public function execute()
{
global $login_customer_id;
$OSCOM_Db = Registry::get('Db');
if (is_int($login_customer_id) && $login_customer_id > 0) {
if (SESSION_RECREATE == 'True') {
tep_session_recreate();
}
$Qcustomer = $OSCOM_Db->prepare('select c.customers_firstname, c.customers_default_address_id, ab.entry_country_id, ab.entry_zone_id from :table_customers c left join :table_address_book ab on (c.customers_id = ab.customers_id and c.customers_default_address_id = ab.address_book_id) where c.customers_id = :customers_id');
$Qcustomer->bindInt(':customers_id', $login_customer_id);
$Qcustomer->execute();
$_SESSION['customer_id'] = $login_customer_id;
$_SESSION['customer_default_address_id'] = $Qcustomer->valueInt('customers_default_address_id');
$_SESSION['customer_first_name'] = $Qcustomer->value('customers_firstname');
$_SESSION['customer_country_id'] = $Qcustomer->valueInt('entry_country_id');
$_SESSION['customer_zone_id'] = $Qcustomer->valueInt('entry_zone_id');
$Qupdate = $OSCOM_Db->prepare('update :table_customers_info set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1, password_reset_key = null, password_reset_date = null where customers_info_id = :customers_info_id');
$Qupdate->bindInt(':customers_info_id', $_SESSION['customer_id']);
$Qupdate->execute();
// reset session token
$_SESSION['sessiontoken'] = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());
// restore cart contents
$_SESSION['cart']->restore_contents();
if (count($_SESSION['navigation']->snapshot) > 0) {
$origin_href = OSCOM::link($_SESSION['navigation']->snapshot['page'], tep_array_to_string($_SESSION['navigation']->snapshot['get'], array(session_name())), $_SESSION['navigation']->snapshot['mode']);
$_SESSION['navigation']->clear_snapshot();
HTTP::redirect($origin_href);
}
OSCOM::redirect('index.php');
}
}
function getOutput()
{
$entries = [];
$newsCache = new Cache('oscommerce_website-news-latest5');
if ($newsCache->exists(360)) {
$entries = $newsCache->get();
} else {
$response = HTTP::getResponse(['url' => 'https://www.oscommerce.com/index.php?RPC&GetLatestNews']);
if (!empty($response)) {
$response = json_decode($response, true);
if (is_array($response) && count($response) === 5) {
$entries = $response;
}
}
$newsCache->save($entries);
}
$output = '<table class="table table-hover">
<thead>
<tr class="info">
<th>' . OSCOM::getDef('module_admin_dashboard_latest_news_title') . '</th>
<th class="text-right">' . OSCOM::getDef('module_admin_dashboard_latest_news_date') . '</th>
</tr>
</thead>
<tbody>';
if (is_array($entries) && count($entries) === 5) {
foreach ($entries as $item) {
$output .= ' <tr>
<td><a href="' . HTML::outputProtected($item['link']) . '" target="_blank">' . HTML::outputProtected($item['title']) . '</a></td>
<td class="text-right" style="white-space: nowrap;">' . HTML::outputProtected(DateTime::toShort($item['date'])) . '</td>
</tr>';
}
} else {
$output .= ' <tr>
<td colspan="2">' . OSCOM::getDef('module_admin_dashboard_latest_news_feed_error') . '</td>
</tr>';
}
$output .= ' <tr>
<td class="text-right" colspan="2">
<a href="https://www.oscommerce.com/Us&News" target="_blank" title="' . HTML::outputProtected(OSCOM::getDef('module_admin_dashboard_latest_news_icon_news')) . '"><span class="fa fa-fw fa-home"></span></a>
<a href="https://www.oscommerce.com/newsletter/subscribe" target="_blank" title="' . HTML::outputProtected(OSCOM::getDef('module_admin_dashboard_latest_news_icon_newsletter')) . '"><span class="fa fa-fw fa-newspaper-o"></span></a>
<a href="https://plus.google.com/+osCommerce" target="_blank" title="' . HTML::outputProtected(OSCOM::getDef('module_admin_dashboard_latest_news_icon_google_plus')) . '"><span class="fa fa-fw fa-google-plus"></span></a>
<a href="https://www.facebook.com/pages/osCommerce/33387373079" target="_blank" title="' . HTML::outputProtected(OSCOM::getDef('module_admin_dashboard_latest_news_icon_facebook')) . '"><span class="fa fa-fw fa-facebook"></span></a>
<a href="https://twitter.com/osCommerce" target="_blank" title="' . HTML::outputProtected(OSCOM::getDef('module_admin_dashboard_latest_news_icon_twitter')) . '"><span class="fa fa-fw fa-twitter"></span></a>
</td>
</tr>
</tbody>
</table>';
return $output;
}
function _getContent()
{
$result = null;
$NewsCache = new Cache('oscommerce_website-partner_news');
if ($NewsCache->exists(60)) {
$result = $NewsCache->get();
} else {
$response = HTTP::getResponse(['url' => 'https://www.oscommerce.com/index.php?RPC&Website&Index&GetPartnerStatusUpdates']);
if (!empty($response)) {
$response = json_decode($response, true);
if (is_array($response) && !empty($response)) {
$result = $response;
$NewsCache->save($result);
}
}
}
return $result;
}
function getOutput()
{
$entries = [];
$addonsCache = new Cache('oscommerce_website-addons-latest5');
if ($addonsCache->exists(360)) {
