function registerTempUser()
{
// No user name or password? Temp user registration
// Let's make a user with a GUID instead of an email address?
$guid = generateGUID();
$result = User::getUserInfo($guid);
while (!empty($result)) {
$guid = generateGUID();
$result = User::getUserInfo($guid);
}
return $guid;
}
function gateway_paypal_payflow($seperator, $sessionid)
{
global $wpdb, $wpsc_cart;
$purchase_log_sql = "SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `sessionid`= " . $sessionid . " LIMIT 1";
$purchase_log = $wpdb->get_results($purchase_log_sql, ARRAY_A);
$fraud = 'NO';
$env = get_option('paypal_payflow_test') ? 'Test' : 'Live';
$user = get_option('paypal_payflow_user');
$password = get_option('paypal_payflow_pass');
$partner = get_option('paypal_payflow_partner');
$vendor = get_option('paypal_payflow_vendor');
$currency = get_option('paypal_payflow_curcode');
if ($env == 'Live') {
$submiturl = 'https://payflowpro.paypal.com';
$PayPalURL = 'https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=';
} else {
$submiturl = 'https://pilot-payflowpro.paypal.com';
$PayPalURL = 'https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=';
}
$cart_sql = "SELECT * FROM `" . WPSC_TABLE_CART_CONTENTS . "` WHERE `purchaseid`='" . $purchase_log[0]['id'] . "'";
$cart = $wpdb->get_results($cart_sql, ARRAY_A);
$member_subtype = get_product_meta($cart[0]['prodid'], 'is_permenant', true);
$member_shiptype = get_product_meta($cart[0]['prodid'], 'membership_length', true);
$member_shiptype = $member_shiptype[0];
$status = get_product_meta($cart[0]['prodid'], 'is_membership', true);
$is_member = $status;
$is_perm = $member_subtype;
$length = $member_shiptype['length'];
$custom = $purchase_log[0]['id'];
if ($_POST['collected_data'][get_option('paypal_form_first_name')] != '') {
$data['first_name'] = urlencode($_POST['collected_data'][get_option('paypal_form_first_name')]);
}
if ($_POST['collected_data'][get_option('paypal_form_last_name')] != '') {
$data['last_name'] = urlencode($_POST['collected_data'][get_option('paypal_form_last_name')]);
}
if ($_POST['collected_data'][get_option('paypal_form_address')] != '') {
$address_rows = explode("\n\r", $_POST['collected_data'][get_option('paypal_form_address')]);
$data['address1'] = urlencode(str_replace(array("\n", "\r"), '', $address_rows[0]));
unset($address_rows[0]);
if ($address_rows != null) {
$data['address2'] = implode(", ", $address_rows);
} else {
$data['address2'] = '';
}
}
if ($_POST['collected_data'][get_option('paypal_form_city')] != '') {
$data['city'] = urlencode($_POST['collected_data'][get_option('paypal_form_city')]);
}
if ($_POST['collected_data'][get_option('paypal_form_state')] != '') {
$data['state'] = $wpdb->get_var("SELECT code FROM `" . WPSC_TABLE_REGION_TAX . "` WHERE id='" . wpsc_get_customer_meta('billing_region') . "'");
}
$customer_billing_country = wpsc_get_customer_meta('billing_country');
if (preg_match("/^[a-zA-Z]{2}\$/", $customer_billing_country)) {
$data['country'] = $customer_billing_country;
}
if (is_numeric($_POST['collected_data'][get_option('paypal_form_post_code')])) {
$data['zip'] = urlencode($_POST['collected_data'][get_option('paypal_form_post_code')]);
}
$email_data = $wpdb->get_results("SELECT `id`,`type` FROM `" . WPSC_TABLE_CHECKOUT_FORMS . "` WHERE `type` IN ('email') AND `active` = '1'", ARRAY_A);
foreach ((array) $email_data as $email) {
$data['email'] = $_POST['collected_data'][$email['id']];
}
if ($_POST['collected_data'][get_option('email_form_field')] != null && $data['email'] == null) {
