/** * creates an escaped "INSERT INTO" sql-string * @param string $table * @param array $data with key=column_name and value=column_value * for sql-commands set value like "sqlcommand:now()" * @return string $returnString */ function getEscapedInsertInto($table, $data) { $table = trim($table); if (!is_string($table) || !$table) { return ''; } if (!is_array($data) || !$data) { return ''; } $returnString = 'INSERT INTO `' . HelperFunctions::escapeSql($table) . '` (`'; $columns = array_keys($data); $returnString .= implode('`, `', $columns); $returnString .= '`) VALUES ('; foreach ($data as $value) { if (strpos($value, 'sqlcommand:') === 0) { $returnString .= HelperFunctions::escapeSql(substr($value, 11)) . ", "; //its a sql-command } else { $returnString .= "'" . HelperFunctions::escapeSql($value) . "', "; //its a normal string or int } } $returnString = substr($returnString, 0, -2); //deletes comma and whitespace $returnString .= ')'; //dont add ';' return $returnString; }
function remove() { xtc_db_query("delete from " . HelperFunctions::escapeSql(TABLE_CONFIGURATION) . " where configuration_key LIKE 'MODULE_PAYMENT_SOFORT_SL%'"); xtc_db_query("delete from " . HelperFunctions::escapeSql(TABLE_CONFIGURATION) . " where configuration_key LIKE 'MODULE_PAYMENT_SOFORT_SOFORTLASTSCHRIFT%'"); //if this is the last removing of a multipay-paymentmethod --> we also remove all shared keys, that are used by all/most multipay-modules parent::remove(); }
function remove() { xtc_db_query("delete from " . HelperFunctions::escapeSql(TABLE_CONFIGURATION) . " where configuration_key LIKE 'MODULE_ORDER_TOTAL_SOFORT_%'"); }
/** * Insert serialized orderdata into shop-db, if it was not inserted by successUrl-call before * @return int orderId or die() in case of failures */ function handleOrderInsertion($transactionId, $paymentSecret, $paymentMethod, $customerId) { require_once HelperFunctions::getSofortOrderhandlingLink(); $SofortOrderhandling = new SofortOrderhandling(); //get serialized sessiondata $savedSession = $SofortOrderhandling->getSavedSessionData($transactionId, $paymentSecret); //Order was already saved if (!$savedSession) { usleep(10000); //avoid race-conditions between success-url and notification and needless error-mails $orderId = $SofortOrderhandling->getOrderId($transactionId, $paymentSecret); if (!$orderId) { //saved sessiondata was not found and no order-id exists xtc_db_query('UPDATE sofort_orders SET data_acquired = "0" WHERE payment_secret = "' . HelperFunctions::escapeSql($paymentSecret) . '" AND transaction_id = "' . HelperFunctions::escapeSql($transactionId) . '"'); $errors = array('description' => 'Order could not be saved in shop-DB and orderdata could not be found.', 'transactionId' => $transactionId, 'customerId' => $customerId, 'paymentmethod' => $paymentMethod); HelperFunctions::sendAdminErrorMail($errors); exit('Error: Order could not be saved.'); } else { return $orderId; } } else { //restore $_SESSION and $GLOBALS from saved serialized data $SofortOrderhandling->restoreGivenSessionDataToSession($savedSession); $insertData = $SofortOrderhandling->insertOrderIntoShop(); $orderId = $insertData['orderId']; $sofortData = $insertData['sofortData']; if (!$orderId) { xtc_db_query('UPDATE sofort_orders SET data_acquired = "0" WHERE payment_secret = "' . HelperFunctions::escapeSql($paymentSecret) . '" AND transaction_id = "' . HelperFunctions::escapeSql($transactionId) . '"'); $errors = array('description' => 'Order was MAYBE not successfully saved in shop-DB or Order-ID is unknown. Please check the order for completeness!', 'transactionId' => $transactionId, 'paymentmethod' => $paymentMethod, 'customerId' => $customerId, 'orderdata' => $savedSession); HelperFunctions::sendAdminErrorMail($errors); exit('Error: MAYBE order could not be saved. Please check!'); } else { // order was successfully saved, delete serialized session from db and send email to seller/customer $SofortOrderhandling->insertOrderIdInSofortTables($transactionId, $paymentSecret, $orderId); //save articleattributes (required for order-sync with SR) if ($paymentMethod == 'sr') { $SofortOrderhandling->insertOrderAttributesInSofortTables($orderId, $sofortData); } $SofortOrderhandling->deleteSavedSessionFromDb($transactionId, $paymentSecret); $SofortOrderhandling->insertTransIdInTableOrders($transactionId, $orderId); if ($paymentMethod == 'sr') { HelperFunctions::sendOrderIdToSofort(MODULE_PAYMENT_SOFORT_MULTIPAY_APIKEY, $transactionId, $orderId); } $SofortOrderhandling->sendOrderEmails($orderId); $SofortOrderhandling->doSpecialThingsAfterSuccessfulInsertion(); return $orderId; } } }
