/**
* Get replacement elements for country and region fields on the checkout form
*
* Note: extracted from the wpsc_change_tax function in ajax.php as of version 3.8.13.3
*
* @since 3.8.14
* @access private
* @return array checkout information
*/
function _wpsc_get_checkout_info()
{
global $wpsc_cart;
// Checkout info is what we will return to the AJAX client
$checkout_info = array();
// start with items that have no dependencies
$checkout_info['delivery_country'] = wpsc_get_customer_meta('shippingcountry');
$checkout_info['billing_country'] = wpsc_get_customer_meta('billingcountry');
$checkout_info['country_name'] = wpsc_get_country($checkout_info['delivery_country']);
$checkout_info['lock_tax'] = get_option('lock_tax');
// TODO: this is set anywhere, probably deprecated
$checkout_info['needs_shipping_recalc'] = wpsc_cart_need_to_recompute_shipping_quotes();
$checkout_info['shipping_keys'] = array();
foreach ($wpsc_cart->cart_items as $key => $cart_item) {
$checkout_info['shipping_keys'][$key] = wpsc_currency_display($cart_item->shipping);
}
if (!$checkout_info['needs_shipping_recalc']) {
$wpsc_cart->update_location();
$wpsc_cart->get_shipping_method();
$wpsc_cart->get_shipping_option();
if ($wpsc_cart->selected_shipping_method != '') {
$wpsc_cart->update_shipping($wpsc_cart->selected_shipping_method, $wpsc_cart->selected_shipping_option);
}
$tax = $wpsc_cart->calculate_total_tax();
$total = wpsc_cart_total();
$total_input = wpsc_cart_total(false);
if ($wpsc_cart->coupons_amount >= $total_input && !empty($wpsc_cart->coupons_amount)) {
$total = 0;
}
if ($wpsc_cart->total_price < 0) {
$wpsc_cart->coupons_amount += $wpsc_cart->total_price;
$wpsc_cart->total_price = null;
$wpsc_cart->calculate_total_price();
}
$cart_widget = _wpsc_ajax_get_cart(false);
if (isset($cart_widget['widget_output']) && !empty($cart_widget['widget_output'])) {
$checkout_info['widget_output'] = $cart_widget['widget_output'];
}
$checkout_info['cart_shipping'] = wpsc_cart_shipping();
$checkout_info['tax'] = $tax;
$checkout_info['display_tax'] = wpsc_cart_tax();
$checkout_info['total'] = $total;
$checkout_info['total_input'] = $total_input;
}
return apply_filters('wpsc_ajax_checkout_info', $checkout_info);
}
</tr>
<?php
}
?>
<tr class='total_price'>
<td colspan='3'>
<?php
echo TXT_WPSC_TOTALPRICE;
?>
</td>
<td colspan='2'>
<span id='checkout_total' class="pricedisplay checkout-total"><?php
echo wpsc_cart_total();
?>
</span>
</td>
</tr>
</table>
<?php
do_action('wpsc_before_form_of_shopping_cart');
?>
<form class='wpsc_checkout_forms' action='' method='post' enctype="multipart/form-data">
<?php
/**
* wpsc_change_tax function, used through ajax and in normal page loading.
* No parameters, returns nothing
*/
function wpsc_change_tax()
{
global $wpdb, $wpsc_cart, $wpsc_theme_path;
$form_id = absint($_POST['form_id']);
$wpsc_selected_country = $wpsc_cart->selected_country;
$wpsc_selected_region = $wpsc_cart->selected_region;
$wpsc_delivery_country = $wpsc_cart->delivery_country;
$wpsc_delivery_region = $wpsc_cart->delivery_region;
$previous_country = $_SESSION['wpsc_selected_country'];
if (isset($_POST['billing_country'])) {
$wpsc_selected_country = $wpdb->escape($_POST['billing_country']);
$_SESSION['wpsc_selected_country'] = $wpsc_selected_country;
}
if (isset($_POST['billing_region'])) {
$wpsc_selected_region = absint($_POST['billing_region']);
$_SESSION['wpsc_selected_region'] = $wpsc_selected_region;
}
//if(!wpsc_has_shipping_form()) {
// $_POST['shipping_country'] = $wpsc_selected_country;
// $_POST['shipping_region'] = $wpsc_selected_region;
//}
$check_country_code = $wpdb->get_var(" SELECT `country`.`isocode` FROM `" . WPSC_TABLE_REGION_TAX . "` AS `region` INNER JOIN `" . WPSC_TABLE_CURRENCY_LIST . "` AS `country` ON `region`.`country_id` = `country`.`id` WHERE `region`.`id` = '" . $_SESSION['wpsc_selected_region'] . "' LIMIT 1");
if ($_SESSION['wpsc_selected_country'] != $check_country_code) {
$wpsc_selected_region = null;
}
if (isset($_POST['shipping_country'])) {
$wpsc_delivery_country = $wpdb->escape($_POST['shipping_country']);
$_SESSION['wpsc_delivery_country'] = $wpsc_delivery_country;
}
if (isset($_POST['shipping_region'])) {
$wpsc_delivery_region = absint($_POST['shipping_region']);
$_SESSION['wpsc_delivery_region'] = $wpsc_delivery_region;
}
$check_country_code = $wpdb->get_var(" SELECT `country`.`isocode` FROM `" . WPSC_TABLE_REGION_TAX . "` AS `region` INNER JOIN `" . WPSC_TABLE_CURRENCY_LIST . "` AS `country` ON `region`.`country_id` = `country`.`id` WHERE `region`.`id` = '" . $wpsc_delivery_region . "' LIMIT 1");
if ($wpsc_delivery_country != $check_country_code) {
$wpsc_delivery_region = null;
}
$wpsc_cart->update_location();
$wpsc_cart->get_shipping_method();
$wpsc_cart->get_shipping_option();
if ($wpsc_cart->selected_shipping_method != '') {
$wpsc_cart->update_shipping($wpsc_cart->selected_shipping_method, $wpsc_cart->selected_shipping_option);
}
$tax = $wpsc_cart->calculate_total_tax();
$total = wpsc_cart_total();
ob_start();
$cur_wpsc_theme_folder = apply_filters('wpsc_theme_folder', $wpsc_theme_path . WPSC_THEME_DIR);
include_once $cur_wpsc_theme_folder . "/cart_widget.php";
$output = ob_get_contents();
ob_end_clean();
//exit("/*<pre>".print_r($wpsc_cart,true)."</pre>*/");
$output = str_replace(array("\n", "\r"), array("\\n", "\\r"), addslashes($output));
if (get_option('lock_tax') == 1) {
//echo "jQuery('#region').val(".$_SESSION['wpsc_delivery_region']."); \n";
echo "jQuery('#current_country').val('" . $_SESSION['wpsc_delivery_country'] . "'); \n";
if ($_SESSION['wpsc_delivery_country'] == 'US' && get_option('lock_tax') == 1) {
//exit('<pre>'.print_r($_SESSION, true).'</pre>');
$output = wpsc_shipping_region_list($_SESSION['wpsc_delivery_country'], $_SESSION['wpsc_delivery_region']);
// echo 'jQuery("#change_country").append(\''.$output.'\');\n\r';
$output = str_replace(array("\n", "\r"), array("\\n", "\\r"), addslashes($output));
echo "jQuery('#region').remove();\n\r";
echo "jQuery('#change_country').append(\"" . $output . "\");\n\r";
}
}
foreach ($wpsc_cart->cart_items as $key => $cart_item) {
echo "jQuery('#shipping_{$key}').html(\"" . $wpsc_cart->process_as_currency($cart_item->shipping) . "\");\n\r";
}
echo "jQuery('#checkout_shipping').html(\"" . wpsc_cart_shipping() . "\");\n\r";
echo "jQuery('div.shopping-cart-wrapper').html('{$output}');\n";
if (get_option('lock_tax') == 1) {
echo "jQuery('.shipping_country').val('" . $_SESSION['wpsc_delivery_country'] . "') \n";
$sql = "SELECT `country` FROM `" . WPSC_TABLE_CURRENCY_LIST . "` WHERE `isocode`='" . $_SESSION['wpsc_selected_country'] . "'";
$country_name = $wpdb->get_var($sql);
echo "jQuery('.shipping_country_name').html('" . $country_name . "') \n";
}
$form_selected_country = null;
$form_selected_region = null;
$onchange_function = null;
if ($_POST['billing_country'] != 'undefined' && !isset($_POST['shipping_country'])) {
$form_selected_country = $wpsc_selected_country;
$form_selected_region = $wpsc_selected_region;
$onchange_function = 'set_billing_country';
$title = 'billingregion';
} else {
if ($_POST['shipping_country'] != 'undefined' && !isset($_POST['billing_country'])) {
$form_selected_country = $wpsc_delivery_country;
$form_selected_region = $wpsc_delivery_region;
$onchange_function = 'set_shipping_country';
$title = 'shippingregion';
}
}
if ($form_selected_country != null && $onchange_function != null) {
$region_list = $wpdb->get_results("SELECT `" . WPSC_TABLE_REGION_TAX . "`.* FROM `" . WPSC_TABLE_REGION_TAX . "`, `" . WPSC_TABLE_CURRENCY_LIST . "` WHERE `" . WPSC_TABLE_CURRENCY_LIST . "`.`isocode` IN('" . $form_selected_country . "') AND `" . WPSC_TABLE_CURRENCY_LIST . "`.`id` = `" . WPSC_TABLE_REGION_TAX . "`.`country_id`", ARRAY_A);
if ($region_list != null) {
$output = "<select title='{$title}' name='collected_data[" . $form_id . "][1]' class='current_region' onchange='{$onchange_function}(\"region_country_form_{$form_id}\", \"{$form_id}\");'>\n\r";
foreach ($region_list as $region) {
if ($form_selected_region == $region['id']) {
$selected = "selected='selected'";
} else {
$selected = "";
}
$output .= " <option value='" . $region['id'] . "' {$selected}>" . htmlspecialchars($region['name']) . "</option>\n\r";
}
$output .= "</select>\n\r";
$output = str_replace(array("\n", "\r"), array("\\n", "\\r"), addslashes($output));
echo "jQuery('#region_select_{$form_id}').html(\"" . $output . "\");\n\r";
} else {
if (get_option('lock_tax') == 1) {
echo "jQuery('#region').hide();";
}
echo "jQuery('#region_select_{$form_id}').html('');\n\r";
}
}
if ($tax > 0) {
echo "jQuery(\"tr.total_tax\").show();\n\r";
} else {
echo "jQuery(\"tr.total_tax\").hide();\n\r";
}
echo "jQuery('#checkout_tax').html(\"<span class='pricedisplay'>" . wpsc_cart_tax() . "</span>\");\n\r";
echo "jQuery('#checkout_total').html(\"<span class='pricedisplay'>{$total}</span><input id='shopping_cart_total_price' type='hidden' value='{$total}' />\");\n\r";
//echo "\n\r/*\n\r{$wpsc_cart->tax_percentage}\n\r*/\n\r";
exit;
}
<?php echo __('Discount', 'wpsc'); ?>
</td>
<td colspan="2">
<span id="coupons_amount" class="pricedisplay"><?php echo wpsc_coupon_amount(); ?></span>
</td>
</tr>
<?php endif ?>
<tr class='total_price'>
<td colspan='3'>
<?php echo __('Total Price', 'wpsc'); ?>
</td>
<td colspan='2'>
<span id='checkout_total' class="pricedisplay checkout-total"><?php echo wpsc_cart_total(); ?></span>
</td>
</tr>
</table>
<?php do_action('wpsc_before_form_of_shopping_cart'); ?>
<form class='wpsc_checkout_forms' action='' method='post' enctype="multipart/form-data">
<?php
/**
* Both the registration forms and the checkout details forms must be in the same form element as they are submitted together, you cannot have two form elements submit together without the use of JavaScript.
