/**
* @package ZenCart_Functions
*/
function zen_update_whos_online()
{
global $db;
if ($_SESSION['customer_id']) {
$wo_customer_id = $_SESSION['customer_id'];
$customer_query = "select customers_firstname, customers_lastname\r\n from " . TABLE_CUSTOMERS . "\r\n where customers_id = '" . (int) $_SESSION['customer_id'] . "'";
$customer = $db->Execute($customer_query);
$wo_full_name = $customer->fields['customers_firstname'] . ' ' . $customer->fields['customers_lastname'];
} else {
$wo_customer_id = '';
$wo_full_name = 'Guest';
}
$wo_session_id = zen_session_id();
$wo_ip_address = $_SERVER['REMOTE_ADDR'];
$wo_last_page_url = $_SERVER['REQUEST_URI'];
$wo_user_agent = zen_db_prepare_input($_SERVER['HTTP_USER_AGENT']);
$current_time = time();
$xx_mins_ago = $current_time - 900;
// remove entries that have expired
$sql = "delete from " . TABLE_WHOS_ONLINE . "\r\n where time_last_click < '" . $xx_mins_ago . "'";
$db->Execute($sql);
$stored_customer_query = "select count(*) as count\r\n from " . TABLE_WHOS_ONLINE . "\r\n where session_id = '" . zen_db_input($wo_session_id) . "'";
$stored_customer = $db->Execute($stored_customer_query);
if ($stored_customer->fields['count'] > 0) {
$sql = "update " . TABLE_WHOS_ONLINE . "\r\n set customer_id = '" . (int) $wo_customer_id . "',\r\n full_name = '" . zen_db_input($wo_full_name) . "',\r\n ip_address = '" . zen_db_input($wo_ip_address) . "',\r\n time_last_click = '" . zen_db_input($current_time) . "',\r\n last_page_url = '" . zen_db_input($wo_last_page_url) . "',\r\n host_address = '" . zen_db_input($_SESSION['customers_host_address']) . "',\r\n user_agent = '" . zen_db_input($wo_user_agent) . "'\r\n where session_id = '" . zen_db_input($wo_session_id) . "'";
$db->Execute($sql);
} else {
$sql = "insert into " . TABLE_WHOS_ONLINE . "\r\n (customer_id, full_name, session_id, ip_address, time_entry,\r\n time_last_click, last_page_url, host_address, user_agent)\r\n values ('" . (int) $wo_customer_id . "', '" . zen_db_input($wo_full_name) . "', '" . zen_db_input($wo_session_id) . "', '" . zen_db_input($wo_ip_address) . "', '" . zen_db_input($current_time) . "', '" . zen_db_input($current_time) . "', '" . zen_db_input($wo_last_page_url) . "', '" . zen_db_input($_SESSION['customers_host_address']) . "', '" . zen_db_input($wo_user_agent) . "')";
$db->Execute($sql);
}
}
/**
* @package ZenCart_Functions
*/
function zen_update_whos_online()
{
global $gBitDb;
if (!empty($_SESSION['customer_id'])) {
$wo_customer_id = $_SESSION['customer_id'];
$customer_query = "select `customers_firstname`, `customers_lastname`\n from " . TABLE_CUSTOMERS . "\n where `customers_id` = '" . (int) $_SESSION['customer_id'] . "'";
$customer = $gBitDb->Execute($customer_query);
$wo_full_name = $customer->fields['customers_firstname'] . ' ' . $customer->fields['customers_lastname'];
} else {
$wo_customer_id = '';
$wo_full_name = 'Guest';
}
$wo_session_id = zen_session_id();
$wo_ip_address = $_SERVER['REMOTE_ADDR'];
$wo_last_page_url = $_SERVER['REQUEST_URI'];
$wo_user_agent = !empty($_SERVER['HTTP_USER_AGENT']) ? zen_db_prepare_input($_SERVER['HTTP_USER_AGENT']) : '-';
$current_time = time();
$xx_mins_ago = $current_time - 900;
// remove entries that have expired
$sql = "delete from " . TABLE_WHOS_ONLINE . "\n where `time_last_click` < '" . $xx_mins_ago . "'";
$gBitDb->Execute($sql);
$stored_customer_query = 'select count(*) as "count"
from ' . TABLE_WHOS_ONLINE . "\n where `session_id` = '" . zen_db_input($wo_session_id) . "'";
$stored_customer = $gBitDb->Execute($stored_customer_query);
if (empty($wo_customer_id)) {
$wo_customer_id = NULL;
}
if ($stored_customer->fields['count'] > 0) {
$sql = "update " . TABLE_WHOS_ONLINE . "\n set `customer_id` = ?, `full_name` = ?, `ip_address` = ?, `time_last_click` = ?, `last_page_url` = ?, `host_address` = ?, `user_agent` = ?\n where `session_id` = ?";
$gBitDb->query($sql, array($wo_customer_id, $wo_full_name, $wo_ip_address, $current_time, substr($wo_last_page_url, 0, 255), $_SESSION['customers_host_address'], substr($wo_user_agent, 0, 255), $wo_session_id));
} else {
$sql = "insert into " . TABLE_WHOS_ONLINE . "\n (`customer_id`, `full_name`, `session_id`, `ip_address`, `time_entry`,\n `time_last_click`, `last_page_url`, `host_address`, `user_agent`)\n values ( ?, ?, ?, ?, ?, ?, ?, ?, ? )";
$gBitDb->query($sql, array($wo_customer_id, $wo_full_name, $wo_session_id, $wo_ip_address, $current_time, $current_time, $wo_last_page_url, $_SESSION['customers_host_address'], $wo_user_agent));
}
}
public function process_button()
{
$process_button_string = '<input type="hidden" name="cc_owner" value = "' . $_POST['checkoutapipayment_cc_owner'] . '">';
$process_button_string .= '<input type="hidden" name="cc_expires_month" value = "' . $_POST['checkoutapipayment_cc_expires_month'] . '">';
$process_button_string .= '<input type="hidden" name="cc_expires_year" value = "' . $_POST['checkoutapipayment_cc_expires_year'] . '">';
$process_button_string .= '<input type="hidden" name="cc_number" value = "' . $_POST['checkoutapipayment_cc_number'] . '">';
$process_button_string .= '<input type="hidden" name="cc_cvv" value = "' . $_POST['checkoutapipayment_cc_cvv'] . '">';
$process_button_string .= '<input type="hidden" name="' . zen_session_name() . '" value = "' . zen_session_id() . '">';
echo $process_button_string;
return $process_button_string;
}
/**
* @return string
*/
public function process_button()
{
$sid = zen_session_name() . '=' . zen_session_id();
$formEntries = $this->buildStandardTransactionDetails();
$formEntries['SuccessURL'] = str_replace('&', '&', zen_href_link(FILENAME_CHECKOUT_PROCESS, $sid, 'SSL', false));
$formEntries['FailureURL'] = str_replace('&', '&', zen_href_link(FILENAME_CHECKOUT_PROCESS, $sid, 'SSL', false));
$processButtonString = SagepayUtil::processCryptEntries($formEntries);
$crypt = SagepayUtil::encryptAndEncode($processButtonString, MODULE_PAYMENT_SAGEPAY_ZC_FORM_PASSWORD);
$transaction_type = strtoupper(MODULE_PAYMENT_SAGEPAY_ZC_FORM_TXTYPE);
$this->errorLog(array(array('title' => 'Transaction Type', 'content' => $transaction_type), array('title' => 'Submit Data', 'content' => $processButtonString)));
$process_button_string = zen_draw_hidden_field('VPSProtocol', self::SP_PROTOCOL_VERSION) . zen_draw_hidden_field('TxType', $transaction_type) . zen_draw_hidden_field('Vendor', MODULE_PAYMENT_SAGEPAY_ZC_FORM_VENDOR_NAME) . zen_draw_hidden_field('ReferrerID', 'BB5F9F0D-8982-4203-AFD4-AF78017E4B92') . zen_draw_hidden_field('Crypt', $crypt);
return $process_button_string;
}
/**
* zen_update_whos_online
*/
function zen_update_whos_online()
{
global $db;
if (isset($_SESSION['customer_id']) && $_SESSION['customer_id']) {
$wo_customer_id = $_SESSION['customer_id'];
$customer_query = "select customers_firstname, customers_lastname\n from " . TABLE_CUSTOMERS . "\n where customers_id = '" . (int) $_SESSION['customer_id'] . "'";
$customer = $db->Execute($customer_query);
$wo_full_name = $customer->fields['customers_lastname'] . ', ' . $customer->fields['customers_firstname'];
} else {
$wo_customer_id = '';
$wo_full_name = '¥' . 'Guest';
}
$wo_session_id = zen_session_id();
$wo_ip_address = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : 'Unknown';
$wo_user_agent = substr(zen_db_prepare_input($_SERVER['HTTP_USER_AGENT']), 0, 254);
$_SERVER['QUERY_STRING'] = isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != '' ? $_SERVER['QUERY_STRING'] : zen_get_all_get_params();
if (isset($_SERVER['REQUEST_URI'])) {
$uri = $_SERVER['REQUEST_URI'];
} else {
if (isset($_SERVER['QUERY_STRING'])) {
$uri = $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];
} else {
$uri = $_SERVER['PHP_SELF'] . '?' . $_SERVER['argv'][0];
}
}
if (substr($uri, -1) == '?') {
$uri = substr($uri, 0, strlen($uri) - 1);
}
$wo_last_page_url = zen_not_null($uri) ? substr($uri, 0, 254) : 'Unknown';
$current_time = time();
$xx_mins_ago = $current_time - 900;
// remove entries that have expired
$sql = "delete from " . TABLE_WHOS_ONLINE . "\n where time_last_click < '" . $xx_mins_ago . "'";
$db->Execute($sql);
$stored_customer_query = "select count(*) as count\n from " . TABLE_WHOS_ONLINE . "\n where session_id = '" . zen_db_input($wo_session_id) . "' and ip_address='" . zen_db_input($wo_ip_address) . "'";
$stored_customer = $db->Execute($stored_customer_query);
if (empty($wo_session_id)) {
$wo_full_name = '¥' . 'Spider';
}
if ($stored_customer->fields['count'] > 0) {
$sql = "update " . TABLE_WHOS_ONLINE . "\n set customer_id = '" . (int) $wo_customer_id . "',\n full_name = '" . zen_db_input($wo_full_name) . "',\n ip_address = '" . zen_db_input($wo_ip_address) . "',\n time_last_click = '" . zen_db_input($current_time) . "',\n last_page_url = '" . zen_db_input($wo_last_page_url) . "',\n host_address = '" . zen_db_input($_SESSION['customers_host_address']) . "',\n user_agent = '" . zen_db_input($wo_user_agent) . "'\n where session_id = '" . zen_db_input($wo_session_id) . "' and ip_address='" . zen_db_input($wo_ip_address) . "'";
$db->Execute($sql);
} else {
$sql = "insert into " . TABLE_WHOS_ONLINE . "\n (customer_id, full_name, session_id, ip_address, time_entry,\n time_last_click, last_page_url, host_address, user_agent)\n values ('" . (int) $wo_customer_id . "', '" . zen_db_input($wo_full_name) . "', '" . zen_db_input($wo_session_id) . "', '" . zen_db_input($wo_ip_address) . "', '" . zen_db_input($current_time) . "', '" . zen_db_input($current_time) . "', '" . zen_db_input($wo_last_page_url) . "', '" . zen_db_input($_SESSION['customers_host_address']) . "', '" . zen_db_input($wo_user_agent) . "')";
$db->Execute($sql);
}
}
function zen_href_link_admin($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true)
{
global $request_type, $session_started, $http_domain, $https_domain;
if ($page == '') {
bt();
die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine the page link!<br><br>Function used:<br><br>zen_href_link_admin(\'' . $page . '\', \'' . $parameters . '\', \'' . $connection . '\')</b>');
}
if ($connection == 'NONSSL') {
$link = HTTP_SERVER . DIR_WS_ADMIN;
} elseif ($connection == 'SSL') {
$link = HTTPS_SERVER . DIR_WS_HTTPS_ADMIN;
} else {
die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine connection method on a link!<br><br>Known methods: NONSSL SSL<br><br>Function used:<br><br>zen_href_link_admin(\'' . $page . '\', \'' . $parameters . '\', \'' . $connection . '\')</b>');
}
if (!strstr($page, '.php')) {
$page .= '.php';
}
if ($parameters == '') {
$link = $link . $page;
$separator = '?';
} else {
$link = $link . $page . '?' . $parameters;
$separator = '&';
}
while (substr($link, -1) == '&' || substr($link, -1) == '?') {
