/**
* This is the frontend or backend method used directly
* @see cbpaidPaymentBasket::store()
*
* If table key (id) is NULL : inserts a new row
* otherwise updates existing row in the database table
*
* Can be overridden or overloaded by the child class
*
* @param boolean $updateNulls TRUE: null object variables are also updated, FALSE: not.
* @return boolean TRUE if successful otherwise FALSE
*/
public function store($updateNulls = false)
{
global $_CB_framework, $_CB_database;
// 1) check:
if (!in_array($this->payment_status, array('Pending', 'Refunded', 'NotInitiated'))) {
$this->setError(CBPTXT::T("This payment basket is not pending."));
return false;
}
if ($this->txn_id == '') {
$this->txn_id = 'None';
// needed for updatePayment to generate payment record.
}
$paymentBasket = new cbpaidPaymentBasket($_CB_database);
$paymentBasket->load($this->id);
if (!$paymentBasket->gateway_account) {
$this->setError(CBPTXT::T("This payment basket has no gateway associated so can not be paid manually."));
return false;
}
$ipn = new cbpaidPaymentNotification($_CB_database);
$ipn->bindObjectToThisObject($paymentBasket, 'id');
$ipn->mc_currency = $this->mc_currency;
$ipn->mc_gross = $this->mc_gross;
if (!preg_match('/^[1-9][0-9]{3}-[01][0-9]-[0-3][0-9]/', $this->time_completed)) {
$this->time_completed = Application::Database()->getUtcDateTime();
}
$paymentBasket->time_completed = $this->time_completed;
$ipn->payment_type = $this->payment_type;
$paymentBasket->payment_type = $this->payment_type;
$ipn->txn_id = $this->txn_id;
$paymentBasket->txn_id = $this->txn_id;
$ipn->payment_status = 'Completed';
$ipn->txn_type = 'web_accept';
$ipn->payment_method = $this->payment_method;
$ipn->gateway_account = $this->gateway_account;
$ipn->log_type = 'P';
$ipn->time_received = $_CB_database->getUtcDateTime();
$ipn->payment_date = gmdate('H:i:s M d, Y T', $this->time_completed ? cbpaidTimes::getInstance()->strToTime($this->time_completed) : cbpaidTimes::getInstance()->startTime());
// paypal-style //TBD FIXME: WE SHOULD CHANGE THIS OLD DATE STYLE ONCE WITH UTC timezone inputed
$ipn->payment_basket_id = $this->id;
$ipn->raw_result = 'manual';
$ipn->raw_data = '';
$ipn->ip_addresses = cbpaidRequest::getIPlist();
$ipn->user_id = Application::MyUser()->getUserId();
$ipn->txn_id = $this->txn_id;
$ipn->payment_type = $this->payment_type;
$ipn->charset = $_CB_framework->outputCharset();
//TBD
/*
$paymentBasket->first_name = $ipn->first_name = cbGetParam( $_POST, 'txtBTitle' );
$paymentBasket->first_name = $ipn->first_name = cbGetParam( $_POST, 'txtBFirstName' );
$paymentBasket->last_name = $ipn->last_name = cbGetParam( $_POST, 'txtBLastName' );
$paymentBasket->address_street = $ipn->address_street = cbGetParam( $_POST, 'txtBAddr1' );
$paymentBasket->address_zip = $ipn->address_zip = cbGetParam( $_POST, 'txtBZipCode' );
$paymentBasket->address_city = $ipn->address_city = cbGetParam( $_POST, 'txtBCity' );
$paymentBasket->address_country = $ipn->address_country = cbGetParam( $_POST, 'txtBCountry' );
//TBD? $paymentBasket->phone = $ipn->phone = cbGetParam( $_POST, 'txtBTel' );
//TBD? $paymentBasket->fax = $ipn->fax = cbGetParam( $_POST, 'txtBFax' );
$paymentBasket->payer_email = $ipn->payer_email = cbGetParam( $_POST, 'txtBEmail' );
*/
if (!$_CB_database->insertObject($ipn->getTableName(), $ipn, $ipn->getKeyName())) {
trigger_error('store error:' . htmlspecialchars($_CB_database->getErrorMsg()), E_USER_ERROR);
//TBD also in paypal: error code 500 !!!
}
$payAccount = cbpaidControllerPaychoices::getInstance()->getPayAccount($paymentBasket->gateway_account);
if (!$payAccount) {
$this->setError(CBPTXT::T("This payment basket's associated gateway account is not active, so can not be paid manually."));
return false;
}
$payClass = $payAccount->getPayMean();
$payClass->updatePaymentStatus($paymentBasket, 'web_accept', 'Completed', $ipn, 1, 0, 0, 'singlepayment');
return true;
}
/**
* Put $result into $ipn->raw_result and store.
* Trigger_error warning if store fails.
*
* @param cbpaidPaymentNotification $ipn
* @param string $result 'SUCCESS', 'FAILED', 'MISMATCH', 'SIGNERROR', ...
*/
protected function _storeIpnResult(&$ipn, $result)
{
$ipn->raw_result = $result;
if (!$ipn->store()) {
global $_CB_database;
trigger_error($this->getPayName() . ' log store error:' . htmlspecialchars($_CB_database->getErrorMsg()), E_USER_NOTICE);
}
}
/**
* WARNING: UNCHECKED ACCESS! On purpose unchecked access for M2M operations
* Generates the HTML to display for a specific component-like page for the tab. WARNING: unchecked access !
