function generate_cart_id($length = 5)
{
return Hash::getRandomString($length, 'digits');
}
function before_process()
{
global $sagepay_server_transaction_details, $order, $order_totals;
$OSCOM_Db = Registry::get('Db');
$sagepay_server_transaction_details = null;
$error = null;
if (isset($_GET['check']) && $_GET['check'] == 'PROCESS') {
if (isset($_GET['skcode']) && isset($_SESSION['sagepay_server_skey_code']) && $_GET['skcode'] == $_SESSION['sagepay_server_skey_code']) {
$skcode = HTML::sanitize($_GET['skcode']);
$Qsp = $OSCOM_Db->get('sagepay_server_securitykeys', ['verified', 'transaction_details'], ['code' => $skcode], null, 1);
if ($Qsp->fetch() !== false) {
unset($_SESSION['sagepay_server_skey_code']);
$OSCOM_Db->delete('sagepay_server_securitykeys', ['code' => $skcode]);
if ($Qsp->value('verified') == '1') {
$sagepay_server_transaction_details = $Qsp->value('transaction_details');
return true;
}
}
}
} else {
if (!isset($_SESSION['sagepay_server_skey_code'])) {
$_SESSION['sagepay_server_skey_code'] = Hash::getRandomString(16);
}
$params = array('VPSProtocol' => $this->api_version, 'ReferrerID' => 'C74D7B82-E9EB-4FBD-93DB-76F0F551C802', 'Vendor' => substr(MODULE_PAYMENT_SAGE_PAY_SERVER_VENDOR_LOGIN_NAME, 0, 15), 'VendorTxCode' => substr(date('YmdHis') . '-' . $_SESSION['customer_id'] . '-' . $_SESSION['cartID'], 0, 40), 'Amount' => $this->format_raw($order->info['total']), 'Currency' => $_SESSION['currency'], 'Description' => substr(STORE_NAME, 0, 100), 'NotificationURL' => $this->formatURL(OSCOM::link('ext/modules/payment/sage_pay/server.php', 'check=SERVER&skcode=' . $_SESSION['sagepay_server_skey_code'], false)), 'BillingSurname' => substr($order->billing['lastname'], 0, 20), 'BillingFirstnames' => substr($order->billing['firstname'], 0, 20), 'BillingAddress1' => substr($order->billing['street_address'], 0, 100), 'BillingCity' => substr($order->billing['city'], 0, 40), 'BillingPostCode' => substr($order->billing['postcode'], 0, 10), 'BillingCountry' => $order->billing['country']['iso_code_2'], 'BillingPhone' => substr($order->customer['telephone'], 0, 20), 'DeliverySurname' => substr($order->delivery['lastname'], 0, 20), 'DeliveryFirstnames' => substr($order->delivery['firstname'], 0, 20), 'DeliveryAddress1' => substr($order->delivery['street_address'], 0, 100), 'DeliveryCity' => substr($order->delivery['city'], 0, 40), 'DeliveryPostCode' => substr($order->delivery['postcode'], 0, 10), 'DeliveryCountry' => $order->delivery['country']['iso_code_2'], 'DeliveryPhone' => substr($order->customer['telephone'], 0, 20), 'CustomerEMail' => substr($order->customer['email_address'], 0, 255), 'Apply3DSecure' => '0');
$ip_address = HTTP::getIpAddress();
if (ip2long($ip_address) != -1 && ip2long($ip_address) != false) {
$params['ClientIPAddress'] = $ip_address;
}
if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Payment') {
$params['TxType'] = 'PAYMENT';
} elseif (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Deferred') {
$params['TxType'] = 'DEFERRED';
} else {
$params['TxType'] = 'AUTHENTICATE';
}
if ($params['BillingCountry'] == 'US') {
$params['BillingState'] = tep_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], '');
}
if ($params['DeliveryCountry'] == 'US') {
$params['DeliveryState'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], '');
}
if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE != 'Normal') {
$params['Profile'] = 'LOW';
}
$contents = array();
foreach ($order->products as $product) {
$product_name = $product['name'];
if (isset($product['attributes'])) {
foreach ($product['attributes'] as $att) {
$product_name .= '; ' . $att['option'] . '=' . $att['value'];
}
}
$contents[] = str_replace(array(':', "\n", "\r", '&'), '', $product_name) . ':' . $product['qty'] . ':' . $this->format_raw($product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price'] + $product['final_price']) . ':' . $this->format_raw(($product['tax'] / 100 * $product['final_price'] + $product['final_price']) * $product['qty']);
}
foreach ($order_totals as $ot) {