*/
?>
/**
* prcessing functions, this is where the main logic of paypal express lives
* @access public
*
* @since 3.8
*/
function paypal_processingfunctions()
{
global $wpdb, $wpsc_cart;
$sessionid = (string) wpsc_get_customer_meta('paypal_express_sessionid');
if (isset($_REQUEST['act']) && 'error' == $_REQUEST['act']) {
$resArray = wpsc_get_customer_meta('paypal_express_reshash');
$paypal_express_message = '
<center>
<table width="700" align="left">
<tr>
<td colspan="2" class="header">' . __('The PayPal API has returned an error!', 'wpsc') . '</td>
</tr>
';
//it will print if any URL errors
if (wpsc_get_customer_meta('paypal_express_curl_error_msg')) {
$errorMessage = wpsc_get_customer_meta('paypal_express_curl_error_msg');
$response = wpsc_get_customer_meta('paypal_express_response');
$paypal_express_message .= '
<tr>
<td>response:</td>
<td>' . $response . '</td>
</tr>
<tr>
<td>Error Message:</td>
<td>' . $errorMessage . '</td>
</tr>';
} else {
/* If there is no URL Errors, Construct the HTML page with
Response Error parameters. */
$paypal_express_message .= "\n\t\t\t\t<tr>\n\t\t\t\t\t<td>Ack:</td>\n\t\t\t\t\t<td>" . $resArray['ACK'] . "</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td>Correlation ID:</td>\n\t\t\t\t\t<td>" . $resArray['CORRELATIONID'] . "</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td>Version:</td>\n\t\t\t\t\t<td>" . $resArray['VERSION'] . "</td>\n\t\t\t\t</tr>";
$count = 0;
while (isset($resArray["L_SHORTMESSAGE" . $count])) {
$errorCode = $resArray["L_ERRORCODE" . $count];
$shortMessage = $resArray["L_SHORTMESSAGE" . $count];
$longMessage = $resArray["L_LONGMESSAGE" . $count];
$count = $count + 1;
$paypal_express_message .= "\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>" . __('Error Number:', 'wpsc') . "</td>\n\t\t\t\t\t\t<td> {$errorCode} </td>\n\t\t\t\t\t</tr>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>" . __('Short Message:', 'wpsc') . "</td>\n\t\t\t\t\t\t<td> {$shortMessage} </td>\n\t\t\t\t\t</tr>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>" . __('Long Message:', 'wpsc') . "</td>\n\t\t\t\t\t\t<td> {$longMessage} </td>\n\t\t\t\t\t</tr>";
}
//end while
}
// end else
$paypal_express_message .= "\n\t\t\t</center>\n\t\t\t\t</table>";
wpsc_update_customer_meta('paypal_express_message', $paypal_express_message);
} else {
if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'do') {
/* Gather the information to make the final call to
finalize the PayPal payment. The variable nvpstr
holds the name value pairs */
$token = urlencode($_REQUEST['token']);
$paymentAmount = urlencode(wpsc_get_customer_meta('paypal_express_converted_amount'));
$paymentType = urlencode(wpsc_get_customer_meta('paypal_express_payment_type'));
$currCodeType = urlencode(wpsc_get_paypal_currency_code());
$payerID = urlencode($_REQUEST['PayerID']);
$serverName = urlencode($_SERVER['SERVER_NAME']);
$BN = 'Instinct_e-commerce_wp-shopping-cart_NZ';
$nvpstr = '&TOKEN=' . $token . '&PAYERID=' . $payerID . '&PAYMENTREQUEST_0_PAYMENTACTION=Sale&PAYMENTREQUEST_0_CURRENCYCODE=' . $currCodeType . '&IPADDRESS=' . $serverName . "&BUTTONSOURCE=" . $BN . "&PAYMENTREQUEST_0_INVNUM=" . urlencode($sessionid);
// IPN data
if (get_option('paypal_ipn') == 1) {
$notify_url = add_query_arg('wpsc_action', 'gateway_notification', get_option('siteurl') . "/index.php");
$notify_url = add_query_arg('gateway', 'wpsc_merchant_paypal_express', $notify_url);
$notify_url = apply_filters('wpsc_paypal_express_notify_url', $notify_url);
$nvpstr .= '&PAYMENTREQUEST_0_NOTIFYURL=' . urlencode($notify_url);
}
// Horrible code that I had to write to hot fix the issue with missing item detail in email receipts. arrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrgh!!!!! @#@$%@#%@##$#$
$purchase_log = $wpdb->get_row($wpdb->prepare("SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `sessionid` = %s", $sessionid), ARRAY_A);
$cart_data = $original_cart_data = $wpdb->get_results("SELECT * FROM `" . WPSC_TABLE_CART_CONTENTS . "` WHERE `purchaseid` = {$purchase_log['id']}", ARRAY_A);
$i = 0;
$item_total = 0;
$shipping_total = 0;
foreach ($cart_data as $cart_item) {
$converted_price = wpsc_paypal_express_convert($cart_item['price']);
$nvpstr .= "&L_PAYMENTREQUEST_0_NAME{$i}=" . urlencode(apply_filters('the_title', $cart_item['name']));
$nvpstr .= "&L_PAYMENTREQUEST_0_AMT{$i}=" . $converted_price;
$nvpstr .= "&L_PAYMENTREQUEST_0_NUMBER{$i}=" . $i;
$nvpstr .= "&L_PAYMENTREQUEST_0_QTY{$i}=" . $cart_item['quantity'];
$item_total += $converted_price * $cart_item['quantity'];
$shipping_total += wpsc_paypal_express_convert($cart_item['pnp']);
$i++;
}
//if we have a discount then include a negative amount with that discount
if ($purchase_log['discount_value'] && 0.0 != $purchase_log['discount_value']) {
$discount_value = wpsc_paypal_express_convert($purchase_log['discount_value']);
// if item total < discount amount, leave at least 0.01 unit in item total, then subtract
// 0.01 from shipping as well
if ($discount_value >= $item_total) {
$discount_value = $item_total - 0.01;
$shipping_total -= 0.01;
}
$nvpstr .= "&L_PAYMENTREQUEST_0_NAME{$i}=" . urlencode("Discount / Coupon");
$nvpstr .= "&L_PAYMENTREQUEST_0_AMT{$i}=-" . urlencode($discount_value);
$nvpstr .= "&L_PAYMENTREQUEST_0_NUMBER{$i}={$i}";
$nvpstr .= "&L_PAYMENTREQUEST_0_QTY{$i}=1";
$item_total -= $discount_value;
}
$item_total = wpsc_paypal_express_format($item_total);
$shipping_total = wpsc_paypal_express_convert($purchase_log['base_shipping']) + $shipping_total;
$nvpstr .= '&PAYMENTREQUEST_0_ITEMAMT=' . $item_total;
$nvpstr .= '&PAYMENTREQUEST_0_SHIPPINGAMT=' . $shipping_total;
$total = $item_total + $shipping_total;
if (!wpsc_tax_isincluded()) {
$tax = wpsc_paypal_express_convert($purchase_log['wpec_taxes_total']);
$nvpstr .= '&PAYMENTREQUEST_0_TAXAMT=' . $tax;
$total += $tax;
}
// adjust total amount in case we had to round up after converting currency
if ($total != $paymentAmount) {
$paymentAmount = $total;
}
$nvpstr .= "&PAYMENTREQUEST_0_AMT={$paymentAmount}";
$resArray = paypal_hash_call("DoExpressCheckoutPayment", $nvpstr);
/* Display the API response back to the browser.
If the response from PayPal was a success, display the response parameters'
If the response was an error, display the errors received using APIError.php. */
$ack = strtoupper($resArray["ACK"]);
wpsc_update_customer_meta('paypal_express_reshash', $resArray);
if ($ack != "SUCCESS") {
$location = get_option('transact_url') . "&act=error";
} else {
$transaction_id = $resArray['PAYMENTINFO_0_TRANSACTIONID'];
switch ($resArray['PAYMENTINFO_0_PAYMENTSTATUS']) {
case 'Processed':
// I think this is mostly equivalent to Completed
// I think this is mostly equivalent to Completed
case 'Completed':
wpsc_update_purchase_log_status($sessionid, 3, 'sessionid');
transaction_results($sessionid, false);
break;
case 'Pending':
// need to wait for "Completed" before processing
wpsc_update_purchase_log_details($sessionid, array('processed' => 2, 'date' => time(), 'transactid' => $transaction_id), 'sessionid');
break;
}
$location = add_query_arg('sessionid', $sessionid, get_option('transact_url'));
wpsc_delete_customer_meta('paypal_express_message');
wp_redirect($location);
exit;
}
wpsc_delete_customer_meta('nzshpcrt_serialized_cart');
wpsc_delete_customer_meta('nzshpcart');
$wpsc_cart->empty_cart();
} else {
if (isset($_REQUEST['paymentType']) || isset($_REQUEST['token'])) {
$token = $_REQUEST['token'];
if (!isset($token)) {
$paymentAmount = wpsc_get_customer_meta('paypal_express_converted_amount');
$currencyCodeType = wpsc_get_paypal_currency_code();
$paymentType = 'Sale';
if (get_option('permalink_structure') != '') {
$separator = "?";
} else {
$separator = "&";
}
$returnURL = urlencode(get_option('transact_url') . $separator . 'currencyCodeType=' . $currencyCodeType . '&paymentType=' . $paymentType . '&paymentAmount=' . $paymentAmount);
$cancelURL = urlencode(get_option('transact_url') . $separator . 'paymentType=$paymentType');
/* Construct the parameter string that describes the PayPal payment
the varialbes were set in the web form, and the resulting string
is stored in $nvpstr */
$nvpstr = "&PAYMENTREQUEST_0_AMT=" . $paymentAmount . "&PAYMENTREQUEST_0_PAYMENTACTION=" . $paymentType . "&ReturnUrl=" . $returnURL . "&CANCELURL=" . $cancelURL . "&PAYMENTREQUEST_0_CURRENCYCODE=" . $currencyCodeType;
/* Make the call to PayPal to set the Express Checkout token
If the API call succeded, then redirect the buyer to PayPal
to begin to authorize payment. If an error occured, show the
resulting errors
*/
$resArray = paypal_hash_call("SetExpressCheckout", $nvpstr);
wpsc_update_customer_meta('paypal_express_reshash', $resArray);
$ack = strtoupper($resArray["ACK"]);
if ($ack == "SUCCESS") {
// Redirect to paypal.com here
$token = urldecode($resArray["TOKEN"]);
$payPalURL = $PAYPAL_URL . $token;
wp_redirect($payPalURL);
} else {
// Redirecting to APIError.php to display errors.
$location = get_option('transact_url') . "&act=error";
wp_redirect($location);
}
exit;
} else {
/* At this point, the buyer has completed in authorizing payment
at PayPal. The script will now call PayPal with the details
of the authorization, incuding any shipping information of the
buyer. Remember, the authorization is not a completed transaction
at this state - the buyer still needs an additional step to finalize
the transaction
*/
$token = urlencode($_REQUEST['token']);
/* Build a second API request to PayPal, using the token as the
ID to get the details on the payment authorization
*/
$nvpstr = "&TOKEN=" . $token;
/* Make the API call and store the results in an array. If the
call was a success, show the authorization details, and provide
an action to complete the payment. If failed, show the error
*/
$resArray = paypal_hash_call("GetExpressCheckoutDetails", $nvpstr);
wpsc_update_customer_meta('paypal_express_reshash', $resArray);
$ack = strtoupper($resArray["ACK"]);
if ($ack == "SUCCESS") {
/********************************************************
GetExpressCheckoutDetails.php
This functionality is called after the buyer returns from
PayPal and has authorized the payment.
Displays the payer details returned by the
GetExpressCheckoutDetails response and calls
DoExpressCheckoutPayment.php to complete the payment
authorization.
Called by ReviewOrder.php.
Calls DoExpressCheckoutPayment.php and APIError.php.
********************************************************/
/* Collect the necessary information to complete the
authorization for the PayPal payment
*/
/* Display the API response back to the browser .
