public function index() { ob_clean(); $image_handle = imagecreatetruecolor(150, 60); $white = imagecolorallocate($image_handle, 255, 255, 255); $rndm = imagecolorallocate($image_handle, rand(64, 192), rand(64, 192), rand(64, 192)); imagefill($image_handle, 0, 0, $white); $fontName = PUBLICPATH . "/fonts/elephant.ttf"; $myX = 15; $myY = 30; $angle = 0; for ($x = 0; $x <= 100; $x++) { $myX = rand(1, 148); $myY = rand(1, 58); imageline($image_handle, $myX, $myY, $myX + rand(-5, 5), $myY + rand(-5, 5), $rndm); } $myCryptBase = tep_create_random_value(50, 'digits'); $secure_image_hash_string = ""; for ($x = 0; $x <= 4; $x++) { $dark = imagecolorallocate($image_handle, rand(5, 128), rand(5, 128), rand(5, 128)); $capChar = substr($myCryptBase, rand(1, 35), 1); $secure_image_hash_string .= $capChar; $fs = rand(20, 26); $myX = 15 + ($x * 28 + rand(-5, 5)); $myY = rand($fs + 2, 55); $angle = rand(-30, 30); ImageTTFText($image_handle, $fs, $angle, $myX, $myY, $dark, $fontName, $capChar); } $this->session->set_userdata('secure_image_hash_string', $secure_image_hash_string); header("Content-type: image/jpeg"); imagejpeg($image_handle, "", 95); imagedestroy($image_handle); die; }
public function index() { $error_log_login = $this->session->userdata('error_log_login'); if (!$error_log_login) { $error_log_login = 0; } $login_id = $this->session->userdata('login_id'); if ($login_id) { redirect(site_url('login/comfirm')); } $user_session = $this->session->userdata('user'); if ($user_session) { redirect(site_url('home')); } $posts = $this->input->post(); if ($posts) { $account_number = $posts['account_number']; $login_password = $posts['password']; $security_code = !empty($posts['security_code']) ? $posts['security_code'] : false; if (!empty($error_log_login) && $error_log_login > 3) { $secure_image_hash_string = $this->session->userdata('secure_image_hash_string'); if ($security_code != $secure_image_hash_string) { $this->validator->addError('Turing Number', ERROR_SECURE_CODE_WRONG); } } $this->validator->validateGeneral('Account Number', $account_number, _ERROR_FIELD_EMPTY); $this->validator->validateGeneral('Password', $login_password, _ERROR_FIELD_EMPTY); if (count($this->validator->errors) == 0) { $user = $this->user->checkLogin($account_number, $login_password); if (!$user) { $this->validator->addError('Account Number/Password', ERROR_INVALID_ACCOUNT); $error_log_login++; $this->session->set_userdata('error_log_login', $error_log_login); $this->data['validerrors'] = $this->validator->errors; } else { $this->session->set_userdata('login_id', $user['user_id']); $current_ip = get_client_ip(); if ($user['verification_status'] == 1 && $current_ip != $user['verification_ip']) { $verification_key = tep_create_random_value(10, 'digits'); $signup_data_array['verification_key'] = $verification_key; $this->user->update($user['user_id'], $signup_data_array); $this->load->model('email_model'); $this->email_model->sendmail('VERIFYCATION_KEY', $user['firstname'], $user['email'], $user); } redirect(site_url('login/comfirm')); } } else { $error_log_login++; $this->session->set_userdata('error_log_login', $error_log_login); $this->data['validerrors'] = $this->validator->errors; } } $this->data['error_log_login'] = $error_log_login; $this->view('login/index'); }
function create_temp_customer($customer_info) { global $customer_id, $customer_first_name, $customer_default_address_id, $customer_country_id, $customer_zone_id, $billto, $sendto; $query = tep_db_query("SELECT c.customers_id as customer_id, c.customers_firstname, c.customers_default_address_id as customer_default_address_id, ab.entry_country_id as customer_country_id, ab.entry_zone_id as customer_zone_id FROM " . TABLE_CUSTOMERS . " c, " . TABLE_ADDRESS_BOOK . " ab WHERE c.customers_id = ab.customers_id AND c.customers_default_address_id = ab.address_book_id AND c.customers_email_address = '" . $customer_info['EMAIL'] . "'"); if (tep_db_num_rows($query) > 0) { $data = tep_db_fetch_array($query); $customer_id = $data['customer_id']; $customer_first_name = $data['customer_first_name']; $customer_default_address_id = $data['customer_default_address_id']; $customer_country_id = $data['customer_country_id']; $customer_zone_id = $data['customer_zone_id']; } else { $_SESSION['temp_password'] = tep_create_random_value(ENTRY_PASSWORD_MIN_LENGTH); $sql_data_array = array('customers_firstname' => $customer_info['FIRSTNAME'], 'customers_lastname' => $customer_info['LASTNAME'], 'customers_email_address' => $customer_info['EMAIL'], 'customers_validation' => '1', 'customers_password' => tep_encrypt_password($_SESSION['temp_password'])); tep_db_perform(TABLE_CUSTOMERS, $sql_data_array); $customer_id = tep_db_insert_id(); $sql_query = tep_db_query("SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . $customer_info['SHIPTOCOUNTRYCODE'] . "'"); if (tep_db_num_rows($sql_query) == 0) { $sql_query = tep_db_query("SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . $customer_info['COUNTRYCODE'] . "'"); } $country = tep_db_fetch_array($sql_query); $customer_country_id = $country['countries_id']; $zone = tep_db_fetch_array(tep_db_query("SELECT zone_id FROM " . TABLE_ZONES . " WHERE zone_country_id = '" . $country['countries_id'] . "' AND zone_code = '" . $customer_info['SHIPTOSTATE'] . "'")); if (tep_not_null($zone['zone_id'])) { $customer_zone_id = $zone['zone_id']; $state = ''; } else { $customer_zone_id = '0'; $state = $customer_info['SHIPTOSTATE']; } $customer_first_name = $customer_info['FIRSTNAME']; $customer_last_name = $customer_info['LASTNAME']; $sql_data_array = array('customers_id' => $customer_id, 'entry_firstname' => $customer_first_name, 'entry_lastname' => $customer_last_name, 'entry_telephone' => $customer_info['PHONENUM'], 'entry_street_address' => $customer_info['SHIPTOSTREET'], 'entry_postcode' => $customer_info['SHIPTOZIP'], 'entry_city' => $customer_info['SHIPTOCITY'], 'entry_country_id' => $customer_country_id, 'entry_zone_id' => $customer_zone_id, 'entry_state' => $state); tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array); $customer_default_address_id = tep_db_insert_id(); $billto = $customer_default_address_id; $sendto = $customer_default_address_id; tep_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $customer_default_address_id . "' where customers_id = '" . (int) $customer_id . "'"); tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customer_id . "', '0', now())"); $_SESSION['paypalxc_create_account'] = '1'; } $_SESSION['customer_id'] = $customer_id; $_SESSION['customer_first_name'] = $customer_first_name; $_SESSION['customer_default_address_id'] = $customer_default_address_id; $_SESSION['customer_country_id'] = $customer_country_id; $_SESSION['customer_zone_id'] = $customer_zone_id; }
function generate() { extract(tep_load('http_validator', 'database')); $result = false; $laddress = $http->ip_string; $check_query = $db->query("select count(*) as total from " . TABLE_SESSIONS . " where ip_long = '" . $db->filter($laddress) . "'"); $check_array = $db->fetch_array($check_query); if ($check_array['total'] >= $this->max_ip_sessions) { return $result; } $this->id = tep_create_random_value(64); $this->new_id = $result = true; $http->set_cookie($this->name); //$http->set_cookie($this->name, $this->id, time()+$this->life); $http->set_cookie($this->name, $this->id, -1); return $result; }
function init_sessions() { extract(tep_load('defs', 'database', 'http_validator', 'sessions', 'message_stack')); $cStrings =& $this->strings; $this->admin =& $cSessions->register('admin', false); if (!$this->admin || $cDefs->script != FILENAME_GENERIC_PAGES && $cDefs->script != FILENAME_COLLECTIONS) { $this->change(false); } $key = $this->options['admin_key']; if ($this->admin && isset($_GET[$key])) { $msg->add_session($cStrings->SUCCESS_ADMIN_INIT, 'success', 'header'); $http->send_cookies(); tep_redirect(tep_href_link()); return true; } if (!isset($_GET[$key]) || empty($_GET[$key]) || strlen($key) != $this->options['admin_key_length'] || $this->admin) { return false; } $db->query("delete from " . TABLE_SESSIONS . " where expiry <= '" . time() . "'"); $db->query("delete from " . TABLE_SESSIONS_ADMIN . " where expiry <= '" . time() . "'"); $check_query = $db->query("select count(*) as total from " . TABLE_SESSIONS . " where sesskey = '" . $db->filter($_GET[$key]) . "' and ip_long = '" . $db->filter($http->ip_string) . "'"); $check_array = $db->fetch_array($check_query); if ($check_array['total']) { $check_query = $db->query("select count(*) as total from " . TABLE_SESSIONS_ADMIN . " where sesskey = '" . $db->filter($_GET[$key]) . "'"); $check_array = $db->fetch_array($check_query); if ($check_array['total']) { $db->query("delete from " . TABLE_SESSIONS . " where sesskey = '" . $db->filter($_GET[$key]) . "' and ip_long = '" . $db->filter($http->ip_string) . "'"); $this->admin = true; $this->options['admin_key'] = tep_create_random_value($this->options['admin_key_length'], 'chars_lower'); $this->save_options($this->options); $msg->add_session($cStrings->SUCCESS_ADMIN_INIT, 'success', 'header'); $http->send_cookies(); tep_redirect(tep_href_link()); } } return true; }