$entries = $addonsCache->get();
} else {
$response = HTTP::getResponse(['url' => 'https://www.oscommerce.com/index.php?RPC&GetLatestAddons']);
if (!empty($response)) {
$response = json_decode($response, true);
if (is_array($response) && count($response) === 5) {
$entries = $response;
}
}
$addonsCache->save($entries);
}
$output = '<table class="table table-hover">
<thead>
<tr class="info">
<th>' . OSCOM::getDef('module_admin_dashboard_latest_addons_title') . '</th>
<th class="text-right">' . OSCOM::getDef('module_admin_dashboard_latest_addons_date') . '</th>
</tr>
</thead>
<tbody>';
if (is_array($entries) && count($entries) === 5) {
foreach ($entries as $item) {
$output .= ' <tr>
<td><a href="' . HTML::outputProtected($item['link']) . '" target="_blank">' . HTML::outputProtected($item['title']) . '</a></td>
<td class="text-right" style="white-space: nowrap;">' . HTML::outputProtected(DateTime::toShort($item['date'])) . '</td>
</tr>';
}
} else {
$output .= ' <tr>
<td colspan="2">' . OSCOM::getDef('module_admin_dashboard_latest_addons_feed_error') . '</td>
</tr>';
}
$output .= ' <tr>
<td class="text-right" colspan="2"><a href="http://addons.oscommerce.com" target="_blank" title="' . HTML::outputProtected(OSCOM::getDef('module_admin_dashboard_latest_addons_icon_site')) . '"><span class="fa fa-fw fa-home"></span></a></td>
</tr>
</tbody>
</table>';
return $output;
}
public function execute()
{
$OSCOM_Session = Registry::get('Session');
// initialize a session token
if (!isset($_SESSION['sessiontoken'])) {
$_SESSION['sessiontoken'] = md5(Hash::getRandomInt() . Hash::getRandomInt() . Hash::getRandomInt() . Hash::getRandomInt());
}
// verify the ssl_session_id if the feature is enabled
if (HTTP::getRequestType() === 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'True' && $OSCOM_Session->hasStarted()) {
if (!isset($_SESSION['SSL_SESSION_ID'])) {
$_SESSION['SESSION_SSL_ID'] = $_SERVER['SSL_SESSION_ID'];
}
if ($_SESSION['SESSION_SSL_ID'] != $_SERVER['SSL_SESSION_ID']) {
$OSCOM_Session->kill();
OSCOM::redirect('ssl_check.php');
}
}
// verify the browser user agent if the feature is enabled
if (SESSION_CHECK_USER_AGENT == 'True') {
if (!isset($_SESSION['SESSION_USER_AGENT'])) {
$_SESSION['SESSION_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];
}
if ($_SESSION['SESSION_USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) {
$OSCOM_Session->kill();
OSCOM::redirect('login.php');
}
}
// verify the IP address if the feature is enabled
if (SESSION_CHECK_IP_ADDRESS == 'True') {
if (!isset($_SESSION['SESSION_IP_ADDRESS'])) {
$_SESSION['SESSION_IP_ADDRESS'] = HTTP::getIpAddress();
}
if ($_SESSION['SESSION_IP_ADDRESS'] != HTTP::getIpAddress()) {
$OSCOM_Session->kill();
OSCOM::redirect('login.php');
}
}
}
function tep_update_whos_online()
{
$OSCOM_Db = Registry::get('Db');
$wo_customer_id = 0;
$wo_full_name = 'Guest';
if (isset($_SESSION['customer_id'])) {
$wo_customer_id = $_SESSION['customer_id'];
$Qcustomer = $OSCOM_Db->prepare('select customers_firstname, customers_lastname from :table_customers where customers_id = :customers_id');
$Qcustomer->bindInt(':customers_id', $_SESSION['customer_id']);
$Qcustomer->execute();
$wo_full_name = $Qcustomer->value('customers_firstname') . ' ' . $Qcustomer->value('customers_lastname');
}
$wo_session_id = session_id();
$wo_ip_address = HTTP::getIpAddress();
if (is_null($wo_ip_address)) {
// database table field (ip_address) is not_null
$wo_ip_address = '';
}
$wo_last_page_url = '';
if (isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI'])) {
$wo_last_page_url = $_SERVER['REQUEST_URI'];
}
$current_time = time();
$xx_mins_ago = $current_time - 900;
// remove entries that have expired
$Qdel = $OSCOM_Db->prepare('delete from :table_whos_online where time_last_click < :time_last_click');
$Qdel->bindInt(':time_last_click', $xx_mins_ago);
$Qdel->execute();
$Qsession = $OSCOM_Db->prepare('select session_id from :table_whos_online where session_id = :session_id limit 1');
$Qsession->bindValue(':session_id', $wo_session_id);
$Qsession->execute();
if ($Qsession->fetch() !== false) {
$OSCOM_Db->save('whos_online', ['customer_id' => $wo_customer_id, 'full_name' => $wo_full_name, 'ip_address' => $wo_ip_address, 'time_last_click' => $current_time, 'last_page_url' => $wo_last_page_url], ['session_id' => $wo_session_id]);
} else {
$OSCOM_Db->save('whos_online', ['customer_id' => $wo_customer_id, 'full_name' => $wo_full_name, 'session_id' => $wo_session_id, 'ip_address' => $wo_ip_address, 'time_entry' => $current_time, 'time_last_click' => $current_time, 'last_page_url' => $wo_last_page_url]);
}
}
use OSC\OM\HTTP;
use OSC\OM\OSCOM;
use OSC\OM\Registry;
require 'includes/application_top.php';
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (tep_not_null($action)) {
switch ($action) {
case 'getShowcase':