$data['email'] = $_POST['collected_data'][get_option('email_form_field')];
}
$card_num = $_POST['card_number'];
$cvv2 = $_POST['card_cvv'];
$expiry = $_POST['expiry']['month'] . $_POST['expiry']['year'];
$unique_id = generateGUID();
$fname = $data['first_name'];
$lname = $data['last_name'];
$addr1 = $data['address1'] . $data['address2'];
$addr2 = $data['city'];
$addr3 = $data['state'];
$addr4 = $data['zip'];
$country = $data['country'];
$email = $data['email'];
$amount = wpsc_cart_total(false);
$amount = number_format($amount, 2, '.', '');
if ($is_member[0]) {
switch ($member_shiptype['unit']) {
case 'w':
$member_ship_unit = 'WEEK';
break;
case 'm':
$member_ship_unit = 'MONT';
break;
case 'y':
$member_ship_unit = 'YEAR';
break;
}
$paypal_query_array = array('USER' => $user, 'PROFILENAME' => $fname . $lname . $purchase_log[0]['id'], 'VENDOR' => $vendor, 'PARTNER' => $partner, 'PWD' => $password, 'TENDER' => 'C', 'TRXTYPE' => 'R', 'ACTION' => 'A', 'START' => date('m') . (date('d') + 1) . date('Y'), 'ACCT' => $card_num, 'CVV2' => $cvv2, 'EXPDATE' => $expiry, 'ACCTTYPE' => $card, 'AMT' => $amount, 'CURRENCY' => $currency, 'FIRSTNAME' => $fname, 'LASTNAME' => $lname, 'STREET' => $addr1, 'CITY' => $addr2, 'STATE' => $addr3, 'ZIP' => $addr4, 'COUNTRY' => $country, 'EMAIL' => $email, 'OPTIONALTRX' => 'A', 'OPTIONALTRXAMT' => '0.00', 'CLIENTIP' => $cust_ip, 'COMMENT1' => $custom, 'ORDERDESC' => $fname . $lname . $purchase_log[0]['id'], 'PAYPERIOD' => $member_ship_unit);
foreach ($paypal_query_array as $key => $value) {
if ($key == 'USER') {
$paypal_query .= $key . '[' . strlen($value) . ']=' . $value;
} else {
$paypal_query .= '&' . $key . '[' . strlen($value) . ']=' . $value;
}
}
$response = fetch_data($unique_id, $submiturl, $paypal_query);
response_handler($response, 'NO', $sessionid, $colected_data, 1);
}
if (get_option('paypal_payflow_method') == '0') {
$tender = 'P';
} else {
$tender = 'C';
}
$fname = $data['first_name'];
$lname = $data['last_name'];
$addr1 = $data['address1'] . $data['address2'];
$addr2 = $data['city'];
$addr3 = $data['state'];
$addr4 = $data['zip'];
$country = $data['country'];
$email = $data['email'];
$paypal_query_array = array('USER' => $user, 'VENDOR' => $vendor, 'PARTNER' => $partner, 'PWD' => $password, 'TENDER' => $tender, 'TRXTYPE' => 'S', 'ACCT' => $card_num, 'CVV2' => $cvv2, 'EXPDATE' => $expiry, 'ACCTTYPE' => $card, 'AMT' => $amount, 'CURRENCY' => $currency, 'FIRSTNAME' => $fname, 'LASTNAME' => $lname, 'STREET' => $addr1, 'CITY' => $addr2, 'STATE' => $addr3, 'ZIP' => $addr4, 'COUNTRY' => $country, 'EMAIL' => $email, 'CLIENTIP' => $cust_ip, 'COMMENT1' => $custom, 'COMMENT2' => '', 'INVNUM' => $order_num, 'ORDERDESC' => $desc, 'VERBOSITY' => 'MEDIUM', 'CARDSTART' => $card_start, 'CARDISSUE' => $card_issue);
foreach ($paypal_query_array as $key => $value) {
if ($key == 'USER') {
$paypal_query .= $key . '[' . strlen($value) . ']=' . $value;
} else {
$paypal_query .= '&' . $key . '[' . strlen($value) . ']=' . $value;
}
}
//exit("<pre>".print_r($paypal_query_array,true)."</pre>");
$response = fetch_data($unique_id, $submiturl, $paypal_query);
response_handler($response, 'NO', $sessionid, $colected_data);
exit;
}
function ConfirmPayment($FinalPaymentAmt)
{
/* Gather the information to make the final call to
finalize the PayPal payment. The variable nvpstr
holds the name value pairs
*/
//Format the other parameters that were stored in the session from the previous calls
$token = $_SESSION['token'];
