public function index()
 {
     ob_clean();
     $image_handle = imagecreatetruecolor(150, 60);
     $white = imagecolorallocate($image_handle, 255, 255, 255);
     $rndm = imagecolorallocate($image_handle, rand(64, 192), rand(64, 192), rand(64, 192));
     imagefill($image_handle, 0, 0, $white);
     $fontName = PUBLICPATH . "/fonts/elephant.ttf";
     $myX = 15;
     $myY = 30;
     $angle = 0;
     for ($x = 0; $x <= 100; $x++) {
         $myX = rand(1, 148);
         $myY = rand(1, 58);
         imageline($image_handle, $myX, $myY, $myX + rand(-5, 5), $myY + rand(-5, 5), $rndm);
     }
     $myCryptBase = tep_create_random_value(50, 'digits');
     $secure_image_hash_string = "";
     for ($x = 0; $x <= 4; $x++) {
         $dark = imagecolorallocate($image_handle, rand(5, 128), rand(5, 128), rand(5, 128));
         $capChar = substr($myCryptBase, rand(1, 35), 1);
         $secure_image_hash_string .= $capChar;
         $fs = rand(20, 26);
         $myX = 15 + ($x * 28 + rand(-5, 5));
         $myY = rand($fs + 2, 55);
         $angle = rand(-30, 30);
         ImageTTFText($image_handle, $fs, $angle, $myX, $myY, $dark, $fontName, $capChar);
     }
     $this->session->set_userdata('secure_image_hash_string', $secure_image_hash_string);
     header("Content-type: image/jpeg");
     imagejpeg($image_handle, "", 95);
     imagedestroy($image_handle);
     die;
 }
Example #2
0
 public function index()
 {
     $error_log_login = $this->session->userdata('error_log_login');
     if (!$error_log_login) {
         $error_log_login = 0;
     }
     $login_id = $this->session->userdata('login_id');
     if ($login_id) {
         redirect(site_url('login/comfirm'));
     }
     $user_session = $this->session->userdata('user');
     if ($user_session) {
         redirect(site_url('home'));
     }
     $posts = $this->input->post();
     if ($posts) {
         $account_number = $posts['account_number'];
         $login_password = $posts['password'];
         $security_code = !empty($posts['security_code']) ? $posts['security_code'] : false;
         if (!empty($error_log_login) && $error_log_login > 3) {
             $secure_image_hash_string = $this->session->userdata('secure_image_hash_string');
             if ($security_code != $secure_image_hash_string) {
                 $this->validator->addError('Turing Number', ERROR_SECURE_CODE_WRONG);
             }
         }
         $this->validator->validateGeneral('Account Number', $account_number, _ERROR_FIELD_EMPTY);
         $this->validator->validateGeneral('Password', $login_password, _ERROR_FIELD_EMPTY);
         if (count($this->validator->errors) == 0) {
             $user = $this->user->checkLogin($account_number, $login_password);
             if (!$user) {
                 $this->validator->addError('Account Number/Password', ERROR_INVALID_ACCOUNT);
                 $error_log_login++;
                 $this->session->set_userdata('error_log_login', $error_log_login);
                 $this->data['validerrors'] = $this->validator->errors;
             } else {
                 $this->session->set_userdata('login_id', $user['user_id']);
                 $current_ip = get_client_ip();
                 if ($user['verification_status'] == 1 && $current_ip != $user['verification_ip']) {
                     $verification_key = tep_create_random_value(10, 'digits');
                     $signup_data_array['verification_key'] = $verification_key;
                     $this->user->update($user['user_id'], $signup_data_array);
                     $this->load->model('email_model');
                     $this->email_model->sendmail('VERIFYCATION_KEY', $user['firstname'], $user['email'], $user);
                 }
                 redirect(site_url('login/comfirm'));
             }
         } else {
             $error_log_login++;
             $this->session->set_userdata('error_log_login', $error_log_login);
             $this->data['validerrors'] = $this->validator->errors;
         }
     }
     $this->data['error_log_login'] = $error_log_login;
     $this->view('login/index');
 }
 function create_temp_customer($customer_info)
 {
     global $customer_id, $customer_first_name, $customer_default_address_id, $customer_country_id, $customer_zone_id, $billto, $sendto;
     $query = tep_db_query("SELECT c.customers_id as customer_id, c.customers_firstname, c.customers_default_address_id as customer_default_address_id, ab.entry_country_id as customer_country_id, ab.entry_zone_id as customer_zone_id FROM " . TABLE_CUSTOMERS . " c, " . TABLE_ADDRESS_BOOK . " ab WHERE c.customers_id = ab.customers_id AND c.customers_default_address_id = ab.address_book_id AND c.customers_email_address = '" . $customer_info['EMAIL'] . "'");
     if (tep_db_num_rows($query) > 0) {
         $data = tep_db_fetch_array($query);
         $customer_id = $data['customer_id'];
         $customer_first_name = $data['customer_first_name'];
         $customer_default_address_id = $data['customer_default_address_id'];
         $customer_country_id = $data['customer_country_id'];
         $customer_zone_id = $data['customer_zone_id'];
     } else {
         $_SESSION['temp_password'] = tep_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
         $sql_data_array = array('customers_firstname' => $customer_info['FIRSTNAME'], 'customers_lastname' => $customer_info['LASTNAME'], 'customers_email_address' => $customer_info['EMAIL'], 'customers_validation' => '1', 'customers_password' => tep_encrypt_password($_SESSION['temp_password']));
         tep_db_perform(TABLE_CUSTOMERS, $sql_data_array);
         $customer_id = tep_db_insert_id();
         $sql_query = tep_db_query("SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . $customer_info['SHIPTOCOUNTRYCODE'] . "'");
         if (tep_db_num_rows($sql_query) == 0) {
             $sql_query = tep_db_query("SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . $customer_info['COUNTRYCODE'] . "'");
         }
         $country = tep_db_fetch_array($sql_query);
         $customer_country_id = $country['countries_id'];
         $zone = tep_db_fetch_array(tep_db_query("SELECT zone_id FROM " . TABLE_ZONES . " WHERE zone_country_id = '" . $country['countries_id'] . "' AND zone_code = '" . $customer_info['SHIPTOSTATE'] . "'"));
         if (tep_not_null($zone['zone_id'])) {
             $customer_zone_id = $zone['zone_id'];
             $state = '';
         } else {
             $customer_zone_id = '0';
             $state = $customer_info['SHIPTOSTATE'];
         }
         $customer_first_name = $customer_info['FIRSTNAME'];
         $customer_last_name = $customer_info['LASTNAME'];
         $sql_data_array = array('customers_id' => $customer_id, 'entry_firstname' => $customer_first_name, 'entry_lastname' => $customer_last_name, 'entry_telephone' => $customer_info['PHONENUM'], 'entry_street_address' => $customer_info['SHIPTOSTREET'], 'entry_postcode' => $customer_info['SHIPTOZIP'], 'entry_city' => $customer_info['SHIPTOCITY'], 'entry_country_id' => $customer_country_id, 'entry_zone_id' => $customer_zone_id, 'entry_state' => $state);
         tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
         $customer_default_address_id = tep_db_insert_id();
         $billto = $customer_default_address_id;
         $sendto = $customer_default_address_id;
         tep_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $customer_default_address_id . "' where customers_id = '" . (int) $customer_id . "'");
         tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customer_id . "', '0', now())");
         $_SESSION['paypalxc_create_account'] = '1';
     }
     $_SESSION['customer_id'] = $customer_id;
     $_SESSION['customer_first_name'] = $customer_first_name;
     $_SESSION['customer_default_address_id'] = $customer_default_address_id;
     $_SESSION['customer_country_id'] = $customer_country_id;
     $_SESSION['customer_zone_id'] = $customer_zone_id;
 }
Example #4
0
 function generate()
 {
     extract(tep_load('http_validator', 'database'));
     $result = false;
     $laddress = $http->ip_string;
     $check_query = $db->query("select count(*) as total from " . TABLE_SESSIONS . " where ip_long = '" . $db->filter($laddress) . "'");
     $check_array = $db->fetch_array($check_query);
     if ($check_array['total'] >= $this->max_ip_sessions) {
         return $result;
     }
     $this->id = tep_create_random_value(64);
     $this->new_id = $result = true;
     $http->set_cookie($this->name);
     //$http->set_cookie($this->name, $this->id, time()+$this->life);
     $http->set_cookie($this->name, $this->id, -1);
     return $result;
 }
 function init_sessions()
 {
     extract(tep_load('defs', 'database', 'http_validator', 'sessions', 'message_stack'));
     $cStrings =& $this->strings;
     $this->admin =& $cSessions->register('admin', false);
     if (!$this->admin || $cDefs->script != FILENAME_GENERIC_PAGES && $cDefs->script != FILENAME_COLLECTIONS) {
         $this->change(false);
     }
     $key = $this->options['admin_key'];
     if ($this->admin && isset($_GET[$key])) {
         $msg->add_session($cStrings->SUCCESS_ADMIN_INIT, 'success', 'header');
         $http->send_cookies();
         tep_redirect(tep_href_link());
         return true;
     }
     if (!isset($_GET[$key]) || empty($_GET[$key]) || strlen($key) != $this->options['admin_key_length'] || $this->admin) {
         return false;
     }
     $db->query("delete from " . TABLE_SESSIONS . " where expiry <= '" . time() . "'");
     $db->query("delete from " . TABLE_SESSIONS_ADMIN . " where expiry <= '" . time() . "'");
     $check_query = $db->query("select count(*) as total from " . TABLE_SESSIONS . " where sesskey = '" . $db->filter($_GET[$key]) . "' and ip_long = '" . $db->filter($http->ip_string) . "'");
     $check_array = $db->fetch_array($check_query);
     if ($check_array['total']) {
         $check_query = $db->query("select count(*) as total from " . TABLE_SESSIONS_ADMIN . " where sesskey = '" . $db->filter($_GET[$key]) . "'");
         $check_array = $db->fetch_array($check_query);
         if ($check_array['total']) {
             $db->query("delete from " . TABLE_SESSIONS . " where sesskey = '" . $db->filter($_GET[$key]) . "' and ip_long = '" . $db->filter($http->ip_string) . "'");
             $this->admin = true;
