protected function ping($url, $port = 80, $timeout = 6)
{
$host = parse_url($url, PHP_URL_HOST);
$fsock = fsockopen($host, $port, $errno, $errstr, $timeout);
if (!$fsock) {
Log::log('Ping for ' . $host . ':' . $port . ' (timeout=' . $timeout . ') failed');
return false;
} else {
return true;
}
}
public function beforeInvoke($allowed = array())
{
foreach ($this->_registerAclModels as $model) {
Model::register($model);
}
if (!in_array($this->getAction(), array_merge($this->_allowedActions, $allowed)) && $this->hasAccess() === false) {
Log::_('ACL firewall hit', Log::CHANNEL_SECURITY, Log::LEVEL_INFORMATIONAL, implode(PHP_EOL, Ajde_Acl::$log));
Ajde::app()->getRequest()->set('message', __('You may not have the required permission to view this page'));
Ajde::app()->getResponse()->dieOnCode(Response::RESPONSE_TYPE_UNAUTHORIZED);
} else {
return true;
}
}
public function publish()
{
$tweet = $this->getTitle();
if ($url = $this->getUrl()) {
$tweet = substr($tweet, 0, 140 - strlen($url) - 5) . '... ' . $url;
}
while ($curlength = iconv_strlen(htmlspecialchars($tweet, ENT_QUOTES, 'UTF-8'), 'UTF-8') >= 140) {
$tweet = substr($tweet, 0, -1);
}
try {
$response = $this->_twitter->post('statuses/update', array('status' => $tweet));
} catch (Exception $e) {
AjdeLog::log($response);
AjdeExceptionLog::logException($e);
return false;
}
if ($response->user && $response->user->id && $response->id_str) {
return sprintf("http://twitter.com/%s/status/%s", $response->user->id, $response->id_str);
} else {
return false;
}
}
public function updatePayment()
{
// PHP 4.1
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&{$key}={$value}";
}
// post back to PayPal system to validate
$header = '';
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen($this->isSandbox() ? 'ssl://www.sandbox.paypal.com' : 'ssl://www.paypal.com', 443, $errno, $errstr, 30);
// assign posted variables to local variables
$item_name = issetor($_POST['item_name']);
$item_number = issetor($_POST['item_number']);
$payment_status = issetor($_POST['payment_status']);
$payment_amount = issetor($_POST['mc_gross']);
$payment_currency = issetor($_POST['mc_currency']);
$txn_id = issetor($_POST['txn_id']);
$receiver_email = issetor($_POST['receiver_email']);
$payer_email = issetor($_POST['payer_email']);
Model::register('shop');
$secret = issetor($_POST['custom']);
$transaction = new TransactionModel();
$changed = false;
if (!$fp) {
// HTTP ERROR
} else {
fputs($fp, $header . $req);
while (!feof($fp)) {
$res = fgets($fp, 1024);
if (strcmp($res, "VERIFIED") == 0) {
if (!$transaction->loadByField('secret', $secret)) {
Log::log('Could not find transaction for PayPal payment with txn id ' . $txn_id . ' and transaction secret ' . $secret);
return array('success' => false, 'transaction' => null);
}
// check the payment_status is Completed
// accept Pending from PayPal (eChecks?)
$acceptPending = true;
if ($payment_status == 'Completed' || $acceptPending && $payment_status == 'Pending') {
$details = 'AMOUNT: ' . $payment_amount . PHP_EOL . 'CURRENCY: ' . $payment_currency . PHP_EOL . 'PAYER_EMAIL: ' . $payer_email . PHP_EOL . 'RECEIVER_EMAIL: ' . $receiver_email . PHP_EOL . 'TXN_ID: ' . $txn_id . PHP_EOL;
// update transaction only once
if ($transaction->payment_status != 'completed') {
$transaction->payment_details = $details;
$transaction->payment_status = 'completed';
$transaction->save();
$changed = true;
}
// Write pending to Log
if ($payment_status == 'Pending') {
Log::log('Status is Pending but accepting now. PayPal payment with txn id ' . $txn_id . ' and transaction secret ' . $secret);
}
return array('success' => true, 'changed' => $changed, 'transaction' => $transaction);
} else {
if ($transaction->payment_status != 'refused') {
$transaction->payment_status = 'refused';
$transaction->save();
$changed = true;
}
Log::log('Status is not Completed but ' . $payment_status . ' for PayPal payment with txn id ' . $txn_id . ' and transaction secret ' . $secret);
}
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
} else {
if (strcmp($res, "INVALID") == 0) {
if (!$transaction->loadByField('secret', $secret)) {
// secret not found anyway
$transaction = null;
Log::log('Could not find transaction for PayPal payment with txn id ' . $txn_id . ' and transaction secret ' . $secret);
} else {
// log for manual investigation
if ($transaction->payment_status != 'refused') {
$transaction->payment_status = 'refused';
$transaction->save();
$changed = true;
}
Log::log('Validation failed for PayPal payment with txn id ' . $txn_id);
}
}
}
}
fclose($fp);
}
return array('success' => false, 'changed' => $changed, 'transaction' => $transaction);
}
/**
*
* @param string $url
* @param bool|string $toFile
* @param bool|array $header
* @return string
* @throws Exception
*/
public static function get($url, $toFile = false, $header = false)
{
$output = false;
$debug = false;
if ($debug) {
Log::_('cURL URL', Log::CHANNEL_INFO, Log::LEVEL_INFORMATIONAL, $url);
}
try {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
// The URL to fetch. This can also be set when initializing a session with curl_init().
