
awpcp_payment_failed_email($transaction, $message);
return false;
}
$paypal_email = get_awpcp_option('paypalemail');
if (strcasecmp($receiver_email, $paypal_email) !== 0 && strcasecmp($business, $paypal_email) !== 0) {
$message = __("There was an error processing your transaction. If funds have been deducted from your account, they have not been processed to our account. You will need to contact PayPal about the matter.", "AWPCP");
$transaction->errors['validation'] = $message;
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_INVALID;
awpcp_payment_failed_email($transaction, $message);
return false;
}
// TODO: handle this filter for Ads and Subscriptions
$duplicated = apply_filters('awpcp-payments-is-duplicated-transaction', false, $txn_id);
if ($duplicated) {
$message = __("It appears this transaction has already been processed. If you do not see your ad in the system please contact the site adminstrator for assistance.", "AWPCP");
$transaction->errors['validation'] = $message;
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_INVALID;
awpcp_payment_failed_email($transaction, $message);
return false;
}
if (strcasecmp($payment_status, 'Completed') === 0) {
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_COMPLETED;
} else {
if (strcasecmp($payment_status, 'Pending') === 0) {
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_PENDING;
} else {
if (strcasecmp($payment_status, 'Refunded') === 0 || strcasecmp($payment_status, "Reversed") == 0 || strcasecmp($payment_status, "Partially-Refunded") == 0 || strcasecmp($payment_status, "Canceled_Reversal") == 0 || strcasecmp($payment_status, "Denied") == 0 || strcasecmp($payment_status, "Expired") == 0 || strcasecmp($payment_status, "Failed") == 0 || strcasecmp($payment_status, "Voided") == 0) {
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_FAILED;
} else {
$message = __("We couldn't determine the payment status for your transaction. Please contact customer service if you are viewing this message after having made a payment. If you have not tried to make a payment and you are viewing this message, it means this message is being shown in error and can be disregarded.", "AWPCP");
$transaction->errors['validation'] = $message;
$transaction->payment_status = AWPCP_Payment_Transaction::PAYMENT_STATUS_UNKNOWN;
return false;
}
}
}
// at this point the validation was successful, any previously stored
// errors are irrelevant
unset($transaction->errors['validation']);
$transaction->set('validated', true);
$transaction->payment_gateway = $this->slug;
$transaction->payer_email = $payer_email;
return true;
}
public function upload_images_step()
{
$transaction = $this->get_transaction();
if (is_null($transaction)) {
$message = __('We were unable to find a Payment Transaction assigned to this operation. No images can be added at this time.', 'AWPCP');
return $this->render('content', awpcp_print_error($message));
}
$ad = AWPCP_Ad::find_by_id($transaction->get('ad-id', 0));
if (is_null($ad)) {
$message = __('The specified Ad doesn\'t exists. No images can be added at this time.', 'AWPCP');
return $this->render('content', awpcp_print_error($message));
}
extract($params = $this->get_images_config($ad));
// see if we can move to the next step
$skip = !$this->should_show_upload_files_step($ad);
$skip = $skip || awpcp_post_param('submit-no-images', false);
$skip = $skip || $images_allowed == 0;
$show_preview = (bool) get_awpcp_option('show-ad-preview-before-payment');
$pay_first = (bool) get_awpcp_option('pay-before-place-ad');
if ($skip && $pay_first) {
return $this->finish_step();
} else {
if ($skip && $show_preview) {
return $this->preview_step();