* @param TabTable|null $tab the tab database entry
* @param UserTable $user the user being displayed
* @param int $ui 1 for front-end, 2 for back-end
* @param array $postdata _POST data for saving edited tab content as generated with getEditTab
* @return mixed either string HTML for tab content, or false if ErrorMSG generated
*/
public function getTabComponent( /** @noinspection PhpUnusedParameterInspection */ $tab, $user, $ui, $postdata ) {
global $_CB_database, $_CB_framework, $_POST;
$return = '';
$paid = false;
$oldignoreuserabort = ignore_user_abort(true);
$allowHumanHtmlOutput = true; // this will be reverted in case of M2M server-to-server notifications
$act = $this->base->_getReqParam( 'act' );
$actPosted = isset($_POST[$this->base->_getPagingParamName('act')]);
if ( $act === null ) {
$act = $this->base->input( 'act', null, GetterInterface::COMMAND );
$actPosted = $this->base->input( 'post/act', null, GetterInterface::COMMAND ) !== null;
}
$post_user_id = (int) cbGetParam( $_GET, 'user', 0 );
if ( $actPosted && ( $post_user_id > 0 ) ) {
$access = false;
$myId = $_CB_framework->myId();
if ( is_object( $user ) ) {
if ( $myId == 0 ) {
if ( in_array( $act, array( 'saveeditinvoiceaddress', 'saveeditbasketintegration', 'showbskt' ) ) ) {
$access = true;
} else {
$paidsubsManager =& cbpaidSubscriptionsMgr::getInstance();
if ( ! $paidsubsManager->checkExpireMe( __FUNCTION__, $user->id, false ) ) {
// expired subscriptions: we will allow limited access to:
if ( in_array( $act, array( 'upgrade', 'pay', 'reactivate', 'resubscribe', 'display_subscriptions' ) ) ) {
$access = true;
}
}
}
} else {
if ( ( $ui == 1 && ( $user->id == $myId ) )
|| ( cbpaidApp::authoriseAction( 'cbsubs.usersubscriptionmanage' ) ) ) {
$access = true;
}
}
} else {
$return = CBPTXT::T("User does not exist") . '.';
}
if ( ! $access ) {
$return .= '<br />' . CBPTXT::T("Not authorized action") . '.';
return $return;
}
cbSpoofCheck( 'plugin' ); // anti-spoofing check
// renew or upgrade subscription payment form:
$params = $this->params;
$now = $_CB_framework->now();
$subscriptionsGUI = new cbpaidControllerUI();
$subscriptionIds = $subscriptionsGUI->getEditPostedBoxes( 'id' );
if ( $subscriptionIds == array( 0 ) ) {
$subscriptionIds = array();
}
if ( $post_user_id && ( $user->id == $post_user_id ) ) {
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
switch ( $act ) {
case 'upgrade': // upgrade an existing subscription
// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$chosenPlans = $subscriptionsGUI->getAndCheckChosenUpgradePlans( $postdata, $user, $now );
if ( ( ! is_array( $chosenPlans ) ) || ( count( $chosenPlans ) == 0 ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= ( is_string( $chosenPlans ) ? $chosenPlans . '<br />' : '' )
. sprintf( CBPTXT::Th("Please press back button and select the %s plan to which you would like to upgrade."), $subTxt );
break;
}
$introText = CBPTXT::Th( $params->get( 'intro_text_upgrade', null ) );
//TBD: check if already exists (reload protection):
$paymentBasket = cbpaidControllerOrder::createSubscriptionsAndPayment( $user, $chosenPlans, $postdata, $subscriptionIds, null, 'R', CBPTXT::T("Upgrade"), 'U' );
if ( is_object( $paymentBasket ) ) {
$return = cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$return = $paymentBasket; // show messages as nothing to pay.
}
break;
case 'pay': // pay for an unpaid subscription
// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$plan = $this->base->_getReqParam( 'plan' );
if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
break;
}
$plansMgr =& cbpaidPlansMgr::getInstance();
$chosenPlans = array();
$chosenPlans[(int) $plan] = $plansMgr->loadPlan( (int) $plan );
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$paymentStatus = null;
$return = cbpaidControllerOrder::showPaymentForm( $user, $chosenPlans, $introText, $subscriptionIds, $paymentStatus );
break;
case 'renew': // renew a still valid subscription
case 'reactivate': // reactivate an expired subscription
case 'resubscribe': // resubscribe a cancelled subscription
// display basket and payment buttons or redirect for payment depending if multiple payment choices or intro text present:
$plan = $this->base->_getReqParam( 'plan' );
if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
break;
}
$plansMgr =& cbpaidPlansMgr::getInstance();
$chosenPlans = array();
$chosenPlans[(int) $plan] = $plansMgr->loadPlan( (int) $plan );
$paidSomethingMgr =& cbpaidSomethingMgr::getInstance();
$subscription = $paidSomethingMgr->loadSomething( $subscriptionIds[$plan][0], $subscriptionIds[$plan][1] );
global $_PLUGINS;
$_PLUGINS->loadPluginGroup( 'user', 'cbsubs.' );
$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin');
$_PLUGINS->trigger( 'onCPayAfterPlanRenewalSelected', array( &$chosenPlans[(int) $plan], &$subscription, $act ) );
if ( $_PLUGINS->is_errors() ) {
$return .= $_PLUGINS->getErrorMSG();
break;
}
$introText = CBPTXT::Th( $params->get( 'intro_text_renew', null ) );
//TBD: check if already exists (reload protection):
$paymentBasket = cbpaidControllerOrder::createSubscriptionsAndPayment( $user, $chosenPlans, $postdata, $subscriptionIds, null, null, CBPTXT::T("Renew"), 'R' );
if ( is_object( $paymentBasket ) ) {
$return = cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$return = $paymentBasket; // show messages as nothing to pay.
