/**
* This is the frontend or backend method used directly
* @see cbpaidPaymentBasket::store()
*
* If table key (id) is NULL : inserts a new row
* otherwise updates existing row in the database table
*
* Can be overridden or overloaded by the child class
*
* @param boolean $updateNulls TRUE: null object variables are also updated, FALSE: not.
* @return boolean TRUE if successful otherwise FALSE
*/
public function store($updateNulls = false)
{
global $_CB_framework, $_CB_database;
// 1) check:
if (!in_array($this->payment_status, array('Pending', 'Refunded', 'NotInitiated'))) {
$this->setError(CBPTXT::T("This payment basket is not pending."));
return false;
}
if ($this->txn_id == '') {
$this->txn_id = 'None';
// needed for updatePayment to generate payment record.
}
$paymentBasket = new cbpaidPaymentBasket($_CB_database);
$paymentBasket->load($this->id);
if (!$paymentBasket->gateway_account) {
$this->setError(CBPTXT::T("This payment basket has no gateway associated so can not be paid manually."));
return false;
}
$ipn = new cbpaidPaymentNotification($_CB_database);
$ipn->bindObjectToThisObject($paymentBasket, 'id');
$ipn->mc_currency = $this->mc_currency;
$ipn->mc_gross = $this->mc_gross;
if (!preg_match('/^[1-9][0-9]{3}-[01][0-9]-[0-3][0-9]/', $this->time_completed)) {
$this->time_completed = Application::Database()->getUtcDateTime();
}
$paymentBasket->time_completed = $this->time_completed;
$ipn->payment_type = $this->payment_type;
$paymentBasket->payment_type = $this->payment_type;
$ipn->txn_id = $this->txn_id;
$paymentBasket->txn_id = $this->txn_id;
$ipn->payment_status = 'Completed';
$ipn->txn_type = 'web_accept';
$ipn->payment_method = $this->payment_method;
$ipn->gateway_account = $this->gateway_account;
$ipn->log_type = 'P';
$ipn->time_received = $_CB_database->getUtcDateTime();
$ipn->payment_date = gmdate('H:i:s M d, Y T', $this->time_completed ? cbpaidTimes::getInstance()->strToTime($this->time_completed) : cbpaidTimes::getInstance()->startTime());
// paypal-style //TBD FIXME: WE SHOULD CHANGE THIS OLD DATE STYLE ONCE WITH UTC timezone inputed
$ipn->payment_basket_id = $this->id;
$ipn->raw_result = 'manual';
$ipn->raw_data = '';
$ipn->ip_addresses = cbpaidRequest::getIPlist();
$ipn->user_id = Application::MyUser()->getUserId();
$ipn->txn_id = $this->txn_id;
$ipn->payment_type = $this->payment_type;
$ipn->charset = $_CB_framework->outputCharset();
//TBD
/*
$paymentBasket->first_name = $ipn->first_name = cbGetParam( $_POST, 'txtBTitle' );
$paymentBasket->first_name = $ipn->first_name = cbGetParam( $_POST, 'txtBFirstName' );
$paymentBasket->last_name = $ipn->last_name = cbGetParam( $_POST, 'txtBLastName' );
$paymentBasket->address_street = $ipn->address_street = cbGetParam( $_POST, 'txtBAddr1' );
$paymentBasket->address_zip = $ipn->address_zip = cbGetParam( $_POST, 'txtBZipCode' );
$paymentBasket->address_city = $ipn->address_city = cbGetParam( $_POST, 'txtBCity' );
$paymentBasket->address_country = $ipn->address_country = cbGetParam( $_POST, 'txtBCountry' );
//TBD? $paymentBasket->phone = $ipn->phone = cbGetParam( $_POST, 'txtBTel' );
//TBD? $paymentBasket->fax = $ipn->fax = cbGetParam( $_POST, 'txtBFax' );
$paymentBasket->payer_email = $ipn->payer_email = cbGetParam( $_POST, 'txtBEmail' );
*/
if (!$_CB_database->insertObject($ipn->getTableName(), $ipn, $ipn->getKeyName())) {
trigger_error('store error:' . htmlspecialchars($_CB_database->getErrorMsg()), E_USER_ERROR);
//TBD also in paypal: error code 500 !!!
}
$payAccount = cbpaidControllerPaychoices::getInstance()->getPayAccount($paymentBasket->gateway_account);
if (!$payAccount) {
$this->setError(CBPTXT::T("This payment basket's associated gateway account is not active, so can not be paid manually."));
return false;
}
$payClass = $payAccount->getPayMean();
$payClass->updatePaymentStatus($paymentBasket, 'web_accept', 'Completed', $ipn, 1, 0, 0, 'singlepayment');
return true;
}
/**
* Saves invoicing address, and if error, sets error to baseClass and
* Renders the edit form for the invoicing address for that basket again.
*
* @param UserTable $user
* @param string $introText
* @param string $chosenPaymentMethod
* @return string|null NULL if no error, otherwise HTML for error display.
