public static function updateCustomer() { global $db; global $config; // $encrypted_credit_card_number = ''; $is_new_cc_num = $_POST['credit_card_number_new'] != ''; $sql = "UPDATE \n " . TB_PREFIX . "customers \n SET \n name = :name,\n attention = :attention,\n street_address = :street_address,\n street_address2 = :street_address2,\n city = :city,\n state = :state,\n zip_code = :zip_code,\n country = :country,\n phone = :phone,\n mobile_phone = :mobile_phone,\n fax = :fax,\n email = :email,\n credit_card_holder_name = :credit_card_holder_name,\n " . ($is_new_cc_num ? 'credit_card_number = :credit_card_number,' : '') . "\n credit_card_expiry_month = :credit_card_expiry_month,\n credit_card_expiry_year = :credit_card_expiry_year,\n notes = :notes,\n parent_customer_id = :parent_customer_id,\n custom_field1 = :custom_field1,\n custom_field2 = :custom_field2,\n custom_field3 = :custom_field3,\n custom_field4 = :custom_field4,\n enabled = :enabled\n WHERE\n id = :id"; if ($is_new_cc_num) { $credit_card_number = $_POST['credit_card_number_new']; //cc $enc = new encryption(); $key = $config->encryption->default->key; $encrypted_credit_card_number = $enc->encrypt($key, $credit_card_number); return $db->query($sql, ':name', $_POST[name], ':attention', $_POST[attention], ':street_address', $_POST[street_address], ':street_address2', $_POST[street_address2], ':city', $_POST[city], ':state', $_POST[state], ':zip_code', $_POST[zip_code], ':country', $_POST[country], ':phone', $_POST[phone], ':mobile_phone', $_POST[mobile_phone], ':fax', $_POST[fax], ':email', $_POST[email], ':notes', $_POST[notes], ':credit_card_number', $encrypted_credit_card_number, ':credit_card_holder_name', $_POST[credit_card_holder_name], ':credit_card_expiry_month', $_POST[credit_card_expiry_month], ':credit_card_expiry_year', $_POST[credit_card_expiry_year], ':parent_customer_id', $_POST['parent_customer_id'], ':custom_field1', $_POST[custom_field1], ':custom_field2', $_POST[custom_field2], ':custom_field3', $_POST[custom_field3], ':custom_field4', $_POST[custom_field4], ':enabled', $_POST['enabled'], ':id', $_GET['id']); } else { return $db->query($sql, ':name', $_POST[name], ':attention', $_POST[attention], ':street_address', $_POST[street_address], ':street_address2', $_POST[street_address2], ':city', $_POST[city], ':state', $_POST[state], ':zip_code', $_POST[zip_code], ':country', $_POST[country], ':phone', $_POST[phone], ':mobile_phone', $_POST[mobile_phone], ':fax', $_POST[fax], ':email', $_POST[email], ':notes', $_POST[notes], ':credit_card_holder_name', $_POST[credit_card_holder_name], ':credit_card_expiry_month', $_POST[credit_card_expiry_month], ':credit_card_expiry_year', $_POST[credit_card_expiry_year], ':parent_customer_id', $_POST['parent_customer_id'], ':custom_field1', $_POST[custom_field1], ':custom_field2', $_POST[custom_field2], ':custom_field3', $_POST[custom_field3], ':custom_field4', $_POST[custom_field4], ':enabled', $_POST['enabled'], ':id', $_GET['id']); } }
if ($type != 'i' && ($_POST['i_short_name'] || $_POST['address']['im']['primary_name'])) { // is null $crmInfo = new i(); $crmInfo->auto_field = $cInfo->type == 'v' ? 'next_vend_id_num' : 'next_cust_id_num'; $crmInfo->dept_rep_id = $cInfo->id; // error check contact $error = $crmInfo->data_complete($error); if (!