function menu() { $site_path_array = explode("/", LINK_FILE); if (Session::is_developer()) { $menu = array(array("url" => LINK_ABS . $site_path_array[0] . "/index.php", "text" => "System Status", "icon" => "home"), array("url" => LINK_ABS . $site_path_array[0] . "/fault.php", "text" => "My Fault Reports", "icon" => "list"), array("url" => LINK_ABS . $site_path_array[0] . "/assigned.php", "text" => "My Assigned Faults", "icon" => "inbox"), array("url" => LINK_ABS . $site_path_array[0] . "/report", "text" => "Report a Fault", "icon" => "flash"), array("url" => LINK_ABS . $site_path_array[0] . "/manage", "text" => "View Faults", "icon" => "list-alt")); $faults = Faults::get_open_faults(); if ($faults > 0) { $menu[4]["badge"] = $faults; } $faults = Faults::get_open_faults_user(Session::get_id()); if ($faults > 0) { $menu[2]["badge"] = $faults; } } else { $menu = array(array("url" => LINK_ABS . $site_path_array[0] . "/index.php", "text" => "System Status", "icon" => "home"), array("url" => LINK_ABS . $site_path_array[0] . "/fault.php", "text" => "My Fault Reports", "icon" => "list"), array("url" => LINK_ABS . $site_path_array[0] . "/report", "text" => "Report a Fault", "icon" => "flash")); } foreach ($menu as &$item) { if ($site_path_array[1] == array_pop(explode("/", $item["url"]))) { $item["active"] = true; } } return Bootstrap::list_group($menu); }
$parameters = array(':trackid' => $_REQUEST['trackid']); $result = DigiplayDB::query($query, $parameters); if ($result->rowCount() != 1) { echo Bootstrap::alert_message_basic("danger", "Couldn't find track ID in the digiplay audio DB."); } else { $track = $result->fetch(); $query = "SELECT * FROM sustschedule order by id asc limit 1"; $result = DigiplayDB::query($query); $scheduleslot = $result->fetch(); if ($track['id'] != $scheduleslot['audioid']) { $query = "UPDATE sustschedule SET audioid=:trackid, trim_start_smpl=0, trim_end_smpl = :tracklength, fade_in = 0, fade_out = :tracklength WHERE id = :scheduleslot"; $parameters = array(':trackid' => $track['id'], ':tracklength' => $track['length_smpl'], ':scheduleslot' => $scheduleslot['id']); DigiplayDB::query($query, $parameters); $query = "INSERT INTO sustlog (audioid,userid,timestamp) VALUES (:audioid,:userid,:timestamp)"; date_default_timezone_set("Europe/London"); $parameters = array(':audioid' => $track['id'], ':userid' => Session::get_id(), ':timestamp' => time()); DigiplayDB::query($query, $parameters); echo Bootstrap::alert_message_basic("info", "Track Scheduled."); } else { echo Bootstrap::alert_message_basic("warning", "This track is already at the top of the queue."); } } } $currentQueue = Sustainer::get_queue(); $i = 0; echo "<h3>Current queue:</h3>"; if (!is_null($currentQueue)) { if (array_key_exists('id', $currentQueue)) { $currentQueueTemp = array(0 => $currentQueue); $currentQueue = $currentQueueTemp; }
<?php Output::set_title("System Information"); Output::add_stylesheet(LINK_ABS . "faults/comment.css"); MainTemplate::set_subtitle("View updates and report faults"); $faults = Faults::get(NULL, Session::get_id()); foreach ($faults as $fault) { $title = "<b>Fault ID: DIGI_" . $fault->get_id() . " </b><small>Assigned to: " . $fault->get_real_assignedto($fault->get_assignedto()) . "</small><span class=\"pull-right label label-" . $fault->get_panel_class() . "\">" . $fault->get_real_status() . "</span>"; $footer = "<a data-toggle=\"modal\" href=\"#add-comment\" class=\"btn btn-primary btn-xs new-comment\" data-dps-id=" . $fault->get_id() . ">Add Comment</a>"; if (Comments::get_fault_comments($fault->get_id()) != 0) { $footer .= "<span class=\"pull-right\"><a class=\"accordion-toggle\" data-toggle=\"collapse\" href=\"#collapse-" . $fault->get_id() . "\">" . Bootstrap::glyphicon("plus") . "</a></span></div><div id=\"collapse-" . $fault->get_id() . "\" class=\"panel-collapse collapse\"><div class=\"panel-body\">"; $comments = Comments::get_by_fault($fault->get_id()); foreach ($comments as $comment) { if ($comment->get_author() == -1) { $footer .= "<div class=\"row\">\r\n\t\t\t\t\t\t<div class=\"col-md-6 col-md-offset-3\"><hr></div>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t\t \r\n\t\t\t\t\t\t\t <div class=\"col-md-8 col-md-offset-2 system-comment\"><b style=\"color: #f0ad4e;\">System:</b> " . $comment->get_comment() . "<br><span>" . $comment->get_postdate() . "</span></div>\t\r\n\t\t\t\t</div>\r\n\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t<div class=\"col-md-6 col-md-offset-3\"><hr></div>\r\n\t\t\t\t\t\t</div>"; } else { if ($comment->get_author() == $fault->get_author()) { $footer .= "\r\n\t\t \t<div class=\"panel panel-default\">\r\n\t\t\t\t\t<div class=\"panel-body\">\r\n\t\t\t\t\t\t" . $comment->get_comment() . "\r\n\t\t\t\t\t</div>\r\n\t\t\t\t\t<div class=\"panel-footer\"><span class=\"glyphicon glyphicon-time fault-time\" aria-hidden=\"true\"></span>" . $comment->get_postdate() . "<span class=\"glyphicon glyphicon-user fault-user\" aria-hidden=\"true\"></span>" . $comment->get_real_author($comment->get_author()) . "<span class=\"label label-success\">Customer</span></div>\r\n\t\t\t\t</div>\r\n\t\t\t\t"; } else { $footer .