$link = substr($link, 0, -1);
}
// Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined
if ($add_session_id == true && $session_started == true) {
if (defined('SID') && zen_not_null(SID)) {
$sid = SID;
} elseif ($request_type == 'NONSSL' && $connection == 'SSL' && ENABLE_SSL_ADMIN == 'true' || $request_type == 'SSL' && $connection == 'NONSSL') {
//die($connection);
if ($http_domain != $https_domain) {
$sid = zen_session_name() . '=' . zen_session_id();
}
}
}
if (isset($sid)) {
$link .= $separator . $sid;
}
return $link;
}
function processPayment(&$pPaymentParameters, &$pOrder)
{
global $_POST, $response, $gBitDb, $order;
if (MODULE_PAYMENT_AUTHORIZENET_AIM_STORE_NUMBER == 'True') {
$order->info['cc_number'] = $_POST['cc_number'];
}
$order->info['cc_expires'] = $_POST['cc_expires'];
$order->info['cc_type'] = $_POST['cc_type'];
$order->info['cc_owner'] = $_POST['cc_owner'];
$order->info['cc_cvv'] = $_POST['cc_cvv'];
// DATA PREPARATION SECTION
unset($submit_data);
// Cleans out any previous data stored in the variable
// Create a string that contains a listing of products ordered for the description field
$description = '';
foreach (array_keys($order->contents) as $opid) {
$description .= $order->contents[$opid]['name'] . '(qty: ' . $order->contents[$opid]['quantity'] . ') + ';
}
// Remove the last "\n" from the string
$description = substr($description, 0, -2);
// Create a variable that holds the order time
$order_time = date("F j, Y, g:i a");
// Calculate the next expected order id
$last_order_id = $gBitDb->getOne("select * from " . TABLE_ORDERS . " order by `orders_id` desc");
$new_order_id = $last_order_id->fields['orders_id'];
$new_order_id = $new_order_id + 1;
// Populate an array that contains all of the data to be sent to Authorize.net
$submit_data = array(x_login => MODULE_PAYMENT_AUTHORIZENET_AIM_LOGIN, x_tran_key => MODULE_PAYMENT_AUTHORIZENET_AIM_TXNKEY, x_relay_response => 'FALSE', x_delim_data => 'TRUE', x_version => '3.1', x_type => MODULE_PAYMENT_AUTHORIZENET_AIM_AUTHORIZATION_TYPE == 'Authorize' ? 'AUTH_ONLY' : 'AUTH_CAPTURE', x_method => 'CC', x_amount => number_format($order->info['total'], 2), x_card_num => $_POST['cc_number'], x_exp_date => $_POST['cc_expires'], x_card_code => $_POST['cc_cvv'], x_email_customer => MODULE_PAYMENT_AUTHORIZENET_AIM_EMAIL_CUSTOMER == 'True' ? 'TRUE' : 'FALSE', x_email_merchant => MODULE_PAYMENT_AUTHORIZENET_AIM_EMAIL_MERCHANT == 'True' ? 'TRUE' : 'FALSE', x_cust_id => $_SESSION['customer_id'], x_invoice_num => $new_order_id, x_first_name => $order->billing['firstname'], x_last_name => $order->billing['lastname'], x_company => $order->billing['company'], x_address => $order->billing['street_address'], x_city => $order->billing['city'], x_state => $order->billing['state'], x_zip => $order->billing['postcode'], x_country => $order->billing['country']['title'], x_phone => $order->customer['telephone'], x_email => $order->customer['email_address'], x_ship_to_first_name => $order->delivery['firstname'], x_ship_to_last_name => $order->delivery['lastname'], x_ship_to_address => $order->delivery['street_address'], x_ship_to_city => $order->delivery['city'], x_ship_to_state => $order->delivery['state'], x_ship_to_zip => $order->delivery['postcode'], x_ship_to_country => $order->delivery['country']['title'], x_description => $description, Date => $order_time, IP => $_SERVER['REMOTE_ADDR'], Session => zen_session_id());
if (MODULE_PAYMENT_AUTHORIZENET_AIM_TESTMODE == 'Test') {
$submit_data['x_test_request'] = 'TRUE';
}
// concatenate the submission data and put into variable $data
while (list($key, $value) = each($submit_data)) {
$data .= $key . '=' . urlencode(str_replace(',', '', $value)) . '&';
}
// Remove the last "&" from the string
$data = substr($data, 0, -1);
// SEND DATA BY CURL SECTION
// Post order info data to Authorize.net, make sure you have curl installed
unset($response);
// The commented line below is an alternate connection method
//exec("/usr/bin/curl -d \"$data\" https://secure.authorize.net/gateway/transact.dll", $response);
$url = 'https://secure.authorize.net/gateway/transact.dll';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$authorize = curl_exec($ch);
curl_close($ch);
$response = split('\\,', $authorize);
// DATABASE SECTION
// Insert the send and receive response data into the database.
// This can be used for testing or for implementation in other applications
// This can be turned on and off if the Admin Section
if (MODULE_PAYMENT_AUTHORIZENET_AIM_STORE_DATA == 'True') {
// Create a string from all of the response data for insertion into the database
while (list($key, $value) = each($response)) {
$response_list .= $key + 1 . '=' . urlencode(ereg_replace(',', '', $value)) . '&';
}
// Remove the last "&" from the string
$response_list = substr($response_list, 0, -1);
$response_code = explode(',', $response[0]);
$response_text = explode(',', $response[3]);
$transaction_id = explode(',', $response[6]);
$authorization_type = explode(',', $response[11]);
$db_response_code = $response_code[0];
$db_response_text = $response_text[0];
$db_transaction_id = $transaction_id[0];
$db_authorization_type = $authorization_type[0];
$db_session_id = zen_session_id();
// Insert the data into the database
$gBitDb->Execute("INSERT INTO " . TABLE_AUTHORIZENET . " (`id`, `customer_id`, `order_id`, `response_code`, `response_text`, `authorization_type`, `transaction_id`, `sent`, `received`, `az_time`, `session_id`) VALUES ('', '" . $_SESSION['customer_id'] . "', '" . $new_order_id . "', '" . $db_response_code . "', '" . $db_response_text . "', '" . $db_authorization_type . "', '" . $db_transaction_id . "', '" . $data . "', '" . $response_list . "', '" . $order_time . "', '" . $db_session_id . "')");
}
// Parse the response code and text for custom error display
$response_code = explode(',', $response[0]);
$response_text = explode(',', $response[3]);
$x_response_code = $response_code[0];
$x_response_text = $response_text[0];
// If the response code is not 1 (approved) then redirect back to the payment page with the appropriate error message
if ($x_response_code != '1') {
zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . $x_response_text . ' - ' . urlencode(MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_DECLINED_MESSAGE), 'SSL', true, false));
}
}
function process_button()
{
$process_button_string = zen_draw_hidden_field('cc_owner', $_POST['linkpoint_api_cc_owner']) . zen_draw_hidden_field('cc_expires', $this->cc_expiry_month . substr($this->cc_expiry_year, -2)) . zen_draw_hidden_field('cc_expires_month', $this->cc_expiry_month) . zen_draw_hidden_field('cc_expires_year', substr($this->cc_expiry_year, -2)) . zen_draw_hidden_field('cc_type', $this->cc_card_type) . zen_draw_hidden_field('cc_number', $this->cc_card_number) . zen_draw_hidden_field('cc_cvv', $_POST['linkpoint_api_cc_cvv']);
$process_button_string .= zen_draw_hidden_field(zen_session_name(), zen_session_id());
return $process_button_string;
}
function display_links($query_numrows, $max_rows_per_page, $max_page_links, $current_page_number, $parameters = '', $page_name = 'page')
{
global $PHP_SELF;
$current_page_number = (int) $current_page_number;
if (zen_not_null($parameters) && substr($parameters, -1) != '&') {
$parameters .= '&';
}
if ($max_rows_per_page == 0) {
$max_rows_per_page = 20;
}
if ($query_numrows == 0) {
return '';
}
// calculate number of pages needing links
if ($max_rows_per_page == '' || $max_rows_per_page == 0) {
$max_rows_per_page = $query_numrows;
}
$num_pages = ceil($query_numrows / $max_rows_per_page);
$pages_array = array();
for ($i = 1; $i <= $num_pages; $i++) {
$pages_array[] = array('id' => $i, 'text' => $i);
}
if ($num_pages > 1) {
$display_links = zen_draw_form('pages', basename($PHP_SELF), '', 'get');
if ($current_page_number > 1) {
$display_links .= '<a href="' . zen_href_link(basename($PHP_SELF), $parameters . $page_name . '=' . ($current_page_number - 1), 'NONSSL') . '" class="splitPageLink">' . PREVNEXT_BUTTON_PREV . '</a> ';
} else {
$display_links .= PREVNEXT_BUTTON_PREV . ' ';
}
$display_links .= sprintf(TEXT_RESULT_PAGE, zen_draw_pull_down_menu($page_name, $pages_array, $current_page_number, 'onChange="this.form.submit();"'), $num_pages);
if ($current_page_number < $num_pages && $num_pages != 1) {
$display_links .= ' <a href="' . zen_href_link(basename($PHP_SELF), $parameters . $page_name . '=' . ($current_page_number + 1), 'NONSSL') . '" class="splitPageLink">' . PREVNEXT_BUTTON_NEXT . '</a>';
} else {
$display_links .= ' ' . PREVNEXT_BUTTON_NEXT;
}
if ($parameters != '') {
if (substr($parameters, -1) == '&') {
$parameters = substr($parameters, 0, -1);
}
$pairs = explode('&', $parameters);
while (list(, $pair) = each($pairs)) {
list($key, $value) = explode('=', $pair);
$display_links .= zen_draw_hidden_field(rawurldecode($key), rawurldecode($value));
}
}
if (SID) {
$display_links .= zen_draw_hidden_field(zen_session_name(), zen_session_id());
}
$display_links .= '</form>';
} else {
$display_links = sprintf(TEXT_RESULT_PAGE, $num_pages, $num_pages);
}
return $display_links;
}
action="<?php echo $_SESSION['3Dsecure_acsURL']; ?> "> <input type=hidden name="PaReq" value="<?php echo $_SESSION['3Dsecure_payload']; ?> "> <input type=hidden name="TermUrl" value="<?php echo $_SESSION['3Dsecure_term_url']; ?> "> <input type=hidden name="MD" value="<?php echo zen_session_id(); ?> "> <noscript> <br> <br> <center> <font color="red"> <h1>Processing your Payer Authentication Transaction</h1> <h2> JavaScript is currently disabled or is not supported by your browser.<br> </h2> <h3>Please click Submit to continue the processing of your transaction.</h3> </font> <input type="submit" value="Submit">
/**
* Store the CC info to the order and process any results that come back from the payment gateway
*
*/
function before_process()
{
global $messageStack;
$this->authorize = $_POST;
unset($this->authorize['btn_submit_x'], $this->authorize['btn_submit_y']);
$this->authorize['HashValidationValue'] = $this->calc_md5_response($this->authorize['x_trans_id'], $this->authorize['x_amount']);
$this->authorize['HashMatchStatus'] = $this->authorize['x_MD5_Hash'] == $this->authorize['HashValidationValue'] ? 'PASS' : 'FAIL';
$this->_debugActions($this->authorize, 'Response-Data', '', zen_session_id());
// if in 'echo' mode, dump the returned data to the browser and stop execution
if (AUTHORIZENET_DEVELOPER_MODE == 'echo' || MODULE_PAYMENT_AUTHORIZENET_DEBUGGING == 'echo') {
echo 'Returned Response Codes:<br /><pre>' . print_r($_POST, true) . '</pre><br />';
die('Press the BACK button in your browser to return to the previous page.');