}
break;
case 'unsubscribe': // request to unsubscribe an active subscription
// display unsubscribe confirmation form:
$plan = $this->base->_getReqParam( 'plan' );
if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
break;
}
$introText = CBPTXT::Th( $params->get( 'unsubscribe_intro_text' , null ) );
$return = $subscriptionsGUI->showUnsubscribeForm( $user, $introText, (int) $plan, (int) $subscriptionIds[$plan][1] );
break;
case 'confirm_unsubscribe': // confirm previous request to unsubscribe an active subscription
// unsubscribe confirmed:
$plan = $this->base->_getReqParam( 'plan' );
if ( ( ! $plan ) || ( ! isset( $subscriptionIds[$plan] ) ) || ( ! $subscriptionIds[$plan] ) ) {
$subTxt = CBPTXT::T( $params->get( 'subscription_name', 'subscription' ) );
$return .= sprintf( CBPTXT::Th("Please press back button and select a %s plan."), $subTxt );
break;
}
if ( ( $plan ) && ( count( $subscriptionIds ) == 1 ) ) {
$unsubscribeConfText = CBPTXT::Th( $params->get( 'unsubscribe_confirmation_text', null ) );
$return = cbpaidControllerOrder::doUnsubscribeConfirm( $user, $unsubscribeConfText, (int) $plan, (int) $subscriptionIds[$plan][1] );
}
break;
case 'display_subscriptions':
// unsubscribe cancelled: display subscriptions:
$return = $this->base->displayUserTab( $user );
break;
case 'showinvoice':
// shows a particular user invoice:
if ( $params->get( 'show_invoices', 1 ) ) {
$invoiceNo = $this->base->_getReqParam( 'invoice' );
$return = $this->showInvoice( $invoiceNo, $user );
}
break;
case 'saveeditinvoiceaddress':
case 'editinvoiceaddress': // this is the case of reload of invoicing address
$invoicingAddressQuery = $params->get( 'invoicing_address_query' );
if ( $invoicingAddressQuery > 0 ) {
$basketId = $this->base->_getReqParam( 'basket', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
if ( ( $act == 'saveeditinvoiceaddress' ) && $this->base->input( 'actbutton', null, GetterInterface::COMMAND ) ) { // IE7-8 will return text instead of value and IE6 will return button all the time http://www.dev-archive.net/articles/forms/multiple-submit-buttons.html
$return = $paymentBasket->saveInvoicingAddressForm( $user );
if ( $return === null ) {
$paymentBasket->storeInvoicingDefaultAddress();
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
}
} else {
// invoice has reloaded itself (e.g. for country change):
$return = $paymentBasket->renderInvoicingAddressForm( $user );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'saverecordpayment':
case 'editrecordpayment': // this is the case of reload of the form
$basketId = $this->base->_getReqParam( 'basket', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status != 'Completed' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
if ( $paymentBasket->authoriseAction( 'cbsubs.recordpayments' ) ) {
if ( ( $act == 'saverecordpayment' ) && $this->base->input( 'actbutton', null, GetterInterface::COMMAND ) ) { // IE7-8 will return text instead of value and IE6 will return button all the time http://www.dev-archive.net/articles/forms/multiple-submit-buttons.html
$return = cbpaidRecordBasketPayment::saveRecordPayment( $paymentBasket->id );
if ( $return === null ) {
$return .= CBPTXT::T("Payment recorded.")