             $this->options['admin_key'] = tep_create_random_value($this->options['admin_key_length'], 'chars_lower');
             $this->save_options($this->options);
             $msg->add_session($cStrings->SUCCESS_ADMIN_INIT, 'success', 'header');
             $http->send_cookies();
             tep_redirect(tep_href_link());
         }
     }
     return true;
 }
Example #6
0
 public function index()
 {
     $posts = $this->input->post();
     if ($posts) {
         $security_code = $posts['security_code'];
         $secure_image_hash_string = $this->session->userdata('secure_image_hash_string');
         if ($security_code == $secure_image_hash_string) {
             $account_number = $posts['account_number'];
             $email = $posts['email'];
             if ($this->validator->validateEmail('E-mail', $email, ERROR_EMAIL_ADDRESS)) {
                 $account_info = $this->user->getUser(array('email' => $email, 'account_number' => $account_number));
                 if (!$account_info) {
                     // email existed
                     $this->validator->addError('Account Number/E-mail', "Invalid account number/e-mail.");
                 }
             }
         } else {
             $this->validator->addError('Turing Number', ERROR_SECURE_CODE_WRONG);
         }
         if (count($this->validator->errors) == 0) {
             // found email => send account number to the email
             $forgot_info = array('account_number' => $account_number, 'email' => $email);
             $this->session->set_userdata('forgot_info', $forgot_info);
             $reset_code = tep_create_random_value(10, 'digits');
             $dataEmail = array('firstname' => $account_info['firstname'], 'reset_code' => $reset_code);
             $this->email_model->sendmail('RESET_PASSWORD_CODE', $account_info['firstname'], $account_info['email'], $dataEmail);
             $dataUpdate['reset_code'] = $reset_code;
             $this->user->update($account_info['user_id'], $dataUpdate);
             redirect('forgot/step2');
         } else {
             $this->data['validerrors'] = $this->validator->errors;
         }
     }
     $this->data['posts'] = $posts;
     $this->view('forgot/index');
 }
 function before_process()
 {
     global $insert_id, $order;
     $address = $order->customer['email_address'] . '-' . tep_create_random_value(32);
     require_once 'bitcoin/jsonRPCClient.php';
     $bitcoin = new jsonRPCClient('http://' . MODULE_PAYMENT_BITCOIN_LOGIN . ':' . MODULE_PAYMENT_BITCOIN_PASSWORD . '@' . MODULE_PAYMENT_BITCOIN_HOST . '/');
     try {
         $bitcoin->getinfo();
     } catch (Exception $e) {
         $confirmation = array('title' => 'Error: Bitcoin server is down.  Please email system administrator regarding your order after confirmation.');
         return $confirmation;
     }
     $address = $bitcoin->getaccountaddress($address);
     $order->info['comments'] .= ' | Payment Address: ' . $address . ' | ';
     return false;
 }
Example #8
0
                $rand_value .= $char;
            }
        }
    }
    return $rand_value;
}
// Module already installed
if (defined('MODULE_PAYMENT_SOFORTUEBERWEISUNG_DIRECT_STATUS') && MODULE_PAYMENT_SOFORTUEBERWEISUNG_DIRECT_STATUS == 'True') {
    die('Modul bereits installiert<br /><a href="' . tep_href_link(FILENAME_MODULES, 'set=payment&module=sofortueberweisung_direct', 'SSL') . '">zur�ck zum ShopAdmin</a>');
}
$parameter = array();
$parameter['install'] = 'sofortueberweisung_direct';
$parameter['action'] = 'install';
$parameter['input_passwort'] = tep_create_random_value(12);
$parameter['bna_passwort'] = tep_create_random_value(12);
$parameter['cnt_passwort'] = tep_create_random_value(12);
$get_parameter = '';
$x = 0;
while (list($key, $value) = each($parameter)) {
    if (empty($value)) {
        continue;
    }
    if ($x > 0) {
        $get_parameter .= "&";
    }
    $get_parameter .= $key . "=" . urlencode($value);
    $x++;
}
$backlink = tep_href_link('ext/modules/payment/sofortueberweisung/install.php', $get_parameter);
$html_abortlink = tep_catalog_href_link('checkout_payment.php', 'payment_error=sofortueberweisung_direct&' . OSC_CATALOG_SESSION_ID . '=-KUNDEN_VAR_2-', 'SSL', false, false);
$header_redir_url = tep_catalog_href_link('checkout_process.php', OSC_CATALOG_SESSION_ID . '=-KUNDEN_VAR_2-&sovar3=-KUNDEN_VAR_3-&sovar4=-KUNDEN_VAR_3_MD5_PASS-&betrag_integer=-BETRAG_INTEGER-', 'SSL', false, false);
Example #9
0
 function install()
 {
     $result = parent::install();
     $this->options_array['admin_key'] = tep_create_random_value($this->options_array['admin_key_length'], 'chars_lower');
     $this->save_options($this->options_array);
     return $result;
 }
Example #10
0
  Copyright (c) 2012 osCommerce

  Released under the GNU General Public License
*/
require 'includes/application_top.php';
require DIR_WS_LANGUAGES . $language . '/' . FILENAME_PASSWORD_FORGOTTEN;
$password_reset_initiated = false;
if (isset($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] == 'process' && isset($HTTP_POST_VARS['formid']) && $HTTP_POST_VARS['formid'] == $sessiontoken) {
    $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
    $check_customer_query = tep_db_query("select customers_firstname, customers_lastname, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
    if (tep_db_num_rows($check_customer_query)) {
        $check_customer = tep_db_fetch_array($check_customer_query);
        $actionRecorder = new actionRecorder('ar_reset_password', $check_customer['customers_id'], $email_address);
        if ($actionRecorder->canPerform()) {
            $actionRecorder->record();
            $reset_key = tep_create_random_value(40);
            tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set password_reset_key = '" . tep_db_input($reset_key) . "', password_reset_date = now() where customers_info_id = '" . (int) $check_customer['customers_id'] . "'");
            $reset_key_url = tep_href_link(FILENAME_PASSWORD_RESET, 'account=' . urlencode($email_address) . '&key=' . $reset_key, 'SSL', false);
            if (strpos($reset_key_url, '&amp;') !== false) {
                $reset_key_url = str_replace('&amp;', '&', $reset_key_url);
            }
            tep_mail($check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'], $email_address, EMAIL_PASSWORD_RESET_SUBJECT, sprintf(EMAIL_PASSWORD_RESET_BODY, $reset_key_url), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
            $password_reset_initiated = true;
        } else {
            $actionRecorder->record(false);
            $messageStack->add('password_forgotten', sprintf(ERROR_ACTION_RECORDER, defined('MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES') ? (int) MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES : 5));
        }
    } else {
        $messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
    }
}
Example #11
0
 function generate_cart_id($length = 5)
 {
     return tep_create_random_value($length, 'digits');
 }
    function confirmation()
    {
        global $cartID, $cart_PayPal_Pro_HS_ID, $customer_id, $languages_id, $order, $order_total_modules, $currency, $sendto, $pphs_result, $pphs_key;
        $pphs_result = array();
        if (tep_session_is_registered('cartID')) {
            $insert_order = false;
            if (tep_session_is_registered('cart_PayPal_Pro_HS_ID')) {
                $order_id = substr($cart_PayPal_Pro_HS_ID, strpos($cart_PayPal_Pro_HS_ID, '-') + 1);
                $curr_check = tep_db_query("select currency from orders where orders_id = '" . (int) $order_id . "'");
                $curr = tep_db_fetch_array($curr_check);
                if ($curr['currency'] != $order->info['currency'] || $cartID != substr($cart_PayPal_Pro_HS_ID, 0, strlen($cartID))) {
                    $check_query = tep_db_query('select orders_id from orders_status_history where orders_id = "' . (int) $order_id . '" limit 1');
                    if (tep_db_num_rows($check_query) < 1) {
                        tep_db_query('delete from orders where orders_id = "' . (int) $order_id . '"');
                        tep_db_query('delete from orders_total where orders_id = "' . (int) $order_id . '"');
                        tep_db_query('delete from orders_status_history where orders_id = "' . (int) $order_id . '"');
                        tep_db_query('delete from orders_products where orders_id = "' . (int) $order_id . '"');
                        tep_db_query('delete from orders_products_attributes where orders_id = "' . (int) $order_id . '"');
                        tep_db_query('delete from orders_products_download where orders_id = "' . (int) $order_id . '"');
                    }
                    $insert_order = true;
                }
            } else {
                $insert_order = true;
            }
            if ($insert_order == true) {
                $order_totals = array();
                if (is_array($order_total_modules->modules)) {
                    foreach ($order_total_modules->modules as $value) {
                        $class = substr($value, 0, strrpos($value, '.'));
                        if ($GLOBALS[$class]->enabled) {
                            for ($i = 0, $n = sizeof($GLOBALS[$class]->output); $i < $n; $i++) {
                                if (tep_not_null($GLOBALS[$class]->output[$i]['title']) && tep_not_null($GLOBALS[$class]->output[$i]['text'])) {
                                    $order_totals[] = array('code' => $GLOBALS[$class]->code, 'title' => $GLOBALS[$class]->output[$i]['title'], 'text' => $GLOBALS[$class]->output[$i]['text'], 'value' => $GLOBALS[$class]->output[$i]['value'], 'sort_order' => $GLOBALS[$class]->sort_order);
                                }
                            }
                        }
                    }
                }
