public static function updateCustomer()
{
global $db;
global $config;
// $encrypted_credit_card_number = '';
$is_new_cc_num = $_POST['credit_card_number_new'] != '';
$sql = "UPDATE \n " . TB_PREFIX . "customers \n SET \n name = :name,\n attention = :attention,\n street_address = :street_address,\n street_address2 = :street_address2,\n city = :city,\n state = :state,\n zip_code = :zip_code,\n country = :country,\n phone = :phone,\n mobile_phone = :mobile_phone,\n fax = :fax,\n email = :email,\n credit_card_holder_name = :credit_card_holder_name,\n " . ($is_new_cc_num ? 'credit_card_number = :credit_card_number,' : '') . "\n credit_card_expiry_month = :credit_card_expiry_month,\n credit_card_expiry_year = :credit_card_expiry_year,\n notes = :notes,\n parent_customer_id = :parent_customer_id,\n custom_field1 = :custom_field1,\n custom_field2 = :custom_field2,\n custom_field3 = :custom_field3,\n custom_field4 = :custom_field4,\n enabled = :enabled\n WHERE\n id = :id";
if ($is_new_cc_num) {
$credit_card_number = $_POST['credit_card_number_new'];
//cc
$enc = new encryption();
$key = $config->encryption->default->key;
$encrypted_credit_card_number = $enc->encrypt($key, $credit_card_number);
return $db->query($sql, ':name', $_POST[name], ':attention', $_POST[attention], ':street_address', $_POST[street_address], ':street_address2', $_POST[street_address2], ':city', $_POST[city], ':state', $_POST[state], ':zip_code', $_POST[zip_code], ':country', $_POST[country], ':phone', $_POST[phone], ':mobile_phone', $_POST[mobile_phone], ':fax', $_POST[fax], ':email', $_POST[email], ':notes', $_POST[notes], ':credit_card_number', $encrypted_credit_card_number, ':credit_card_holder_name', $_POST[credit_card_holder_name], ':credit_card_expiry_month', $_POST[credit_card_expiry_month], ':credit_card_expiry_year', $_POST[credit_card_expiry_year], ':parent_customer_id', $_POST['parent_customer_id'], ':custom_field1', $_POST[custom_field1], ':custom_field2', $_POST[custom_field2], ':custom_field3', $_POST[custom_field3], ':custom_field4', $_POST[custom_field4], ':enabled', $_POST['enabled'], ':id', $_GET['id']);
} else {
return $db->query($sql, ':name', $_POST[name], ':attention', $_POST[attention], ':street_address', $_POST[street_address], ':street_address2', $_POST[street_address2], ':city', $_POST[city], ':state', $_POST[state], ':zip_code', $_POST[zip_code], ':country', $_POST[country], ':phone', $_POST[phone], ':mobile_phone', $_POST[mobile_phone], ':fax', $_POST[fax], ':email', $_POST[email], ':notes', $_POST[notes], ':credit_card_holder_name', $_POST[credit_card_holder_name], ':credit_card_expiry_month', $_POST[credit_card_expiry_month], ':credit_card_expiry_year', $_POST[credit_card_expiry_year], ':parent_customer_id', $_POST['parent_customer_id'], ':custom_field1', $_POST[custom_field1], ':custom_field2', $_POST[custom_field2], ':custom_field3', $_POST[custom_field3], ':custom_field4', $_POST[custom_field4], ':enabled', $_POST['enabled'], ':id', $_GET['id']);
}
}
if ($type != 'i' && ($_POST['i_short_name'] || $_POST['address']['im']['primary_name'])) {
// is null
$crmInfo = new i();
$crmInfo->auto_field = $cInfo->type == 'v' ? 'next_vend_id_num' : 'next_cust_id_num';
$crmInfo->dept_rep_id = $cInfo->id;
// error check contact
$error = $crmInfo->data_complete($error);
if (!$error) {
$crmInfo->save_contact();
$crmInfo->save_addres();
}
}
// payment fields
if (ENABLE_ENCRYPTION && $_POST['payment_cc_name'] && $_POST['payment_cc_number']) {
// save payment info
$encrypt = new encryption();