. ' <a href="' . $_CB_framework->userProfileUrl( $paymentBasket->user_id, true ) . '">'
. CBPTXT::Th("View user profile")
. '</a>';
}
} else {
// invoice has reloaded itself (e.g. for country change):
$return = cbpaidRecordBasketPayment::displayRecordPaymentForm( $paymentBasket->id );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
break;
default:
cbNotAuth();
return '';
break;
}
}
} elseif ( $this->base->_getReqParam( 'account' ) && ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) {
$account = $this->base->_getReqParam( 'account' );
$post_user_id = (int) cbGetParam( $_GET, 'user', 0 );
$user = CBuser::getUserDataInstance( (int) $post_user_id );
if ( $user->id ) {
if ( isset( $_SESSION['cbsubs']['expireduser'] ) && ( $_SESSION['cbsubs']['expireduser'] == $user->id ) ) {
// expired subscriptions of membership: show possibilities:
$subscriptionsGUI = new cbpaidControllerUI();
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
switch ( $account ) {
case 'expired':
$paidsubsManager =& cbpaidSubscriptionsMgr::getInstance();
if ( ! $paidsubsManager->checkExpireMe( __FUNCTION__, $user->id, false ) ) {
// no valid membership:
$return = $subscriptionsGUI->getShowSubscriptionUpgrades( $user, true );
}
break;
default:
break;
}
} else {
$return = CBPTXT::Th("Browser cookies must be enabled.");
}
}
} elseif ( in_array( $act, array( 'setbsktpmtmeth', 'setbsktcurrency' ) ) ) {
cbSpoofCheck( 'plugin' ); // anti-spoofing check
$params = $this->params;
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
$basketId = $this->base->_getReqParam( 'bskt', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
switch ( $act ) {
case 'setbsktpmtmeth':
if ( $params->get( 'payment_method_selection_type' ) == 'radios' ) {
$chosenPaymentMethod = cbGetParam( $_POST, 'payment_method' );
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return = $paymentBasket->saveBasketPaymentMethodForm( $user, $introText, $chosenPaymentMethod );
if ( $return === null ) {
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'setbsktcurrency':
if ( $params->get( 'allow_select_currency', '0' ) ) {
$newCurrency = cbGetParam( $_POST, 'currency' );
if ( $newCurrency ) {
if ( in_array( $newCurrency, cbpaidControllerPaychoices::getInstance()->getAllCurrencies() ) ) {
$paymentBasket->changeCurrency( $newCurrency );
} else {
$this->base->_setErrorMSG( CBPTXT::T("This currency is not allowed") );
}
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Changes of currency of orders are not authorized") );
}
break;
default:
cbNotAuth();
return '';
break;
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
} elseif ( $act == 'cbsubsclass' ) {
$pluginName = $this->base->_getReqParam( 'class' );
if ( preg_match( '/^[a-z]+$/', $pluginName ) ) {
$element = 'cbsubs.' . $pluginName;
global $_PLUGINS;
$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin', $element );
$loadedPlugins =& $_PLUGINS->getLoadedPluginGroup( 'user/plug_cbpaidsubscriptions/plugin' );
$params = $this->params;
foreach ($loadedPlugins as $p ) {
if ( $p->element == $element ) {
$pluginId = $p->id;
$args = array( &$user, &$params, &$postdata );
/** @noinspection PhpUndefinedCallbackInspection */
$return = $_PLUGINS->call( $pluginId, 'executeTask', 'getcbsubs' . $pluginName . 'Tab', $args, null );
break;
}
}
}
} elseif ( $act && ( ! in_array( $act, array( 'showbskt', 'setbsktpmtmeth' ) ) ) && ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) {
if ( ! is_object( $user ) ) {
return CBPTXT::T("User does not exist.");
}
$params = $this->params;
$post_user_id = (int) cbGetParam( $_GET, 'user', 0 );
if ( $post_user_id && ( ( $user->id == $post_user_id ) || ( cbpaidApp::authoriseAction( 'cbsubs.usersubscriptionmanage' ) ) ) ) {
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
switch ( $act ) {
case 'showinvoice':
if ( $params->get( 'show_invoices', 1 ) ) {
$invoiceNo = $this->base->_getReqParam( 'invoice', 0 );
// This also checks for cbpaidApp::authoriseAction on cbsubs.sales or cbsubs.financial access permissions:
$return = $this->showInvoice( $invoiceNo, $user );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'showinvoiceslist':
$showInvoices = $params->get( 'show_invoices', 1 );
$invoicesShowPeriod = $params->get( 'invoices_show_period', '0000-06-00 00:00:00' );
$itsmyself = ( $_CB_framework->myId() == $user->id );
if ( $showInvoices && ( $itsmyself || ( cbpaidApp::authoriseAction( 'cbsubs.sales' ) || cbpaidApp::authoriseAction( 'cbsubs.financial' ) ) ) ) {
$subscriptionsGUI = new cbpaidControllerUI();
$invoices = $this->_getInvoices( $user, $invoicesShowPeriod, false );
if ( $invoicesShowPeriod && ( $invoicesShowPeriod != '0000-00-00 00:00:00' ) ) {
$cbpaidTimes =& cbpaidTimes::getInstance();
$periodText = $cbpaidTimes->renderPeriod( $invoicesShowPeriod, 1, false );
} else {
$periodText = '';
}
$return .= $subscriptionsGUI->showInvoicesList( $invoices, $user, $itsmyself, $periodText );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'editinvoiceaddress': // this is the case of the initial edit address link
if ( $params->get( 'invoicing_address_query' ) > 0 ) {
$basketId = $this->base->_getReqParam( 'basket', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
$return = $paymentBasket->renderInvoicingAddressForm( $user );
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