*/
public function saveBasketPaymentMethodForm( $user, $introText, $chosenPaymentMethod ) {
if ( $this->payment_status == 'NotInitiated' ) {
$payMeans = cbpaidControllerPaychoices::getInstance();
$redirectNow = null;
$payChoicesHtmlArray = $payMeans->getPaymentMethodsParams( $user, $this, $introText, $redirectNow );
$selected = false;
if ( $redirectNow == 'radios' ) {
foreach ( $payChoicesHtmlArray as $gatewaySubMethods ) {
if ( is_array( $gatewaySubMethods ) ) {
foreach ( $gatewaySubMethods as $paymentRadio ) {
/** @var $paymentRadio cbpaidGatewaySelectorRadio */
$selected = ( $chosenPaymentMethod === $paymentRadio->radioValue() );
if ( $selected ) {
break;
}
}
}
if ( $selected ) {
break;
}
}
}
if ( $selected ) {
// $paymentRadio is defined here:
/** @var $paymentRadio cbpaidGatewaySelectorRadio */
$payAccount = $payMeans->getPayAccount( $paymentRadio->gatewayId );
$this->payment_method = $payAccount->getPayMeanName();
$this->gateway_account = $payAccount->id;
$this->payment_type = $paymentRadio->paymentType;
// change $this->mc_currency if needde by the payment method:
$newCurrency = $payAccount->getPayMean()->allowedBasketCurrency( $this->mc_currency, $this->payment_type );
if ( $this->mc_currency != $newCurrency ) {
$this->changeCurrency( $newCurrency, false );
}
$this->updateBasketRecomputeTotalizers();
$return = null;
} else {
$return = CBPTXT::T("Chosen Payment Method is not applicable.");
}
} else {
$return = CBPTXT::T("Payment of this order has already been initiated.");
}
return $return;
}
/**
* If table key (id) is NULL : inserts a new row
* otherwise updates existing row in the database table
*
* Can be overridden or overloaded by the child class
*
* @param boolean $updateNulls TRUE: null object variables are also updated, FALSE: not.
* @return boolean TRUE if successful otherwise FALSE
*/
public function store($updateNulls = false)
{
if (!cbpaidApp::authoriseAction('cbsubs.refunds')) {
$this->setError(CBPTXT::T("Not authorized"));
return false;
}
// 1) check:
if (!in_array($this->payment_status, array('Completed', 'Pending', 'Partially-Refunded'))) {
$this->setError(CBPTXT::T("This payment is not completed, pending or partially refunded."));
return false;
}
if ($this->txn_id == '') {
$this->txn_id = 'None';
// needed for updatePayment to generate payment record.
}
$payment = new cbpaidPayment();
if (!$payment->load((int) $this->id)) {
$this->setError(CBPTXT::T("This payment does not exist."));
return false;
}
$paymentBasket = new cbpaidPaymentBasket();
if (!$paymentBasket->load($this->payment_basket_id)) {
$this->setError(CBPTXT::T("This payment has no associated payment basket and cannot be refunded from here. Maybe from your PSP online terminal ?"));
return false;
}
if (!$this->gateway_account) {
$this->setError(CBPTXT::T("This payment has no gateway associated so can not be refunded."));
return false;
}
$payAccount = cbpaidControllerPaychoices::getInstance()->getPayAccount($this->gateway_account);
if (!$payAccount) {
$this->setError(CBPTXT::T("This payment's payment basket's associated gateway account is not active, so can not be refunded from here."));
return false;
}
$payClass = $payAccount->getPayMean();
$returnText = null;
$amount = sprintf('%.2f', (double) $this->refund_gross);
if (is_callable(array($payClass, 'refundPayment'))) {
$success = $payClass->refundPayment($paymentBasket, $payment, null, $this->refund_is_last, $amount, $this->refund_reason, $returnText);
} else {
$success = false;
}
$user = CBuser::getUserDataInstance($paymentBasket->user_id);
$username = $user ? $user->username : '******';
$replacements = array('[REFUNDAMOUNT]' => $payment->mc_currency . ' ' . $amount, '[PAYMENTID]' => $payment->id, '[PAYMENTAMOUNT]' => $payment->mc_currency . ' ' . $payment->mc_gross, '[BASKETID]' => $paymentBasket->id, '[ORDERID]' => $paymentBasket->sale_id, '[FULLNAME]' => $paymentBasket->first_name . ' ' . $paymentBasket->last_name, '[USERNAME]' => $username, '[USERID]' => $paymentBasket->user_id, '[PAYMENTMETHOD]' => $payClass->getPayName(), '[TXNID]' => $payment->txn_id, '[AUTHID]' => $payment->auth_id, '[ERRORREASON]' => $paymentBasket->reason_code);
if ($success) {
// Success Message ?