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// TRUE to return the transfer as a string of the return value of curl_exec() instead of outputting it out directly.
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
// The number of seconds to wait while trying to connect. Use 0 to wait indefinitely.
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
// The maximum number of seconds to allow cURL functions to execute.
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36");
// The contents of the "User-Agent: " header to be used in a HTTP request.
curl_setopt($ch, CURLOPT_ENCODING, "");
// The contents of the "Accept-Encoding: " header. This enables decoding of the response. Supported encodings are "identity", "deflate", and "gzip". If an empty string, "", is set, a header containing all supported encoding types is sent.
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
// TRUE to automatically set the Referer: field in requests where it follows a Location: redirect.
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
// FALSE to stop cURL from verifying the peer's certificate. Alternate certificates to verify against can be specified with the CURLOPT_CAINFO option or a certificate directory can be specified with the CURLOPT_CAPATH option. CURLOPT_SSL_VERIFYHOST may also need to be TRUE or FALSE if CURLOPT_SSL_VERIFYPEER is disabled (it defaults to 2).
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_COOKIEFILE, "");
if ($toFile !== false) {
// @TODO We need SAFE_MODE to be off
if (ini_get('safe_mode')) {
throw new AjdeException('SAFE_MODE must be off when downloading files');
}
$fp = fopen($toFile, 'w+');
//This is the file where we save the information
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_MAXREDIRS, 20);
// The maximum amount of HTTP redirections to follow. Use this option alongside CURLOPT_FOLLOWLOCATION.
curl_setopt($ch, CURLOPT_TIMEOUT, 300);
curl_setopt($ch, CURLOPT_FILE, $fp);
// write curl response to file
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
if ($header) {
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
}
curl_exec($ch);
fclose($fp);
$output = true;
$http_status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($debug) {
$verbose = curl_getinfo($ch);
}
if ($debug) {
Log::_('cURL result', Log::CHANNEL_INFO, Log::LEVEL_INFORMATIONAL, var_export($verbose, true));
}
curl_close($ch);
if (substr($http_status, 0, 1 == '4')) {
return false;
}
} else {
// Not possible in SAFE_MODE
// curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); // TRUE to follow any "Location: " header that the server sends as part of the HTTP header (note this is recursive, PHP will follow as many "Location: " headers that it is sent, unless CURLOPT_MAXREDIRS is set).
// curl_setopt($ch, CURLOPT_HEADER, false); // TRUE to include the header in the output.
// curl_setopt($ch, CURLOPT_MAXREDIRS, 10); // The maximum amount of HTTP redirections to follow. Use this option alongside CURLOPT_FOLLOWLOCATION.
$output = self::_curl_exec_follow($ch, 10, false);
if ($debug) {
$verbose = curl_getinfo($ch);
}
if ($debug) {
Log::_('cURL result', Log::CHANNEL_INFO, Log::LEVEL_INFORMATIONAL, var_export($verbose, true));
}
curl_close($ch);
}
} catch (Exception $e) {
throw $e;
}
return $output;
}
public function updatePayment()
{
$payment = false;
$mollie = new Client();
$mollie->setApiKey($this->getApiKey());
$transaction = new TransactionModel();
$changed = false;
// see if we are here for the webhook or user return url
$mollie_id = Ajde::app()->getRequest()->getPostParam('id', false);
// from webhook
$order_id = Ajde::app()->getRequest()->getParam('order_id', false);
// from user request
if (!$mollie_id && $order_id) {
// load from order_id
$transaction->loadByField('secret', $order_id);
$mollie_id = $transaction->payment_providerid;
try {
$payment = $mollie->payments->get($mollie_id);
} catch (Exception $e) {
AjdeExceptionLog::logException($e);
$payment = false;
}
} else {
if ($mollie_id) {
// laod from mollie transaction id
try {
$payment = $mollie->payments->get($mollie_id);
$order_id = $payment->metadata->order_id;
$transaction->loadByField('secret', $order_id);
} catch (Exception $e) {
AjdeExceptionLog::logException($e);
$payment = false;
}
}
}
if (!$payment || !$mollie_id || !$order_id || !$transaction->hasLoaded()) {
AjdeLog::log('Could not find transaction for Mollie payment for mollie id ' . $mollie_id . ' and transaction secret ' . $order_id);
return array('success' => false, 'changed' => $changed, 'transaction' => $transaction);
}
// what to return?