= "\t\t \t<div class=\"panel panel-default\">\r\n\t\t\t\t\t<div class=\"panel-body\">\r\n\t\t\t\t\t\t" . $comment->get_comment() . "\r\n\t\t\t\t\t</div>\r\n\t\t\t\t\t<div class=\"panel-footer\"><span class=\"glyphicon glyphicon-time fault-time\" aria-hidden=\"true\"></span>" . $comment->get_postdate() . "<span class=\"glyphicon glyphicon-user fault-user\" aria-hidden=\"true\"></span>" . $comment->get_real_author($comment->get_author()) . "<span class=\"label label-danger\">Developer</span></div>\r\n\t\t\t\t</div>"; } } } $footer .= "</div>"; } $body = "<p><i>Submitted by: <b>" . $fault->get_real_author($fault->get_author()) . "</b> on: <b>" . $fault->get_postdate() . "</b></i><hr></p>\r\n\t<p>" . $fault->get_content() . "</p>"; echo Bootstrap::panel($fault->get_panel_class(), $body, $title, $footer); } $title = "<span id=\"comment-status-title\">Add a comment to the fault DIGI_</span>"; $body = "<form role=\"form\">\r\n <div class=\"form-group\">\r\n \t<input type=\"hidden\" class=\"fault-comment-id\">\r\n <textarea class=\"form-control fault-comment-value\" rows=\"3\"></textarea>\r\n </div>\r\n <div class=\"form-group\">\r\n <button type=\"submit\" class=\"btn btn-primary confirm-fault-comment\">Add Comment</button>\r\n <a href=\"#\" data-dismiss=\"modal\" class=\"btn btn-default\">Cancel</a>\r\n </div>\r\n</form>"; echo Bootstrap::modal("add-comment", $body, $title);
function Validate($cId, $sUserCode, $bCaseInsensitive = true) { if ($bCaseInsensitive) { $sUserCode = strtoupper($sUserCode); } $code = db_get_field("SELECT ekey FROM ?:ekeys WHERE object_string = ?s AND ttl > ?i", Session::get_id() . ':' . $cId, TIME); // Cleanup bargage db_query("DELETE FROM ?:ekeys WHERE object_string = ?s", TIME, $cId); if (!empty($code) && $sUserCode == $code) { return true; } return false; }
<?php $comment = new Comment(); // Relate comment to fault ID $comment->set_faultid($_REQUEST['faultid']); // Get the current users ID for the submission // If it is a system message, use -1 if (isset($_REQUEST['system'])) { $comment->set_author(-1); } else { $comment->set_author(Session::get_id()); } // Grab content $comment->set_comment($_REQUEST['comment']); // Current time and date added to record $comment->set_postdate(time()); if ($comment) { if ($comment->save()) { exit(json_encode(array('response' => 'success'))); } else { exit(json_encode(array('error' => 'Unknown error.'))); } } // if (is developer and isnt author) show in blue!!!!
if (!empty($product_count)) { // Get all search params $search_params = $_REQUEST; unset($search_params['dispatch']); unset($search_params['page']); unset($search_params['result_ids']); unset($search_params['x']); unset($search_params['y']); $search_params['match'] = empty($search_params['match']) ? 'any' : $search_params['match']; // any, all, exact foreach ($search_params as $k => $v) { if (empty($v)) { unset($search_params[$k]); continue; } $search_params[$k] = $v; } ksort($search_params); $search_params = serialize($search_params); $md5_search_params = md5($search_params); // Save search params $sess_id = db_get_field("SELECT sess_id FROM ?:stat_sessions WHERE session = ?s AND expiry > ?i ORDER BY timestamp DESC LIMIT 1", Session::get_id(), TIME); if (!empty($sess_id)) { $record_exist = db_get_field("SELECT sess_id FROM ?:stat_product_search WHERE sess_id = ?i AND md5 = ?s", $sess_id, $md5_search_params); if (!$record_exist) { $_data = array('sess_id' => $sess_id, 'search_string' => $search_params, 'md5' => $md5_search_params, 'quantity' => $product_count); db_query('INSERT INTO ?:stat_product_search ?e', $_data); } } } }
// Query number of audiowalls that the user currently has // If an audiowall already exists for that user, deny creation $numberOfAudiowalls = AudiowallSets::count_by_user(); if ($numberOfAudiowalls > 0 && !Session::is_group_user('Audiowalls Admin')) { http_response_code(400); exit(json_encode(array("error" => "Audiowall limit exceeded", "detail" => "You are limited to a single audiowall"))); Errors::clear(); } $aw_set = new AudiowallSet(); $aw_set->set_name(pg_escape_string($_REQUEST["awname"])); $aw_set->set_description(pg_escape_string($_REQUEST["awdescription"])); $aw_set->save(); // Add audiowall owner to the database $data = array('user_id' => Session::get_id(), 'set_id' => $aw_set->get_id()); DigiplayDB::insert("aw_sets_owner", $data); // Add audiowall permissions to current user // The bitmask is as follows (view, edit, delete) where a value of 1 grants the permission // INSERT INTO aw_sets_permissions (user_id, set_id, permissions) VALUES (Session::get_id(), $aw_set->get_id(), '111'); $data = array('user_id' => Session::get_id(), 'set_id' => $aw_set->get_id(), 'permissions' => '111'); DigiplayDB::insert("aw_sets_permissions", $data); if (Errors::occured()) { http_response_code(400); exit(json_encode(array("error" => "Something went wrong. You may have discovered a bug!", "detail" => Errors::report("array")))); Errors::clear(); } else { exit(json_encode(array('response' => 'success', 'id' => $aw_set->get_id()))); } } else { http_response_code(403); exit(json_encode(array('error' => 'Permission denied.'))); }