If the response from PayPal was a success, display the response parameters
*/
if (isset($_REQUEST['token']) && !isset($_REQUEST['PayerID'])) {
wpsc_update_customer_meta('paypal_express_message', _x('<h4>TRANSACTION CANCELED</h4>', 'paypal express cancel header', 'wpsc'));
} else {
wpsc_update_customer_meta('paypal_express_token', $_REQUEST['token']);
wpsc_update_customer_meta('paypal_express_payer_id', $_REQUEST['PayerID']);
$resArray = wpsc_get_customer_meta('paypal_express_reshash');
if (get_option('permalink_structure') != '') {
$separator = "?";
} else {
$separator = "&";
}
if (!isset($resArray['SHIPTOSTREET2'])) {
$resArray['SHIPTOSTREET2'] = '';
}
$output = "\n\t\t\t\t\t <table width='400' class='paypal_express_form'>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td align='left' class='firstcol'><b>" . __('Order Total:', 'wpsc') . "</b></td>\n\t\t\t\t\t\t\t<td align='left'>" . wpsc_currency_display(wpsc_get_customer_meta('paypal_express_original_amount')) . "</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td align='left' colspan='2'><b>" . __('Shipping Address:', 'wpsc') . " </b></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td align='left' class='firstcol'>\n\t\t\t\t\t\t\t\t" . __('Street 1:', 'wpsc') . "</td>\n\t\t\t\t\t\t\t<td align='left'>" . $resArray['SHIPTOSTREET'] . "</td>\n\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td align='left' class='firstcol'>\n\t\t\t\t\t\t\t\t" . __('Street 2:', 'wpsc') . "</td>\n\t\t\t\t\t\t\t<td align='left'>" . $resArray['SHIPTOSTREET2'] . "\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td align='left' class='firstcol'>\n\t\t\t\t\t\t\t\t" . __('City:', 'wpsc') . "</td>\n\n\t\t\t\t\t\t\t<td align='left'>" . $resArray['SHIPTOCITY'] . "</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td align='left' class='firstcol'>\n\t\t\t\t\t\t\t\t" . __('State:', 'wpsc') . "</td>\n\t\t\t\t\t\t\t<td align='left'>" . $resArray['SHIPTOSTATE'] . "</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td align='left' class='firstcol'>\n\t\t\t\t\t\t\t\t" . __('Postal code:', 'wpsc') . "</td>\n\n\t\t\t\t\t\t\t<td align='left'>" . $resArray['SHIPTOZIP'] . "</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td align='left' class='firstcol'>\n\t\t\t\t\t\t\t\t" . __('Country:', 'wpsc') . "</td>\n\t\t\t\t\t\t\t<td align='left'>" . $resArray['SHIPTOCOUNTRYNAME'] . "</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td colspan='2'>";
$output .= "<form action=" . get_option('transact_url') . " method='post'>\n";
$output .= "\t<input type='hidden' name='totalAmount' value='" . wpsc_cart_total(false) . "' />\n";
$output .= "\t<input type='hidden' name='shippingStreet' value='" . $resArray['SHIPTOSTREET'] . "' />\n";
$output .= "\t<input type='hidden' name='shippingStreet2' value='" . $resArray['SHIPTOSTREET2'] . "' />\n";
$output .= "\t<input type='hidden' name='shippingCity' value='" . $resArray['SHIPTOCITY'] . "' />\n";
$output .= "\t<input type='hidden' name='shippingState' value='" . $resArray['SHIPTOSTATE'] . "' />\n";
$output .= "\t<input type='hidden' name='postalCode' value='" . $resArray['SHIPTOZIP'] . "' />\n";
$output .= "\t<input type='hidden' name='country' value='" . $resArray['SHIPTOCOUNTRYNAME'] . "' />\n";
$output .= "\t<input type='hidden' name='token' value='" . wpsc_get_customer_meta('paypal_express_token') . "' />\n";
$output .= "\t<input type='hidden' name='PayerID' value='" . wpsc_get_customer_meta('paypal_express_payer_id') . "' />\n";
$output .= "\t<input type='hidden' name='act' value='do' />\n";
$output .= "\t<p> <input name='usePayPal' type='submit' value='" . __('Confirm Payment', 'wpsc') . "' /></p>\n";
$output .= "</form>";
$output .= " </td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t</table>\n\t\t\t\t\t</center>\n\t\t\t\t\t";
wpsc_update_customer_meta('paypal_express_message', $output);
}
}
}
}
}
}
}
/**
* wpsc_change_tax function, used through ajax and in normal page loading.
* No parameters, returns nothing
*/
function wpsc_change_tax()
{
global $wpdb, $wpsc_cart;
$form_id = absint($_POST['form_id']);
$wpsc_selected_country = $wpsc_cart->selected_country;
$wpsc_selected_region = $wpsc_cart->selected_region;
$wpsc_delivery_country = $wpsc_cart->delivery_country;
$wpsc_delivery_region = $wpsc_cart->delivery_region;
$previous_country = $_SESSION['wpsc_selected_country'];
if (isset($_POST['billing_country'])) {
$wpsc_selected_country = $wpdb->escape($_POST['billing_country']);
$_SESSION['wpsc_selected_country'] = $wpsc_selected_country;
}
if (isset($_POST['billing_region'])) {
$wpsc_selected_region = absint($_POST['billing_region']);
$_SESSION['wpsc_selected_region'] = $wpsc_selected_region;
}
$check_country_code = $wpdb->get_var(" SELECT `country`.`isocode` FROM `" . WPSC_TABLE_REGION_TAX . "` AS `region` INNER JOIN `" . WPSC_TABLE_CURRENCY_LIST . "` AS `country` ON `region`.`country_id` = `country`.`id` WHERE `region`.`id` = '" . $_SESSION['wpsc_selected_region'] . "' LIMIT 1");
if ($_SESSION['wpsc_selected_country'] != $check_country_code) {
$wpsc_selected_region = null;
}
if (isset($_POST['shipping_country'])) {
$wpsc_delivery_country = $wpdb->escape($_POST['shipping_country']);
$_SESSION['wpsc_delivery_country'] = $wpsc_delivery_country;
}
if (isset($_POST['shipping_region'])) {
$wpsc_delivery_region = absint($_POST['shipping_region']);
$_SESSION['wpsc_delivery_region'] = $wpsc_delivery_region;
}
$check_country_code = $wpdb->get_var(" SELECT `country`.`isocode` FROM `" . WPSC_TABLE_REGION_TAX . "` AS `region` INNER JOIN `" . WPSC_TABLE_CURRENCY_LIST . "` AS `country` ON `region`.`country_id` = `country`.`id` WHERE `region`.`id` = '" . $wpsc_delivery_region . "' LIMIT 1");
if ($wpsc_delivery_country != $check_country_code) {
$wpsc_delivery_region = null;
}
$wpsc_cart->update_location();
$wpsc_cart->get_shipping_method();
$wpsc_cart->get_shipping_option();
if ($wpsc_cart->selected_shipping_method != '') {
$wpsc_cart->update_shipping($wpsc_cart->selected_shipping_method, $wpsc_cart->selected_shipping_option);
}
$tax = $wpsc_cart->calculate_total_tax();
$total = wpsc_cart_total();
$total_input = wpsc_cart_total(false);
if ($wpsc_cart->coupons_amount >= wpsc_cart_total() && !empty($wpsc_cart->coupons_amount)) {
$total = 0;
}
if ($wpsc_cart->total_price < 0) {
$wpsc_cart->coupons_amount += $wpsc_cart->total_price;
$wpsc_cart->total_price = null;
$wpsc_cart->calculate_total_price();
}
ob_start();
include_once wpsc_get_template_file_path('wpsc-cart_widget.php');
$output = ob_get_contents();
ob_end_clean();
$output = str_replace(array("\n", "\r"), array("\\n", "\\r"), addslashes($output));
if (get_option('lock_tax') == 1) {
echo "jQuery('#current_country').val('" . $_SESSION['wpsc_delivery_country'] . "'); \n";
if ($_SESSION['wpsc_delivery_country'] == 'US' && get_option('lock_tax') == 1) {
$output = wpsc_shipping_region_list($_SESSION['wpsc_delivery_country'], $_SESSION['wpsc_delivery_region']);
$output = str_replace(array("\n", "\r"), array("\\n", "\\r"), addslashes($output));
echo "jQuery('#region').remove();\n\r";
echo "jQuery('#change_country').append(\"" . $output . "\");\n\r";
}
}
foreach ($wpsc_cart->cart_items as $key => $cart_item) {
echo "jQuery('#shipping_{$key}').html(\"" . wpsc_currency_display($cart_item->shipping) . "\");\n\r";
}
echo "jQuery('#checkout_shipping').html(\"" . wpsc_cart_shipping() . "\");\n\r";
echo "jQuery('div.shopping-cart-wrapper').html('{$output}');\n";
if (get_option('lock_tax') == 1) {
echo "jQuery('.shipping_country').val('" . $_SESSION['wpsc_delivery_country'] . "') \n";
$sql = "SELECT `country` FROM `" . WPSC_TABLE_CURRENCY_LIST . "` WHERE `isocode`='" . $_SESSION['wpsc_selected_country'] . "'";
$country_name = $wpdb->get_var($sql);
echo "jQuery('.shipping_country_name').html('" . $country_name . "') \n";
}
$form_selected_country = null;
$form_selected_region = null;
$onchange_function = null;
if ($_POST['billing_country'] != 'undefined' && !isset($_POST['shipping_country'])) {
$form_selected_country = $wpsc_selected_country;
$form_selected_region = $wpsc_selected_region;
$onchange_function = 'set_billing_country';
} else {
if ($_POST['shipping_country'] != 'undefined' && !isset($_POST['billing_country'])) {
$form_selected_country = $wpsc_delivery_country;
$form_selected_region = $wpsc_delivery_region;
$onchange_function = 'set_shipping_country';
}
}
if ($form_selected_country != null && $onchange_function != null) {
$region_list = $wpdb->get_results("SELECT `" . WPSC_TABLE_REGION_TAX . "`.* FROM `" . WPSC_TABLE_REGION_TAX . "`, `" . WPSC_TABLE_CURRENCY_LIST . "` WHERE `" . WPSC_TABLE_CURRENCY_LIST . "`.`isocode` IN('" . $form_selected_country . "') AND `" . WPSC_TABLE_CURRENCY_LIST . "`.`id` = `" . WPSC_TABLE_REGION_TAX . "`.`country_id`", ARRAY_A);
if ($region_list != null) {
$title = empty($_POST['billing_country']) ? 'shippingstate' : 'billingstate';
$output = "<select name='collected_data[" . $form_id . "][1]' class='current_region' onchange='{$onchange_function}(\"region_country_form_{$form_id}\", \"{$form_id}\");' title='" . $title . "'>\n\r";
foreach ($region_list as $region) {
if ($form_selected_region == $region['id']) {
$selected = "selected='selected'";
} else {
$selected = "";
}
$output .= " <option value='" . $region['id'] . "' {$selected}>" . htmlspecialchars($region['name']) . "</option>\n\r";
}
$output .= "</select>\n\r";
$output = str_replace(array("\n", "\r"), array("\\n", "\\r"), addslashes($output));
echo "jQuery('#region_select_{$form_id}').html(\"" . $output . "\");\n\r";
echo "\n\t\t\t\tvar wpsc_checkout_table_selector = jQuery('#region_select_{$form_id}').parents('.wpsc_checkout_table').attr('class');\n\t\t\t\twpsc_checkout_table_selector = wpsc_checkout_table_selector.replace(' ','.');\n\t\t\t\twpsc_checkout_table_selector = '.'+wpsc_checkout_table_selector;\n\t\t\t\tjQuery(wpsc_checkout_table_selector + ' input.billing_region').attr('disabled', 'disabled');\n\t\t\t\tjQuery(wpsc_checkout_table_selector + ' input.shipping_region').attr('disabled', 'disabled');\n\t\t\t\tjQuery(wpsc_checkout_table_selector + ' .billing_region').parent().parent().hide();\n\t\t\t\tjQuery(wpsc_checkout_table_selector + ' .shipping_region').parent().parent().hide();\n\t\t\t";
} else {
if (get_option('lock_tax') == 1) {
echo "jQuery('#region').hide();";
}
echo "jQuery('#region_select_{$form_id}').html('');\n\r";
echo "\n\t\t\t\tvar wpsc_checkout_table_selector = jQuery('#region_select_{$form_id}').parents('.wpsc_checkout_table').attr('class');\n\t\t\t\twpsc_checkout_table_selector = wpsc_checkout_table_selector.replace(' ','.');\n\t\t\t\twpsc_checkout_table_selector = '.'+wpsc_checkout_table_selector;\n\t\t\t\tjQuery(wpsc_checkout_table_selector + ' input.billing_region').removeAttr('disabled');\n\t\t\t\tjQuery(wpsc_checkout_table_selector + ' input.shipping_region').removeAttr('disabled');\n\t\t\t\tjQuery(wpsc_checkout_table_selector + ' .billing_region').parent().parent().show();\n\t\t\t\tjQuery(wpsc_checkout_table_selector + ' .shipping_region').parent().parent().show();\n\t\t\t";
}
}
if ($tax > 0) {
echo "jQuery(\"tr.total_tax\").show();\n\r";
} else {
echo "jQuery(\"tr.total_tax\").hide();\n\r";
}
echo "jQuery('#checkout_tax').html(\"<span class='pricedisplay'>" . wpsc_cart_tax() . "</span>\");\n\r";
echo "jQuery('#checkout_total').html(\"{$total}<input id='shopping_cart_total_price' type='hidden' value='{$total_input}' />\");\n\r";
echo "if(jQuery(\"#shippingSameBilling\").is(\":checked\")) wpsc_shipping_same_as_billing();";
exit;
}
/**
* Checks if the current cart is a "Free Cart", which means one of the following:
*
* - Either the all of the cart items are priced at 0.
* - Or a coupon has been applied that results in a free cart.
*
* This is a helpful function for doing things like allowing free carts to be purchased, bypassing payment gateways.
*
* @since 3.9.0
* @return bool Whether or not the current cart's total cost is free or not.
*/
function wpsc_is_free_cart()
{
return apply_filters('wpsc_is_free_cart', wpsc_cart_item_count() && !floatval(wpsc_cart_total(false)));
}
/**
* wpsc_change_tax function, used through ajax and in normal page loading.