$paymentType = $_SESSION['paymentType'];
$currencyCodeType = $_SESSION['currencyCodeType'];
$payerID = $_SESSION['payer_id'];
$serverName = $_SERVER['SERVER_NAME'];
$nvpstr = "&TENDER=P&ACTION=D";
if ("Sale" == $paymentType) {
$nvpstr .= "&TRXTYPE=S";
} elseif ("Authorization" == $paymentType) {
$nvpstr .= "&TRXTYPE=A";
} else {
$nvpstr .= "&TRXTYPE=S";
}
$nvpstr .= "&TOKEN=" . $token . "&PAYERID=" . $payerID . "&AMT=" . $FinalPaymentAmt;
$nvpstr .= '&CURRENCY=' . $currencyCodeType . '&IPADDRESS=' . $serverName;
// Each part of Express Checkout must have a unique request ID.
// Save it as a session variable in order to avoid duplication
$unique_id = isset($_SESSION['unique_id']) ? $_SESSION['unique_id'] : generateGUID();
$_SESSION['unique_id'] = $unique_id;
/* Make the call to PayPal to finalize payment
If an error occured, show the resulting errors
*/
$resArray = hash_call($nvpstr, $unique_id);
/* Display the API response back to the browser.
If the response from PayPal was a success, display the response parameters'
If the response was an error, display the errors received using APIError.php.
*/
$ack = strtoupper($resArray["RESULT"]);
return $resArray;
}
function createUser($userID, $privilegeID, $accessID, $pwd, $attrs = array(), $site = SITENAME)
{
if (!isset($_SESSION['SESS_PRIVILEGE_ID']) || $_SESSION['SESS_PRIVILEGE_ID'] > ROLE_PRIME) {
$site = SITENAME;
}
if (checkUserID($userID, $site)) {
return array("error" => "UserID Exists");
}
//Check PrivilegeID
$sql = _db(true)->_selectQ(_dbTable("privileges", true), "count(*) as cnt")->_where(array("id" => $privilegeID))->_whereOR("site", [SITENAME, '*']);
$resData = $sql->_GET();
if (!$resData) {
return array("error" => "PrivilegeID Query Error");
} elseif ($resData[0]['cnt'] <= 0) {
return array("error" => "PrivilegeID Not Found For Site");
}
$sql = _db(true)->_selectQ(_dbTable("access", true), "count(*) as cnt")->_where(array("blocked" => 'false', "id" => $accessID))->_whereMulti([["sites", [SITENAME, "FIND"]], ["sites", '*']], "AND", "OR");
$resData = $sql->_GET();
if (!$resData) {
return array("error" => "AccessID Query Error");
} elseif ($resData[0]['cnt'] <= 0) {
return array("error" => "AccessID Not Found For Site");
}
$params = getDefaultParams($userID, $pwd, $privilegeID, $accessID);
//code added by Mita
if (isset($attrs['pwd'])) {
unset($attrs['pwd']);
}
if (isset($attrs['pwd_salt'])) {
unset($attrs['pwd_salt']);
}
//End of Mita's Code
$data = array_merge($params, $attrs);
//If custom guid is there, then no default guid
if (isset($data['guid'])) {
$data['guid'] = generateGUID($data['guid']);
} else {
$data['guid'] = generateGUID($params['guid']);
}
$reqParams = explode(",", getConfig("USER_CREATE_REQUIRED_FIELDS"));
foreach ($reqParams as $vx) {
if (!isset($data[$vx]) || $data[$vx] == null || strlen($data[$vx]) <= 0) {
return array("error" => "Missing Field", "field" => $vx);
}
}
$sql = _db(true)->_insertQ1(_dbTable("users", true), $data);
$res = _dbQuery($sql, true);
if ($res) {
return array("guid" => $data['guid'], "userid" => $data['userid'], "name" => $data['name'], "email" => $data['email'], "status" => "success");
}
$errMsg = _db(true)->get_error();
if (strpos(strtolower("###" . $errMsg), "duplicate") > 2) {
return array("error" => "UserID Duplicate Across Sites");
} else {
return array("error" => "Error In User Creation", "details" => $errMsg);
}
}
/**
*
*
* @param array $params with at least filebase and ext as required keys,
* and licenselines and authorlines as optional keys.