                $sql_data_array = array('customers_id' => $customer_id, 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], 'customers_company' => $order->customer['company'], 'customers_street_address' => $order->customer['street_address'], 'customers_suburb' => $order->customer['suburb'], 'customers_city' => $order->customer['city'], 'customers_postcode' => $order->customer['postcode'], 'customers_state' => $order->customer['state'], 'customers_country' => $order->customer['country']['title'], 'customers_telephone' => $order->customer['telephone'], 'customers_email_address' => $order->customer['email_address'], 'customers_address_format_id' => $order->customer['format_id'], 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'], 'delivery_company' => $order->delivery['company'], 'delivery_street_address' => $order->delivery['street_address'], 'delivery_suburb' => $order->delivery['suburb'], 'delivery_city' => $order->delivery['city'], 'delivery_postcode' => $order->delivery['postcode'], 'delivery_state' => $order->delivery['state'], 'delivery_country' => $order->delivery['country']['title'], 'delivery_address_format_id' => $order->delivery['format_id'], 'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'], 'billing_company' => $order->billing['company'], 'billing_street_address' => $order->billing['street_address'], 'billing_suburb' => $order->billing['suburb'], 'billing_city' => $order->billing['city'], 'billing_postcode' => $order->billing['postcode'], 'billing_state' => $order->billing['state'], 'billing_country' => $order->billing['country']['title'], 'billing_address_format_id' => $order->billing['format_id'], 'payment_method' => $order->info['payment_method'], 'cc_type' => $order->info['cc_type'], 'cc_owner' => $order->info['cc_owner'], 'cc_number' => $order->info['cc_number'], 'cc_expires' => $order->info['cc_expires'], 'date_purchased' => 'now()', 'orders_status' => $order->info['order_status'], 'currency' => $order->info['currency'], 'currency_value' => $order->info['currency_value']);
                tep_db_perform('orders', $sql_data_array);
                $insert_id = tep_db_insert_id();
                for ($i = 0, $n = sizeof($order_totals); $i < $n; $i++) {
                    $sql_data_array = array('orders_id' => $insert_id, 'title' => $order_totals[$i]['title'], 'text' => $order_totals[$i]['text'], 'value' => $order_totals[$i]['value'], 'class' => $order_totals[$i]['code'], 'sort_order' => $order_totals[$i]['sort_order']);
                    tep_db_perform('orders_total', $sql_data_array);
                }
                for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
                    $sql_data_array = array('orders_id' => $insert_id, 'products_id' => tep_get_prid($order->products[$i]['id']), 'products_model' => $order->products[$i]['model'], 'products_name' => $order->products[$i]['name'], 'products_price' => $order->products[$i]['price'], 'final_price' => $order->products[$i]['final_price'], 'products_tax' => $order->products[$i]['tax'], 'products_quantity' => $order->products[$i]['qty']);
                    tep_db_perform('orders_products', $sql_data_array);
                    $order_products_id = tep_db_insert_id();
                    $attributes_exist = '0';
                    if (isset($order->products[$i]['attributes'])) {
                        $attributes_exist = '1';
                        for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) {
                            if (DOWNLOAD_ENABLED == 'true') {
                                $attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename\n                                       from products_options popt, products_options_values poval, products_attributes pa\n                                       left join products_attributes_download pad\n                                       on pa.products_attributes_id=pad.products_attributes_id\n                                       where pa.products_id = '" . $order->products[$i]['id'] . "'\n                                       and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n                                       and pa.options_id = popt.products_options_id\n                                       and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n                                       and pa.options_values_id = poval.products_options_values_id\n                                       and popt.language_id = '" . $languages_id . "'\n                                       and poval.language_id = '" . $languages_id . "'";
                                $attributes = tep_db_query($attributes_query);
                            } else {
                                $attributes = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from products_options popt, products_options_values poval, products_attributes pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $languages_id . "' and poval.language_id = '" . $languages_id . "'");
                            }
                            $attributes_values = tep_db_fetch_array($attributes);
                            $sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'products_options' => $attributes_values['products_options_name'], 'products_options_values' => $attributes_values['products_options_values_name'], 'options_values_price' => $attributes_values['options_values_price'], 'price_prefix' => $attributes_values['price_prefix']);
                            tep_db_perform('orders_products_attributes', $sql_data_array);
                            if (DOWNLOAD_ENABLED == 'true' && isset($attributes_values['products_attributes_filename']) && tep_not_null($attributes_values['products_attributes_filename'])) {
                                $sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'orders_products_filename' => $attributes_values['products_attributes_filename'], 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 'download_count' => $attributes_values['products_attributes_maxcount']);
                                tep_db_perform('orders_products_download', $sql_data_array);
                            }
                        }
                    }
                }
                $cart_PayPal_Pro_HS_ID = $cartID . '-' . $insert_id;
                tep_session_register('cart_PayPal_Pro_HS_ID');
            }
            $order_id = substr($cart_PayPal_Pro_HS_ID, strpos($cart_PayPal_Pro_HS_ID, '-') + 1);
            $params = array('buyer_email' => $order->customer['email_address'], 'cancel_return' => tep_href_link('checkout_payment.php', '', 'SSL'), 'currency_code' => $currency, 'invoice' => $order_id, 'custom' => $customer_id, 'paymentaction' => OSCOM_APP_PAYPAL_HS_TRANSACTION_METHOD == '1' ? 'sale' : 'authorization', 'return' => tep_href_link('checkout_process.php', '', 'SSL'), 'notify_url' => tep_href_link('ext/modules/payment/paypal/pro_hosted_ipn.php', '', 'SSL', false, false), 'shipping' => $this->_app->formatCurrencyRaw($order->info['shipping_cost']), 'tax' => $this->_app->formatCurrencyRaw($order->info['tax']), 'subtotal' => $this->_app->formatCurrencyRaw($order->info['total'] - $order->info['shipping_cost'] - $order->info['tax']), 'billing_first_name' => $order->billing['firstname'], 'billing_last_name' => $order->billing['lastname'], 'billing_address1' => $order->billing['street_address'], 'billing_city' => $order->billing['city'], 'billing_state' => tep_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], $order->billing['state']), 'billing_zip' => $order->billing['postcode'], 'billing_country' => $order->billing['country']['iso_code_2'], 'night_phone_b' => $order->customer['telephone'], 'template' => 'templateD', 'item_name' => STORE_NAME, 'showBillingAddress' => 'false', 'showShippingAddress' => 'false', 'showHostedThankyouPage' => 'false');
            if (is_numeric($sendto) && $sendto > 0) {
                $params['address_override'] = 'true';
                $params['first_name'] = $order->delivery['firstname'];
                $params['last_name'] = $order->delivery['lastname'];
                $params['address1'] = $order->delivery['street_address'];
                $params['city'] = $order->delivery['city'];
                $params['state'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], $order->delivery['state']);
                $params['zip'] = $order->delivery['postcode'];
                $params['country'] = $order->delivery['country']['iso_code_2'];
            }
            $return_link_title = $this->_app->getDef('module_hs_button_return_to_store', array('storename' => STORE_NAME));
            if (strlen($return_link_title) <= 60) {
                $params['cbt'] = $return_link_title;
            }
            $pphs_result = $this->_app->getApiResult('APP', 'BMCreateButton', $params, OSCOM_APP_PAYPAL_HS_STATUS == '1' ? 'live' : 'sandbox');
            if (!tep_session_is_registered('pphs_result')) {
                tep_session_register('pphs_result');
            }
        }
        $pphs_key = tep_create_random_value(16);
        if (!tep_session_is_registered('pphs_key')) {
            tep_session_register('pphs_key');
        }
        $iframe_url = tep_href_link('ext/modules/payment/paypal/hosted_checkout.php', 'key=' . $pphs_key, 'SSL');
        $form_url = tep_href_link('checkout_payment.php', 'payment_error=paypal_pro_hs', 'SSL');
        // include jquery if it doesn't exist in the template
        $output = <<<EOD
<iframe src="{$iframe_url}" width="570px" height="540px" frameBorder="0" scrolling="no"></iframe>
<script>
if ( typeof jQuery == 'undefined' ) {
  document.write('<scr' + 'ipt src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></scr' + 'ipt>');
}
</script>

<script>
\$(function() {
  \$('form[name="checkout_confirmation"] input[type="submit"], form[name="checkout_confirmation"] input[type="image"], form[name="checkout_confirmation"] button[type="submit"]').hide();
  \$('form[name="checkout_confirmation"]').attr('action', '{$form_url}');
});
</script>
EOD;
        $confirmation = array('title' => $output);
        return $confirmation;
    }
Example #13
0
 function before_process()
 {
     global $sagepay_server_transaction_details, $order, $order_totals;
     $OSCOM_Db = Registry::get('Db');
     $sagepay_server_transaction_details = null;
     $error = null;
     if (isset($_GET['check']) && $_GET['check'] == 'PROCESS') {
         if (isset($_GET['skcode']) && isset($_SESSION['sagepay_server_skey_code']) && $_GET['skcode'] == $_SESSION['sagepay_server_skey_code']) {
             $skcode = HTML::sanitize($_GET['skcode']);
             $Qsp = $OSCOM_Db->get('sagepay_server_securitykeys', ['verified', 'transaction_details'], ['code' => $skcode], null, 1);
             if ($Qsp->fetch() !== false) {
                 unset($_SESSION['sagepay_server_skey_code']);
                 $OSCOM_Db->delete('sagepay_server_securitykeys', ['code' => $skcode]);