public static function count_by_user() { return DigiplayDB::select("count(set_id) FROM aw_sets_owner WHERE user_id = :user_id", null, false, array(':user_id' => Session::get_id())); }
function fn_order_placement_routines($order_id, $force_notification = array(), $clear_cart = true, $action = '') { $order_info = fn_get_order_info($order_id, true); if (!empty($_SESSION['cart']['placement_action'])) { if (empty($action)) { $action = $_SESSION['cart']['placement_action']; } unset($_SESSION['cart']['placement_action']); } if (AREA == 'C' && !empty($order_info['user_id'])) { $__fake = ''; fn_save_cart_content($__fake, $order_info['user_id']); } $edp_data = fn_generate_ekeys_for_edp(array(), $order_info); fn_order_notification($order_info, $edp_data, $force_notification); $_error = false; if ($action == 'save') { fn_set_notification('N', fn_get_lang_var('congratulations'), fn_get_lang_var('text_order_saved_successfully')); } else { if ($order_info['status'] == STATUS_PARENT_ORDER) { $child_orders = db_get_hash_single_array("SELECT order_id, status FROM ?:orders WHERE parent_order_id = ?i", array('order_id', 'status'), $order_id); $status = reset($child_orders); $child_orders = array_keys($child_orders); } else { $status = $order_info['status']; } if (substr_count('OP', $status) > 0) { if ($action == 'repay') { fn_set_notification('N', fn_get_lang_var('congratulations'), fn_get_lang_var('text_order_repayed_successfully')); } else { fn_set_notification('N', fn_get_lang_var('order_placed'), fn_get_lang_var('text_order_placed_successfully')); } } elseif ($status == 'B') { fn_set_notification('N', fn_get_lang_var('order_placed'), fn_get_lang_var('text_order_backordered')); } else { if (AREA == 'A' || $action == 'repay') { if ($status != 'I') { fn_set_notification('E', fn_get_lang_var('order_placed'), fn_get_lang_var('text_order_placed_error')); } } else { $_error = true; if (!empty($child_orders)) { array_unshift($child_orders, $order_id); } else { $child_orders = array(); $child_orders[] = $order_id; } $_SESSION['cart'][$status == 'N' ? 'processed_order_id' : 'failed_order_id'] = $child_orders; } if ($status == 'N' || $action == 'repay' && $status == 'I') { fn_set_notification('N', fn_get_lang_var('cancelled'), fn_get_lang_var('text_transaction_cancelled')); } } } // Empty cart if ($clear_cart == true && $_error == false) { $_SESSION['cart'] = array('user_data' => !empty($_SESSION['cart']['user_data']) ? $_SESSION['cart']['user_data'] : array(), 'profile_id' => !empty($_SESSION['cart']['profile_id']) ? $_SESSION['cart']['profile_id'] : 0, 'user_id' => !empty($_SESSION['cart']['user_id']) ? $_SESSION['cart']['user_id'] : 0); db_query('DELETE FROM ?:user_session_products WHERE session_id = ?s AND type = ?s', Session::get_id(), 'C'); } fn_set_hook('order_placement_routines', $order_id, $force_notification, $order_info); $prefix = Registry::get('settings.General.secure_auth') == 'Y' && AREA == 'C' ? Registry::get('config.https_location') . '/' : ''; if (AREA == 'A' || $action == 'repay') { fn_redirect($prefix . INDEX_SCRIPT . "?dispatch=orders.details&order_id={$order_id}", true); } else { fn_redirect($prefix . INDEX_SCRIPT . "?dispatch=checkout." . ($_error == true ? Registry::get('settings.General.one_page_checkout') == 'Y' ? "checkout" : "summary" : "complete&order_id={$order_id}"), true); } }
function fn_stat_save_session_data(&$stat_data) { $stat_data['user_agent'] = $_SERVER['HTTP_USER_AGENT']; $ip = fn_get_ip(true); $stat_data['host_ip'] = $ip['host']; $stat_data['proxy_ip'] = $ip['proxy']; $stat_data['client_language'] = strtoupper(empty($stat_data['client_language']) ? empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? '' : $_SERVER['HTTP_ACCEPT_LANGUAGE'] : $stat_data['client_language']); $stat_data['session'] = Session::get_id(); $stat_data['host_ip'] = $ip['host']; $stat_data['proxy_ip'] = $ip['proxy']; $stat_data['ip_id'] = fn_stat_ip_exist($ip); if (!empty($stat_data['browser'])) { $browser_id = db_get_field("SELECT browser_id FROM ?:stat_browsers WHERE browser = ?s AND version = ?s", $stat_data['browser'], $stat_data['browser_version']); if (empty($browser_id)) { $browser_id = db_query('INSERT INTO ?:stat_browsers ?e', array('browser' => $stat_data['browser'], 'version' => $stat_data['browser_version'])); } $stat_data['browser_id'] = $browser_id; } $parse_url = parse_url(@$stat_data['referrer']); $stat_data['referrer_scheme'] = empty($parse_url['scheme']) ? '' : $parse_url['scheme']; $stat_data['referrer_host'] = empty($parse_url['host']) ? '' : $parse_url['host']; $search_data = fn_get_search_words(@$stat_data['referrer']); if (!empty($search_data['engine'])) { //$stat_data['engine'] = $search_data['engine']; $engine_id = db_get_field("SELECT engine_id FROM ?:stat_search_engines WHERE engine = ?s", $search_data['engine']); if (empty($engine_id)) { $engine_id = db_query('INSERT INTO ?:stat_search_engines ?e', array('engine' => $search_data['engine'])); } $stat_data['engine_id'] = empty($engine_id) ? 