public function index() { $posts = $this->input->post(); if ($posts) { $security_code = $posts['security_code']; $secure_image_hash_string = $this->session->userdata('secure_image_hash_string'); if ($security_code == $secure_image_hash_string) { $account_number = $posts['account_number']; $email = $posts['email']; if ($this->validator->validateEmail('E-mail', $email, ERROR_EMAIL_ADDRESS)) { $account_info = $this->user->getUser(array('email' => $email, 'account_number' => $account_number)); if (!$account_info) { // email existed $this->validator->addError('Account Number/E-mail', "Invalid account number/e-mail."); } } } else { $this->validator->addError('Turing Number', ERROR_SECURE_CODE_WRONG); } if (count($this->validator->errors) == 0) { // found email => send account number to the email $forgot_info = array('account_number' => $account_number, 'email' => $email); $this->session->set_userdata('forgot_info', $forgot_info); $reset_code = tep_create_random_value(10, 'digits'); $dataEmail = array('firstname' => $account_info['firstname'], 'reset_code' => $reset_code); $this->email_model->sendmail('RESET_PASSWORD_CODE', $account_info['firstname'], $account_info['email'], $dataEmail); $dataUpdate['reset_code'] = $reset_code; $this->user->update($account_info['user_id'], $dataUpdate); redirect('forgot/step2'); } else { $this->data['validerrors'] = $this->validator->errors; } } $this->data['posts'] = $posts; $this->view('forgot/index'); }
function before_process() { global $insert_id, $order; $address = $order->customer['email_address'] . '-' . tep_create_random_value(32); require_once 'bitcoin/jsonRPCClient.php'; $bitcoin = new jsonRPCClient('http://' . MODULE_PAYMENT_BITCOIN_LOGIN . ':' . MODULE_PAYMENT_BITCOIN_PASSWORD . '@' . MODULE_PAYMENT_BITCOIN_HOST . '/'); try { $bitcoin->getinfo(); } catch (Exception $e) { $confirmation = array('title' => 'Error: Bitcoin server is down. Please email system administrator regarding your order after confirmation.'); return $confirmation; } $address = $bitcoin->getaccountaddress($address); $order->info['comments'] .= ' | Payment Address: ' . $address . ' | '; return false; }
$rand_value .= $char; } } } return $rand_value; } // Module already installed if (defined('MODULE_PAYMENT_SOFORTUEBERWEISUNG_DIRECT_STATUS') && MODULE_PAYMENT_SOFORTUEBERWEISUNG_DIRECT_STATUS == 'True') { die('Modul bereits installiert<br /><a href="' . tep_href_link(FILENAME_MODULES, 'set=payment&module=sofortueberweisung_direct', 'SSL') . '">zur�ck zum ShopAdmin</a>'); } $parameter = array(); $parameter['install'] = 'sofortueberweisung_direct'; $parameter['action'] = 'install'; $parameter['input_passwort'] = tep_create_random_value(12); $parameter['bna_passwort'] = tep_create_random_value(12); $parameter['cnt_passwort'] = tep_create_random_value(12); $get_parameter = ''; $x = 0; while (list($key, $value) = each($parameter)) { if (empty($value)) { continue; } if ($x > 0) { $get_parameter .= "&"; } $get_parameter .= $key . "=" . urlencode($value); $x++; } $backlink = tep_href_link('ext/modules/payment/sofortueberweisung/install.php', $get_parameter); $html_abortlink = tep_catalog_href_link('checkout_payment.php', 'payment_error=sofortueberweisung_direct&' . OSC_CATALOG_SESSION_ID . '=-KUNDEN_VAR_2-', 'SSL', false, false); $header_redir_url = tep_catalog_href_link('checkout_process.php', OSC_CATALOG_SESSION_ID . '=-KUNDEN_VAR_2-&sovar3=-KUNDEN_VAR_3-&sovar4=-KUNDEN_VAR_3_MD5_PASS-&betrag_integer=-BETRAG_INTEGER-', 'SSL', false, false);
function install() { $result = parent::install(); $this->options_array['admin_key'] = tep_create_random_value($this->options_array['admin_key_length'], 'chars_lower'); $this->save_options($this->options_array); return $result; }
Copyright (c) 2012 osCommerce Released under the GNU General Public License */ require 'includes/application_top.php'; require DIR_WS_LANGUAGES . $language . '/' . FILENAME_PASSWORD_FORGOTTEN; $password_reset_initiated = false; if (isset($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] == 'process' && isset($HTTP_POST_VARS['formid']) && $HTTP_POST_VARS['formid'] == $sessiontoken) { $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']); $check_customer_query = tep_db_query("select customers_firstname, customers_lastname, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'"); if (tep_db_num_rows($check_customer_query)) { $check_customer = tep_db_fetch_array($check_customer_query); $actionRecorder = new actionRecorder('ar_reset_password', $check_customer['customers_id'], $email_address); if ($actionRecorder->canPerform()) { $actionRecorder->record(); $reset_key = tep_create_random_value(40); tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set password_reset_key = '" . tep_db_input($reset_key) . "', password_reset_date = now() where customers_info_id = '" . (int) $check_customer['customers_id'] . "'"); $reset_key_url = tep_href_link(FILENAME_PASSWORD_RESET, 'account=' . urlencode($email_address) . '&key=' . $reset_key, 'SSL', false); if (strpos($reset_key_url, '&') !== false) { $reset_key_url = str_replace('&', '&', $reset_key_url); } tep_mail($check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'], $email_address, EMAIL_PASSWORD_RESET_SUBJECT, sprintf(EMAIL_PASSWORD_RESET_BODY, $reset_key_url), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); $password_reset_initiated = true; } else { $actionRecorder->record(false); $messageStack->add('password_forgotten', sprintf(ERROR_ACTION_RECORDER, defined('MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES') ? (int) MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES : 5)); } } else { $messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND); } }
function generate_cart_id($length = 5) { return tep_create_random_value($length, 'digits'); }
function confirmation() { global $cartID, $cart_PayPal_Pro_HS_ID, $customer_id, $languages_id, $order, $order_total_modules, $currency, $sendto, $pphs_result, $pphs_key; $pphs_result = array(); if (tep_session_is_registered('cartID')) { $insert_order = false; if (tep_session_is_registered('cart_PayPal_Pro_HS_ID')) { $order_id = substr($cart_PayPal_Pro_HS_ID, strpos($cart_PayPal_Pro_HS_ID, '-') + 1); $curr_check = tep_db_query("select currency from orders where orders_id = '" . (int) $order_id . "'"); $curr = tep_db_fetch_array($curr_check); if ($curr['currency'] != $order->info['currency'] || $cartID != substr($cart_PayPal_Pro_HS_ID, 0, strlen($cartID))) { $check_query = tep_db_query('select orders_id from orders_status_history where orders_id = "' . (int) $order_id . '" limit 1'); if (tep_db_num_rows($check_query) < 1) { tep_db_query('delete from orders where orders_id = "' . (int) $order_id . '"'); tep_db_query('delete from orders_total where orders_id = "' . (int) $order_id . '"'); tep_db_query('delete from orders_status_history where orders_id = "' . (int) $order_id . '"'); tep_db_query('delete from orders_products where orders_id = "' . (int) $order_id . '"'); tep_db_query('delete from orders_products_attributes where orders_id = "' . (int) $order_id . '"'); tep_db_query('delete from orders_products_download where orders_id = "' . (int) $order_id . '"'); } $insert_order = true; } } else { $insert_order = true; } if ($insert_order == true) { $order_totals = array(); if (is_array($order_total_modules->modules)) { foreach ($order_total_modules->modules as $value) { $class = substr($value, 0, strrpos($value, '.')); if ($GLOBALS[$class]->enabled) { for ($i = 0, $n = sizeof($GLOBALS[$class]->output); $i < $n; $i++) { if (tep_not_null($GLOBALS[$class]->output[$i]['title']) && tep_not_null($GLOBALS[$class]->output[$i]['text'])) { $order_totals[] = array('code' => $GLOBALS[$class]->code, 'title' => $GLOBALS[$class]->output[$i]['title'], 'text' => $GLOBALS[$class]->output[$i]['text'], 'value' => $GLOBALS[$class]->output[$i]['value'], 'sort_order' => $GLOBALS[$class]->sort_order); } } } } } $sql_data_array = array('customers_id' => $customer_id, 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], 'customers_company' => $order->customer['company'], 'customers_street_address' => $order->customer['street_address'], 'customers_suburb' => $order->customer['suburb'], 'customers_city' => $order->customer['city'], 'customers_postcode' => $order->customer['postcode'], 'customers_state' => $order->customer['state'], 'customers_country' => $order->customer['country']['title'], 'customers_telephone' => $order->customer['telephone'], 'customers_email_address' => $order->customer['email_address'], 'customers_address_format_id' => $order->customer['format_id'], 