function NVP_DoDirectPaymentRequest(&$d, $dbbt, $dbst, $order_total, $payment_action, $ordernum, $requireCVV)
{
global $vendor_mail, $vendor_currency, $VM_LANG;
if (isset($_SESSION['ccdata']['order_payment_number'])) {
$cc_first_digit = substr($_SESSION['ccdata']['order_payment_number'], 0, 1);
$cc_first_2_digits = substr($_SESSION['ccdata']['order_payment_number'], 0, 2);
// Figure out the card type.
switch ($cc_first_digit) {
case "4":
$cc_type = urlencode("Visa");
break;
case "5":
$cc_type = urlencode("MasterCard");
break;
case "3":
switch ($cc_first_2_digits) {
case "34":
$cc_type = urlencode("Amex");
break;
case "37":
$cc_type = urlencode("Amex");
break;
case "30":
$cc_type = urlencode("Discover");
break;
case "36":
$cc_type = urlencode("Discover");
break;
case "38":
$cc_type = urlencode("Discover");
break;
default:
return false;
break;
}
break;
case "6":
$cc_type = urlencode("Discover");
break;
default:
return false;
break;
}
//Gather all required data
//Remove any dashes or spaces in the credit card number
$tmp_number = str_replace('-', '', $_SESSION['ccdata']['order_payment_number']);
$tmp_number = str_replace(' ', '', $tmp_number);
$cc_number = urlencode($tmp_number);
if (isset($_SESSION['ccdata']['credit_card_code'])) {
$cc_cvv2 = urlencode($_SESSION['ccdata']['credit_card_code']);
} else {
if ($requireCVV == 'YES') {
return false;
}
}
$cc_expires_month = $_SESSION['ccdata']['order_payment_expire_month'];
$cc_expires_year = $_SESSION['ccdata']['order_payment_expire_year'];
//$cc_owner = ($_SESSION['ccdata']['order_payment_name']);
//$cc_first = urlencode(substr($cc_owner, 0,(strrpos($cc_owner, " "))));
//$cc_last = urlencode(substr($cc_owner,(strrpos($cc_owner, ' ') + 1),strlen($cc_owner)));
$cc_expDate = urlencode($cc_expires_month . $cc_expires_year);
$subject = urlencode('');
$payer = urlencode($dbbt->f("user_email"));
$first_name = urlencode(substr($dbbt->f("first_name"), 0, 50));
$last_name = urlencode(substr($dbbt->f("last_name"), 0, 50));
$currency_type = $GLOBALS['product_currency'];
$ps_checkout = new ps_checkout();
$order_totals = $ps_checkout->calc_order_totals($d);
$tax_total = round($d['order_tax'], 2);
$ship_total = isset($d['shipping_total']) ? round($d['shipping_total'], 2) : 0;
$useshipping = PAYPAL_API_USE_SHIPPING;
$db_new = new ps_DB();
$query_str = "SELECT * FROM #__{vm}_country WHERE country_3_code='" . substr($dbbt->f("country"), 0, 60) . "'";
$db_new->setQuery($query_str);
$db_new->query();
$db_new->next_record();
$address_street1 = urlencode(substr($dbbt->f("address_1"), 0, 60));
$address_city = urlencode(substr($dbbt->f("city"), 0, 40));
$address_state = urlencode(substr($dbbt->f("state"), 0, 40));
$address_country = urlencode($db_new->f("country_2_code"));
$address_zip = urlencode(substr($dbbt->f("zip"), 0, 20));
$query_str = "SELECT * FROM #__{vm}_country WHERE country_3_code='" . substr($dbst->f("country"), 0, 60) . "'";
$db_new->setQuery($query_str);
$db_new->query();
$db_new->next_record();
$ship_name = urlencode(trim(substr($dbst->f("first_name"), 0, 50) . ' ' . substr($dbst->f("last_name"), 0, 50)));
$ship_street1 = urlencode(substr($dbst->f("address_1"), 0, 60));
$ship_street2 = urlencode(substr($dbst->f("address_2"), 0, 60));
$ship_city = urlencode(substr($dbst->f("city"), 0, 40));
$ship_state = urlencode(substr($dbst->f("state"), 0, 40));
$ship_country = urlencode($db_new->f("country_2_code"));
$ship_zip = urlencode(substr($dbst->f("zip"), 0, 20));
//Begin putting together our NVP Request
$nvpreq = "&PAYMENTACTION={$payment_action}" . "&IPADDRESS=" . $_SERVER['REMOTE_ADDR'] . "&CREDITCARDTYPE={$cc_type}" . "&ACCT={$cc_number}" . "&EXPDATE={$cc_expDate}" . "&EMAIL={$payer}" . "&FIRSTNAME={$first_name}" . "&LASTNAME={$last_name}";
if ($requireCVV == 'YES') {
if (isset($cc_cvv2)) {
$nvpreq .= "&CVV2={$cc_cvv2}";
} else {
return false;
}
}