$result = ['result' => -1];
$AppsShowcaseCache = new Cache('apps-showcase');
if ($AppsShowcaseCache->exists(360)) {
$showcase = $AppsShowcaseCache->get();
} else {
$showcase = [];
$version_url = str_replace('.', '_', OSCOM::getVersion());
$response = HTTP::getResponse(['url' => 'https://apps.oscommerce.com/index.php?RPC&GetShowcase&' . $version_url]);
if (!empty($response)) {
$showcase = json_decode($response, true);
}
if (is_array($showcase) && !empty($showcase) && isset($showcase['rpcStatus']) && $showcase['rpcStatus'] === 1) {
$AppsShowcaseCache->save($showcase);
}
}
if (is_array($showcase) && !empty($showcase) && isset($showcase['rpcStatus']) && $showcase['rpcStatus'] === 1 && isset($showcase['showcase'])) {
$result['result'] = 1;
$result['showcase'] = [];
foreach ($showcase['showcase'] as $app) {
$result['showcase'][] = ['vendor' => $app['vendor'], 'app' => $app['app'], 'title' => $app['title'], 'description' => $app['description'], 'is_installed' => Apps::exists($app['vendor'] . '\\' . $app['app'])];
}
}
echo json_encode($result);
if (isset($_GET['manufacturers_id']) && is_numeric($_GET['manufacturers_id'])) {
$Qmanufacturer = $OSCOM_Db->get('manufacturers_info', 'manufacturers_url', ['manufacturers_id' => $_GET['manufacturers_id'], 'languages_id' => $OSCOM_Language->getId()]);
if ($Qmanufacturer->fetch() !== false) {
// url exists in selected language
if (!empty($Qmanufacturer->value('manufacturers_url'))) {
$Qupdate = $OSCOM_Db->prepare('update :table_manufacturers_info set url_clicked = url_clicked+1, date_last_click = now() where manufacturers_id = :manufacturers_id and languages_id = :languages_id');
$Qupdate->bindInt(':manufacturers_id', $_GET['manufacturers_id']);
$Qupdate->bindInt(':languages_id', $OSCOM_Language->getId());
$Qupdate->execute();
HTTP::redirect($Qmanufacturer->value('manufacturers_url'));
}
} else {
// no url exists for the selected language, lets use the default language then
$Qmanufacturer = $OSCOM_Db->prepare('select mi.languages_id, mi.manufacturers_url from manufacturers_info mi, languages l where mi.manufacturers_id = :manufacturers_id and mi.languages_id = l.languages_id and l.code = :default_language');
$Qmanufacturer->bindInt(':manufacturers_id', $_GET['manufacturers_id']);
$Qmanufacturer->bindValue(':default_language', DEFAULT_LANGUAGE);
$Qmanufacturer->execute();
if ($Qmanufacturer->fetch() !== false) {
if (!empty($Qmanufacturer->value('manufacturers_url'))) {
$Qupdate = $OSCOM_Db->prepare('update :table_manufacturers_info set url_clicked = url_clicked+1, date_last_click = now() where manufacturers_id = :manufacturers_id and languages_id = :languages_id');
$Qupdate->bindInt(':manufacturers_id', $_GET['manufacturers_id']);
$Qupdate->bindInt(':languages_id', $Qmanufacturer->valueInt('languages_id'));
$Qupdate->execute();
HTTP::redirect($Qmanufacturer->value('manufacturers_url'));
}
}
}
}
break;
}
OSCOM::redirect('index.php');
function getTestConnectionResult()
{
if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_SERVER == 'Live') {
$gateway_url = 'https://live.sagepay.com/gateway/service/vspserver-register.vsp';
} else {
$gateway_url = 'https://test.sagepay.com/gateway/service/vspserver-register.vsp';
}
$params = array('VPSProtocol' => $this->api_version, 'ReferrerID' => 'C74D7B82-E9EB-4FBD-93DB-76F0F551C802', 'Vendor' => substr(MODULE_PAYMENT_SAGE_PAY_DIRECT_VENDOR_LOGIN_NAME, 0, 15), 'Amount' => 0, 'Currency' => DEFAULT_CURRENCY);
$ip_address = HTTP::getIpAddress();
if (!empty($ip_address) && ip2long($ip_address) != -1 && ip2long($ip_address) != false) {
$params['ClientIPAddress'] = $ip_address;
}
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '=' . urlencode(trim($value)) . '&';
}
$response = $this->sendTransactionToGateway($gateway_url, $post_string);
if ($response != false) {
return 1;
}
return -1;
}
function setIdentifier()
{
$this->identifier = HTTP::getIpAddress();
}
}
}
// Out of Stock
if (STOCK_ALLOW_CHECKOUT != 'true' && $any_out_of_stock == true) {
OSCOM::redirect('shopping_cart.php');
}
}
require DIR_WS_LANGUAGES . $_SESSION['language'] . '/checkout_confirmation.php';
$breadcrumb->add(NAVBAR_TITLE_1, OSCOM::link('checkout_shipping.php', '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2);
if ($_SESSION['payment'] == 'sage_pay_direct') {
$iframe_url = OSCOM::link('ext/modules/payment/sage_pay/direct_3dauth.php', '', 'SSL');
} else {
$iframe_url = $_SESSION['sage_pay_server_nexturl'];
}
if (!file_exists(DIR_FS_CATALOG . 'includes/template_top.php')) {
HTTP::redirect($iframe_url);
}
include 'includes/template_top.php';
?>
<iframe src="<?php
echo $iframe_url;
?>
" width="100%" height="600" frameborder="0">
<p>Your browser does not support iframes.</p>
</iframe>
<?php
include 'includes/template_bottom.php';
require 'includes/application_bottom.php';
}