}
if ($this->authorize['x_response_code'] == '1' && $this->authorize['x_MD5_Hash'] == $this->authorize['HashValidationValue']) {
$this->auth_code = $this->authorize['x_auth_code'];
$this->transaction_id = $this->authorize['x_trans_id'];
return;
}
if ($this->authorize['x_response_code'] == '2') {
$messageStack->add_session('checkout_payment', $this->authorize['x_response_reason_text'] . MODULE_PAYMENT_AUTHORIZENET_TEXT_DECLINED_MESSAGE, 'error');
zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
}
// Code 3 or anything else is an error
$messageStack->add_session('checkout_payment', MODULE_PAYMENT_AUTHORIZENET_TEXT_ERROR_MESSAGE, 'error');
zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
}
$sql = "SELECT * FROM " . TABLE_ANTI_ROBOT_REGISTRATION . " WHERE session_id = '" . zen_session_id() . "' LIMIT 1";
if (!($result = $db->Execute($sql))) {
$error = true;
$entry_antirobotreg_error = true;
$text_antirobotreg_error = ERROR_VALIDATION_1;
$messageStack->add('create_account', ERROR_VALIDATION_1);
} else {
$entry_antirobotreg_error = false;
$antirobotrow = $db->Execute($sql);
if (strtolower($_POST['antirobotreg']) != $antirobotrow->fields['reg_key'] or $antirobotrow->fields['reg_key'] == '') {
$error = true;
$entry_antirobotreg_error = true;
$text_antirobotreg_error = ERROR_VALIDATION_2;
$messageStack->add('create_account', ERROR_VALIDATION_2);
} else {
$sql = "DELETE FROM " . TABLE_ANTI_ROBOT_REGISTRATION . " WHERE session_id = '" . zen_session_id() . "'";
if (!($result = $db->Execute($sql))) {
$error = true;
$entry_antirobotreg_error = true;
$text_antirobotreg_error = ERROR_VALIDATION_3;
$messageStack->add('create_account', ERROR_VALIDATION_3);
} else {
$sql = "OPTIMIZE TABLE " . TABLE_ANTI_ROBOT_REGISTRATION . "";
if (!($result = $db->Execute($sql))) {
$error = true;
$entry_antirobotreg_error = true;
$text_antirobotreg_error = ERROR_VALIDATION_4;
$messageStack->add('create_account', ERROR_VALIDATION_4);
} else {
$entry_antirobotreg_error = false;
}
function convertToMobileLink($href_link)
{
if ($this->isMobile()) {
$href_link = ereg_replace('&', '&', $href_link);
if (zen_session_id() && !strstr($href_link, zen_session_name() . '=' . zen_session_id())) {
if (!strstr($href_link, '?')) {
$href_link .= '?';
}
$href_link .= '&' . zen_session_name() . '=' . zen_session_id();
}
// EUC-JP to SJIS
if (strpos($href_link, '?') != false) {
$path = substr($href_link, 0, strpos($href_link, '?') + 1);
$query = substr($href_link, strpos($href_link, '?') + 1);
$sjis_key_val_pairs = array();
$key_val_pairs = split("&", $query);
foreach ($key_val_pairs as $key_val_pair) {
list($key, $val) = split("=", $key_val_pair);
$key = rawurlencode(mb_convert_encoding(rawurldecode($key), 'SJIS', 'EUC-JP'));
$val = rawurlencode(mb_convert_encoding(rawurldecode($val), 'SJIS', 'EUC-JP'));
$sjis_key_val_pairs[] = sprintf("%s=%s", $key, $val);
}
$sjis_query = join("&", $sjis_key_val_pairs);
$href_link = $path . $sjis_query;
}
}
return $href_link;
}
<td class="headerInfo"><?php
echo htmlspecialchars($_GET['info_message']);
?>
</td>
</tr>
</table>
<?php
}
?>
<?php
if (isset($_SESSION['SSL_SESSION_ID'])) {
$show_session_expire = $db->Execute("select * from " . TABLE_SESSIONS . " where sessions_id= '" . $_SESSION['SSL_SESSION_ID'] . "'");
}
echo '<br /><strong>TESTING INFO:</strong> Time page: <strong>' . $_GET['main_page'] . '</strong> was loaded is: <strong>' . date('H:i:s', time()) . '</strong><br /><br />';
echo 'Session ID: ' . zen_session_id() . '<br / >';
echo 'REGISTERED GLOBALS is: <strong>' . (ini_get('register_globals') == '1' ? 'ON' : 'OFF') . '</strong>' . ' Session Timeout: <strong>' . ini_get('session.gc_maxlifetime') . 's</strong><br /><br />';
echo "GLOBALS[{$main_page}] and HTTP_GET_VARS['main_page'] and _GET['main_page'] = " . $GLOBALS['main_page'] . ' - ' . $_GET['main_page'] . ' - ' . $_GET['main_page'] . '<br /><br />';
echo "_SERVER['PHP_SELF'] and _GET['PHP_SELF'] and PHP_SELF and _SESSION['PHP_SELF'] = " . $_SERVER['PHP_SELF'] . ' - ' . $_GET['PHP_SELF'] . ' - ' . $PHP_SELF . ' - ' . $_SESSION['PHP_SELF'] . '<br /><br />';
echo "getenv('REQUEST_URI') = " . getenv('REQUEST_URI') . '<br /><br />';
echo 'SERVER_NAME = ' . $_SERVER['SERVER_NAME'] . '<br /><br />';
echo 'SCRIPT_FILENAME = ' . $_SERVER['SCRIPT_FILENAME'] . '<br /><br />';
echo 'HTTP_REFERER = ' . $_SERVER['HTTP_REFERER'] . '<br /><br />';
echo 'template_dir = ' . $template_dir . '<br /><br />';
echo '$cPath=' . $cPath . '<br /><br />';
echo '<strong>TEST LANGUAGE ' . TEST_LANGUAGE . '</strong><br /><br />';
if (strstr($_SERVER['HTTP_REFERER'], $_SERVER['SERVER_NAME'])) {
echo 'SERVER_NAME within HTTP_REFERER - Yes' . '<br />';
} else {
echo 'SERVER_NAME within HTTP_REFERER - No' . '<br />';
}
/**
* Build the data and actions to process when the "Submit" button is pressed on the order-confirmation screen.
* This sends the data to the payment gateway for processing.
* (These are hidden fields on the checkout confirmation page)
*
* @return string
*/
function process_button()
{
global $order, $db;
$this->order_id = md5(serialize($order->products) . '' . serialize($order->customer) . '' . serialize($order->delivery));
$_SESSION['order_id'] = $this->order_id;
$sql = sprintf("insert into " . TABLE_PAGAMASTARDE . " (order_id) values ('%s')", $this->order_id);
$db->Execute($sql);
$base_url = dirname(sprintf("%s://%s%s", isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ? 'https' : 'http', $_SERVER['SERVER_NAME'], $_SERVER['REQUEST_URI']));
$callback_url = $base_url . '/ext/modules/payment/pagamastarde/callback.php';
$pagamastarde_ok_url = htmlspecialchars_decode(zen_href_link(FILENAME_CHECKOUT_PROCESS, 'action=confirm', 'SSL', true, false));
$pagamastarde_nok_url = trim(zen_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL', false));
$cancelled_url = trim(zen_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', false));
$amount = number_format($order->info['total'] * 100, 0, '', '');
$currency = $_SESSION['currency'];
$currency = 'EUR';
if (MODULE_PAYMENT_PAGAMASTARDE_DISCOUNT == 'False') {
$discount = 'false';
} else {
$discount = 'true';
}
if (MODULE_PAYMENT_PAGAMASTARDE_TESTMODE == 'Test') {
$secret_key = MODULE_PAYMENT_PAGAMASTARDE_TSK;
$public_key = MODULE_PAYMENT_PAGAMASTARDE_TK;
} else {
$secret_key = MODULE_PAYMENT_PAGAMASTARDE_PSK;
$public_key = MODULE_PAYMENT_PAGAMASTARDE_PK;
}
$message = $secret_key . $public_key . $this->order_id . $amount . $currency . $pagamastarde_ok_url . $pagamastarde_nok_url . $callback_url . $discount . $cancelled_url;
$signature = hash('sha512', $message);
// extra parameters for logged users
$sign_up = '';
$dob = '';
$order_total = 0;
$order_count = 0;
if (trim($_SESSION['customer_id']) != '') {
$sql = sprintf("SELECT *\r\n FROM %s\r\n JOIN %s ON customers_info.customers_info_id = customers.customers_id\r\n Where customers.customers_id = %d", TABLE_CUSTOMERS, TABLE_CUSTOMERS_INFO, $_SESSION['customer_id']);
$check = $db->Execute($sql);
while (!$check->EOF) {
$sign_up = substr($check->fields['customers_info_date_account_created'], 0, 10);
$dob = substr($check->fields['customers_dob'], 0, 10);
$check->MoveNext();
}
$sql = sprintf("select * from %s join %s on orders_status.orders_status_id = orders.orders_status\r\n where customers_id=%d\r\n and orders_status.orders_status_name in ('Processing','Delivered')\r\n order by orders_id", TABLE_ORDERS_STATUS, TABLE_ORDERS, $_SESSION['customer_id']);
$check = $db->Execute($sql);
while (!$check->EOF) {
$order_total += $check->fields['order_total'];
$order_count += 1;
$check->MoveNext();
}
}
$submit_data = array('order_id' => $this->order_id, 'email' => $order->customer['email_address'], 'full_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], 'amount' => $amount, 'currency' => $currency, 'ok_url' => $pagamastarde_ok_url, 'nok_url' => $pagamastarde_nok_url, 'cancelled_url' => $cancelled_url, 'account_id' => $public_key, 'signature' => $signature, 'address[street]' => $order->customer['street_address'], 'address[city]' => $order->customer['city'], 'address[province]' => $order->customer['state'], 'address[zipcode]' => $order->customer['postcode'], 'shipping[street]' => $order->delivery['street_address'], 'shipping[city]' => $order->delivery['city'], 'shipping[province]' => $order->delivery['state'], 'shipping[zipcode]' => $order->delivery['postcode'], 'callback_url' => $callback_url, 'discount[full]' => $discount, 'mobile_phone' => $order->customer['telephone'], 'metadata[num_orders]' => $order_count, 'metadata[amount_orders]' => $order_total, 'dob' => $dob, 'metadata[member_since]' => $sign_up);
//product descirption
$desciption = [];
$i = 0;
if (isset($order->info['shipping_method'])) {
$submit_data["items[" . $i . "][description]"] = $order->info['shipping_method'];
$submit_data["items[" . $i . "][quantity]"] = 1;
$submit_data["items[" . $i . "][amount]"] = number_format($order->info['shipping_cost'], 2, '.', '');
$desciption[] = $order->info['shipping_method'];
$i++;
}
foreach ($order->products as $product) {
$submit_data["items[" . $i . "][description]"] = $product['name'] . " (" . $product['qty'] . ") ";
$submit_data["items[" . $i . "][quantity]"] = $product['qty'];
$submit_data["items[" . $i . "][amount]"] = number_format($product['final_price'] * $product['qty'], 2, '.', '');
$desciption[] = $product['name'] . " ( " . $product['qty'] . " )";
$i++;
}
$submit_data['description'] = implode(",", $desciption);
$this->notify('NOTIFY_PAYMENT_AUTHNETSIM_PRESUBMIT_HOOK');
if (MODULE_PAYMENT_PAGAMASTARDE_TESTMODE == 'Test') {
$submit_data['x_Test_Request'] = 'TRUE';
}
$submit_data[zen_session_name()] = zen_session_id();
$process_button_string = "\n";
foreach ($submit_data as $key => $value) {
$process_button_string .= zen_draw_hidden_field($key, $value) . "\n";
}
return $process_button_string;
}
function zen_session_start()
{
@ini_set('session.gc_probability', 1);
@ini_set('session.gc_divisor', 2);
if (IS_ADMIN_FLAG === true) {
@ini_set('session.gc_maxlifetime', SESSION_TIMEOUT_ADMIN > 900 ? 900 : SESSION_TIMEOUT_ADMIN);
} elseif (defined('SESSION_TIMEOUT_CATALOG') && (int) SESSION_TIMEOUT_CATALOG > 120) {
@ini_set('session.gc_maxlifetime', (int) SESSION_TIMEOUT_CATALOG);
}
if (preg_replace('/[a-zA-Z0-9]/', '', session_id()) != '') {
zen_session_id(md5(uniqid(rand(), true)));
}
$temp = session_start();
if (!isset($_SESSION['securityToken'])) {
$_SESSION['securityToken'] = md5(uniqid(rand(), true));
}
return $temp;
}
/**
* Adds the sid to the end of the URL if needed. If a page cache has been
* enabled and no customer is logged in the sid is replaced with '<zinsid>'.