$paid = false;
$payment_details = $payment->details;
if (is_object($payment_details) || is_array($payment_details)) {
$payment_details = json_encode($payment_details);
}
// save details
$details = 'PAYMENT STATUS: ' . (string) $payment->status . PHP_EOL . 'PAYMENT AMOUNT: ' . (string) $payment->amount . PHP_EOL . 'PAYMENT AT: ' . (string) $payment->paidDatetime . PHP_EOL . 'CANCELLED AT: ' . (string) $payment->cancelledDatetime . PHP_EOL . 'EXPIRED AT: ' . (string) $payment->expiredDatetime . PHP_EOL . 'PAYER DETAILS: ' . (string) $payment_details;
$transaction->payment_details = $details;
switch ($payment->status) {
case "open":
if ($transaction->payment_status != 'requested') {
$transaction->payment_status = 'requested';
$transaction->save();
$changed = true;
}
break;
case "paidout":
case "paid":
$paid = true;
// update transaction only once
if ($transaction->payment_status != 'completed') {
$transaction->paid();
$changed = true;
}
break;
case "cancelled":
// update transaction only once
if ($transaction->payment_status != 'cancelled') {
$transaction->payment_status = 'cancelled';
$transaction->save();
$changed = true;
}
break;
case "expired":
// update transaction only once
if ($transaction->payment_status != 'refused') {
$transaction->payment_status = 'refused';
$transaction->save();
$changed = true;
}
break;
}
return array('success' => $paid, 'changed' => $changed, 'transaction' => $transaction);
}
private function validationErrorRedirect()
{
Log::_('ACL firewall hit', Log::CHANNEL_SECURITY, Log::LEVEL_INFORMATIONAL, implode(PHP_EOL, Ajde_Acl::$log));
Ajde::app()->getRequest()->set('message', __('You may not have the required permission to view this resource'));
Ajde::app()->getResponse()->dieOnCode(Response::RESPONSE_TYPE_UNAUTHORIZED);
}
private function sendRequest($request, $asRaw = false)
{
if (self::$_debug) {
Log::log("INPUT DATA: " . var_export($request, true));
}
$xml = self::buildXML($request);
$url = fsockopen("ssl://" . self::$_api_url, 443);
if ($url === false) {
return array('success' => false, 'response' => 'iDeal foutmelding: Kan niet verbinden');
}
$data = $xml->saveXML();
$length = strlen($data);
if (self::$_debug) {
Log::log("REQUEST XML: " . var_export($data, true));
}
$post = "GET " . self::$_api_path . " HTTP/1.0\n";
$post .= "Content-Length: {$length}\n";
$post .= "Content-Type: text/xml\n";
$post .= "Connection: Close\n\n";
$post .= "{$data}\n\n";
fputs($url, $post);
$response = '';
while (!feof($url)) {
$response .= fgets($url, 1024);
}
fclose($url);
if (self::$_debug) {
Log::log("RESPONSE DATA: " . var_export($response, true));
}
if ($asRaw) {
$contentLenght = strpos($response, PHP_EOL . 'Content-Length:') + 1;
$nextLine = strpos($response, PHP_EOL, $contentLenght);
$result = trim(substr($response, $nextLine));
} else {
if (strpos($response, "<?xml") === false) {
return array('success' => false, 'response' => "iDeal foutmelding: Ongeldig antwoord");
}
$start = strpos($response, '<?xml');
$response = substr($response, $start);
$xml = new DOMDocument();
$xml->loadXML($response);
$result = simplexml_import_dom($xml);
if (self::$_debug) {
Log::log("OUTPUT XML: " . var_export($result, true));
}
if ($result->error) {
return array('success' => false, 'response' => "iDeal foutmelding ({$result->error}): " . self::getError($result->error));
}
}
return array('success' => true, 'response' => $result);
}