$nvpreq .= "&STREET={$address_street1}" . "&CITY={$address_city}" . "&STATE={$address_state}" . "&COUNTRYCODE={$address_country}" . "&ZIP={$address_zip}" . "&SHIPPINGAMT={$ship_total}";
$nvpreq .= "&CURRENCYCODE={$currency_type}&TAXAMT={$tax_total}&DESC={$subject}&INVNUM={$ordernum}&BUTTONSOURCE=Virtuemart_Cart_DP";
$nvpreq .= ps_paypal_api::getCartnvpstr($order_totals);
//Put together Shipping NVP request
$nvpreq .= "&AMT={$order_total}";
if ($useshipping == '1') {
$nvpreq .= "&SHIPTONAME={$ship_name}" . "&SHIPTOSTREET={$ship_street1}" . "&SHIPTOSTREET2={$ship_street2}" . "&SHIPTOCITY={$ship_city}" . "&SHIPTOSTATE={$ship_state}" . "&SHIPTOZIP={$ship_zip}" . "&SHIPTOCOUNTRYCODE={$ship_country}";
}
//return response to ps_paypal_wpp.php
return $nvpreq;
} else {
return false;
}
}
/**
* This is the main function which stores the order information in the database
*
* @author Ashish Solanki!
* @return boolean
*/
function updateRecords($order_number, $order_total, &$d)
{
require_once CLASSPATH . 'ps_checkout.php';
$ps_chkout = new ps_checkout();
global $order_tax_details, $afid, $VM_LANG, $auth, $my, $mosConfig_offset, $vmLogger, $vmInputFilter, $discount_factor;
$ps_vendor_id = $_SESSION["ps_vendor_id"];
$cart = $_SESSION['cart'];
require_once CLASSPATH . 'ps_payment_method.php';
$ps_payment_method = new ps_payment_method();
require_once CLASSPATH . 'ps_product.php';
$ps_product = new ps_product();
require_once CLASSPATH . 'ps_cart.php';
$ps_cart = new ps_cart();
$db = new ps_DB();
$totals = $ps_chkout->calc_order_totals($d);
extract($totals);
$timestamp = time();
//Custom
$vmLogger->debug('-- Checkout Debug--
Subtotal: ' . $order_subtotal . '
Taxable: ' . $order_taxable . '
Payment Discount: ' . $payment_discount . '
Coupon Discount: ' . $coupon_discount . '
Shipping: ' . $order_shipping . '
Shipping Tax : ' . $order_shipping_tax . '
Tax : ' . $order_tax . '
------------------------
Order Total: ' . $order_total . '
----------------------------');
// Check to see if Payment Class File exists
$payment_class = $ps_payment_method->get_field($d["payment_method_id"], "payment_class");
$d['new_order_status'] = 'P';
// This is meant to be updated by a payment modules' process_payment method
if (!class_exists($payment_class)) {
include CLASSPATH . "payment/{$payment_class}.php";
}
$_PAYMENT = new $payment_class();
// Remove the Coupon, because it is a Gift Coupon and now is used!!
if (@$_SESSION['coupon_type'] == "gift") {
$d['coupon_id'] = $_SESSION['coupon_id'];
include_once CLASSPATH . 'ps_coupon.php';
ps_coupon::remove_coupon_code($d);
}
// Get the IP Address
if (!empty($_SERVER['REMOTE_ADDR'])) {
$ip = $_SERVER['REMOTE_ADDR'];
} else {
$ip = 'unknown';
}
// Collect all fields and values to store them!
$fields = array('user_id' => $auth["user_id"], 'vendor_id' => $ps_vendor_id, 'order_number' => $order_number, 'user_info_id' => $d["ship_to_info_id"], 'ship_method_id' => @urldecode($d["shipping_rate_id"]), 'order_total' => $order_total, 'order_subtotal' => $order_subtotal, 'order_tax' => $order_tax, 'order_tax_details' => serialize($order_tax_details), 'order_shipping' => $order_shipping, 'order_shipping_tax' => $order_shipping_tax, 'order_discount' => $payment_discount, 'coupon_discount' => $coupon_discount, 'coupon_code' => @$_SESSION['coupon_code'], 'order_currency' => $GLOBALS['product_currency'], 'order_status' => 'P', 'cdate' => $timestamp, 'mdate' => $timestamp, 'customer_note' => htmlspecialchars(vmRequest::getString('customer_note', '', 'POST', 'none'), ENT_QUOTES), 'ip_address' => $ip);
// Insert the main order information
$db->buildQuery('INSERT', '#__{vm}_orders', $fields);
$result = $db->query();
$d["order_id"] = $order_id = $db->last_insert_id();
if ($result === false || empty($order_id)) {
$vmLogger->crit('Adding the Order into the Database failed! User ID: ' . $auth["user_id"]);
return false;
}
// Insert the initial Order History.