case 'showrecordpayment':
$paymentBasketId = $this->base->_getReqParam( 'recordpayment', 0 );
if ( $paymentBasketId ) {
$paymentBasket = new cbpaidPaymentBasket();
if ( $paymentBasket->load( (int) $paymentBasketId ) && $paymentBasket->authoriseAction( 'cbsubs.recordpayments' ) ) {
// Auto-loads class: and authorization is checked inside:
$return = cbpaidRecordBasketPayment::displayRecordPaymentForm( $paymentBasketId );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
break;
default:
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
break;
}
}
} elseif ( $act == 'showbskt' && ( ( ( (int) cbGetParam( $_GET, 'user', 0 ) ) > 0 ) ) || ( $this->base->_getReqParam( 'bskt', 0 ) && $this->base->_getReqParam( 'bck' ) ) ) {
$basketId = $this->base->_getReqParam( 'bskt', 0 );
$hashToCheck = $this->base->_getReqParam( 'bck' );
// Basket integrations saving/editing url:
if ( in_array($act, array( 'saveeditbasketintegration', 'editbasketintegration' ) ) ) { // edit is the case of edit or reload of integration form
$integration = $this->base->_getReqParam( 'integration' );
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( preg_match( '/^[a-z]+$/', $integration ) && $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) && ( $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) ) ) {
global $_PLUGINS;
$element = 'cbsubs.' . $integration;
$_PLUGINS->loadPluginGroup('user/plug_cbpaidsubscriptions/plugin', $element );
$results = $_PLUGINS->trigger( 'onCPayEditBasketIntegration', array( $integration, $act, &$paymentBasket ) );
$return = null;
foreach ( $results as $r ) {
if ( $r ) {
$return .= $r;
}
}
if ( $act == 'editbasketintegration' ) {
if ( $return !== null ) {
return $return;
}
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
}
$post_user_id = (int) cbGetParam( $_GET, 'user', 0 );
if ( $post_user_id && ! ( ( is_object( $user ) && ( $user->id == $post_user_id ) ) ) ) {
return CBPTXT::T("User does not exist.");
}
outputCbTemplate();
$this->base->outputRegTemplate();
outputCbJs();
$params = $this->params;
$paymentBasket = new cbpaidPaymentBasket( $_CB_database );
if ( $basketId && $paymentBasket->load( (int) $basketId ) && ( $paymentBasket->payment_status == 'NotInitiated' ) ) {
if ( ! $post_user_id ) {
$cbUser =& CBuser::getInstance( (int) $paymentBasket->user_id );
$user =& $cbUser->getUserData();
if ( ( ! is_object( $user ) ) || ! $user->id ) {
return CBPTXT::T("User does not exist.");
}
}
if ( ( $hashToCheck && $hashToCheck == $paymentBasket->checkHashUser( $hashToCheck ) )
|| ( ( ! $hashToCheck ) && $paymentBasket->user_id && ( $paymentBasket->user_id == $_CB_framework->myId() ) ) )
{
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
// } elseif ( isset($_REQUEST['result']) && isset( $_REQUEST['user'] ) && ( $_REQUEST['user'] > 0 ) ) {
} elseif ( isset($_REQUEST['result']) && ( $this->base->_getReqParam('method') || $this->base->_getReqParam('gacctno') ) ) {
// don't check license here so initiated payments can complete !
$params = $this->params;
$method = $this->base->_getReqParam('method');
if ( ( $method == 'freetrial' ) || ( $method == 'cancelpay' ) ) {
cbpaidApp::import( 'processors.freetrial.freetrial' );
cbpaidApp::import( 'processors.cancelpay.cancelpay' );
$className = 'cbpaidGatewayAccount' . $method;
$payAccount = new $className( $_CB_database );
} else {
$gateAccount = $this->base->_getReqParam('gacctno');
$payAccount = cbpaidControllerPaychoices::getInstance()->getPayAccount( $gateAccount );
if ( ! $payAccount ) {
return '';
}
}
$payClass = $payAccount->getPayMean();
$paymentBasket = new cbpaidPaymentBasket($_CB_database);
if ( $payClass && ( ( $this->base->_getReqParam('method') == $payClass->getPayName() ) || ( $this->base->_getReqParam('method') == null ) ) && $payClass->hashPdtBackCheck( $this->base->_getReqParam('pdtback') ) ) {
// output for resultNotification: $return and $allowHumanHtmlOutput
$return = $payClass->resultNotification( $paymentBasket, $postdata, $allowHumanHtmlOutput );
}
if ( ! $paymentBasket->id ) {
$this->base->_setErrorMSG(CBPTXT::T("No suitable basket found."));
} else {
$user =& CBuser::getUserDataInstance( (int) $paymentBasket->user_id );
if ( $paymentBasket->payment_status == 'RegistrationCancelled' ) {
// registration cancelled: delete payment basket and delete user after checking that he is not yet active:
if ( $paymentBasket->load( (int) $paymentBasket->id ) ) {
if ( $payClass->hashPdtBackCheck( $this->base->_getReqParam('pdtback') ) && ( ( $paymentBasket->payment_status == 'NotInitiated' ) || ( ( $paymentBasket->payment_status === 'Pending' ) && ( $paymentBasket->payment_method === 'offline' ) ) ) ) {
$notification = new cbpaidPaymentNotification();
$notification->initNotification( $payClass, 0, 'P', $paymentBasket->payment_status, $paymentBasket->payment_type, null, $_CB_framework->now(), $paymentBasket->charset );
$payClass->updatePaymentStatus( $paymentBasket, 'web_accept', 'RegistrationCancelled', $notification, 0, 0, 0, true );
// This is a notification or a return to site after payment, we want to log any error happening in third-party stuff in case:
cbpaidErrorHandler::keepTurnedOn();
}
}
}
if ( $allowHumanHtmlOutput ) {
// If frontend, we display result, otherwise, If Server-to-server notification: do not display any additional text here !