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'], 'delivery_company' => $order->delivery['company'], 'delivery_street_address' => $order->delivery['street_address'], 'delivery_suburb' => $order->delivery['suburb'], 'delivery_city' => $order->delivery['city'], 'delivery_postcode' => $order->delivery['postcode'], 'delivery_state' => $order->delivery['state'], 'delivery_country' => $order->delivery['country']['title'], 'delivery_address_format_id' => $order->delivery['format_id'], 'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'], 'billing_company' => $order->billing['company'], 'billing_street_address' => $order->billing['street_address'], 'billing_suburb' => $order->billing['suburb'], 'billing_city' => $order->billing['city'], 'billing_postcode' => $order->billing['postcode'], 'billing_state' => $order->billing['state'], 'billing_country' => $order->billing['country']['title'], 'billing_address_format_id' => $order->billing['format_id'], 'payment_method' => $order->info['payment_method'], 'cc_type' => $order->info['cc_type'], 'cc_owner' => $order->info['cc_owner'], 'cc_number' => $order->info['cc_number'], 'cc_expires' => $order->info['cc_expires'], 'date_purchased' => 'now()', 'orders_status' => $order->info['order_status'], 'currency' => $order->info['currency'], 'currency_value' => $order->info['currency_value']); tep_db_perform('orders', $sql_data_array); $insert_id = tep_db_insert_id(); for ($i = 0, $n = sizeof($order_totals); $i < $n; $i++) { $sql_data_array = array('orders_id' => $insert_id, 'title' => $order_totals[$i]['title'], 'text' => $order_totals[$i]['text'], 'value' => $order_totals[$i]['value'], 'class' => $order_totals[$i]['code'], 'sort_order' => $order_totals[$i]['sort_order']); tep_db_perform('orders_total', $sql_data_array); } for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) { $sql_data_array = array('orders_id' => $insert_id, 'products_id' => tep_get_prid($order->products[$i]['id']), 'products_model' => $order->products[$i]['model'], 'products_name' => $order->products[$i]['name'], 'products_price' => $order->products[$i]['price'], 'final_price' => $order->products[$i]['final_price'], 'products_tax' => $order->products[$i]['tax'], 'products_quantity' => $order->products[$i]['qty']); tep_db_perform('orders_products', $sql_data_array); $order_products_id = tep_db_insert_id(); $attributes_exist = '0'; if (isset($order->products[$i]['attributes'])) { $attributes_exist = '1'; for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) { if (DOWNLOAD_ENABLED == 'true') { $attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename\n from products_options popt, products_options_values poval, products_attributes pa\n left join products_attributes_download pad\n on pa.products_attributes_id=pad.products_attributes_id\n where pa.products_id = '" . $order->products[$i]['id'] . "'\n and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n and pa.options_id = popt.products_options_id\n and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n and pa.options_values_id = poval.products_options_values_id\n and popt.language_id = '" . $languages_id . "'\n and poval.language_id = '" . $languages_id . "'"; $attributes = tep_db_query($attributes_query); } else { $attributes = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from products_options popt, products_options_values poval, products_attributes pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $languages_id . "' and poval.language_id = '" . $languages_id . "'"); } $attributes_values = tep_db_fetch_array($attributes); $sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'products_options' => $attributes_values['products_options_name'], 'products_options_values' => $attributes_values['products_options_values_name'], 'options_values_price' => $attributes_values['options_values_price'], 'price_prefix' => $attributes_values['price_prefix']); tep_db_perform('orders_products_attributes', $sql_data_array); if (DOWNLOAD_ENABLED == 'true' && isset($attributes_values['products_attributes_filename']) && tep_not_null($attributes_values['products_attributes_filename'])) { $sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'orders_products_filename' => $attributes_values['products_attributes_filename'], 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 'download_count' => $attributes_values['products_attributes_maxcount']); tep_db_perform('orders_products_download', $sql_data_array); } } } } $cart_PayPal_Pro_HS_ID = $cartID . '-' . $insert_id; tep_session_register('cart_PayPal_Pro_HS_ID'); } $order_id = substr($cart_PayPal_Pro_HS_ID, strpos($cart_PayPal_Pro_HS_ID, '-') + 1); $params = array('buyer_email' => $order->customer['email_address'], 'cancel_return' => tep_href_link('checkout_payment.php', '', 'SSL'), 'currency_code' => $currency, 'invoice' => $order_id, 'custom' => $customer_id, 'paymentaction' => OSCOM_APP_PAYPAL_HS_TRANSACTION_METHOD == '1' ? 'sale' : 'authorization', 'return' => tep_href_link('checkout_process.php', '', 'SSL'), 'notify_url' => tep_href_link('ext/modules/payment/paypal/pro_hosted_ipn.php', '', 'SSL', false, false), 'shipping' => $this->_app->formatCurrencyRaw($order->info['shipping_cost']), 'tax' => $this->_app->formatCurrencyRaw($order->info['tax']), 'subtotal' => $this->_app->formatCurrencyRaw($order->info['total'] - $order->info['shipping_cost'] - $order->info['tax']), 'billing_first_name' => $order->billing['firstname'], 'billing_last_name' => $order->billing['lastname'], 'billing_address1' => $order->billing['street_address'], 'billing_city' => $order->billing['city'], 'billing_state' => tep_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], $order->billing['state']), 'billing_zip' => $order->billing['postcode'], 'billing_country' => $order->billing['country']['iso_code_2'], 'night_phone_b' => $order->customer['telephone'], 'template' => 'templateD', 'item_name' => STORE_NAME, 'showBillingAddress' => 'false', 'showShippingAddress' => 'false', 'showHostedThankyouPage' => 'false'); if (is_numeric($sendto) && $sendto > 0) { $params['address_override'] = 'true'; $params['first_name'] = $order->delivery['firstname']; $params['last_name'] = $order->delivery['lastname']; $params['address1'] = $order->delivery['street_address']; $params['city'] = $order->delivery['city']; $params['state'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], $order->delivery['state']); $params['zip'] = $order->delivery['postcode']; $params['country'] = $order->delivery['country']['iso_code_2']; } $return_link_title = $this->_app->getDef('module_hs_button_return_to_store', array('storename' => STORE_NAME)); if (strlen($return_link_title) <= 60) { $params['cbt'] = $return_link_title; } $pphs_result = $this->_app->getApiResult('APP', 'BMCreateButton', $params, OSCOM_APP_PAYPAL_HS_STATUS == '1' ? 'live' : 'sandbox'); if (!tep_session_is_registered('pphs_result')) { tep_session_register('pphs_result'); } } $pphs_key = tep_create_random_value(16); if (!tep_session_is_registered('pphs_key')) { tep_session_register('pphs_key'); } $iframe_url = tep_href_link('ext/modules/payment/paypal/hosted_checkout.php', 'key=' . $pphs_key, 'SSL'); $form_url = tep_href_link('checkout_payment.php', 'payment_error=paypal_pro_hs', 'SSL'); // include jquery if it doesn't exist in the template $output = <<<EOD <iframe src="{$iframe_url}" width="570px" height="540px" frameBorder="0" scrolling="no"></iframe> <script> if ( typeof jQuery == 'undefined' ) { document.write('<scr' + 'ipt src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></scr' + 'ipt>'); } </script> <script> \$(function() { \$('form[name="checkout_confirmation"] input[type="submit"], form[name="checkout_confirmation"] input[type="image"], form[name="checkout_confirmation"] button[type="submit"]').hide(); \$('form[name="checkout_confirmation"]').attr('action', '{$form_url}'); }); </script> EOD; $confirmation = array('title' => $output); return $confirmation; }