* No parameters, returns nothing
*/
function wpsc_change_tax()
{
global $wpdb, $wpsc_cart;
$form_id = absint($_POST['form_id']);
$wpsc_selected_country = $wpsc_cart->selected_country;
$wpsc_selected_region = $wpsc_cart->selected_region;
$wpsc_delivery_country = $wpsc_cart->delivery_country;
$wpsc_delivery_region = $wpsc_cart->delivery_region;
$previous_country = wpsc_get_customer_meta('billingcountry');
global $wpdb, $user_ID, $wpsc_customer_checkout_details;
if (isset($_POST['billing_country'])) {
$wpsc_selected_country = $_POST['billing_country'];
wpsc_update_customer_meta('billingcountry', $wpsc_selected_country);
}
if (isset($_POST['billing_region'])) {
$wpsc_selected_region = absint($_POST['billing_region']);
wpsc_update_customer_meta('billingregion', $wpsc_selected_region);
}
$check_country_code = WPSC_Countries::country_id(wpsc_get_customer_meta('billing_region'));
if (wpsc_get_customer_meta('billingcountry') != $check_country_code) {
$wpsc_selected_region = null;
}
if (isset($_POST['shipping_country'])) {
$wpsc_delivery_country = $_POST['shipping_country'];
wpsc_update_customer_meta('shippingcountry', $wpsc_delivery_country);
}
if (isset($_POST['shipping_region'])) {
$wpsc_delivery_region = absint($_POST['shipping_region']);
wpsc_update_customer_meta('shippingregion', $wpsc_delivery_region);
}
$check_country_code = WPSC_Countries::country_id($wpsc_delivery_region);
if ($wpsc_delivery_country != $check_country_code) {
$wpsc_delivery_region = null;
}
$wpsc_cart->update_location();
$wpsc_cart->get_shipping_method();
$wpsc_cart->get_shipping_option();
if ($wpsc_cart->selected_shipping_method != '') {
$wpsc_cart->update_shipping($wpsc_cart->selected_shipping_method, $wpsc_cart->selected_shipping_option);
}
$tax = $wpsc_cart->calculate_total_tax();
$total = wpsc_cart_total();
$total_input = wpsc_cart_total(false);
if ($wpsc_cart->coupons_amount >= $total_input && !empty($wpsc_cart->coupons_amount)) {
$total = 0;
}
if ($wpsc_cart->total_price < 0) {
$wpsc_cart->coupons_amount += $wpsc_cart->total_price;
$wpsc_cart->total_price = null;
$wpsc_cart->calculate_total_price();
}
$delivery_country = wpsc_get_customer_meta('shipping_country');
$output = _wpsc_ajax_get_cart(false);
$output = $output['widget_output'];
$json_response = array();
global $wpsc_checkout;
if (empty($wpsc_checkout)) {
$wpsc_checkout = new wpsc_checkout();
}
$json_response['delivery_country'] = esc_js($delivery_country);
$json_response['billing_country'] = esc_js($wpsc_selected_country);
$json_response['widget_output'] = $output;
$json_response['shipping_keys'] = array();
$json_response['cart_shipping'] = wpsc_cart_shipping();
$json_response['form_id'] = $form_id;
$json_response['tax'] = $tax;
$json_response['display_tax'] = wpsc_cart_tax();
$json_response['total'] = $total;
$json_response['total_input'] = $total_input;
$json_response['lock_tax'] = get_option('lock_tax');
$json_response['country_name'] = wpsc_get_country($delivery_country);
if ('US' == $delivery_country || 'CA' == $delivery_country) {
$output = wpsc_shipping_region_list($delivery_country, wpsc_get_customer_meta('shipping_region'));
$output = str_replace(array("\n", "\r"), '', $output);
$json_response['shipping_region_list'] = $output;
}
foreach ($wpsc_cart->cart_items as $key => $cart_item) {
$json_response['shipping_keys'][$key] = wpsc_currency_display($cart_item->shipping);
}
$form_selected_country = null;
$form_selected_region = null;
$onchange_function = null;
if (!empty($_POST['billing_country']) && $_POST['billing_country'] != 'undefined' && !isset($_POST['shipping_country'])) {
$form_selected_country = $wpsc_selected_country;
$form_selected_region = $wpsc_selected_region;
$onchange_function = 'set_billing_country';
} else {
if (!empty($_POST['shipping_country']) && $_POST['shipping_country'] != 'undefined' && !isset($_POST['billing_country'])) {
$form_selected_country = $wpsc_delivery_country;
$form_selected_region = $wpsc_delivery_region;
$onchange_function = 'set_shipping_country';
}
}
if ($form_selected_country != null && $onchange_function != null) {
$checkoutfields = 'set_shipping_country' == $onchange_function;
$region_list = wpsc_country_region_list($form_id, false, $form_selected_country, $form_selected_region, $form_id, $checkoutfields);
if ($region_list != null) {
$json_response['region_list'] = str_replace(array("\n", "\r"), '', $region_list);
}
}
echo json_encode($json_response);
exit;
}
/**
* validate_forms method, validates the input from the checkout page
* @access public
*/
function validate_forms()
{
global $wpdb, $current_user, $user_ID;
$any_bad_inputs = false;
// Credit Card Number Validation for Paypal Pro and maybe others soon
if (wpsc_cart_total(false) != 0) {
if (isset($_POST['card_number'])) {
if ($_POST['card_number'] != '') {
/*
$ccregex='/^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})$/';
if(!preg_match($ccregex, $_POST['card_number'])){
$any_bad_inputs = true;
$bad_input = true;
$_SESSION['wpsc_gateway_error_messages']['card_number'] = __('Please enter a valid', 'wpsc') . " " . strtolower('card number') . ".";
$_SESSION['wpsc_checkout_saved_values']['card_number'] = '';
}else{
$_SESSION['wpsc_gateway_error_messages']['card_number'] = '';
}
*/
} else {
$any_bad_inputs = true;
$bad_input = true;
$_SESSION['wpsc_gateway_error_messages']['card_number'] = __('Please enter a valid', 'wpsc') . " " . strtolower('card number') . ".";
$_SESSION['wpsc_checkout_saved_values']['card_number'] = '';
}
} else {
$_SESSION['wpsc_gateway_error_messages']['card_number'] = '';
}
if (isset($_POST['card_number1']) && isset($_POST['card_number2']) && isset($_POST['card_number3']) && isset($_POST['card_number4'])) {
if ($_POST['card_number1'] != '' && $_POST['card_number2'] != '' && $_POST['card_number3'] != '' && $_POST['card_number4'] != '' && is_numeric($_POST['card_number1']) && is_numeric($_POST['card_number2']) && is_numeric($_POST['card_number3']) && is_numeric($_POST['card_number4'])) {
$_SESSION['wpsc_gateway_error_messages']['card_number'] = '';
} else {
$any_bad_inputs = true;
$bad_input = true;
$_SESSION['wpsc_gateway_error_messages']['card_number'] = __('Please enter a valid', 'wpsc') . " " . strtolower('card number') . ".";
$_SESSION['wpsc_checkout_saved_values']['card_number'] = '';
}
}
if (isset($_POST['expiry'])) {
if ($_POST['expiry']['month'] != '' && $_POST['expiry']['month'] != '' && is_numeric($_POST['expiry']['month']) && is_numeric($_POST['expiry']['year'])) {
$_SESSION['wpsc_gateway_error_messages']['expdate'] = '';
} else {
$any_bad_inputs = true;
$bad_input = true;
$_SESSION['wpsc_gateway_error_messages']['expdate'] = __('Please enter a valid', 'wpsc') . " " . strtolower('Expiry Date') . ".";
$_SESSION['wpsc_checkout_saved_values']['expdate'] = '';
}
}
if (isset($_POST['card_code'])) {
if ($_POST['card_code'] == '' || !is_numeric($_POST['card_code'])) {
$any_bad_inputs = true;
$bad_input = true;
$_SESSION['wpsc_gateway_error_messages']['card_code'] = __('Please enter a valid', 'wpsc') . " " . strtolower('CVV') . ".";
$_SESSION['wpsc_checkout_saved_values']['card_code'] = '';
} else {
$_SESSION['wpsc_gateway_error_messages']['card_code'] = '';
}
}
if (isset($_POST['cctype'])) {
if ($_POST['cctype'] == '') {
$any_bad_inputs = true;
$bad_input = true;
$_SESSION['wpsc_gateway_error_messages']['cctype'] = __('Please enter a valid', 'wpsc') . " " . strtolower('CVV') . ".";
$_SESSION['wpsc_checkout_saved_values']['cctype'] = '';
} else {
$_SESSION['wpsc_gateway_error_messages']['cctype'] = '';
}
}
}
//closes main bracket
if (isset($_POST['log']) || isset($_POST['pwd']) || isset($_POST['user_email'])) {
$results = wpsc_add_new_user($_POST['log'], $_POST['pwd'], $_POST['user_email']);
$_SESSION['wpsc_checkout_user_error_messages'] = array();
if (is_callable(array($results, "get_error_code")) && $results->get_error_code()) {
foreach ($results->get_error_codes() as $code) {
foreach ($results->get_error_messages($code) as $error) {
$_SESSION['wpsc_checkout_user_error_messages'][] = $error;
}
$any_bad_inputs = true;
}
}
//exit('<pre>'.print_r($results, true).'</pre>');
if ($results->ID > 0) {
$our_user_id = $results->ID;
} else {
$any_bad_inputs = true;
}
}
if ($our_user_id < 1) {
$our_user_id = $user_ID;
}
// check we have a user id
if ($our_user_id > 0) {
$user_ID = $our_user_id;
}
//exit('<pre>'.print_r($_POST['collected_data'],true).'</pre>');
//Basic Form field validation for billing and shipping details
foreach ($this->checkout_items as $form_data) {
$value = $_POST['collected_data'][$form_data->id];
$value_id = (int) $value_id;
$_SESSION['wpsc_checkout_saved_values'][$form_data->id] = $value;
$bad_input = false;
if ($form_data->mandatory == 1 || $form_data->type == "coupon") {
switch ($form_data->type) {
case "email":
if (!preg_match("/^[a-zA-Z0-9._-]+@[a-zA-Z0-9-.]+\\.[a-zA-Z]{2,5}\$/", $value)) {
$any_bad_inputs = true;
$bad_input = true;
}
break;
case "delivery_country":
case "country":
case "heading":
break;
case "select":
case 'checkbox':
if (is_array($value)) {
$select_bad_input = 0;
foreach ($value as $v) {
if ($v == '-1') {
$select_bad_input++;
} else {
$valid_select_input++;
}
}
if (count($value) == $select_bad_input) {
$any_bad_inputs = true;
$bad_input = true;
}
} else {
if ($value == '-1') {
$any_bad_inputs = true;
$bad_input = true;
}
}
break;
default:
if (is_array($value)) {
$select_bad_input = 0;
foreach ($value as $v) {
if ($v == '') {
$select_bad_input++;
} else {
$valid_select_input++;
}
}
if (count($value) == $select_bad_input) {
$any_bad_inputs = true;
$bad_input = true;
}
} else {
if ($value == '') {
$any_bad_inputs = true;
$bad_input = true;
}
}
break;
}
if ($bad_input === true) {
$_SESSION['wpsc_checkout_error_messages'][$form_data->id] = __('Please enter a valid', 'wpsc') . " " . strtolower($form_data->name) . ".";
$_SESSION['wpsc_checkout_saved_values'][$form_data->id] = '';
}
}
}
//exit('UserID >><pre>'.print_r($user_ID, true).'</pre>');
if ($any_bad_inputs == false && $user_ID > 0) {
$saved_data_sql = "SELECT * FROM `" . $wpdb->usermeta . "` WHERE `user_id` = '" . $user_ID . "' AND `meta_key` = 'wpshpcrt_usr_profile';";
$saved_data = $wpdb->get_row($saved_data_sql, ARRAY_A);
//echo "<pre>".print_r($meta_data,true)."</pre>";
$new_meta_data = serialize($_POST['collected_data']);
if ($saved_data != null) {
$sql = "UPDATE `" . $wpdb->usermeta . "` SET `meta_value` = '{$new_meta_data}' WHERE `user_id` IN ('{$user_ID}') AND `meta_key` IN ('wpshpcrt_usr_profile');";
$wpdb->query($sql);
$changes_saved = true;
//exit($sql);
} else {
$sql = "INSERT INTO `" . $wpdb->usermeta . "` ( `user_id` , `meta_key` , `meta_value` ) VALUES ( " . $user_ID . ", 'wpshpcrt_usr_profile', '{$new_meta_data}');";
$wpdb->query($sql);
$changes_saved = true;
//exit($sql);
}
}
return array('is_valid' => !$any_bad_inputs, 'error_messages' => $bad_input_message);
}
/**
* Comparing logic with the product information
*
* Checks if the product matchs the logic
*
* @return bool True if all conditions are matched, False otherwise.