switch ( $paymentBasket->payment_status ) {
case 'Completed':
// PayPal recommends including the following information with the confirmation:
// - Item name
// - Amount paid
// - Payer email
// - Shipping address
$newMsg = sprintf( CBPTXT::Th("Thank you for your payment of %s for the %s %s."), $paymentBasket->renderPrice(),
$paymentBasket->item_name,
htmlspecialchars( $payClass->getTxtUsingAccount( $paymentBasket ) ) ) // ' using your paypal account ' . $paymentBasket->payer_email
. ' ' . $payClass->getTxtNextStep( $paymentBasket );
// . "Your transaction has been completed, and a receipt for your purchase has been emailed to you by PayPal. "
// . "You may log into your account at www.paypal.com to view details of this transaction.</p>\n";
if ( $params->get( 'show_invoices' ) ) {
$itsmyself = ( $_CB_framework->myId() == $user->id );
$subscriptionsGUI = new cbpaidControllerUI();
$newMsg .= '<p id="cbregviewinvoicelink">'
. $subscriptionsGUI->getInvoiceShowAhtml( $paymentBasket, $user, $itsmyself, CBPTXT::Th("View printable invoice") )
. '</p>'
;
}
$paid = true;
break;
case 'Pending':
$newMsg = sprintf( CBPTXT::Th("Thank you for initiating the payment of %s for the %s %s."), $paymentBasket->renderPrice(),
$paymentBasket->item_name,
htmlspecialchars( $payClass->getTxtUsingAccount( $paymentBasket ) ) ) // ' using your paypal account ' . $paymentBasket->payer_email
. ' ' . $payClass->getTxtNextStep( $paymentBasket );
// . "Your payment is currently being processed. "
// . "A receipt for your purchase will be emailed to you by PayPal once processing is complete. "
// . "You may log into your account at www.paypal.com to view status details of this transaction.</p>\n";
break;
case 'RegistrationCancelled':
$newMsg = $payClass->getTxtNextStep( $paymentBasket );
break;
case 'FreeTrial':
$newMsg = CBPTXT::Th("Thank you for subscribing to") . ' ' . $paymentBasket->item_name . '.'
. ' ' . $payClass->getTxtNextStep( $paymentBasket );
break;
case null:
$newMsg = CBPTXT::T("Payment basket does not exist.");
break;
case 'NotInitiated':
$newMsg = '';
break;
case 'RedisplayOriginalBasket':
if ( $paymentBasket->load( (int) $paymentBasket->id ) && ( $paymentBasket->payment_status == 'NotInitiated' ) ) {
$introText = CBPTXT::Th( $params->get( 'intro_text', null ) );
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, $introText );
}
$newMsg = '';
break;
case 'Processed':
case 'Denied':
case 'Reversed':
case 'Refunded':
case 'Partially-Refunded':
default:
$newMsg = $payClass->getTxtNextStep( $paymentBasket );
// "<p>Your transaction is not cleared and has currently following status: <strong>" . $paymentBasket->payment_status . ".</strong></p>"
// . "<p>You may log into your account at www.paypal.com to view status details of this transaction.</p>";
break;
}
if ( in_array( $paymentBasket->payment_status, array( 'Completed', 'Pending' ) ) ) {
$subscriptions = $paymentBasket->getSubscriptions();
$texts = array(); // avoid repeating several times identical texts:
if ( is_array( $subscriptions ) ) {
foreach ( $subscriptions as $sub ) {
/** @var $sub cbpaidSomething */
$thankYouParam = ( $paymentBasket->payment_status == 'Completed') ? 'thankyoutextcompleted' : 'thankyoutextpending';
$thankYouText = $sub->getPersonalized( $thankYouParam, true );
if ( $thankYouText && ! in_array( $thankYouText, $texts ) ) {
$texts[] = $thankYouText;
if ( strpos( $thankYouText, '<' ) === false ) {
$msgTag = 'p';
} else {
$msgTag = 'div';
}
$newMsg .= '<' . $msgTag . ' class="cbregThanks" id="cbregThanks' . $sub->plan_id . '">' . $thankYouText . '</' . $msgTag . ">\n";
}
}
}
}
if ( $newMsg ) {
$return .= '<div>' . $newMsg . '</div>';
}
if ( $paid && ( $_CB_framework->myId() < 1 ) && ( cbGetParam( $_REQUEST, 'user', 0 ) == $paymentBasket->user_id ) ) {
$_CB_database->setQuery( "SELECT * FROM #__comprofiler c, #__users u WHERE c.id=u.id AND c.id=".(int) $paymentBasket->user_id );
if ( $_CB_database->loadObject( $user ) && ( $user->lastvisitDate == '0000-00-00 00:00:00' ) ) {
$return = '<p>' . implode( '', getActivationMessage( $user, 'UserRegistration' ) ) . '</p>' . $return;
}
}
}
}
} else {
cbNotAuth();
return ' ' . CBPTXT::T("No result.");
}
if ( $allowHumanHtmlOutput ) {
$allErrorMsgs = $this->base->getErrorMSG( '</div><div class="error">' );
if ( $allErrorMsgs ) {
$errorMsg = '<div class="error">' . $allErrorMsgs . '</div>';
} else {
$errorMsg = null;
}
/** @var string $return */
if ( ( $return == '' ) && ( $errorMsg ) ) {
$this->base->outputRegTemplate();
$return = $errorMsg . '<br /><br />' . $return;
$return .= cbpaidControllerOrder::showBasketForPayment( $user, $paymentBasket, '' );
} else {
$return = $errorMsg . $return;
}
}
if ( ! is_null( $oldignoreuserabort ) ) {
ignore_user_abort($oldignoreuserabort);
}
return $return;
}
/**
* Handle Paypal IPN