$mysqlDatetime = date("Y-m-d G:i:s", $timestamp);
$fields = array('order_id' => $order_id, 'order_status_code' => 'P', 'date_added' => $mysqlDatetime, 'customer_notified' => 1, 'comments' => '');
$db->buildQuery('INSERT', '#__{vm}_order_history', $fields);
$db->query();
/**
* Insert the Order payment info
*/
$payment_number = str_replace(array(' ', '|', '-'), '', @$_SESSION['ccdata']['order_payment_number']);
$d["order_payment_code"] = @$_SESSION['ccdata']['credit_card_code'];
// Payment number is encrypted using mySQL encryption functions.
$fields = array('order_id' => $order_id, 'payment_method_id' => $d["payment_method_id"], 'order_payment_log' => @$d["order_payment_log"], 'order_payment_trans_id' => $vmInputFilter->safeSQL(@$d["order_payment_trans_id"]));
if (!empty($payment_number) && VM_STORE_CREDITCARD_DATA == '1') {
// Store Credit Card Information only if the Store Owner has decided to do so
$fields['order_payment_code'] = $d["order_payment_code"];
$fields['order_payment_expire'] = @$_SESSION["ccdata"]["order_payment_expire"];
$fields['order_payment_name'] = @$_SESSION["ccdata"]["order_payment_name"];
$fields['order_payment_number'] = VM_ENCRYPT_FUNCTION . "( '{$payment_number}','" . ENCODE_KEY . "')";
$specialfield = array('order_payment_number');
} else {
$specialfield = array();
}
$db->buildQuery('INSERT', '#__{vm}_order_payment', $fields, '', $specialfield);
$db->query();
/**
* Insert the User Billto & Shipto Info
*/
// First: get all the fields from the user field list to copy them from user_info into the order_user_info
$fields = array();
require_once CLASSPATH . 'ps_userfield.php';
$userfields = ps_userfield::getUserFields('', false, '', true, true);
foreach ($userfields as $field) {
if ($field->name == 'email') {
$fields[] = 'user_email';
} else {
$fields[] = $field->name;
}
}
$fieldstr = implode(',', $fields);
// Save current Bill To Address
$q = "INSERT INTO `#__{vm}_order_user_info` \n\t\t\t(`order_info_id`,`order_id`,`user_id`,address_type, " . $fieldstr . ") ";
$q .= "SELECT NULL, '{$order_id}', '" . $auth['user_id'] . "', address_type, " . $fieldstr . " FROM #__{vm}_user_info WHERE user_id='" . $auth['user_id'] . "' AND address_type='BT'";
$db->query($q);
// Save current Ship to Address if applicable
$q = "INSERT INTO `#__{vm}_order_user_info` \n\t\t\t(`order_info_id`,`order_id`,`user_id`,address_type, " . $fieldstr . ") ";
$q .= "SELECT NULL, '{$order_id}', '" . $auth['user_id'] . "', address_type, " . $fieldstr . " FROM #__{vm}_user_info WHERE user_id='" . $auth['user_id'] . "' AND user_info_id='" . $d['ship_to_info_id'] . "' AND address_type='ST'";
$db->query($q);
/**
* Insert all Products from the Cart into order line items;
* one row per product in the cart
*/
$dboi = new ps_DB();
for ($i = 0; $i < $cart["idx"]; $i++) {
$r = "SELECT product_id,product_in_stock,product_sales,product_parent_id,product_sku,product_name ";
$r .= "FROM #__{vm}_product WHERE product_id='" . $cart[$i]["product_id"] . "'";
$dboi->query($r);
$dboi->next_record();
$product_price_arr = $ps_product->get_adjusted_attribute_price($cart[$i]["product_id"], $cart[$i]["description"]);
$product_price = $GLOBALS['CURRENCY']->convert($product_price_arr["product_price"], $product_price_arr["product_currency"]);
if (empty($_SESSION['product_sess'][$cart[$i]["product_id"]]['tax_rate'])) {