0 : $engine_id; } if (!empty($search_data['phrase'])) { $phrase_id = db_get_field("SELECT phrase_id FROM ?:stat_search_phrases WHERE phrase = ?s", $search_data['phrase']); if (empty($phrase_id)) { $phrase_id = db_query('INSERT INTO ?:stat_search_phrases ?e', array('phrase' => $search_data['phrase'])); } $stat_data['phrase_id'] = empty($phrase_id) ? 0 : $phrase_id; } if (!empty($stat_data['client_language'])) { $is_lang = db_get_field("SELECT lang_code FROM ?:stat_languages WHERE lang_code = ?s", $stat_data['client_language']); // If there is not long language code in DB then save short language code if (empty($is_lang)) { $stat_data['client_language'] = substr($stat_data['client_language'], 0, 2); } } $stat_data['expiry'] = TIME + SESSION_ALIVE_TIME; $session_data = fn_check_table_fields($stat_data, 'stat_sessions'); $sess_id = db_query('INSERT INTO ?:stat_sessions ?e', $session_data); // Set the cookie 'stat_uniq_code' to identify unique clients. $stat_uniq_code = fn_get_cookie('stat_uniq_code'); if (!empty($sess_id) && (empty($stat_uniq_code) || $stat_uniq_code >= $sess_id)) { $stat_uniq_code = $sess_id; } fn_set_cookie('stat_uniq_code', $stat_uniq_code, 365 * 24 * 3600); if (!empty($sess_id)) { db_query('UPDATE ?:stat_sessions SET ?u WHERE sess_id = ?i', array('uniq_code' => $stat_uniq_code), $sess_id); } return $sess_id; }
/** * Make cmpi_lookup request to 3-D Secure sevice provider * * @param array $processor_data Payment processor data * @param array $order_info Order information * @return boolean true */ function fn_cmpi_lookup($processor_data, $order_info) { unset($_SESSION['cmpi']); $amount = preg_replace('/\\D/', '', $order_info['total']); // array with ISO codes of currencies. //TODO: move to database. $iso4217 = array('USD' => 840, 'GBP' => 826, 'EUR' => 978, 'AUD' => 036, 'CAD' => 124, 'JPY' => 392); $settings = array('processor_id', 'merchant_id', 'transaction_password', 'transaction_url'); foreach ($settings as $setting) { $_SESSION['cmpi'][$setting] = $processor_data['params'][$setting]; } $cardinal_request = <<<EOT <CardinalMPI> <MsgType>cmpi_lookup</MsgType> <Version>1.7</Version> <ProcessorId>{$_SESSION['cmpi']['processor_id']}</ProcessorId> <MerchantId>{$_SESSION['cmpi']['merchant_id']}</MerchantId> <TransactionPwd>{$_SESSION['cmpi']['transaction_password']}</TransactionPwd> <TransactionType>C</TransactionType> <Amount>{$amount}</Amount> <CurrencyCode>{$iso4217[$processor_data['params']['currency']]}</CurrencyCode> <CardNumber>{$order_info['payment_info']['card_number']}</CardNumber> <CardExpMonth>{$order_info['payment_info']['expiry_month']}</CardExpMonth> <CardExpYear>20{$order_info['payment_info']['expiry_year']}</CardExpYear> <OrderNumber>{$order_info['order_id']}</OrderNumber> <OrderDesc>Order #{$order_info['order_id']}; customer: {$order_info['b_firstname']} {$order_info['b_lastname']};</OrderDesc> <BrowserHeader>*/*</BrowserHeader> <EMail>{$order_info['email']}</EMail> <IPAddress>{$_SERVER['REMOTE_ADDR']}</IPAddress> <BillingFirstName>{$order_info['b_firstname']}</BillingFirstName> <BillingLastName>{$order_info['b_lastname']}</BillingLastName> <BillingAddress1>{$order_info['b_address']}</BillingAddress1> <BillingAddress2>{$order_info['b_address_2']}</BillingAddress2> <BillingCity>{$order_info['b_city']}</BillingCity> <BillingState>{$order_info['b_state']}</BillingState> <BillingPostalCode>{$order_info['b_zipcode']}</BillingPostalCode> <BillingCountryCode>{$order_info['b_country']}</BillingCountryCode> <ShippingFirstName>{$order_info['s_firstname']}</ShippingFirstName> <ShippingLastName>{$order_info['s_lastname']}</ShippingLastName> <ShippingAddress1>{$order_info['s_address']}</ShippingAddress1> <ShippingAddress2>{$order_info['s_address_2']}</ShippingAddress2> <ShippingCity>{$order_info['s_city']}</ShippingCity> <ShippingState>{$order_info['s_state']}</ShippingState> <ShippingPostalCode>{$order_info['s_zipcode']}</ShippingPostalCode> <ShippingCountryCode>{$order_info['s_country']}</ShippingCountryCode> </CardinalMPI> EOT; /* <Item_Name_1>Three Stone Princess Cut Diamond Ring</Item_Name_1> <Item_Desc_1>This classic women's diamond ring in 18K white gold features 3 brilliant diamonds. The diamonds are Channel-Set and weigh a total of 1.98 ctw. Gift Box included.