*/
function compare_logic($c, $product_obj)
{
global $wpdb;
if ($c['property'] == 'item_name') {
$product_data = $wpdb->get_results("SELECT * FROM " . WPSC_TABLE_PRODUCT_LIST . " WHERE id='{$product_obj->product_id}'");
$product_data = $product_data[0];
switch ($c['logic']) {
case 'equal':
//Checks if the product name is exactly the same as the condition value
if ($product_data->name == $c['value']) {
return true;
}
break;
case 'greater':
//Checks if the product name is not the same as the condition value
if ($product_data->name > $c['value']) {
return true;
}
break;
case 'less':
//Checks if the product name is not the same as the condition value
if ($product_data->name < $c['value']) {
return true;
}
break;
case 'contains':
//Checks if the product name contains the condition value
preg_match("/(.*)" . $c['value'] . "(.*)/", $product_data->name, $match);
if (!empty($match)) {
return true;
}
break;
case 'not_contain':
//Checks if the product name contains the condition value
preg_match("/(.*)" . $c['value'] . "(.*)/", $product_data->name, $match);
if (empty($match)) {
return true;
}
break;
case 'begins':
//Checks if the product name begins with condition value
preg_match("/^" . $c['value'] . "/", $product_data->name, $match);
if (!empty($match)) {
return true;
}
break;
case 'ends':
//Checks if the product name ends with condition value
preg_match("/" . $c['value'] . "\$/", $product_data->name, $match);
if (!empty($match)) {
return true;
}
break;
default:
return false;
}
} else {
if ($c['property'] == 'item_quantity') {
switch ($c['logic']) {
case 'equal':
//Checks if the quantity of a product in the cart equals condition value
exit($product_obj->quantity . 'and' . $c['value']);
if ($product_obj->quantity == (int) $c['value']) {
return true;
}
break;
case 'greater':
//Checks if the quantity of a product is greater than the condition value
if ($product_obj->quantity > $c['value']) {
return true;
}
break;
case 'less':
//Checks if the quantity of a product is less than the condition value
if ($product_obj->quantity < $c['value']) {
return true;
}
break;
case 'contains':
//Checks if the product name contains the condition value
preg_match("/(.*)" . $c['value'] . "(.*)/", $product_obj->quantity, $match);
if (!empty($match)) {
return true;
}
break;
case 'not_contain':
//Checks if the product name contains the condition value
preg_match("/(.*)" . $c['value'] . "(.*)/", $product_obj->quantity, $match);
if (empty($match)) {
return true;
}
break;
case 'begins':
//Checks if the product name begins with condition value
preg_match("/^" . $c['value'] . "/", $product_obj->quantity, $match);
if (!empty($match)) {
return true;
}
break;
case 'ends':
//Checks if the product name ends with condition value
preg_match("/" . $c['value'] . "\$/", $product_obj->quantity, $match);
if (!empty($match)) {
return true;
}
break;
default:
return false;
}
} else {
if ($c['property'] == 'total_quantity') {
// exit('<pre>'.print_r($product_obj, true).'</pre>');
$total_quantity = $product_obj->quantity;
switch ($c['logic']) {
case 'equal':
//Checks if the quantity of products in the cart equals condition value
if ($total_quantity == $c['value']) {
return true;
}
break;
case 'greater':
//Checks if the quantity in the cart is greater than the condition value
if ($total_quantity > $c['value']) {
return true;
}
break;
case 'less':
//Checks if the quantity in the cart is less than the condition value
if ($total_quantity < $c['value']) {
return true;
}
break;
default:
return false;
}
} else {
if ($c['property'] == 'subtotal_amount') {
$subtotal = wpsc_cart_total(false);
//exit('<pre>'.print_r($subtotal,true).'</pre>');
switch ($c['logic']) {
case 'equal':
//Checks if the subtotal of products in the cart equals condition value
if ($subtotal == $c['value']) {
return true;
}
break;
case 'greater':
//Checks if the subtotal of the cart is greater than the condition value
// exit('triggered here'.$subtotal.'>'.$c['value']);
if ($subtotal > $c['value']) {
return true;
}
break;
case 'less':
//Checks if the subtotal of the cart is less than the condition value
if ($subtotal < $c['value']) {
//exit('<pre>'.print_r($product_obj->cart->subtotal, true).'</pre>cValue'.$c['value']);
return true;
} else {
return false;
}
break;
default:
return false;
}
}
}
}
}
}
function gateway_paypal_payflow($seperator, $sessionid)
{
global $wpdb, $wpsc_cart;
$purchase_log_sql = "SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `sessionid`= " . $sessionid . " LIMIT 1";
$purchase_log = $wpdb->get_results($purchase_log_sql, ARRAY_A);
$fraud = 'NO';
$env = get_option('paypal_payflow_test') ? 'Test' : 'Live';
$user = get_option('paypal_payflow_user');
$password = get_option('paypal_payflow_pass');
$partner = get_option('paypal_payflow_partner');
$vendor = get_option('paypal_payflow_vendor');
$currency = get_option('paypal_payflow_curcode');
if ($env == 'Live') {
$submiturl = 'https://payflowpro.paypal.com';
$PayPalURL = 'https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=';
} else {
$submiturl = 'https://pilot-payflowpro.paypal.com';
$PayPalURL = 'https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=';
}
$cart_sql = "SELECT * FROM `" . WPSC_TABLE_CART_CONTENTS . "` WHERE `purchaseid`='" . $purchase_log[0]['id'] . "'";
$cart = $wpdb->get_results($cart_sql, ARRAY_A);
$member_subtype = get_product_meta($cart[0]['prodid'], 'is_permenant', true);
$member_shiptype = get_product_meta($cart[0]['prodid'], 'membership_length', true);
$member_shiptype = $member_shiptype[0];
$status = get_product_meta($cart[0]['prodid'], 'is_membership', true);
$is_member = $status;
$is_perm = $member_subtype;
$length = $member_shiptype['length'];
$custom = $purchase_log[0]['id'];
if ($_POST['collected_data'][get_option('paypal_form_first_name')] != '') {
$data['first_name'] = urlencode($_POST['collected_data'][get_option('paypal_form_first_name')]);
}
if ($_POST['collected_data'][get_option('paypal_form_last_name')] != '') {
$data['last_name'] = urlencode($_POST['collected_data'][get_option('paypal_form_last_name')]);
}
if ($_POST['collected_data'][get_option('paypal_form_address')] != '') {
$address_rows = explode("\n\r", $_POST['collected_data'][get_option('paypal_form_address')]);
$data['address1'] = urlencode(str_replace(array("\n", "\r"), '', $address_rows[0]));
unset($address_rows[0]);
if ($address_rows != null) {
$data['address2'] = implode(", ", $address_rows);
} else {
$data['address2'] = '';
}
}
if ($_POST['collected_data'][get_option('paypal_form_city')] != '') {
$data['city'] = urlencode($_POST['collected_data'][get_option('paypal_form_city')]);
}
if ($_POST['collected_data'][get_option('paypal_form_state')] != '') {
$data['state'] = $wpdb->get_var("SELECT code FROM `" . WPSC_TABLE_REGION_TAX . "` WHERE id='" . wpsc_get_customer_meta('billing_region') . "'");
}
$customer_billing_country = wpsc_get_customer_meta('billing_country');
if (preg_match("/^[a-zA-Z]{2}\$/", $customer_billing_country)) {
$data['country'] = $customer_billing_country;
}
if (is_numeric($_POST['collected_data'][get_option('paypal_form_post_code')])) {
$data['zip'] = urlencode($_POST['collected_data'][get_option('paypal_form_post_code')]);
}
$email_data = $wpdb->get_results("SELECT `id`,`type` FROM `" . WPSC_TABLE_CHECKOUT_FORMS . "` WHERE `type` IN ('email') AND `active` = '1'", ARRAY_A);
foreach ((array) $email_data as $email) {
$data['email'] = $_POST['collected_data'][$email['id']];
}
if ($_POST['collected_data'][get_option('email_form_field')] != null && $data['email'] == null) {
$data['email'] = $_POST['collected_data'][get_option('email_form_field')];
}
$card_num = $_POST['card_number'];
$cvv2 = $_POST['card_cvv'];
$expiry = $_POST['expiry']['month'] . $_POST['expiry']['year'];
$unique_id = generateGUID();
$fname = $data['first_name'];
$lname = $data['last_name'];
$addr1 = $data['address1'] . $data['address2'];
$addr2 = $data['city'];
$addr3 = $data['state'];
$addr4 = $data['zip'];
$country = $data['country'];
$email = $data['email'];
$amount = wpsc_cart_total(false);
$amount = number_format($amount, 2, '.', '');
if ($is_member[0]) {
switch ($member_shiptype['unit']) {
case 'w':
$member_ship_unit = 'WEEK';
break;
case 'm':
$member_ship_unit = 'MONT';
break;
case 'y':
$member_ship_unit = 'YEAR';
break;
}
$paypal_query_array = array('USER' => $user, 'PROFILENAME' => $fname . $lname . $purchase_log[0]['id'], 'VENDOR' => $vendor, 'PARTNER' => $partner, 'PWD' => $password, 'TENDER' => 'C', 'TRXTYPE' => 'R', 'ACTION' => 'A', 'START' => date('m') . (date('d') + 1) . date('Y'), 'ACCT' => $card_num, 'CVV2' => $cvv2, 'EXPDATE' => $expiry, 'ACCTTYPE' => $card, 'AMT' => $amount, 'CURRENCY' => $currency, 'FIRSTNAME' => $fname, 'LASTNAME' => $lname, 'STREET' => $addr1, 'CITY' => $addr2, 'STATE' => $addr3, 'ZIP' => $addr4, 'COUNTRY' => $country, 'EMAIL' => $email, 'OPTIONALTRX' => 'A', 'OPTIONALTRXAMT' => '0.00', 'CLIENTIP' => $cust_ip, 'COMMENT1' => $custom, 'ORDERDESC' => $fname . $lname . $purchase_log[0]['id'], 'PAYPERIOD' => $member_ship_unit);
foreach ($paypal_query_array as $key => $value) {
if ($key == 'USER') {
$paypal_query .= $key . '[' . strlen($value) . ']=' . $value;
} else {
$paypal_query .= '&' . $key . '[' . strlen($value) . ']=' . $value;
}
}
$response = fetch_data($unique_id, $submiturl, $paypal_query);
response_handler($response, 'NO', $sessionid, $colected_data, 1);
}
if (get_option('paypal_payflow_method') == '0') {
$tender = 'P';
} else {
$tender = 'C';
}
$fname = $data['first_name'];
$lname = $data['last_name'];
$addr1 = $data['address1'] . $data['address2'];
$addr2 = $data['city'];
$addr3 = $data['state'];
$addr4 = $data['zip'];
$country = $data['country'];
$email = $data['email'];
$paypal_query_array = array('USER' => $user, 'VENDOR' => $vendor, 'PARTNER' => $partner, 'PWD' => $password, 'TENDER' => $tender, 'TRXTYPE' => 'S', 'ACCT' => $card_num, 'CVV2' => $cvv2, 'EXPDATE' => $expiry, 'ACCTTYPE' => $card, 'AMT' => $amount, 'CURRENCY' => $currency, 'FIRSTNAME' => $fname, 'LASTNAME' => $lname, 'STREET' => $addr1, 'CITY' => $addr2, 'STATE' => $addr3, 'ZIP' => $addr4, 'COUNTRY' => $country, 'EMAIL' => $email, 'CLIENTIP' => $cust_ip, 'COMMENT1' => $custom, 'COMMENT2' => '', 'INVNUM' => $order_num, 'ORDERDESC' => $desc, 'VERBOSITY' => 'MEDIUM', 'CARDSTART' => $card_start, 'CARDISSUE' => $card_issue);
foreach ($paypal_query_array as $key => $value) {
if ($key == 'USER') {
$paypal_query .= $key . '[' . strlen($value) . ']=' . $value;
} else {
$paypal_query .= '&' . $key . '[' . strlen($value) . ']=' . $value;
}
}
//exit("<pre>".print_r($paypal_query_array,true)."</pre>");
$response = fetch_data($unique_id, $submiturl, $paypal_query);
response_handler($response, 'NO', $sessionid, $colected_data);
exit;
}
function processingfunctions()
{
global $wpdb, $wpsc_cart;
$sessionid = $_SESSION['paypalexpresssessionid'];
if ($_REQUEST['act'] == 'error') {
session_start();
$resArray = $_SESSION['reshash'];
$_SESSION['paypalExpressMessage'] = '
<center>
<table width="700" align="left">
<tr>
<td colspan="2" class="header">The PayPal API has returned an error!</td>
</tr>
';
//it will print if any URL errors
if (isset($_SESSION['curl_error_no'])) {
$errorCode = $_SESSION['curl_error_no'];
$errorMessage = $_SESSION['curl_error_msg'];
$response = $_SESSION['response'];
session_unset();
$_SESSION['paypalExpressMessage'] .= '
<tr>
<td>response:</td>
<td><?php echo $response; ?></td>
</tr>
<tr>
<td>Error Number:</td>
<td><?= $errorCode ?></td>
</tr>
<tr>
<td>Error Message:</td>
<td><?= $errorMessage ?></td>
</tr>
</center>
</table>';
} else {
/* If there is no URL Errors, Construct the HTML page with
Response Error parameters.