$error) { $crmInfo->save_contact(); $crmInfo->save_addres(); } } // payment fields if (ENABLE_ENCRYPTION && $_POST['payment_cc_name'] && $_POST['payment_cc_number']) { // save payment info $encrypt = new encryption(); $cc_info = array('name' => db_prepare_input($_POST['payment_cc_name']), 'number' => db_prepare_input($_POST['payment_cc_number']), 'exp_mon' => db_prepare_input($_POST['payment_exp_month']), 'exp_year' => db_prepare_input($_POST['payment_exp_year']), 'cvv2' => db_prepare_input($_POST['payment_cc_cvv2'])); if ($enc_value = $encrypt->encrypt_cc($cc_info)) { $payment_array = array('hint' => $enc_value['hint'], 'module' => 'contacts', 'enc_value' => $enc_value['encoded'], 'ref_1' => $cInfo->id, 'ref_2' => $cInfo->address[$type . 'm']['address_id'], 'exp_date' => $enc_value['exp_date']); db_perform(TABLE_DATA_SECURITY, $payment_array, $_POST['payment_id'] ? 'update' : 'insert', 'id = ' . $_POST['payment_id']); } else { $error = true; } } // Check attachments $result = $db->Execute("select attachments from " . TABLE_CONTACTS . " where id = {$id}"); $attachments = $result->fields['attachments'] ? unserialize($result->fields['attachments']) : array(); $image_id = 0; while ($image_id < 100) { // up to 100 images if (isset($_POST['rm_attach_' . $image_id])) {
function encrypt_payment($method, $card_key_pos = false) { $encrypt = new encryption(); $cc_info = array(); $cc_info['name'] = isset($_POST[$method . '_field_0']) ? db_prepare_input($_POST[$method . '_field_0']) : ''; $cc_info['number'] = isset($_POST[$method . '_field_1']) ? db_prepare_input($_POST[$method . '_field_1']) : ''; $cc_info['exp_mon'] = isset($_POST[$method . '_field_2']) ? db_prepare_input($_POST[$method . '_field_2']) : ''; $cc_info['exp_year'] = isset($_POST[$method . '_field_3']) ? db_prepare_input($_POST[$method . '_field_3']) : ''; $cc_info['cvv2'] = isset($_POST[$method . '_field_4']) ? db_prepare_input($_POST[$method . '_field_4']) : ''; $cc_info['alt1'] = isset($_POST[$method . '_field_5']) ? db_prepare_input($_POST[$method . '_field_5']) : ''; $cc_info['alt2'] = isset($_POST[$method . '_field_6']) ? db_prepare_input($_POST[$method . '_field_6']) : ''; if (!($enc_value = $encrypt->encrypt_cc($cc_info))) { return false; } $payment_array = array('hint' => $enc_value['hint'], 'module' => 'contacts', 'enc_value' => $enc_value['encoded'], 'ref_1' => $this->bill_acct_id, 'ref_2' => $this->bill_address_id, 'exp_date' => $enc_value['exp_date']); db_perform(TABLE_DATA_SECURITY, $payment_array, $this->payment_id ? 'update' : 'insert', 'id = ' . $this->payment_id); return true; }
public function payment() { global $config; global $logger; //set customer,biller and preference if not defined if (empty($this->customer)) { $this->customer = getCustomer($this->invoice['customer_id'], $this->domain_id); } if (empty($this->biller)) { $this->biller = getBiller($this->invoice['biller_id'], $this->domain_id); } if (empty($this->preference)) { $this->preference = getPreference($this->invoice['preference_id'], $this->domain_id); } $eway = new ewaylib($this->biller['eway_customer_id'], 'REAL_TIME', false); //Eway only accepts amount in cents - so times 100 $value = $this->invoice['total'] * 100; $eway_invoice_total = htmlsafe(trim($value)); $logger->log("eway total: " . $eway_invoice_total, Zend_Log::INFO); $enc = new encryption(); $key = $config->encryption->default->key; $credit_card_number = $enc->decrypt($key, $this->customer['credit_card_number']); $eway->setTransactionData("TotalAmount", $eway_invoice_total); //mandatory field $eway->setTransactionData("CustomerFirstName", $this->customer['name']); $eway->setTransactionData("CustomerLastName", ""); $eway->setTransactionData("CustomerAddress", ""); $eway->setTransactionData("CustomerPostcode", ""); $eway->setTransactionData("CustomerInvoiceDescription", ""); $eway->setTransactionData("CustomerEmail", $this->customer['email']); $eway->setTransactionData("CustomerInvoiceRef", $this->invoice['index_name']); $eway->setTransactionData("CardHoldersName", $this->customer['credit_card_holder_name']); //mandatory field $eway->setTransactionData("CardNumber", $credit_card_number); //mandatory field $eway->setTransactionData("CardExpiryMonth", $this->customer['credit_card_expiry_month']); //mandatory field $eway->setTransactionData("CardExpiryYear", $this->customer['credit_card_expiry_year']); //mandatory field $eway->setTransactionData("Option1", ""); $eway->setTransactionData("Option2", ""); $eway->setTransactionData("Option3", ""); $eway->setTransactionData("TrxnNumber", $this->invoice['id']); //special preferences for php Curl //pass a long set to zero value stops curl from verifying peer's certificate $eway->setCurlPreferences(CURLOPT_SSL_VERIFYPEER, 0); $ewayResponseFields = $eway->doPayment(); $this->message = $ewayResponseFields; $message = ""; if ($ewayResponseFields["EWAYTRXNSTATUS"] == "False") { $logger->log("Transaction Error: " . $ewayResponseFields["EWAYTRXNERROR"] . "<br>\n", Zend_Log::INFO); foreach ($ewayResponseFields as $key => $value) { $message .= "\n<br>\$ewayResponseFields[\"{$key}\"] = {$value}"; } $logger->log("Eway message: " . $message . "<br>\n", Zend_Log::INFO); //header("Location: trasnactionerrorpage.php"); //exit(); $return = 'false'; } else { if ($ewayResponseFields["EWAYTRXNSTATUS"] == "True") { $logger->log("Transaction Success: " . $ewayResponseFields["EWAYTRXNERROR"] . "<br>\n", Zend_Log::INFO); foreach ($ewayResponseFields as $key => $value) { $message .= "\n<br>\$ewayResponseFields[\"{$key}\"] = {$value}"; } $logger->log("Eway message: " . $message . "<br>\n", Zend_Log::INFO); //header("Location: trasnactionsuccess.php"); //exit(); $payment = new payment(); $payment->ac_inv_id = $this->invoice['id']; #$payment->ac_inv_id = $_POST['invoice']; $payment->ac_amount = $this->invoice['total']; #$payment->ac_amount = $ewayResponseFields['EWAYRETURNAMOUNT']/100; #$payment->ac_amount = $_POST['mc_gross']; $payment->ac_notes = $message; $payment->ac_date = date('Y-m-d'); $payment->online_payment_id = $ewayResponseFields['EWAYTRXNNUMBER']; $payment->domain_id = $this->domain_id; $payment_type = new payment_type(); $payment_type->type = "Eway"; $payment_type->domain_id = $this->domain_id; $payment->ac_payment_type = $payment_type->select_or_insert_where(); $logger->log('Paypal - payment_type=' . $payment->ac_payment_type, Zend_Log::INFO); $payment->insert(); #echo $db->lastInsertID(); $return = 'true'; } } return $return; }
function insertCustomer() { global $config; $domain_id = domain_id::get(); extract($_POST); $sql = "INSERT INTO \n\t\t\t" . TB_PREFIX . "customers\n\t\t\t(\n\t\t\t\tdomain_id, attention, name, department, street_address, street_address2,\n\t\t\t\tcity, state, zip_code, country, phone, mobile_phone,\n\t\t\t\tfax, email, notes,\n\t\t\t\tcredit_card_holder_name, credit_card_number,\n\t\t\t\tcredit_card_expiry_month, credit_card_expiry_year, \n\t\t\t\tcustom_field1, custom_field2,\n\t\t\t\tcustom_field3, custom_field4, enabled\n\t\t\t)\n\t\t\tVALUES \n\t\t\t(\n\t\t\t\t:domain_id ,:attention, :name, :department, :street_address, :street_address2,\n\t\t\t\t:city, :state, :zip_code, :country, :phone, :mobile_phone,\n\t\t\t\t:fax, :email, :notes, \n\t\t\t\t:credit_card_holder_name, :credit_card_number,\n\t\t\t\t:credit_card_expiry_month, :credit_card_expiry_year, \n\t\t\t\t:custom_field1, :custom_field2,\n\t\t\t\t:custom_field3, :custom_field4, :enabled\n\t\t\t)"; //cc $enc = new encryption(); $key = $config->encryption->default->key; $encrypted_credit_card_number = $enc->encrypt($key, $credit_card_number); return dbQuery($sql, ':attention', $attention, ':name', $name, ':department', $department, ':street_address', $street_address, ':street_address2', $street_address2, ':city', $city, ':state', $state, ':zip_code', $zip_code, ':country', $country, ':phone', $phone, ':mobile_phone', $mobile_phone, ':fax', $fax, ':email', $email, ':notes', $notes, ':credit_card_holder_name', $credit_card_holder_name, ':credit_card_number', $encrypted_credit_card_number, ':credit_card_expiry_month', $credit_card_expiry_month, ':credit_card_expiry_year', $credit_card_expiry_year, ':custom_field1', $custom_field1, ':custom_field2', $custom_field2, ':custom_field3', $custom_field3, ':custom_field4', $custom_field4, ':enabled', $enabled, ':domain_id', $domain_id); }
$message[] = ACT_ERROR_CANNOT_DELETE; } } else { // just delete the address $db->Execute('delete from ' . TABLE_ADDRESS_BOOK . " where address_id = {$id}"); } $message[] = 'The record was successfully deleted!'; $xml .= xmlEntry('address_id', $id); break; case 'get_payment': $id = $_GET['pID']; $result = $db->Execute("select id, hint, enc_value from " . TABLE_DATA_SECURITY . " where id = {$id} limit 1"); if ($result->RecordCount() < 1) { $message[] = sprintf('The record could not be found! Looking for id = %s', $id); } else { $enc_data = new encryption(); $data = $enc_data->decrypt($_SESSION['admin_encrypt'], $result->fields['enc_value']); $fields = explode(':', $data); if (strlen($fields[3]) == 2) { $fields[3] = '20' . $fields[3]; } // make sure year is 4 digits $xml .= "<PaymentMethod>\n"; $xml .= xmlEntry("payment_id", $result->fields['id']); $xml .= xmlEntry("payment_hint", $result->fields['hint']); for ($i = 0; $i < sizeof($fields); $i++) { $xml .= xmlEntry("field_" . $i, $fields[$i]); } $xml .= "</PaymentMethod>\n"; } break;
function encrypt_payment($method) { global $messageStack; $encrypt = new encryption(); $cc_info = array(); $cc_info['name'] = $method['f0']; $cc_info['number'] = $method['f1']; $cc_info['exp_mon'] = $method['f2']; $cc_info['exp_year'] = $method['f3']; $cc_info['cvv2'] = $method['f4']; $cc_info['alt1'] = $method['f5']; $cc_info['alt2'] = $method['f6']; if (!($enc_value = $encrypt->encrypt_cc($cc_info))) { return false; } $payment_array = array('hint' => $enc_value['hint'], 'module' => 'contacts', 'enc_value' => $enc_value['encoded'], 'ref_1' => $this->bill_acct_id, 'ref_2' => $this->bill_address_id, 'exp_date' => $enc_value['exp_date']); db_perform(TABLE_DATA_SECURITY, $payment_array, $this->payment_id ? 'update' : 'insert', 'id = ' . $this->payment_id); return true; }
/** * Update a customer * * @param mixed $data * @param mixed $id * @return int */ public function update(array $data, $id) { $auth_session = Zend_Registry::get('auth_session'); $where = array(); $where[] = $this->getAdapter()->quoteInto('id = ?', $id); $where[] = $this->getAdapter()->quoteInto('domain_id = ?', $auth_session->domain_id); // IF Credit Card Number is present it must be cyphered if (array_key_exists('credit_card_number', $data)) { if (!empty($data['credit_card_number'])) { $config = Zend_Registry::get('config'); $enc = new encryption(); $key = $config->encryption->default->key; $data['credit_card_number'] = $enc->encrypt($key, $data['credit_card_number']); } } return parent::update($data, $where); }