function before_process() { global $sagepay_server_transaction_details, $order, $order_totals; $OSCOM_Db = Registry::get('Db'); $sagepay_server_transaction_details = null; $error = null; if (isset($_GET['check']) && $_GET['check'] == 'PROCESS') { if (isset($_GET['skcode']) && isset($_SESSION['sagepay_server_skey_code']) && $_GET['skcode'] == $_SESSION['sagepay_server_skey_code']) { $skcode = HTML::sanitize($_GET['skcode']); $Qsp = $OSCOM_Db->get('sagepay_server_securitykeys', ['verified', 'transaction_details'], ['code' => $skcode], null, 1); if ($Qsp->fetch() !== false) { unset($_SESSION['sagepay_server_skey_code']); $OSCOM_Db->delete('sagepay_server_securitykeys', ['code' => $skcode]); if ($Qsp->value('verified') == '1') { $sagepay_server_transaction_details = $Qsp->value('transaction_details'); return true; } } } } else { if (!isset($_SESSION['sagepay_server_skey_code'])) { $_SESSION['sagepay_server_skey_code'] = tep_create_random_value(16); } $params = array('VPSProtocol' => $this->api_version, 'ReferrerID' => 'C74D7B82-E9EB-4FBD-93DB-76F0F551C802', 'Vendor' => substr(MODULE_PAYMENT_SAGE_PAY_SERVER_VENDOR_LOGIN_NAME, 0, 15), 'VendorTxCode' => substr(date('YmdHis') . '-' . $_SESSION['customer_id'] . '-' . $_SESSION['cartID'], 0, 40), 'Amount' => $this->format_raw($order->info['total']), 'Currency' => $_SESSION['currency'], 'Description' => substr(STORE_NAME, 0, 100), 'NotificationURL' => $this->formatURL(OSCOM::link('ext/modules/payment/sage_pay/server.php', 'check=SERVER&skcode=' . $_SESSION['sagepay_server_skey_code'], 'SSL', false)), 'BillingSurname' => substr($order->billing['lastname'], 0, 20), 'BillingFirstnames' => substr($order->billing['firstname'], 0, 20), 'BillingAddress1' => substr($order->billing['street_address'], 0, 100), 'BillingCity' => substr($order->billing['city'], 0, 40), 'BillingPostCode' => substr($order->billing['postcode'], 0, 10), 'BillingCountry' => $order->billing['country']['iso_code_2'], 'BillingPhone' => substr($order->customer['telephone'], 0, 20), 'DeliverySurname' => substr($order->delivery['lastname'], 0, 20), 'DeliveryFirstnames' => substr($order->delivery['firstname'], 0, 20), 'DeliveryAddress1' => substr($order->delivery['street_address'], 0, 100), 'DeliveryCity' => substr($order->delivery['city'], 0, 40), 'DeliveryPostCode' => substr($order->delivery['postcode'], 0, 10), 'DeliveryCountry' => $order->delivery['country']['iso_code_2'], 'DeliveryPhone' => substr($order->customer['telephone'], 0, 20), 'CustomerEMail' => substr($order->customer['email_address'], 0, 255), 'Apply3DSecure' => '0'); $ip_address = tep_get_ip_address(); if (ip2long($ip_address) != -1 && ip2long($ip_address) != false) { $params['ClientIPAddress'] = $ip_address; } if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Payment') { $params['TxType'] = 'PAYMENT'; } elseif (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Deferred') { $params['TxType'] = 'DEFERRED'; } else { $params['TxType'] = 'AUTHENTICATE'; } if ($params['BillingCountry'] == 'US') { $params['BillingState'] = tep_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], ''); } if ($params['DeliveryCountry'] == 'US') { $params['DeliveryState'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], ''); } if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE != 'Normal') { $params['Profile'] = 'LOW'; } $contents = array(); foreach ($order->products as $product) { $product_name = $product['name']; if (isset($product['attributes'])) { foreach ($product['attributes'] as $att) { $product_name .= '; ' . $att['option'] . '=' . $att['value']; } } $contents[] = str_replace(array(':', "\n", "\r", '&'), '', $product_name) . ':' . $product['qty'] . ':' . $this->format_raw($product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price'] + $product['final_price']) . ':' . $this->format_raw(($product['tax'] / 100 * $product['final_price'] + $product['final_price']) * $product['qty']); } foreach ($order_totals as $ot) { $contents[] = str_replace(array(':', "\n", "\r", '&'), '', strip_tags($ot['title'])) . ':---:---:---:---:' . $this->format_raw($ot['value']); } $params['Basket'] = substr(sizeof($contents) . ':' . implode(':', $contents), 0, 7500); $post_string = ''; foreach ($params as $key => $value) { $post_string .= $key . '=' . urlencode(trim($value)) . '&'; } if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_SERVER == 'Live') { $gateway_url = 'https://live.sagepay.com/gateway/service/vspserver-register.vsp'; } else { $gateway_url = 'https://test.sagepay.com/gateway/service/vspserver-register.vsp'; } $transaction_response = $this->sendTransactionToGateway($gateway_url, $post_string); $string_array = explode(chr(10), $transaction_response); $return = array(); foreach ($string_array as $string) { if (strpos($string, '=') != false) { $parts = explode('=', $string, 2); $return[trim($parts[0])] = trim($parts[1]); } } if ($return['Status'] == 'OK') { $Qsp = $OSCOM_Db->get('sagepay_server_securitykeys', ['id', 'securitykey'], ['code' => $_SESSION['sagepay_server_skey_code']], null, 1); if ($Qsp->fetch() !== false) { if ($Qsp->value('securitykey') != $return['SecurityKey']) { $OSCOM_Db->save('sagepay_server_securitykeys', ['securitykey' => $return['SecurityKey'], 'date_added' => 'now()'], ['id' => $Qsp->valueInt('id')]); } } else { $OSCOM_Db->save('sagepay_server_securitykeys', ['code' => $_SESSION['sagepay_server_skey_code'], 'securitykey' => $return['SecurityKey'], 'date_added' => 'now()']); } if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE == 'Normal') { HTTP::redirect($return['NextURL']); } else { $_SESSION['sage_pay_server_nexturl'] = $return['NextURL']; OSCOM::redirect('ext/modules/payment/sage_pay/checkout.php', '', 'SSL'); } } else { $error = $this->getErrorMessageNumber($return['StatusDetail']); $this->sendDebugEmail($return); } } OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . (tep_not_null($error) ? '&error=' . $error : ''), 'SSL'); }
function transfer($transaction_data_array) { $amount = $transaction_data_array['amount']; $from_userid = $transaction_data_array['from_userid']; $balance_currency = $transaction_data_array['transaction_currency']; $to_userid = $transaction_data_array['to_userid']; $fees = $transaction_data_array['fee']; $batch_number = $transaction_data_array['batch_number']; $to_account = $transaction_data_array['to_account']; $amount_text = $transaction_data_array['amount_text']; $to_account = $transaction_data_array['to_account']; $transaction_memo = $transaction_data_array['transaction_memo']; $from_account_number = $transaction_data_array['from_account']; // deduce balance of the from account db_query("UPDATE " . _TABLE_USER_BALANCE . " SET balance=balance- " . $amount . ", last_updated='" . date('YmdHis') . "' WHERE user_id='" . $from_userid . "' and currency_code='" . $balance_currency . "'"); // add balance to the account // check user's balance currency init ? $check_balance = db_fetch_array(db_query("SELECT count(*) as total FROM " . _TABLE_USER_BALANCE . " WHERE user_id='" . $to_userid . "' and currency_code='" . $balance_currency . "'")); $current_amount = $amount - $fees; if ($check_balance['total'] > 0) { db_query("UPDATE " . _TABLE_USER_BALANCE . " SET balance=balance+ " . $current_amount . ", last_updated='" . date('YmdHis') . "' WHERE user_id='" . $to_userid . "' and currency_code='" . $balance_currency . "'"); } else { $balance_data_array = array('user_id' => $to_userid, 'currency_code' => $balance_currency, 'balance' => $current_amount, 'last_updated' => date('YmdHis')); db_perform(_TABLE_USER_BALANCE, $balance_data_array); } // completed $transaction_data = array('batch_number' => $batch_number, 'from_account' => $from_account_number, 'to_account' => $to_account, 'amount_text' => $amount_text, 'memo' => $transaction_memo, 'transaction_time' => date('d/m/Y H:i')); $step = 'completed'; // Send Transaction Notify Email to User $email_info = get_email_template('TRANSFER_EMAIL'); $user_info = db_fetch_array(db_query("SELECT firstname, email FROM " . _TABLE_USERS . " WHERE user_id='" . $to_userid . "'")); $firstname = $user_info['firstname']; $msg_subject = $email_info['emailtemplate_subject']; // echo "amount_text = $amount_text <br>"; $msg_content = str_replace(array('[firstname]', '[amount_text]', '[batch_number]', '[balance_currency]', '[from_account]'), array($firstname, $amount_text, $batch_number, $balance_currency, $from_account_number), $email_info['emailtemplate_content']); $msg_content = html_entity_decode($msg_content); tep_mail($firstname, $user_info['email'], $msg_subject, $msg_content, SITE_NAME, SITE_CONTACT_EMAIL); //admin transfer $batch_number_admin = tep_create_random_value(11, 'digits'); $transaction_data_array_admin = array('from_userid' => $to_userid, 'batch_number' => $batch_number_admin, 'to_userid' => 1, 'amount' => $fees, 'fee' => 0, 'transaction_time' => date('YmdHis'), 'transaction_memo' => 'transaction fees #' . $batch_number, 'from_account' => $to_account, 'to_account' => 'OOKCASH', 'transaction_currency' => $balance_currency, 'amount_text' => $transaction_data_array['fee_text'], 'transaction_status' => 'completed'); db_perform(_TABLE_TRANSACTIONS, $transaction_data_array); transfer_admin($transaction_data_array_admin); return $transaction_data; }
$zone_id = false; } } $country = tep_db_prepare_input($HTTP_POST_VARS['country']); $telephone = tep_db_prepare_input($HTTP_POST_VARS['telephone']); $fax = tep_db_prepare_input($HTTP_POST_VARS['fax']); if (isset($HTTP_POST_VARS['newsletter'])) { $newsletter = tep_db_prepare_input($HTTP_POST_VARS['newsletter']); } else { $newsletter = false; } $password = tep_db_prepare_input($HTTP_POST_VARS['password']); $confirmation = tep_db_prepare_input($HTTP_POST_VARS['confirmation']); // Guest Account Start if ($guest_account == true) { $guest_pass = tep_create_random_value(ENTRY_PASSWORD_MIN_LENGTH, 'mixed'); $password = tep_db_prepare_input($guest_pass); } // Guest Account End $error = false; if (ACCOUNT_GENDER == 'true') { if ($gender != 'm' && $gender != 'f') { $error = true; $messageStack->add('create_account', ENTRY_GENDER_ERROR); } } if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) { $error = true; $messageStack->add('create_account', ENTRY_FIRST_NAME_ERROR); } if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