*/
$_SESSION['paypalExpressMessage'] .= "\n\t\n\t\t\t<td>Ack:</td>\n\t\t\t<td>" . $resArray['ACK'] . "</td>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td>Correlation ID:</td>\n\t\t\t<td>" . $resArray['CORRELATIONID'] . "</td>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td>Version:</td>\n\t\t\t<td>" . $resArray['VERSION'] . "</td>\n\t\t</tr>";
$count = 0;
while (isset($resArray["L_SHORTMESSAGE" . $count])) {
$errorCode = $resArray["L_ERRORCODE" . $count];
$shortMessage = $resArray["L_SHORTMESSAGE" . $count];
$longMessage = $resArray["L_LONGMESSAGE" . $count];
$count = $count + 1;
$_SESSION['paypalExpressMessage'] .= "\n\t\t<tr>\n\t\t\t<td>Error Number:</td>\n\t\t\t<td> {$errorCode} </td>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td>Short Message:</td>\n\t\t\t<td> {$shortMessage} </td>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td>Long Message:</td>\n\t\t\t<td> {$longMessage} </td>\n\t\t</tr>";
}
//end while
}
// end else
$_SESSION['paypalExpressMessage'] .= "\n\t</center>\n\t\t</table>";
} else {
if ($_REQUEST['act'] == 'do') {
session_start();
/* Gather the information to make the final call to
finalize the PayPal payment. The variable nvpstr
holds the name value pairs
*/
//exit(wpsc_cart_total(false));
$token = urlencode($_REQUEST['token']);
$paymentAmount = urlencode($_SESSION['paypalAmount']);
$paymentType = urlencode($_SESSION['paymentType']);
$currCodeType = urlencode(get_option('paypal_curcode'));
$payerID = urlencode($_REQUEST['PayerID']);
$serverName = urlencode($_SERVER['SERVER_NAME']);
$BN = 'Instinct_e-commerce_wp-shopping-cart_NZ';
$nvpstr = '&TOKEN=' . $token . '&PAYERID=' . $payerID . '&PAYMENTACTION=Sale&AMT=' . $paymentAmount . '&CURRENCYCODE=' . $currCodeType . '&IPADDRESS=' . $serverName . "&BUTTONSOURCE=" . $BN;
// exit($nvpstr);
/* Make the call to PayPal to finalize payment
If an error occured, show the resulting errors
*/
$resArray = hash_call("DoExpressCheckoutPayment", $nvpstr);
/* Display the API response back to the browser.
If the response from PayPal was a success, display the response parameters'
If the response was an error, display the errors received using APIError.php.
*/
$ack = strtoupper($resArray["ACK"]);
//exit('<pre>'.print_r($_POST, true).'</pre>');
if ($ack != "SUCCESS") {
$_SESSION['reshash'] = $resArray;
$location = get_option('transact_url') . "&act=error";
// header("Location: $location");
} else {
if (isset($_POST['usePayPal'])) {
$street = $_POST['shippingStreet'] . ' ' . $_POST['shippingStreet2'];
//form_id 12
$city = $_POST['shippingCity'];
//form_id 13
$state = $_POST['shippingState'];
// form_id 14
$country = $_POST['country'];
//form_id 15
$postalCode = $_POST['postalCode'];
//form_id 16
$log_id = $wpdb->get_var("SELECT `id` FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `sessionid` IN('" . $sessionid . "') LIMIT 1");
$sql = "UPDATE `" . WPSC_TABLE_SUBMITED_FORM_DATA . "` LEFT JOIN `" . WPSC_TABLE_CHECKOUT_FORMS . "` ON `" . WPSC_TABLE_SUBMITED_FORM_DATA . "`.`form_id` = `" . WPSC_TABLE_CHECKOUT_FORMS . "`.`id` SET `" . WPSC_TABLE_SUBMITED_FORM_DATA . "`.`value` ='" . $street . "' WHERE `" . WPSC_TABLE_SUBMITED_FORM_DATA . "`.`log_id` = '" . $log_id . "' AND `" . WPSC_TABLE_CHECKOUT_FORMS . "`.`unique_name`='shippingaddress'";
$wpdb->query($sql);
$sql = "UPDATE `" . WPSC_TABLE_SUBMITED_FORM_DATA . "` LEFT JOIN `" . WPSC_TABLE_CHECKOUT_FORMS . "` ON `" . WPSC_TABLE_SUBMITED_FORM_DATA . "`.`form_id` = `" . WPSC_TABLE_CHECKOUT_FORMS . "`.`id` SET `" . WPSC_TABLE_SUBMITED_FORM_DATA . "`.`value` ='" . $city . "' WHERE `" . WPSC_TABLE_SUBMITED_FORM_DATA . "`.`log_id` = '" . $log_id . "' AND `" . WPSC_TABLE_CHECKOUT_FORMS . "`.`unique_name`='shippingcity'";
$wpdb->query($sql);
$sql = "UPDATE `" . WPSC_TABLE_SUBMITED_FORM_DATA . "` LEFT JOIN `" . WPSC_TABLE_CHECKOUT_FORMS . "` ON `" . WPSC_TABLE_SUBMITED_FORM_DATA . "`.`form_id` = `" . WPSC_TABLE_CHECKOUT_FORMS . "`.`id` SET `" . WPSC_TABLE_SUBMITED_FORM_DATA . "`.`value` ='" . $state . "' WHERE `" . WPSC_TABLE_SUBMITED_FORM_DATA . "`.`log_id` = '" . $log_id . "' AND `" . WPSC_TABLE_CHECKOUT_FORMS . "`.`unique_name`='shippingstate'";
$wpdb->query($sql);
$sql = "UPDATE `" . WPSC_TABLE_SUBMITED_FORM_DATA . "` LEFT JOIN `" . WPSC_TABLE_CHECKOUT_FORMS . "` ON `" . WPSC_TABLE_SUBMITED_FORM_DATA . "`.`form_id` = `" . WPSC_TABLE_CHECKOUT_FORMS . "`.`id` SET `" . WPSC_TABLE_SUBMITED_FORM_DATA . "`.`value` ='" . $country . "' WHERE `" . WPSC_TABLE_SUBMITED_FORM_DATA . "`.`log_id` = '" . $log_id . "' AND `" . WPSC_TABLE_CHECKOUT_FORMS . "`.`unique_name`='shippingcountry'";
$wpdb->query($sql);
$sql = "UPDATE `" . WPSC_TABLE_SUBMITED_FORM_DATA . "` LEFT JOIN `" . WPSC_TABLE_CHECKOUT_FORMS . "` ON `" . WPSC_TABLE_SUBMITED_FORM_DATA . "`.`form_id` = `" . WPSC_TABLE_CHECKOUT_FORMS . "`.`id` SET `" . WPSC_TABLE_SUBMITED_FORM_DATA . "`.`value` ='" . $postalCode . "' WHERE `" . WPSC_TABLE_SUBMITED_FORM_DATA . "`.`log_id` = '" . $log_id . "' AND `" . WPSC_TABLE_CHECKOUT_FORMS . "`.`unique_name`='shippingpostcode'";
$wpdb->query($sql);
}
}
//exit('<pre>'.print_r($resArray, true).'</pre>');
$_SESSION['paypalExpressMessage'] = "\n\t\t<h4>Transaction Accepted Please Keep these References Handy.</h4>\n\t\t<table width ='400'>\n\t\t\t\n\t\t\t<tr>\n\t\t\t\t<td >\n\t\t\t\t\tTransaction ID:</td>\n\t\t\t\t<td>" . $resArray['TRANSACTIONID'] . "</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td >\n\t\t\t\t\tAmount:</td>\n\t\t\t\t<td>" . $currCodeType . " " . $resArray['AMT'] . "</td>\n\t\t\t</tr>\n\t\t</table>";
//unset session shopping cart
@($_SESSION['nzshpcrt_serialized_cart'] = '');
$_SESSION['nzshpcrt_cart'] = '';
$_SESSION['nzshpcrt_cart'] = array();
//exit('HERE');
$wpsc_cart->empty_cart();
} else {
if (isset($_REQUEST['paymentType']) || isset($_REQUEST['token'])) {
$token = $_REQUEST['token'];
if (!isset($token)) {
/*
The servername and serverport tells PayPal where the buyer
should be directed back to after authorizing payment.
In this case, its the local webserver that is running this script
Using the servername and serverport, the return URL is the first
portion of the URL that buyers will return to after authorizing payment
*/
$paymentAmount = $_SESSION['paypalAmount'];
$currencyCodeType = get_option('paypal_curcode');
$paymentType = 'Sale';
/* The returnURL is the location where buyers return when a
payment has been succesfully authorized.
The cancelURL is the location buyers are sent to when they hit the
cancel button during authorization of payment during the PayPal flow
*/
if (get_option('permalink_structure') != '') {
$seperator = "?";
} else {
$seperator = "&";
}
$returnURL = urlencode(get_option('transact_url') . $seperator . 'currencyCodeType=' . $currencyCodeType . '&paymentType=' . $paymentType . '&paymentAmount=' . $paymentAmount);
$cancelURL = urlencode(get_option('transact_url') . $seperator . 'paymentType=$paymentType');
/* Construct the parameter string that describes the PayPal payment
the varialbes were set in the web form, and the resulting string
is stored in $nvpstr
*/
$nvpstr = "&Amt=" . $paymentAmount . "&PAYMENTACTION=" . $paymentType . "&ReturnUrl=" . $returnURL . "&CANCELURL=" . $cancelURL . "&CURRENCYCODE=" . $currencyCodeType;
/* Make the call to PayPal to set the Express Checkout token
If the API call succeded, then redirect the buyer to PayPal
to begin to authorize payment. If an error occured, show the
resulting errors
*/
$resArray = hash_call("SetExpressCheckout", $nvpstr);
$_SESSION['reshash'] = $resArray;
$ack = strtoupper($resArray["ACK"]);
if ($ack == "SUCCESS") {
// Redirect to paypal.com here
$token = urldecode($resArray["TOKEN"]);
$payPalURL = PAYPAL_URL . $token;
header("Location: " . $payPalURL);
} else {
//Redirecting to APIError.php to display errors.
$location = get_option('transact_url') . "&act=error";
header("Location: {$location}");
}
exit;
} else {
/* At this point, the buyer has completed in authorizing payment
at PayPal. The script will now call PayPal with the details
of the authorization, incuding any shipping information of the
buyer. Remember, the authorization is not a completed transaction
at this state - the buyer still needs an additional step to finalize
the transaction
*/
$token = urlencode($_REQUEST['token']);
/* Build a second API request to PayPal, using the token as the
ID to get the details on the payment authorization
*/
$nvpstr = "&TOKEN=" . $token;
/* Make the API call and store the results in an array. If the
call was a success, show the authorization details, and provide
an action to complete the payment. If failed, show the error
*/
$resArray = hash_call("GetExpressCheckoutDetails", $nvpstr);
$_SESSION['reshash'] = $resArray;
$ack = strtoupper($resArray["ACK"]);
if ($ack == "SUCCESS") {
/********************************************************
GetExpressCheckoutDetails.php
This functionality is called after the buyer returns from
PayPal and has authorized the payment.
Displays the payer details returned by the
GetExpressCheckoutDetails response and calls
DoExpressCheckoutPayment.php to complete the payment
authorization.
Called by ReviewOrder.php.
Calls DoExpressCheckoutPayment.php and APIError.php.
********************************************************/
session_start();
/* Collect the necessary information to complete the
authorization for the PayPal payment
*/
$_SESSION['token'] = $_REQUEST['token'];
$_SESSION['payer_id'] = $_REQUEST['PayerID'];
/*
$_SESSION['paymentAmount']=$_REQUEST['paymentAmount'];
$_SESSION['currCodeType']=$_REQUEST['currencyCodeType'];
$_SESSION['paymentType']=$_REQUEST['paymentType'];
*/
$resArray = $_SESSION['reshash'];
if (get_option('permalink_structure') != '') {
$seperator = "?";
} else {
$seperator = "&";
}
/* Display the API response back to the browser .