$cc_info = array('name' => db_prepare_input($_POST['payment_cc_name']), 'number' => db_prepare_input($_POST['payment_cc_number']), 'exp_mon' => db_prepare_input($_POST['payment_exp_month']), 'exp_year' => db_prepare_input($_POST['payment_exp_year']), 'cvv2' => db_prepare_input($_POST['payment_cc_cvv2']));
if ($enc_value = $encrypt->encrypt_cc($cc_info)) {
$payment_array = array('hint' => $enc_value['hint'], 'module' => 'contacts', 'enc_value' => $enc_value['encoded'], 'ref_1' => $cInfo->id, 'ref_2' => $cInfo->address[$type . 'm']['address_id'], 'exp_date' => $enc_value['exp_date']);
db_perform(TABLE_DATA_SECURITY, $payment_array, $_POST['payment_id'] ? 'update' : 'insert', 'id = ' . $_POST['payment_id']);
} else {
$error = true;
}
}
// Check attachments
$result = $db->Execute("select attachments from " . TABLE_CONTACTS . " where id = {$id}");
$attachments = $result->fields['attachments'] ? unserialize($result->fields['attachments']) : array();
$image_id = 0;
while ($image_id < 100) {
// up to 100 images
if (isset($_POST['rm_attach_' . $image_id])) {
function encrypt_payment($method, $card_key_pos = false)
{
$encrypt = new encryption();
$cc_info = array();
$cc_info['name'] = isset($_POST[$method . '_field_0']) ? db_prepare_input($_POST[$method . '_field_0']) : '';
$cc_info['number'] = isset($_POST[$method . '_field_1']) ? db_prepare_input($_POST[$method . '_field_1']) : '';
$cc_info['exp_mon'] = isset($_POST[$method . '_field_2']) ? db_prepare_input($_POST[$method . '_field_2']) : '';
$cc_info['exp_year'] = isset($_POST[$method . '_field_3']) ? db_prepare_input($_POST[$method . '_field_3']) : '';
$cc_info['cvv2'] = isset($_POST[$method . '_field_4']) ? db_prepare_input($_POST[$method . '_field_4']) : '';
$cc_info['alt1'] = isset($_POST[$method . '_field_5']) ? db_prepare_input($_POST[$method . '_field_5']) : '';
$cc_info['alt2'] = isset($_POST[$method . '_field_6']) ? db_prepare_input($_POST[$method . '_field_6']) : '';
if (!($enc_value = $encrypt->encrypt_cc($cc_info))) {
return false;
}
$payment_array = array('hint' => $enc_value['hint'], 'module' => 'contacts', 'enc_value' => $enc_value['encoded'], 'ref_1' => $this->bill_acct_id, 'ref_2' => $this->bill_address_id, 'exp_date' => $enc_value['exp_date']);
db_perform(TABLE_DATA_SECURITY, $payment_array, $this->payment_id ? 'update' : 'insert', 'id = ' . $this->payment_id);
return true;
}
public function payment()
{
global $config;
global $logger;
//set customer,biller and preference if not defined
if (empty($this->customer)) {
$this->customer = getCustomer($this->invoice['customer_id'], $this->domain_id);
}
if (empty($this->biller)) {
$this->biller = getBiller($this->invoice['biller_id'], $this->domain_id);
}
if (empty($this->preference)) {
$this->preference = getPreference($this->invoice['preference_id'], $this->domain_id);
}
$eway = new ewaylib($this->biller['eway_customer_id'], 'REAL_TIME', false);
//Eway only accepts amount in cents - so times 100
$value = $this->invoice['total'] * 100;
$eway_invoice_total = htmlsafe(trim($value));
$logger->log("eway total: " . $eway_invoice_total, Zend_Log::INFO);
$enc = new encryption();
$key = $config->encryption->default->key;
$credit_card_number = $enc->decrypt($key, $this->customer['credit_card_number']);
$eway->setTransactionData("TotalAmount", $eway_invoice_total);
//mandatory field
$eway->setTransactionData("CustomerFirstName", $this->customer['name']);
$eway->setTransactionData("CustomerLastName", "");
$eway->setTransactionData("CustomerAddress", "");
$eway->setTransactionData("CustomerPostcode", "");