function create_random_string($value) { do { $variable = tep_create_random_value(16); } while (isset($GLOBALS[$name]) || isset($this->storage[$variable])); $this->register($variable, $value); return $variable; }
if ($response_array['ACK'] == 'Success' || $response_array['ACK'] == 'SuccessWithWarning') { $force_login = false; // check if e-mail address exists in database and login or create customer account if (!tep_session_is_registered('customer_id')) { $force_login = true; $email_address = tep_db_prepare_input($response_array['EMAIL']); $check_query = tep_db_query("select * from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "' limit 1"); if (tep_db_num_rows($check_query)) { $check = tep_db_fetch_array($check_query); $customer_id = $check['customers_id']; $customers_firstname = $check['customers_firstname']; $customer_default_address_id = $check['customers_default_address_id']; } else { $customers_firstname = tep_db_prepare_input($response_array['FIRSTNAME']); $customers_lastname = tep_db_prepare_input($response_array['LASTNAME']); $customer_password = tep_create_random_value(max(ENTRY_PASSWORD_MIN_LENGTH, 8)); $sql_data_array = array('customers_firstname' => $customers_firstname, 'customers_lastname' => $customers_lastname, 'customers_email_address' => $email_address, 'customers_telephone' => '', 'customers_fax' => '', 'customers_newsletter' => '0', 'customers_password' => tep_encrypt_password($customer_password)); if (isset($response_array['PHONENUM']) && tep_not_null($response_array['PHONENUM'])) { $customers_telephone = tep_db_prepare_input($response_array['PHONENUM']); $sql_data_array['customers_telephone'] = $customers_telephone; } tep_db_perform(TABLE_CUSTOMERS, $sql_data_array); $customer_id = tep_db_insert_id(); tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customer_id . "', '0', now())"); // build the message content $name = $customers_firstname . ' ' . $customers_lastname; $email_text = sprintf(EMAIL_GREET_NONE, $customers_firstname) . EMAIL_WELCOME . sprintf(MODULE_PAYMENT_PAYPAL_EXPRESS_EMAIL_PASSWORD, $email_address, $customer_password) . EMAIL_TEXT . EMAIL_CONTACT . EMAIL_WARNING; tep_mail($name, $email_address, EMAIL_SUBJECT, $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); } if (SESSION_RECREATE == 'True') { tep_session_recreate();
function generate_account_number() { $CI =& get_instance(); $CI->load->model('user_model', 'user'); while (true) { $new_account_number = tep_create_random_value(7, 'digits'); //check if the account number is existed $check_account_number = $CI->user->getUser(array('account_number' => $new_account_number)); if (!$check_account_number) { return $new_account_number; } } }
osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2008 osCommerce Released under the GNU General Public License */ require 'includes/application_top.php'; require DIR_WS_LANGUAGES . $language . '/' . FILENAME_PASSWORD_FORGOTTEN; if (isset($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] == 'process' && isset($HTTP_POST_VARS['formid']) && $HTTP_POST_VARS['formid'] == $sessiontoken) { $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']); $check_customer_query = tep_db_query("select customers_firstname, customers_lastname, customers_password, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'"); if (tep_db_num_rows($check_customer_query)) { $check_customer = tep_db_fetch_array($check_customer_query); $new_password = tep_create_random_value(ENTRY_PASSWORD_MIN_LENGTH); $crypted_password = tep_encrypt_password($new_password); tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $check_customer['customers_id'] . "'"); tep_mail($check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'], $email_address, EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); $messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success'); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } else { $messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND); } } $breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_LOGIN, '', 'SSL')); $breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'SSL')); require DIR_WS_INCLUDES . 'template_top.php'; ?> <?php
function before_process() { global $HTTP_GET_VARS, $HTTP_POST_VARS, $sagepay_server_skey_code, $sagepay_server_transaction_details, $sage_pay_server_nexturl, $customer_id, $order, $currency, $order_totals, $cartID; $sagepay_server_transaction_details = null; $error = null; if (isset($HTTP_GET_VARS['check']) && $HTTP_GET_VARS['check'] == 'PROCESS') { if (isset($HTTP_GET_VARS['skcode']) && tep_session_is_registered('sagepay_server_skey_code') && $HTTP_GET_VARS['skcode'] == $sagepay_server_skey_code) { $skcode = tep_db_prepare_input($HTTP_GET_VARS['skcode']); $sp_query = tep_db_query('select verified, transaction_details from sagepay_server_securitykeys where code = "' . tep_db_input($skcode) . '" limit 1'); if (tep_db_num_rows($sp_query)) { $sp = tep_db_fetch_array($sp_query); tep_session_unregister('sagepay_server_skey_code'); tep_db_query('delete from sagepay_server_securitykeys where code = "' . tep_db_input($skcode) . '"'); if ($sp['verified'] == '1') { $sagepay_server_transaction_details = $sp['transaction_details']; return true; } } } } else { if (!tep_session_is_registered('sagepay_server_skey_code')) { tep_session_register('sagepay_server_skey_code'); $sagepay_server_skey_code = tep_create_random_value(16); } $params = array('VPSProtocol' => $this->api_version, 'ReferrerID' => 'C74D7B82-E9EB-4FBD-93DB-76F0F551C802', 'Vendor' => substr(MODULE_PAYMENT_SAGE_PAY_SERVER_VENDOR_LOGIN_NAME, 0, 15), 'VendorTxCode' => substr(date('YmdHis') . '-' . $customer_id . '-' . $cartID, 0, 40), 'Amount' => $this->format_raw($order->info['total']), 'Currency' => $currency, 'Description' => substr(STORE_NAME, 0, 100), 'NotificationURL' => $this->formatURL(tep_href_link('ext/modules/payment/sage_pay/server.php', 'check=SERVER&skcode=' . $sagepay_server_skey_code, 'SSL', false)), 'BillingSurname' => substr($order->billing['lastname'], 0, 20), 'BillingFirstnames' => substr($order->billing['firstname'], 0, 20), 'BillingAddress1' => substr($order->billing['street_address'], 0, 100), 'BillingCity' => substr($order->billing['city'], 0, 40), 'BillingPostCode' => substr($order->billing['postcode'], 0, 10), 'BillingCountry' => $order->billing['country']['iso_code_2'], 'BillingPhone' => substr($order->customer['telephone'], 0, 20), 'DeliverySurname' => substr($order->delivery['lastname'], 0, 20), 'DeliveryFirstnames' => substr($order->delivery['firstname'], 0, 20), 'DeliveryAddress1' => substr($order->delivery['street_address'], 0, 100), 'DeliveryCity' => substr($order->delivery['city'], 0, 40), 'DeliveryPostCode' => substr($order->delivery['postcode'], 0, 10), 'DeliveryCountry' => $order->delivery['country']['iso_code_2'], 'DeliveryPhone' => substr($order->customer['telephone'], 0, 20), 'CustomerEMail' => substr($order->customer['email_address'], 0, 255), 'Apply3DSecure' => '0'); $ip_address = tep_get_ip_address(); if (ip2long($ip_address) != -1 && ip2long($ip_address) != false) { $params['ClientIPAddress'] = $ip_address; } if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Payment') { $params['TxType'] = 'PAYMENT'; } elseif (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Deferred') { $params['TxType'] = 'DEFERRED'; } else { $params['TxType'] = 'AUTHENTICATE'; } if ($params['BillingCountry'] == 'US') { $params['BillingState'] = tep_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], ''); } if ($params['DeliveryCountry'] == 'US') { $params['DeliveryState'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], ''); } if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE != 'Normal') { $params['Profile'] = 'LOW'; } $contents = array(); foreach ($order->products as $product) { $product_name = $product['name']; if (isset($product['attributes'])) { foreach ($product['attributes'] as $att) { $product_name .= '; ' . $att['option'] . '=' . $att['value']; } } $contents[] = str_replace(array(':', "\n", "\r", '&'), '', $product_name) . ':' . $product['qty'] . ':' . $this->format_raw($product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price'] + $product['final_price']) . ':' . $this->format_raw(($product['tax'] / 100 * $product['final_price'] + $product['final_price']) * $product['qty']); } foreach ($order_totals as $ot) { $contents[] = str_replace(array(':', "\n", "\r", '&'), '', strip_tags($ot['title'])) . ':---:---:---:---:' . $this->format_raw($ot['value']); } $params['Basket'] = substr(sizeof($contents) . ':' . implode(':', $contents), 0, 7500); $post_string = ''; foreach ($params as $key => $value) { $post_string .