*
* @param cbpaidPaymentBasket $paymentBasket New empty object. returning: includes the id of the payment basket of this callback (strictly verified, otherwise untouched)
* @param array $postdata _POST data for saving edited tab content as generated with getEditTab
* @return string HTML to display if frontend, text to return to gateway if notification, FALSE if registration cancelled and ErrorMSG generated, or NULL if nothing to display
*/
private function hanldePaypalIPN( $paymentBasket, $postdata )
{
global $_CB_framework, $_CB_database, $_GET, $_POST;
$ret = null;
if ( ( cbGetParam( $_GET, 'result' ) == 'notify' ) || ( ( cbGetParam( $_GET, 'result' ) == 'success') && isset( $postdata['txn_type'] ) ) ) {
// cbGetParam( $_GET, 'result' ) == 'notify' : IPN : We got an Instant Payment Notification (IPN) from Paypal :
// isset($postdata['txn_type']) : We got returned to website with a Post ! This means PDT is not enabled, or website is not public ! so we check anyway to make sure:
/// I P N : Process Instant Payment Notification (IPN):
$ipn = new cbpaidPaymentNotification($_CB_database);
$ipn->bind( $postdata );
$getExport = var_export( $_GET, true ); /* cbGetParam() not needed: we want raw info */
$postExport = var_export( $_POST, true ); /* cbGetParam() not needed: we want raw info */
if ( $ipn->charset && ( $ipn->charset != $_CB_framework->outputCharset() ) ) {
$getExport = $this->_charsetConv( $getExport, $ipn->charset, $_CB_framework->outputCharset() );
$postExport = $this->_charsetConv( $postExport, $ipn->charset, $_CB_framework->outputCharset() );
}
$ipn->payment_method = $this->getPayName();
$ipn->gateway_account = $this->getAccountParam( 'id' );
$ipn->log_type = 'I';
$ipn->time_received = date('Y-m-d H:i:s', $_CB_framework->now() );
$ipn->raw_data = /* cbGetParam() not needed: we want raw info */ '$_GET=' . $getExport . ";\n";
$ipn->raw_data .= /* cbGetParam() not needed: we want raw info */ '$_POST=' . $postExport . ";\n";
$ipn->ip_addresses = cbpaidRequest::getIPlist();
$ipn->user_id = (int) cbGetParam( $_GET, 'user', 0 );
$ipn->payment_basket_id = (int) $ipn->custom;
$_CB_database->insertObject( $ipn->getTableName(), $ipn, $ipn->getKeyName());
// read the post from PayPal system and add 'cmd' and post back to PayPal system to validate
$formvars = array( 'cmd' => '_notify-validate' );
foreach ($postdata as $key => $value) {
$formvars[$key] = $this->cbGetUnEscaped( $value );
}
$results = null;
$status = null;
$error = $this->_httpsRequest( $this->_paypalUrl() . '/cgi-bin/webscr', $formvars, 30, $results, $status, 'post', 'normal', '*/*', true, 443, '', '', true, null );
$transaction_info = urldecode($results);
if ( $error || $status != 200 ) {
$ipn->raw_result = 'COMMUNICATION ERROR';
// $ipn->raw_data = 'Error: '. $error . ' Status: ' . $status . ' Transaction info: ' . $transaction_info;
$ipn->raw_data .= '$error=\''. $error . "';\n";
$ipn->raw_data .= '$status=\'' . $status . "';\n";
$ipn->raw_data .= '$transaction_info=\'' . $transaction_info . "';\n";
$ipn->log_type = 'D';
$_CB_database->updateObject( $ipn->getTableName(), $ipn, $ipn->getKeyName(), false );
$this->_setLogErrorMSG( 3, $ipn, 'Paypal: Error at notification received: could not reach Paypal gateway for notification check at ' . $this->_paypalUrl() . '. ' . $ipn->raw_result, null );
// Returns error 500 to paypal, so paypal can retry to reach us later
header('HTTP/1.0 500 Internal Server Error');
exit();
} else {
$ipn->raw_result = $transaction_info;
}
$_CB_database->updateObject( $ipn->getTableName(), $ipn, $ipn->getKeyName(), false);
if (strcmp ($transaction_info, 'VERIFIED') == 0) {
if ( isset( $ipn->charset ) ) {
if ( strtolower( $ipn->charset ) != strtolower( $_CB_framework->outputCharset() ) ) {
foreach ( array_keys( $postdata ) as $k ) {
if ( isset( $ipn->$k ) && is_string( $ipn->$k ) ) {
$ipn->$k = $this->_charsetConv( $ipn->$k, $ipn->charset, $_CB_framework->outputCharset() );
}
}
$ipn->charset = $_CB_framework->outputCharset();
}
}
$paymentBasketId = (int) $ipn->custom;
$autorecurring_type = ( in_array( $ipn->txn_type, array( 'subscr_payment', 'subscr_signup', 'subscr_modify', 'subscr_eot', 'subscr_cancel', 'subscr_failed' ) ) ? 2 : 0 );
$exists = $paymentBasket->load( (int) $paymentBasketId );
if ( $exists ) { // && ( ( $paymentBasket->payment_status != $ipn->payment_status ) || ( $autorecurring_type && ( $paymentBasket->txn_id != $ipn->txn_id ) ) ) ) {
$this->_fixPayPalIpnBugs( $ipn, $paymentBasket );
$noFraudCheckResult = $this->_checkNotPayPalFraud( $ipn, $paymentBasket, cbGetParam( $_REQUEST, 'cbpid', '' ) );
if ( $noFraudCheckResult === true ) {
if ( ( $ipn->txn_type == 'web_accept' ) || ( $ipn->txn_type == '' ) || $autorecurring_type ) { // refunds don't have txn_type (but if we are here, the IPN is already VERIFIED !
