function callback() { global $osC_Database, $osC_Currencies; foreach ($_POST as $key => $value) { $post_string .= $key . '=' . urlencode($value) . '&'; } $post_string = substr($post_string, 0, -1); $this->_transaction_response = $this->sendTransactionToGateway($this->apc_url, $post_string); if (strstr($this->_transaction_response, 'AUTHORISED')) { if (!isset($_POST["status"]) || strtolower($_POST["status"]) == "live") { $comments = 'Nochex payment of ' . sprintf("%01.2f", $_POST["amount"]) . ' received at ' . $_POST['transaction_date'] . ' with transaction ID:' . $_POST['transaction_id']; } else { $comments = 'TEST PAYMENT of ' . sprintf("%01.2f", $_POST["amount"]) . ' received at ' . $_POST['transaction_date'] . ' with transaction ID:' . $_POST['transaction_id']; } osC_Order::process($_POST['order_id'], $this->order_status, $comments); } else { if (!isset($_POST["status"]) || strtolower($_POST["status"]) == "live") { $comments = 'Nochex payment of ' . sprintf("%01.2f", $_POST["amount"]) . ' received at ' . $_POST['transaction_date'] . ' with transaction ID:' . $_POST['transaction_id'] . ' is invalid'; } else { $comments = 'TEST PAYMENT of ' . sprintf("%01.2f", $_POST["amount"]) . ' received at ' . $_POST['transaction_date'] . ' with transaction ID:' . $_POST['transaction_id'] . ' is invalid'; } osC_Order::insertOrderStatusHistory($_POST['order_id'], $this->order_status, $comments); } }
function process() { global $osC_Database, $osC_Currencies, $osC_ShoppingCart, $messageStack, $osC_Language; if (MODULE_PAYMENT_PM2CHECKOUT_DEMO_MODE == 1) { $order_number = 1; } else { $order_number = $_GET['order_number']; } $check_hash = strtoupper(md5(MODULE_PAYMENT_PM2CHECKOUT_SECRET_WORD . MODULE_PAYMENT_PM2CHECKOUT_SELLER_ID . $order_number . $osC_Currencies->formatRaw($osC_ShoppingCart->getTotal()))); if ($check_hash == $_GET['key']) { if (isset($_GET['cart_order_id']) && is_numeric($_GET['cart_order_id']) && $_GET['cart_order_id'] > 0) { $Qcheck = $osC_Database->query('select orders_status, currency, currency_value from :table_orders where orders_id = :orders_id and customers_id = :customers_id'); $Qcheck->bindTable(':table_orders', TABLE_ORDERS); $Qcheck->bindInt(':orders_id', $_GET['cart_order_id']); $Qcheck->bindInt(':customers_id', $_GET['customer_id']); $Qcheck->execute(); if ($Qcheck->numberOfRows() > 0) { $Qtotal = $osC_Database->query('select value from :table_orders_total where orders_id = :orders_id and class = "total" limit 1'); $Qtotal->bindTable(':table_orders_total', TABLE_ORDERS_TOTAL); $Qtotal->bindInt(':orders_id', $_GET['cart_order_id']); $Qtotal->execute(); $comments = '2Checkout Order Successful [' . $_GET['order_number'] . '; ' . $osC_Currencies->format($_GET['total']) . ')]'; osC_Order::process($_GET['cart_order_id'], $this->order_status, $comments); } } } else { $comments = "MD5 HASH MISMATCH, PLEASE CONTACT THE SELLER"; $messageStack->add_session('checkout', $comments); osC_Order::insertOrderStatusHistory($_GET['cart_order_id'], ORDERS_STATUS_PENDING, $comments); osc_redirect(osc_href_link(FILENAME_CHECKOUT, 'checkout&view=paymentInformationForm', 'SSL')); } }
function callback() { global $osC_Database, $osC_Currencies, $osC_Language; $post_string = 'cmd=_notify-validate&'; foreach ($_POST as $key => $value) { $post_string .