</Item_Desc_1> <Item_Price_1>39999</Item_Price_1> <Item_Quantity_1>1</Item_Quantity_1> <Item_SKU_1>SKU17513</Item_SKU_1> */ Registry::set('log_cut_data', array('CardNumber', 'CardExpMonth', 'CardExpYear')); list($headers, $response_data) = fn_https_request('POST', $_SESSION['cmpi']['transaction_url'], array("cmpi_msg=" . $cardinal_request)); $cmpi = @simplexml_load_string($response_data); $err_no = 0; $_SESSION['cmpi']['enrolled'] = 'U'; $acs_url = ''; if ($headers == '0' || $cmpi === false) { // array with EciFlag for different cards, if payer authentication is unavailable $cards_eci_flags = array('mcd' => 1, 'vis' => 7, 'jcb' => 7); $_SESSION['cmpi']['eci_flag'] = isset($cards_eci_flags[$order_info['payment_info']['card']]) ? $cards_eci_flags[$order_info['payment_info']['card']] : ''; $err_desc = 'Connection problem'; } else { $err_no = intval((string) $cmpi->ErrorNo); $err_desc = (string) $cmpi->ErrorDesc; $acs_url = (string) $cmpi->ACSUrl; $_SESSION['cmpi']['enrolled'] = (string) $cmpi->Enrolled; $_SESSION['cmpi']['transaction_id'] = (string) $cmpi->TransactionId; $_SESSION['cmpi']['eci_flag'] = (string) $cmpi->EciFlag; } if ($err_no == 0 && $_SESSION['cmpi']['enrolled'] == 'Y' && !empty($acs_url)) { $sess = '&' . SESS_NAME . '=' . Session::get_id(); $_SESSION['cmpi']['acs_url'] = $acs_url; $_SESSION['cmpi']['order_id'] = $order_info['order_id']; $_SESSION['cmpi']['frame_data'] = array('PaReq' => (string) $cmpi->Payload, 'TermUrl' => Registry::get('config.current_location') . '/' . INDEX_SCRIPT . '?dispatch=payment_notification.bank&payment=cmpi' . $sess, 'MD' => ''); $frame_src = Registry::get('config.current_location') . '/' . INDEX_SCRIPT . '?dispatch=payment_notification.frame&payment=cmpi' . $sess; $msg = fn_get_lang_var('text_cmpi_frame_message'); $back_link_msg = fn_get_lang_var('text_cmpi_go_back'); $dispatch = MODE == 'repay' ? 'orders.details&order_id=' . $order_info['order_id'] : 'checkout.checkout'; $back_link = Registry::get('config.current_location') . '/' . INDEX_SCRIPT . '?dispatch=' . $dispatch . $sess; echo <<<EOT <table width="100%" cellspacing="0" cellpadding="0"> \t<tr> \t<td valign="top" align="center"> \t\t<div style="width:500px;"> \t \t\t{$msg} \t\t\t\t<br /><br /> \t\t\t</div> \t</td> </tr> \t<tr> \t<td valign="top" align="center"> \t\t\t<iframe width="420" height="420" marginwidth="0" marginheight="0" src="{$frame_src}"></iframe><br /> \t\t\t<br /> \t\t\t<div> \t\t\t\t<a href="{$back_link}>{$back_link_msg}</a> \t\t\t</div> \t\t</td> \t</tr> </table> EOT; exit; } else { $_SESSION['cmpi']['err_no'][0] = $err_no; $_SESSION['cmpi']['err_desc'][0] = $err_desc; define('DO_DIRECT_PAYMENT', true); } return true; }
fn_init_user(); // Third-level (a) cache: different for dispatch-user-language-currency define('CACHE_LEVEL_USER', AREA . '_' . $_SERVER['REQUEST_METHOD'] . '_' . str_replace('.', '_', $_REQUEST['dispatch']) . '.' . (!empty($_SESSION['auth']['usergroup_ids']) ? implode('_', $_SESSION['auth']['usergroup_ids']) : '') . '.' . (defined('CART_LOCALIZATION') ? CART_LOCALIZATION . '_' : '') . CART_LANGUAGE . '.' . CART_SECONDARY_CURRENCY); // Third-level (b) cache: different for user(logged in/not)-usergroup-language-currency define('CACHE_LEVEL_LOCALE_AUTH', AREA . '_' . $_SERVER['REQUEST_METHOD'] . '_' . (!empty($_SESSION['auth']['user_id']) ? 1 : 0) . '.' . (!empty($_SESSION['auth']['usergroup_ids']) ? implode('_', $_SESSION['auth']['usergroup_ids']) : '') . (defined('CART_LOCALIZATION') ? CART_LOCALIZATION . '_' : '') . CART_LANGUAGE . '.' . CART_SECONDARY_CURRENCY); // Set timezone date_default_timezone_set(Registry::get('settings.Appearance.timezone')); // Set root template Registry::set('root_template', 'index.tpl'); if (defined('SKINS_PANEL')) { Registry::get('view')->assign('demo_skin', Registry::get('demo_skin')); } // URL's assignments Registry::set('config.current_url', Registry::get('config.' . AREA_NAME . '_index') . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '')); Registry::get('view')->assign('controller', CONTROLLER); Registry::get('view')->assign('mode', MODE); Registry::get('view')->assign('action', ACTION); Registry::get('view')->assign('demo_username', Registry::get('config.demo_username')); Registry::get('view')->assign('demo_password', Registry::get('config.demo_password')); Registry::get('view')->assign('settings', Registry::get('settings')); Registry::get('view')->assign('addons', Registry::get('addons')); Registry::get('view')->assign('config', Registry::get('config')); Registry::get('view')->assign('_REQUEST', $_REQUEST); // we need escape the request array too (access via $smarty.request in template) Registry::get('view')->assign('SESS_ID', Session::get_id()); // Mail template assignments Registry::get('view_mail')->assign('addons', Registry::get('addons')); Registry::get('view_mail')->assign('settings', Registry::get('settings')); Registry::get('view_mail')->assign('config', Registry::get('config')); // init content search fn_init_search();