} else {
if ($skip) {
return $this->checkout_step();
} else {
return $this->show_upload_images_form($ad, $transaction, $params, array());
}
}
}
}
public function ajax()
{
if (!awpcp_current_user_is_admin()) {
return false;
}
$user_id = awpcp_post_param('user', 0);
$action = str_replace('awpcp-users-', '', awpcp_post_param('action'));
switch ($action) {
case 'debit':
case 'credit':
$response = $this->ajax_edit_balance($user_id, $action);
break;
default:
$response = array();
break;
}
header('Content-Type: application/json');
echo json_encode($response);
exit;
}
public function render_checkout_page($transaction, $hidden = array())
{
$payment_method = $this->get_transaction_payment_method($transaction);
$attempts = awpcp_post_param('attempts', 0);
$result = awpcp_array_data($transaction->id, array(), $this->cache);
if (is_null($payment_method) || isset($result['errors'])) {
$transaction_errors = awpcp_array_data('errors', array(), $result);
ob_start();
include AWPCP_DIR . '/frontend/templates/payments-checkout-page.tpl.php';
$html = ob_get_contents();
ob_end_clean();
} else {
if (isset($result['output'])) {
$integration = $payment_method->get_integration_type();
if ($integration === AWPCP_PaymentGateway::INTEGRATION_BUTTON) {
$message = _x('Please use the button below to complete your payment.', 'checkout-payment page', 'AWPCP');
$html = $this->render_checkout_payment_template($result['output'], $message, $transaction);
} else {
if ($integration === AWPCP_PaymentGateway::INTEGRATION_CUSTOM_FORM) {
$html = $result['output'];
} else {
if ($integration === AWPCP_PaymentGateway::INTEGRATION_REDIRECT) {
$html = $result['output'];
}
}
}
}
}
return $html;
}
public function ajax()
{
if (!awpcp_current_user_is_admin()) {
return false;
}
$id = awpcp_post_param('id', 0);
$action = str_replace('awpcp-fees-', '', awpcp_post_param('action'));
$response = array();
switch ($action) {
case 'add':
$response = $this->ajax_add();
break;
case 'edit':
$response = $this->ajax_edit($id);
break;
case 'delete':
$response = $this->ajax_delete($id);
break;
}
header('Content-Type: application/json');
echo json_encode($response);
exit;
}
public function add_image($ad, $media)
{
$action = awpcp_post_param('awpcp_action', false);
$errors = array();
if ($action !== 'add_image' || is_null($ad)) {
return $this->show_images($ad);
}
if ($_FILES['awpcp_add_file']['error'] !== 0) {
$message = awpcp_uploaded_file_error($_FILES['awpcp_add_file']);
awpcp_flash(end($message), 'error');
} else {
if (wp_verify_nonce($_POST['_wpnonce'], 'awpcp_upload_image')) {
$files = array('awpcp_add_file' => $_FILES['awpcp_add_file']);
$uploaded = awpcp_upload_files($ad, $files, $errors);
if (empty($uploaded)) {
$message = _x('There was an error trying to upload your file.', 'media manager', 'AWPCP');
awpcp_flash(awpcp_array_data('awpcp_add_file', $message, $errors), 'error');
} else {
$admin_must_approve = get_awpcp_option('imagesapprove');
$is_admin_user = awpcp_current_user_is_admin();
if (!$is_admin_user && $admin_must_approve) {
awpcp_ad_awaiting_approval_email($ad, false, true);
}
awpcp_flash(_x('The file was properly uploaded.', 'media manager', 'AWPCP'));
}
}
}
return $this->show_images($ad);
}
function validate_extra_fields_form($category = 0)
{
$fields = awpcp_get_extra_fields_by_category($category, array('context' => 'details'));
$data = array();
foreach ($fields as $field) {
$data[$field->field_name] = awpcp_post_param("awpcp-{$field->field_name}");
}
$errors = array();
foreach ($fields as $field) {
// a Field is required if the Required checkbox has been marked or the
// Missing validator being assigned to that field.