= $key . '=' . urlencode($value) . '&'; } $post_string = substr($post_string, 0, -1); $this->_transaction_response = $this->sendTransactionToGateway($this->form_action_url, $post_string); if (strtoupper(trim($this->_transaction_response)) == 'VERIFIED') { if (isset($_POST['invoice']) && is_numeric($_POST['invoice']) && $_POST['invoice'] > 0) { $Qcheck = $osC_Database->query('select orders_status, currency, currency_value from :table_orders where orders_id = :orders_id and customers_id = :customers_id'); $Qcheck->bindTable(':table_orders', TABLE_ORDERS); $Qcheck->bindInt(':orders_id', $_POST['invoice']); $Qcheck->bindInt(':customers_id', $_POST['custom']); $Qcheck->execute(); if ($Qcheck->numberOfRows() > 0) { $order = $Qcheck->toArray(); $Qtotal = $osC_Database->query('select value from :table_orders_total where orders_id = :orders_id and class = "total" limit 1'); $Qtotal->bindTable(':table_orders_total', TABLE_ORDERS_TOTAL); $Qtotal->bindInt(':orders_id', $_POST['invoice']); $Qtotal->execute(); $total = $Qtotal->toArray(); $comment_status = $_POST['payment_status'] . ' (' . ucfirst($_POST['payer_status']) . '; ' . $osC_Currencies->format($_POST['mc_gross'], false, $_POST['mc_currency']) . ')'; if ($_POST['payment_status'] == 'Pending') { $comment_status .= '; ' . $_POST['pending_reason']; } elseif ($_POST['payment_status'] == 'Reversed' || $_POST['payment_status'] == 'Refunded') { $comment_status .= '; ' . $_POST['reason_code']; } if ($_POST['mc_gross'] != number_format($total['value'] * $order['currency_value'], $osC_Currencies->getDecimalPlaces($order['currency']))) { $comment_status .= '; PayPal transaction value (' . osc_output_string_protected($_POST['mc_gross']) . ') does not match order value (' . number_format($total['value'] * $order['currency_value'], $osC_Currencies->getDecimalPlaces($order['currency'])) . ')'; } $comments = 'PayPal IPN Verified [' . $comment_status . ']'; osC_Order::process($_POST['invoice'], $this->order_status, $comments); $Qtransaction = $osC_Database->query('insert into :table_orders_transactions_history (orders_id, transaction_code, transaction_return_value, transaction_return_status, date_added) values (:orders_id, :transaction_code, :transaction_return_value, :transaction_return_status, now())'); $Qtransaction->bindTable(':table_orders_transactions_history', TABLE_ORDERS_TRANSACTIONS_HISTORY); $Qtransaction->bindInt(':orders_id', $_POST['invoice']); $Qtransaction->bindInt(':transaction_code', 1); $Qtransaction->bindValue(':transaction_return_value', $this->_transaction_response); $Qtransaction->bindInt(':transaction_return_status', 1); $Qtransaction->execute(); $Qtransaction->freeResult(); } } } else { if (defined('MODULE_PAYMENT_PAYPAL_STANDARD_DEBUG_EMAIL')) { $email_body = 'PAYPAL_STANDARD_DEBUG_POST_DATA:' . "\n\n"; reset($_POST); foreach ($_POST as $key => $value) { $email_body .= $key . '=' . $value . "\n"; } $email_body .= "\n" . 'PAYPAL_STANDARD_DEBUG_GET_DATA:' . "\n\n"; reset($_GET); foreach ($_GET as $key => $value) { $email_body .= $key . '=' . $value . "\n"; } osc_email('', MODULE_PAYMENT_PAYPAL_STANDARD_DEBUG_EMAIL, 'PayPal IPN Invalid Process', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); } if (isset($_POST['invoice']) && is_numeric($_POST['invoice']) && $_POST['invoice'] > 0) { $Qcheck = $osC_Database->query('select orders_id from :table_orders where orders_id=:orders_id and customers_id=:customers_id'); $Qcheck->bindTable(':table_orders', TABLE_ORDERS); $Qcheck->bindInt('orders_id', $_POST['invoice']); $Qcheck->bindInt('customers_id', $_POST['custom']); $Qcheck->execute(); if ($Qcheck->numberOfRows() > 0) { $comment_status = $_POST['payment_status']; if ($_POST['payment_status'] == 'Pending') { $comment_status .= '; ' . $_POST['pending_reason']; } elseif ($_POST['payment_status'] == 'Reversed' || $_POST['payment_status'] == 'Refunded') { $comment_status .