*
* @param string $link current URL.
* @param bool $add_session_id true if a session id be added to the url, false otherwise
* @param string $connection 'NONSSL' or 'SSL' the type of connection to use
* @param string $separator the separator to use between the link and this paramater (if added)
* @return unknown
*/
function add_sid($link, $add_session_id, $connection, $separator)
{
global $request_type, $http_domain, $https_domain, $session_started;
if ($add_session_id == true && $session_started && SESSION_FORCE_COOKIE_USE == 'False') {
if (defined('SID') && zen_not_null(SID)) {
$_sid = SID;
} else {
if ($request_type == 'NONSSL' && $connection == 'SSL' && ENABLE_SSL == 'true' || $request_type == 'SSL' && $connection == 'NONSSL') {
if ($http_domain != $https_domain) {
$_sid = zen_session_name() . '=' . zen_session_id();
}
}
}
}
switch (true) {
case !isset($_SESSION['customer_id']) && defined('ENABLE_PAGE_CACHE') && ENABLE_PAGE_CACHE == 'true' && class_exists('page_cache'):
$return = $link . $separator . '<zensid>';
break;
case zen_not_null($_sid):
$return = $link . $separator . $_sid;
break;
default:
$return = $link;
break;
}
return $return;
}
function send3DSecureHttp($url, $data, $debugData)
{
// verify that the URL uses a supported protocol.
if (strpos($url, "http://") === 0 || strpos($url, "https://") === 0) {
// create a new cURL resource and set params
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "cmpi_msg=" . urlencode($data));
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_TIMEOUT, 8);
// Execute the request.
$result = curl_exec($ch);
$succeeded = curl_errno($ch) == 0 ? true : false;
$error = curl_errno($ch) . '-' . curl_error($ch);
// close cURL resource, and free up system resources
curl_close($ch);
// If Communication was not successful set error result
if (!$succeeded) {
$this->zcLog('Cardinal Send 1', '[' . zen_session_id() . '] Cardinal Centinel - ' . CENTINEL_ERROR_CODE_8030_DESC);
$this->zcLog('Cardinal Send 2', '[' . zen_session_id() . '] Centinel Request: ' . $debugData);
$this->zcLog('Cardinal Send 3', '[' . zen_session_id() . '] Centinel Response: ' . $result);
$result = $this->setErrorResponse(CENTINEL_ERROR_CODE_8030, CENTINEL_ERROR_CODE_8030_DESC);
$errorText = CENTINEL_ERROR_CODE_8030 . ' - ' . CENTINEL_ERROR_CODE_8030_DESC;
$errorText .= "\n\nProblem occurred while customer " . $_SESSION['customer_id'] . ' ' . $_SESSION['customer_first_name'] . ' ' . $_SESSION['customer_last_name'] . ' was attempting checkout with 3D-Secure authentication.';
if ($error != '-') {
$errorText .= "\n\nCURL error: " . $error;
}
zen_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, CENTINEL_ERROR_CODE_8030_DESC . ' (' . CENTINEL_ERROR_CODE_8030 . ')', $errorText, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, array('EMAIL_MESSAGE_HTML' => nl2br($errorText)), 'paymentalert');
} else {
if (strpos($result, "<CardinalMPI>") === false) {
// Assert that we received an expected Centinel Message in response.
$this->zcLog('Cardinal Send 4', '[' . zen_session_id() . '] Cardinal Centinel - ' . CENTINEL_ERROR_CODE_8010_DESC);
$this->zcLog('Cardinal Send 5', '[' . zen_session_id() . '] Centinel Request: ' . $debugData);
$this->zcLog('Cardinal Send 6', '[' . zen_session_id() . '] Centinel Response: ' . $result);
$result = $this->setErrorResponse(CENTINEL_ERROR_CODE_8010, CENTINEL_ERROR_CODE_8010_DESC);
$errorText = CENTINEL_ERROR_CODE_8010 . ' - ' . CENTINEL_ERROR_CODE_8010_DESC;
$errorText .= "\n\nProblem occurred while customer " . $_SESSION['customer_id'] . ' ' . $_SESSION['customer_first_name'] . ' ' . $_SESSION['customer_last_name'] . ' was attempting checkout with 3D-Secure authentication.';
zen_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, CENTINEL_ERROR_CODE_8010_DESC . ' (' . CENTINEL_ERROR_CODE_8010 . ')', $errorText, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, array('EMAIL_MESSAGE_HTML' => nl2br($errorText)), 'paymentalert');
} else {
// Check whether the merchant has a properly configured 3D-Secure account
if (strpos($result, "<ErrorNo>4243") > 0) {
$this->zcLog('Cardinal Send 4', '[' . zen_session_id() . '] Cardinal Centinel - ' . CENTINEL_ERROR_CODE_4243_DESC);
$this->zcLog('Cardinal Send 5', '[' . zen_session_id() . '] Centinel Request: ' . $debugData);
$this->zcLog('Cardinal Send 6', '[' . zen_session_id() . '] Centinel Response: ' . $result);
$result = $this->setErrorResponse(CENTINEL_ERROR_CODE_4243, CENTINEL_ERROR_CODE_4243_DESC);
$errorText = CENTINEL_ERROR_CODE_4243 . ' - ' . CENTINEL_ERROR_CODE_4243_DESC;
$errorText .= "\n\nProblem occurred while customer " . $_SESSION['customer_id'] . ' ' . $_SESSION['customer_first_name'] . ' ' . $_SESSION['customer_last_name'] . ' was attempting checkout with 3D-Secure authentication.';
zen_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, CENTINEL_ERROR_CODE_4243_DESC . ' (' . CENTINEL_ERROR_CODE_4243 . ')', $errorText, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, array('EMAIL_MESSAGE_HTML' => nl2br($errorText)), 'paymentalert');
}
}
}
} else {
$this->zcLog('Cardinal Send 7', '[' . zen_session_id() . '] Cardinal Centinel - ' . CENTINEL_ERROR_CODE_8000_DESC . ' - ' . $url);
$result = $this->setErrorResponse(CENTINEL_ERROR_CODE_8000, CENTINEL_ERROR_CODE_8000_DESC);
$errorText = CENTINEL_ERROR_CODE_8000 . ' - ' . CENTINEL_ERROR_CODE_8000_DESC;
$errorText .= "\n\nProblem occurred while customer " . $_SESSION['customer_id'] . ' ' . $_SESSION['customer_first_name'] . ' ' . $_SESSION['customer_last_name'] . ' was attempting checkout with 3D-Secure authentication.';
zen_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, CENTINEL_ERROR_CODE_8000_DESC . ' (' . CENTINEL_ERROR_CODE_8000 . ')', $errorText, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, array('EMAIL_MESSAGE_HTML' => nl2br($errorText)), 'paymentalert');
}
return $result;
}
function zen_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true, $static = false, $use_dir_ws_catalog = true)
{
global $gBitSystem, $request_type, $session_started, $http_domain, $https_domain;
if ($connection == 'NONSSL') {
$link = HTTP_SERVER;
} elseif ($connection == 'SSL') {
if (ENABLE_SSL == 'true') {
$link = HTTPS_SERVER;
} else {
$link = HTTP_SERVER;
}
} else {
$link = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? HTTPS_SERVER : HTTP_SERVER;
}
if ($use_dir_ws_catalog) {
$link .= DIR_WS_CATALOG;
}
if (!empty($page)) {
$page = 'main_page=' . $page . "&";
}
if (!$static) {
if (zen_not_null($parameters)) {
$link .= 'index.php?' . $page . zen_output_string($parameters);
} else {
$link .= 'index.php?' . $page;
}
} else {
if (zen_not_null($parameters)) {
$link .= $page . "&" . zen_output_string($parameters);
} else {
$link .= $page;
}
}
$separator = '&';
while (substr($link, -1) == '&' || substr($link, -1) == '?') {
$link = substr($link, 0, -1);
}
// Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined
if ($add_session_id == true && $session_started == true && (!defined('SESSION_FORCE_COOKIE_USE') || SESSION_FORCE_COOKIE_USE == 'False')) {
if (defined('SID') && zen_not_null(SID)) {
$sid = SID;
// } elseif ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL_ADMIN == 'true') ) || ( ($request_type == 'SSL') && ($connection == 'NONSSL') ) ) {
} elseif ($request_type == 'NONSSL' && $connection == 'SSL' && ENABLE_SSL == 'true' || $request_type == 'SSL' && $connection == 'NONSSL') {
if ($http_domain != $https_domain) {
$sid = zen_session_name() . '=' . zen_session_id();
}
}
}
// clean up the link before processing
while (strstr($link, '&&')) {
$link = str_replace('&&', '&', $link);
}
while (strstr($link, '&&')) {
$link = str_replace('&&', '&', $link);
}
if (0 && $gBitSystem->isFeatureActive('pretty_urls') && $search_engine_safe == true) {
while (strstr($link, '&&')) {
$link = str_replace('&&', '&', $link);
}
$link = str_replace('&', '/', $link);
$link = str_replace('?', '/', $link);
$link = str_replace('&', '/', $link);
$link = str_replace('=', '/', $link);
$separator = '?';
}
if (isset($sid)) {
$link .= $separator . $sid;
}
// clean up the link after processing
while (strstr($link, '&&')) {
$link = str_replace('&&', '&', $link);
}
$link = preg_replace('/&/', '&', $link);
return $link;
}
/**
* Store the CC info to the order and process any results that come back from the payment gateway
*
*/
function before_process()
{
global $response, $db, $order, $messageStack;
$order->info['cc_type'] = $_POST['cc_type'];
$order->info['cc_owner'] = $_POST['cc_owner'];
$order->info['cc_number'] = str_pad(substr($_POST['cc_number'], -4), strlen($_POST['cc_number']), "X", STR_PAD_LEFT);
$order->info['cc_expires'] = '';
// $_POST['cc_expires'];
$order->info['cc_cvv'] = '***';
//$_POST['cc_cvv'];
$sessID = zen_session_id();
// DATA PREPARATION SECTION
unset($submit_data);
// Cleans out any previous data stored in the variable
// Create a string that contains a listing of products ordered for the description field
$description = '';
for ($i = 0; $i < sizeof($order->products); $i++) {
$description .= $order->products[$i]['name'] . ' (qty: ' . $order->products[$i]['qty'] . ') + ';
}
// Remove the last "\n" from the string
$description = substr($description, 0, -2);
// Create a variable that holds the order time
$order_time = date("F j, Y, g:i a");
// Calculate the next expected order id (adapted from code written by Eric Stamper - 01/30/2004 Released under GPL)
$last_order_id = $db->Execute("select * from " . TABLE_ORDERS . " order by orders_id desc limit 1");
$new_order_id = $last_order_id->fields['orders_id'];
$new_order_id = $new_order_id + 1;
// add randomized suffix to order id to produce uniqueness ... since it's unwise to submit the same order-number twice to authorize.net
$new_order_id = (string) $new_order_id . '-' . zen_create_random_value(6, 'chars');
// Populate an array that contains all of the data to be sent to Authorize.net
