public function getUserInterface($params) { //$this->setPageTitle('Feed Store');//Foreign Affair $this->addCSS('/modules/Cart/css/cart.css'); $this->addJS('/modules/Cart/js/cart.js'); switch (@$params['action']) { case 'add': require_once 'include/CartBasket.php'; require_once 'include/CartProduct.php'; $item = new CartBasket(); $product = new CartProduct($params['productId']); $price = 0; if (isset($_REQUEST['att'])) { $uniqid = uniqid(rand(), true); $item->setProduct($params['productId'] . ':' . $uniqid); $price = $item->getPrice(); foreach ($_REQUEST['att'] as $key => $newatt) { $attribute = new CartProductAttribute($newatt); $att = new CartBasketAttribute(); $att->setProduct($params['productId'] . ':' . $uniqid); $att->setOptionsId($attribute->getOptionsId()->getId()); $att->setValueId($attribute->getValue()->getId()); $att->setValueText($attribute->getOptionsId()->getName() . ': ' . $attribute->getValue()->getName()); $price = $price + $attribute->getValuesPrice(); if (isset($_SESSION['authenticated_user'])) { $att->setUser($_SESSION['authenticated_user']->getId()); $att->save(); } } } else { $item->setProduct($params['productId']); } if ($product->getSpecials()) { $price += $product->getSpecials()->getNew_products_price(); } else { $price += $product->getPrice(); } $item->setPrice($price); if (isset($params['productQuantity'])) { $item->setQuantity($params['productQuantity']); } else { $item->setQuantity(1); } if (isset($_SESSION['authenticated_user'])) { $item->setUser($_SESSION['authenticated_user']->getId()); $item->save(); } else { $_SESSION['cart_basket'][] = $item; } break; case 'remove': $item = @new CartBasket(@$_REQUEST['cartbasket_id']); if (is_null($item->delete())) { $tmp = array(); foreach ($_SESSION['cart_basket'] as &$item) { if ($item->getProduct()->getId() != $_REQUEST['product_id']) { $tmp[] = $item; } } $_SESSION['cart_basket'] = $tmp; } break; } //var_dump($_REQUEST); //echo $params['section'];exit; switch ($params['section']) { case 'search': $items = CartProduct::searchProducts(@$_REQUEST["selSupplier"], @$_REQUEST["selCategory"], @$_REQUEST["selProductType"]); $this->smarty->assign('products', $items); return $this->smarty->fetch('store.tpl'); break; case 'canCheckout': /*Check to see if the user is ready to go to Paypal * We should check the following: * - The user is actually logged in * - The price of the order is at least $250 * - The shipping address is present * - The billing address is present * - The shipping information is there (Canada Post or FedEx) */ $canCheckout = Module_Cart::canUserCheckout(); foreach ($canCheckout as $key => $value) { $this->smarty->assign($key, $value); } $_SESSION['cart_checkout']['delivery_direction'] = @$_REQUEST["delivery_direction"]; return $this->smarty->fetch("canDoCheckOut.tpl"); break; case 'cartdetail': if (isset($_REQUEST['ship_type'])) { $_SESSION['cart_checkout']['shipping'] = Shipping::factory($_REQUEST['ship_type']); } $this->setUpCartDetail(); return $this->smarty->fetch('cart_detail.tpl'); break; case 'cart': if (!isset($_SESSION['authenticated_user'])) { //Reset all the shipping variables and addresses $_SESSION['cart_checkout']['shipping'] = null; $_SESSION['cart_checkout']['address']['billing_address'] = null; $_SESSION['cart_checkout']['address']['shipping_address'] = null; } $this->setUpCartDetail(); $user = new User(); $form = $user->getUserAddEditForm('/store/checkout'); $form->removeElement('section'); $form->setConstants(array('account' => 'create')); $form->addElement('hidden', 'account'); $this->smarty->assign('user_form', $form); $this->smarty->assign('usernameexists', @$_REQUEST["usernameexists"]); return $this->smarty->fetch('cart.tpl'); break; case 'buyOrder': //DO NOT UNCOMMENT THE FOLLOWING LINE UNLESS YOU WANT TO TEST THE PURCHASE OPERATION //The following line buys the products that are in session. In other words, it bypasses Paypal. $_SESSION['cart_checkout']['payment']->process(); case 'deliverydirections': $_SESSION['cart_checkout']['delivery_direction'] = @$_REQUEST["delivery_direction"]; return $_SESSION['cart_checkout']['delivery_direction']; break; case 'checkout': $_SESSION['cart_checkout']['order'] = null; //Make sure to remove the old order (if any) from the session $_SESSION['cart_checkout']['orderFailureReason'] = null; //AND delete the previous failure reason Module_Cart::initSessionVariables(); switch (@$_REQUEST['account']) { case 'create': $user = new User(); $form = $user->getUserAddEditForm(); if (@$_REQUEST["user_created"] == 1) { $_POST["username"] = $_REQUEST["a_username"]; $_POST["password"] = $_REQUEST["a_password"]; $_POST["doLogin"] = "******"; $auth_container = new CMSAuthContainer(); $auth = new Auth($auth_container, null, 'authInlineHTML'); $auth->start(); } if (@$_REQUEST["username_already_exists"]) { header('Location: /store/cart&usernameexists=1'); exit; } $_SESSION['authenticated_user'] = $user; break; } //Only logged in users can view this page if (!isset($_SESSION['authenticated_user'])) { header('Location: /store/cart'); exit; } //echo $_SESSION['authenticated_user']->getAddress()->getId() . "))))";exit; $_SESSION['cart_checkout']['shipping'] = Shipping::factory('EAndA'); //Always set the shipping to EAndA //The billing address of the order will be the addres of the user $_SESSION['cart_checkout']['address']['billing_address'] = @$_SESSION['authenticated_user']->getAddress(); $_SESSION['cart_checkout']['address']['shipping_address'] = @$_SESSION['authenticated_user']->getShippingAddress(); $this->setUpCartDetail(); $this->addJS('/modules/Cart/js/cart.js'); $shipping = Shipping::getAllShippings(); if (isset($_SESSION['cart_checkout']['payment'])) { $this->smarty->assign('payment_types', $_SESSION['cart_checkout']['payment']->getForm(Payment::getForm())); } else { $this->smarty->assign('payment_types', Payment::getForm()); } if (isset($_SESSION['cart_checkout']['shipping'])) { $this->smarty->assign('ship_types', $_SESSION['cart_checkout']['shipping']->getForm()); } else { $this->smarty->assign('ship_types', Shipping::getForm()); } if (!isset($_SESSION['cart_checkout']['address']['shipping_address'])) { $_SESSION['cart_checkout']['address']['shipping_address'] = new Address(); } $this->smarty->assign('ship_address', $_SESSION['cart_checkout']['address']['shipping_address']); if (!isset($_SESSION['cart_checkout']['address']['billing_address'])) { $_SESSION['cart_checkout']['address']['billing_address'] = new Address(); } $this->smarty->assign('bill_address', $_SESSION['cart_checkout']['address']['billing_address']); $this->smarty->assign('shipping_types', $shipping); $delivery_direction = @$_SESSION['cart_checkout']['delivery_direction']; $this->smarty->assign('delivery_direction', $delivery_direction); return $this->smarty->fetch('cart_checkout_address.tpl'); break; case 'payment': //$this->addJS('/modules/Cart/js/cart.js'); $payment = $_SESSION['cart_checkout']['payment']; $form = $payment->getForm(Payment::getForm()); if ($form->validate() && $form->isSubmitted() && isset($_REQUEST['cart_submit'])) { return $payment->complete($this->smarty); } else { return '<div id="pay_form">' . $form->display() . '</div>'; } break; case 'payform': if (!isset($_REQUEST['pay_type'])) { $_REQUEST['pay_type'] = "Paypal"; } if (isset($_REQUEST['pay_type'])) { $_SESSION['cart_checkout']['payment'] = Payment::factory($_REQUEST['pay_type']); } $form = Payment::getForm(); return $_SESSION['cart_checkout']['payment']->getForm($form)->display(); //return Payment::getForm($form)->display(); break; case 'address': //No need to set the ID of the address to null. //$_SESSION['cart_checkout']['address'][$_REQUEST['adr_type']]->setId(null); if (@$_REQUEST["sameAsBilling"]) { //The user has clicked on the link: "The shipping address is the same as the billing address" //Copy the billing address object to the shipping address object //Make sure we're not assigning pointers $_SESSION['cart_checkout']['address']["shipping_address"]->copy($_SESSION['cart_checkout']['address']["billing_address"]); } if ($_REQUEST['adr_type'] == "shipping_address") { $this->smarty->assign('sameAsBilling', "1"); } $form = $_SESSION['cart_checkout']['address'][$_REQUEST['adr_type']]->getAddEditForm($_REQUEST['adr_type']); $form->addElement('submit', 'submit', 'Submit'); $form->updateAttributes(array('action' => '/store/address')); $form->setConstants(array('adr_type' => $_REQUEST['adr_type'])); $form->addElement('hidden', 'adr_type'); if (isset($_REQUEST['submit'])) { $this->smarty->assign('address', $_SESSION['cart_checkout']['address'][$_REQUEST['adr_type']]); $this->smarty->assign('adr_type', $_REQUEST['adr_type']); /*************************************** * The following lines are important. * Even though the billing address ID is stored in the user's object and there is no need to re-assign it * The old users have that ID set to zero. So, we need to change that to the ID of the billing address */ if ($_REQUEST['adr_type'] == "billing_address") { $_SESSION['authenticated_user']->setAddress($_SESSION['cart_checkout']['address']["billing_address"]); $_SESSION['authenticated_user']->save(); } if ($_REQUEST['adr_type'] == "shipping_address") { $_SESSION['authenticated_user']->setShippingAddress($_SESSION['cart_checkout']['address']["shipping_address"]); $_SESSION['authenticated_user']->save(); } return $this->smarty->fetch('cart_address_format.tpl'); } else { return $form->display(); } break; case 'product': $this->addJS('/modules/Cart/js/cart.js'); $this->addCSS('/modules/Cart/css/product.css'); $product = new CartProduct($params['page']); /* switch (@$_REQUEST['subsection']) { case 'accessories': $this->smarty->assign('products', $product->getAccessories()); $this->smarty->assign('section', 'accessories'); break; default: } */ $this->smarty->assign('product', $product); return $this->smarty->fetch('cart_product.tpl'); break; case 'productform': $product = new CartProduct($params['productId']); $form = $product->getAddToCartForm(); return $form->display(); break; case 'manufacturer': $this->addJS('/modules/Cart/js/cart.js'); $this->smarty->assign('threecol', true); //$products = CartManufacturer::getProductsByManufacturer($params['page']); require_once 'Pager.php'; $pagerOptions = array('mode' => 'Sliding', 'delta' => 3, 'perPage' => 8, 'append' => false, 'path' => '/store/manufacturer', 'fileName' => $params['page'] . "/%d", 'totalItems' => CartManufacturer::getCountCartManufacturer($params['page'])); $pager =& Pager::factory($pagerOptions); list($from, $to) = $pager->getOffsetByPageId(); //$items = CartManufacturer::getCategoriesByManufacturer($params['page']); $items = CartManufacturer::getProductsByManufacturer($params['page'], $from, $to); $this->smarty->assign('pager_links', $pager->links); $this->smarty->assign('page_numbers', array('current' => $pager->getCurrentPageID(), 'total' => $pager->numPages())); $this->smarty->assign('products', $items); $this->smarty->assign('manufacturer', new CartManufacturer($params['page'])); //$this->smarty->assign('products', $products); return $this->smarty->fetch('store.tpl'); break; case 'IPN': Module_Cart::initSessionVariables(); require_once 'include/PaypalIPN.php'; require_once 'include/PaypalLog.php'; $pp = new PaypalIPN(); $process = $pp->checkOrder(); //This method returns either true in case the client actually paid for the products they asked for, or false in case the request didn't come from paypal OR the client didn't pay the right amount of money if ($process) { //Store the order $_SESSION['cart_checkout']['payment']->process(); $this->sendEmail(true); } else { $this->sendEmail(false); //Log a false IPN for security purposes } exit; break; case 'orderComplete': if (@$_SESSION['cart_checkout']['order']->getId()) { $this->smarty->assign('order', $_SESSION['cart_checkout']['order']); $this->smarty->assign('address', $_SESSION['cart_checkout']['address']['shipping_address']); $this->smarty->assign('shippingCost', $this->getShipping()); return $this->smarty->fetch('orderComplete.tpl'); } else { $this->smarty->assign('reason', @$_SESSION['cart_checkout']['orderFailureReason']); return $this->smarty->fetch('orderNotComplete.tpl'); } break; case 'suppliers': $items = CartManufacturer::getAllCartManufacturers(); $this->smarty->assign('suppliers', $items); return $this->smarty->fetch('store.tpl'); break; case 'myorders': //Only logged in users can view this page if (!isset($_SESSION['authenticated_user'])) { header('Location: /user/'); exit; } $this->addCSS('/modules/Cart/css/cart.css'); $this->addCSS('/css/facebox.css'); $this->addJS('/modules/Cart/js/cart.js'); $this->addJS('/js/facebox.js'); $myOrders = CartOrder::getAllCartOrders($_SESSION['authenticated_user']->getId()); $this->smarty->assign('orders', $myOrders); return $this->smarty->fetch('my_orders.tpl'); break; case 'orderDetails': //Only logged in users can view this page if (!isset($_SESSION['authenticated_user'])) { header('Location: /user/'); exit; } $order = new CartOrder(@$_REQUEST['cartorder_orders_id']); if ($order->getCustomer()->getId() == $_SESSION['authenticated_user']->getId()) { $this->smarty->assign('order', $order); return $this->smarty->fetch('admin/order_details.tpl'); } return "You have to login to see this order"; break; case 'category': default: $this->addJS('/modules/Cart/js/cart.js'); $this->smarty->assign('threecol', true); if (!isset($params['page'])) { $cat_id = 0; } else { $cat_id = $params['page']; } $cats = CartCategory::getCartCategorys(array('parent_id' => $cat_id)); if (!isset($_REQUEST['subsection'])) { // require_once 'Pager.php'; // // $pagerOptions = array( // 'mode' => 'Sliding', // 'delta' => 3, // 'perPage' => 10, // 'append' => false, // 'path' => '/store/category/', // 'fileName' => $cat_id . "/%d", // 'totalItems' => CartProduct::getCountCartProductsByCat($cat_id) // ); // $pager =& Pager::factory($pagerOptions); // list($from, $to) = $pager->getOffsetByPageId(); $items = CartProduct::getCategoryProducts($cat_id); // $this->smarty->assign('pager_links', $pager->links); // $this->smarty->assign( // 'page_numbers', array( // 'current' => $pager->getCurrentPageID(), // 'total' => $pager->numPages() // ) // ); } else { if ($_REQUEST['subsection'] == 'manufacturer') { $items = CartProduct::getCategoryProducts($cat_id); $arr = array(); foreach ($items as $item) { if ($item->getManufacturer()->getId() == $_REQUEST['subpage']) { $arr[] = $item; } } $items = $arr; } $this->smarty->assign('manufacturer', new CartManufacturer($_REQUEST['subpage'])); } $arr = array(); //foreach ($items as $itm) { // if (count($itm->getAccessoryOf()) == 0) { // $arr[] = $itm; // } //} //$items = $arr; $this->smarty->assign('products', $items); // stuff //$products = CartProduct::getCategoryProducts($cat_id); $this->smarty->assign('categories', $cats); $this->smarty->assign('cur_cat', new CartCategory($cat_id)); //$this->smarty->assign('products', $products); return $this->smarty->fetch('store.tpl'); } }
public function verifyIPNRequest() { //The following function checks to see if the IPN request actually came from Paypal, or it is a hacker trying to bypass the payment $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&{$key}={$value}"; } //post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen("ssl://" . $this->hostName, 443, $errno, $errstr, 15); $paypalIPN = new PaypalIPN(); if (!$fp) { $paypalIPN->setMemo("HTTP ERROR. {$errstr} {$errno}. There was an issue processing your request. Please contact a system administrator."); $result = false; } else { fputs($fp, $header . $req); $res = ""; while (!feof($fp)) { $res .= fgets($fp); } fclose($fp); $pieces = preg_split("*\r\n\r\n*", $res); $paypalIPN->setTransaction(@$_REQUEST["custom"]); $paypalIPN->setTxnid(@$_REQUEST["txn_id"]); $paypalIPN->setPaymentStatus(@$_REQUEST["payment_status"]); if ($pieces[1] == "VERIFIED") { $paypalIPN->setIsVerified(1); $paypalIPN->setMemo("Verified"); $result = true; } else { $paypalIPN->setIsVerified(0); $paypalIPN->setMemo("The IPN couldn't be verified. This could be a potential hack attempt"); $result = false; } } $postString = ""; foreach ($_REQUEST as $key => $value) { $postString .= "&{$key}={$value}"; } $paypalIPN->setPostString($postString); $paypalIPN->save(); return $result; }
<?php /** * IPN processor for Paypal notifications. * * @author Lee Garner <*****@*****.**> * @copyright Copyright (c) 2011-2014 Lee Garner <*****@*****.**> * @package paypal * @version 0.5.0 * @license http://opensource.org/licenses/gpl-2.0.php * GNU Public License v2 or later * @filesource */ /** Import core glFusion functions */ require_once '../../lib-common.php'; USES_paypal_functions(); /** Import IPN class */ USES_paypal_class_ipn('paypal'); if ($_PP_CONF['debug_ipn'] == 1) { // Get the complete IPN message prior to any processing COM_errorLog("Recieved IPN:", 1); COM_errorLog(var_export($_POST, true), 1); } // Process IPN request $ipn = new PaypalIPN($_POST); $ipn->Process(); // Finished (this isn't necessary...but heck...why not?) echo "Thanks";