function callback() { global $osC_Database, $osC_Currencies; $result = "VERIFIED"; $check = true; // Validate request if (!isset($_POST['order_id']) || !is_numeric($_POST['order_id']) || $_POST['order_id'] <= 0) { $check = false; $result = 'bad order id'; } if ($check) { if (!isset($_POST['invoice_amount'])) { $check = false; $result = 'bad amount'; } } if ($check) { if (!isset($_POST['invoice_currency'])) { $check = false; $result = 'bad currency'; } } if ($check) { if (!isset($_POST['checksum']) || !isset($_POST['invoice_reference']) || !isset($_POST['invoice_created_at']) || !isset($_POST['invoice_status'])) { $check = false; $result = 'missing vatiables'; } } if ($check) { //calc checksum $sum = http_build_query(array('order_id' => $_POST['order_id'], 'invoice_reference' => $_POST['invoice_reference'], 'invoice_amount' => $_POST['invoice_amount'], 'invoice_currency' => $_POST['invoice_currency'], 'invoice_created_at' => $_POST['invoice_created_at'], 'invoice_status' => $_POST['invoice_status'], 'secret_key' => MODULE_PAYMENT_INPAY_SECRET_KEY), '', "&"); $md5v = md5($sum); if ($md5v != $_POST['checksum']) { $check = false; $result = 'bad checksum'; } } if ($check) { if (!osC_Order::exists($_POST['order_id'])) { $check = false; $result = 'order not found'; } } if ($check) { $Qcheck = $osC_Database->query('select orders_status, currency, currency_value from :table_orders where orders_id = :orders_id'); $Qcheck->bindTable(':table_orders', TABLE_ORDERS); $Qcheck->bindInt(':orders_id', $_POST['invoice']); $Qcheck->bindInt(':customers_id', $_POST['custom']); $Qcheck->execute(); if ($Qcheck->numberOfRows() > 0) { $order = $Qcheck->toArray(); $Qtotal = $osC_Database->query('select value from :table_orders_total where orders_id = :orders_id and class = "total" limit 1'); $Qtotal->bindTable(':table_orders_total', TABLE_ORDERS_TOTAL); $Qtotal->bindInt(':orders_id', $_POST['invoice']); $Qtotal->execute(); $total = $Qtotal->toArray(); if (number_format($_POST['invoice_amount'], $osC_Currencies->getDecimalPlaces($order['currency'])) != number_format($total['value'] * $order['currency_value'], $osC_Currencies->getDecimalPlaces($order['currency']))) { $check = false; $result = 'Inpay transaction value (' . osc_output_string_protected($_POST['invoice_amount']) . ') does not match order value (' . number_format($total['value'] * $order['currency_value'], $osC_Currencies->get_decimal_places($order['currency'])) . ')'; } } } if ($check) { // check status $delivered_status = 7; if ($order['orders_status'] == MODULE_PAYMENT_INPAY_COMP_ORDER_STATUS_ID || $order['orders_status'] == $delivered_status) { $check = false; $result = 'Status already in level' . $order['orders_status']; } } if ($check) { $invoice_status = $this->get_invoice_status($_POST); $check = false; if (($invoice_status == "pending" || $invoice_status == "created") && ($_POST["invoice_status"] == "pending" || $POST["invoice_status"] == "created")) { $check = true; } else { if ($invoice_status == "approved" && $_POST["invoice_status"] == "approved") { $check = true; } else { if ($invoice_status == "sum_too_low" && $_POST["invoice_status"] == "sum_too_low") { $check = true; } } } if (!$check) { $result = 'Bad invoice status:' . $invoice_status; } } // Validate request end if ($result == 'VERIFIED') { $invoice_approved = false; $invoice_created = false; $invoice_partial = false; switch ($_POST['invoice_status']) { case 'created': case 'pending': $msg = "customer has been asked to pay " . $_POST['invoice_amount'] . ' ' . $_POST['invoice_currency'] . ' with reference: ' . $_POST['invoice_reference'] . ' via his online bank'; $order_status_id = MODULE_PAYMENT_INPAY_CREATE_ORDER_STATUS_ID; $invoice_created = true; break; case "approved": $msg = "Inpay has confirmed that the payment of " . $_POST['invoice_amount'] . " " . $_POST['invoice_currency'] . " has been received"; $order_status_id = MODULE_PAYMENT_INPAY_COMP_ORDER_STATUS_ID; $invoice_approved = true; break; case "sum_too_low": $msg = "Partial payment received by inpay. Reference: " . $_POST['invoice_reference']; $order_status_id = MODULE_PAYMENT_INPAY_SUM_TOO_LOW_ORDER_STATUS_ID; $invoice_partial = true; break; } $comments = 'Inpay ' . ucfirst($_POST['invoice_status']) . '[' . $msg . ']'; if ($invoice_approved || $invoice_created || $invoice_partial) { osC_Order::process($_POST['order_id'], $order_status_id, $comments); osC_Order::insertOrderStatusHistory($_POST['order_id'], $order_status_id, $comments); } else { if (defined('MODULE_PAYMENT_INPAY_DEBUG_EMAIL')) { $email_body = 'INPAY_DEBUG_POST_DATA:' . "\n\n"; reset($_POST); foreach ($_POST as $key => $value) { $email_body .= $key . '=' . $value . "\n"; } $email_body .= "\n" . 'INPAY_DEBUG_GET_DATA:' . "\n\n"; reset($_GET); foreach ($_GET as $key => $value) { $email_body .= $key . '=' . $value . "\n"; } osc_email('', MODULE_PAYMENT_INPAY_DEBUG_EMAIL, 'Inpay Invalid Process', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); } if (isset($_POST['order_id']) && is_numeric($_POST['order_id']) && $_POST['order_id'] > 0) { $Qcheck = $osC_Database->query('select orders_id from :table_orders where orders_id=:orders_id'); $Qcheck->bindTable(':table_orders', TABLE_ORDERS); $Qcheck->bindInt('orders_id', $_POST['order_id']); $Qcheck->execute(); if ($Qcheck->numberOfRows() > 0) { $comments = 'Inpay Invalid [' . $result . ']'; osC_Order::insertOrderStatusHistory($_POST['order_id'], $order_status_id, $comments); } } } } }