require 'includes/filenames.php';
require 'includes/functions/general.php';
require 'includes/classes/logger.php';
require 'includes/classes/shopping_cart.php';
require 'includes/classes/table_block.php';
require 'includes/classes/box.php';
require 'includes/classes/object_info.php';
require 'includes/classes/upload.php';
require 'includes/classes/action_recorder.php';
require 'includes/classes/cfg_modules.php';
require OSCOM::getConfig('dir_root', 'Shop') . 'includes/classes/osc_template.php';
OSCOM::loadSite('Admin');
if (HTTP::getRequestType() === 'NONSSL' && $_SERVER['REQUEST_METHOD'] === 'GET' && parse_url(OSCOM::getConfig('http_server'), PHP_URL_SCHEME) == 'https') {
$url_req = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
HTTP::redirect($url_req, 301);
}
$OSCOM_Db = Registry::get('Db');
$OSCOM_Hooks = Registry::get('Hooks');
$OSCOM_Language = Registry::get('Language');
$OSCOM_MessageStack = Registry::get('MessageStack');
// calculate category path
if (isset($_GET['cPath'])) {
$cPath = $_GET['cPath'];
} else {
$cPath = '';
}
if (tep_not_null($cPath)) {
$cPath_array = tep_parse_category_path($cPath);
$cPath = implode('_', $cPath_array);
$current_category_id = $cPath_array[sizeof($cPath_array) - 1];
function before_process()
{
global $order, $order_totals, $sage_pay_response;
$OSCOM_Db = Registry::get('Db');
$transaction_response = null;
$sage_pay_response = null;
$error = null;
if (isset($_GET['check'])) {
if ($_GET['check'] == '3D' && isset($_POST['MD']) && tep_not_null($_POST['MD']) && isset($_POST['PaRes']) && tep_not_null($_POST['PaRes'])) {
if (MODULE_PAYMENT_SAGE_PAY_DIRECT_TRANSACTION_SERVER == 'Live') {
$gateway_url = 'https://live.sagepay.com/gateway/service/direct3dcallback.vsp';
} else {
$gateway_url = 'https://test.sagepay.com/gateway/service/direct3dcallback.vsp';
}
$post_string = 'MD=' . $_POST['MD'] . '&PARes=' . $_POST['PaRes'];
$transaction_response = $this->sendTransactionToGateway($gateway_url, $post_string);
} elseif ($_GET['check'] == 'PAYPAL' && isset($_POST['Status'])) {
if ($_POST['Status'] == 'PAYPALOK' && isset($_POST['VPSTxId']) && isset($_POST['CustomerEMail']) && isset($_POST['PayerID'])) {
$params = array('VPSProtocol' => $this->api_version, 'TxType' => 'COMPLETE', 'VPSTxId' => $_POST['VPSTxId'], 'Amount' => $this->format_raw($order->info['total']), 'Accept' => 'YES');
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '=' . urlencode(trim($value)) . '&';
}
if (MODULE_PAYMENT_SAGE_PAY_DIRECT_TRANSACTION_SERVER == 'Live') {
$gateway_url = 'https://live.sagepay.com/gateway/service/complete.vsp';
} else {
$gateway_url = 'https://test.sagepay.com/gateway/service/complete.vsp';
}
$transaction_response = $this->sendTransactionToGateway($gateway_url, $post_string);
} elseif (isset($_POST['StatusDetail']) && $_POST['StatusDetail'] == 'Paypal transaction cancelled by client.') {
OSCOM::redirect('checkout_confirmation.php', '', 'SSL');
}
}
} else {
$sagepay_token = null;
$sagepay_token_cvc = null;
if (MODULE_PAYMENT_SAGE_PAY_DIRECT_TOKENS == 'True') {
if (isset($_POST['sagepay_card']) && is_numeric($_POST['sagepay_card']) && $_POST['sagepay_card'] > 0) {
$Qtoken = $OSCOM_Db->get('customers_sagepay_tokens', 'sagepay_token', ['id' => $_POST['sagepay_card'], 'customers_id' => $_SESSION['customer_id']]);
if ($Qtoken->fetch() !== false) {
$sagepay_token = $Qtoken->value('sagepay_token');
if (isset($_POST['cc_cvc_tokens_nh-dns']) && is_array($_POST['cc_cvc_tokens_nh-dns']) && isset($_POST['cc_cvc_tokens_nh-dns'][$_POST['sagepay_card']])) {
$sagepay_token_cvc = substr($_POST['cc_cvc_tokens_nh-dns'][$_POST['sagepay_card']], 0, 4);
}
}
}
}
if (!isset($sagepay_token)) {
$cc_type = isset($_POST['cc_type']) ? substr($_POST['cc_type'], 0, 15) : null;
if (!isset($cc_type) || $this->isCard($cc_type) == false) {
OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . '&error=cardtype', 'SSL');
}
if ($cc_type != 'PAYPAL') {
$cc_owner = isset($_POST['cc_owner']) ? substr($_POST['cc_owner'], 0, 50) : null;
$cc_number = isset($_POST['cc_number_nh-dns']) ? substr(preg_replace('/[^0-9]/', '', $_POST['cc_number_nh-dns']), 0, 20) : null;
$cc_start = null;
$cc_expires = null;
$cc_issue = isset($_POST['cc_issue_nh-dns']) ? substr($_POST['cc_issue_nh-dns'], 0, 2) : null;
$cc_cvc = isset($_POST['cc_cvc_nh-dns']) ? substr($_POST['cc_cvc_nh-dns'], 0, 4) : null;
$today = getdate();
$months_array = array();
for ($i = 1; $i < 13; $i++) {
$months_array[] = sprintf('%02d', $i);
}
$year_valid_to_array = array();
for ($i = $today['year']; $i < $today['year'] + 10; $i++) {
$year_valid_to_array[] = strftime('%y', mktime(0, 0, 0, 1, 1, $i));
}
$year_valid_from_array = array();
for ($i = $today['year'] - 4; $i < $today['year'] + 1; $i++) {
$year_valid_from_array[] = strftime('%y', mktime(0, 0, 0, 1, 1, $i));
}
if (!isset($cc_owner) || empty($cc_owner)) {
OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . '&error=cardowner', 'SSL');
}
if (!isset($cc_number) || is_numeric($cc_number) == false) {
OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . '&error=cardnumber', 'SSL');
}
if ($cc_type == 'MAESTRO' && MODULE_PAYMENT_SAGE_PAY_DIRECT_ALLOW_MAESTRO == 'True' || $cc_type == 'AMEX' && MODULE_PAYMENT_SAGE_PAY_DIRECT_ALLOW_AMEX == 'True') {
if (!isset($_POST['cc_starts_month']) || !in_array($_POST['cc_starts_month'], $months_array)) {
OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . '&error=cardstart', 'SSL');
}
if (!isset($_POST['cc_starts_year']) || !in_array($_POST['cc_starts_year'], $year_valid_from_array)) {
OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . '&error=cardstart', 'SSL');
}
$cc_start = substr($_POST['cc_starts_month'] . $_POST['cc_starts_year'], 0, 4);
}
if (!isset($_POST['cc_expires_month']) || !in_array($_POST['cc_expires_month'], $months_array)) {
OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . '&error=cardexpires', 'SSL');
}
if (!isset($_POST['cc_expires_year']) || !in_array($_POST['cc_expires_year'], $year_valid_to_array)) {
OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . '&error=cardexpires', 'SSL');
}
if ($_POST['cc_expires_year'] == date('y') && $_POST['cc_expires_month'] < date('m')) {
OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . '&error=cardexpires', 'SSL');
}
$cc_expires = substr($_POST['cc_expires_month'] . $_POST['cc_expires_year'], 0, 4);
if ($cc_type == 'MAESTRO' && MODULE_PAYMENT_SAGE_PAY_DIRECT_ALLOW_MAESTRO == 'True') {
if (!isset($cc_issue) || empty($cc_issue)) {
OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . '&error=cardissue', 'SSL');
}
}
if (MODULE_PAYMENT_SAGE_PAY_DIRECT_VERIFY_WITH_CVC == 'True') {
if (!isset($cc_cvc) || empty($cc_cvc)) {
OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . '&error=cardcvc', 'SSL');
}
}
}
}
$params = array('VPSProtocol' => $this->api_version, 'ReferrerID' => 'C74D7B82-E9EB-4FBD-93DB-76F0F551C802', 'Vendor' => substr(MODULE_PAYMENT_SAGE_PAY_DIRECT_VENDOR_LOGIN_NAME, 0, 15), 'VendorTxCode' => substr(date('YmdHis') . '-' . $_SESSION['customer_id'] . '-' . $_SESSION['cartID'], 0, 40), 'Amount' => $this->format_raw($order->info['total']), 'Currency' => $_SESSION['currency'], 'Description' => substr(STORE_NAME, 0, 100), 'BillingSurname' => substr($order->billing['lastname'], 0, 20), 'BillingFirstnames' => substr($order->billing['firstname'], 0, 20), 'BillingAddress1' => substr($order->billing['street_address'], 0, 100), 'BillingCity' => substr($order->billing['city'], 0, 40), 'BillingPostCode' => substr($order->billing['postcode'], 0, 10), 'BillingCountry' => $order->billing['country']['iso_code_2'], 'BillingPhone' => substr($order->customer['telephone'], 0, 20), 'DeliverySurname' => substr($order->delivery['lastname'], 0, 20), 'DeliveryFirstnames' => substr($order->delivery['firstname'], 0, 20), 'DeliveryAddress1' => substr($order->delivery['street_address'], 0, 100), 'DeliveryCity' => substr($order->delivery['city'], 0, 40), 'DeliveryPostCode' => substr($order->delivery['postcode'], 0, 10), 'DeliveryCountry' => $order->delivery['country']['iso_code_2'], 'DeliveryPhone' => substr($order->customer['telephone'], 0, 20), 'CustomerEMail' => substr($order->customer['email_address'], 0, 255), 'Apply3DSecure' => '0', 'VendorData' => 'Customer ID ' . $_SESSION['customer_id']);
if (isset($sagepay_token)) {
$params['Token'] = $sagepay_token;
$params['StoreToken'] = '1';
if (MODULE_PAYMENT_SAGE_PAY_DIRECT_VERIFY_WITH_CVC == 'True') {
$params['CV2'] = $sagepay_token_cvc;
}
} else {
$params['CardType'] = $cc_type;
if ($cc_type == 'PAYPAL') {
$params['PayPalCallbackURL'] = OSCOM::link('checkout_process.php', 'check=PAYPAL', 'SSL');
} else {
$params['CardHolder'] = $cc_owner;
$params['CardNumber'] = $cc_number;
$params['ExpiryDate'] = $cc_expires;
$params['CreateToken'] = MODULE_PAYMENT_SAGE_PAY_DIRECT_TOKENS == 'True' && isset($_POST['cc_save']) && $_POST['cc_save'] == 'true' ? '1' : '0';
if ($cc_type == 'MAESTRO' && MODULE_PAYMENT_SAGE_PAY_DIRECT_ALLOW_MAESTRO == 'True' || $cc_type == 'AMEX' && MODULE_PAYMENT_SAGE_PAY_DIRECT_ALLOW_AMEX == 'True') {
$params['StartDate'] = $cc_start;
}
if ($cc_type == 'MAESTRO' && MODULE_PAYMENT_SAGE_PAY_DIRECT_ALLOW_MAESTRO == 'True') {
$params['IssueNumber'] = $cc_issue;
}
if (MODULE_PAYMENT_SAGE_PAY_DIRECT_VERIFY_WITH_CVC == 'True') {
$params['CV2'] = $cc_cvc;
}
}
}
$ip_address = tep_get_ip_address();
if (!empty($ip_address) && ip2long($ip_address) != -1 && ip2long($ip_address) != false) {
$params['ClientIPAddress'] = $ip_address;
}
if (MODULE_PAYMENT_SAGE_PAY_DIRECT_TRANSACTION_METHOD == 'Payment') {
$params['TxType'] = 'PAYMENT';
} elseif (MODULE_PAYMENT_SAGE_PAY_DIRECT_TRANSACTION_METHOD == 'Deferred') {
$params['TxType'] = 'DEFERRED';