$eway->setTransactionData("CustomerInvoiceDescription", "");
$eway->setTransactionData("CustomerEmail", $this->customer['email']);
$eway->setTransactionData("CustomerInvoiceRef", $this->invoice['index_name']);
$eway->setTransactionData("CardHoldersName", $this->customer['credit_card_holder_name']);
//mandatory field
$eway->setTransactionData("CardNumber", $credit_card_number);
//mandatory field
$eway->setTransactionData("CardExpiryMonth", $this->customer['credit_card_expiry_month']);
//mandatory field
$eway->setTransactionData("CardExpiryYear", $this->customer['credit_card_expiry_year']);
//mandatory field
$eway->setTransactionData("Option1", "");
$eway->setTransactionData("Option2", "");
$eway->setTransactionData("Option3", "");
$eway->setTransactionData("TrxnNumber", $this->invoice['id']);
//special preferences for php Curl
//pass a long set to zero value stops curl from verifying peer's certificate
$eway->setCurlPreferences(CURLOPT_SSL_VERIFYPEER, 0);
$ewayResponseFields = $eway->doPayment();
$this->message = $ewayResponseFields;
$message = "";
if ($ewayResponseFields["EWAYTRXNSTATUS"] == "False") {
$logger->log("Transaction Error: " . $ewayResponseFields["EWAYTRXNERROR"] . "<br>\n", Zend_Log::INFO);
foreach ($ewayResponseFields as $key => $value) {
$message .= "\n<br>\$ewayResponseFields[\"{$key}\"] = {$value}";
}
$logger->log("Eway message: " . $message . "<br>\n", Zend_Log::INFO);
//header("Location: trasnactionerrorpage.php");
//exit();
$return = 'false';
} else {
if ($ewayResponseFields["EWAYTRXNSTATUS"] == "True") {
$logger->log("Transaction Success: " . $ewayResponseFields["EWAYTRXNERROR"] . "<br>\n", Zend_Log::INFO);
foreach ($ewayResponseFields as $key => $value) {
$message .= "\n<br>\$ewayResponseFields[\"{$key}\"] = {$value}";
}
$logger->log("Eway message: " . $message . "<br>\n", Zend_Log::INFO);
//header("Location: trasnactionsuccess.php");
//exit();
$payment = new payment();
$payment->ac_inv_id = $this->invoice['id'];
#$payment->ac_inv_id = $_POST['invoice'];
$payment->ac_amount = $this->invoice['total'];
#$payment->ac_amount = $ewayResponseFields['EWAYRETURNAMOUNT']/100;
#$payment->ac_amount = $_POST['mc_gross'];
$payment->ac_notes = $message;
$payment->ac_date = date('Y-m-d');
$payment->online_payment_id = $ewayResponseFields['EWAYTRXNNUMBER'];
$payment->domain_id = $this->domain_id;
$payment_type = new payment_type();
$payment_type->type = "Eway";
$payment_type->domain_id = $this->domain_id;
$payment->ac_payment_type = $payment_type->select_or_insert_where();
$logger->log('Paypal - payment_type=' . $payment->ac_payment_type, Zend_Log::INFO);
$payment->insert();
#echo $db->lastInsertID();
$return = 'true';
}
}
return $return;
}
function insertCustomer()
{
global $config;
$domain_id = domain_id::get();
extract($_POST);
$sql = "INSERT INTO \n\t\t\t" . TB_PREFIX . "customers\n\t\t\t(\n\t\t\t\tdomain_id, attention, name, department, street_address, street_address2,\n\t\t\t\tcity, state, zip_code, country, phone, mobile_phone,\n\t\t\t\tfax, email, notes,\n\t\t\t\tcredit_card_holder_name, credit_card_number,\n\t\t\t\tcredit_card_expiry_month, credit_card_expiry_year, \n\t\t\t\tcustom_field1, custom_field2,\n\t\t\t\tcustom_field3, custom_field4, enabled\n\t\t\t)\n\t\t\tVALUES \n\t\t\t(\n\t\t\t\t:domain_id ,:attention, :name, :department, :street_address, :street_address2,\n\t\t\t\t:city, :state, :zip_code, :country, :phone, :mobile_phone,\n\t\t\t\t:fax, :email, :notes, \n\t\t\t\t:credit_card_holder_name, :credit_card_number,\n\t\t\t\t:credit_card_expiry_month, :credit_card_expiry_year, \n\t\t\t\t:custom_field1, :custom_field2,\n\t\t\t\t:custom_field3, :custom_field4, :enabled\n\t\t\t)";