$required = $field->required || $field->field_validation == 'missing';
// skip unused fields for current category
if (!in_array($category, $field->field_category) && !in_array('root', $field->field_category)) {
continue;
}
$validation = $field->field_validation;
$label = $field->field_label;
$values = (array) awpcp_array_data($field->field_name, '', $data);
foreach ($values as $k => $item) {
if ($required && empty($item)) {
$errors[$field->field_name] = sprintf(__('%s is required.', 'awpcp-extra-fields'), $label);
continue;
} else {
if (!$required && empty($item)) {
continue;
}
}
if ($validation == 'missing') {
if (empty($item)) {
$errors[$field->field_name] = sprintf(__('%s is required.', 'awpcp-extra-fields'), $label);
}
} elseif ($validation == 'url') {
if (!isValidURL($item)) {
$message = __("%s is badly formatted. Valid URL format required. Include http://", 'awpcp-extra-fields');
$errors[$field->field_name] = sprintf($message, $label);
}
} elseif ($validation == 'email') {
if (!eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$", $item)) {
$message = __("%s is badly formatted. Valid Email format required.", 'awpcp-extra-fields');
$errors[$field->field_name] = sprintf($message, $label);
}
} elseif ($validation == 'numericdeci') {
if (!is_numeric($item)) {
$message = __("%s must be a number.", 'awpcp-extra-fields');
$errors[$field->field_name] = sprintf($message, $label);
}
} elseif ($validation == 'numericnodeci') {
if (!ctype_digit($item)) {
$message = __("%s must be a number. Decimal values not allowed.", 'awpcp-extra-fields');
$errors[$field->field_name] = sprintf($message, $label);
}
}
}
}
return $errors;
}
public function ajax()
{
$id = awpcp_post_param('id', 0);
try {
$listing = awpcp_listings_collection()->get($id);
} catch (AWPCP_Exception $e) {
$message = _x("The specified Ad doesn't exists.", 'ajax delete ad', 'AWPCP');
$response = json_encode(array('status' => 'error', 'message' => $message));
return $this->ajax_response($response);
}
if (!awpcp_listing_authorization()->is_current_user_allowed_to_edit_listing($listing)) {
return false;
}
$errors = array();
if (isset($_POST['remove'])) {
$result = deletead($id, $adkey = '', $editemail = '', $force = true, $errors);
if (empty($errors)) {
$response = json_encode(array('status' => 'success'));
} else {
$response = json_encode(array('status' => 'error', 'message' => join('<br/>', $errors)));
}
} else {
$columns = 10;
ob_start();
include AWPCP_DIR . '/admin/templates/delete_form.tpl.php';
$html = ob_get_contents();
ob_end_clean();
$response = json_encode(array('status' => 'success', 'html' => $html));
}
return $this->ajax_response($response);
}
public function send_access_key_step()
{
global $wpdb;
$errors = array();
$form = array('ad_email' => awpcp_post_param('ad_email'), 'attempts' => (int) awpcp_post_param('attempts', 0));
if ($form['attempts'] == 0 && get_awpcp_option('enable-user-panel') == 1) {
$url = admin_url('admin.php?page=awpcp-panel');
$message = __('You are currently not logged in, if you have an account in this website you can log in and go to the Ad Management panel to edit your Ads.', 'AWPCP');
$message = sprintf('%s <a href="%s">%s</a>', $message, $url, __('Click here', 'AWPCP'));
$this->messages[] = $message;
}
if (empty($form['ad_email'])) {
$errors['ad_email'] = __('Please enter the email address you used when you created your Ad.', 'AWPCP');
} else {
if (!is_email($form['ad_email'])) {
$errors['ad_email'] = __('Please enter a valid email address.', 'AWPCP');
}
}
$ads = array();
if (empty($errors)) {
$ads = AWPCP_Ad::find_by_email($form['ad_email']);
if (empty($ads)) {
$errors[] = __('The email address you entered does not match any of the Ads in our system.', 'AWPCP');
}
} else {
if ($form['attempts'] == 0) {
$errors = array();
}
}
// if $ads is non-empty then $errors is empty
if (!empty($ads)) {
$access_keys_sent = $this->send_access_keys($ads, $errors);
} else {
$access_keys_sent = false;
}
if (!$access_keys_sent) {
$send_access_key_url = add_query_arg(array('step' => 'send-access-key'), $this->url());
$messages = $this->messages;
$hidden = array('attempts' => $form['attempts'] + 1);
$params = compact('form', 'hidden', 'messages', 'errors', 'send_access_key_url');
$template = AWPCP_DIR . '/frontend/templates/page-edit-ad-send-access-key-step.tpl.php';
return $this->render($template, $params);
} else {
return $this->enter_email_and_key_step(false);
}
}
public function dispatch()
{
global $awpcp_plugin_path;
global $start_date;
global $end_date;
global $import_date_format;
global $date_sep;
global $time_sep;
global $auto_cat;
global $assign_user;
global $assigned_user;
global $test_import;
global $import_count;
global $reject_count;
global $pic_import_count;
global $import_errors;
$do_import = awpcp_post_param('do_import');
$do_test_import = awpcp_post_param('do_test_import');
if (!empty($do_import)) {
$import_type = 'Import';
} else {
if (!empty($do_test_import)) {
$import_type = 'Test Import';
} else {
$import_type = false;
}
}
$test_import = strcmp($import_type, "Test Import") === 0;
$start_date = awpcp_post_param("startDate", '');
$end_date = awpcp_post_param("endDate", '');
$import_date_format = awpcp_post_param("date_fmt", 'us_date');
$date_sep = awpcp_post_param("sep_date", '/');
$time_sep = awpcp_post_param("sep_time", ':');
$auto_cat = awpcp_post_param("auto_cat", 0);
$assign_user = awpcp_post_param('assign_user', 0);
$assigned_user = intval(awpcp_post_param('user', 0));
// Original implementation used a global var to pass errors.