$submit_data = array('x_login' => trim(MODULE_PAYMENT_AUTHORIZENET_AIM_LOGIN), 'x_tran_key' => trim(MODULE_PAYMENT_AUTHORIZENET_AIM_TXNKEY), 'x_relay_response' => 'FALSE', 'x_delim_data' => 'TRUE', 'x_delim_char' => $this->delimiter, 'x_encap_char' => $this->encapChar, 'x_version' => '3.1', 'x_type' => MODULE_PAYMENT_AUTHORIZENET_AIM_AUTHORIZATION_TYPE == 'Authorize' ? 'AUTH_ONLY' : 'AUTH_CAPTURE', 'x_method' => 'CC', 'x_amount' => number_format($order->info['total'], 2), 'x_currency_code' => $order->info['currency'], 'x_card_num' => $_POST['cc_number'], 'x_exp_date' => $_POST['cc_expires'], 'x_card_code' => $_POST['cc_cvv'], 'x_email_customer' => MODULE_PAYMENT_AUTHORIZENET_AIM_EMAIL_CUSTOMER == 'True' ? 'TRUE' : 'FALSE', 'x_email_merchant' => MODULE_PAYMENT_AUTHORIZENET_AIM_EMAIL_MERCHANT == 'True' ? 'TRUE' : 'FALSE', 'x_cust_id' => $_SESSION['customer_id'], 'x_invoice_num' => (MODULE_PAYMENT_AUTHORIZENET_AIM_TESTMODE == 'Test' ? 'TEST-' : '') . $new_order_id, 'x_first_name' => $order->billing['firstname'], 'x_last_name' => $order->billing['lastname'], 'x_company' => $order->billing['company'], 'x_address' => $order->billing['street_address'], 'x_city' => $order->billing['city'], 'x_state' => $order->billing['state'], 'x_zip' => $order->billing['postcode'], 'x_country' => $order->billing['country']['title'], 'x_phone' => $order->customer['telephone'], 'x_email' => $order->customer['email_address'], 'x_ship_to_first_name' => $order->delivery['firstname'], 'x_ship_to_last_name' => $order->delivery['lastname'], 'x_ship_to_address' => $order->delivery['street_address'], 'x_ship_to_city' => $order->delivery['city'], 'x_ship_to_state' => $order->delivery['state'], 'x_ship_to_zip' => $order->delivery['postcode'], 'x_ship_to_country' => $order->delivery['country']['title'], 'x_description' => $description, 'x_recurring_billing' => 'NO', 'x_customer_ip' => zen_get_ip_address(), 'x_po_num' => date('M-d-Y h:i:s'), 'x_freight' => number_format((double) $order->info['shipping_cost'], 2), 'x_tax_exempt' => 'FALSE', 'x_tax' => number_format((double) $order->info['tax'], 2), 'x_duty' => '0', 'x_allow_partial_Auth' => 'FALSE', 'Date' => $order_time, 'IP' => zen_get_ip_address(), 'Session' => $sessID);
unset($response);
$response = $this->_sendRequest($submit_data);
$response_code = $response[0];
$response_text = $response[3];
$this->auth_code = $response[4];
$this->transaction_id = $response[6];
$this->avs_response = $response[5];
$this->ccv_response = $response[38];
$response_msg_to_customer = $response_text . ($this->commError == '' ? '' : ' Communications Error - Please notify webmaster.');
$response['Expected-MD5-Hash'] = $this->calc_md5_response($response[6], $response[9]);
$response['HashMatchStatus'] = $response[37] == $response['Expected-MD5-Hash'] ? 'PASS' : 'FAIL';
if ($response[0] == '3' && $response[2] == '103') {
$response['ErrorDetails'] = 'Invalid Transaction Key in AIM configuration.';
}
if ($response[0] == '2' && $response[2] == '44') {
$response['ErrorDetails'] = 'Declined due to CVV refusal by issuing bank.';
}
if ($response[0] == '2' && $response[2] == '45') {
$response['ErrorDetails'] = 'Declined due to AVS/CVV filters.';
}
if ($response[0] == '2' && $response[2] == '65') {
$response['ErrorDetails'] = 'Declined due to custom CVV filters.';
}
if ($response[0] == '3' && $response[2] == '66') {
$response['ErrorDetails'] = 'Transaction did not meet security guideline requirements.';
}
if ($response[0] == '3' && $response[2] == '128') {
$response['ErrorDetails'] = 'Refused by customers bank.';
}
if ($response[0] == '2' && $response[2] == '250') {
$response['ErrorDetails'] = 'Transaction submitted from a blocked IP address.';
}
if ($response[0] == '2' && $response[2] == '251') {
$response['ErrorDetails'] = 'Declined by Fraud Detection Suite filter.';
}
if ($response[0] == '4' && in_array($response[2], array('193', '252', '253'))) {
$this->order_status = 1;
$this->transaction_id .= ' ***NOTE: Held for review by merchant.';
$response['ErrorDetails'] = 'Transaction held for review by merchant or fraud detection suite.';
}
$this->_debugActions($response, $order_time, $sessID);
// If the MD5 hash doesn't match, then this transaction's authenticity cannot be verified.
// Thus, order will be placed in Pending status
if ($response['HashMatchStatus'] != 'PASS' && defined('MODULE_PAYMENT_AUTHORIZENET_AIM_MD5HASH') && MODULE_PAYMENT_AUTHORIZENET_AIM_MD5HASH != '') {
$this->order_status = 1;
$messageStack->add_session('header', MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_AUTHENTICITY_WARNING, 'caution');
}
// If the response code is not 1 (approved) then redirect back to the payment page with the appropriate error message
if ($response_code != '1') {
$messageStack->add_session('checkout_payment', $response_msg_to_customer . ' - ' . MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_DECLINED_MESSAGE, 'error');
zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
}
if ($response[88] != '') {
$_SESSION['payment_method_messages'] = $response[88];
}
}
}
$path = defined('CUSTOM_COOKIE_PATH') ? CUSTOM_COOKIE_PATH : $path;
$domainPrefix = !defined('SESSION_ADD_PERIOD_PREFIX') || SESSION_ADD_PERIOD_PREFIX == 'True' ? '.' : '';
$secureFlag = ENABLE_SSL == 'true' && substr(HTTP_SERVER, 0, 6) == 'https:' && substr(HTTPS_SERVER, 0, 6) == 'https:' || ENABLE_SSL == 'false' && substr(HTTP_SERVER, 0, 6) == 'https:' ? TRUE : FALSE;
if (PHP_VERSION >= '5.2.0') {
session_set_cookie_params(0, $path, zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : '', $secureFlag, TRUE);
} else {
session_set_cookie_params(0, $path, zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : '', $secureFlag);
}
/**
* set the session ID if it exists
*/
if (isset($_POST[zen_session_name()])) {
zen_session_id($_POST[zen_session_name()]);
} elseif ($request_type == 'SSL' && isset($_GET[zen_session_name()])) {
zen_session_id($_GET[zen_session_name()]);
}
/**
* need to tidy up $_SERVER['REMOTE_ADDR'] here before we use it anywhere else
* one problem we don't address here is if $_SERVER['REMOTE_ADDRESS'] is not set to anything at all
*/
$ipAddressArray = explode(',', zen_get_ip_address());
$ipAddress = sizeof($ipAddressArray) > 0 ? $ipAddressArray[0] : '';
$_SERVER['REMOTE_ADDR'] = $ipAddress;
/**
* start the session
*/
$session_started = false;
if (SESSION_FORCE_COOKIE_USE == 'True') {
zen_setcookie('cookie_test', 'please_accept_for_session', time() + 60 * 60 * 24 * 30, '/', zen_not_null($current_domain) ? $current_domain : '');
if (isset($_COOKIE['cookie_test'])) {
/**
* Method to handle cart Action - add product
*
* @param string forward destination
* @param url parameters
*/
function actionAddProduct($goto, $parameters)
{
global $db, $messageStack;
if ($this->display_debug_messages) {
$messageStack->add_session('header', 'A: FUNCTION ' . __FUNCTION__, 'caution');
}
if (isset($_POST['products_id']) && is_numeric($_POST['products_id'])) {
// verify attributes and quantity first
if ($this->display_debug_messages) {
$messageStack->add_session('header', 'A2: FUNCTION ' . __FUNCTION__, 'caution');
}
$the_list = '';
$adjust_max = 'false';
if (isset($_POST['id'])) {
foreach ($_POST['id'] as $key => $value) {
$check = zen_get_attributes_valid($_POST['products_id'], $key, $value);
if ($check == false) {
$the_list .= TEXT_ERROR_OPTION_FOR . '<span class="alertBlack">' . zen_options_name($key) . '</span>' . TEXT_INVALID_SELECTION . '<span class="alertBlack">' . ($value == (int) PRODUCTS_OPTIONS_VALUES_TEXT_ID ? TEXT_INVALID_USER_INPUT : zen_values_name($value)) . '</span>' . '<br />';
}
}
}
if (!is_numeric($_POST['cart_quantity']) || $_POST['cart_quantity'] < 0) {
// adjust quantity when not a value
$chk_link = '<a href="' . zen_href_link(zen_get_info_page($_POST['products_id']), 'cPath=' . zen_get_generated_category_path_rev(zen_get_products_category_id($_POST['products_id'])) . '&products_id=' . $_POST['products_id']) . '">' . zen_get_products_name($_POST['products_id']) . '</a>';
$messageStack->add_session('header', ERROR_CORRECTIONS_HEADING . ERROR_PRODUCT_QUANTITY_UNITS_SHOPPING_CART . $chk_link . ' ' . PRODUCTS_ORDER_QTY_TEXT . zen_output_string_protected($_POST['cart_quantity']), 'caution');
$_POST['cart_quantity'] = 0;
}
// verify qty to add
$add_max = zen_get_products_quantity_order_max($_POST['products_id']);
$cart_qty = $this->in_cart_mixed($_POST['products_id']);
if ($this->display_debug_messages) {
$messageStack->add_session('header', 'B: FUNCTION ' . __FUNCTION__ . ' Products_id: ' . $_POST['products_id'] . ' cart_qty: ' . $cart_qty . ' $_POST[cart_quantity]: ' . $_POST['cart_quantity'] . ' <br>', 'caution');
}
$new_qty = $_POST['cart_quantity'];
$new_qty = $this->adjust_quantity($new_qty, $_POST['products_id'], 'shopping_cart');
// bof: adjust new quantity to be same as current in stock
$chk_current_qty = zen_get_products_stock($_POST['products_id']);
$this->flag_duplicate_msgs_set = FALSE;
if (STOCK_ALLOW_CHECKOUT == 'false' && $cart_qty + $new_qty > $chk_current_qty) {
$new_qty = $chk_current_qty;
$messageStack->add_session('shopping_cart', ($this->display_debug_messages ? 'C: FUNCTION ' . __FUNCTION__ . ': ' : '') . WARNING_PRODUCT_QUANTITY_ADJUSTED . zen_get_products_name($_POST['products_id']), 'caution');
$this->flag_duplicate_msgs_set = TRUE;
}
// eof: adjust new quantity to be same as current in stock
if ($add_max == 1 and $cart_qty == 1) {
// do not add
$new_qty = 0;
$adjust_max = 'true';
} else {
// bof: adjust new quantity to be same as current in stock
if (STOCK_ALLOW_CHECKOUT == 'false' && $new_qty + $cart_qty > $chk_current_qty) {
$adjust_new_qty = 'true';
$alter_qty = $chk_current_qty - $cart_qty;
$new_qty = $alter_qty > 0 ? $alter_qty : 0;
if (!$this->flag_duplicate_msgs_set) {
$messageStack->add_session('shopping_cart', ($this->display_debug_messages ? 'D: FUNCTION ' . __FUNCTION__ . ': ' : '') . WARNING_PRODUCT_QUANTITY_ADJUSTED . zen_get_products_name($_POST['products_id']), 'caution');
}
}
// eof: adjust new quantity to be same as current in stock
// adjust quantity if needed
if ($new_qty + $cart_qty > $add_max and $add_max != 0) {
$adjust_max = 'true';
$new_qty = $add_max - $cart_qty;
}
}
if (zen_get_products_quantity_order_max($_POST['products_id']) == 1 and $this->in_cart_mixed($_POST['products_id']) == 1) {
// do not add
} else {
// process normally
// bof: set error message
if ($the_list != '') {
$messageStack->add('product_info', ERROR_CORRECTIONS_HEADING . $the_list, 'caution');
} else {
// process normally
// iii 030813 added: File uploading: save uploaded files with unique file names
$real_ids = isset($_POST['id']) ? $_POST['id'] : "";
if (isset($_GET['number_of_uploads']) && $_GET['number_of_uploads'] > 0) {
/**
* Need the upload class for attribute type that allows user uploads.