                 if ($Qsp->value('verified') == '1') {
                     $sagepay_server_transaction_details = $Qsp->value('transaction_details');
                     return true;
                 }
             }
         }
     } else {
         if (!isset($_SESSION['sagepay_server_skey_code'])) {
             $_SESSION['sagepay_server_skey_code'] = tep_create_random_value(16);
         }
         $params = array('VPSProtocol' => $this->api_version, 'ReferrerID' => 'C74D7B82-E9EB-4FBD-93DB-76F0F551C802', 'Vendor' => substr(MODULE_PAYMENT_SAGE_PAY_SERVER_VENDOR_LOGIN_NAME, 0, 15), 'VendorTxCode' => substr(date('YmdHis') . '-' . $_SESSION['customer_id'] . '-' . $_SESSION['cartID'], 0, 40), 'Amount' => $this->format_raw($order->info['total']), 'Currency' => $_SESSION['currency'], 'Description' => substr(STORE_NAME, 0, 100), 'NotificationURL' => $this->formatURL(OSCOM::link('ext/modules/payment/sage_pay/server.php', 'check=SERVER&skcode=' . $_SESSION['sagepay_server_skey_code'], 'SSL', false)), 'BillingSurname' => substr($order->billing['lastname'], 0, 20), 'BillingFirstnames' => substr($order->billing['firstname'], 0, 20), 'BillingAddress1' => substr($order->billing['street_address'], 0, 100), 'BillingCity' => substr($order->billing['city'], 0, 40), 'BillingPostCode' => substr($order->billing['postcode'], 0, 10), 'BillingCountry' => $order->billing['country']['iso_code_2'], 'BillingPhone' => substr($order->customer['telephone'], 0, 20), 'DeliverySurname' => substr($order->delivery['lastname'], 0, 20), 'DeliveryFirstnames' => substr($order->delivery['firstname'], 0, 20), 'DeliveryAddress1' => substr($order->delivery['street_address'], 0, 100), 'DeliveryCity' => substr($order->delivery['city'], 0, 40), 'DeliveryPostCode' => substr($order->delivery['postcode'], 0, 10), 'DeliveryCountry' => $order->delivery['country']['iso_code_2'], 'DeliveryPhone' => substr($order->customer['telephone'], 0, 20), 'CustomerEMail' => substr($order->customer['email_address'], 0, 255), 'Apply3DSecure' => '0');
         $ip_address = tep_get_ip_address();
         if (ip2long($ip_address) != -1 && ip2long($ip_address) != false) {
             $params['ClientIPAddress'] = $ip_address;
         }
         if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Payment') {
             $params['TxType'] = 'PAYMENT';
         } elseif (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Deferred') {
             $params['TxType'] = 'DEFERRED';
         } else {
             $params['TxType'] = 'AUTHENTICATE';
         }
         if ($params['BillingCountry'] == 'US') {
             $params['BillingState'] = tep_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], '');
         }
         if ($params['DeliveryCountry'] == 'US') {
             $params['DeliveryState'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], '');
         }
         if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE != 'Normal') {
             $params['Profile'] = 'LOW';
         }
         $contents = array();
         foreach ($order->products as $product) {
             $product_name = $product['name'];
             if (isset($product['attributes'])) {
                 foreach ($product['attributes'] as $att) {
                     $product_name .= '; ' . $att['option'] . '=' . $att['value'];
                 }
             }
             $contents[] = str_replace(array(':', "\n", "\r", '&'), '', $product_name) . ':' . $product['qty'] . ':' . $this->format_raw($product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price'] + $product['final_price']) . ':' . $this->format_raw(($product['tax'] / 100 * $product['final_price'] + $product['final_price']) * $product['qty']);
         }
         foreach ($order_totals as $ot) {
             $contents[] = str_replace(array(':', "\n", "\r", '&'), '', strip_tags($ot['title'])) . ':---:---:---:---:' . $this->format_raw($ot['value']);
         }
         $params['Basket'] = substr(sizeof($contents) . ':' . implode(':', $contents), 0, 7500);
         $post_string = '';
         foreach ($params as $key => $value) {
             $post_string .= $key . '=' . urlencode(trim($value)) . '&';
         }
         if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_SERVER == 'Live') {
             $gateway_url = 'https://live.sagepay.com/gateway/service/vspserver-register.vsp';
         } else {
             $gateway_url = 'https://test.sagepay.com/gateway/service/vspserver-register.vsp';
         }
         $transaction_response = $this->sendTransactionToGateway($gateway_url, $post_string);
         $string_array = explode(chr(10), $transaction_response);
         $return = array();
         foreach ($string_array as $string) {
             if (strpos($string, '=') != false) {
                 $parts = explode('=', $string, 2);
                 $return[trim($parts[0])] = trim($parts[1]);
             }
         }
         if ($return['Status'] == 'OK') {
             $Qsp = $OSCOM_Db->get('sagepay_server_securitykeys', ['id', 'securitykey'], ['code' => $_SESSION['sagepay_server_skey_code']], null, 1);
             if ($Qsp->fetch() !== false) {
                 if ($Qsp->value('securitykey') != $return['SecurityKey']) {
                     $OSCOM_Db->save('sagepay_server_securitykeys', ['securitykey' => $return['SecurityKey'], 'date_added' => 'now()'], ['id' => $Qsp->valueInt('id')]);
                 }
             } else {
                 $OSCOM_Db->save('sagepay_server_securitykeys', ['code' => $_SESSION['sagepay_server_skey_code'], 'securitykey' => $return['SecurityKey'], 'date_added' => 'now()']);
             }
             if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE == 'Normal') {
                 HTTP::redirect($return['NextURL']);
             } else {
                 $_SESSION['sage_pay_server_nexturl'] = $return['NextURL'];
                 OSCOM::redirect('ext/modules/payment/sage_pay/checkout.php', '', 'SSL');
             }
         } else {
             $error = $this->getErrorMessageNumber($return['StatusDetail']);
             $this->sendDebugEmail($return);
         }
     }
     OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . (tep_not_null($error) ? '&error=' . $error : ''), 'SSL');
 }
Example #14
0
function transfer($transaction_data_array)
{
    $amount = $transaction_data_array['amount'];
    $from_userid = $transaction_data_array['from_userid'];
    $balance_currency = $transaction_data_array['transaction_currency'];
    $to_userid = $transaction_data_array['to_userid'];
    $fees = $transaction_data_array['fee'];
    $batch_number = $transaction_data_array['batch_number'];
    $to_account = $transaction_data_array['to_account'];
    $amount_text = $transaction_data_array['amount_text'];
    $to_account = $transaction_data_array['to_account'];
    $transaction_memo = $transaction_data_array['transaction_memo'];
    $from_account_number = $transaction_data_array['from_account'];
    // deduce balance of the from account
    db_query("UPDATE " . _TABLE_USER_BALANCE . " SET balance=balance- " . $amount . ", last_updated='" . date('YmdHis') . "' WHERE user_id='" . $from_userid . "' and currency_code='" . $balance_currency . "'");
    // add balance to the account
    // check  user's balance currency init ?
    $check_balance = db_fetch_array(db_query("SELECT count(*) as total FROM " . _TABLE_USER_BALANCE . " WHERE user_id='" . $to_userid . "' and currency_code='" . $balance_currency . "'"));
    $current_amount = $amount - $fees;
    if ($check_balance['total'] > 0) {
        db_query("UPDATE " . _TABLE_USER_BALANCE . " SET balance=balance+ " . $current_amount . ", last_updated='" . date('YmdHis') . "' WHERE user_id='" . $to_userid . "' and currency_code='" . $balance_currency . "'");
    } else {
        $balance_data_array = array('user_id' => $to_userid, 'currency_code' => $balance_currency, 'balance' => $current_amount, 'last_updated' => date('YmdHis'));
        db_perform(_TABLE_USER_BALANCE, $balance_data_array);
    }
    // completed
    $transaction_data = array('batch_number' => $batch_number, 'from_account' => $from_account_number, 'to_account' => $to_account, 'amount_text' => $amount_text, 'memo' => $transaction_memo, 'transaction_time' => date('d/m/Y H:i'));
    $step = 'completed';
    // Send Transaction Notify 	Email to User
    $email_info = get_email_template('TRANSFER_EMAIL');
    $user_info = db_fetch_array(db_query("SELECT firstname, email FROM " . _TABLE_USERS . " WHERE user_id='" . $to_userid . "'"));
    $firstname = $user_info['firstname'];
    $msg_subject = $email_info['emailtemplate_subject'];
    //	echo "amount_text = $amount_text <br>";
    $msg_content = str_replace(array('[firstname]', '[amount_text]', '[batch_number]', '[balance_currency]', '[from_account]'), array($firstname, $amount_text, $batch_number, $balance_currency, $from_account_number), $email_info['emailtemplate_content']);
    $msg_content = html_entity_decode($msg_content);
    tep_mail($firstname, $user_info['email'], $msg_subject, $msg_content, SITE_NAME, SITE_CONTACT_EMAIL);
    //admin transfer
    $batch_number_admin = tep_create_random_value(11, 'digits');
    $transaction_data_array_admin = array('from_userid' => $to_userid, 'batch_number' => $batch_number_admin, 'to_userid' => 1, 'amount' => $fees, 'fee' => 0, 'transaction_time' => date('YmdHis'), 'transaction_memo' => 'transaction fees #' . $batch_number, 'from_account' => $to_account, 'to_account' => 'OOKCASH', 'transaction_currency' => $balance_currency, 'amount_text' => $transaction_data_array['fee_text'], 'transaction_status' => 'completed');
    db_perform(_TABLE_TRANSACTIONS, $transaction_data_array);
    transfer_admin($transaction_data_array_admin);
    return $transaction_data;
}
         $zone_id = false;
     }
 }
 $country = tep_db_prepare_input($HTTP_POST_VARS['country']);
 $telephone = tep_db_prepare_input($HTTP_POST_VARS['telephone']);
 $fax = tep_db_prepare_input($HTTP_POST_VARS['fax']);
 if (isset($HTTP_POST_VARS['newsletter'])) {
     $newsletter = tep_db_prepare_input($HTTP_POST_VARS['newsletter']);
 } else {
     $newsletter = false;
 }
 $password = tep_db_prepare_input($HTTP_POST_VARS['password']);
 $confirmation = tep_db_prepare_input($HTTP_POST_VARS['confirmation']);
 // Guest Account Start
 if ($guest_account == true) {