= '; ' . $_POST['reason_code']; } $comments = 'PayPal IPN Invalid [' . $comment_status . ']'; osC_Order::insertOrderStatusHistory($_POST['invoice'], $this->order_status, $comments); } } //process the transaction history $Qtransaction_status = $osC_Database->query('select count(*) as total from :table_orders_transactions_status where status_name = :status_name'); $Qtransaction_status->bindTable(':table_orders_transactions_status', TABLE_ORDERS_TRANSACTIONS_STATUS); $Qtransaction_status->bindValue(':status_name', $_POST['payment_status']); $Qtransaction_status->execute(); $transaction_status = $Qtransaction_status->toArray(); $Qtransaction_status->freeResult(); //verify whether there is already the specific transactions status if ($transaction_status['total'] == 0) { //get the max status id $Qtransaction_status_max = $osC_Database->query('select max(id) as max_id from :table_orders_transactions_status'); $Qtransaction_status_max->bindTable(':table_orders_transactions_status', TABLE_ORDERS_TRANSACTIONS_STATUS); $Qtransaction_status_max->execute(); $transaction_status_max = $Qtransaction_status_max->toArray(); $Qtransaction_status_max->freeResult(); //insert the specific transaction status for this module foreach ($osC_Language->getAll() as $l) { $Qinsert_transaction_status = $osC_Database->query('insert into :table_orders_transactions_status values (:id, :language_id, :status_name)'); $Qinsert_transaction_status->bindTable(':table_orders_transactions_status', TABLE_ORDERS_TRANSACTIONS_STATUS); $Qinsert_transaction_status->bindInt(':id', $transaction_status_max['max_id'] + 1); $Qinsert_transaction_status->bindInt(':language_id', $l['id']); $Qinsert_transaction_status->bindValue(':status_name', $_POST['payment_status']); $Qinsert_transaction_status->execute(); } } //get the transaction status id $Qtransaction_satus_id = $osC_Database->query('select id from :table_orders_transactions_status where language_id = :language_id and status_name = :status_name limit 1'); $Qtransaction_satus_id->bindTable(':table_orders_transactions_status', TABLE_ORDERS_TRANSACTIONS_STATUS); $Qtransaction_satus_id->bindInt(':language_id', $osC_Language->getID()); $Qtransaction_satus_id->bindValue(':status_name', $_POST['payment_status']); $Qtransaction_satus_id->execute(); $transaction_satus_id = $Qtransaction_satus_id->toArray(); $Qtransaction_satus_id->freeResult(); //insert the order transactions history $Qtransaction = $osC_Database->query('insert into :table_orders_transactions_history (orders_id, transaction_code, transaction_return_value, transaction_return_status, date_added) values (:orders_id, :transaction_code, :transaction_return_value, :transaction_return_status, now())'); $Qtransaction->bindTable(':table_orders_transactions_history', TABLE_ORDERS_TRANSACTIONS_HISTORY); $Qtransaction->bindInt(':orders_id', $_POST['invoice']); $Qtransaction->bindInt(':transaction_code', $transaction_satus_id['id']); $Qtransaction->bindValue(':transaction_return_value', $this->_transaction_response); $Qtransaction->bindInt(':transaction_return_status', 1); $Qtransaction->execute(); $Qtransaction->freeResult(); } }
function callback() { global $osC_Database, $osC_Currencies; $result = "VERIFIED"; $check = true; // Validate request if (!isset($_POST['order_id']) || !is_numeric($_POST['order_id']) || $_POST['order_id'] <= 0) { $check = false; $result = 'bad order id'; } if ($check) { if (!isset($_POST['invoice_amount'])) { $check = false; $result = 'bad amount'; } } if ($check) { if (!isset($_POST['invoice_currency'])) { $check = false; $result = 'bad currency'; } } if ($check) { if (!isset($_POST['checksum']) || !isset($_POST['invoice_reference']) || !isset($_POST['invoice_created_at']) || !isset($_POST['invoice_status'])) { $check = false; $result = 'missing vatiables'; } } if ($check) { //calc checksum $sum = http_build_query(array('order_id' => $_POST['order_id'], 'invoice_reference' => $_POST['invoice_reference'], 'invoice_amount' => $_POST['invoice_amount'], 'invoice_currency' => $_POST['invoice_currency'], 'invoice_created_at' => $_POST['invoice_created_at'], 'invoice_status' => $_POST['invoice_status'], 'secret_key' => MODULE_PAYMENT_INPAY_SECRET_KEY), '', "&"); $md5v = md5($sum); if ($md5v != $_POST['checksum']) { $check = false; $result = 'bad checksum'; } } if ($check) { if (!osC_Order::exists($_POST['order_id'])) { $check = false; $result = 'order not found'; } } if ($check) { $Qcheck = $osC_Database->query('select orders_status, currency, currency_value from :table_orders where orders_id = :orders_id'); $Qcheck->bindTable(':table_orders', TABLE_ORDERS); $Qcheck->bindInt(':orders_id', $_POST['invoice']); $Qcheck->bindInt(':customers_id', $_POST['custom']); $Qcheck->execute(); if ($Qcheck->numberOfRows() > 0) { $order = $Qcheck->toArray(); $Qtotal = $osC_Database->query('select value from :table_orders_total where orders_id = :orders_id and class = "total" limit 1'); $Qtotal->bindTable(':table_orders_total', TABLE_ORDERS_TOTAL); $Qtotal->bindInt(':orders_id', $_POST['invoice']); $Qtotal->execute(); $total = $Qtotal->toArray(); if (number_format($_POST['invoice_amount'], $osC_Currencies->getDecimalPlaces($order['currency'])) != number_format($total['value'] * $order['currency_value'], $osC_Currencies->getDecimalPlaces($order['currency']))) { $check = false; $result = 'Inpay transaction value (' . osc_output_string_protected($_POST['invoice_amount']) . ') does not match order value (' . number_format($total['value'] * $order['currency_value'], $osC_Currencies->get_decimal_places($order['currency'])) . ')'; } } } if ($check) { // check status $delivered_status = 7; if ($order['orders_status'] == MODULE_PAYMENT_INPAY_COMP_ORDER_STATUS_ID || $order['orders_status'] == $delivered_status) { $check = false; $result = 'Status already in level' . $order['orders_status']; } } if ($check) { $invoice_status = $this->get_invoice_status($_POST); $check = false; if (($invoice_status == "pending" || $invoice_status == "created") && ($_POST["invoice_status"] == "pending" || $POST["invoice_status"] == "created")) { $check = true; } else { if ($invoice_status == "approved" && $_POST["invoice_status"] == "approved") { $check = true; } else { if ($invoice_status == "sum_too_low" && $_POST["invoice_status"] == "sum_too_low") { $check = true; } } } if (!$check) { $result = 'Bad invoice status:' . $invoice_status; } } // Validate request end if ($result == 'VERIFIED') { $invoice_approved = false; $invoice_created = false; $invoice_partial = false; switch ($_POST['invoice_status']) { case 'created': case 'pending': $msg = "customer has been asked to pay " . $_POST['invoice_amount'] . ' ' . $_POST['invoice_currency'] . ' with reference: ' . $_POST['invoice_reference'] . ' via his online bank'; $order_status_id = MODULE_PAYMENT_INPAY_CREATE_ORDER_STATUS_ID; $invoice_created = true; break; case "approved": $msg = "Inpay has confirmed that the payment of " . $_POST['invoice_amount'] . " " . $_POST['invoice_currency'] . " has been received"; $order_status_id = MODULE_PAYMENT_INPAY_COMP_ORDER_STATUS_ID; $invoice_approved = true; break; case "sum_too_low": $msg = "Partial payment received by inpay. Reference: " . $_POST['invoice_reference']; $order_status_id = MODULE_PAYMENT_INPAY_SUM_TOO_LOW_ORDER_STATUS_ID; $invoice_partial = true; break; } $comments = 'Inpay ' . ucfirst($_POST['invoice_status']) . '[' . $msg . ']'; if ($invoice_approved || $invoice_created || $invoice_partial) { osC_Order::process($_POST['order_id'], $order_status_id, $comments); osC_Order::insertOrderStatusHistory($_POST['order_id'], $order_status_id, $comments); } else { if (defined('MODULE_PAYMENT_INPAY_DEBUG_EMAIL')) { $email_body = 'INPAY_DEBUG_POST_DATA:' . "\n\n"; reset($_POST); foreach ($_POST as $key => $value) { $email_body .= $key . '=' . $value . "\n"; } $email_body .= "\n" . 'INPAY_DEBUG_GET_DATA:' . "\n\n"; reset($_GET); foreach ($_GET as $key => $value) { $email_body .= $key . '=' . $value . "\n"; } osc_email('', MODULE_PAYMENT_INPAY_DEBUG_EMAIL, 'Inpay Invalid Process', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); } if (isset($_POST['order_id']) && is_numeric($_POST['order_id']) && $_POST['order_id'] > 0) { $Qcheck = $osC_Database->query('select orders_id from :table_orders where orders_id=:orders_id'); $Qcheck->bindTable(':table_orders', TABLE_ORDERS); $Qcheck->bindInt('orders_id', $_POST['order_id']); $Qcheck->execute(); if ($Qcheck->numberOfRows() > 0) { $comments = 'Inpay Invalid [' . $result . ']'; osC_Order::insertOrderStatusHistory($_POST['order_id'], $order_status_id, $comments); } } } } }
