function _process()
{
global $osC_MessageStack, $osC_Database, $osC_Language;
$Qcheck = $osC_Database->query('select customers_id, customers_firstname, customers_lastname, customers_gender, customers_email_address, customers_password from :table_customers where customers_email_address = :customers_email_address limit 1');
$Qcheck->bindTable(':table_customers', TABLE_CUSTOMERS);
$Qcheck->bindValue(':customers_email_address', $_POST['email_address']);
$Qcheck->execute();
if ($Qcheck->numberOfRows() === 1) {
$password = osc_create_random_string(ACCOUNT_PASSWORD);
if (osC_Account::savePassword($password, $Qcheck->valueInt('customers_id'))) {
if (ACCOUNT_GENDER > -1) {
if ($data['gender'] == 'm') {
$email_text = sprintf($osC_Language->get('email_addressing_gender_male'), $Qcheck->valueProtected('customers_lastname')) . "\n\n";
} else {
$email_text = sprintf($osC_Language->get('email_addressing_gender_female'), $Qcheck->valueProtected('customers_lastname')) . "\n\n";
}
} else {
$email_text = sprintf($osC_Language->get('email_addressing_gender_unknown'), $Qcheck->valueProtected('customers_firstname') . ' ' . $Qcheck->valueProtected('customers_lastname')) . "\n\n";
}
$email_text .= sprintf($osC_Language->get('email_password_reminder_body'), getenv('REMOTE_ADDR'), STORE_NAME, $password, STORE_OWNER_EMAIL_ADDRESS);
osc_email($Qcheck->valueProtected('customers_firstname') . ' ' . $Qcheck->valueProtected('customers_lastname'), $Qcheck->valueProtected('customers_email_address'), sprintf($osC_Language->get('email_password_reminder_subject'), STORE_NAME), $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
$osC_MessageStack->add('login', $osC_Language->get('success_password_forgotten_sent'), 'success');
}
osc_redirect(osc_href_link(FILENAME_ACCOUNT, 'login', 'SSL'));
} else {
$osC_MessageStack->add('password_forgotten', $osC_Language->get('error_password_forgotten_no_email_address_found'));
}
}
function _process()
{
global $osC_Language, $osC_MessageStack, $osC_Product;
if (empty($_POST['from_name'])) {
$osC_MessageStack->add('tell_a_friend', $osC_Language->get('error_tell_a_friend_customers_name_empty'));
}
if (!osc_validate_email_address($_POST['from_email_address'])) {
$osC_MessageStack->add('tell_a_friend', $osC_Language->get('error_tell_a_friend_invalid_customers_email_address'));
}
if (empty($_POST['to_name'])) {
$osC_MessageStack->add('tell_a_friend', $osC_Language->get('error_tell_a_friend_friends_name_empty'));
}
if (!osc_validate_email_address($_POST['to_email_address'])) {
$osC_MessageStack->add('tell_a_friend', $osC_Language->get('error_tell_a_friend_invalid_friends_email_address'));
}
if ($osC_MessageStack->size('tell_a_friend') < 1) {
$email_subject = sprintf($osC_Language->get('email_tell_a_friend_subject'), osc_sanitize_string($_POST['from_name']), STORE_NAME);
$email_body = sprintf($osC_Language->get('email_tell_a_friend_intro'), osc_sanitize_string($_POST['to_name']), osc_sanitize_string($_POST['from_name']), $osC_Product->getTitle(), STORE_NAME) . "\n\n";
if (!empty($_POST['message'])) {
$email_body .= osc_sanitize_string($_POST['message']) . "\n\n";
}
$email_body .= sprintf($osC_Language->get('email_tell_a_friend_link'), osc_href_link(FILENAME_PRODUCTS, $osC_Product->getKeyword(), 'NONSSL', false)) . "\n\n" . sprintf($osC_Language->get('email_tell_a_friend_signature'), STORE_NAME . "\n" . HTTP_SERVER . DIR_WS_CATALOG . "\n");
osc_email(osc_sanitize_string($_POST['to_name']), osc_sanitize_string($_POST['to_email_address']), $email_subject, $email_body, osc_sanitize_string($_POST['from_name']), osc_sanitize_string($_POST['from_email_address']));