function callback() { global $osC_Database, $osC_ShoppingCart; if (empty($_GET['order_id']) || empty($_GET['order_code'])) { // Invalid request } else { $sOrderId = $_GET['order_id']; $sOrderCode = $_GET['order_code']; $sql = "SELECT `transaction_status`, `transaction_url` FROM `" . DB_TABLE_PREFIX . "transactions` WHERE (`order_id` = '" . addslashes($sOrderId) . "') AND (`order_code` = '" . addslashes($sOrderCode) . "') ORDER BY `id` DESC LIMIT 1;"; $oQuery = $osC_Database->query($sql); $oRecordset = $oQuery->execute(); if (mysql_num_rows($oRecordset)) { $oRecord = mysql_fetch_assoc($oRecordset); $iOrderId = (int) $sOrderId; $sTransactionStatus = $oRecord['transaction_status']; $sTransactionUrl = $oRecord['transaction_url']; if (osC_Order::exists($iOrderId)) { if (strcmp($sTransactionStatus, 'SUCCESS') === 0) { // Update order status osC_Order::process($iOrderId, MODULE_PAYMENT_IDEAL_SUCCESS_ORDER_STATUS_ID); $osC_ShoppingCart->reset(true); // Redirect osc_redirect(osc_href_link(FILENAME_CHECKOUT, 'success', 'SSL')); } elseif (strcmp($sTransactionStatus, 'PENDING') === 0) { // Update order status osC_Order::process($iOrderId, MODULE_PAYMENT_IDEAL_PENDING_ORDER_STATUS_ID); $osC_ShoppingCart->reset(true); // Redirect osc_redirect(osc_href_link(FILENAME_CHECKOUT, 'success', 'SSL')); } elseif (strcmp($sTransactionStatus, 'OPEN') === 0) { // Update order status osC_Order::process($iOrderId, MODULE_PAYMENT_IDEAL_OPEN_ORDER_STATUS_ID); if ($sTransactionUrl) { // Redirect osc_redirect($sTransactionUrl); } } elseif (strcmp($sTransactionStatus, 'CANCELLED') === 0) { if (MODULE_PAYMENT_IDEAL_REMOVE_ORDER_ON_CANCELLED) { // Remove Order osC_Order::remove($iOrderId); } else { // Update order status osC_Order::process($iOrderId, MODULE_PAYMENT_IDEAL_CANCELLED_ORDER_STATUS_ID); } // Redirect osc_redirect(osc_href_link(FILENAME_CHECKOUT, 'payment', 'SSL')); } elseif (strcmp($sTransactionStatus, 'EXPIRED') === 0) { // Update order status osC_Order::process($iOrderId, MODULE_PAYMENT_IDEAL_EXPIRED_ORDER_STATUS_ID); } elseif (strcmp($sTransactionStatus, 'FAILURE') === 0) { // Update order status osC_Order::process($iOrderId, MODULE_PAYMENT_IDEAL_FAILURE_ORDER_STATUS_ID); } // Redirect osc_redirect(HTTPS_SERVER . DIR_WS_HTTPS_CATALOG . '/ext/payments/ideal/setup.php?order_id=' . $sOrderId . '&order_code=' . $sOrderCode); } } } echo 'Cannot verify your order and/or payment. Please contact the webmaster.'; exit; }
function callback() { global $osC_Database; $ip_address = osc_get_ip_address(); if ($ip_address == '69.20.58.35' || $ip_address == '207.97.201.192') { if (isset($_POST['cs1']) && is_numeric($_POST['cs1']) && isset($_POST['cs2']) && is_numeric($_POST['cs2']) && isset($_POST['cs3']) && empty($_POST['cs3']) === false && isset($_POST['product_id']) && $_POST['product_id'] == MODULE_PAYMENT_CHRONOPAY_PRODUCT_ID && isset($_POST['total']) && empty($_POST['total']) === false && isset($_POST['transaction_type']) && empty($_POST['transaction_type']) === false) { if (osC_Order::exists($_POST['cs2'], $_POST['cs1'])) { $pass = false; $post_array = array('root' => $_POST); $osC_XML = new osC_XML($post_array); if ($_POST['cs3'] == md5(MODULE_PAYMENT_CHRONOPAY_PRODUCT_ID . $_POST['cs2'] . $_POST['cs1'] . $_POST['total'] . MODULE_PAYMENT_CHRONOPAY_MD5_HASH)) { if (osC_Order::getStatusID($_POST['cs2']) === 4) { $pass = true; osC_Order::process($_POST['cs2'], $this->order_status); } } $Qtransaction = $osC_Database->query('insert into :table_orders_transactions_history (orders_id, transaction_code, transaction_return_value, transaction_return_status, date_added) values (:orders_id, :transaction_code, :transaction_return_value, :transaction_return_status, now())'); $Qtransaction->bindTable(':table_orders_transactions_history', TABLE_ORDERS_TRANSACTIONS_HISTORY); $Qtransaction->bindInt(':orders_id', $_POST['cs2']); $Qtransaction->bindInt(':transaction_code', 1); $Qtransaction->bindValue(':transaction_return_value', $osC_XML->toXML()); $Qtransaction->bindInt(':transaction_return_status', $pass === true ? 1 : 0); $Qtransaction->execute(); } } } }