} else {
$params['TxType'] = 'AUTHENTICATE';
}
if ($params['BillingCountry'] == 'US') {
$params['BillingState'] = tep_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], '');
}
if ($params['DeliveryCountry'] == 'US') {
$params['DeliveryState'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], '');
}
$contents = array();
foreach ($order->products as $product) {
$product_name = $product['name'];
if (isset($product['attributes'])) {
foreach ($product['attributes'] as $att) {
$product_name .= '; ' . $att['option'] . '=' . $att['value'];
}
}
$contents[] = str_replace(array(':', "\n", "\r", '&'), '', $product_name) . ':' . $product['qty'] . ':' . $this->format_raw($product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price'] + $product['final_price']) . ':' . $this->format_raw(($product['tax'] / 100 * $product['final_price'] + $product['final_price']) * $product['qty']);
}
foreach ($order_totals as $ot) {
$contents[] = str_replace(array(':', "\n", "\r", '&'), '', strip_tags($ot['title'])) . ':---:---:---:---:' . $this->format_raw($ot['value']);
}
$params['Basket'] = substr(sizeof($contents) . ':' . implode(':', $contents), 0, 7500);
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '=' . urlencode(trim($value)) . '&';
}
if (MODULE_PAYMENT_SAGE_PAY_DIRECT_TRANSACTION_SERVER == 'Live') {
$gateway_url = 'https://live.sagepay.com/gateway/service/vspdirect-register.vsp';
} else {
$gateway_url = 'https://test.sagepay.com/gateway/service/vspdirect-register.vsp';
}
$transaction_response = $this->sendTransactionToGateway($gateway_url, $post_string);
}
$string_array = explode(chr(10), $transaction_response);
$sage_pay_response = array();
foreach ($string_array as $string) {
if (strpos($string, '=') != false) {
$parts = explode('=', $string, 2);
$sage_pay_response[trim($parts[0])] = trim($parts[1]);
}
}
if (isset($params['CreateToken']) && $params['CreateToken'] == '1') {
$_SESSION['sagepay_token_cc_type'] = $params['CardType'];
$_SESSION['sagepay_token_cc_number'] = str_repeat('X', strlen($params['CardNumber']) - 4) . substr($params['CardNumber'], -4);
$_SESSION['sagepay_token_cc_expiry_date'] = $params['ExpiryDate'];
}
if ($sage_pay_response['Status'] == '3DAUTH') {
$_SESSION['sage_pay_direct_acsurl'] = $sage_pay_response['ACSURL'];
$_SESSION['sage_pay_direct_pareq'] = $sage_pay_response['PAReq'];
$_SESSION['sage_pay_direct_md'] = $sage_pay_response['MD'];
OSCOM::redirect('ext/modules/payment/sage_pay/checkout.php', '', 'SSL');
}
if ($sage_pay_response['Status'] == 'PPREDIRECT') {
HTTP::redirect($sage_pay_response['PayPalRedirectURL']);
}
if ($sage_pay_response['Status'] != 'OK' && $sage_pay_response['Status'] != 'AUTHENTICATED' && $sage_pay_response['Status'] != 'REGISTERED') {
$this->sendDebugEmail($sage_pay_response);
$error = $this->getErrorMessageNumber($sage_pay_response['StatusDetail']);
OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . (tep_not_null($error) ? '&error=' . $error : ''), 'SSL');
}
}
}
if ($check !== true) {
trigger_error('Online Update: Download for requested v' . $_POST['version'] . ' update package is not valid.');
http_response_code(404);
exit;
}
$result = ['result' => -1];
if (FileSystem::isWritable(OSCOM::BASE_DIR . 'Work/OnlineUpdates', true)) {
if (!is_dir(OSCOM::BASE_DIR . 'Work/OnlineUpdates')) {
mkdir(OSCOM::BASE_DIR . 'Work/OnlineUpdates', 0777, true);
}
$filepath = OSCOM::BASE_DIR . 'Work/OnlineUpdates/' . $_POST['version'] . '-update.zip';
if (FileSystem::isWritable($filepath)) {
unlink($filepath);
}
$downloadFile = HTTP::getResponse(['url' => 'https://www.oscommerce.com/?Products&Download=oscom-' . $_POST['version'] . '-ou', 'method' => 'post']);
$save_result = file_put_contents($filepath, $downloadFile);
if ($save_result !== false && $save_result > 0) {
$result['result'] = 1;
} else {
$result['result'] = -3;
$result['path'] = FileSystem::displayPath($filepath);
}
} else {
$result['result'] = -2;
$result['path'] = FileSystem::displayPath(OSCOM::BASE_DIR . 'Work/OnlineUpdates');
}
echo json_encode($result);
exit;
break;
case 'applyRelease':
$Qcustomer->bindInt(':customers_id', $login_customer_id);
$Qcustomer->execute();
$_SESSION['customer_id'] = $login_customer_id;
$_SESSION['customer_default_address_id'] = $Qcustomer->valueInt('customers_default_address_id');
$_SESSION['customer_first_name'] = $Qcustomer->value('customers_firstname');
$_SESSION['customer_country_id'] = $Qcustomer->valueInt('entry_country_id');
$_SESSION['customer_zone_id'] = $Qcustomer->valueInt('entry_zone_id');
$Qupdate = $OSCOM_Db->prepare('update :table_customers_info set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1, password_reset_key = null, password_reset_date = null where customers_info_id = :customers_info_id');
$Qupdate->bindInt(':customers_info_id', $_SESSION['customer_id']);
$Qupdate->execute();