     $guest_pass = tep_create_random_value(ENTRY_PASSWORD_MIN_LENGTH, 'mixed');
     $password = tep_db_prepare_input($guest_pass);
 }
 // Guest Account End
 $error = false;
 if (ACCOUNT_GENDER == 'true') {
     if ($gender != 'm' && $gender != 'f') {
         $error = true;
         $messageStack->add('create_account', ENTRY_GENDER_ERROR);
     }
 }
 if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
     $error = true;
     $messageStack->add('create_account', ENTRY_FIRST_NAME_ERROR);
 }
 if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
Example #16
0
 function create_random_string($value)
 {
     do {
         $variable = tep_create_random_value(16);
     } while (isset($GLOBALS[$name]) || isset($this->storage[$variable]));
     $this->register($variable, $value);
     return $variable;
 }
Example #17
0
 if ($response_array['ACK'] == 'Success' || $response_array['ACK'] == 'SuccessWithWarning') {
     $force_login = false;
     // check if e-mail address exists in database and login or create customer account
     if (!tep_session_is_registered('customer_id')) {
         $force_login = true;
         $email_address = tep_db_prepare_input($response_array['EMAIL']);
         $check_query = tep_db_query("select * from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "' limit 1");
         if (tep_db_num_rows($check_query)) {
             $check = tep_db_fetch_array($check_query);
             $customer_id = $check['customers_id'];
             $customers_firstname = $check['customers_firstname'];
             $customer_default_address_id = $check['customers_default_address_id'];
         } else {
             $customers_firstname = tep_db_prepare_input($response_array['FIRSTNAME']);
             $customers_lastname = tep_db_prepare_input($response_array['LASTNAME']);
             $customer_password = tep_create_random_value(max(ENTRY_PASSWORD_MIN_LENGTH, 8));
             $sql_data_array = array('customers_firstname' => $customers_firstname, 'customers_lastname' => $customers_lastname, 'customers_email_address' => $email_address, 'customers_telephone' => '', 'customers_fax' => '', 'customers_newsletter' => '0', 'customers_password' => tep_encrypt_password($customer_password));
             if (isset($response_array['PHONENUM']) && tep_not_null($response_array['PHONENUM'])) {
                 $customers_telephone = tep_db_prepare_input($response_array['PHONENUM']);
                 $sql_data_array['customers_telephone'] = $customers_telephone;
             }
             tep_db_perform(TABLE_CUSTOMERS, $sql_data_array);
             $customer_id = tep_db_insert_id();
             tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customer_id . "', '0', now())");
             // build the message content
             $name = $customers_firstname . ' ' . $customers_lastname;
             $email_text = sprintf(EMAIL_GREET_NONE, $customers_firstname) . EMAIL_WELCOME . sprintf(MODULE_PAYMENT_PAYPAL_EXPRESS_EMAIL_PASSWORD, $email_address, $customer_password) . EMAIL_TEXT . EMAIL_CONTACT . EMAIL_WARNING;
             tep_mail($name, $email_address, EMAIL_SUBJECT, $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
         }
         if (SESSION_RECREATE == 'True') {
             tep_session_recreate();
Example #18
0
 function generate_account_number()
 {
     $CI =& get_instance();
     $CI->load->model('user_model', 'user');
     while (true) {
         $new_account_number = tep_create_random_value(7, 'digits');
         //check if the account number is existed
         $check_account_number = $CI->user->getUser(array('account_number' => $new_account_number));
         if (!$check_account_number) {
             return $new_account_number;
         }
     }
 }
Example #19
0
  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2008 osCommerce

  Released under the GNU General Public License
*/
require 'includes/application_top.php';
require DIR_WS_LANGUAGES . $language . '/' . FILENAME_PASSWORD_FORGOTTEN;
if (isset($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] == 'process' && isset($HTTP_POST_VARS['formid']) && $HTTP_POST_VARS['formid'] == $sessiontoken) {
    $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
    $check_customer_query = tep_db_query("select customers_firstname, customers_lastname, customers_password, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
    if (tep_db_num_rows($check_customer_query)) {
        $check_customer = tep_db_fetch_array($check_customer_query);
        $new_password = tep_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
        $crypted_password = tep_encrypt_password($new_password);
        tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $check_customer['customers_id'] . "'");
        tep_mail($check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'], $email_address, EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
        $messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success');
        tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
    } else {
        $messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
    }
}
$breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_LOGIN, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'SSL'));
require DIR_WS_INCLUDES . 'template_top.php';
?>

    <?php 
 function before_process()
 {
     global $HTTP_GET_VARS, $HTTP_POST_VARS, $sagepay_server_skey_code, $sagepay_server_transaction_details, $sage_pay_server_nexturl, $customer_id, $order, $currency, $order_totals, $cartID;
     $sagepay_server_transaction_details = null;
     $error = null;
     if (isset($HTTP_GET_VARS['check']) && $HTTP_GET_VARS['check'] == 'PROCESS') {
         if (isset($HTTP_GET_VARS['skcode']) && tep_session_is_registered('sagepay_server_skey_code') && $HTTP_GET_VARS['skcode'] == $sagepay_server_skey_code) {
             $skcode = tep_db_prepare_input($HTTP_GET_VARS['skcode']);
             $sp_query = tep_db_query('select verified, transaction_details from sagepay_server_securitykeys where code = "' . tep_db_input($skcode) . '" limit 1');
             if (tep_db_num_rows($sp_query)) {
                 $sp = tep_db_fetch_array($sp_query);
                 tep_session_unregister('sagepay_server_skey_code');
                 tep_db_query('delete from sagepay_server_securitykeys where code = "' . tep_db_input($skcode) . '"');
                 if ($sp['verified'] == '1') {
                     $sagepay_server_transaction_details = $sp['transaction_details'];
                     return true;
                 }
             }
         }
     } else {
         if (!tep_session_is_registered('sagepay_server_skey_code')) {
             tep_session_register('sagepay_server_skey_code');
             $sagepay_server_skey_code = tep_create_random_value(16);
         }
         $params = array('VPSProtocol' => $this->api_version, 'ReferrerID' => 'C74D7B82-E9EB-4FBD-93DB-76F0F551C802', 'Vendor' => substr(MODULE_PAYMENT_SAGE_PAY_SERVER_VENDOR_LOGIN_NAME, 0, 15), 'VendorTxCode' => substr(date('YmdHis') . '-' . $customer_id . '-' . $cartID, 0, 40), 'Amount' => $this->format_raw($order->info['total']), 'Currency' => $currency, 'Description' => substr(STORE_NAME, 0, 100), 'NotificationURL' => $this->formatURL(tep_href_link('ext/modules/payment/sage_pay/server.php', 'check=SERVER&skcode=' . $sagepay_server_skey_code, 'SSL', false)), 'BillingSurname' => substr($order->billing['lastname'], 0, 20), 'BillingFirstnames' => substr($order->billing['firstname'], 0, 20), 'BillingAddress1' => substr($order->billing['street_address'], 0, 100), 'BillingCity' => substr($order->billing['city'], 0, 40), 'BillingPostCode' => substr($order->billing['postcode'], 0, 10), 'BillingCountry' => $order->billing['country']['iso_code_2'], 'BillingPhone' => substr($order->customer['telephone'], 0, 20), 'DeliverySurname' => substr($order->delivery['lastname'], 0, 20), 'DeliveryFirstnames' => substr($order->delivery['firstname'], 0, 20), 'DeliveryAddress1' => substr($order->delivery['street_address'], 0, 100), 'DeliveryCity' => substr($order->delivery['city'], 0, 40), 'DeliveryPostCode' => substr($order->delivery['postcode'], 0, 10), 'DeliveryCountry' => $order->delivery['country']['iso_code_2'], 'DeliveryPhone' => substr($order->customer['telephone'], 0, 20), 'CustomerEMail' => substr($order->customer['email_address'], 0, 255), 'Apply3DSecure' => '0');
         $ip_address = tep_get_ip_address();
         if (ip2long($ip_address) != -1 && ip2long($ip_address) != false) {
             $params['ClientIPAddress'] = $ip_address;
         }
         if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Payment') {
             $params['TxType'] = 'PAYMENT';
         } elseif (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Deferred') {
             $params['TxType'] = 'DEFERRED';
         } else {
             $params['TxType'] = 'AUTHENTICATE';
         }
         if ($params['BillingCountry'] == 'US') {
             $params['BillingState'] = tep_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], '');
         }
         if ($params['DeliveryCountry'] == 'US') {
             $params['DeliveryState'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], '');
         }
         if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE != 'Normal') {
             $params['Profile'] = 'LOW';
         }
         $contents = array();
         foreach ($order->products as $product) {
             $product_name = $product['name'];
             if (isset($product['attributes'])) {
                 foreach ($product['attributes'] as $att) {
                     $product_name .= '; ' . $att['option'] . '=' . $att['value'];
                 }
             }
             $contents[] = str_replace(array(':', "\n", "\r", '&'), '', $product_name) . ':' . $product['qty'] . ':' . $this->format_raw($product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price'] + $product['final_price']) . ':' . $this->format_raw(($product['tax'] / 100 * $product['final_price'] + $product['final_price']) * $product['qty']);
         }
         foreach ($order_totals as $ot) {
             $contents[] = str_replace(array(':', "\n", "\r", '&'), '', strip_tags($ot['title'])) . ':---:---:---:---:' . $this->format_raw($ot['value']);
         }
         $params['Basket'] = substr(sizeof($contents) . ':' . implode(':', $contents), 0, 7500);