// $returnText = CBPTXT::P("Refunded [REFUNDAMOUNT] for payment id [PAYMENTID] of [PAYMENTAMOUNT] for basket id [BASKETID], Order id [ORDERID] of [FULLNAME] (username [USERNAME] - user id [USERID]) using [PAYMENTMETHOD] with txn_id [TXNID] and auth_id [AUTHID].", $replacements );
} else {
$this->setError(CBPTXT::T($payClass->getErrorMSG()) . '. ' . CBPTXT::P("Refund request of [REFUNDAMOUNT] for payment id [PAYMENTID] of [PAYMENTAMOUNT] for basket id [BASKETID], Order id [ORDERID] of [FULLNAME] (username [USERNAME] - user id [USERID]) using [PAYMENTMETHOD] with txn_id [TXNID] and auth_id [AUTHID] failed for reason: [ERRORREASON].", $replacements));
return false;
}
return true;
}
/**
* WARNING: UNCHECKED ACCESS! On purpose unchecked access for M2M operations
* Generates the HTML to display for a specific component-like page for the tab. WARNING: unchecked access !
* @param TabTable|null $tab the tab database entry
* @param UserTable $user the user being displayed
* @param int $ui 1 for front-end, 2 for back-end
* @param array $postdata _POST data for saving edited tab content as generated with getEditTab
* @return mixed either string HTML for tab content, or false if ErrorMSG generated
*/
public function getTabComponent( /** @noinspection PhpUnusedParameterInspection */ $tab, $user, $ui, $postdata ) {
global $_CB_database, $_CB_framework, $_POST;
$return = '';
$paid = false;
$oldignoreuserabort = ignore_user_abort(true);
$allowHumanHtmlOutput = true; // this will be reverted in case of M2M server-to-server notifications
$act = $this->base->_getReqParam( 'act' );
$actPosted = isset($_POST[$this->base->_getPagingParamName('act')]);
if ( $act === null ) {
$act = $this->base->input( 'act', null, GetterInterface::COMMAND );
$actPosted = $this->base->input( 'post/act', null, GetterInterface::COMMAND ) !== null;
}
$post_user_id = (int) cbGetParam( $_GET, 'user', 0 );
if ( $actPosted && ( $post_user_id > 0 ) ) {
$access = false;
$myId = $_CB_framework->myId();
if ( is_object( $user ) ) {
if ( $myId == 0 ) {
if ( in_array( $act, array( 'saveeditinvoiceaddress', 'saveeditbasketintegration', 'showbskt' ) ) ) {
$access = true;
} else {
$paidsubsManager =& cbpaidSubscriptionsMgr::getInstance();
if ( ! $paidsubsManager->checkExpireMe( __FUNCTION__, $user->id, false ) ) {
// expired subscriptions: we will allow limited access to:
if ( in_array( $act, array( 'upgrade', 'pay', 'reactivate', 'resubscribe', 'display_subscriptions' ) ) ) {
$access = true;
}
}
}
} else {
if ( ( $ui == 1 && ( $user->id == $myId ) )
|| ( cbpaidApp::authoriseAction( 'cbsubs.usersubscriptionmanage' ) ) ) {
$access = true;
}
}
} else {
$return = CBPTXT::T("User does not exist") . '.';
}
if ( ! $access ) {
$return .= '<br />' . CBPTXT::T("Not authorized action") . '.';
return $return;
}
cbSpoofCheck( 'plugin' ); // anti-spoofing check
// renew or upgrade subscription payment form:
$params = $this->params;
$now = $_CB_framework->now();
$subscriptionsGUI = new cbpaidControllerUI();
$subscriptionIds = $subscriptionsGUI->getEditPostedBoxes( 'id' );
if ( $subscriptionIds == array( 0 ) ) {
$subscriptionIds = array();
}
if ( $post_user_id && ( $user->id == $post_user_id ) ) {
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
switch ( $act ) {
case 'upgrade': // upgrade an existing subscription
// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$chosenPlans = $subscriptionsGUI->getAndCheckChosenUpgradePlans( $postdata, $user, $now );
if ( ( ! is_array( $chosenPlans ) ) || ( count( $chosenPlans ) == 0 ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= ( is_string( $chosenPlans ) ? $chosenPlans . '<br />' : '' )
. sprintf( CBPTXT::Th("Please press back button and select the %s plan to which you would like to upgrade."), $subTxt );
break;
}
$introText = CBPTXT::Th( $params->get( 'intro_text_upgrade', null ) );
//TBD: check if already exists (reload protection):
$paymentBasket = cbpaidControllerOrder::createSubscriptionsAndPayment( $user, $chosenPlans, $postdata, $subscriptionIds, null, 'R', CBPTXT::T("Upgrade"), 'U' );
if ( is_object( $paymentBasket ) ) {
$return = cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$return = $paymentBasket; // show messages as nothing to pay.