if ($_REQUEST['transStatus'] == 'Y') { $pp_response["reason_text"] = $_REQUEST['rawAuthMessage']; $pp_response["transaction_id"] = $_REQUEST['transId']; $pp_response['descr_avs'] = "CVV (Security Code): " . $avs_res[substr($_REQUEST['AVS'], 0, 1)] . "; Postcode: " . $avs_res[substr($_REQUEST['AVS'], 1, 1)] . "; Address: " . $avs_res[substr($_REQUEST['AVS'], 2, 1)] . "; Country: " . $avs_res[substr($_REQUEST['AVS'], 3)]; } if (!empty($_REQUEST['testMode'])) { $pp_response["reason_text"] .= "; This a TEST Transaction"; } fn_finish_payment($order_id, $pp_response, false); echo "<head><meta http-equiv='refresh' content='0; url=" . Registry::get('config.current_location') . "/{$index_script}?dispatch=payment_notification.notify&payment=worldpay&order_id={$order_id}'></head><body><wpdisplay item=banner></body>"; } else { if (!defined('AREA')) { die('Access denied'); } $_order_id = $order_info['repaid'] ? $order_id . '_' . $order_info['repaid'] : $order_id; $s_id = Session::get_id(); $sess_name = SESS_NAME; $card_holder = $processor_data['params']['test'] == $mode_test_declined ? $card_holder_for_declined_test : $order_info['b_firstname'] . ' ' . $order_info['b_lastname']; $test_mode_id = $processor_data['params']['test'] == $mode_test_declined ? $mode_test : $processor_data['params']['test']; echo <<<EOT <html> <body onLoad="javascript: document.process.submit();"> <form method="post" action="https://secure.wp3.rbsworldpay.com/wcc/purchase" name="process"> \t<input type="hidden" name="instId" value="{$processor_data['params']['account_id']}" /> \t<input type="hidden" name="cartId" value="{$_order_id}" /> \t<input type="hidden" name="amount" value="{$order_info['total']}" /> \t<input type="hidden" name="currency" value="{$processor_data['params']['currency']}" /> \t<input type="hidden" name="testMode" value="{$test_mode_id}" /> \t<input type="hidden" name="authMode" value="{$processor_data['params']['authmode']}" /> \t<input type="hidden" name="name" value="{$card_holder}" /> \t<input type="hidden" name="tel" value="{$order_info['phone']}" />
echo "</td><td><strong>" . $set->get_name() . "</strong><br /><span class=\"description\">" . $set->get_description() . "</span></td>"; $station_aw = DigiplayDB::select("val FROM configuration WHERE parameter = 'station_aw_set' AND location = '1'"); if (!($set->get_id() == (int) $station_aw)) { if ($set->user_can_delete() || Session::is_group_user('Audiowalls Admin')) { echo "<td class=\"delete-aw-btn\" data-aw-name=\"" . $set->get_name() . "\" data-dps-set-id=\"" . $set->get_id() . "\" style=\"width:65px\"><a href=\"#\" class=\"btn btn-danger\">Delete</a></td>"; } else { echo "<td style=\"width:65px\"></td>"; } } else { echo "<td style=\"width:65px\"></td>"; } if ($set->user_can_edit() || Session::is_group_user('Audiowalls Admin')) { echo "<td style=\"width:65px\"><a href=\"edit.php?id=" . $set->get_id() . "\" class=\"btn btn-primary\">Edit</a></td>"; } else { echo "<td style=\"width:65px\"></td>"; } echo "<td style=\"width:185px\">"; if ($set->get_id() == $active) { echo "<a href=\"#\" class=\"btn btn-success disabled\" id=\"active-aw\" data-user-id=\"" . Session::get_id() . "\" onclick=\"javascript: return false;\">Active Personal Audiowall</a>"; } else { echo "<a href=\"#\" data-aw-id=\"" . $set->get_id() . "\" class=\"btn btn-default set-personal-audiowall\" onclick=\"javascript: return false;\">Use as Personal Audiowall</a>"; } echo "</td></tr>"; } echo "</tbody></table></div>"; echo Bootstrap::modal("add-audiowall-modal", "\n\t\t<form class=\"form-horizontal\" action=\"?\" method=\"POST\">\n\t\t\t<fieldset>\n\t\t\t\t<div class=\"control-group\">\n\t\t\t\t\t<label class=\"control-label\" for=\"audiowall-name\">Audiowall Name</label>\n\t\t\t\t\t<div class=\"controls\">\n\t\t\t\t\t\t<input type=\"text\" class=\"form-control add_aw_text\" id=\"audiowall-name\" placeholder=\"Enter audiowall title.\">\n\t\t\t\t\t</div>\n\t\t\t\t\t<br>\n\t\t\t\t\t<label class=\"control-label\" for=\"audiowall-description\">Audiowall Description</label>\n\t\t\t\t\t<div class=\"controls\">\n\t\t\t\t\t\t<textarea class=\"form-control add_aw_text\" id=\"audiowall-description\" placeholder=\"Enter audiowall description.\"></textarea>\n\t\t\t\t\t</div>\n\t\t\t\t</div>\n\t\t\t</fieldset>\n\t\t\t<input type=\"hidden\"class=\"update-id\" name=\"updateid\">\n\t\t</form>\n\t", "Create New Audiowall", "<a class=\"btn btn-success\" id=\"create-audiowall\" href=\"#\">Create New Audiowall</a><a class=\"btn btn-default\" data-dismiss=\"modal\">Cancel</a>"); echo "<div id=\"delete-audiowall-modal\" class=\"modal fade\">\n <div class=\"modal-dialog\">\n <div class=\"modal-content\"> \n <div class=\"modal-header\">\n <button type=\"button\" class=\"close\" data-dismiss=\"modal\" aria-hidden=\"true\">×</button><h4 class=\"modal-title\">Delete Audiowall</h4>\n </div>\n <div class=\"modal-body\">\n <div class=\"row\">\n <div class=\"col-md-8\">\n Are you sure you want to delete the