function callback() { global $osC_Database, $osC_Currencies; $post_string = 'cmd=_notify-validate&'; foreach ($_POST as $key => $value) { $post_string .= $key . '=' . urlencode($value) . '&'; } $post_string = substr($post_string, 0, -1); $this->_transaction_response = $this->sendTransactionToGateway($this->form_action_url, $post_string); if (strtoupper(trim($this->_transaction_response)) == 'VERIFIED') { if (isset($_POST['invoice']) && is_numeric($_POST['invoice']) && $_POST['invoice'] > 0) { $Qcheck = $osC_Database->query('select orders_status, currency, currency_value from :table_orders where orders_id = :orders_id and customers_id = :customers_id'); $Qcheck->bindTable(':table_orders', TABLE_ORDERS); $Qcheck->bindInt(':orders_id', $_POST['invoice']); $Qcheck->bindInt(':customers_id', $_POST['custom']); $Qcheck->execute(); if ($Qcheck->numberOfRows() > 0) { $order = $Qcheck->toArray(); $Qtotal = $osC_Database->query('select value from :table_orders_total where orders_id = :orders_id and class = "total" limit 1'); $Qtotal->bindTable(':table_orders_total', TABLE_ORDERS_TOTAL); $Qtotal->bindInt(':orders_id', $_POST['invoice']); $Qtotal->execute(); $total = $Qtotal->toArray(); $comment = $_POST['payment_status'] . ' (' . ucfirst($_POST['payer_status']) . '; ' . $osC_Currencies->format($_POST['mc_gross'], false, $_POST['mc_currency']) . ')'; if ($_POST['payment_status'] == 'Pending') { $comment .= '; ' . $_POST['pending_reason']; } elseif ($_POST['payment_status'] == 'Reversed' || $_POST['payment_status'] == 'Refunded') { $comment .= '; ' . $_POST['reason_code']; } if ($_POST['mc_gross'] != number_format($total['value'] * $order['currency_value'], $osC_Currencies->getDecimalPlaces($order['currency']))) { $comment .= '; PayPal transaction value (' . osc_output_string_protected($_POST['mc_gross']) . ') does not match order value (' . number_format($total['value'] * $order['currency_value'], $osC_Currencies->getDecimalPlaces($order['currency'])) . ')'; } $comments = 'PayPal IPN Verified [' . $comment . ']'; osC_Order::process($_POST['invoice'], $this->order_status, $comments); } } } else { if (defined('MODULE_PAYMENT_PAYPAL_STANDARD_DEBUG_EMAIL')) { $email_body = 'PAYPAL_STANDARD_DEBUG_POST_DATA:' . "\n\n"; reset($_POST); foreach ($_POST as $key => $value) { $email_body .= $key . '=' . $value . "\n"; } $email_body .= "\n" . 'PAYPAL_STANDARD_DEBUG_GET_DATA:' . "\n\n"; reset($_GET); foreach ($_GET as $key => $value) { $email_body .= $key . '=' . $value . "\n"; } osc_email('', MODULE_PAYMENT_PAYPAL_STANDARD_DEBUG_EMAIL, 'PayPal IPN Invalid Process', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); } if (isset($_POST['invoice']) && is_numeric($_POST['invoice']) && $_POST['invoice'] > 0) { $Qcheck = $osC_Database->query('select orders_id from :table_orders where orders_id=:orders_id and customers_id=:customers_id'); $Qcheck->bindTable(':table_orders', TABLE_ORDERS); $Qcheck->bindInt('orders_id', $_POST['invoice']); $Qcheck->bindInt('customers_id', $_POST['custom']); $Qcheck->execute(); if ($Qcheck->numberOfRows() > 0) { $comment = $_POST['payment_status']; if ($_POST['payment_status'] == 'Pending') { $comment .= '; ' . $_POST['pending_reason']; } elseif ($_POST['payment_status'] == 'Reversed' || $_POST['payment_status'] == 'Refunded') { $comment .= '; ' . $_POST['reason_code']; } $comments = 'PayPal IPN Invalid [' . $comment . ']'; osC_Order::insertOrderStatusHistory($_POST['invoice'], $this->order_status, $comments); } } } }