}
break;
case 'pay': // pay for an unpaid subscription
// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$plan = $this->base->_getReqParam( 'plan' );
if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
break;
}
$plansMgr =& cbpaidPlansMgr::getInstance();
$chosenPlans = array();
$chosenPlans[(int) $plan] = $plansMgr->loadPlan( (int) $plan );
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$paymentStatus = null;
$return = cbpaidControllerOrder::showPaymentForm( $user, $chosenPlans, $introText, $subscriptionIds, $paymentStatus );
break;
case 'renew': // renew a still valid subscription
case 'reactivate': // reactivate an expired subscription
case 'resubscribe': // resubscribe a cancelled subscription
// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$plan = $this->base->_getReqParam( 'plan' );
if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
break;
}
$plansMgr =& cbpaidPlansMgr::getInstance();
$chosenPlans = array();
$chosenPlans[(int) $plan] = $plansMgr->loadPlan( (int) $plan );
$paidSomethingMgr =& cbpaidSomethingMgr::getInstance();
$subscription = $paidSomethingMgr->loadSomething( $subscriptionIds[$plan][0], $subscriptionIds[$plan][1] );
global $_PLUGINS;
$_PLUGINS->loadPluginGroup( 'user', 'cbsubs.' );
$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin');
$_PLUGINS->trigger( 'onCPayAfterPlanRenewalSelected', array( &$chosenPlans[(int) $plan], &$subscription, $act ) );
if ( $_PLUGINS->is_errors() ) {
$return .= $_PLUGINS->getErrorMSG();
break;
}
$introText = CBPTXT::Th( $params->get( 'intro_text_renew', null ) );
//TBD: check if already exists (reload protection):
$paymentBasket = cbpaidControllerOrder::createSubscriptionsAndPayment( $user, $chosenPlans, $postdata, $subscriptionIds, null, null, CBPTXT::T("Renew"), 'R' );
if ( is_object( $paymentBasket ) ) {
$return = cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$return = $paymentBasket; // show messages as nothing to pay.
}
break;
case 'unsubscribe': // request to unsubscribe an active subscription
// display unsubscribe confirmation form:
$plan = $this->base->_getReqParam( 'plan' );
if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
break;
}
$introText = CBPTXT::Th( $params->get( 'unsubscribe_intro_text' , null ) );
$return = $subscriptionsGUI->showUnsubscribeForm( $user, $introText, (int) $plan, (int) $subscriptionIds[$plan][1] );
break;
case 'confirm_unsubscribe': // confirm previous request to unsubscribe an active subscription
// unsubscribe confirmed:
$plan = $this->base->_getReqParam( 'plan' );
if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
break;
}
if ( ( $plan ) && ( count( $subscriptionIds ) == 1 ) ) {
$unsubscribeConfText = CBPTXT::Th( $params->get( 'unsubscribe_confirmation_text', null ) );
$return = cbpaidControllerOrder::doUnsubscribeConfirm( $user, $unsubscribeConfText, (int) $plan, (int) $subscriptionIds[$plan][1] );
}
break;
case 'display_subscriptions':
// unsubscribe cancelled: display subscriptions:
$return = $this->base->displayUserTab( $user );
break;
case 'showinvoice':
// shows a particular user invoice:
if ( $params->get( 'show_invoices', 1 ) ) {
$invoiceNo = $this->base->_getReqParam( 'invoice' );
$return = $this->showInvoice( $invoiceNo, $user );
}
break;
case 'saveeditinvoiceaddress':
case 'editinvoiceaddress': // this is the case of reload of invoicing address
$invoicingAddressQuery = $params->get( 'invoicing_address_query' );
if ( $invoicingAddressQuery > 0 ) {
$basketId = $this->base->_getReqParam( 'basket', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
if ( ( $act == 'saveeditinvoiceaddress' ) && $this->base->input( 'actbutton', null, GetterInterface::COMMAND ) ) { // IE7-8 will return text instead of value and IE6 will return button all the time http://www.dev-archive.net/articles/forms/multiple-submit-buttons.html
$return = $paymentBasket->saveInvoicingAddressForm( $user );
if ( $return === null ) {
$paymentBasket->storeInvoicingDefaultAddress();
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
}
} else {
// invoice has reloaded itself (e.g. for country change):
$return = $paymentBasket->renderInvoicingAddressForm( $user );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'saverecordpayment':
case 'editrecordpayment': // this is the case of reload of the form
$basketId = $this->base->_getReqParam( 'basket', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status != 'Completed' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
if ( $paymentBasket->authoriseAction( 'cbsubs.recordpayments' ) ) {
if ( ( $act == 'saverecordpayment' ) && $this->base->input( 'actbutton', null, GetterInterface::COMMAND ) ) { // IE7-8 will return text instead of value and IE6 will return button all the time http://www.dev-archive.net/articles/forms/multiple-submit-buttons.html
$return = cbpaidRecordBasketPayment::saveRecordPayment( $paymentBasket->id );
if ( $return === null ) {
$return .= CBPTXT::T("Payment recorded.")