// restore cart contents
$_SESSION['cart']->restore_contents();
if (sizeof($_SESSION['navigation']->snapshot) > 0) {
$origin_href = OSCOM::link($_SESSION['navigation']->snapshot['page'], tep_array_to_string($_SESSION['navigation']->snapshot['get'], array(session_name())));
$_SESSION['navigation']->clear_snapshot();
HTTP::redirect($origin_href);
}
OSCOM::redirect('index.php');
}
$OSCOM_Language->loadDefinitions('login');
$breadcrumb->add(OSCOM::getDef('navbar_title'), OSCOM::link('login.php'));
require $oscTemplate->getFile('template_top.php');
?>
<div class="page-header">
<h1><?php
echo OSCOM::getDef('heading_title');
?>
</h1>
</div>
public static function redirect()
{
global $request_type;
$url = forward_static_call_array('static::link', func_get_args());
if (strstr($url, "\n") !== false || strstr($url, "\r") !== false) {
$url = static::link('index.php', '', 'NONSSL', false);
}
if (ENABLE_SSL == true && $request_type == 'SSL') {
// We are loading an SSL page
if (substr($url, 0, strlen(HTTP_SERVER . DIR_WS_HTTP_CATALOG)) == HTTP_SERVER . DIR_WS_HTTP_CATALOG) {
// NONSSL url
$url = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG . substr($url, strlen(HTTP_SERVER . DIR_WS_HTTP_CATALOG));
// Change it to SSL
}
}
HTTP::redirect($url);
}
function before_process()
{
global $sagepay_server_transaction_details, $order, $order_totals;
$OSCOM_Db = Registry::get('Db');
$sagepay_server_transaction_details = null;
$error = null;
if (isset($_GET['check']) && $_GET['check'] == 'PROCESS') {
if (isset($_GET['skcode']) && isset($_SESSION['sagepay_server_skey_code']) && $_GET['skcode'] == $_SESSION['sagepay_server_skey_code']) {
$skcode = HTML::sanitize($_GET['skcode']);
$Qsp = $OSCOM_Db->get('sagepay_server_securitykeys', ['verified', 'transaction_details'], ['code' => $skcode], null, 1);
if ($Qsp->fetch() !== false) {
unset($_SESSION['sagepay_server_skey_code']);
$OSCOM_Db->delete('sagepay_server_securitykeys', ['code' => $skcode]);
if ($Qsp->value('verified') == '1') {
$sagepay_server_transaction_details = $Qsp->value('transaction_details');
return true;
}
}
}
} else {
if (!isset($_SESSION['sagepay_server_skey_code'])) {
$_SESSION['sagepay_server_skey_code'] = tep_create_random_value(16);
}
$params = array('VPSProtocol' => $this->api_version, 'ReferrerID' => 'C74D7B82-E9EB-4FBD-93DB-76F0F551C802', 'Vendor' => substr(MODULE_PAYMENT_SAGE_PAY_SERVER_VENDOR_LOGIN_NAME, 0, 15), 'VendorTxCode' => substr(date('YmdHis') . '-' . $_SESSION['customer_id'] . '-' . $_SESSION['cartID'], 0, 40), 'Amount' => $this->format_raw($order->info['total']), 'Currency' => $_SESSION['currency'], 'Description' => substr(STORE_NAME, 0, 100), 'NotificationURL' => $this->formatURL(OSCOM::link('ext/modules/payment/sage_pay/server.php', 'check=SERVER&skcode=' . $_SESSION['sagepay_server_skey_code'], 'SSL', false)), 'BillingSurname' => substr($order->billing['lastname'], 0, 20), 'BillingFirstnames' => substr($order->billing['firstname'], 0, 20), 'BillingAddress1' => substr($order->billing['street_address'], 0, 100), 'BillingCity' => substr($order->billing['city'], 0, 40), 'BillingPostCode' => substr($order->billing['postcode'], 0, 10), 'BillingCountry' => $order->billing['country']['iso_code_2'], 'BillingPhone' => substr($order->customer['telephone'], 0, 20), 'DeliverySurname' => substr($order->delivery['lastname'], 0, 20), 'DeliveryFirstnames' => substr($order->delivery['firstname'], 0, 20), 'DeliveryAddress1' => substr($order->delivery['street_address'], 0, 100), 'DeliveryCity' => substr($order->delivery['city'], 0, 40), 'DeliveryPostCode' => substr($order->delivery['postcode'], 0, 10), 'DeliveryCountry' => $order->delivery['country']['iso_code_2'], 'DeliveryPhone' => substr($order->customer['telephone'], 0, 20), 'CustomerEMail' => substr($order->customer['email_address'], 0, 255), 'Apply3DSecure' => '0');
$ip_address = tep_get_ip_address();
if (ip2long($ip_address) != -1 && ip2long($ip_address) != false) {
$params['ClientIPAddress'] = $ip_address;
}
if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Payment') {
$params['TxType'] = 'PAYMENT';
} elseif (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Deferred') {
$params['TxType'] = 'DEFERRED';
} else {
$params['TxType'] = 'AUTHENTICATE';
}
if ($params['BillingCountry'] == 'US') {
$params['BillingState'] = tep_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], '');
}
if ($params['DeliveryCountry'] == 'US') {
$params['DeliveryState'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], '');
}
if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE != 'Normal') {
$params['Profile'] = 'LOW';
}
$contents = array();
foreach ($order->products as $product) {
$product_name = $product['name'];
if (isset($product['attributes'])) {
foreach ($product['attributes'] as $att) {
$product_name .= '; ' . $att['option'] . '=' . $att['value'];