         $post_string = '';
         foreach ($params as $key => $value) {
             $post_string .= $key . '=' . urlencode(trim($value)) . '&';
         }
         if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_SERVER == 'Live') {
             $gateway_url = 'https://live.sagepay.com/gateway/service/vspserver-register.vsp';
         } else {
             $gateway_url = 'https://test.sagepay.com/gateway/service/vspserver-register.vsp';
         }
         $transaction_response = $this->sendTransactionToGateway($gateway_url, $post_string);
         $string_array = explode(chr(10), $transaction_response);
         $return = array();
         foreach ($string_array as $string) {
             if (strpos($string, '=') != false) {
                 $parts = explode('=', $string, 2);
                 $return[trim($parts[0])] = trim($parts[1]);
             }
         }
         if ($return['Status'] == 'OK') {
             $sp_query = tep_db_query('select id, securitykey from sagepay_server_securitykeys where code = "' . tep_db_input($sagepay_server_skey_code) . '" limit 1');
             if (tep_db_num_rows($sp_query)) {
                 $sp = tep_db_fetch_array($sp_query);
                 if ($sp['securitykey'] != $return['SecurityKey']) {
                     tep_db_query('update sagepay_server_securitykeys set securitykey = "' . tep_db_input($return['SecurityKey']) . '", date_added = now() where id = "' . (int) $sp['id'] . '"');
                 }
             } else {
                 tep_db_query('insert into sagepay_server_securitykeys (code, securitykey, date_added) values ("' . tep_db_input($sagepay_server_skey_code) . '", "' . tep_db_input($return['SecurityKey']) . '", now())');
             }
             if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE == 'Normal') {
                 tep_redirect($return['NextURL']);
             } else {
                 if (!tep_session_is_registered('sage_pay_server_nexturl')) {
                     tep_session_register('sage_pay_server_nexturl');
                 }
                 $sage_pay_server_nexturl = $return['NextURL'];
                 tep_redirect(tep_href_link('ext/modules/payment/sage_pay/checkout.php', '', 'SSL'));
             }
         } else {
             $error = $this->getErrorMessageNumber($return['StatusDetail']);
             $this->sendDebugEmail($return);
         }
     }
     tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . (tep_not_null($error) ? '&error=' . $error : ''), 'SSL'));
 }
Example #21
0
     $balance_currency = $checkout_currency;
     //dv tien
     $batch_number = tep_create_random_value(11, 'digits');
     $amount_text = $balance;
 } elseif ($step == 'complete') {
     $smarty->assign('master_key', $master_key);
     //get banlance
     $currencies_query = db_query("select currency_code, balance value from " . _TABLE_USER_BALANCE . " where user_id='{$login_userid}' and currency_code='{$checkout_currency}'");
     $curency = db_fetch_array($currencies_query);
     $to_userid = $user_to_info['user_id'];
     $to_account = $payee_account;
     $transaction_memo = db_prepare_input($_POST['transaction_memo']);
     $amount = (double) $checkout_amount;
     $balance_currency = $checkout_currency;
     //dv tien
     $batch_number = tep_create_random_value(11, 'digits');
     $amount_text = $balance;
     if ($checkout_amount > $curency['value']) {
         $error_code[] = 'ERR_001';
         $smarty->assign('errors', $error_code);
         $smarty->assign('error_code', $__ERROR_CODE);
     } else {
         $transaction_data_array = array('from_userid' => $login_userid, 'batch_number' => $batch_number, 'to_userid' => $to_userid, 'amount' => $amount, 'transaction_time' => date('YmdHis'), 'transaction_memo' => $transaction_memo, 'from_account' => $login_account_number, 'to_account' => $to_account, 'transaction_currency' => $balance_currency, 'amount_text' => $amount_text, 'transaction_status' => 'completed');
         db_perform(_TABLE_TRANSACTIONS, $transaction_data_array);
         $transaction_id = db_insert_id();
         $transaction_history_array = array('from_userid' => $login_userid, 'batch_number' => $transaction_data_array['batch_number'], 'transaction_id' => $transaction_id, 'to_userid' => $to_userid, 'amount' => $amount, 'transaction_time' => date('YmdHis'), 'transaction_memo' => $transaction_memo, 'from_account' => $login_account_number, 'to_account' => $to_account, 'transaction_currency' => $balance_currency, 'amount_text' => $amount_text, 'transaction_status' => 'completed', 'description' => '', 'fail_url' => $fail_url, 'cancel_url' => $cancel_url, 'status_url' => $status_url, 'success_url' => $success_url, 'extra_fields' => serialize($extra_fields), 'status_method' => $status_method);
         db_perform(_TABLE_TRANSACTIONS_HISTOTY, $transaction_history_array);
         $history_id = db_insert_id();
         $smarty->assign('status_transaction', 'completed');
         $smarty->assign('transaction', $transaction_history_array);
         // deduce balance of the from account
  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2005 osCommerce

  Released under the GNU General Public License
*/
require 'includes/application_top.php';
require DIR_WS_LANGUAGES . $osC_Session->value('language') . '/' . FILENAME_PASSWORD_FORGOTTEN;
if (isset($_GET['action']) && $_GET['action'] == 'process') {
    $Qcheck = $osC_Database->query('select customers_id, customers_firstname, customers_lastname, customers_password from :table_customers where customers_email_address = :customers_email_address');
    $Qcheck->bindTable(':table_customers', TABLE_CUSTOMERS);
    $Qcheck->bindValue(':customers_email_address', $_POST['email_address']);
    $Qcheck->execute();
    if ($Qcheck->numberOfRows()) {
        $new_password = tep_create_random_value(ACCOUNT_PASSWORD);
        $Qupdate = $osC_Database->query('update :table_customers set customers_password = :customers_password where customers_id = :customers_id');
        $Qupdate->bindTable(':table_customers', TABLE_CUSTOMERS);
        $Qupdate->bindValue(':customers_password', tep_encrypt_password($new_password));
        $Qupdate->bindInt(':customers_id', $Qcheck->valueInt('customers_id'));
        $Qupdate->execute();
        tep_mail($Qcheck->valueProtected('customers_firstname') . ' ' . $Qcheck->valueProtected('customers_lastname'), $_POST['email_address'], EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
        $messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success');
        tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
    } else {
        $messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
    }
}
$breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_LOGIN, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'SSL'));
?>
Example #23
0
    $myX = rand(1, 148);
    $myY = rand(1, 58);
    imageline($image_handle, $myX, $myY, $myX + rand(-5, 5), $myY + rand(-5, 5), $rndm);
}
if ($_GET['load'] == 'notrefresh' && tep_session_is_registered('secure_image_hash_string')) {
    for ($x = 0; $x <= strlen($secure_image_hash_string); $x++) {
        $dark = imagecolorallocate($image_handle, rand(5, 128), rand(5, 128), rand(5, 128));
        $capChar = $secure_image_hash_string[$x];
        $fs = rand(20, 26);
        $myX = 15 + ($x * 28 + rand(-5, 5));
        $myY = rand($fs + 2, 55);
        $angle = rand(-30, 30);
        ImageTTFText($image_handle, $fs, $angle, $myX, $myY, $dark, $fontName, $capChar);
    }
} else {
    $myCryptBase = tep_create_random_value(50, 'digits');
    $secure_image_hash_string = "";
    for ($x = 0; $x <= 4; $x++) {
        $dark = imagecolorallocate($image_handle, rand(5, 128), rand(5, 128), rand(5, 128));
        $capChar = substr($myCryptBase, rand(1, 35), 1);
        $secure_image_hash_string .= $capChar;
        $fs = rand(20, 26);
        $myX = 15 + ($x * 28 + rand(-5, 5));
        $myY = rand($fs + 2, 55);
        $angle = rand(-30, 30);
        ImageTTFText($image_handle, $fs, $angle, $myX, $myY, $dark, $fontName, $capChar);
    }
}
header("Content-type: image/jpeg");
imagejpeg($image_handle, "", 95);
imagedestroy($image_handle);
Example #24
0
function generate_account_number()
{
    while (true) {
        $new_account_number = tep_create_random_value(7, 'digits');
        //check if the account number is existed
        $check_account_number = db_fetch_array(db_query("SELECT count(*) as total FROM " . _TABLE_USERS . " WHERE account_number='" . $new_account_number . "'"));
        if ($check_account_number['total'] == 0) {
            return $new_account_number;
        }
    }
}
Example #25
0
 public function transfer()
 {
     $this->load->model('email_model');
     $login_id = $this->session->userdata('login_id');
     if (!$this->user_session && !$login_id) {
         redirect(site_url('login'));
     }
     if ($this->user_session) {
         $user_info = $this->user_session;
     } else {
         $user_info = $this->user->getUserById($login_id);
     }
     $this->data['success'] = $this->input->get('success');
     $currencies_array = $this->currencies->getCurrencies();
     $balance_currencies[''] = '-- Select Currency --';
     $balances = $this->wallet->getBalanceByUserId($user_info['user_id']);
     $balances_array = array();
     foreach ($balances as $balance) {
         $balances_array[$balance['currency_code']] = $balance['balance'];
     }
     $balance_currencies = array();
     foreach ($currencies_array as $currency_code => $currency_info) {
         $balance_currencies[$currency_info['code']] = $currency_info['title'] . ' (' . get_currency_value_format(!empty($balances_array[$currency_info['code']]) ? $balances_array[$currency_info['code']] : 0, $currency_info) . ')';
     }
     $this->assign('balance_currencies', $balance_currencies);
     $posts = $this->input->post();
     if ($posts) {
         $balance_currency = $posts['balance_currency'];
         $amount = $posts['amount'];
         if ($balance_currency == '') {
             $this->validator->addError('Currency', 'Please select the currency of balance that you want to use for the transaction.');
         }
         if ($amount <= 0) {
             $this->validator->addError('Amount', 'Please input correct Amount .');
         } else {
             // check if out of balance