. ' <a href="' . $_CB_framework->userProfileUrl( $paymentBasket->user_id, true ) . '">'
. CBPTXT::Th("View user profile")
. '</a>';
}
} else {
// invoice has reloaded itself (e.g. for country change):
$return = cbpaidRecordBasketPayment::displayRecordPaymentForm( $paymentBasket->id );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
break;
default:
cbNotAuth();
return '';
break;
}
}
} elseif ( $this->base->_getReqParam( 'account' ) && ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) {
$account = $this->base->_getReqParam( 'account' );
$post_user_id = (int) cbGetParam( $_GET, 'user', 0 );
$user = CBuser::getUserDataInstance( (int) $post_user_id );
if ( $user->id ) {
if ( isset( $_SESSION['cbsubs']['expireduser'] ) && ( $_SESSION['cbsubs']['expireduser'] == $user->id ) ) {
// expired subscriptions of membership: show possibilities:
$subscriptionsGUI = new cbpaidControllerUI();
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
switch ( $account ) {
case 'expired':
$paidsubsManager =& cbpaidSubscriptionsMgr::getInstance();
if ( ! $paidsubsManager->checkExpireMe( __FUNCTION__, $user->id, false ) ) {
// no valid membership:
$return = $subscriptionsGUI->getShowSubscriptionUpgrades( $user, true );
}
break;
default:
break;
}
} else {
$return = CBPTXT::Th("Browser cookies must be enabled.");
}
}
} elseif ( in_array( $act, array( 'setbsktpmtmeth', 'setbsktcurrency' ) ) ) {
cbSpoofCheck( 'plugin' ); // anti-spoofing check
$params = $this->params;
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
$basketId = $this->base->_getReqParam( 'bskt', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
switch ( $act ) {
case 'setbsktpmtmeth':
if ( $params->get( 'payment_method_selection_type' ) == 'radios' ) {
$chosenPaymentMethod = cbGetParam( $_POST, 'payment_method' );
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return = $paymentBasket->saveBasketPaymentMethodForm( $user, $introText, $chosenPaymentMethod );
if ( $return === null ) {
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'setbsktcurrency':
if ( $params->get( 'allow_select_currency', '0' ) ) {
$newCurrency = cbGetParam( $_POST, 'currency' );
if ( $newCurrency ) {
if ( in_array( $newCurrency, cbpaidControllerPaychoices::getInstance()->getAllCurrencies() ) ) {
$paymentBasket->changeCurrency( $newCurrency );
} else {
$this->base->_setErrorMSG( CBPTXT::T("This currency is not allowed") );
}
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Changes of currency of orders are not authorized") );
}
break;
default:
cbNotAuth();
return '';
break;
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
} elseif ( $act == 'cbsubsclass' ) {
$pluginName = $this->base->_getReqParam( 'class' );
if ( preg_match( '/^[a-z]+$/', $pluginName ) ) {
$element = 'cbsubs.' . $pluginName;
global $_PLUGINS;
$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin', $element );
$loadedPlugins =& $_PLUGINS->getLoadedPluginGroup( 'user/plug_cbpaidsubscriptions/plugin' );
$params = $this->params;
foreach ($loadedPlugins as $p ) {
if ( $p->element == $element ) {
$pluginId = $p->id;
$args = array( &$user, &$params, &$postdata );
/** @noinspection PhpUndefinedCallbackInspection */
$return = $_PLUGINS->call( $pluginId, 'executeTask', 'getcbsubs' . $pluginName . 'Tab', $args, null );
break;
}
}
}
} elseif ( $act && ( ! in_array( $act, array( 'showbskt', 'setbsktpmtmeth' ) ) ) && ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) {
if ( ! is_object( $user ) ) {
return CBPTXT::T("User does not exist.");
}
$params = $this->params;
$post_user_id = (int) cbGetParam( $_GET, 'user', 0 );
if ( $post_user_id && ( ( $user->id == $post_user_id ) || ( cbpaidApp::authoriseAction( 'cbsubs.usersubscriptionmanage' ) ) ) ) {
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
switch ( $act ) {
case 'showinvoice':
if ( $params->get( 'show_invoices', 1 ) ) {
$invoiceNo = $this->base->_getReqParam( 'invoice', 0 );
// This also checks for cbpaidApp::authoriseAction on cbsubs.sales or cbsubs.financial access permissions:
$return = $this->showInvoice( $invoiceNo, $user );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'showinvoiceslist':
$showInvoices = $params->get( 'show_invoices', 1 );
$invoicesShowPeriod = $params->get( 'invoices_show_period', '0000-06-00 00:00:00' );
$itsmyself = ( $_CB_framework->myId() == $user->id );
if ( $showInvoices && ( $itsmyself || ( cbpaidApp::authoriseAction( 'cbsubs.sales' ) || cbpaidApp::authoriseAction( 'cbsubs.financial' ) ) ) ) {
$subscriptionsGUI = new cbpaidControllerUI();
$invoices = $this->_getInvoices( $user, $invoicesShowPeriod, false );
if ( $invoicesShowPeriod && ( $invoicesShowPeriod != '0000-00-00 00:00:00' ) ) {
$cbpaidTimes =& cbpaidTimes::getInstance();
$periodText = $cbpaidTimes->renderPeriod( $invoicesShowPeriod, 1, false );
} else {
$periodText = '';
}
$return .= $subscriptionsGUI->showInvoicesList( $invoices, $user, $itsmyself, $periodText );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'editinvoiceaddress': // this is the case of the initial edit address link
if ( $params->get( 'invoicing_address_query' ) > 0 ) {
$basketId = $this->base->_getReqParam( 'basket', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