page: \n </div>\n <div class=\"col-md-4\" id=\"wall-to-delete\"></div>\n </div>\n <p> </p>\n <div class=\"modal-footer clearfix\">\n <a href=\"#\" class=\"btn btn-primary\">Yes</a>\n <a href=\"#\" class=\"btn btn-danger\">No</a>\n </div>\n </div>\n </div>\n</div>\n</div>"; echo "<script type=\"text/javascript\">\n\t\t\$('.delete-aw-btn').click(function(){\n\t\t\t\$('#wall-to-delete').html(\$(this).data('aw-name'));\n\t\t\t\$('#wall-to-delete').attr('data-dps-aw-set', \$(this).data('dps-set-id'));\n\t\t\t\$('#delete-audiowall-modal').modal('show');\n\t\t});\n\t\t\$('#delete-audiowall-modal .btn-danger').click(function(){\n\t\t\t\$('#delete-audiowall-modal').modal('hide');\n\t\t});\n\t\t\$('#delete-audiowall-modal .btn-primary').click(function(){\n\t\t\t\$('#delete-audiowall-modal .btn-primary').addClass(\"disabled\");\n\t\t\t\$.ajax({\n\t\t\t\turl: '" . LINK_ABS . "ajax/delete-audiowall-set.php',\n\t\t\t\tdata: { setid: \$('#wall-to-delete').attr('data-dps-aw-set') },\n\t\t\t\ttype: 'POST',\n\t\t\t\terror: function(xhr,text,error) {\n\t\t\t\t\tvalue = \$.parseJSON(xhr.responseText);\n\t\t\t\t\talert(value.error);\n\t\t\t\t},\n\t\t\t\tsuccess: function(data,text,xhr) {\n\t\t\t\t\twindow.location.reload(true); \n\t\t\t\t}\n\t\t\t});\n\t\t});\n\t\t</script>\n\t\t"; echo "<script type=\"text/javascript\">\n\t\tboxes = \$('#create');\n\t\tboxes.click(function(){\n\t\t\t\$('#add-audiowall-modal').modal('show');\n\t\t});\n\t\t\n\t\tfunction add_aw() {\n\t\t\tif (\$('#audiowall-description').val() == \"\" || \$('#audiowall-name').val() == \"\") {\n\t\t\t\talert(\"Audiowalls must have both name and description!\");\n\t\t\t\treturn false;\n\t\t\t} else {\n\t\t\t\t\$.ajax({\n\t\t\t\t\turl: '" . LINK_ABS . "ajax/add-audiowall-set.php',\n\t\t\t\t\tdata: { awname: \$('#audiowall-name').val().replace(\"'\", \"''\"), awdescription: \$('#audiowall-description').val().replace(\"'\", \"''\") },\n\t\t\t\t\ttype: 'POST',\n\t\t\t\t\terror: function(xhr,text,error) {\n\t\t\t\t\t\tvalue = \$.parseJSON(xhr.responseText);\n\t\t\t\t\t\talert(value.error);\n\t\t\t\t\t},\n\t\t\t\t\tsuccess: function(data,text,xhr) {\n\t\t\t\t\t\twindow.location.reload(true); \n\t\t\t\t\t}\n\t\t\t\t});\n\t\t\t}\n\t\t\treturn false;\n\t\t}\n\n\t\t\$('#create-audiowall').click(function() {\n\t\t\tadd_aw();\n\t\t});\n\n\t\t\$('.add_aw_text').on('keypress', function(e) {\n \t\t\t\tvar code = (e.keyCode ? e.keyCode : e.which);\n \t\t\t\tif(code == 13) {\n \t\t\t\t\tadd_aw();\n \t\t\t\t\te.preventDefault();\n \t\t\t\t}\n\t\t\t});\t\n</script>"; echo "<script type=\"text/javascript\">\n\t\$('.set-personal-audiowall').click(function(){\n\t\t\t\t\$.ajax({\n\t\t\t\t\turl: '" . LINK_ABS . "ajax/update-audiowall-config.php',\n\t\t\t\t\tdata: { awid: \$(this).attr('data-aw-id'), userid: " . Session::get_id() . "},\n\t\t\t\t\ttype: 'POST',\n\t\t\t\t\terror: function(xhr,text,error) {\n\t\t\t\t\t\tvalue = \$.parseJSON(xhr.responseText);\n\t\t\t\t\t\talert(value.error);\n\t\t\t\t\t},\n\t\t\t\t\tsuccess: function(data,text,xhr) {\n\t\t\t\t\t\twindow.location.reload(true); \n\t\t\t\t\t}\n\t\t\t\t});\n\t\t\t});\n</script>";
// Form a surcharge part of the payment if (!empty($_payment_id)) { $_data = db_get_row("SELECT a_surcharge, p_surcharge FROM ?:payments WHERE payment_id = ?i", $_payment_id); $cart['payment_surcharge'] = 0; if (floatval($_data['a_surcharge'])) { $cart['payment_surcharge'] += $_data['a_surcharge']; } if (floatval($_data['p_surcharge'])) { $cart['payment_surcharge'] += fn_format_price($cart['total'] * $_data['p_surcharge'] / 100); } if (!empty($cart['payment_surcharge'])) { $_items .= "\n\t\t\t <item>\n\t\t\t\t<item-name>" . fn_get_lang_var('surcharge') . "</item-name>\n\t\t\t\t<item-description>" . fn_get_lang_var('surcharge_for_the_payment') . "</item-description>\n\t\t\t\t<unit-price currency='" . $_currency . "'>" . $cart['payment_surcharge'] . "</unit-price>\n\t\t\t\t<quantity>1</quantity>\n\t\t\t\t<tax-table-selector>no_tax</tax-table-selector>\n\t\t\t </item>"; } } // The cart in XML format $xml_cart = "<?xml version='1.0' encoding='UTF-8'?>\n\t<checkout-shopping-cart xmlns='http://checkout.google.com/schema/2'>\n\t <shopping-cart>\n\t\t<merchant-private-data>\n\t\t <additional_data>\n\t\t <session_id>" . Session::get_id() . "</session_id>\n\t\t <currency_code>" . $_currency . "</currency_code>" . $private_ship_data . "</additional_data>\n\t\t</merchant-private-data>\n\t\t<items>" . $_items . "</items>\n\t </shopping-cart>\n\t <checkout-flow-support>\n\t\t<merchant-checkout-flow-support>\n\t\t <platform-id>971865505315434</platform-id>\n\t\t <request-buyer-phone-number>true</request-buyer-phone-number>\n\t\t <edit-cart-url>" . $edit_cart_url . "</edit-cart-url>\n\t\t <merchant-calculations>\n\t\t\t<merchant-calculations-url>" . $calculation_url . "</merchant-calculations-url>\n\t\t\t" . fn_google_coupons_calculation($cart) . "\n\t\t </merchant-calculations>\n\t\t <continue-shopping-url>" . $return_url . "</continue-shopping-url>\n\t\t" . $shippings . $taxes . "\n\t\t</merchant-checkout-flow-support>\n\t </checkout-flow-support>\n\t</checkout-shopping-cart>"; $signature = fn_calc_hmac_sha1($xml_cart, $processor_data['params']['merchant_key']); $b64_cart = base64_encode($xml_cart); $b64_signature = base64_encode($signature); $checkout_buttons[] = ' <html> <body> <form method="post" action="' . $checkout_url . '" name="BB_BuyButtonForm"> <input type="hidden" name="cart" value="' . $b64_cart . '" /> <input type="hidden" name="signature" value="' . $b64_signature . '" /> <input alt="" src="' . $base_domain . '/buttons/checkout.gif?merchant_id=' . $processor_data['params']['merchant_id'] . '&w=160&h=43&style=' . $processor_data['params']['button_type'] . '&variant=text&loc=en_US" type="image"/> </form> </body> </html>'; } //
/** * Generate security hash to protect forms from CRSF attacks * * @return string salted hash */ function fn_generate_security_hash() { if (empty($_SESSION['security_hash'])) { $_SESSION['security_hash'] = md5($config['crypt_key'] . Session::get_id()); } return $_SESSION['security_hash']; }
<?php $fault = new Fault(); // Get the current users ID for the submission $fault->set_author(Session::get_id()); // Grab content $fault->set_content($_REQUEST['content']); // Set default status to unread $fault->set_status(1); // Current time and date added to record $fault->set_postdate(time()); $fault->save(); if (Errors::occured()) { http_response_code(400); exit(json_encode(array("error" => "Something went wrong. You may have discovered a bug!", "detail" => Errors::report("array")))); Errors::clear(); } else { exit(json_encode(array('response' => 'success', 'id' => $fault->get_id()))); }
} elseif ($mode == 'finish') { $order_info = fn_get_order_info($order_id); if ($order_info['status'] == 'O') { $pp_response = array(); $pp_response['order_status'] = 'F'; $pp_response['reason_text'] = fn_get_lang_var('merchant_response_was_not_received'); $pp_response['transaction_id'] = ''; fn_finish_payment($order_id, $pp_response); } fn_order_placement_routines($order_id, false); } } } else { $current_location = Registry::get('config.current_location'); $lang_code = CART_LANGUAGE == 'TH' ? 'TH' : 'EN'; $sess = '&' . SESS_NAME . '=' . Session::get_id(); $_SESSION['thaiepay_refno'] = $order_id; echo <<<EOT <html> <body onLoad="document.process.submit();"> <form method="post" action="https://www.thaiepay.com/epaylink/payment.aspx" name="process"> \t<input type="hidden" name="refno" value="{$order_id}"> \t<input type="hidden" name="merchantid" value="{$processor_data['params']['merchantid']}"> \t<input type="hidden" name="customeremail" value="{$order_info['email']}"> \t<input type="hidden" name="productdetail" value="{$processor_data['params']['details']}"> \t<input type="hidden" name="total" value="{$order_info['total']}"> \t<input type="hidden" name="cc" value="{$processor_data['params']['currency']}"> \t<input type="hidden" name="lang" value="{$lang_code}"> \t<input type="hidden" name="returnurl" value="{$current_location}/{$index_script}?dispatch=payment_notification.finish&payment=thaiepay&refno={$order_id}{$sess}"> EOT; $msg = fn_get_lang_var('text_cc_processor_connection');
$view->assign('user_types', fn_get_user_types()); $view->assign('countries', fn_get_countries(CART_LANGUAGE, true)); $view->assign('states', fn_get_all_states()); $view->assign('usergroups', fn_get_usergroups('F', DESCR_SL)); } elseif ($mode == 'act_as_user') { if (fn_is_restricted_admin($_REQUEST) == true) { return array(CONTROLLER_STATUS_DENIED); } $condition = fn_get_company_condition(); $user_data = db_get_row("SELECT * FROM ?:users WHERE user_id = ?i {$condition}", $_REQUEST['user_id']); if (!empty($user_data)) { $user_type = empty($_REQUEST['area']) ? $user_data['user_type'] == 'A' ? 'A' : 'C' : $_REQUEST['area']; // 'area' variable was used for loging in to the area different from the user type. $sess_data = array('auth' => fn_fill_auth($user_data, array(), true, $user_type)); fn_init_user_session_data($sess_data, $_REQUEST['user_id']); Session::save(Session::get_id(), $sess_data, $user_type); return array(CONTROLLER_STATUS_REDIRECT, $user_type == 'A' ? Registry::get('config.admin_index') : Registry::get('config.customer_index')); } } elseif ($mode == 'picker') { $params = $_REQUEST; $params['exclude_user_types'] = array('A', 'S'); $params['skip_view'] = 'Y'; list($users, $search) = fn_get_users($params, $auth, Registry::get('settings.Appearance.admin_elements_per_page')); $view->assign('users', $users); $view->assign('search', $search); $view->assign('countries', fn_get_countries(CART_LANGUAGE, true)); $view->assign('states', fn_get_all_states()); $view->assign('usergroups', fn_get_usergroups('F', CART_LANGUAGE)); $view->display('pickers/users_picker_contents.tpl'); exit; } elseif ($mode == 'update' || $mode == 'add') {