$osC_MessageStack->add('header', sprintf($osC_Language->get('success_tell_a_friend_email_sent'), $osC_Product->getTitle(), osc_output_string_protected($_POST['to_name'])), 'success');
osc_redirect(osc_href_link(FILENAME_PRODUCTS, $osC_Product->getID()));
}
}
public static function execute(ApplicationAbstract $application)
{
$OSCOM_Database = Registry::get('Database');
$OSCOM_MessageStack = Registry::get('MessageStack');
$Qcheck = $OSCOM_Database->query('select customers_id, customers_firstname, customers_lastname, customers_gender, customers_email_address, customers_password from :table_customers where customers_email_address = :customers_email_address limit 1');
$Qcheck->bindValue(':customers_email_address', $_POST['email_address']);
$Qcheck->execute();
if ($Qcheck->numberOfRows() === 1) {
$password = osc_create_random_string(ACCOUNT_PASSWORD);
if (Account::savePassword($password, $Qcheck->valueInt('customers_id'))) {
if (ACCOUNT_GENDER > -1) {
if ($Qcheck->value('customers_gender') == 'm') {
$email_text = sprintf(OSCOM::getDef('email_addressing_gender_male'), $Qcheck->valueProtected('customers_lastname')) . "\n\n";
} else {
$email_text = sprintf(OSCOM::getDef('email_addressing_gender_female'), $Qcheck->valueProtected('customers_lastname')) . "\n\n";
}
} else {
$email_text = sprintf(OSCOM::getDef('email_addressing_gender_unknown'), $Qcheck->valueProtected('customers_firstname') . ' ' . $Qcheck->valueProtected('customers_lastname')) . "\n\n";
}
$email_text .= sprintf(OSCOM::getDef('email_password_reminder_body'), osc_get_ip_address(), STORE_NAME, $password, STORE_OWNER_EMAIL_ADDRESS);
osc_email($Qcheck->valueProtected('customers_firstname') . ' ' . $Qcheck->valueProtected('customers_lastname'), $Qcheck->valueProtected('customers_email_address'), sprintf(OSCOM::getDef('email_password_reminder_subject'), STORE_NAME), $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
$OSCOM_MessageStack->add('LogIn', OSCOM::getDef('success_password_forgotten_sent'), 'success');
}
osc_redirect(OSCOM::getLink(null, null, 'LogIn', 'SSL'));
} else {
$OSCOM_MessageStack->add('PasswordForgotten', OSCOM::getDef('error_password_forgotten_no_email_address_found'));
}
}
public static function execute(ApplicationAbstract $application)
{
$OSCOM_Customer = Registry::get('Customer');
$OSCOM_NavigationHistory = Registry::get('NavigationHistory');
$OSCOM_MessageStack = Registry::get('MessageStack');
$OSCOM_Service = Registry::get('Service');
$OSCOM_Breadcrumb = Registry::get('Breadcrumb');
if (ALLOW_GUEST_TO_TELL_A_FRIEND == '-1' && $OSCOM_Customer->isLoggedOn() === false) {
$OSCOM_NavigationHistory->setSnapshot();
osc_redirect(OSCOM::getLink(null, 'Account', 'LogIn', 'SSL'));
}
$requested_product = null;
$product_check = false;
if (count($_GET) > 3) {
$requested_product = basename(key(array_slice($_GET, 3, 1, true)));
if ($requested_product == 'Write') {
unset($requested_product);
if (count($_GET) > 4) {
$requested_product = basename(key(array_slice($_GET, 4, 1, true)));
}
}
}
if (isset($requested_product)) {
if (Product::checkEntry($requested_product)) {
$product_check = true;
}
}
if ($product_check === false) {
$application->setPageContent('not_found.php');
return false;
}
Registry::set('Product', new Product($requested_product));
$OSCOM_Product = Registry::get('Product');
if (empty($_POST['from_name'])) {
$OSCOM_MessageStack->add('TellAFriend', OSCOM::getDef('error_tell_a_friend_customers_name_empty'));
}
if (!osc_validate_email_address($_POST['from_email_address'])) {
