<?php /* ----------------------------------------------------------------------------------------- $Id: captcha.php 831 2007-10-29 19:20:03 VaM $ VaM Shop - open source ecommerce solution http://vamshop.ru http://vamshop.com Copyright (c) 2007 VaM Shop ----------------------------------------------------------------------------------------- based on: (c) 2007 KCAPTCHA - author Kruglov Sergei; captcha.ru Released under the GNU General Public License ---------------------------------------------------------------------------------------*/ require 'includes/application_top.php'; require_once DIR_FS_INC . 'vam_render_vvcode.inc.php'; require_once DIR_FS_INC . 'vam_random_charcode.inc.php'; $visual_verify_code = vam_random_charcode(6); $_SESSION['vvcode'] = $visual_verify_code; $vvimg = vvcode_render_code($visual_verify_code);
// create template elements
$vamTemplate = new vamTemplate();
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// include needed functions
require_once DIR_FS_INC . 'vam_random_charcode.inc.php';
require_once DIR_FS_INC . 'vam_encrypt_password.inc.php';
require_once DIR_FS_INC . 'vam_validate_password.inc.php';
require_once DIR_FS_INC . 'vam_rand.inc.php';
require_once DIR_FS_INC . 'vam_render_vvcode.inc.php';
$case = double_opt;
$info_message = TEXT_PASSWORD_FORGOTTEN;
if (isset($_GET['action']) && $_GET['action'] == 'first_opt_in') {
$check_customer_query = vam_db_query("select customers_email_address, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . vam_db_input($_POST['email']) . "'");
$check_customer = vam_db_fetch_array($check_customer_query);
$vlcode = vam_random_charcode(32);
$link = vam_href_link(FILENAME_PASSWORD_DOUBLE_OPT, 'action=verified&customers_id=' . $check_customer['customers_id'] . '&key=' . $vlcode, 'NONSSL');
// assign language to template for caching
$vamTemplate->assign('language', $_SESSION['language']);
$vamTemplate->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
$vamTemplate->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
// assign vars
$vamTemplate->assign('EMAIL', $check_customer['customers_email_address']);
$vamTemplate->assign('LINK', $link);
// dont allow cache
$vamTemplate->caching = false;
// create mails
$html_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/password_verification_mail.html');
$txt_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/password_verification_mail.txt');
if ($_POST['captcha'] == $_SESSION['vvcode']) {
if (!vam_db_num_rows($check_customer_query)) {
function confirmation()
{
global $cartID, $customer_id, $languages_id, $order, $order_total_modules;
if (isset($_SESSION['cartID'])) {
$insert_order = false;
if (isset($_SESSION['cart_aviso_id'])) {
$order_id = substr($_SESSION['cart_aviso_id'], strpos($_SESSION['cart_aviso_id'], '-') + 1);
$curr_check = vam_db_query("select currency from " . TABLE_ORDERS . " where orders_id = '" . (int) $order_id . "'");
$curr = vam_db_fetch_array($curr_check);
if ($curr['currency'] != $order->info['currency'] || $cartID != substr($_SESSION['cart_aviso_id'], 0, strlen($cartID))) {
$check_query = vam_db_query('select orders_id from ' . TABLE_ORDERS_STATUS_HISTORY . ' where orders_id = "' . (int) $order_id . '" limit 1');
if (vam_db_num_rows($check_query) < 1) {
vam_db_query('delete from ' . TABLE_ORDERS . ' where orders_id = "' . (int) $order_id . '"');
vam_db_query('delete from ' . TABLE_ORDERS_TOTAL . ' where orders_id = "' . (int) $order_id . '"');
vam_db_query('delete from ' . TABLE_ORDERS_STATUS_HISTORY . ' where orders_id = "' . (int) $order_id . '"');
vam_db_query('delete from ' . TABLE_ORDERS_PRODUCTS . ' where orders_id = "' . (int) $order_id . '"');
vam_db_query('delete from ' . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . ' where orders_id = "' . (int) $order_id . '"');
vam_db_query('delete from ' . TABLE_ORDERS_PRODUCTS_DOWNLOAD . ' where orders_id = "' . (int) $order_id . '"');
}
$insert_order = true;
}
} else {
$insert_order = true;
}
if ($insert_order == true) {
$order_totals = array();
if (is_array($order_total_modules->modules)) {
reset($order_total_modules->modules);
while (list(, $value) = each($order_total_modules->modules)) {
$class = substr($value, 0, strrpos($value, '.'));
if ($GLOBALS[$class]->enabled) {
for ($i = 0, $n = sizeof($GLOBALS[$class]->output); $i < $n; $i++) {
if (vam_not_null($GLOBALS[$class]->output[$i]['title']) && vam_not_null($GLOBALS[$class]->output[$i]['text'])) {
$order_totals[] = array('code' => $GLOBALS[$class]->code, 'title' => $GLOBALS[$class]->output[$i]['title'], 'text' => $GLOBALS[$class]->output[$i]['text'], 'value' => $GLOBALS[$class]->output[$i]['value'], 'sort_order' => $GLOBALS[$class]->sort_order);
}
}
}
}
}
if ($_SESSION['customers_status']['customers_status_ot_discount_flag'] == 1) {
$discount = $_SESSION['customers_status']['customers_status_ot_discount'];