//cc
$enc = new encryption();
$key = $config->encryption->default->key;
$encrypted_credit_card_number = $enc->encrypt($key, $credit_card_number);
return dbQuery($sql, ':attention', $attention, ':name', $name, ':department', $department, ':street_address', $street_address, ':street_address2', $street_address2, ':city', $city, ':state', $state, ':zip_code', $zip_code, ':country', $country, ':phone', $phone, ':mobile_phone', $mobile_phone, ':fax', $fax, ':email', $email, ':notes', $notes, ':credit_card_holder_name', $credit_card_holder_name, ':credit_card_number', $encrypted_credit_card_number, ':credit_card_expiry_month', $credit_card_expiry_month, ':credit_card_expiry_year', $credit_card_expiry_year, ':custom_field1', $custom_field1, ':custom_field2', $custom_field2, ':custom_field3', $custom_field3, ':custom_field4', $custom_field4, ':enabled', $enabled, ':domain_id', $domain_id);
}
$message[] = ACT_ERROR_CANNOT_DELETE;
}
} else {
// just delete the address
$db->Execute('delete from ' . TABLE_ADDRESS_BOOK . " where address_id = {$id}");
}
$message[] = 'The record was successfully deleted!';
$xml .= xmlEntry('address_id', $id);
break;
case 'get_payment':
$id = $_GET['pID'];
$result = $db->Execute("select id, hint, enc_value from " . TABLE_DATA_SECURITY . " where id = {$id} limit 1");
if ($result->RecordCount() < 1) {
$message[] = sprintf('The record could not be found! Looking for id = %s', $id);
} else {
$enc_data = new encryption();
$data = $enc_data->decrypt($_SESSION['admin_encrypt'], $result->fields['enc_value']);
$fields = explode(':', $data);
if (strlen($fields[3]) == 2) {
$fields[3] = '20' . $fields[3];
}
// make sure year is 4 digits
$xml .= "<PaymentMethod>\n";
$xml .= xmlEntry("payment_id", $result->fields['id']);
$xml .= xmlEntry("payment_hint", $result->fields['hint']);
for ($i = 0; $i < sizeof($fields); $i++) {
$xml .= xmlEntry("field_" . $i, $fields[$i]);
}
$xml .= "</PaymentMethod>\n";
}
break;
function encrypt_payment($method)
{
global $messageStack;
$encrypt = new encryption();
$cc_info = array();
$cc_info['name'] = $method['f0'];
$cc_info['number'] = $method['f1'];
$cc_info['exp_mon'] = $method['f2'];
$cc_info['exp_year'] = $method['f3'];
$cc_info['cvv2'] = $method['f4'];
$cc_info['alt1'] = $method['f5'];
$cc_info['alt2'] = $method['f6'];
if (!($enc_value = $encrypt->encrypt_cc($cc_info))) {
return false;
}
$payment_array = array('hint' => $enc_value['hint'], 'module' => 'contacts', 'enc_value' => $enc_value['encoded'], 'ref_1' => $this->bill_acct_id, 'ref_2' => $this->bill_address_id, 'exp_date' => $enc_value['exp_date']);
db_perform(TABLE_DATA_SECURITY, $payment_array, $this->payment_id ? 'update' : 'insert', 'id = ' . $this->payment_id);
return true;
}
/**
* Update a customer
*
* @param mixed $data
* @param mixed $id
* @return int
*/
public function update(array $data, $id)
{
$auth_session = Zend_Registry::get('auth_session');
$where = array();
$where[] = $this->getAdapter()->quoteInto('id = ?', $id);
$where[] = $this->getAdapter()->quoteInto('domain_id = ?', $auth_session->domain_id);
// IF Credit Card Number is present it must be cyphered
if (array_key_exists('credit_card_number', $data)) {
if (!empty($data['credit_card_number'])) {
$config = Zend_Registry::get('config');
$enc = new encryption();
$key = $config->encryption->default->key;
$data['credit_card_number'] = $enc->encrypt($key, $data['credit_card_number']);
}
}
return parent::update($data, $where);
}
<?php