             if ($amount > $balances_array[$balance_currency]) {
                 $this->validator->addError('Balance', 'You have not enough balance to transfer the amount(<strong>' . get_currency_value_format($amount, $currencies_array[$balance_currency]) . '</strong>). Please input difference amount.');
             }
         }
         $to_account = $posts['to_account'];
         $to_user_info = $this->user->getUser(array('account_number' => $posts['to_account']));
         if (!$to_user_info) {
             $this->validator->addError('Account Number', 'Invalid account number. Please input correct account number of the user that you want to transfer to.');
         } elseif (trim($to_account) == $user_info['account_number']) {
             $this->validator->addError('Account Number', 'Invalid account number. Please input correct account number of the user that you want to transfer to.');
         }
         if (count($this->validator->errors) == 0) {
             $batch_number = tep_create_random_value(11, 'digits');
             $amount_text = get_currency_value_format($amount, $currencies_array[$balance_currency]);
             $transaction_memo = '';
             $fees = $amount * $this->configs['TRANSFER_FEES'] / 100;
             $fees_text = get_currency_value_format($fees, $currencies_array[$balance_currency]);
             $amount = get_currency_value($amount, $currencies_array[$balance_currency]);
             $fees = get_currency_value($fees, $currencies_array[$balance_currency]);
             $current_amount = $amount - $fees;
             $transaction_data_array = array('from_userid' => $user_info['user_id'], 'batch_number' => $batch_number, 'to_userid' => $to_user_info['user_id'], 'amount' => $amount, 'fee' => $fees, 'fee_text' => $fees_text, 'transaction_time' => date('YmdHis'), 'transaction_memo' => $transaction_memo, 'from_account' => $user_info['account_number'], 'to_account' => $to_user_info['account_number'], 'transaction_currency' => $balance_currency, 'amount_text' => $amount_text, 'transaction_status' => 'completed');
             $this->data['transaction_data'] = $transaction_data_array;
             $this->transaction->insert($transaction_data_array);
             $balanceFrom = array('user_id' => $user_info['user_id'], 'currency_code' => $balance_currency);
             $this->wallet->updateWallet($balanceFrom, $amount, '-');
             $balanceTo = array('user_id' => $to_user_info['user_id'], 'currency_code' => $balance_currency);
             $this->balance->updateBalance($balanceTo, $current_amount, '+');
             //admin transfer
             $batch_number_admin = tep_create_random_value(11, 'digits');
             $transaction_data_array_admin = array('from_userid' => $to_user_info['user_id'], 'batch_number' => $batch_number_admin, 'to_userid' => 1, 'amount' => $fees, 'fee' => 0, 'transaction_time' => date('YmdHis'), 'transaction_memo' => 'transaction fees #' . $batch_number, 'from_account' => $to_user_info['account_number'], 'to_account' => 'OOKCASH', 'transaction_currency' => $balance_currency, 'amount_text' => $fees_text, 'transaction_status' => 'completed', 'status' => '0');
             $this->transaction->insert($transaction_data_array_admin);
             $balanceAdmin = array('user_id' => 1, 'currency_code' => $balance_currency);
             $this->balance->updateBalance($balanceAdmin, $fees, '+');
             $dataEmail = array('firstname' => $to_user_info['firstname'], 'amount_text' => $amount_text, 'batch_number' => $batch_number, 'balance_currency' => $balance_currency, 'from_account' => $user_info['account_number'], 'fees_text' => $fees_text);
             $this->email_model->sendmail('TRANSFER_EMAIL', $to_user_info['firstname'], $to_user_info['email'], $dataEmail);
             redirect(site_url('wallet/transfer') . '?success=1');
         } else {
             $this->data['validerrors'] = $this->validator->errors;
         }
     }
     $this->data['posts'] = $posts;
     $this->view('wallet/transfer');
 }
Example #26
0
     }
 } else {
     $validator->addError('Turing Number', ERROR_SECURE_CODE_WRONG);
 }
 if (count($validator->errors) == 0) {
     // found email => send account number to the email
     $account_info = db_fetch_array(db_query($sql_check_info));
     $session_account_number = $account_number;
     $session_email = $email;
     tep_session_register('session_account_number');
     tep_session_register('session_email');
     $email_info = get_email_template('RESET_PASSWORD_CODE');
     $security_question = $account_info['account_info'];
     //$firstname	=	$user_info['firstname'];
     $msg_subject = $email_info['emailtemplate_subject'];
     $reset_code = tep_create_random_value(10, 'digits');
     //-----------------add by donghp 27/03/2012----------------------
     $user_id = $account_info['user_id'];
     $q = db_query("UPDATE  users SET  reset_code =  '" . $reset_code . "' WHERE user_id = {$user_id}");
     //----------------------------------------------------------------
     $msg_content = str_replace(array('[firstname]', '[reset_code]'), array($account_info['firstname'], $reset_code), $email_info['emailtemplate_content']);
     $msg_content = html_entity_decode($msg_content);
     //add by donghp 26/03/2012
     tep_mail($account_info['firstname'] . ' ' . $account_info['lastname'], $email, $msg_subject, $msg_content, SITE_NAME, SITE_CONTACT_EMAIL);
     $resetcode_sent = true;
 } else {
     postAssign($smarty);
 }
 if ($resetcode_sent) {
     $sql = "SELECT user_id, firstname, lastname,security_question,account_number FROM " . _TABLE_USERS . " WHERE (email='" . $email . "') and (account_number='" . $account_number . "')";
     $account = db_fetch_array(db_query($sql));
Example #27
0
 $login_useremail = $user_info['email'];
 tep_session_register('login_userid');
 tep_session_register('login_account_number');
 tep_session_register('login_useremail');
 // set cookies for autologin
 if ($_POST['remember_me']) {
     tep_setcookie("account_number", $account_number, time() + 60 * 60 * 24 * 100, HTTP_COOKIE_PATH, HTTP_COOKIE_DOMAIN);
     tep_setcookie("password", $login_password, time() + 60 * 60 * 24 * 100, HTTP_COOKIE_PATH, HTTP_COOKIE_DOMAIN);
 }
 $current_ip = get_client_ip();
 $mss_flag = false;
 if ($user_info['verification_status'] == 1 && $current_ip != $user_info['verification_ip']) {
     $mss_flag = true;
 }
 if ($mss_flag) {
     $verification_key = tep_create_random_value(10, 'digits');
     $signup_data_array['verification_key'] = $verification_key;
     db_perform(_TABLE_USERS, $signup_data_array, 'update', " user_id='" . $user_info['user_id'] . "' ");
     $email_info = get_email_template('VERIFYCATION_KEY');
     $msg_subject = $email_info['emailtemplate_subject'];
     $msg_content = str_replace(array('[firstname]', '[verification_key]'), array($user_info['firstname'], $verification_key), $email_info['emailtemplate_content']);
     $msg_content = html_entity_decode($msg_content);
     tep_mail($user_info['firstname'] . ' ' . $user_info['lastname'], $user_info['email'], $msg_subject, $msg_content, SITE_NAME, SITE_CONTACT_EMAIL);
 }
 if (sizeof($navigation->snapshot) > 0) {
     $origin_href = get_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']);
     $navigation->clear_snapshot();
     tep_redirect($origin_href, '', 'SSL');
 } else {
     tep_redirect(get_href_link(PAGE_LOGIN_CONFIRM, '', 'SSL'));
 }
if (defined('MODULE_ADDONS_BUYSAFE_STATUS') && MODULE_ADDONS_BUYSAFE_STATUS == 'True') {
    if ($cart->count_contents() > 0) {
        if (basename($_SERVER['PHP_SELF']) == 'shopping_cart.php' || basename($_SERVER['PHP_SELF']) == 'checkout_confirmation.php' || basename($_SERVER['PHP_SELF']) == 'checkout_process.php') {
            require_once DIR_WS_CLASSES . 'buysafe.php';
            $buysafe_module = new buysafe_class();
            $session_WantsBond = isset($_SESSION['WantsBond']) ? $_SESSION['WantsBond'] : '';
            $WantsBond = isset($_POST['WantsBond']) ? $_POST['WantsBond'] : $session_WantsBond;
            if (!isset($_SESSION['cre_buySafe_unique_CartId'])) {
                $_SESSION['cre_buySafe_unique_CartId'] = '';
            }
            if ($_SESSION['cre_buySafe_unique_CartId'] == '') {
                $timeStamp = strtotime('now');
                $cre_buySafe_unique_cart_id = $timeStamp . $_SERVER['REMOTE_ADDR'];
                $cre_buySafe_unique_cart_id = str_replace('.', '', $cre_buySafe_unique_cart_id);
                // unique format = timestamp + remote_address + mixed random
                $_SESSION['cre_buySafe_unique_CartId'] = MODULE_ADDONS_BUYSAFE_CART_PREFIX . '-' . $cre_buySafe_unique_cart_id . tep_create_random_value(6);
            }
            $buysafe_params = array('WantsBond' => $WantsBond ? $WantsBond : 'false', 'buysafe_cart_id' => $_SESSION['cre_buySafe_unique_CartId'] ? $_SESSION['cre_buySafe_unique_CartId'] : '');
            $buysafe_result = $buysafe_module->call_api('AddUpdateShoppingCart', $buysafe_params);
            if (is_array($buysafe_result)) {
                $WantsBond = $buysafe_result['BondCostDisplayText'] != '' ? true : false;
                $_SESSION['WantsBond'] = $WantsBond;
                if (defined('MODULE_ADDONS_BUYSAFE_DEBUG') && MODULE_ADDONS_BUYSAFE_DEBUG == true) {
                    if (tep_not_null($buysafe_result['faultstring'])) {
                        $messageStack->add('header', 'buySAFE fault: ' . $buysafe_result['faultstring'], 'error');
                    }
                }
            }
        }
    }
}
Example #29
0
function help_desk_parsepart($p, $i, $link, $msgid, &$partsarray, &$attachments_array)
{
    //global $link, $msgid,$partsarray;
    //where to write file attachments to:
    $filestore = DIR_FS_ADMIN . HELPDESK_ATTACHMENTS_FOLDER;
    //fetch part
    $part = imap_fetchbody($link, $msgid, $i);
    //if type is not text
    if ($p->type != 0 || $p->type == 0 && isset($p->disposition)) {
        //if ($p->type != 0 ) {
        //DECODE PART
        switch ($p->encoding) {
            case 3:
                //decode if base64
                $part = base64_decode($part);
                break;
            case 4:
                //decode if quoted printable
                $part = quoted_printable_decode($part);
                break;
            default:
                //no need to decode binary or 8bit!