<?php defined('SYSPATH') or die('No direct script access.'); /** * @package guestPlus * @category View * @Date 09-July-2015 * @author Roopam */ $encrypt = new encryption(); $url_load_data_for_guest_grid = BASEURL . "index.php" . $encrypt->encode('guestPlus/guestentialIndex/load_data_for_guestential_list'); ?> <html> <head> <title><?php echo __('GUEST', array(), '', $language_file_path); ?> </title> <?php echo HTML::style('public/ext/resources/css/default/app.css'); echo HTML::script('public/ext/ext-all.js'); ?> </head> <script language="javascript"> Ext.onReady(function(){ function complete_text_show(val) { return '<div style="white-space:normal !important;">'+ val +'</div>';
public function getContact() { global $db, $messageStack; if ($this->id == '' && !$this->aid == '') { $result = $db->Execute("select * from " . TABLE_ADDRESS_BOOK . " where address_id = {$this->aid} "); $this->id = $result->fields['ref_id']; } // Load contact info, including custom fields $result = $db->Execute("select * from " . TABLE_CONTACTS . " where id = {$this->id}"); foreach ($result->fields as $key => $value) { $this->{$key} = $value; } // expand attachments $this->attachments = $result->fields['attachments'] ? unserialize($result->fields['attachments']) : array(); // Load the address book $result = $db->Execute("select * from " . TABLE_ADDRESS_BOOK . " where ref_id = {$this->id} order by primary_name"); $this->address = array(); while (!$result->EOF) { $type = substr($result->fields['type'], 1); $this->address_book[$type][] = new objectInfo($result->fields); if ($type == 'm') { // prefill main address foreach ($result->fields as $key => $value) { $this->address[$result->fields['type']][$key] = $value; } } $result->MoveNext(); } // load payment info if ($_SESSION['admin_encrypt'] && ENABLE_ENCRYPTION) { $result = $db->Execute("select id, hint, enc_value from " . TABLE_DATA_SECURITY . " where module='contacts' and ref_1={$this->id}"); $encrypt = new encryption(); while (!$result->EOF) { if (!($values = $encrypt->decrypt($_SESSION['admin_encrypt'], $result->fields['enc_value']))) { $error = $messageStack->add('Encryption error - ' . implode('. ', $encrypt->errors), 'error'); } $val = explode(':', $values); $this->payment_data[] = array('id' => $result->fields['id'], 'name' => $val[0], 'hint' => $result->fields['hint'], 'exp' => $val[2] . '/' . $val[3]); $result->MoveNext(); } } // load contacts info $result = $db->Execute("select * from " . TABLE_CONTACTS . " where dept_rep_id={$this->id}"); $this->contacts = array(); while (!$result->EOF) { $cObj = new objectInfo(); foreach ($result->fields as $key => $value) { $cObj->{$key} = $value; } $addRec = $db->Execute("select * from " . TABLE_ADDRESS_BOOK . " where type='im' and ref_id=" . $result->fields['id']); $cObj->address['m'][] = new objectInfo($addRec->fields); $this->contacts[] = $cObj; //unserialize(serialize($cObj)); // load crm notes $logs = $db->Execute("select * from " . TABLE_CONTACTS_LOG . " where contact_id = " . $result->fields['id'] . " order by log_date desc"); while (!$logs->EOF) { $this->crm_log[] = new objectInfo($logs->fields); $logs->MoveNext(); } $result->MoveNext(); } // load crm notes $result = $db->Execute("select * from " . TABLE_CONTACTS_LOG . " where contact_id = {$this->id} order by log_date desc"); while (!$result->EOF) { $this->crm_log[] = new objectInfo($result->fields); $result->MoveNext(); } }