$my_taxrate = $ps_product->get_product_taxrate($cart[$i]["product_id"]);
} else {
$my_taxrate = $_SESSION['product_sess'][$cart[$i]["product_id"]]['tax_rate'];
}
// Attribute handling
$product_parent_id = $dboi->f('product_parent_id');
$description = '';
if ($product_parent_id > 0) {
$db_atts = $ps_product->attribute_sql($dboi->f('product_id'), $product_parent_id);
while ($db_atts->next_record()) {
$description .= $db_atts->f('attribute_name') . ': ' . $db_atts->f('attribute_value') . '; ';
}
}
$description .= $ps_product->getDescriptionWithTax($_SESSION['cart'][$i]["description"], $dboi->f('product_id'));
$product_final_price = round($product_price * ($my_taxrate + 1), 2);
$vendor_id = $ps_vendor_id;
$fields = array('order_id' => $order_id, 'user_info_id' => $d["ship_to_info_id"], 'vendor_id' => $vendor_id, 'product_id' => $cart[$i]["product_id"], 'order_item_sku' => $dboi->f("product_sku"), 'order_item_name' => $dboi->f("product_name"), 'product_quantity' => $cart[$i]["quantity"], 'product_item_price' => $product_price, 'product_final_price' => $product_final_price, 'order_item_currency' => $GLOBALS['product_currency'], 'order_status' => 'P', 'product_attribute' => $description, 'cdate' => $timestamp, 'mdate' => $timestamp);
$db->buildQuery('INSERT', '#__{vm}_order_item', $fields);
$db->query();
// Update Stock Level and Product Sales, decrease - no matter if in stock or not!
$q = "UPDATE #__{vm}_product ";
$q .= "SET product_in_stock = product_in_stock - " . (int) $cart[$i]["quantity"];
$q .= " WHERE product_id = '" . $cart[$i]["product_id"] . "'";
$db->query($q);
$q = "UPDATE #__{vm}_product ";
$q .= "SET product_sales= product_sales + " . (int) $cart[$i]["quantity"];
$q .= " WHERE product_id='" . $cart[$i]["product_id"] . "'";
$db->query($q);
// Update stock of parent product, if all child products are sold, thanks Ragnar Brynjulfsson
if ($dboi->f("product_parent_id") != 0) {
$q = "SELECT COUNT(product_id) ";
$q .= "FROM #__{vm}_product ";
$q .= "WHERE product_parent_id = " . $dboi->f("product_parent_id");
$q .= " AND product_in_stock > 0";
$db->query($q);
$db->next_record();
if (!$db->f("COUNT(product_id)")) {
$q = "UPDATE #__{vm}_product ";
$q .= "SET product_in_stock = 0 ";
$q .= "WHERE product_id = " . $dboi->f("product_parent_id") . " LIMIT 1";
$db->query($q);
}
}
}
######## BEGIN DOWNLOAD MOD ###############
if (ENABLE_DOWNLOADS == "1") {
require_once CLASSPATH . 'ps_order.php';
for ($i = 0; $i < $cart["idx"]; $i++) {
// only handle downloadable products here
if (ps_product::is_downloadable($cart[$i]["product_id"])) {
$params = array('product_id' => $cart[$i]["product_id"], 'order_id' => $order_id, 'user_id' => $auth["user_id"]);
ps_order::insert_downloads_for_product($params);
if (@VM_DOWNLOADABLE_PRODUCTS_KEEP_STOCKLEVEL == '1') {
// Update the product stock level back to where it was.
$q = "UPDATE #__{vm}_product ";
$q .= "SET product_in_stock = product_in_stock + " . (int) $cart[$i]["quantity"];
$q .= " WHERE product_id = '" . (int) $cart[$i]["product_id"] . "'";
$db->query($q);
}
}
}
}
################## END DOWNLOAD MOD ###########
// Export the order_id so the checkout complete page can get it
$d["order_id"] = $order_id;
/*
* Let the shipping module know which shipping method
* was selected. This way it can save any information
* it might need later to print a shipping label.