If the response from PayPal was a success, display the response parameters
*/
if (isset($_REQUEST['token']) && !isset($_REQUEST['PayerID'])) {
$_SESSION['paypalExpressMessage'] = '<h4>TRANSACTION CANCELED</h4>';
} else {
$_SESSION['paypalExpressMessage'] = "\n\t<form action=" . get_option('transact_url') . " method='post'>\n <table width='400'>\n <tr>\n <td align='left'><b>Order Total:</b></td>\n <td align='left'>\n " . wpsc_cart_total() . "</td>\n </tr>\n\t\t\t<tr>\n\t\t\t <td align='left'><b>Shipping Address: </b></td>\n\t\t\t</tr>\n <tr>\n <td align='left'>\n Street 1:</td>\n <td align='left'>" . $resArray['SHIPTOSTREET'] . "</td>\n\n </tr>\n <tr>\n <td align='left'>\n Street 2:</td>\n <td align='left'>" . $resArray['SHIPTOSTREET2'] . "\n </td>\n </tr>\n <tr>\n <td align='left'>\n City:</td>\n\n <td align='left'>" . $resArray['SHIPTOCITY'] . "</td>\n </tr>\n <tr>\n <td align='left'>\n State:</td>\n <td align='left'>" . $resArray['SHIPTOSTATE'] . "</td>\n </tr>\n <tr>\n <td align='left'>\n Postal code:</td>\n\n <td align='left'>" . $resArray['SHIPTOZIP'] . "</td>\n </tr>\n <tr>\n <td align='left'>\n Country:</td>\n <td align='left'>" . $resArray['SHIPTOCOUNTRYNAME'] . "</td>\n </tr>\n <tr>\n <td>";
$_SESSION['paypalExpressMessage'] .= " \n <input type='hidden' name='totalAmount' value='" . wpsc_cart_total(false) . "' />\n <input type='hidden' name='shippingStreet' value='" . $resArray['SHIPTOSTREET'] . "' /> \n <input type='hidden' name='shippingStreet2' value='" . $resArray['SHIPTOSTREET2'] . "' />\n <input type='hidden' name='shippingCity' value='" . $resArray['SHIPTOCITY'] . "' />\n <input type='hidden' name='shippingState' value='" . $resArray['SHIPTOSTATE'] . "' />\n <input type='hidden' name='postalCode' value='" . $resArray['SHIPTOZIP'] . "' />\n <input type='hidden' name='country' value='" . $resArray['SHIPTOCOUNTRYNAME'] . "' />\n <input type='hidden' name='token' value='" . $_SESSION['token'] . "' />\n\t\t\t\t\t<input type='hidden' name='PayerID' value='" . $_SESSION['payer_id'] . "' />\n\t\t\t\t\t<input type='hidden' name='act' value='do' />\n\t\t\t\t\t\n <p> <label for='usePayPal'>Use PayPal Shipping Address: </label><input name='usePayPal' type='submit' value='Pay' /></p>\n <p> <label for='useOther'>Use Previous Shipping Information:</label> <input name='useOther' type='submit' value='Pay' /></p>\n </td>\n </tr>\n </table>\n </center>\n </form>";
}
}
}
}
}
}
}
function submit()
{
if (@extension_loaded('soap')) {
$pxf = new PxFusion();
# handles most of the Px Fusion magic
// Work out the probable location of return.php since this sample
// code could be anywhere on a development server.
$returnUrl = add_query_arg('sessionid', $this->cart_data['session_id'], get_option('transact_url'));
// Set some transaction details
$pxf->set_txn_detail('txnType', 'Purchase');
# required
$pxf->set_txn_detail('currency', 'NZD');
# required
$pxf->set_txn_detail('returnUrl', $returnUrl);
# required
$pxf->set_txn_detail('amount', number_format(wpsc_cart_total(false), $decimals = 2, $dec_point = '.', $thousands_sep = ''));
# required
$pxf->set_txn_detail('merchantReference', get_bloginfo('name'));
// Some of the many optional settings that could be specified:
$pxf->set_txn_detail('enableAddBillCard', 0);
$pxf->set_txn_detail('txnRef', substr(uniqid() . rand(1000, 9999), 0, 16));
# random 16 digit reference);
// Make the request for a transaction id
$response = $pxf->get_transaction_id();
if (!$response->GetTransactionIdResult->success) {
wp_die('Error! There was a problem getting a transaction id from DPS, please contact the server administrator.');
} else {
// You should store these values in a database
// ... they are needed to query the transaction's outcome
$result = $response->GetTransactionIdResult;
$transaction_id = $result->transactionId;
$session_id = $result->sessionId;
}
$curlPost = array('SessionId' => $session_id, 'Add' => 'Add', 'CardHolderName' => $_POST['CardHolderName'], 'CardNumber' => $_POST['CardNumber'], 'Cvc2' => $_POST['Cvc2'], 'ExpiryMonth' => $_POST['ExpiryMonth'], 'ExpiryYear' => $_POST['ExpiryYear']);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://sec2.paymentexpress.com/pxmi3/pxfusionauth');
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $curlPost);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, WPSC_GOLD_FILE_PATH . "/merchants/paymentexpress/ThawteServerCA");
$data = curl_exec($ch);
curl_close($ch);
} else {
$data = '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://paymentexpress.com">
<SOAP-ENV:Body>
<ns1:GetTransactionId>
<ns1:username>InstinctFusion</ns1:username>
<ns1:password>inst1234</ns1:password>
<ns1:tranDetail>
<ns1:amount>1.00</ns1:amount>
<ns1:currency>NZD</ns1:currency>
<ns1:enableAddBillCard>false</ns1:enableAddBillCard>
<ns1:merchantReference>Px Fusion -PHP</ns1:merchantReference>
<ns1:returnUrl>http://www.myReturnURL/return.php</ns1:returnUrl>
<ns1:txnRef>4cf703e6c79ff738</ns1:txnRef>
<ns1:txnType>Purchase</ns1:txnType>
</ns1:tranDetail>
</ns1:GetTransactionId>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://sec2.paymentexpress.com/pxf/pxf.svc?wsdl");
curl_setopt($ch, CURLOPT_VERBOSE, 0);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
// SSL security
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, WPSC_GOLD_FILE_PATH . "/merchants/paymentexpress/ThawteServerCA");
//
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-type: text/xml;charset=\"utf-8\"", "Accept: text/xml", "Cache-Control: no-cache", "Pragma: no-cache", "SOAPAction: \"http://paymentexpress.com/IPxFusion/GetTransactionId\"", "Content-length: " . strlen($data)));
$response = curl_exec($ch);
if (curl_errno($ch)) {
wp_die('Curl error: ' . curl_error($ch) . '. Please contact server administrator.');
}
curl_close($ch);
$xml_parser = xml_parser_create();
if (!xml_parse_into_struct($xml_parser, $response, $vals, $index)) {
wp_die("Error while parsing response from PX Fusion. Line " . xml_get_current_line_number($xml_parser) . '. Please contact server administrator.');
}
xml_parser_free($xml_parser);
$parsed_xml = array();
foreach ($vals as $val) {
$parsed_xml[$val['tag']] = $val['value'];
}
if (!$parsed_xml['A:SUCCESS']) {
wp_die('Error! There was a problem getting a transaction id from DPS, please contact the server administrator.');
} else {
// You should store these values in a database
// ... they are needed to query the transaction's outcome
$transaction_id = $parsed_xml["A:TRANSACTIONID"];
$session_id = $parsed_xml["A:SESSIONID"];
}
$curlPost = array('SessionId' => $session_id, 'Add' => 'Add', 'CardHolderName' => $_POST['CardHolderName'], 'CardNumber' => $_POST['CardNumber'], 'Cvc2' => $_POST['Cvc2'], 'ExpiryMonth' => $_POST['ExpiryMonth'], 'ExpiryYear' => $_POST['ExpiryYear']);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://sec2.paymentexpress.com/pxmi3/pxfusionauth');
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $curlPost);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, WPSC_GOLD_FILE_PATH . "/merchants/paymentexpress/ThawteServerCA");
$data = curl_exec($ch);
curl_close($ch);
}
$this->px_process_transaction($transaction_id);
}
/**
* Comparing logic with the product information
*
* Checks if the product matchs the logic
*
* @return bool True if all conditions are matched, False otherwise.
*/
function compare_logic($c, $product_obj)
{
global $wpdb;
if ($c['property'] == 'item_name') {
$product_data = $wpdb->get_results("SELECT * FROM " . $wpdb->posts . " WHERE id='{$product_obj->product_id}'");
$product_data = $product_data[0];
switch ($c['logic']) {
case 'equal':
//Checks if the product name is exactly the same as the condition value
if ($product_data->post_title == $c['value']) {
return true;
}
break;
case 'greater':
//Checks if the product name is not the same as the condition value
if ($product_data->post_title > $c['value']) {
return true;
}
break;
case 'less':
//Checks if the product name is not the same as the condition value
if ($product_data->post_title < $c['value']) {
return true;
}
break;
case 'contains':
//Checks if the product name contains the condition value
preg_match("/(.*)" . $c['value'] . "(.*)/", $product_data->post_title, $match);
if (!empty($match)) {
return true;
}
break;
case 'category':
//Checks if the product category is the condition value
if ($product_data->post_parent) {
$categories = wp_get_post_terms($product_data->post_parent, 'wpsc_product_category');
} else {
$categories = wp_get_post_terms($product_data->ID, 'wpsc_product_category');
}
foreach ($categories as $cat) {
if (strtolower($cat->name) == strtolower($c['value'])) {
return true;
}
}
break;
case 'not_contain':
//Checks if the product name contains the condition value
preg_match("/(.*)" . $c['value'] . "(.*)/", $product_data->post_title, $match);
if (empty($match)) {
return true;
}
break;
case 'begins':
//Checks if the product name begins with condition value
preg_match("/^" . $c['value'] . "/", $product_data->post_title, $match);
if (!empty($match)) {
return true;
}
break;
case 'ends':
//Checks if the product name ends with condition value
preg_match("/" . $c['value'] . "\$/", $product_data->post_title, $match);
if (!empty($match)) {
return true;
}
break;
case 'category':
//Checks if the product name is in the set category
$product_categories = wp_get_post_terms($product_data->ID, 'wpsc_product_category');
foreach ($product_categories as $product_cat) {
if ($product_cat->name == $c['value']) {
return true;
}
}
break;
default:
return false;
}
} else {
if ($c['property'] == 'item_quantity') {
switch ($c['logic']) {
case 'equal':
//Checks if the quantity of a product in the cart equals condition value
if ($product_obj->quantity == (int) $c['value']) {
return true;
}
break;
case 'greater':
//Checks if the quantity of a product is greater than the condition value
if ($product_obj->quantity > $c['value']) {
return true;
}
break;
case 'less':
//Checks if the quantity of a product is less than the condition value
if ($product_obj->quantity < $c['value']) {
return true;
}
break;
case 'contains':
//Checks if the product name contains the condition value
preg_match("/(.*)" . $c['value'] . "(.*)/", $product_obj->quantity, $match);
if (!empty($match)) {
return true;
}
break;
case 'not_contain':
//Checks if the product name contains the condition value
preg_match("/(.*)" . $c['value'] . "(.*)/", $product_obj->quantity, $match);
if (empty($match)) {
return true;
}
break;
case 'begins':
//Checks if the product name begins with condition value
preg_match("/^" . $c['value'] . "/", $product_obj->quantity, $match);
if (!empty($match)) {
return true;
}
break;
case 'ends':
//Checks if the product name ends with condition value
preg_match("/" . $c['value'] . "\$/", $product_obj->quantity, $match);
if (!empty($match)) {
return true;
}
break;
default:
return false;
}
} else {
if ($c['property'] == 'total_quantity') {
$total_quantity = wpsc_cart_item_count();
switch ($c['logic']) {
case 'equal':
//Checks if the quantity of products in the cart equals condition value
if ($total_quantity == $c['value']) {
return true;
}
break;
case 'greater':
//Checks if the quantity in the cart is greater than the condition value
if ($total_quantity > $c['value']) {
return true;
}
break;
case 'less':
//Checks if the quantity in the cart is less than the condition value
if ($total_quantity < $c['value']) {
return true;
}
break;
default:
return false;
}
} else {
if ($c['property'] == 'subtotal_amount') {
$subtotal = wpsc_cart_total(false);
switch ($c['logic']) {
case 'equal':
//Checks if the subtotal of products in the cart equals condition value
if ($subtotal == $c['value']) {
return true;
}
break;
case 'greater':
//Checks if the subtotal of the cart is greater than the condition value
if ($subtotal > $c['value']) {
return true;
}
break;
case 'less':
//Checks if the subtotal of the cart is less than the condition value
if ($subtotal < $c['value']) {
return true;
} else {
return false;
}
break;
default:
return false;
}
} else {
return apply_filters('wpsc_coupon_compare_logic', false, $c, $product_obj);
}
}
}
}
}
/**
* prcessing functions, this is where the main logic of paypal express lives
* @access public
*
* @since 3.8
*/
function paypal_processingfunctions()
{
global $wpdb, $wpsc_cart;
$sessionid = '';
if (isset($_SESSION['paypalexpresssessionid'])) {
$sessionid = $_SESSION['paypalexpresssessionid'];
}
if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'error') {
session_start();
$resArray = $_SESSION['reshash'];
$_SESSION['paypalExpressMessage'] = '
<center>
<table width="700" align="left">
<tr>
<td colspan="2" class="header">' . __('The PayPal API has returned an error!', 'wpsc') . '</td>
</tr>
';
//it will print if any URL errors
if (isset($_SESSION['curl_error_msg'])) {
$errorMessage = $_SESSION['curl_error_msg'];
$response = $_SESSION['response'];
session_unset();
$_SESSION['paypalExpressMessage'] .= '
<tr>
<td>response:</td>
<td>' . $response . '</td>
</tr>
<tr>
<td>Error Message:</td>
<td>' . $errorMessage . '</td>
</tr>';
} else {
/* If there is no URL Errors, Construct the HTML page with
Response Error parameters. */
$_SESSION['paypalExpressMessage'] .= "\n\t\t\t\t<tr>\n\t\t\t\t\t<td>Ack:</td>\n\t\t\t\t\t<td>" . $resArray['ACK'] . "</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td>Correlation ID:</td>\n\t\t\t\t\t<td>" . $resArray['CORRELATIONID'] . "</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td>Version:</td>\n\t\t\t\t\t<td>" . $resArray['VERSION'] . "</td>\n\t\t\t\t</tr>";
$count = 0;
while (isset($resArray["L_SHORTMESSAGE" . $count])) {
$errorCode = $resArray["L_ERRORCODE" . $count];
$shortMessage = $resArray["L_SHORTMESSAGE" . $count];
$longMessage = $resArray["L_LONGMESSAGE" . $count];
$count = $count + 1;
$_SESSION['paypalExpressMessage'] .= "\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>" . __('Error Number:', 'wpsc') . "</td>\n\t\t\t\t\t\t<td> {$errorCode} </td>\n\t\t\t\t\t</tr>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>" . __('Short Message:', 'wpsc') . "</td>\n\t\t\t\t\t\t<td> {$shortMessage} </td>\n\t\t\t\t\t</tr>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>" . __('Long Message:', 'wpsc') . "</td>\n\t\t\t\t\t\t<td> {$longMessage} </td>\n\t\t\t\t\t</tr>";
}
//end while
}
// end else
$_SESSION['paypalExpressMessage'] .= "\n\t\t\t</center>\n\t\t\t\t</table>";
} else {
if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'do') {
session_start();
/* Gather the information to make the final call to
finalize the PayPal payment. The variable nvpstr
holds the name value pairs */
$token = urlencode($_REQUEST['token']);
$paymentAmount = urlencode($_SESSION['paypalAmount']);
$paymentType = urlencode($_SESSION['paymentType']);
$currCodeType = urlencode(get_option('paypal_curcode'));
$payerID = urlencode($_REQUEST['PayerID']);
$serverName = urlencode($_SERVER['SERVER_NAME']);
$BN = 'Instinct_e-commerce_wp-shopping-cart_NZ';
$nvpstr = '&TOKEN=' . $token . '&PAYERID=' . $payerID . '&PAYMENTACTION=Sale&AMT=' . $paymentAmount . '&CURRENCYCODE=' . $currCodeType . '&IPADDRESS=' . $serverName . "&BUTTONSOURCE=" . $BN;
$resArray = paypal_hash_call("DoExpressCheckoutPayment", $nvpstr);
/* Display the API response back to the browser.