}
}
$contents[] = str_replace(array(':', "\n", "\r", '&'), '', $product_name) . ':' . $product['qty'] . ':' . $this->format_raw($product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price'] + $product['final_price']) . ':' . $this->format_raw(($product['tax'] / 100 * $product['final_price'] + $product['final_price']) * $product['qty']);
}
foreach ($order_totals as $ot) {
$contents[] = str_replace(array(':', "\n", "\r", '&'), '', strip_tags($ot['title'])) . ':---:---:---:---:' . $this->format_raw($ot['value']);
}
$params['Basket'] = substr(sizeof($contents) . ':' . implode(':', $contents), 0, 7500);
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '=' . urlencode(trim($value)) . '&';
}
if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_SERVER == 'Live') {
$gateway_url = 'https://live.sagepay.com/gateway/service/vspserver-register.vsp';
} else {
$gateway_url = 'https://test.sagepay.com/gateway/service/vspserver-register.vsp';
}
$transaction_response = $this->sendTransactionToGateway($gateway_url, $post_string);
$string_array = explode(chr(10), $transaction_response);
$return = array();
foreach ($string_array as $string) {
if (strpos($string, '=') != false) {
$parts = explode('=', $string, 2);
$return[trim($parts[0])] = trim($parts[1]);
}
}
if ($return['Status'] == 'OK') {
$Qsp = $OSCOM_Db->get('sagepay_server_securitykeys', ['id', 'securitykey'], ['code' => $_SESSION['sagepay_server_skey_code']], null, 1);
if ($Qsp->fetch() !== false) {
if ($Qsp->value('securitykey') != $return['SecurityKey']) {
$OSCOM_Db->save('sagepay_server_securitykeys', ['securitykey' => $return['SecurityKey'], 'date_added' => 'now()'], ['id' => $Qsp->valueInt('id')]);
}
} else {
$OSCOM_Db->save('sagepay_server_securitykeys', ['code' => $_SESSION['sagepay_server_skey_code'], 'securitykey' => $return['SecurityKey'], 'date_added' => 'now()']);
}
if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE == 'Normal') {
HTTP::redirect($return['NextURL']);
} else {
$_SESSION['sage_pay_server_nexturl'] = $return['NextURL'];
OSCOM::redirect('ext/modules/payment/sage_pay/checkout.php', '', 'SSL');
}
} else {
$error = $this->getErrorMessageNumber($return['StatusDetail']);
$this->sendDebugEmail($return);
}
}
OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . (tep_not_null($error) ? '&error=' . $error : ''), 'SSL');
}
case 'httpsCheck':
if (isset($_GET['subaction']) && $_GET['subaction'] == 'do') {
if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' || isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443) {
$result['status'] = '1';
$result['message'] = 'success';
}
} else {
$url = 'https://' . $_SERVER['HTTP_HOST'];
if (isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI'])) {
$url .= $_SERVER['REQUEST_URI'];
} else {
$url .= $_SERVER['SCRIPT_FILENAME'];
}
$url .= '&subaction=do';
// errors are silenced to not log failed connection checks
$response = @HTTP::getResponse(['url' => $url, 'verify_ssl' => false]);
if (!empty($response)) {
$response = json_decode($response, true);
if (is_array($response) && isset($response['status']) && $response['status'] == '1') {
$result['status'] = '1';
$result['message'] = 'success';
}
}
}
break;
case 'dbCheck':
try {
$OSCOM_Db = Db::initialize(isset($_POST['server']) ? $_POST['server'] : '', isset($_POST['username']) ? $_POST['username'] : '', isset($_POST['password']) ? $_POST['password'] : '', isset($_POST['name']) ? $_POST['name'] : '', null, null, ['log_errors' => false]);
$result['status'] = '1';
$result['message'] = 'success';
} catch (\Exception $e) {
public static function redirect()
{
$args = func_get_args();
$url = forward_static_call_array('static::link', $args);
if (strstr($url, "\n") !== false || strstr($url, "\r") !== false) {
$url = static::link('index.php', '', false);
}
HTTP::redirect($url);
}
*/
use OSC\OM\HTML;
use OSC\OM\HTTP;
use OSC\OM\OSCOM;
require 'includes/application_top.php';
$OSCOM_Language->loadDefinitions('server_info');
$info = tep_get_system_information();
$server = parse_url(OSCOM::getConfig('http_server'));
$action = isset($_GET['action']) ? $_GET['action'] : '';
switch ($action) {
case 'getPhpInfo':
phpinfo();
exit;
break;
case 'submit':
$response = HTTP::getResponse(['url' => 'https://www.oscommerce.com/index.php?RPC&Website&Index&SaveUserServerInfo&v=2', 'parameters' => ['info' => json_encode($info)]]);
if ($response != 'OK') {
$OSCOM_MessageStack->add(OSCOM::getDef('error_info_submit'), 'error');
} else {
$OSCOM_MessageStack->add(OSCOM::getDef('success_info_submit'), 'success');
}
OSCOM::redirect('server_info.php');
break;
case 'save':
$info_file = 'server_info-' . date('YmdHis') . '.txt';
header('Content-type: text/plain');
header('Content-disposition: attachment; filename=' . $info_file);
echo tep_format_system_info_array($info);
exit;
break;
}