$paypalUserChoicePossible = ( ( $this->getAccountParam( 'enabled', 0 ) == 3 ) && ( $paymentBasket->isAnyAutoRecurring() == 2 ) );
$autorenew_type = ( $autorecurring_type ? ( $paypalUserChoicePossible ? 1 : 2 ) : 0 );
if ( $autorecurring_type && ( $ipn->txn_type == 'subscr_signup' ) && ( ( $paymentBasket->period1 ) && ( $paymentBasket->mc_amount1 == 0 ) ) && ( $ipn->payment_status == '' ) ) {
$ipn->payment_status = 'Completed'; // 'FreeTrial'
}
if ( ( $ipn->payment_status == 'Refunded' ) && ( $paymentBasket->mc_gross != - $ipn->mc_gross ) ) {
// Fix a paypal server bug: we are receiving payment_status 'Refunded' instead of 'Partially-Refunded':
// needed to be fixed as follows to avoid loosing the subscriptions:
$ipn->payment_status = 'Partially-Refunded';
//TBD : if we have several partial refunds, we should still say 'Refunded' for the one refunding the last chunk...
}
$this->_bindIpnToBasket( $ipn, $paymentBasket );
$paymentBasket->payment_method = $this->getPayName();
$paymentBasket->gateway_account = $this->getAccountParam( 'id' );
// $this->_setLogErrorMSG( 6, $ipn, 'Paypal DEBUG1', ' autorecurring_type:' . var_export( $autorecurring_type, true ) . ' autorenew_type:' . var_export( $autorenew_type, true ) . ' txn_type:' . var_export( $ipn->txn_type, true ) );
$this->updatePaymentStatus( $paymentBasket, $ipn->txn_type, $ipn->payment_status, $ipn, 1, $autorecurring_type, $autorenew_type, false );
if ( cbGetParam( $_GET, 'result' ) == 'success' ) { // in case of return to website with a POST, issue warning to enabel PDT (warn also for IPN as probably the setting is also wrong!)
$this->_setLogErrorMSG( 4, $ipn, 'Paypal: Got POST successful return from Paypal', CBPTXT::T("Please tell sysadmin to enable IPN and PDT in his Paypal account.") );
}
} elseif ( $ipn->txn_type == 'new_case' ) {
$ipn->log_type = 'H'; // IPN New case
} else {
$ipn->log_type = 'T'; // IPN Wrong TYPE
if ( cbGetParam( $_GET , 'result' ) == 'success' ) {
$errorText = CBPTXT::T("Error: this is not a payment yet, type received is: ") . htmlspecialchars( $ipn->txn_type ) . '. ' . CBPTXT::T("Please tell sysadmin to enable IPN and PDT in his Paypal account.");
$this->_setLogErrorMSG( 3, $ipn, 'Paypal: Unexpected type received from Paypal', $errorText );
}
}
} else {
$ipn->log_type = 'F'; // IPN FRAUD detected
$ipn->raw_result = $noFraudCheckResult;
if ( cbGetParam( $_GET , 'result' ) == 'success' ) {
$this->_setLogErrorMSG( 3, $ipn, 'Paypal: Fraud attempt or Paypal value mismatch detected by the plugin: ' . $noFraudCheckResult, CBPTXT::T("Error") . ': ' . htmlspecialchars( $ipn->raw_result ) . '. ' . CBPTXT::T("Please tell sysadmin to enable IPN and PDT in his Paypal account.") );
}
}
} else {
$ipn->log_type = 'J';
if ( cbGetParam( $_GET , 'result' ) == 'success' ) {
if ( ! $exists ) {
$this->_setLogErrorMSG( 3, $ipn, 'Paypal', CBPTXT::T("Error") . ': ' . CBPTXT::T("Innexistant payment basket") . '. ' . CBPTXT::T("Please tell sysadmin to enable IPN and PDT in his Paypal account.") );
} else {
$this->_setLogErrorMSG( 3, $ipn, 'Paypal', CBPTXT::T("Payment basket payment status is already ") . htmlspecialchars( $paymentBasket->payment_status ) . '. ' . CBPTXT::T("Please tell sysadmin to enable PDT in his Paypal account.") );
}
}
}
} else if (strcmp ($transaction_info, 'INVALID') == 0) {
// log for manual investigation:
$ipn->log_type = 'K'; // KO
if ( cbGetParam( $_GET , 'result' ) == 'success' ) {
$this->_setLogErrorMSG( 3, $ipn, 'Paypal: Fraud attempt or Paypal value mismatch detected by Paypal: ', CBPTXT::T("Error") . ': ' . CBPTXT::T("return information didn't validate with paypal. Please tell sysadmin to enable IPN and PDT in his Paypal account.") );
}
$_CB_database->updateObject( $ipn->getTableName(), $ipn, $ipn->getKeyName(), false );
header('HTTP/1.0 500 Internal Server Error');
exit('INVALID');
} else {
$ipn->log_type = 'M';
}
$_CB_database->updateObject( $ipn->getTableName(), $ipn, $ipn->getKeyName(), false );
}
return $ret;
}