= $key . '=' . urlencode(trim($value)) . '&'; } if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_SERVER == 'Live') { $gateway_url = 'https://live.sagepay.com/gateway/service/vspserver-register.vsp'; } else { $gateway_url = 'https://test.sagepay.com/gateway/service/vspserver-register.vsp'; } $transaction_response = $this->sendTransactionToGateway($gateway_url, $post_string); $string_array = explode(chr(10), $transaction_response); $return = array(); foreach ($string_array as $string) { if (strpos($string, '=') != false) { $parts = explode('=', $string, 2); $return[trim($parts[0])] = trim($parts[1]); } } if ($return['Status'] == 'OK') { $sp_query = tep_db_query('select id, securitykey from sagepay_server_securitykeys where code = "' . tep_db_input($sagepay_server_skey_code) . '" limit 1'); if (tep_db_num_rows($sp_query)) { $sp = tep_db_fetch_array($sp_query); if ($sp['securitykey'] != $return['SecurityKey']) { tep_db_query('update sagepay_server_securitykeys set securitykey = "' . tep_db_input($return['SecurityKey']) . '", date_added = now() where id = "' . (int) $sp['id'] . '"'); } } else { tep_db_query('insert into sagepay_server_securitykeys (code, securitykey, date_added) values ("' . tep_db_input($sagepay_server_skey_code) . '", "' . tep_db_input($return['SecurityKey']) . '", now())'); } if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE == 'Normal') { tep_redirect($return['NextURL']); } else { if (!tep_session_is_registered('sage_pay_server_nexturl')) { tep_session_register('sage_pay_server_nexturl'); } $sage_pay_server_nexturl = $return['NextURL']; tep_redirect(tep_href_link('ext/modules/payment/sage_pay/checkout.php', '', 'SSL')); } } else { $error = $this->getErrorMessageNumber($return['StatusDetail']); $this->sendDebugEmail($return); } } tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . (tep_not_null($error) ? '&error=' . $error : ''), 'SSL')); }
$balance_currency = $checkout_currency; //dv tien $batch_number = tep_create_random_value(11, 'digits'); $amount_text = $balance; } elseif ($step == 'complete') { $smarty->assign('master_key', $master_key); //get banlance $currencies_query = db_query("select currency_code, balance value from " . _TABLE_USER_BALANCE . " where user_id='{$login_userid}' and currency_code='{$checkout_currency}'"); $curency = db_fetch_array($currencies_query); $to_userid = $user_to_info['user_id']; $to_account = $payee_account; $transaction_memo = db_prepare_input($_POST['transaction_memo']); $amount = (double) $checkout_amount; $balance_currency = $checkout_currency; //dv tien $batch_number = tep_create_random_value(11, 'digits'); $amount_text = $balance; if ($checkout_amount > $curency['value']) { $error_code[] = 'ERR_001'; $smarty->assign('errors', $error_code); $smarty->assign('error_code', $__ERROR_CODE); } else { $transaction_data_array = array('from_userid' => $login_userid, 'batch_number' => $batch_number, 'to_userid' => $to_userid, 'amount' => $amount, 'transaction_time' => date('YmdHis'), 'transaction_memo' => $transaction_memo, 'from_account' => $login_account_number, 'to_account' => $to_account, 'transaction_currency' => $balance_currency, 'amount_text' => $amount_text, 'transaction_status' => 'completed'); db_perform(_TABLE_TRANSACTIONS, $transaction_data_array); $transaction_id = db_insert_id(); $transaction_history_array = array('from_userid' => $login_userid, 'batch_number' => $transaction_data_array['batch_number'], 'transaction_id' => $transaction_id, 'to_userid' => $to_userid, 'amount' => $amount, 'transaction_time' => date('YmdHis'), 'transaction_memo' => $transaction_memo, 'from_account' => $login_account_number, 'to_account' => $to_account, 'transaction_currency' => $balance_currency, 'amount_text' => $amount_text, 'transaction_status' => 'completed', 'description' => '', 'fail_url' => $fail_url, 'cancel_url' => $cancel_url, 'status_url' => $status_url, 'success_url' => $success_url, 'extra_fields' => serialize($extra_fields), 'status_method' => $status_method); db_perform(_TABLE_TRANSACTIONS_HISTOTY, $transaction_history_array); $history_id = db_insert_id(); $smarty->assign('status_transaction', 'completed'); $smarty->assign('transaction', $transaction_history_array); // deduce balance of the from account
osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2005 osCommerce Released under the GNU General Public License */ require 'includes/application_top.php'; require DIR_WS_LANGUAGES . $osC_Session->value('language') . '/' . FILENAME_PASSWORD_FORGOTTEN; if (isset($_GET['action']) && $_GET['action'] == 'process') { $Qcheck = $osC_Database->query('select customers_id, customers_firstname, customers_lastname, customers_password from :table_customers where customers_email_address = :customers_email_address'); $Qcheck->bindTable(':table_customers', TABLE_CUSTOMERS); $Qcheck->bindValue(':customers_email_address', $_POST['email_address']); $Qcheck->execute(); if ($Qcheck->numberOfRows()) { $new_password = tep_create_random_value(ACCOUNT_PASSWORD); $Qupdate = $osC_Database->query('update :table_customers set customers_password = :customers_password where customers_id = :customers_id'); $Qupdate->bindTable(':table_customers', TABLE_CUSTOMERS); $Qupdate->bindValue(':customers_password', tep_encrypt_password($new_password)); $Qupdate->bindInt(':customers_id', $Qcheck->valueInt('customers_id')); $Qupdate->execute(); tep_mail($Qcheck->valueProtected('customers_firstname') . ' ' . $Qcheck->valueProtected('customers_lastname'), $_POST['email_address'], EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); $messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success'); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } else { $messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND); } } $breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_LOGIN, '', 'SSL')); $breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'SSL')); ?>
$myX = rand(1, 148); $myY = rand(1, 58); imageline($image_handle, $myX, $myY, $myX + rand(-5, 5), $myY + rand(-5, 5), $rndm); } if ($_GET['load'] == 'notrefresh' && tep_session_is_registered('secure_image_hash_string')) { for ($x = 0; $x <= strlen($secure_image_hash_string); $x++) { $dark = imagecolorallocate($image_handle, rand(5, 128), rand(5, 128), rand(5, 128)); $capChar = $secure_image_hash_string[$x]; $fs = rand(20, 26); $myX = 15 + ($x * 28 + rand(-5, 5)); $myY = rand($fs + 2, 55); $angle = rand(-30, 30); ImageTTFText($image_handle, $fs, $angle, $myX, $myY, $dark, $fontName, $capChar); } } else { $myCryptBase = tep_create_random_value(50, 'digits'); $secure_image_hash_string = ""; for ($x = 0; $x <= 4; $x++) { $dark = imagecolorallocate($image_handle, rand(5, 128), rand(5, 128), rand(5, 128)); $capChar = substr($myCryptBase, rand(1, 35), 1); $secure_image_hash_string .= $capChar; $fs = rand(20, 26); $myX = 15 + ($x * 28 + rand(-5, 5)); $myY = rand($fs + 2, 55); $angle = rand(-30, 30); ImageTTFText($image_handle, $fs, $angle, $myX, $myY, $dark, $fontName, $capChar); } } header("Content-type: image/jpeg"); imagejpeg($image_handle, "", 95); imagedestroy($image_handle);
function generate_account_number() { while (true) { $new_account_number = tep_create_random_value(7, 'digits'); //check if the account number is existed $check_account_number = db_fetch_array(db_query("SELECT count(*) as total FROM " . _TABLE_USERS . " WHERE account_number='" . $new_account_number . "'")); if ($check_account_number['total'] == 0) { return $new_account_number; } } }