$return = $paymentBasket->renderInvoicingAddressForm( $user );
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'showrecordpayment':
$paymentBasketId = $this->base->_getReqParam( 'recordpayment', 0 );
if ( $paymentBasketId ) {
$paymentBasket = new cbpaidPaymentBasket();
if ( $paymentBasket->load( (int) $paymentBasketId ) && $paymentBasket->authoriseAction( 'cbsubs.recordpayments' ) ) {
// Auto-loads class: and authorization is checked inside:
$return = cbpaidRecordBasketPayment::displayRecordPaymentForm( $paymentBasketId );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
default:
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
break;
}
}
} elseif ( $act == 'showbskt' && ( ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) || ( $this->base->_getReqParam( 'bskt', 0 ) && $this->base->_getReqParam( 'bck' ) ) ) {
$basketId = $this->base->_getReqParam( 'bskt', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
// Basket integrations saving/editing url:
if ( in_array($act, array( 'saveeditbasketintegration', 'editbasketintegration' ) ) ) { // edit is the case of edit or reload of integration form
$integration = $this->base->_getReqParam( 'integration' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( preg_match( '/^[a-z]+$/', $integration ) && $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
global $_PLUGINS;
$element = 'cbsubs.' . $integration;
$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin', $element );
$results = $_PLUGINS->trigger( 'onCPayEditBasketIntegration', array( $integration, $act, &$paymentBasket ) );
$return = null;
foreach ( $results as $r ) {
if ( $r ) {
$return .= $r;
}
}
if ( $act == 'editbasketintegration' ) {
if ( $return !== null ) {
return $return;
}
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
}
$post_user_id = (int) cbGetParam( $_GET, 'user', 0 );
if ( $post_user_id && ! ( ( is_object( $user ) && ( $user->id == $post_user_id ) ) ) ) {
return CBPTXT::T("User does not exist.");
}
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
$params = $this->params;
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) ) {
if ( ! $post_user_id ) {
$cbUser =& CBuser::getInstance( (int) $paymentBasket->user_id );
$user =& $cbUser->getUserData();
if ( ( ! is_object( $user ) ) || ! $user->id ) {
return CBPTXT::T("User does not exist.");
}
}
if ( ( $hashToCheck && $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) )
|| ( ( ! $hashToCheck ) && $paymentBasket->user_id && ( $paymentBasket->user_id == $_CB_framework->myId() ) ) )
{
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
// } elseif ( isset($_REQUEST['result']) && isset( $_REQUEST['user'] ) && ( $_REQUEST['user'] > 0 ) ) {
} elseif ( isset($_REQUEST['result']) && ( $this->base->_getReqParam('method') || $this->base->_getReqParam('gacctno') ) ) {
// don't check license here so initiated payments can complete !
$params = $this->params;
$method = $this->base->_getReqParam('method');
if ( ( $method == 'freetrial' ) || ( $method == 'cancelpay' ) ) {
cbpaidApp::import( 'processors.freetrial.freetrial' );
cbpaidApp::import( 'processors.cancelpay.cancelpay' );
$className = 'cbpaidGatewayAccount' . $method;
$payAccount = new $className( $_CB_database );
} else {
$gateAccount = $this->base->_getReqParam('gacctno');
$payAccount = cbpaidControllerPaychoices::getInstance()->getPayAccount( $gateAccount );
if ( ! $payAccount ) {
return '';
}
}
$payClass = $payAccount->getPayMean();
$paymentBasket = new cbpaidPaymentBasket($_CB_database);
if ( $payClass && ( ( $this->base->_getReqParam('method') == $payClass->getPayName() ) || ( $this->base->_getReqParam('method') == null ) ) && $payClass->hashPdtBackCheck( $this->base->_getReqParam('pdtback') ) ) {
// output for resultNotification: $return and $allowHumanHtmlOutput
$return = $payClass->resultNotification( $paymentBasket, $postdata, $allowHumanHtmlOutput );
}
if ( ! $paymentBasket->id ) {
$this->base->_setErrorMSG(CBPTXT::T("No suitable basket found."));
} else {
$user =& CBuser::getUserDataInstance( (int) $paymentBasket->user_id );
if ( $paymentBasket->payment_status == 'RegistrationCancelled' ) {
// registration cancelled: delete payment basket and delete user after checking that he is not yet active:
if ( $paymentBasket->load( (int) $paymentBasket->id ) ) {
if ( $payClass->hashPdtBackCheck( $this->base->_getReqParam('pdtback') ) && ( ( $paymentBasket->payment_status == 'NotInitiated' ) || ( ( $paymentBasket->payment_status === 'Pending' ) && ( $paymentBasket->payment_method === 'offline' ) ) ) ) {
$notification = new cbpaidPaymentNotification();
$notification->initNotification( $payClass, 0, 'P', $paymentBasket->payment_status, $paymentBasket->payment_type, null, $_CB_framework->now(), $paymentBasket->charset );
$payClass->updatePaymentStatus( $paymentBasket, 'web_accept', 'RegistrationCancelled', $notification, 0, 0, 0, true );
// This is a notification or a return to site after payment, we want to log any error happening in third-party stuff in case:
cbpaidErrorHandler::keepTurnedOn();
}
}
}
if ( $allowHumanHtmlOutput ) {
// If frontend, we display result, otherwise, If Server-to-server notification: do not display any additional text here !