} else {
$discount = '0.00';
}
if ($_SERVER["HTTP_X_FORWARDED_FOR"]) {
$customers_ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} else {
$customers_ip = $_SERVER["REMOTE_ADDR"];
}
$sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], 'customers_cid' => $order->customer['csID'], 'customers_vat_id' => $_SESSION['customer_vat_id'], 'customers_company' => $order->customer['company'], 'customers_status' => $_SESSION['customers_status']['customers_status_id'], 'customers_status_name' => $_SESSION['customers_status']['customers_status_name'], 'customers_status_image' => $_SESSION['customers_status']['customers_status_image'], 'customers_status_discount' => $discount, 'customers_street_address' => $order->customer['street_address'], 'customers_suburb' => $order->customer['suburb'], 'customers_city' => $order->customer['city'], 'customers_postcode' => $order->customer['postcode'], 'customers_state' => $order->customer['state'], 'customers_country' => $order->customer['country']['title'], 'customers_telephone' => $order->customer['telephone'], 'customers_email_address' => $order->customer['email_address'], 'customers_address_format_id' => $order->customer['format_id'], 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'], 'delivery_company' => $order->delivery['company'], 'delivery_street_address' => $order->delivery['street_address'], 'delivery_suburb' => $order->delivery['suburb'], 'delivery_city' => $order->delivery['city'], 'delivery_postcode' => $order->delivery['postcode'], 'delivery_state' => $order->delivery['state'], 'delivery_country' => $order->delivery['country']['title'], 'delivery_address_format_id' => $order->delivery['format_id'], 'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'], 'billing_company' => $order->billing['company'], 'billing_street_address' => $order->billing['street_address'], 'billing_suburb' => $order->billing['suburb'], 'billing_city' => $order->billing['city'], 'billing_postcode' => $order->billing['postcode'], 'billing_state' => $order->billing['state'], 'billing_country' => $order->billing['country']['title'], 'billing_address_format_id' => $order->billing['format_id'], 'payment_method' => $order->info['payment_method'], 'payment_class' => $order->info['payment_class'], 'shipping_method' => $order->info['shipping_method'], 'shipping_class' => $order->info['shipping_class'], 'language' => $_SESSION['language'], 'comments' => $order->info['comments'], 'customers_ip' => $customers_ip, 'orig_reference' => $order->customer['orig_reference'], 'login_reference' => $order->customer['login_reference'], 'cc_type' => $order->info['cc_type'], 'cc_owner' => $order->info['cc_owner'], 'cc_number' => $order->info['cc_number'], 'cc_expires' => $order->info['cc_expires'], 'date_purchased' => 'now()', 'orders_status' => $order->info['order_status'], 'currency' => $order->info['currency'], 'currency_value' => $order->info['currency_value']);
vam_db_perform(TABLE_ORDERS, $sql_data_array);
$insert_id = vam_db_insert_id();
$customer_notification = SEND_EMAILS == 'true' ? '1' : '0';
$sql_data_array = array('orders_id' => $insert_id, 'orders_status_id' => $order->info['order_status'], 'date_added' => 'now()', 'customer_notified' => $customer_notification, 'comments' => $order->info['comments']);
vam_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
for ($i = 0, $n = sizeof($order_totals); $i < $n; $i++) {
$sql_data_array = array('orders_id' => $insert_id, 'title' => $order_totals[$i]['title'], 'text' => $order_totals[$i]['text'], 'value' => $order_totals[$i]['value'], 'class' => $order_totals[$i]['code'], 'sort_order' => $order_totals[$i]['sort_order']);
vam_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
}
for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
$sql_data_array = array('orders_id' => $insert_id, 'products_id' => vam_get_prid($order->products[$i]['id']), 'products_model' => $order->products[$i]['model'], 'products_name' => $order->products[$i]['name'], 'products_price' => $order->products[$i]['price'], 'final_price' => $order->products[$i]['final_price'], 'products_tax' => $order->products[$i]['tax'], 'products_quantity' => $order->products[$i]['qty']);
vam_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array);
$order_products_id = vam_db_insert_id();
$attributes_exist = '0';
if (isset($order->products[$i]['attributes'])) {
$attributes_exist = '1';
for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) {
if (DOWNLOAD_ENABLED == 'true') {
$attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename, pad.products_attributes_is_pin\n from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n on pa.products_attributes_id=pad.products_attributes_id\n where pa.products_id = '" . $order->products[$i]['id'] . "'\n and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n and pa.options_id = popt.products_options_id\n and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n and pa.options_values_id = poval.products_options_values_id\n and popt.language_id = '" . $_SESSION['languages_id'] . "'\n and poval.language_id = '" . $_SESSION['languages_id'] . "'";
$attributes = vam_db_query($attributes_query);
} else {
$attributes = vam_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $_SESSION['languages_id'] . "' and poval.language_id = '" . $_SESSION['languages_id'] . "'");
}
// update attribute stock
vam_db_query("UPDATE " . TABLE_PRODUCTS_ATTRIBUTES . " set\n\t\t\t\t\t\t attributes_stock=attributes_stock - '" . $order->products[$i]['qty'] . "'\n\t\t\t\t\t\t where\n\t\t\t\t\t\t products_id='" . $order->products[$i]['id'] . "'\n\t\t\t\t\t\t and options_values_id='" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n\t\t\t\t\t\t and options_id='" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n\t\t\t\t\t\t ");
$attributes_values = vam_db_fetch_array($attributes);
$sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'products_options' => $attributes_values['products_options_name'], 'products_options_values' => $attributes_values['products_options_values_name'], 'options_values_price' => $attributes_values['options_values_price'], 'price_prefix' => $attributes_values['price_prefix']);
vam_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);
if (DOWNLOAD_ENABLED == 'true' && (isset($attributes_values['products_attributes_filename']) && vam_not_null($attributes_values['products_attributes_filename']) or $attributes_values['products_attributes_is_pin'])) {
//PIN add
for ($pincycle = 0; $pincycle < $order->products[$i]['qty']; $pincycle++) {
if ($attributes_values['products_attributes_is_pin']) {
$pin_query = vam_db_query("SELECT products_pin_id, products_pin_code FROM " . TABLE_PRODUCTS_PINS . " WHERE products_id = '" . $order->products[$i]['id'] . "' AND products_pin_used='0' LIMIT 1");
if (vam_db_num_rows($pin_query) == '0') {
// We have no PIN for this product
// insert some error notifying here
$pin = PIN_NOT_AVAILABLE;
} else {
$pin_res = vam_db_fetch_array($pin_query);
$pin = $pin_res['products_pin_code'];
vam_db_query("UPDATE " . TABLE_PRODUCTS_PINS . " SET products_pin_used='" . $insert_id . "' WHERE products_pin_id = '" . $pin_res['products_pin_id'] . "'");
}
}
//PIN
$sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'orders_products_filename' => $attributes_values['products_attributes_filename'], 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 'download_count' => $attributes_values['products_attributes_maxcount'], 'download_is_pin' => $attributes_values['products_attributes_is_pin'], 'download_pin_code' => $pin);
vam_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);
}
}
}
}
}
$_SESSION['cart_aviso_id'] = $cartID . '-' . $insert_id;
}
// Выписываем aviso счёт для покупателя
if ($insert_order == true) {
include_once DIR_WS_INCLUDES . 'external/avisosms/avisosmsmc.class.php';
require_once DIR_FS_INC . 'vam_random_charcode.inc.php';
/*
* Инициализация
*/
$username = MODULE_PAYMENT_AVISO_ID;
$sign = md5(($_SESSION['aviso_telephone'] == '' ? $_POST['aviso_telephone'] : $_SESSION['aviso_telephone']) . MODULE_PAYMENT_AVISO_SERVICE_ID . MODULE_PAYMENT_AVISO_ID . MODULE_PAYMENT_AVISO_SECURE_HASH);
$access_key = MODULE_PAYMENT_AVISO_ACCESS_KEY;
$service_id = MODULE_PAYMENT_AVISO_SERVICE_ID;
// Создаем новый объект для работы с avisosms m_commerce
$m_commerce = new AvisosmsMCommerce($username, $sign, $access_key, $service_id);
// Включаем тестовый режим
$m_commerce->test = FALSE;
//------------------------------------------------------------------------------
/*
* Создание нового заказа
*/
$description = vam_random_charcode(20);
$price = number_format($order->info['total'], 2, '.', '');
$success_message = 'ok!';
$phone = $_SESSION['aviso_telephone'] == '' ? $_POST['aviso_telephone'] : $_SESSION['aviso_telephone'];
$merchant_order_id = substr($_SESSION['cart_aviso_id'], strpos($_SESSION['cart_aviso_id'], '-') + 1);
if ($m_commerce->createOrder($description, $price, $success_message, $phone, $merchant_order_id)) {
// Заказ создан успешно (status = 0)
// Ответ ввиде массива
//$response = $m_commerce->response();
//var_dump($response);
} else {
// Ошибка создания заказа (status > 0)
echo 'Ошибка: ' . $m_commerce->error_message();
//var_dump($m_commerce->response());
}
vam_db_query("INSERT INTO " . TABLE_PERSONS . " (orders_id, name, address) VALUES ('" . vam_db_prepare_input((int) substr($_SESSION['cart_aviso_id'], strpos($_SESSION['cart_aviso_id'], '-') + 1)) . "', '" . vam_db_prepare_input($_SESSION['kvit_name']) . "', '" . vam_db_prepare_input($_SESSION['aviso_telephone']) . "')");
}
}
return array('title' => MODULE_PAYMENT_AVISO_TEXT_DESCRIPTION);
}