public function transfer() { $this->load->model('email_model'); $login_id = $this->session->userdata('login_id'); if (!$this->user_session && !$login_id) { redirect(site_url('login')); } if ($this->user_session) { $user_info = $this->user_session; } else { $user_info = $this->user->getUserById($login_id); } $this->data['success'] = $this->input->get('success'); $currencies_array = $this->currencies->getCurrencies(); $balance_currencies[''] = '-- Select Currency --'; $balances = $this->wallet->getBalanceByUserId($user_info['user_id']); $balances_array = array(); foreach ($balances as $balance) { $balances_array[$balance['currency_code']] = $balance['balance']; } $balance_currencies = array(); foreach ($currencies_array as $currency_code => $currency_info) { $balance_currencies[$currency_info['code']] = $currency_info['title'] . ' (' . get_currency_value_format(!empty($balances_array[$currency_info['code']]) ? $balances_array[$currency_info['code']] : 0, $currency_info) . ')'; } $this->assign('balance_currencies', $balance_currencies); $posts = $this->input->post(); if ($posts) { $balance_currency = $posts['balance_currency']; $amount = $posts['amount']; if ($balance_currency == '') { $this->validator->addError('Currency', 'Please select the currency of balance that you want to use for the transaction.'); } if ($amount <= 0) { $this->validator->addError('Amount', 'Please input correct Amount .'); } else { // check if out of balance if ($amount > $balances_array[$balance_currency]) { $this->validator->addError('Balance', 'You have not enough balance to transfer the amount(<strong>' . get_currency_value_format($amount, $currencies_array[$balance_currency]) . '</strong>). Please input difference amount.'); } } $to_account = $posts['to_account']; $to_user_info = $this->user->getUser(array('account_number' => $posts['to_account'])); if (!$to_user_info) { $this->validator->addError('Account Number', 'Invalid account number. Please input correct account number of the user that you want to transfer to.'); } elseif (trim($to_account) == $user_info['account_number']) { $this->validator->addError('Account Number', 'Invalid account number. Please input correct account number of the user that you want to transfer to.'); } if (count($this->validator->errors) == 0) { $batch_number = tep_create_random_value(11, 'digits'); $amount_text = get_currency_value_format($amount, $currencies_array[$balance_currency]); $transaction_memo = ''; $fees = $amount * $this->configs['TRANSFER_FEES'] / 100; $fees_text = get_currency_value_format($fees, $currencies_array[$balance_currency]); $amount = get_currency_value($amount, $currencies_array[$balance_currency]); $fees = get_currency_value($fees, $currencies_array[$balance_currency]); $current_amount = $amount - $fees; $transaction_data_array = array('from_userid' => $user_info['user_id'], 'batch_number' => $batch_number, 'to_userid' => $to_user_info['user_id'], 'amount' => $amount, 'fee' => $fees, 'fee_text' => $fees_text, 'transaction_time' => date('YmdHis'), 'transaction_memo' => $transaction_memo, 'from_account' => $user_info['account_number'], 'to_account' => $to_user_info['account_number'], 'transaction_currency' => $balance_currency, 'amount_text' => $amount_text, 'transaction_status' => 'completed'); $this->data['transaction_data'] = $transaction_data_array; $this->transaction->insert($transaction_data_array); $balanceFrom = array('user_id' => $user_info['user_id'], 'currency_code' => $balance_currency); $this->wallet->updateWallet($balanceFrom, $amount, '-'); $balanceTo = array('user_id' => $to_user_info['user_id'], 'currency_code' => $balance_currency); $this->balance->updateBalance($balanceTo, $current_amount, '+'); //admin transfer $batch_number_admin = tep_create_random_value(11, 'digits'); $transaction_data_array_admin = array('from_userid' => $to_user_info['user_id'], 'batch_number' => $batch_number_admin, 'to_userid' => 1, 'amount' => $fees, 'fee' => 0, 'transaction_time' => date('YmdHis'), 'transaction_memo' => 'transaction fees #' . $batch_number, 'from_account' => $to_user_info['account_number'], 'to_account' => 'OOKCASH', 'transaction_currency' => $balance_currency, 'amount_text' => $fees_text, 'transaction_status' => 'completed', 'status' => '0'); $this->transaction->insert($transaction_data_array_admin); $balanceAdmin = array('user_id' => 1, 'currency_code' => $balance_currency); $this->balance->updateBalance($balanceAdmin, $fees, '+'); $dataEmail = array('firstname' => $to_user_info['firstname'], 'amount_text' => $amount_text, 'batch_number' => $batch_number, 'balance_currency' => $balance_currency, 'from_account' => $user_info['account_number'], 'fees_text' => $fees_text); $this->email_model->sendmail('TRANSFER_EMAIL', $to_user_info['firstname'], $to_user_info['email'], $dataEmail); redirect(site_url('wallet/transfer') . '?success=1'); } else { $this->data['validerrors'] = $this->validator->errors; } } $this->data['posts'] = $posts; $this->view('wallet/transfer'); }
} } else { $validator->addError('Turing Number', ERROR_SECURE_CODE_WRONG); } if (count($validator->errors) == 0) { // found email => send account number to the email $account_info = db_fetch_array(db_query($sql_check_info)); $session_account_number = $account_number; $session_email = $email; tep_session_register('session_account_number'); tep_session_register('session_email'); $email_info = get_email_template('RESET_PASSWORD_CODE'); $security_question = $account_info['account_info']; //$firstname = $user_info['firstname']; $msg_subject = $email_info['emailtemplate_subject']; $reset_code = tep_create_random_value(10, 'digits'); //-----------------add by donghp 27/03/2012---------------------- $user_id = $account_info['user_id']; $q = db_query("UPDATE users SET reset_code = '" . $reset_code . "' WHERE user_id = {$user_id}"); //---------------------------------------------------------------- $msg_content = str_replace(array('[firstname]', '[reset_code]'), array($account_info['firstname'], $reset_code), $email_info['emailtemplate_content']); $msg_content = html_entity_decode($msg_content); //add by donghp 26/03/2012 tep_mail($account_info['firstname'] . ' ' . $account_info['lastname'], $email, $msg_subject, $msg_content, SITE_NAME, SITE_CONTACT_EMAIL); $resetcode_sent = true; } else { postAssign($smarty); } if ($resetcode_sent) { $sql = "SELECT user_id, firstname, lastname,security_question,account_number FROM " . _TABLE_USERS . " WHERE (email='" . $email . "') and (account_number='" . $account_number . "')"; $account = db_fetch_array(db_query($sql));
$login_useremail = $user_info['email']; tep_session_register('login_userid'); tep_session_register('login_account_number'); tep_session_register('login_useremail'); // set cookies for autologin if ($_POST['remember_me']) { tep_setcookie("account_number", $account_number, time() + 60 * 60 * 24 * 100, HTTP_COOKIE_PATH, HTTP_COOKIE_DOMAIN); tep_setcookie("password", $login_password, time() + 60 * 60 * 24 * 100, HTTP_COOKIE_PATH, HTTP_COOKIE_DOMAIN); } $current_ip = get_client_ip(); $mss_flag = false; if ($user_info['verification_status'] == 1 && $current_ip != $user_info['verification_ip']) { $mss_flag = true; } if ($mss_flag) { $verification_key = tep_create_random_value(10, 'digits'); $signup_data_array['verification_key'] = $verification_key; db_perform(_TABLE_USERS, $signup_data_array, 'update', " user_id='" . $user_info['user_id'] . "' "); $email_info = get_email_template('VERIFYCATION_KEY'); $msg_subject = $email_info['emailtemplate_subject']; $msg_content = str_replace(array('[firstname]', '[verification_key]'), array($user_info['firstname'], $verification_key), $email_info['emailtemplate_content']); $msg_content = html_entity_decode($msg_content); tep_mail($user_info['firstname'] . ' ' . $user_info['lastname'], $user_info['email'], $msg_subject, $msg_content, SITE_NAME, SITE_CONTACT_EMAIL); } if (sizeof($navigation->snapshot) > 0) { $origin_href = get_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']); $navigation->clear_snapshot(); tep_redirect($origin_href, '', 'SSL'); } else { tep_redirect(get_href_link(PAGE_LOGIN_CONFIRM, '', 'SSL')); }
if (defined('MODULE_ADDONS_BUYSAFE_STATUS') && MODULE_ADDONS_BUYSAFE_STATUS == 'True') { if ($cart->count_contents() > 0) { if (basename($_SERVER['PHP_SELF']) == 'shopping_cart.php' || basename($_SERVER['PHP_SELF']) == 'checkout_confirmation.php' || basename($_SERVER['PHP_SELF']) == 'checkout_process.php') { require_once DIR_WS_CLASSES . 'buysafe.php'; $buysafe_module = new buysafe_class(); $session_WantsBond = isset($_SESSION['WantsBond']) ? $_SESSION['WantsBond'] : ''; $WantsBond = isset($_POST['WantsBond']) ? $_POST['WantsBond'] : $session_WantsBond; if (!isset($_SESSION['cre_buySafe_unique_CartId'])) { $_SESSION['cre_buySafe_unique_CartId'] = ''; } if ($_SESSION['cre_buySafe_unique_CartId'] == '') { $timeStamp = strtotime('now'); $cre_buySafe_unique_cart_id = $timeStamp . $_SERVER['REMOTE_ADDR']; $cre_buySafe_unique_cart_id = str_replace('.', '', $cre_buySafe_unique_cart_id); // unique format = timestamp + remote_address + mixed random $_SESSION['cre_buySafe_unique_CartId'] = MODULE_ADDONS_BUYSAFE_CART_PREFIX . '-' . $cre_buySafe_unique_cart_id . tep_create_random_value(6); } $buysafe_params = array('WantsBond' => $WantsBond ? $WantsBond : 'false', 'buysafe_cart_id' => $_SESSION['cre_buySafe_unique_CartId'] ? $_SESSION['cre_buySafe_unique_CartId'] : ''); $buysafe_result = $buysafe_module->call_api('AddUpdateShoppingCart', $buysafe_params); if (is_array($buysafe_result)) { $WantsBond = $buysafe_result['BondCostDisplayText'] != '' ? true : false; $_SESSION['WantsBond'] = $WantsBond; if (defined('MODULE_ADDONS_BUYSAFE_DEBUG') && MODULE_ADDONS_BUYSAFE_DEBUG == true) { if (tep_not_null($buysafe_result['faultstring'])) { $messageStack->add('header', 'buySAFE fault: ' . $buysafe_result['faultstring'], 'error'); } } } } } }