*/
function generateBoilerplate($params)
{
$ext = $params['ext'];
$type = getTemplateType($ext);
if (strlen($type) == 0) {
die("Warning: Bad value for 'ext' - could not look up template type for: {$ext}\n");
}
$output_ext = getExtensionForType($ext);
$mimetype = getMimeForExtension($output_ext);
$filebase = $params['filebase'];
$filename = $filebase . '.' . $output_ext;
// TODO hardcoded hack for prettier templates
$headerext = '.h';
$year = date('Y');
$substitutions = array('YEAR' => $year);
if (array_has_valid_string_for_key('licenselines', $params)) {
$licenseraw = '[LICENSE]' . $params['licenselines'] . '[LICENSE]';
} else {
global $defaultLicense;
$licenseraw = $defaultLicense;
}
if (array_has_valid_string_for_key('authorlines', $params)) {
$authorinfo = $params['authorlines'];
} else {
global $defaultAuthor;
$authorinfo = $defaultAuthor;
}
generateAttachment($filename, $mimetype);
$mysubstitutions = array('YEAR' => $year, 'AUTHORLINES' => doSubstitutions(indentAuthorInfo($authorinfo), $substitutions), 'LICENSELINES' => doSubstitutions(commentLicense($licenseraw), $substitutions), 'DEF' => makeCIdentifier('INCLUDED_' . $filebase . '_' . $output_ext . '_GUID_' . strtoupper(generateGUID())), 'FILEBASE' => $filebase, 'HEADEREXT' => $headerext);
print doSubstitutions(file_get_contents('templates/' . $type . '.tpl', true), $mysubstitutions);
}
$appToEdit = null;
if (isset($_GET['guid'], $_GET['token'], $myappsToken) && md5($myappsToken) === $_GET['token']) {
$matchingApps = getArrayFromSQLQuery($mysqlConn, 'SELECT guid, name, description, category, subcategory, rating, downloads, webicon, publishstate,
appversions.number AS version, appversions.appdata, group_concat(screenshots.imageIndex) AS screenshots FROM apps
LEFT JOIN appversions ON appversions.versionId = (SELECT versionId FROM appversions appver WHERE appver.appGuid = ? ORDER BY appver.versionId DESC LIMIT 1)
LEFT JOIN screenshots ON screenshots.appGuid = ?
WHERE guid = ? AND publisher = ?
GROUP BY guid LIMIT 1', 'ssss', [$_GET['guid'], $_GET['guid'], $_GET['guid'], $_SESSION['user_id']]);
//Get app with user/GUID combination
printAndExitIfTrue(count($matchingApps) != 1, 'Invalid app GUID.');
//Check if there is one app matching attempted GUID/user combination
$appToEdit = $matchingApps[0];
$_SESSION['publish_app_guid' . $guidId] = $appToEdit['guid'];
$_SESSION['user_app_version' . $appToEdit['guid']] = $appToEdit['version'];
} else {
$_SESSION['publish_app_guid' . $guidId] = generateGUID();
}
if (!isset($_SESSION['publish_token' . $_SESSION['publish_app_guid' . $guidId]])) {
$_SESSION['publish_token' . $_SESSION['publish_app_guid' . $guidId]] = uniqid(mt_rand(), true);
}
$editing = isset($appToEdit);
?>
<h1 class="animated bounceInDown text-center"><?php
if (isset($appToEdit)) {
echo 'Updating ' . escapeHTMLChars($appToEdit['name']);
} else {
echo 'Add a new application';
}
?>
</h1>
<br />
