/**
* marks an order as Paid, sends an invoice, and calls any specified callbacks
*
* @param int $id ID of the order
* @param array $order details of the order
*
* @return null
*/
function OnlineStore_processOrder($id, $order = false)
{
if ($order === false) {
$order = dbRow("SELECT * FROM online_store_orders WHERE id={$id}");
}
$items = json_decode($order['items'], true);
// { mark order as paid
dbQuery("update online_store_orders set status='1' where id={$id}");
OnlineStore_updateProductSales($id, $items, $order['date_created']);
if (!$order['invoice_num']) {
$highest = dbOne('select invoice_num from online_store_orders order by invoice_num desc limit 1', 'invoice_num');
$order['invoice_num'] = $highest + 1;
dbQuery('update online_store_orders set invoice_num=' . $order['invoice_num'] . ' where id=' . $id);
}
$order['status'] = 1;
// }
// { call the callback if it's supplied
if ($order['callback']) {
file($order['callback']);
}
// }
Core_trigger('after-order-processed', array($order));
OnlineStore_sendInvoiceEmail($id, $order);
OnlineStore_exportToFile($id, $order);
}
<?php
/**
* verify a QuickPay payment
*
* PHP version 5.2
*
* @category None
* @package None
* @author Kae Verens <*****@*****.**>
* @license GPL 2.0
* @link http://kvsites.ie/
*/
require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php';
$md5secret = dbOne('select value from page_vars,pages where page_id=pages.id and ' . '(pages.type="online-store" or pages.type="online-store|online-store")' . ' and page_vars.name="online_stores_quickpay_secret"', 'value');
if (!$md5secret) {
// no md5 secret entered
Core_quit();
}
// { calculate expected MD5
$expected_md5 = md5($_REQUEST['msgtype'] . $_REQUEST['ordernumber'] . $_REQUEST['amount'] . $_REQUEST['currency'] . $_REQUEST['time'] . $_REQUEST['state'] . $_REQUEST['qpstat'] . $_REQUEST['qpstatmsg'] . $_REQUEST['chstat'] . $_REQUEST['chstatmsg'] . $_REQUEST['merchant'] . $_REQUEST['merchantemail'] . $_REQUEST['transaction'] . $_REQUEST['cardtype'] . $_REQUEST['cardnumber'] . $_REQUEST['splitpayment'] . $_REQUEST['fraudprobability'] . $_REQUEST['fraudremarks'] . $_REQUEST['fraudreport'] . $_REQUEST['fee'] . $md5secret);
// }
if (strtolower($expected_md5) == strtolower($_REQUEST['md5check'])) {
$id = (int) preg_replace('/^0*/', '', $_REQUEST['ordernumber']);
$sql = 'update online_store_orders set status=4' . ', meta="' . addslashes(json_encode($_REQUEST)) . '"' . ', authorised=1 where id=' . $id;
dbQuery($sql);
require_once dirname(__FILE__) . '/../order-status.php';
OnlineStore_sendInvoiceEmail($id);
OnlineStore_exportToFile($id);
}
/**
* change the payment status of an Online-Store order
*
* @return array status
*/
function OnlineStore_adminChangeOrderStatus()
{
$id = (int) $_REQUEST['id'];
$status = (int) $_REQUEST['status'];
$invoices_by_email = (int) dbOne('select value from online_store_vars where name="invoices_by_email"', 'value');
if ($status == 1) {
// paid
require dirname(__FILE__) . '/order-status.php';
OnlineStore_processOrder($id);
} elseif ($status == 3) {
// cancelled
dbQuery('update online_store_orders set status=' . $status . ' where id=' . $id);
Core_trigger('after-order-cancelled', dbRow('select * from online_store_orders where id=' . $id));
} else {
dbQuery('update online_store_orders set status=' . $status . ' where id=' . $id);
require dirname(__FILE__) . '/order-status.php';
OnlineStore_sendInvoiceEmail($id);
OnlineStore_exportToFile($id);
}
return array('ok' => 1);
}