// That is still used until I got a change to refactor the
// existing functions to use an errors array passed by reference.
// The messages array is only used to report when a new user
// is created.
$errors = array();
$messages = array();
$form_errors = array();
$importer = null;
if (!empty($import_type)) {
$msg = __('There was an error with your CSV file: %s', 'AWPCP');
list($csv_error, $message) = awpcp_uploaded_file_error($_FILES['import']);
if (!in_array($csv_error, array(UPLOAD_ERR_OK))) {
$form_errors['import'] = sprintf($msg, $message);
} else {
$csv_file_name = $_FILES['import']['name'];
$ext = trim(strtolower(substr(strrchr($csv_file_name, "."), 1)));
if ($ext != "csv") {
$form_errors['import'] = sprintf($msg, __('Please upload a valid CSV file.', 'AWPCP'));
}
}
$msg = __('There was an error with your ZIP file: %s', 'AWPCP');
list($zip_error, $message) = awpcp_uploaded_file_error($_FILES['import_zip']);
if (!in_array($zip_error, array(UPLOAD_ERR_OK, UPLOAD_ERR_NO_FILE))) {
$form_errors['import_zip'] = sprintf($msg, $message);
} else {
if ($zip_error === UPLOAD_ERR_OK) {
$zip_file_name = $_FILES['import_zip']['name'];
$ext = trim(strtolower(substr(strrchr($zip_file_name, "."), 1)));
if ($ext != "zip") {
$form_errors['import_zip'] = sprintf($msg, __('Please upload a valid ZIP file.', 'AWPCP'));
}
}
}
if (!empty($start_date)) {
$date_arr = explode("/", $start_date);
if (!is_valid_date($date_arr[0], $date_arr[1], $date_arr[2])) {
$form_errors['startDate'] = __('Invalid Start Date.', 'AWPCP');
} else {
if (strlen($date_arr[2]) != 4) {
$form_errors['startDate'] = __('Invalid Start Date -- Year Must be of Four Digit.', 'AWPCP');
}
}
}
if (!empty($end_date)) {
$date_arr = explode("/", $end_date);
if (!is_valid_date($date_arr[0], $date_arr[1], $date_arr[2])) {
$form_errors['endDate'] = __('Invalid End Date.', 'AWPCP');
} else {
if (strlen($date_arr[2]) != 4) {
$form_errors['endDate'] = __('Invalid End Date -- Year Must be of Four Digit.', 'AWPCP');
}
}
}
if (empty($form_errors)) {
if (empty($errors)) {
$csv = $_FILES['import']['tmp_name'];
$zip = $_FILES['import_zip']['tmp_name'];
$importer = new AWPCP_CSV_Importer(array('start-date' => $start_date, 'end-date' => $end_date, 'date-format' => $import_date_format, 'date-separator' => $date_sep, 'time-separator' => $time_sep, 'autocreate-categories' => $auto_cat, 'assign-user' => $assign_user, 'default-user' => $assigned_user, 'test-import' => $test_import));
$importer->import($csv, $zip, $errors, $messages);
}
}
}
ob_start();
include AWPCP_DIR . '/admin/templates/admin-panel-csv-importer.tpl.php';
$html = ob_get_contents();
ob_end_clean();
echo $html;
}
private function should_restore_pages()
{
$nonce = awpcp_post_param('_wpnonce');
$restore = awpcp_post_param('restore-pages', false);
return $restore && wp_verify_nonce($nonce, 'awpcp-restore-pages');
}
/**
* Validates AWPCP settings before being saved.
*/
public function validate($options)
{
if ($this->skip) {
return $options;
}
$group = awpcp_post_param('group', '');
// populate array with all plugin options before attempt validation
$this->load();
$options = array_merge($this->options, $options);
$filters = array('awpcp_validate_settings_' . $group, 'awpcp_validate_settings');
foreach ($filters as $filter) {
$_options = apply_filters($filter, $options, $group);
$options = is_array($_options) ? $_options : $options;
}
// make sure we have the updated and validated options
$this->options = $options;
return $this->options;
}