defined('SYSPATH') or die('No direct script access.');
/**
* @package guestPlus
* @category View
* @Date 09-July-2015
* @author Roopam
*/
$encrypt = new encryption();
$url_load_data_for_guest_grid = BASEURL . "index.php" . $encrypt->encode('guestPlus/guestentialIndex/load_data_for_guestential_list');
?>
<html>
<head>
<title><?php
echo __('GUEST', array(), '', $language_file_path);
?>
</title>
<?php
echo HTML::style('public/ext/resources/css/default/app.css');
echo HTML::script('public/ext/ext-all.js');
?>
</head>
<script language="javascript">
Ext.onReady(function(){
function complete_text_show(val)
{
return '<div style="white-space:normal !important;">'+ val +'</div>';
public function getContact()
{
global $db, $messageStack;
if ($this->id == '' && !$this->aid == '') {
$result = $db->Execute("select * from " . TABLE_ADDRESS_BOOK . " where address_id = {$this->aid} ");
$this->id = $result->fields['ref_id'];
}
// Load contact info, including custom fields
$result = $db->Execute("select * from " . TABLE_CONTACTS . " where id = {$this->id}");
foreach ($result->fields as $key => $value) {
$this->{$key} = $value;
}
// expand attachments
$this->attachments = $result->fields['attachments'] ? unserialize($result->fields['attachments']) : array();
// Load the address book
$result = $db->Execute("select * from " . TABLE_ADDRESS_BOOK . " where ref_id = {$this->id} order by primary_name");
$this->address = array();
while (!$result->EOF) {
$type = substr($result->fields['type'], 1);
$this->address_book[$type][] = new objectInfo($result->fields);
if ($type == 'm') {
// prefill main address
foreach ($result->fields as $key => $value) {
$this->address[$result->fields['type']][$key] = $value;
}
}
$result->MoveNext();
}
// load payment info
if ($_SESSION['admin_encrypt'] && ENABLE_ENCRYPTION) {
$result = $db->Execute("select id, hint, enc_value from " . TABLE_DATA_SECURITY . " where module='contacts' and ref_1={$this->id}");
$encrypt = new encryption();
while (!$result->EOF) {
if (!($values = $encrypt->decrypt($_SESSION['admin_encrypt'], $result->fields['enc_value']))) {
$error = $messageStack->add('Encryption error - ' . implode('. ', $encrypt->errors), 'error');
}
$val = explode(':', $values);
$this->payment_data[] = array('id' => $result->fields['id'], 'name' => $val[0], 'hint' => $result->fields['hint'], 'exp' => $val[2] . '/' . $val[3]);
$result->MoveNext();
}
}
// load contacts info
$result = $db->Execute("select * from " . TABLE_CONTACTS . " where dept_rep_id={$this->id}");
$this->contacts = array();
while (!$result->EOF) {
$cObj = new objectInfo();
foreach ($result->fields as $key => $value) {
$cObj->{$key} = $value;
}
$addRec = $db->Execute("select * from " . TABLE_ADDRESS_BOOK . " where type='im' and ref_id=" . $result->fields['id']);
$cObj->address['m'][] = new objectInfo($addRec->fields);
$this->contacts[] = $cObj;
//unserialize(serialize($cObj));
// load crm notes
$logs = $db->Execute("select * from " . TABLE_CONTACTS_LOG . " where contact_id = " . $result->fields['id'] . " order by log_date desc");
while (!$logs->EOF) {
$this->crm_log[] = new objectInfo($logs->fields);
$logs->MoveNext();
}
$result->MoveNext();
}
// load crm notes
$result = $db->Execute("select * from " . TABLE_CONTACTS_LOG . " where contact_id = {$this->id} order by log_date desc");
while (!$result->EOF) {
$this->crm_log[] = new objectInfo($result->fields);
$result->MoveNext();
}
}