switch ( $paymentBasket->payment_status ) {
case 'Completed':
// PayPal recommends including the following information with the confirmation:
// - Item name
// - Amount paid
// - Payer email
// - Shipping address
$newMsg = sprintf( CBPTXT::Th("Thank you for your payment of %s for the %s %s."), $paymentBasket->renderPrice(),
$paymentBasket->item_name,
htmlspecialchars( $payClass->getTxtUsingAccount( $paymentBasket ) ) ) // ' using your paypal account ' . $paymentBasket->payer_email
. ' ' . $payClass->getTxtNextStep( $paymentBasket );
// . "Your transaction has been completed, and a receipt for your purchase has been emailed to you by PayPal. "
// . "You may log into your account at www.paypal.com to view details of this transaction.</p>\n";
if ( $params->get( 'show_invoices' ) ) {
$itsmyself = ( $_CB_framework->myId() == $user->id );
$subscriptionsGUI = new cbpaidControllerUI();
$newMsg .= '<p id="cbregviewinvoicelink">'
. $subscriptionsGUI->getInvoiceShowAhtml( $paymentBasket, $user, $itsmyself, CBPTXT::Th("View printable invoice") )
. '</p>'
;
}
$paid = true;
break;
case 'Pending':
$newMsg = sprintf( CBPTXT::Th("Thank you for initiating the payment of %s for the %s %s."), $paymentBasket->renderPrice(),
$paymentBasket->item_name,
htmlspecialchars( $payClass->getTxtUsingAccount( $paymentBasket ) ) ) // ' using your paypal account ' . $paymentBasket->payer_email
. ' ' . $payClass->getTxtNextStep( $paymentBasket );
// . "Your payment is currently being processed. "
// . "A receipt for your purchase will be emailed to you by PayPal once processing is complete. "
// . "You may log into your account at www.paypal.com to view status details of this transaction.</p>\n";
break;
case 'RegistrationCancelled':
$newMsg = $payClass->getTxtNextStep( $paymentBasket );
break;
case 'FreeTrial':
$newMsg = CBPTXT::Th("Thank you for subscribing to") . ' ' . $paymentBasket->item_name . '.'
. ' ' . $payClass->getTxtNextStep( $paymentBasket );
break;
case null:
$newMsg = CBPTXT::T("Payment basket does not exist.");
break;
case 'NotInitiated':
$newMsg = '';
break;
case 'RedisplayOriginalBasket':
if ( $paymentBasket->load( (int) $paymentBasket->id ) && ( $paymentBasket->payment_status == 'NotInitiated' ) ) {
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
}
$newMsg = '';
break;
case 'Processed':
case 'Denied':
case 'Reversed':
case 'Refunded':
case 'Partially-Refunded':
default:
$newMsg = $payClass->getTxtNextStep( $paymentBasket );
// "<p>Your transaction is not cleared and has currently following status: <strong>" . $paymentBasket->payment_status . ".</strong></p>"
// . "<p>You may log into your account at www.paypal.com to view status details of this transaction.</p>";
break;
}
if ( in_array( $paymentBasket->payment_status, array( 'Completed', 'Pending' ) ) ) {
$subscriptions = $paymentBasket->getSubscriptions();
$texts = array(); // avoid repeating several times identical texts:
if ( is_array( $subscriptions ) ) {
foreach ( $subscriptions as $sub ) {
/** @var $sub cbpaidSomething */
$thankYouParam = ( $paymentBasket->payment_status == 'Completed') ? 'thankyoutextcompleted' : 'thankyoutextpending';
$thankYouText = $sub->getPersonalized( $thankYouParam, true );
if ( $thankYouText && ! in_array( $thankYouText, $texts ) ) {
$texts[] = $thankYouText;
if ( strpos( $thankYouText, '<' ) === false ) {
$msgTag = 'p';
} else {
$msgTag = 'div';
}
$newMsg .= '<' . $msgTag . ' class="cbregThanks" id="cbregThanks' . $sub->plan_id . '">' . $thankYouText . '</' . $msgTag . ">\n";
}
}
}
}
if ( $newMsg ) {
$return .= '<div>' . $newMsg . '</div>';
}
if ( $paid && ( $_CB_framework->myId() < 1 ) && ( cbGetParam( $_REQUEST, 'user', 0 ) == $paymentBasket->user_id ) ) {
$_CB_database->setQuery( "SELECT * FROM #__comprofiler c, #__users u WHERE c.id=u.id AND c.id=".(int) $paymentBasket->user_id );
if ( $_CB_database->loadObject( $user ) && ( $user->lastvisitDate == '0000-00-00 00:00:00' ) ) {