$accounts->fields[$add_type . '_address'][] = array('address_id' => $accounts->fields['address_id'], 'primary_name' => $accounts->fields['primary_name'], 'contact' => $accounts->fields['contact'], 'address1' => $accounts->fields['address1'], 'address2' => $accounts->fields['address2'], 'city_town' => $accounts->fields['city_town'], 'state_province' => $accounts->fields['state_province'], 'postal_code' => $accounts->fields['postal_code'], 'country_code' => $accounts->fields['country_code'], 'telephone1' => $accounts->fields['telephone1'], 'telephone2' => $accounts->fields['telephone2'], 'telephone3' => $accounts->fields['telephone3'], 'telephone4' => $accounts->fields['telephone4'], 'email' => $accounts->fields['email'], 'website' => $accounts->fields['website'], 'notes' => $accounts->fields['notes'], 'hint' => $hint); $contact_js .= contacts_add_address_info($accounts->fields['address_id'], $accounts->fields); $idx++; if (substr($add_type, 1, 1) == 'm') { // pull some special information since it's the main address $edit_text = $accounts->fields['primary_name'] . ' (' . $accounts->fields['short_name'] . ')'; $accounts->fields[$add_type . '_notes'] = $accounts->fields['notes']; } $accounts->MoveNext(); } // load payment info if ($_SESSION['admin_encrypt']) { $result = $db->Execute("select id, hint, enc_value from " . TABLE_DATA_SECURITY . " where module='contacts' and ref_1 = " . $id); $js_pmt_array = "var js_pmt_array = new Array(" . $result->RecordCount() . ");" . chr(10); $cnt = 0; $encrypt = new encryption(); while (!$result->EOF) { if (!($values = $encrypt->decrypt($_SESSION['admin_encrypt'], $result->fields['enc_value']))) { $messageStack->add('Encryption error - ' . implode('. ', $encrypt->errors), 'error'); $error = true; } $val = explode(':', $values); $js_pmt_array .= 'js_pmt_array[' . $cnt . '] = new pmtRecord("' . $result->fields['id'] . '", "' . $result->fields['hint'] . '", "' . $val[0] . '", "' . $val[1] . '", "' . $val[2] . '", "' . $val[3] . '", "' . $val[4] . '");' . chr(10); $accounts->fields['pmt_values'][] = array('id' => $result->fields['id'], 'name' => $val[0], 'hint' => $result->fields['hint'], 'exp' => $val[2] . '/' . $val[3]); $cnt++; $result->MoveNext(); } } $cInfo = new objectInfo($accounts->fields); if ($error) { // do this if action was save and error occurred, regen post input
function encrypt_payment($module, $card_key_pos = false) { global $db, $messageStack; if (strlen($_SESSION['admin_encrypt']) > 1) { $tmp = array(); $cnt = 0; $hint_val = false; while (true) { if (!isset($_POST[$module . '_field_' . $cnt])) { break; } $tmp[] = db_prepare_input($_POST[$module . '_field_' . $cnt]); if ($cnt === $card_key_pos) { $hint_val = trim(db_prepare_input($_POST[$module . '_field_' . $cnt])); } $cnt++; } if (sizeof($tmp) > 0) { require_once DIR_FS_MODULES . 'general/classes/encryption.php'; $hint = ''; if ($hint_val) { $hint = substr($hint_val, 0, 1); for ($a = 0; $a < strlen($hint_val) - 5; $a++) { $hint .= '*'; } $hint .= substr($hint_val, -4); } $encrypt = new encryption(); if (!($enc_value = $encrypt->encrypt($_SESSION['admin_encrypt'], implode(':', $tmp), 128))) { $messageStack->add('Encryption error - ' . implode('. ', $encrypt->errors), 'error'); return false; } $encryption_array = array('hint' => $hint, 'module' => 'contacts', 'enc_value' => $enc_value, 'ref_1' => $this->bill_acct_id, 'ref_2' => $this->bill_address_id); if ($this->payment_id) { db_perform(TABLE_DATA_SECURITY, $encryption_array, 'update', 'id = ' . $this->payment_id); } else { db_perform(TABLE_DATA_SECURITY, $encryption_array, 'insert'); } } } else { $messageStack->add(BNK_PAYMENT_NOT_SAVED, 'error'); return false; } return true; }