If the response from PayPal was a success, display the response parameters'
If the response was an error, display the errors received using APIError.php. */
$ack = strtoupper($resArray["ACK"]);
$_SESSION['reshash'] = $resArray;
if ($ack != "SUCCESS") {
$location = get_option('transact_url') . "&act=error";
} else {
$transaction_id = $wpdb->escape($resArray['TRANSACTIONID']);
switch ($resArray['PAYMENTSTATUS']) {
case 'Processed':
// I think this is mostly equivalent to Completed
// I think this is mostly equivalent to Completed
case 'Completed':
$wpdb->query("UPDATE `" . WPSC_TABLE_PURCHASE_LOGS . "` SET `processed` = '3' WHERE `sessionid` = " . $sessionid . " LIMIT 1");
transaction_results($_SESSION['wpsc_sessionid'], false, $transaction_id);
break;
case 'Pending':
// need to wait for "Completed" before processing
$wpdb->query("UPDATE `" . WPSC_TABLE_PURCHASE_LOGS . "` SET `transactid` = '" . $transaction_id . "',`processed` = '2', `date` = '" . time() . "' WHERE `sessionid` = " . $sessionid . " LIMIT 1");
break;
}
$location = add_query_arg('sessionid', $sessionid, get_option('transact_url'));
$_SESSION['paypalExpressMessage'] = null;
wp_redirect($location);
exit;
}
@($_SESSION['nzshpcrt_serialized_cart'] = '');
$_SESSION['nzshpcrt_cart'] = '';
$_SESSION['nzshpcrt_cart'] = array();
$wpsc_cart->empty_cart();
} else {
if (isset($_REQUEST['paymentType']) || isset($_REQUEST['token'])) {
$token = $_REQUEST['token'];
if (!isset($token)) {
$paymentAmount = $_SESSION['paypalAmount'];
$currencyCodeType = get_option('paypal_curcode');
$paymentType = 'Sale';
if (get_option('permalink_structure') != '') {
$separator = "?";
} else {
$separator = "&";
}
$returnURL = urlencode(get_option('transact_url') . $separator . 'currencyCodeType=' . $currencyCodeType . '&paymentType=' . $paymentType . '&paymentAmount=' . $paymentAmount);
$cancelURL = urlencode(get_option('transact_url') . $separator . 'paymentType=$paymentType');
/* Construct the parameter string that describes the PayPal payment
the varialbes were set in the web form, and the resulting string
is stored in $nvpstr */
$nvpstr = "&Amt=" . $paymentAmount . "&PAYMENTACTION=" . $paymentType . "&ReturnUrl=" . $returnURL . "&CANCELURL=" . $cancelURL . "&CURRENCYCODE=" . $currencyCodeType;
/* Make the call to PayPal to set the Express Checkout token
If the API call succeded, then redirect the buyer to PayPal
to begin to authorize payment. If an error occured, show the
resulting errors
*/
$resArray = paypal_hash_call("SetExpressCheckout", $nvpstr);
$_SESSION['reshash'] = $resArray;
$ack = strtoupper($resArray["ACK"]);
if ($ack == "SUCCESS") {
// Redirect to paypal.com here
$token = urldecode($resArray["TOKEN"]);
$payPalURL = $PAYPAL_URL . $token;
wp_redirect($payPalURL);
} else {
// Redirecting to APIError.php to display errors.
$location = get_option('transact_url') . "&act=error";
wp_redirect($location);
}
exit;
} else {
/* At this point, the buyer has completed in authorizing payment
at PayPal. The script will now call PayPal with the details
of the authorization, incuding any shipping information of the
buyer. Remember, the authorization is not a completed transaction
at this state - the buyer still needs an additional step to finalize
the transaction
*/
$token = urlencode($_REQUEST['token']);
/* Build a second API request to PayPal, using the token as the
ID to get the details on the payment authorization
*/
$nvpstr = "&TOKEN=" . $token;
/* Make the API call and store the results in an array. If the
call was a success, show the authorization details, and provide
an action to complete the payment. If failed, show the error
*/
$resArray = paypal_hash_call("GetExpressCheckoutDetails", $nvpstr);
$_SESSION['reshash'] = $resArray;
$ack = strtoupper($resArray["ACK"]);
if ($ack == "SUCCESS") {
/********************************************************
GetExpressCheckoutDetails.php
This functionality is called after the buyer returns from
PayPal and has authorized the payment.
Displays the payer details returned by the
GetExpressCheckoutDetails response and calls
DoExpressCheckoutPayment.php to complete the payment
authorization.
Called by ReviewOrder.php.
Calls DoExpressCheckoutPayment.php and APIError.php.
********************************************************/
session_start();
/* Collect the necessary information to complete the
authorization for the PayPal payment
*/
$_SESSION['token'] = $_REQUEST['token'];
$_SESSION['payer_id'] = $_REQUEST['PayerID'];
$resArray = $_SESSION['reshash'];
if (get_option('permalink_structure') != '') {
$separator = "?";
} else {
$separator = "&";
}
/* Display the API response back to the browser .
If the response from PayPal was a success, display the response parameters
*/
if (isset($_REQUEST['TOKEN']) && !isset($_REQUEST['PAYERID'])) {
$_SESSION['paypalExpressMessage'] = '<h4>TRANSACTION CANCELED</h4>';
} else {
$output = "\n\t\t\t\t <table width='400' class='paypal_express_form'>\n\t\t\t\t <tr>\n\t\t\t\t <td align='left' class='firstcol'><b>" . __('Error Number:', 'wpsc') . "Order Total:</b></td>\n\t\t\t\t <td align='left'>" . wpsc_currency_display($_SESSION['paypalAmount']) . "</td>\n\t\t\t\t </tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t <td align='left'><b>" . __('Shipping Address:', 'wpsc') . " </b></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t <tr>\n\t\t\t\t <td align='left' class='firstcol'>\n\t\t\t\t " . __('Street 1:', 'wpsc') . "</td>\n\t\t\t\t <td align='left'>" . $resArray['SHIPTOSTREET'] . "</td>\n\t\t\t\t\n\t\t\t\t </tr>\n\t\t\t\t <tr>\n\t\t\t\t <td align='left' class='firstcol'>\n\t\t\t\t " . __('Street 2:', 'wpsc') . "</td>\n\t\t\t\t <td align='left'>" . $resArray['SHIPTOSTREET2'] . "\n\t\t\t\t </td>\n\t\t\t\t </tr>\n\t\t\t\t <tr>\n\t\t\t\t <td align='left' class='firstcol'>\n\t\t\t\t " . __('City:', 'wpsc') . "</td>\n\t\t\t\t\n\t\t\t\t <td align='left'>" . $resArray['SHIPTOCITY'] . "</td>\n\t\t\t\t </tr>\n\t\t\t\t <tr>\n\t\t\t\t <td align='left' class='firstcol'>\n\t\t\t\t " . __('State:', 'wpsc') . "</td>\n\t\t\t\t <td align='left'>" . $resArray['SHIPTOSTATE'] . "</td>\n\t\t\t\t </tr>\n\t\t\t\t <tr>\n\t\t\t\t <td align='left' class='firstcol'>\n\t\t\t\t " . __('Postal code:', 'wpsc') . "</td>\n\t\t\t\t\n\t\t\t\t <td align='left'>" . $resArray['SHIPTOZIP'] . "</td>\n\t\t\t\t </tr>\n\t\t\t\t <tr>\n\t\t\t\t <td align='left' class='firstcol'>\n\t\t\t\t " . __('Country:', 'wpsc') . "</td>\n\t\t\t\t <td align='left'>" . $resArray['SHIPTOCOUNTRYNAME'] . "</td>\n\t\t\t\t </tr>\n\t\t\t\t <tr>\n\t\t\t\t <td>";
$output .= "<form action=" . get_option('transact_url') . " method='post'>\n";
$output .= "\t<input type='hidden' name='totalAmount' value='" . wpsc_cart_total(false) . "' />\n";
$output .= "\t<input type='hidden' name='shippingStreet' value='" . $resArray['SHIPTOSTREET'] . "' />\n";
$output .= "\t<input type='hidden' name='shippingStreet2' value='" . $resArray['SHIPTOSTREET2'] . "' />\n";
$output .= "\t<input type='hidden' name='shippingCity' value='" . $resArray['SHIPTOCITY'] . "' />\n";
$output .= "\t<input type='hidden' name='shippingState' value='" . $resArray['SHIPTOSTATE'] . "' />\n";
$output .= "\t<input type='hidden' name='postalCode' value='" . $resArray['SHIPTOZIP'] . "' />\n";
$output .= "\t<input type='hidden' name='country' value='" . $resArray['SHIPTOCOUNTRYNAME'] . "' />\n";
$output .= "\t<input type='hidden' name='token' value='" . $_SESSION['token'] . "' />\n";
$output .= "\t<input type='hidden' name='PayerID' value='" . $_SESSION['payer_id'] . "' />\n";
$output .= "\t<input type='hidden' name='act' value='do' />\n";
$output .= "\t<p> <input name='usePayPal' type='submit' value='" . __('Confirm Payment', 'wpsc') . "' /></p>\n";
$output .= "</form>";
$output .= " </td>\n\t\t\t\t\t </tr>\n\t\t\t\t\t </table>\n\t\t\t\t\t</center>\n\t\t\t\t\t";
$_SESSION['paypalExpressMessage'] = $output;
}
}
}
}
}
}
}