$accounts->fields[$add_type . '_address'][] = array('address_id' => $accounts->fields['address_id'], 'primary_name' => $accounts->fields['primary_name'], 'contact' => $accounts->fields['contact'], 'address1' => $accounts->fields['address1'], 'address2' => $accounts->fields['address2'], 'city_town' => $accounts->fields['city_town'], 'state_province' => $accounts->fields['state_province'], 'postal_code' => $accounts->fields['postal_code'], 'country_code' => $accounts->fields['country_code'], 'telephone1' => $accounts->fields['telephone1'], 'telephone2' => $accounts->fields['telephone2'], 'telephone3' => $accounts->fields['telephone3'], 'telephone4' => $accounts->fields['telephone4'], 'email' => $accounts->fields['email'], 'website' => $accounts->fields['website'], 'notes' => $accounts->fields['notes'], 'hint' => $hint);
$contact_js .= contacts_add_address_info($accounts->fields['address_id'], $accounts->fields);
$idx++;
if (substr($add_type, 1, 1) == 'm') {
// pull some special information since it's the main address
$edit_text = $accounts->fields['primary_name'] . ' (' . $accounts->fields['short_name'] . ')';
$accounts->fields[$add_type . '_notes'] = $accounts->fields['notes'];
}
$accounts->MoveNext();
}
// load payment info
if ($_SESSION['admin_encrypt']) {
$result = $db->Execute("select id, hint, enc_value from " . TABLE_DATA_SECURITY . " where module='contacts' and ref_1 = " . $id);
$js_pmt_array = "var js_pmt_array = new Array(" . $result->RecordCount() . ");" . chr(10);
$cnt = 0;
$encrypt = new encryption();
while (!$result->EOF) {
if (!($values = $encrypt->decrypt($_SESSION['admin_encrypt'], $result->fields['enc_value']))) {
$messageStack->add('Encryption error - ' . implode('. ', $encrypt->errors), 'error');
$error = true;
}
$val = explode(':', $values);
$js_pmt_array .= 'js_pmt_array[' . $cnt . '] = new pmtRecord("' . $result->fields['id'] . '", "' . $result->fields['hint'] . '", "' . $val[0] . '", "' . $val[1] . '", "' . $val[2] . '", "' . $val[3] . '", "' . $val[4] . '");' . chr(10);
$accounts->fields['pmt_values'][] = array('id' => $result->fields['id'], 'name' => $val[0], 'hint' => $result->fields['hint'], 'exp' => $val[2] . '/' . $val[3]);
$cnt++;
$result->MoveNext();
}
}
$cInfo = new objectInfo($accounts->fields);
if ($error) {
// do this if action was save and error occurred, regen post input
function encrypt_payment($module, $card_key_pos = false)
{
global $db, $messageStack;
if (strlen($_SESSION['admin_encrypt']) > 1) {
$tmp = array();
$cnt = 0;
$hint_val = false;
while (true) {
if (!isset($_POST[$module . '_field_' . $cnt])) {
break;
}
$tmp[] = db_prepare_input($_POST[$module . '_field_' . $cnt]);
if ($cnt === $card_key_pos) {
$hint_val = trim(db_prepare_input($_POST[$module . '_field_' . $cnt]));
}
$cnt++;
}
if (sizeof($tmp) > 0) {
require_once DIR_FS_MODULES . 'general/classes/encryption.php';
$hint = '';
if ($hint_val) {
$hint = substr($hint_val, 0, 1);
for ($a = 0; $a < strlen($hint_val) - 5; $a++) {
$hint .= '*';
}
$hint .= substr($hint_val, -4);
}
$encrypt = new encryption();
if (!($enc_value = $encrypt->encrypt($_SESSION['admin_encrypt'], implode(':', $tmp), 128))) {
$messageStack->add('Encryption error - ' . implode('. ', $encrypt->errors), 'error');
return false;
}
$encryption_array = array('hint' => $hint, 'module' => 'contacts', 'enc_value' => $enc_value, 'ref_1' => $this->bill_acct_id, 'ref_2' => $this->bill_address_id);
if ($this->payment_id) {
db_perform(TABLE_DATA_SECURITY, $encryption_array, 'update', 'id = ' . $this->payment_id);
} else {
db_perform(TABLE_DATA_SECURITY, $encryption_array, 'insert');
}
}
} else {
$messageStack->add(BNK_PAYMENT_NOT_SAVED, 'error');
return false;
}
return true;
}