*/
if (is_callable(array($this->_SHIPPING, 'save_rate_info'))) {
$this->_SHIPPING->save_rate_info($d);
}
// Now as everything else has been done, we can update the Order Status
$update_order = false;
if ($order_total == 0.0) {
// code moved out of $_PAYMENT check as no payment will be needed when $order_total=0.0
// If the Order Total is zero, we can confirm the order to automatically enable the download
$d['order_status'] = ENABLE_DOWNLOAD_STATUS;
$update_order = true;
} elseif (isset($_PAYMENT)) {
if ($d['new_order_status'] != 'P') {
$d['order_status'] = $d['new_order_status'];
$update_order = true;
}
}
if ($update_order) {
require_once CLASSPATH . "ps_order.php";
$ps_order = new ps_order();
$ps_order->order_status_update($d);
}
// Send the e-mail confirmation messages
$ps_chkout->email_receipt($order_id);
// Reset the cart (=empty it)
$ps_cart->reset();
$_SESSION['savedcart']['idx'] = 0;
$ps_cart->saveCart();
// Unset the payment_method variables
$d["payment_method_id"] = "";
$d["order_payment_number"] = "";
$d["order_payment_expire"] = "";
$d["order_payment_name"] = "";
$d["credit_card_code"] = "";
// Clear the sensitive Session data
$_SESSION['ccdata']['order_payment_name'] = "";
$_SESSION['ccdata']['order_payment_number'] = "";
$_SESSION['ccdata']['order_payment_expire_month'] = "";
$_SESSION['ccdata']['order_payment_expire_year'] = "";
$_SESSION['ccdata']['credit_card_code'] = "";
$_SESSION['coupon_discount'] = "";
$_SESSION['coupon_id'] = "";
$_SESSION['coupon_redeemed'] = false;
$_POST["payment_method_id"] = "";
$_POST["order_payment_number"] = "";
$_POST["order_payment_expire"] = "";
$_POST["order_payment_name"] = "";
$_SESSION['order_id'] = $order_id;
}
function process_coupon_code($d)
{
global $VM_LANG, $vmLogger;
/* init the database */
$coupon_db = new ps_DB();
/* we need some functions from the checkout module */
require_once CLASSPATH . "ps_checkout.php";
$checkout = new ps_checkout();
if (empty($d['total'])) {
$totals = $checkout->calc_order_totals($d);
$d['total'] = $totals['order_subtotal'] + $totals['order_tax'] + $totals['order_shipping'] + $totals['order_shipping_tax'] - $totals['payment_discount'];
}
$d['coupon_code'] = trim(vmGet($_REQUEST, 'coupon_code'));
$coupon_id = vmGet($_SESSION, 'coupon_id', null);
$q = 'SELECT coupon_id, coupon_code, percent_or_total, coupon_value, coupon_type FROM #__{vm}_coupons WHERE ';
if ($coupon_id) {
/* the query to select the coupon coupon_code */
$q .= 'coupon_id = ' . intval($coupon_id);
} else {
/* the query to select the coupon coupon_code */
$q .= 'coupon_code = \'' . $coupon_db->getEscaped($d['coupon_code']) . '\'';
}
/* make the query */
$coupon_db->query($q);
/* see if we have any fields returned */
if ($coupon_db->num_rows() > 0) {
/* we have a record */
/* see if we are calculating percent or dollar discount */
if ($coupon_db->f("percent_or_total") == "percent") {
/* percent */
//$subtotal = $checkout->calc_order_subtotal( $d );
/* take the subtotal for calculation of the discount */
//$_SESSION['coupon_discount'] = round( ($subtotal * $coupon_db->f("coupon_value") / 100), 2);
$coupon_value = round($d["total"] * $coupon_db->f("coupon_value") / 100, 2);
if ($d["total"] < $coupon_value) {
$coupon_value = (double) $d['total'] + (double) $d['order_tax'];
$vmLogger->info(str_replace('{value}', $GLOBALS['CURRENCY_DISPLAY']->getFullValue($coupon_value), $VM_LANG->_('VM_COUPON_GREATER_TOTAL_SETTO')));
}
$_SESSION['coupon_discount'] = $coupon_value;
} else {
$coupon_value = $coupon_db->f("coupon_value");
/* Total Amount */
if ($d["total"] < $coupon_value) {
$coupon_value = (double) $d['total'] + (double) $d['order_tax'];
$vmLogger->info(str_replace('{value}', $GLOBALS['CURRENCY_DISPLAY']->getFullValue($coupon_value), $VM_LANG->_('VM_COUPON_GREATER_TOTAL_SETTO')));
}
$_SESSION['coupon_discount'] = $GLOBALS['CURRENCY']->convert($coupon_value);
}
/* mark this order as having used a coupon so people cant go and use coupons over and over */
$_SESSION['coupon_redeemed'] = true;
$_SESSION['coupon_id'] = $coupon_db->f("coupon_id");
$_SESSION['coupon_code'] = $coupon_db->f("coupon_code");
$_SESSION['coupon_type'] = $coupon_db->f("coupon_type");
} else {
/* no record, so coupon_code entered was not valid */
$GLOBALS['coupon_error'] = $VM_LANG->_('PHPSHOP_COUPON_CODE_INVALID');
return false;
}
}