*
*/
include DIR_WS_CLASSES . 'upload.php';
for ($i = 1, $n = $_GET['number_of_uploads']; $i <= $n; $i++) {
if (zen_not_null($_FILES['id']['tmp_name'][TEXT_PREFIX . $_POST[UPLOAD_PREFIX . $i]]) and $_FILES['id']['tmp_name'][TEXT_PREFIX . $_POST[UPLOAD_PREFIX . $i]] != 'none') {
$products_options_file = new upload('id');
$products_options_file->set_destination(DIR_FS_UPLOADS);
$products_options_file->set_output_messages('session');
if ($products_options_file->parse(TEXT_PREFIX . $_POST[UPLOAD_PREFIX . $i])) {
$products_image_extension = substr($products_options_file->filename, strrpos($products_options_file->filename, '.'));
if ($_SESSION['customer_id']) {
$db->Execute("insert into " . TABLE_FILES_UPLOADED . " (sesskey, customers_id, files_uploaded_name) values('" . zen_session_id() . "', '" . $_SESSION['customer_id'] . "', '" . zen_db_input($products_options_file->filename) . "')");
} else {
$db->Execute("insert into " . TABLE_FILES_UPLOADED . " (sesskey, files_uploaded_name) values('" . zen_session_id() . "', '" . zen_db_input($products_options_file->filename) . "')");
}
$insert_id = $db->Insert_ID();
$real_ids[TEXT_PREFIX . $_POST[UPLOAD_PREFIX . $i]] = $insert_id . ". " . $products_options_file->filename;
$products_options_file->set_filename("{$insert_id}" . $products_image_extension);
if (!$products_options_file->save()) {
break;
}
} else {
break;
}
} else {
// No file uploaded -- use previous value
$real_ids[TEXT_PREFIX . $_POST[UPLOAD_PREFIX . $i]] = $_POST[TEXT_PREFIX . UPLOAD_PREFIX . $i];
}
}
}
$this->add_cart($_POST['products_id'], $this->get_quantity(zen_get_uprid($_POST['products_id'], $real_ids)) + $new_qty, $real_ids);
// iii 030813 end of changes.
}
// eof: set error message
}
// eof: quantity maximum = 1
if ($adjust_max == 'true') {
$messageStack->add_session('shopping_cart', ERROR_MAXIMUM_QTY . zen_get_products_name($_POST['products_id']), 'caution');
if ($this->display_debug_messages) {
$messageStack->add_session('header', 'E: FUNCTION ' . __FUNCTION__ . '<br>' . ERROR_MAXIMUM_QTY . zen_get_products_name($_POST['products_id']), 'caution');
}
}
}
if ($the_list == '') {
// no errors
// display message if all is good and not on shopping_cart page
if (DISPLAY_CART == 'false' && $_GET['main_page'] != FILENAME_SHOPPING_CART && $messageStack->size('shopping_cart') == 0) {
$messageStack->add_session('header', ($this->display_debug_messages ? 'FUNCTION ' . __FUNCTION__ . ': ' : '') . SUCCESS_ADDED_TO_CART_PRODUCT, 'success');
zen_redirect(zen_href_link($goto, zen_get_all_get_params($parameters)));
} else {
zen_redirect(zen_href_link(FILENAME_SHOPPING_CART));
}
} else {
// errors found with attributes - perhaps display an additional message here, using an observer class to add to the messageStack
$this->notify('NOTIFIER_CART_OPTIONAL_ATTRIBUTE_ERROR_MESSAGE_HOOK', $_POST, $the_list);
}
}
/**
* Store the CC info to the order and process any results that come back from the payment gateway
*
*/
function before_process()
{
global $response, $db, $order, $messageStack;
$order->info['cc_owner'] = zen_db_prepare_input($_POST['bank_acct_name']);
$order->info['cc_type'] = 'eCheck';
$order->info['cc_number'] = zen_db_prepare_input($_POST['bank_aba_code'] . '-' . str_pad(substr($_POST['bank_acct_num'], -4), strlen($_POST['bank_acct_num']), "X", STR_PAD_LEFT));
$sessID = zen_session_id();
// DATA PREPARATION SECTION
unset($submit_data);
// Cleans out any previous data stored in the variable
// Create a string that contains a listing of products ordered for the description field
$description = '';
for ($i = 0; $i < sizeof($order->products); $i++) {
$description .= $order->products[$i]['name'] . ' (qty: ' . $order->products[$i]['qty'] . ') + ';
}
// Remove the last "\n" from the string
$description = substr($description, 0, -2);
// Create a variable that holds the order time
$order_time = date("F j, Y, g:i a");
// Calculate the next expected order id
$last_order_id = $db->Execute("select * from " . TABLE_ORDERS . " order by orders_id desc limit 1");
$new_order_id = $last_order_id->fields['orders_id'];
$new_order_id = $new_order_id + 1;
$new_order_id = (string) $new_order_id . '-' . zen_create_random_value(6, 'chars');
// Populate an array that contains all of the data to be sent to Authorize.net
$submit_data = array('x_login' => trim(MODULE_PAYMENT_AUTHORIZENET_ECHECK_LOGIN), 'x_tran_key' => trim(MODULE_PAYMENT_AUTHORIZENET_ECHECK_TXNKEY), 'x_relay_response' => 'FALSE', 'x_delim_data' => 'TRUE', 'x_delim_char' => $this->delimiter, 'x_encap_char' => $this->encapChar, 'x_version' => '3.1', 'x_type' => MODULE_PAYMENT_AUTHORIZENET_ECHECK_AUTHORIZATION_TYPE == 'Authorize' ? 'AUTH_ONLY' : 'AUTH_CAPTURE', 'x_amount' => number_format($order->info['total'], 2), 'x_currency_code' => $order->info['currency'], 'x_method' => 'ECHECK', 'x_bank_aba_code' => $_POST['bank_aba_code'], 'x_bank_acct_num' => $_POST['bank_acct_num'], 'x_bank_acct_type' => $_POST['bank_acct_type'], 'x_bank_name' => $_POST['bank_name'], 'x_bank_acct_name' => $_POST['bank_acct_name'], 'x_echeck_type' => 'WEB', 'x_recurring_billing' => 'NO', 'x_email_customer' => MODULE_PAYMENT_AUTHORIZENET_ECHECK_EMAIL_CUSTOMER == 'True' ? 'TRUE' : 'FALSE', 'x_email_merchant' => MODULE_PAYMENT_AUTHORIZENET_ECHECK_EMAIL_MERCHANT == 'True' ? 'TRUE' : 'FALSE', 'x_cust_id' => $_SESSION['customer_id'], 'x_invoice_num' => (MODULE_PAYMENT_AUTHORIZENET_ECHECK_TESTMODE == 'Test' ? 'TEST-' : '') . $new_order_id, 'x_first_name' => $order->billing['firstname'], 'x_last_name' => $order->billing['lastname'], 'x_company' => $order->billing['company'], 'x_address' => $order->billing['street_address'], 'x_city' => $order->billing['city'], 'x_state' => $order->billing['state'], 'x_zip' => $order->billing['postcode'], 'x_country' => $order->billing['country']['title'], 'x_phone' => $order->customer['telephone'], 'x_email' => $order->customer['email_address'], 'x_ship_to_first_name' => $order->delivery['firstname'], 'x_ship_to_last_name' => $order->delivery['lastname'], 'x_ship_to_address' => $order->delivery['street_address'], 'x_ship_to_city' => $order->delivery['city'], 'x_ship_to_state' => $order->delivery['state'], 'x_ship_to_zip' => $order->delivery['postcode'], 'x_ship_to_country' => $order->delivery['country']['title'], 'x_description' => $description, 'x_customer_ip' => zen_get_ip_address(), 'x_po_num' => date('M-d-Y h:i:s'), 'x_freight' => number_format((double) $order->info['shipping_cost'], 2), 'x_tax_exempt' => 'FALSE', 'x_tax' => number_format((double) $order->info['tax'], 2), 'x_duty' => '0', 'Date' => $order_time, 'IP' => zen_get_ip_address(), 'Session' => $sessID);
// process Wells-Fargo-SecureSource-specific parameters
if (MODULE_PAYMENT_AUTHORIZENET_ECHECK_WFSS_ENABLED == 'True') {
$submit_data['x_customer_organization_type'] = zen_db_prepare_input($_POST['echeck_customer_type']);
if (zen_db_prepare_input($_POST['echeck_customer_tax_id']) != '') {
$submit_data['x_customer_tax_id'] = zen_db_prepare_input($_POST['echeck_customer_tax_id']);
} else {
$submit_data = array_merge($submit_data, array('x_drivers_license_num' => zen_db_prepare_input($_POST['echeck_dl_num']), 'x_drivers_license_state' => zen_db_prepare_input($_POST['echeck_dl_state']), 'x_drivers_license_dob' => zen_db_prepare_input($_POST['echeck_dl_dob'])));
}
}
// force conversion to USD
if ($order->info['currency'] != 'USD') {
global $currencies;
$submit_data['x_amount'] = number_format($order->info['total'] * $currencies->get_value('USD'), 2);
$submit_data['x_currency_code'] = 'USD';
unset($submit_data['x_tax'], $submit_data['x_freight']);
}
unset($response);
$response = $this->_sendRequest($submit_data);
$response_code = $response[0];
$response_text = $response[3];
$this->auth_code = $response[4];
$this->transaction_id = $response[6];
$response_msg_to_customer = $response_text . ($this->commError == '' ? '' : ' Communications Error - Please notify webmaster.');
$response['Expected-MD5-Hash'] = $this->calc_md5_response($response[6], $response[9]);
$response['HashMatchStatus'] = $response[37] == $response['Expected-MD5-Hash'] ? 'PASS' : 'FAIL';
$this->_debugActions($response, $order_time, $sessID);
// If the MD5 hash doesn't match, then this transaction's authenticity cannot be verified.
// Thus, order will be placed in Pending status
if ($response['HashMatchStatus'] != 'PASS' && defined('MODULE_PAYMENT_AUTHORIZENET_ECHECK_MD5HASH') && MODULE_PAYMENT_AUTHORIZENET_ECHECK_MD5HASH != '') {
$this->order_status = 1;
$messageStack->add_session('header', MODULE_PAYMENT_AUTHORIZENET_ECHECK_TEXT_AUTHENTICITY_WARNING, 'caution');
}
// If the response code is not 1 (approved) then redirect back to the payment page with the appropriate error message
if ($response_code != '1') {
$messageStack->add_session('checkout_payment', $response_msg_to_customer . ' - ' . MODULE_PAYMENT_AUTHORIZENET_ECHECK_TEXT_DECLINED_MESSAGE, 'error');
zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
}
}
function zen_hide_session_id()
{
global $session_started;
if ($session_started == true && defined('SID') && zen_not_null(SID)) {
return zen_draw_hidden_field(zen_session_name(), zen_session_id());
}
}
function zcInstallAddSID($connection = '')
{
global $request_type, $session_started, $http_domain, $https_domain;
$sid = '';
if ($connection == '') {
$connection = $request_type;
}
// Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined
if ($session_started == true) {
if (defined('SID') && zen_not_null(SID)) {
$sid = SID;
} elseif ($request_type == 'NONSSL' && $connection == 'SSL' || $request_type == 'SSL' && $connection == 'NONSSL') {
if ($http_domain != $https_domain) {
$sid = zen_session_name() . '=' . zen_session_id();
}
}
}
return $sid == '' ? '' : '&' . zen_output_string($sid);
}
function actionAJAXAddProduct()
{
global $messageStack, $db;
if (isset($_POST['products_id']) && is_numeric($_POST['products_id'])) {
// verify attributes and quantity first
$the_list = '';
$adjust_max = 'false';
if (isset($_POST['id'])) {
foreach ($_POST['id'] as $key => $value) {
$check = zen_get_attributes_valid($_POST['products_id'], $key, $value);
if ($check == false) {
$the_list .= TEXT_ERROR_OPTION_FOR . '<span class="alertBlack">' . zen_options_name($key) . '</span>' . TEXT_INVALID_SELECTION . '<span class="alertBlack">' . (zen_values_name($value) == 'TEXT' ? TEXT_INVALID_USER_INPUT : zen_values_name($value)) . '</span>' . '<br />';
}
}
}
// verify qty to add
// $real_ids = $_POST['id'];
//die('I see Add to Cart: ' . $_POST['products_id'] . 'real id ' . zen_get_uprid($_POST['products_id'], $real_ids) . ' add qty: ' . $add_max . ' - cart qty: ' . $cart_qty . ' - newqty: ' . $new_qty);
$add_max = zen_get_products_quantity_order_max($_POST['products_id']);
$cart_qty = $this->in_cart_mixed($_POST['products_id']);
$new_qty = $_POST['cart_quantity'];
if ($new_qty > 400000) {
$new_qty = 400000;
}
//echo 'I SEE actionAddProduct: ' . $_POST['products_id'] . '<br>';
$new_qty = $this->adjust_quantity($new_qty, $_POST['products_id'], 'shopping_cart');
if ($add_max == 1 and $cart_qty == 1) {
// do not add
$new_qty = 0;
$adjust_max = 'true';
} else {
// adjust quantity if needed
if ($new_qty + $cart_qty > $add_max and $add_max != 0) {
$adjust_max = 'true';
$new_qty = $add_max - $cart_qty;
}
}
if (zen_get_products_quantity_order_max($_POST['products_id']) == 1 and $this->in_cart_mixed($_POST['products_id']) == 1) {
// do not add
} else {
// process normally
// bof: set error message
if ($the_list != '') {
$messageStack->add('product_info', ERROR_CORRECTIONS_HEADING . $the_list, 'caution');
// $messageStack->add('header', 'REMOVE ME IN SHOPPING CART CLASS BEFORE RELEASE<br/><BR />' . ERROR_CORRECTIONS_HEADING . $the_list, 'error');
} else {
// process normally
// iii 030813 added: File uploading: save uploaded files with unique file names
$real_ids = isset($_POST['id']) ? $_POST['id'] : "";
if (isset($_GET['number_of_uploads']) && $_GET['number_of_uploads'] > 0) {
/**
* Need the upload class for attribute type that allows user uploads.