/** * set the given orderId into orders-table to the affected dataset * @return always true */ public function insertTransIdInTableOrders($transactionId, $orderId) { xtc_db_query('UPDATE ' . HelperFunctions::escapeSql(TABLE_ORDERS) . ' SET orders_ident_key=\'' . HelperFunctions::escapeSql($transactionId) . '\' WHERE orders_id=\'' . HelperFunctions::escapeSql($orderId) . '\''); return true; }
/** * manager for: save orderdata in shop-DB, emails, cleanup sofort-tables (if a notification has not done it before) * @return nothing (always redirects) */ function _finalizeOrderprocessAfterSuccessfulPayment($transactionId, $paymentSecret) { //get serialized session $savedSession = $this->SofortOrderhandling->getSavedSessionData($transactionId, $paymentSecret); //Order was already saved if (!$savedSession) { usleep(10000); //avoid race-conditions between success-url and notification and needless error-mails $orderId = $this->SofortOrderhandling->getOrderId($transactionId, $paymentSecret); if (!$orderId) { //saved sessiondata was not found and no order-id exists $errors = array('Description' => 'Order could not be saved in shop-DB and orderdata could not be found.', 'Transaction-ID' => $transactionId, 'Customer-ID' => $_SESSION['customer_id'], 'Paymentmethod' => $this->code); HelperFunctions::sendAdminErrorMail($errors); $errors = array(0 => array('code' => '10006')); //Fatal error: saving in sofort_orders failed, seller informed xtc_redirect(HelperFunctions::getCancelUrl($this->code, $errors)); } else { // order was saved by notification $this->SofortOrderhandling->deleteShopSessionData(); $this->SofortOrderhandling->deleteSofortSessionData(); $this->_redirectToSuccessPage($orderId); } } else { $this->SofortOrderhandling->restoreGivenSessionDataToSession($savedSession); $insertData = $this->SofortOrderhandling->insertOrderIntoShop(); $orderId = $insertData['orderId']; $sofortData = $insertData['sofortData']; if (!$orderId) { xtc_db_query('UPDATE sofort_orders SET data_acquired = "0" WHERE payment_secret = "' . HelperFunctions::escapeSql($paymentSecret) . '" AND transaction_id = "' . HelperFunctions::escapeSql($transactionId) . '"'); $errors = array('description' => 'Order may not have been successfully saved in shop-DB or Order-ID is unknown. Please check the order for completeness!', 'transactionId' => $transactionId, 'paymentmethod' => $this->code, 'customerId' => $_SESSION['customer_id'], 'orderdata' => $savedSession); HelperFunctions::sendAdminErrorMail($errors); $errors = array(0 => array('code' => '10005')); //Fatal error: saving in sofort_orders might have failed, seller informed xtc_redirect(HelperFunctions::getCancelUrl($this->code, $errors)); } else { //order was successfully saved, now delete serialized session from db, cleanup $_SESSION and send email to seller/customer //Notice: success-message will always be set by notification into history! $this->SofortOrderhandling->insertOrderIdInSofortTables($transactionId, $paymentSecret, $orderId); //save articleattributes (required for order-sync with SR) if ($this->code == 'sofort_sofortrechnung') { $this->SofortOrderhandling->insertOrderAttributesInSofortTables($orderId, $sofortData); } $this->SofortOrderhandling->deleteSavedSessionFromDb($transactionId, $paymentSecret); $this->SofortOrderhandling->insertTransIdInTableOrders($transactionId, $orderId); if ($this->code == 'sofort_sofortrechnung') { HelperFunctions::sendOrderIdToSofort(MODULE_PAYMENT_SOFORT_MULTIPAY_APIKEY, $transactionId, $orderId); } $this->SofortOrderhandling->deleteShopSessionData(); $this->SofortOrderhandling->deleteSofortSessionData(); if (SEND_EMAILS == 'true') { $this->SofortOrderhandling->sendOrderEmails($orderId); } $this->SofortOrderhandling->doSpecialThingsAfterSuccessfulInsertion(); $this->_redirectToSuccessPage($orderId); } } }