$return = '<p>' . implode( '', getActivationMessage( $user, 'UserRegistration' ) ) . '</p>' . $return;
}
}
}
}
} else {
cbNotAuth();
return ' ' . CBPTXT::T("No result.");
}
if ( $allowHumanHtmlOutput ) {
$allErrorMsgs = $this->base->getErrorMSG( '</div><div class="error">' );
if ( $allErrorMsgs ) {
$errorMsg = '<div class="error">' . $allErrorMsgs . '</div>';
} else {
$errorMsg = null;
}
/** @var string $return */
if ( ( $return == '' ) && ( $errorMsg ) ) {
$this->base->outputRegTemplate();
$return = $errorMsg . '<br /><br />' . $return;
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, '' );
} else {
$return = $errorMsg . $return;
}
}
if ( ! is_null( $oldignoreuserabort ) ) {
ignore_user_abort($oldignoreuserabort);
}
return $return;
}
/**
* Creates a new (or loads an existing) subscription, and if it's non-free:
* Creates a payment basket if there is not already one
* ---- and then displays payment processing mask, button, or redirects
* If it's free: activates account and does not return anything.
*
* @param UserTable $user
* @param cbpaidPaymentBasket $paymentBasket
* @param string $introText
* @param boolean $ajax TRUE if AJAX refresh inside #cbregPayMethodsChoice, FALSE: wraps in <div id="cbregPayMethodsChoice">
* @return string HTML to display
* @access private
*/
public static function showBasketForPayment( &$user, &$paymentBasket, $introText, $ajax = false ) {
$result = null;
if ( ( $paymentBasket !== null ) && ( $paymentBasket->id ) ) {
$paymentStatus = $paymentBasket->payment_status;
if ( ( $paymentStatus === null ) || ( $paymentStatus == 'NotInitiated' ) ) {
// unused basket: display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$result .= cbpaidControllerPaychoices::getInstance()->getPaymentBasketPaymentForm( $user, $paymentBasket, $introText, $ajax );
} elseif ( $paymentStatus == 'Completed' ) {
$result .= '<p>' . CBPTXT::T("The most recent payment for this item got payment Completed in the mean time.") . '</p>';
} elseif ( $paymentStatus == 'Pending' ) {
$result .= sprintf( CBPTXT::T("Payment of this item has currently payment status '%s'") . '. ', $paymentStatus );
if ( $paymentBasket->pending_reason ) {
$result .= '<p>';
if ( $paymentBasket->payment_type ) {
$result .= sprintf( CBPTXT::T("The payment of type '%s' is pending due to reason: '%s'") . '.', $paymentBasket->payment_type, $paymentBasket->pending_reason );
} else {
$result .= sprintf( CBPTXT::T("The payment is pending due to reason: '%s'") . '.', $paymentBasket->pending_reason );
}
$result .= '</p>';
}
$result .= CBPTXT::T("Please check with your payment provider") . ': '
. CBPTXT::T("Some payments, using E-checks or bank transfers in particular, may take up to several days to complete.");
} else {
$result .= '<p>' . sprintf( CBPTXT::T("The most recent payment for this item has currently payment status '%s'."), $paymentStatus ) . '</p>';
}
} else {
$result = null; // $paymentBasket === null : nothing to show (maybe due to a free subscription) !
}
return $result;
}
/**
* Creates a cbpaidGatewaySelectorButton object for just changing the currency after asking for confirmation to change currency
*
* @param cbpaidPaymentBasket $paymentBasket
* @param string $newCurrency
* @param string $customImage
* @param string $altText
* @param string $titleText
* @param string $payNameForCssClass
* @param string $butId
* @return cbpaidGatewaySelectorButton
*/
public static function getChangeOfCurrencyButton($paymentBasket, $newCurrency, $customImage, $altText, $titleText, $payNameForCssClass, $butId)
{
list($pspUrl, $requestParams, $currencyInputName) = cbpaidControllerPaychoices::getCurrencyChangeFormParams($paymentBasket);
$requestParams[$currencyInputName] = $newCurrency;
$requestParams[cbSpoofField()] = cbSpoofString(null, 'plugin');
return self::getPaymentButton(null, null, null, cbSef($pspUrl, false), $requestParams, $customImage, $altText, $titleText, $payNameForCssClass, $butId);
}