function help_desk_parsepart($p, $i, $link, $msgid, &$partsarray, &$attachments_array) { //global $link, $msgid,$partsarray; //where to write file attachments to: $filestore = DIR_FS_ADMIN . HELPDESK_ATTACHMENTS_FOLDER; //fetch part $part = imap_fetchbody($link, $msgid, $i); //if type is not text if ($p->type != 0 || $p->type == 0 && isset($p->disposition)) { //if ($p->type != 0 ) { //DECODE PART switch ($p->encoding) { case 3: //decode if base64 $part = base64_decode($part); break; case 4: //decode if quoted printable $part = quoted_printable_decode($part); break; default: //no need to decode binary or 8bit! break; } //get filename of attachment if present $filename = ''; // if there are any dparameters present in this part if (isset($p->dparameters) && is_array($p->dparameters) && count($p->dparameters) > 0) { foreach ($p->dparameters as $dparam) { if (strtoupper($dparam->attribute) == 'NAME' || strtoupper($dparam->attribute) == 'FILENAME') { $filename = $dparam->value; } } } //if no filename found if ($filename == '') { // if there are any parameters present in this part if (isset($p->parameters) && is_array($p->parameters) && count($p->parameters) > 0) { foreach ($p->parameters as $param) { if (strtoupper($param->attribute) == 'NAME' || strtoupper($param->attribute) == 'FILENAME') { $filename = $param->value; } } } } //write to disk and set partsarray variable if ($filename != '') { $filename = helpdesk_decode_string($filename); $filename = basename(strtolower($filename)); $filename = tep_create_safe_string($filename, '-', '/[^0-9a-z_\\-\\.]+/'); if (strlen($filename) < 5) { $filename = tep_create_random_value(32, 'mixed_lower'); } $partsarray[$i]['attachment'] = array('filename' => $filename, 'binary' => $part); $index = 0; $org_filename = $filename; while (is_file($filestore . $filename)) { $index++; $filename = 'copy' . $index . '-' . $org_filename; } $fp = fopen($filestore . $filename, "w+"); if (!$fp) { echo '<div class="messageStackError">' . sprintf(ERROR_WRITE_ATTACHMENT, $filestore) . '</div>'; } else { echo '<div class="linepad heavy">' . sprintf(TEXT_INFO_ATTACHMENT_WRITE, $filestore . $filename) . '</div>'; fwrite($fp, $part); fclose($fp); if (!in_array($filename, $attachments_array)) { $attachments_array[] = $filename; } } } //end if type!=0 //elseif part is text } elseif ($p->type == 0) { //decode text //if QUOTED-PRINTABLE if ($p->encoding == 4) { $part = quoted_printable_decode($part); } //if base 64 if ($p->encoding == 3) { $part = base64_decode($part); } //OPTIONAL PROCESSING e.g. nl2br for plain text //if plain text if (strtoupper($p->subtype) == 'PLAIN') { 1; //if HTML } elseif (strtoupper($p->subtype) == 'HTML') { 1; } $partsarray[$i]['text'] = array('type' => $p->subtype, 'string' => $part); } //if subparts... recurse into function and parse them too! if (isset($p->parts) && count($p->parts) > 0) { foreach ($p->parts as $pno => $parr) { help_desk_parsepart($parr, $i . '.' . ($pno + 1), $link, $msgid, $partsarray, $attachments_array); } } return; }
public function complete() { if (!$this->user_session) { redirect(site_url('login')); } $sci_info = $this->session->userdata('sci'); if ($sci_info['master_key'] != $this->user_session['master_key']) { redirect('sci/transfer'); } if (!$sci_info || empty($sci_info['checkout_currency'])) { $this->validator->addError('SCI Information', 'You haven\'t yet input sci info'); $this->assign('validerrors', $this->validator->errors); } else { $this->data['sci_info'] = $sci_info; $sci_user = $this->user->getUser(array('account_number' => $sci_info['payee_account'])); if (!$sci_user) { redirect(site_url('transfer')); } $this->data['sci_user'] = $sci_user; $posts = $this->input->post(); $balance_current = $this->balance->getBalance(array('user_id' => $this->user_session['user_id'], 'currency_code' => $sci_info['checkout_currency'])); if ($posts) { if (empty($sci_info['checkout_amount']) || $sci_info['checkout_amount'] <= 0) { $this->validator->addError('Amount', 'Amount greater than 0'); } else { if ($sci_info['checkout_amount'] > $balance_current['balance']) { $this->validator->addError('Amount', 'You don\'t have enough money to transfer'); } } $batch_number = tep_create_random_value(11, 'digits'); if (count($this->validator->errors) == 0) { $transaction_data_array = array('from_userid' => $this->user_session['user_id'], 'batch_number' => $batch_number, 'to_userid' => $sci_user['user_id'], 'amount' => $sci_info['checkout_amount'], 'fee' => $sci_info['fees'], 'fee_text' => $sci_info['fees_text'], 'transaction_time' => date('YmdHis'), 'transaction_memo' => $sci_info['transaction_memo'], 'from_account' => $this->user_session['account_number'], 'to_account' => $sci_user['account_number'], 'transaction_currency' => $sci_info['checkout_currency'], 'amount_text' => $sci_info['balance'], 'transaction_status' => 'completed'); $this->data['transaction_data'] = $transaction_data_array; $transaction_id = $this->transaction->insert($transaction_data_array); $history = array('from_userid' => $this->user_session['user_id'], 'batch_number' => $batch_number, 'transaction_id' => $transaction_id, 'to_userid' => $sci_user['user_id'], 'amount' => $sci_info['checkout_amount'], 'fee' => $sci_info['fees'], 'fee_text' => $sci_info['fees_text'], 'transaction_time' => date('YmdHis'), 'transaction_memo' => $sci_info['transaction_memo'], 'from_account' => $this->user_session['account_number'], 'to_account' => $sci_user['account_number'], 'transaction_currency' => $sci_info['checkout_currency'], 'amount_text' => $sci_info['balance'], 'transaction_status' => 'completed', 'description' => '', 'fail_url' => $sci_info['fail_url'], 'cancel_url' => $sci_info['cancel_url'], 'status_url' => $sci_info['status_url'], 'success_url' => $sci_info['success_url'], 'extra_fields' => serialize($sci_info['extra_field']), 'status_method' => $sci_info['status_method']); if (!empty($history['status_url'])) { $current_transaction = $this->transaction->getTransactionById($transaction_id); $dataPost = array('payee_account' => $current_transaction['to_account'], 'payer_account' => $current_transaction['from_account'], 'checkout_amount' => $current_transaction['amount'], 'checkout_currency' => $current_transaction['transaction_currency'], 'batch_number' => $current_transaction['batch_number'], 'transaction_status' => $current_transaction['transaction_status'], 'transaction_currency' => $current_transaction['transaction_currency']); if ($history['status_method'] == 'GET') { $results = curl_get(base64_decode($history['status_url']), $dataPost); } else { $results = curl_post(base64_decode($history['status_url']), $dataPost); } if ($results) { if (preg_match("/SUCCESS/i", $results)) { $this->assign('url', base64_decode($history['success_url'])); $this->assign('success', true); } elseif (preg_match("/ERROR/i", $results) && !empty($history['fail_url'])) { $this->assign('url', base64_decode($history['fail_url'])); $this->assign('success', FALSE); } } else { $history_id = $this->transaction->insertHistory($history); } } else { $this->assign('url', base64_decode($history['success_url'])); $this->assign('success', true); } $current_amount = $sci_info['checkout_amount'] - $sci_info['fees']; $balanceFrom = array('user_id' => $this->user_session['user_id'], 'currency_code' => $sci_info['checkout_currency']); $this->balance->updateBalance($balanceFrom, $sci_info['checkout_amount'], '-'); $balanceTo = array('user_id' => $sci_user['user_id'], 'currency_code' => $sci_info['checkout_currency']); $this->balance->updateBalance($balanceTo, $current_amount, '+'); //admin transfer $batch_number_admin = tep_create_random_value(11, 'digits'); $transaction_data_array_admin = array('from_userid' => $sci_user['user_id'], 'batch_number' => $batch_number_admin, 'to_userid' => 1, 'amount' => $sci_info['fees'], 'fee' => 0, 'transaction_time' => date('YmdHis'), 'transaction_memo' => 'transaction fees #' . $batch_number, 'from_account' => $sci_user['account_number'], 'to_account' => 'OOKCASH', 'transaction_currency' => $sci_info['checkout_currency'], 'amount_text' => $sci_info['fees_text'], 'transaction_status' => 'completed', 'status' => '0'); $this->transaction->insert($transaction_data_array_admin); $balanceAdmin = array('user_id' => 1, 'currency_code' => $sci_info['checkout_currency']); $this->balance->updateBalance($balanceAdmin, $sci_info['fees'], '+'); $this->load->model('email_model'); $dataEmail = array('firstname' => $sci_user['firstname'], 'amount_text' => $sci_info['fees_text'], 'batch_number' => $batch_number, 'balance_currency' => $sci_info['checkout_currency'], 'from_account' => $this->user_session['account_number'], 'fees_text' => $sci_info['fees_text']); // $this->email_model->sendmail('TRANSFER_EMAIL', $sci_user['firstname'], $sci_user['email'], $dataEmail); $this->session->unset_userdata('sci'); $this->data['success'] = true; } else { $this->assign('validerrors', $this->validator->errors); } } } $this->view('sci/complete'); }