*
*/
include DIR_WS_CLASSES . 'upload.php';
for ($i = 1, $n = $_GET['number_of_uploads']; $i <= $n; $i++) {
if (zen_not_null($_FILES['id']['tmp_name'][TEXT_PREFIX . $_POST[UPLOAD_PREFIX . $i]]) and $_FILES['id']['tmp_name'][TEXT_PREFIX . $_POST[UPLOAD_PREFIX . $i]] != 'none') {
$products_options_file = new upload('id');
$products_options_file->set_destination(DIR_FS_UPLOADS);
$products_options_file->set_output_messages('session');
if ($products_options_file->parse(TEXT_PREFIX . $_POST[UPLOAD_PREFIX . $i])) {
$products_image_extension = substr($products_options_file->filename, strrpos($products_options_file->filename, '.'));
if ($_SESSION['customer_id']) {
$db->Execute("insert into " . TABLE_FILES_UPLOADED . " (sesskey, customers_id, files_uploaded_name) values('" . zen_session_id() . "', '" . $_SESSION['customer_id'] . "', '" . zen_db_input($products_options_file->filename) . "')");
} else {
$db->Execute("insert into " . TABLE_FILES_UPLOADED . " (sesskey, files_uploaded_name) values('" . zen_session_id() . "', '" . zen_db_input($products_options_file->filename) . "')");
}
$insert_id = $db->Insert_ID();
$real_ids[TEXT_PREFIX . $_POST[UPLOAD_PREFIX . $i]] = $insert_id . ". " . $products_options_file->filename;
$products_options_file->set_filename("{$insert_id}" . $products_image_extension);
if (!$products_options_file->save()) {
break;
}
} else {
break;
}
} else {
// No file uploaded -- use previous value
$real_ids[TEXT_PREFIX . $_POST[UPLOAD_PREFIX . $i]] = $_POST[TEXT_PREFIX . UPLOAD_PREFIX . $i];
}
}
}
$this->add_cart($_POST['products_id'], $this->get_quantity(zen_get_uprid($_POST['products_id'], $real_ids)) + $new_qty, $real_ids);
// iii 030813 end of changes.
}
// eof: set error message
}
// eof: quantity maximum = 1
if ($adjust_max == 'true') {
// $messageStack->add_session('shopping_cart', ERROR_MAXIMUM_QTY . ' B: - ' . zen_get_products_name($_POST['products_id']), 'caution');
$messageStack->add_session('shopping_cart', ERROR_MAXIMUM_QTY . zen_get_products_name($_POST['products_id']), 'caution');
}
}
}
/**
* Build the data and actions to process when the "Submit" button is pressed on the order-confirmation screen.
* This sends the data to the payment gateway for processing.
* (These are hidden fields on the checkout confirmation page)
*
* @return string
*/
function process_button()
{
global $db, $order, $currencies, $currency;
$this->totalsum = $order->info['total'];
// save the session stuff permanently in case paypal loses the session
$db->Execute("delete from " . TABLE_PAYPAL_SESSION . " where session_id = '" . session_id() . "'");
$sql = "insert into " . TABLE_PAYPAL_SESSION . " (session_id, saved_session, expiry) values (\r\n '" . session_id() . "',\r\n '" . base64_encode(serialize($_SESSION)) . "',\r\n '" . (time() + 1 * 60 * 60 * 24 * 2) . "')";
$db->Execute($sql);
if (MODULE_PAYMENT_PAYPAL_CURRENCY == 'Selected Currency') {
$my_currency = $_SESSION['currency'];
} else {
$my_currency = substr(MODULE_PAYMENT_PAYPAL_CURRENCY, 5);
}
if (!in_array($my_currency, array('CAD', 'EUR', 'GBP', 'JPY', 'USD', 'AUD'))) {
$my_currency = 'USD';
}
$telephone = preg_replace('/\\D/', '', $order->customer['telephone']);
$process_button_string = zen_draw_hidden_field('business', MODULE_PAYMENT_PAYPAL_BUSINESS_ID) . zen_draw_hidden_field('cmd', '_ext-enter') . zen_draw_hidden_field('return', zen_href_link(FILENAME_CHECKOUT_PROCESS, 'referer=paypal', 'SSL')) . zen_draw_hidden_field('cancel_return', zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')) . zen_draw_hidden_field('notify_url', zen_href_link('ipn_main_handler.php', '', 'SSL', false, false, true)) . zen_draw_hidden_field('rm', MODULE_PAYMENT_PAYPAL_RM) . zen_draw_hidden_field('currency_code', $my_currency) . zen_draw_hidden_field('bn', 'zencart') . zen_draw_hidden_field('mrb', 'R-6C7952342H795591R') . zen_draw_hidden_field('pal', '9E82WJBKKGPLQ') . zen_draw_hidden_field('cbt', MODULE_PAYMENT_PAYPAL_CBT) . zen_draw_hidden_field('image_url', MODULE_PAYMENT_PAYPAL_IMAGE_URL) . zen_draw_hidden_field('page_style', MODULE_PAYMENT_PAYPAL_PAGE_STYLE) . zen_draw_hidden_field('item_name', STORE_NAME) . zen_draw_hidden_field('item_number', '1') . zen_draw_hidden_field('lc', $order->customer['country']['iso_code_2']) . zen_draw_hidden_field('amount', number_format($this->totalsum * $currencies->get_value($my_currency), $currencies->get_decimal_places($my_currency))) . zen_draw_hidden_field('shipping', '0.00') . zen_draw_hidden_field('custom', zen_session_name() . '=' . zen_session_id()) . zen_draw_hidden_field('upload', sizeof($order->products)) . zen_draw_hidden_field('redirect_cmd', '_xclick') . zen_draw_hidden_field('first_name', $order->customer['lastname']) . zen_draw_hidden_field('last_name', $order->customer['firstname']) . zen_draw_hidden_field('address1', $order->customer['street_address']) . zen_draw_hidden_field('city', $order->customer['city']) . zen_draw_hidden_field('state', zen_get_zone_code($order->customer['country']['id'], $order->customer['zone_id'], $order->customer['zone_id'])) . zen_draw_hidden_field('zip', $order->customer['postcode']) . zen_draw_hidden_field('country', $order->customer['country']['iso_code_2']) . zen_draw_hidden_field('email', $order->customer['email_address']) . zen_draw_hidden_field('night_phone_a', substr($telephone, 0, 3)) . zen_draw_hidden_field('night_phone_b', substr($telephone, 3, 3)) . zen_draw_hidden_field('night_phone_c', substr($telephone, 6, 4)) . zen_draw_hidden_field('day_phone_a', substr($telephone, 0, 3)) . zen_draw_hidden_field('day_phone_b', substr($telephone, 3, 3)) . zen_draw_hidden_field('day_phone_c', substr($telephone, 6, 4)) . zen_draw_hidden_field('paypal_order_id', $paypal_order_id);
return $process_button_string;
}
/**
* Method to handle cart Action - add product
*
* @param string forward destination
* @param url parameters
*/
public function actionAddProduct($goto, $parameters)
{
if (isset($_POST['products_id']) && is_numeric($_POST['products_id'])) {
// verify attributes and quantity first
$the_list = '';
$adjust_max = 'false';
if (isset($_POST['id'])) {
foreach ($_POST['id'] as $key => $value) {
$check = zen_get_attributes_valid($_POST['products_id'], $key, $value);
if ($check == false) {
$the_list .= TEXT_ERROR_OPTION_FOR . '<span class="alertBlack">' . zen_options_name($key) . '</span>' . TEXT_INVALID_SELECTION . '<span class="alertBlack">' . (zen_values_name($value) == 'TEXT' ? TEXT_INVALID_USER_INPUT : zen_values_name($value)) . '</span>' . '<br />';
}
}
}
// verify qty to add
$add_max = zen_get_products_quantity_order_max($_POST['products_id']);
$cart_qty = $this->in_cart_mixed($_POST['products_id']);
$new_qty = $_POST['cart_quantity'];
$new_qty = $this->adjust_quantity($new_qty, $_POST['products_id'], 'shopping_cart');
if ($add_max == 1 and $cart_qty == 1) {
// do not add
$new_qty = 0;
$adjust_max = 'true';
} else {
// adjust quantity if needed
if ($new_qty + $cart_qty > $add_max and $add_max != 0) {
$adjust_max = 'true';
$new_qty = $add_max - $cart_qty;
}
}
if (zen_get_products_quantity_order_max($_POST['products_id']) == 1 and $this->in_cart_mixed($_POST['products_id']) == 1) {
// do not add
} else {
// process normally
// bof: set error message
if ($the_list != '') {
$this->getMessageStack()->add('product_info', ERROR_CORRECTIONS_HEADING . $the_list, 'caution');
} else {
// process normally
// iii 030813 added: File uploading: save uploaded files with unique file names
$real_ids = isset($_POST['id']) ? $_POST['id'] : "";
if (isset($_GET['number_of_uploads']) && $_GET['number_of_uploads'] > 0) {
/**
* Need the upload class for attribute type that allows user uploads.
*
*/
include DIR_WS_CLASSES . 'upload.php';
for ($i = 1, $n = $_GET['number_of_uploads']; $i <= $n; $i++) {
if (zen_not_null($_FILES['id']['tmp_name'][TEXT_PREFIX . $_POST[UPLOAD_PREFIX . $i]]) and $_FILES['id']['tmp_name'][TEXT_PREFIX . $_POST[UPLOAD_PREFIX . $i]] != 'none') {
$products_options_file = new \upload('id');
$products_options_file->set_destination(DIR_FS_UPLOADS);
$products_options_file->set_output_messages('session');
if ($products_options_file->parse(TEXT_PREFIX . $_POST[UPLOAD_PREFIX . $i])) {
$products_image_extension = substr($products_options_file->filename, strrpos($products_options_file->filename, '.'));
if ($this->getSessionVar('customer_id')) {
$this->getDb()->Execute("insert into %table.files_uploaded% (sesskey, customers_id, files_uploaded_name) values('" . zen_session_id() . "', '" . $this->getSessionVar('customer_id') . "', '" . addslashes($products_options_file->filename) . "')");
} else {
$this->getDb()->Execute("insert into %table.files_uploaded% (sesskey, files_uploaded_name) values('" . zen_session_id() . "', '" . addslashes($products_options_file->filename) . "')");
}
$insert_id = $this->getDb()->Insert_ID();
$real_ids[TEXT_PREFIX . $_POST[UPLOAD_PREFIX . $i]] = $insert_id . ". " . $products_options_file->filename;
$products_options_file->set_filename("{$insert_id}" . $products_image_extension);
if (!$products_options_file->save()) {
break;
}
} else {
break;
}
} else {
// No file uploaded -- use previous value
$real_ids[TEXT_PREFIX . $_POST[UPLOAD_PREFIX . $i]] = $_POST[TEXT_PREFIX . UPLOAD_PREFIX . $i];
}
}
}
$this->add_cart($_POST['products_id'], $this->get_quantity(zen_get_uprid($_POST['products_id'], $real_ids)) + $new_qty, $real_ids);
// iii 030813 end of changes.