$contents[] = str_replace(array(':', "\n", "\r", '&'), '', strip_tags($ot['title'])) . ':---:---:---:---:' . $this->format_raw($ot['value']);
}
$params['Basket'] = substr(sizeof($contents) . ':' . implode(':', $contents), 0, 7500);
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '=' . urlencode(trim($value)) . '&';
}
if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_SERVER == 'Live') {
$gateway_url = 'https://live.sagepay.com/gateway/service/vspserver-register.vsp';
} else {
$gateway_url = 'https://test.sagepay.com/gateway/service/vspserver-register.vsp';
}
$transaction_response = $this->sendTransactionToGateway($gateway_url, $post_string);
$string_array = explode(chr(10), $transaction_response);
$return = array();
foreach ($string_array as $string) {
if (strpos($string, '=') != false) {
$parts = explode('=', $string, 2);
$return[trim($parts[0])] = trim($parts[1]);
}
}
if ($return['Status'] == 'OK') {
$Qsp = $OSCOM_Db->get('sagepay_server_securitykeys', ['id', 'securitykey'], ['code' => $_SESSION['sagepay_server_skey_code']], null, 1);
if ($Qsp->fetch() !== false) {
if ($Qsp->value('securitykey') != $return['SecurityKey']) {
$OSCOM_Db->save('sagepay_server_securitykeys', ['securitykey' => $return['SecurityKey'], 'date_added' => 'now()'], ['id' => $Qsp->valueInt('id')]);
}
} else {
$OSCOM_Db->save('sagepay_server_securitykeys', ['code' => $_SESSION['sagepay_server_skey_code'], 'securitykey' => $return['SecurityKey'], 'date_added' => 'now()']);
}
if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE == 'Normal') {
HTTP::redirect($return['NextURL']);
} else {
$_SESSION['sage_pay_server_nexturl'] = $return['NextURL'];
OSCOM::redirect('ext/modules/payment/sage_pay/checkout.php');
}
} else {
$error = $this->getErrorMessageNumber($return['StatusDetail']);
$this->sendDebugEmail($return);
}
}
OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . (tep_not_null($error) ? '&error=' . $error : ''));
}
*/
use OSC\OM\Hash;
use OSC\OM\HTML;
use OSC\OM\Mail;
use OSC\OM\OSCOM;
require 'includes/application_top.php';
$OSCOM_Language->loadDefinitions('password_forgotten');
$password_reset_initiated = false;
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$email_address = HTML::sanitize($_POST['email_address']);
$Qcheck = $OSCOM_Db->get('customers', ['customers_firstname', 'customers_lastname', 'customers_id'], ['customers_email_address' => $email_address]);
if ($Qcheck->fetch() !== false) {
$actionRecorder = new actionRecorder('ar_reset_password', $Qcheck->valueInt('customers_id'), $email_address);
if ($actionRecorder->canPerform()) {
$actionRecorder->record();
$reset_key = Hash::getRandomString(40);
$OSCOM_Db->save('customers_info', ['password_reset_key' => $reset_key, 'password_reset_date' => 'now()'], ['customers_info_id' => $Qcheck->valueInt('customers_id')]);
$reset_key_url = OSCOM::link('password_reset.php', 'account=' . urlencode($email_address) . '&key=' . $reset_key, false);
if (strpos($reset_key_url, '&') !== false) {
$reset_key_url = str_replace('&', '&', $reset_key_url);
}
$passwordEmail = new Mail($email_address, $Qcheck->value('customers_firstname') . ' ' . $Qcheck->value('customers_lastname'), STORE_OWNER_EMAIL_ADDRESS, STORE_OWNER, OSCOM::getDef('email_password_reset_subject', ['store_name' => STORE_NAME]));
$passwordEmail->setBodyHTML(OSCOM::getDef('email_password_reset_body_html', ['store_name' => STORE_NAME, 'store_email_address' => STORE_OWNER_EMAIL_ADDRESS, 'reset_url' => $reset_key_url]));
$passwordEmail->setBodyPlain(OSCOM::getDef('email_password_reset_body', ['store_name' => STORE_NAME, 'store_email_address' => STORE_OWNER_EMAIL_ADDRESS, 'reset_url' => $reset_key_url]));
$passwordEmail->send();
$password_reset_initiated = true;
} else {
$actionRecorder->record(false);
$messageStack->add('password_forgotten', OSCOM::getDef('error_action_recorder', ['module_action_recorder_reset_password_minutes' => defined('MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES') ? (int) MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES : 5]));
}
} else {