                break;
        }
        //get filename of attachment if present
        $filename = '';
        // if there are any dparameters present in this part
        if (isset($p->dparameters) && is_array($p->dparameters) && count($p->dparameters) > 0) {
            foreach ($p->dparameters as $dparam) {
                if (strtoupper($dparam->attribute) == 'NAME' || strtoupper($dparam->attribute) == 'FILENAME') {
                    $filename = $dparam->value;
                }
            }
        }
        //if no filename found
        if ($filename == '') {
            // if there are any parameters present in this part
            if (isset($p->parameters) && is_array($p->parameters) && count($p->parameters) > 0) {
                foreach ($p->parameters as $param) {
                    if (strtoupper($param->attribute) == 'NAME' || strtoupper($param->attribute) == 'FILENAME') {
                        $filename = $param->value;
                    }
                }
            }
        }
        //write to disk and set partsarray variable
        if ($filename != '') {
            $filename = helpdesk_decode_string($filename);
            $filename = basename(strtolower($filename));
            $filename = tep_create_safe_string($filename, '-', '/[^0-9a-z_\\-\\.]+/');
            if (strlen($filename) < 5) {
                $filename = tep_create_random_value(32, 'mixed_lower');
            }
            $partsarray[$i]['attachment'] = array('filename' => $filename, 'binary' => $part);
            $index = 0;
            $org_filename = $filename;
            while (is_file($filestore . $filename)) {
                $index++;
                $filename = 'copy' . $index . '-' . $org_filename;
            }
            $fp = fopen($filestore . $filename, "w+");
            if (!$fp) {
                echo '<div class="messageStackError">' . sprintf(ERROR_WRITE_ATTACHMENT, $filestore) . '</div>';
            } else {
                echo '<div class="linepad heavy">' . sprintf(TEXT_INFO_ATTACHMENT_WRITE, $filestore . $filename) . '</div>';
                fwrite($fp, $part);
                fclose($fp);
                if (!in_array($filename, $attachments_array)) {
                    $attachments_array[] = $filename;
                }
            }
        }
        //end if type!=0
        //elseif part is text
    } elseif ($p->type == 0) {
        //decode text
        //if QUOTED-PRINTABLE
        if ($p->encoding == 4) {
            $part = quoted_printable_decode($part);
        }
        //if base 64
        if ($p->encoding == 3) {
            $part = base64_decode($part);
        }
        //OPTIONAL PROCESSING e.g. nl2br for plain text
        //if plain text
        if (strtoupper($p->subtype) == 'PLAIN') {
            1;
            //if HTML
        } elseif (strtoupper($p->subtype) == 'HTML') {
            1;
        }
        $partsarray[$i]['text'] = array('type' => $p->subtype, 'string' => $part);
    }
    //if subparts... recurse into function and parse them too!
    if (isset($p->parts) && count($p->parts) > 0) {
        foreach ($p->parts as $pno => $parr) {
            help_desk_parsepart($parr, $i . '.' . ($pno + 1), $link, $msgid, $partsarray, $attachments_array);
        }
    }
    return;
}
Example #30
0
 public function complete()
 {
     if (!$this->user_session) {
         redirect(site_url('login'));
     }
     $sci_info = $this->session->userdata('sci');
     if ($sci_info['master_key'] != $this->user_session['master_key']) {
         redirect('sci/transfer');
     }
     if (!$sci_info || empty($sci_info['checkout_currency'])) {
         $this->validator->addError('SCI Information', 'You haven\'t yet input sci info');
         $this->assign('validerrors', $this->validator->errors);
     } else {
         $this->data['sci_info'] = $sci_info;
         $sci_user = $this->user->getUser(array('account_number' => $sci_info['payee_account']));
         if (!$sci_user) {
             redirect(site_url('transfer'));
         }
         $this->data['sci_user'] = $sci_user;
         $posts = $this->input->post();
         $balance_current = $this->balance->getBalance(array('user_id' => $this->user_session['user_id'], 'currency_code' => $sci_info['checkout_currency']));
         if ($posts) {
             if (empty($sci_info['checkout_amount']) || $sci_info['checkout_amount'] <= 0) {
                 $this->validator->addError('Amount', 'Amount greater than 0');
             } else {
                 if ($sci_info['checkout_amount'] > $balance_current['balance']) {
                     $this->validator->addError('Amount', 'You don\'t have enough money to transfer');
                 }
             }
             $batch_number = tep_create_random_value(11, 'digits');
             if (count($this->validator->errors) == 0) {
                 $transaction_data_array = array('from_userid' => $this->user_session['user_id'], 'batch_number' => $batch_number, 'to_userid' => $sci_user['user_id'], 'amount' => $sci_info['checkout_amount'], 'fee' => $sci_info['fees'], 'fee_text' => $sci_info['fees_text'], 'transaction_time' => date('YmdHis'), 'transaction_memo' => $sci_info['transaction_memo'], 'from_account' => $this->user_session['account_number'], 'to_account' => $sci_user['account_number'], 'transaction_currency' => $sci_info['checkout_currency'], 'amount_text' => $sci_info['balance'], 'transaction_status' => 'completed');
                 $this->data['transaction_data'] = $transaction_data_array;
                 $transaction_id = $this->transaction->insert($transaction_data_array);
                 $history = array('from_userid' => $this->user_session['user_id'], 'batch_number' => $batch_number, 'transaction_id' => $transaction_id, 'to_userid' => $sci_user['user_id'], 'amount' => $sci_info['checkout_amount'], 'fee' => $sci_info['fees'], 'fee_text' => $sci_info['fees_text'], 'transaction_time' => date('YmdHis'), 'transaction_memo' => $sci_info['transaction_memo'], 'from_account' => $this->user_session['account_number'], 'to_account' => $sci_user['account_number'], 'transaction_currency' => $sci_info['checkout_currency'], 'amount_text' => $sci_info['balance'], 'transaction_status' => 'completed', 'description' => '', 'fail_url' => $sci_info['fail_url'], 'cancel_url' => $sci_info['cancel_url'], 'status_url' => $sci_info['status_url'], 'success_url' => $sci_info['success_url'], 'extra_fields' => serialize($sci_info['extra_field']), 'status_method' => $sci_info['status_method']);
                 if (!empty($history['status_url'])) {
                     $current_transaction = $this->transaction->getTransactionById($transaction_id);
                     $dataPost = array('payee_account' => $current_transaction['to_account'], 'payer_account' => $current_transaction['from_account'], 'checkout_amount' => $current_transaction['amount'], 'checkout_currency' => $current_transaction['transaction_currency'], 'batch_number' => $current_transaction['batch_number'], 'transaction_status' => $current_transaction['transaction_status'], 'transaction_currency' => $current_transaction['transaction_currency']);
                     if ($history['status_method'] == 'GET') {
                         $results = curl_get(base64_decode($history['status_url']), $dataPost);
                     } else {
                         $results = curl_post(base64_decode($history['status_url']), $dataPost);
                     }
                     if ($results) {
                         if (preg_match("/SUCCESS/i", $results)) {
                             $this->assign('url', base64_decode($history['success_url']));
                             $this->assign('success', true);
                         } elseif (preg_match("/ERROR/i", $results) && !empty($history['fail_url'])) {
                             $this->assign('url', base64_decode($history['fail_url']));
                             $this->assign('success', FALSE);
                         }
                     } else {
                         $history_id = $this->transaction->insertHistory($history);
                     }
                 } else {
                     $this->assign('url', base64_decode($history['success_url']));
                     $this->assign('success', true);
                 }
                 $current_amount = $sci_info['checkout_amount'] - $sci_info['fees'];
                 $balanceFrom = array('user_id' => $this->user_session['user_id'], 'currency_code' => $sci_info['checkout_currency']);
                 $this->balance->updateBalance($balanceFrom, $sci_info['checkout_amount'], '-');
                 $balanceTo = array('user_id' => $sci_user['user_id'], 'currency_code' => $sci_info['checkout_currency']);
                 $this->balance->updateBalance($balanceTo, $current_amount, '+');
                 //admin transfer
                 $batch_number_admin = tep_create_random_value(11, 'digits');
                 $transaction_data_array_admin = array('from_userid' => $sci_user['user_id'], 'batch_number' => $batch_number_admin, 'to_userid' => 1, 'amount' => $sci_info['fees'], 'fee' => 0, 'transaction_time' => date('YmdHis'), 'transaction_memo' => 'transaction fees #' . $batch_number, 'from_account' => $sci_user['account_number'], 'to_account' => 'OOKCASH', 'transaction_currency' => $sci_info['checkout_currency'], 'amount_text' => $sci_info['fees_text'], 'transaction_status' => 'completed', 'status' => '0');
                 $this->transaction->insert($transaction_data_array_admin);
                 $balanceAdmin = array('user_id' => 1, 'currency_code' => $sci_info['checkout_currency']);
                 $this->balance->updateBalance($balanceAdmin, $sci_info['fees'], '+');
                 $this->load->model('email_model');
                 $dataEmail = array('firstname' => $sci_user['firstname'], 'amount_text' => $sci_info['fees_text'], 'batch_number' => $batch_number, 'balance_currency' => $sci_info['checkout_currency'], 'from_account' => $this->user_session['account_number'], 'fees_text' => $sci_info['fees_text']);
                 //                    $this->email_model->sendmail('TRANSFER_EMAIL', $sci_user['firstname'], $sci_user['email'], $dataEmail);
                 $this->session->unset_userdata('sci');
                 $this->data['success'] = true;
             } else {
                 $this->assign('validerrors', $this->validator->errors);
             }
         }
     }
     $this->view('sci/complete');
 }