}
// eof: set error message
}
// eof: quantity maximum = 1
if ($adjust_max == 'true') {
$this->getMessageStack()->add_session('shopping_cart', ERROR_MAXIMUM_QTY . zen_get_products_name($_POST['products_id']), 'caution');
}
}
if ($the_list == '') {
// no errors
// display message if all is good and not on shopping_cart page
if (DISPLAY_CART == 'false' && $this->getMainPage() != 'shopping_cart') {
$this->getMessageStack()->add_session('header', SUCCESS_ADDED_TO_CART_PRODUCT, 'success');
}
zen_redirect(zen_href_link($goto, zen_get_all_get_params($parameters)));
} else {
// errors - display popup message
}
}
function display_links($query_numrows, $max_rows_per_page, $max_page_links, $current_page_number, $parameters = '', $page_name = 'page')
{
if (zen_not_null($parameters) && substr($parameters, -1) != '&') {
$parameters .= '&';
}
// calculate number of pages needing links
$num_pages = ceil($query_numrows / $max_rows_per_page);
$pages_array = array();
for ($i = 1; $i <= $num_pages; $i++) {
$pages_array[] = array('id' => $i, 'text' => $i);
}
if ($num_pages > 1) {
$display_links = zen_draw_form_admin('pages', basename($_SERVER['SCRIPT_NAME']), '', 'get');
$display_links .= '<ul class="pagination">';
if ($current_page_number > 1) {
$display_links .= '<li><a href="' . zen_href_link_admin(basename($_SERVER['SCRIPT_NAME']), $parameters . $page_name . '=' . ($current_page_number - 1), 'NONSSL') . '" class="splitPageLink">' . PREVNEXT_BUTTON_PREV . '</a></li>';
} else {
$display_links .= '<li><a href="#">«</a></li>';
}
$display_links .= sprintf(TEXT_RESULT_PAGE, zen_draw_pull_down_menu($page_name, $pages_array, $current_page_number, 'onChange="this.form.submit();"'), $num_pages);
if ($current_page_number < $num_pages && $num_pages != 1) {
$display_links .= '<li><a href="' . zen_href_link_admin(basename($_SERVER['SCRIPT_NAME']), $parameters . $page_name . '=' . ($current_page_number + 1), 'NONSSL') . '" class="splitPageLink">' . PREVNEXT_BUTTON_NEXT . '</a></li>';
} else {
$display_links .= '<li><a href="#">»</a></li>';
}
if ($parameters != '') {
if (substr($parameters, -1) == '&') {
$parameters = substr($parameters, 0, -1);
}
$pairs = explode('&', $parameters);
while (list(, $pair) = each($pairs)) {
list($key, $value) = explode('=', $pair);
$display_links .= zen_draw_hidden_field(rawurldecode($key), rawurldecode($value));
}
}
if (SID) {
$display_links .= zen_draw_hidden_field(zen_session_name(), zen_session_id());
}
$display_links .= '</ul>';
$display_links .= '</form>';
} else {
$display_links = sprintf(TEXT_RESULT_PAGE, $num_pages, $num_pages);
}
return $display_links;
}
/**
* Build the data and actions to process when the "Submit" button is pressed on the order-confirmation screen.
* This sends the data to the payment gateway for processing.
* (These are hidden fields on the checkout confirmation page)
*
* @return string
*/
function process_button()
{
global $db, $order, $currencies, $currency;
$options = array();
$optionsCore = array();
$optionsPhone = array();
$optionsShip = array();
$optionsLineItems = array();
$optionsAggregate = array();
$optionsTrans = array();
$buttonArray = array();
// save the session stuff permanently in case paypal loses the session
$_SESSION['ppipn_key_to_remove'] = session_id();
$db->Execute("delete from " . TABLE_PAYPAL_SESSION . " where session_id = '" . zen_db_input($_SESSION['ppipn_key_to_remove']) . "'");
$sql = "insert into " . TABLE_PAYPAL_SESSION . " (session_id, saved_session, expiry) values (\n '" . zen_db_input($_SESSION['ppipn_key_to_remove']) . "',\n '" . base64_encode(serialize($_SESSION)) . "',\n '" . (time() + 1 * 60 * 60 * 24 * 2) . "')";
$db->Execute($sql);
$my_currency = select_pp_currency();
$this->transaction_currency = $my_currency;
$this->totalsum = $order->info['total'] = zen_round($order->info['total'], 2);
$this->transaction_amount = zen_round($this->totalsum * $currencies->get_value($my_currency), $currencies->get_decimal_places($my_currency));
$telephone = preg_replace('/\\D/', '', $order->customer['telephone']);
if ($telephone != '') {
$optionsPhone['H_PhoneNumber'] = $telephone;
if (in_array($order->customer['country']['iso_code_2'], array('US', 'CA'))) {
$optionsPhone['night_phone_a'] = substr($telephone, 0, 3);
$optionsPhone['night_phone_b'] = substr($telephone, 3, 3);
$optionsPhone['night_phone_c'] = substr($telephone, 6, 4);
$optionsPhone['day_phone_a'] = substr($telephone, 0, 3);
$optionsPhone['day_phone_b'] = substr($telephone, 3, 3);
$optionsPhone['day_phone_c'] = substr($telephone, 6, 4);
} else {
$optionsPhone['night_phone_b'] = $telephone;
$optionsPhone['day_phone_b'] = $telephone;
}
}
$optionsCore = array('lc' => $this->getLanguageCode(), 'charset' => CHARSET, 'page_style' => MODULE_PAYMENT_PAYPAL_PAGE_STYLE, 'custom' => zen_session_name() . '=' . zen_session_id(), 'business' => MODULE_PAYMENT_PAYPAL_BUSINESS_ID, 'return' => zen_href_link(FILENAME_CHECKOUT_PROCESS, 'referer=paypal', 'SSL'), 'cancel_return' => zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'), 'shopping_url' => zen_href_link(FILENAME_SHOPPING_CART, '', 'SSL'), 'notify_url' => zen_href_link('ipn_main_handler.php', '', 'SSL', false, false, true), 'redirect_cmd' => '_xclick', 'rm' => 2, 'bn' => 'CNZcart_Cart_EC', 'mrb' => 'R-4DM17246PS436904F', 'pal' => 'GR5QUVVL9AFGN');
$optionsCust = array('first_name' => replace_accents($order->customer['firstname']), 'last_name' => replace_accents($order->customer['lastname']), 'address1' => replace_accents($order->customer['street_address']), 'city' => replace_accents($order->customer['city']), 'state' => zen_get_zone_code($order->customer['country']['id'], $order->customer['zone_id'], $order->customer['state']), 'zip' => $order->customer['postcode'], 'country' => $order->customer['country']['iso_code_2'], 'email' => $order->customer['email_address']);
// address line 2 is optional
if ($order->customer['suburb'] != '') {
$optionsCust['address2'] = $order->customer['suburb'];
}
// different format for Japanese address layout:
if ($order->customer['country']['iso_code_2'] == 'JP') {
$optionsCust['zip'] = substr($order->customer['postcode'], 0, 3) . '-' . substr($order->customer['postcode'], 3);
}
if (MODULE_PAYMENT_PAYPAL_ADDRESS_REQUIRED == 2) {
$optionsCust = array('first_name' => replace_accents($order->delivery['firstname'] != '' ? $order->delivery['firstname'] : $order->billing['firstname']), 'last_name' => replace_accents($order->delivery['lastname'] != '' ? $order->delivery['lastname'] : $order->billing['lastname']), 'address1' => replace_accents($order->delivery['street_address'] != '' ? $order->delivery['street_address'] : $order->billing['street_address']), 'city' => replace_accents($order->delivery['city'] != '' ? $order->delivery['city'] : $order->billing['city']), 'state' => $order->delivery['country']['id'] != '' ? zen_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], $order->delivery['state']) : zen_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], $order->billing['state']), 'zip' => $order->delivery['postcode'] != '' ? $order->delivery['postcode'] : $order->billing['postcode'], 'country' => $order->delivery['country']['title'] != '' ? $order->delivery['country']['title'] : $order->billing['country']['title'], 'country_code' => $order->delivery['country']['iso_code_2'] != '' ? $order->delivery['country']['iso_code_2'] : $order->billing['country']['iso_code_2'], 'email' => $order->customer['email_address']);
if ($order->delivery['suburb'] != '') {
$optionsCust['address2'] = $order->delivery['suburb'];
}
if ($order->delivery['country']['iso_code_2'] == 'JP') {
$optionsCust['zip'] = substr($order->delivery['postcode'], 0, 3) . '-' . substr($order->delivery['postcode'], 3);
}
}
$optionsShip['no_shipping'] = MODULE_PAYMENT_PAYPAL_ADDRESS_REQUIRED;
if (MODULE_PAYMENT_PAYPAL_ADDRESS_OVERRIDE == '1') {
$optionsShip['address_override'] = MODULE_PAYMENT_PAYPAL_ADDRESS_OVERRIDE;
}
// prepare cart contents details where possible
if (MODULE_PAYMENT_PAYPAL_DETAILED_CART == 'Yes') {
$optionsLineItems = ipn_getLineItemDetails($my_currency);
}
if (sizeof($optionsLineItems) > 0) {
$optionsLineItems['cmd'] = '_cart';
// $optionsLineItems['num_cart_items'] = sizeof($order->products);
if (isset($optionsLineItems['shipping'])) {
$optionsLineItems['shipping_1'] = $optionsLineItems['shipping'];
unset($optionsLineItems['shipping']);
}
unset($optionsLineItems['subtotal']);
// if line-item details couldn't be kept due to calculation mismatches or discounts etc, default to aggregate mode
if (!isset($optionsLineItems['item_name_1']) || $optionsLineItems['creditsExist'] == TRUE) {
$optionsLineItems = array();
}
// if ($optionsLineItems['amount'] != $this->transaction_amount) $optionsLineItems = array();
// debug:
// ipn_debug_email('Line Item Details (if blank, this means there was a data mismatch or credits applied, and thus bypassed): ' . "\n" . print_r($optionsLineItems, true));
unset($optionsLineItems['creditsExist']);
}
$optionsAggregate = array('cmd' => '_ext-enter', 'item_name' => MODULE_PAYMENT_PAYPAL_PURCHASE_DESCRIPTION_TITLE, 'item_number' => MODULE_PAYMENT_PAYPAL_PURCHASE_DESCRIPTION_ITEMNUM, 'amount' => number_format($this->transaction_amount, $currencies->get_decimal_places($my_currency)), 'shipping' => '0.00');
if (MODULE_PAYMENT_PAYPAL_TAX_OVERRIDE == 'true') {
$optionsAggregate['tax'] = '0.00';
}
if (MODULE_PAYMENT_PAYPAL_TAX_OVERRIDE == 'true') {
$optionsAggregate['tax_cart'] = '0.00';
}
$optionsTrans = array('upload' => (int) (sizeof($order->products) > 0), 'currency_code' => $my_currency);
// if line-item info is invalid, use aggregate:
if (sizeof($optionsLineItems) > 0) {
$optionsAggregate = $optionsLineItems;
}
if (defined('MODULE_PAYMENT_PAYPAL_LOGO_IMAGE')) {
$optionsCore['cpp_logo_image'] = urlencode(MODULE_PAYMENT_LOGO_IMAGE);
}
if (defined('MODULE_PAYMENT_PAYPAL_CART_BORDER_COLOR')) {
$optionsCore['cpp_cart_border_color'] = MODULE_PAYMENT_PAYPAL_CART_BORDER_COLOR;
}
// prepare submission
$options = array_merge($optionsCore, $optionsCust, $optionsPhone, $optionsShip, $optionsTrans, $optionsAggregate);
// ipn_debug_email('Keys for submission: ' . print_r($options, true));
// build the button fields
foreach ($options as $name => $value) {
// remove quotation marks
$value = str_replace('"', '', $value);
// check for invalid chars
if (preg_match('/[^a-zA-Z_0-9]/', $name)) {
ipn_debug_email('datacheck - ABORTING - preg_match found invalid submission key: ' . $name . ' (' . $value . ')');
break;
}
// do we need special handling for & and = symbols?
// if (strpos($value, '&') !== false || strpos($value, '=') !== false) $value = urlencode($value);
$buttonArray[] = zen_draw_hidden_field($name, $value);
}
$process_button_string = "\n" . implode("\n", $buttonArray) . "\n";
$_SESSION['paypal_transaction_info'] = array($this->transaction_amount, $this->transaction_currency);
return $process_button_string;
}