$OSCOM_MessageStack->add('TellAFriend', OSCOM::getDef('error_tell_a_friend_invalid_customers_email_address'));
}
if (empty($_POST['to_name'])) {
$OSCOM_MessageStack->add('TellAFriend', OSCOM::getDef('error_tell_a_friend_friends_name_empty'));
}
if (!osc_validate_email_address($_POST['to_email_address'])) {
$OSCOM_MessageStack->add('TellAFriend', OSCOM::getDef('error_tell_a_friend_invalid_friends_email_address'));
}
if ($OSCOM_MessageStack->size('TellAFriend') < 1) {
$email_subject = sprintf(OSCOM::getDef('email_tell_a_friend_subject'), osc_sanitize_string($_POST['from_name']), STORE_NAME);
$email_body = sprintf(OSCOM::getDef('email_tell_a_friend_intro'), osc_sanitize_string($_POST['to_name']), osc_sanitize_string($_POST['from_name']), $OSCOM_Product->getTitle(), STORE_NAME) . "\n\n";
if (!empty($_POST['message'])) {
$email_body .= osc_sanitize_string($_POST['message']) . "\n\n";
}
$email_body .= sprintf(OSCOM::getDef('email_tell_a_friend_link'), OSCOM::getLink(null, null, $OSCOM_Product->getKeyword(), 'NONSSL', false)) . "\n\n" . sprintf(OSCOM::getDef('email_tell_a_friend_signature'), STORE_NAME . "\n" . HTTP_SERVER . DIR_WS_CATALOG . "\n");
osc_email(osc_sanitize_string($_POST['to_name']), osc_sanitize_string($_POST['to_email_address']), $email_subject, $email_body, osc_sanitize_string($_POST['from_name']), osc_sanitize_string($_POST['from_email_address']));
$OSCOM_MessageStack->add('header', sprintf(OSCOM::getDef('success_tell_a_friend_email_sent'), $OSCOM_Product->getTitle(), osc_output_string_protected($_POST['to_name'])), 'success');
osc_redirect(OSCOM::getLink(null, null, $OSCOM_Product->getKeyword()));
}
$application->setPageTitle($OSCOM_Product->getTitle());
$application->setPageContent('tell_a_friend.php');
}
public static function execute(ApplicationAbstract $application)
{
$OSCOM_MessageStack = Registry::get('MessageStack');
$name = osc_sanitize_string($_POST['name']);
$email_address = osc_sanitize_string($_POST['email']);
$enquiry = osc_sanitize_string($_POST['enquiry']);
if (osc_validate_email_address($email_address)) {
osc_email(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, OSCOM::getDef('contact_email_subject'), $enquiry, $name, $email_address);
osc_redirect(OSCOM::getLink(null, null, 'Contact&Success'));
} else {
$OSCOM_MessageStack->add('Contact', OSCOM::getDef('field_customer_email_address_check_error'));
}
}
function _process()
{
global $osC_Language, $osC_MessageStack;
$name = osc_sanitize_string($_POST['name']);
$email_address = osc_sanitize_string($_POST['email']);
$enquiry = osc_sanitize_string($_POST['enquiry']);
if (osc_validate_email_address($email_address)) {
osc_email(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, $osC_Language->get('contact_email_subject'), $enquiry, $name, $email_address);
osc_redirect(osc_href_link(FILENAME_INFO, 'contact=success', 'AUTO'));
} else {
$osC_MessageStack->add('contact', $osC_Language->get('field_customer_email_address_check_error'));
}
}
function _process()
{
global $osC_Language, $messageStack;
if (isset($_POST['department_email']) && !empty($_POST['department_email'])) {
$department_email = osc_sanitize_string($_POST['department_email']);
if (!osc_validate_email_address($department_email)) {
$messageStack->add('contact', $osC_Language->get('field_departments_email_error'));
}
} else {
$department_email = STORE_OWNER_EMAIL_ADDRESS;
}
if (isset($_POST['name']) && !empty($_POST['name'])) {
$name = osc_sanitize_string($_POST['name']);
} else {
$messageStack->add('contact', $osC_Language->get('field_customer_name_error'));
}
if (isset($_POST['email']) && !empty($_POST['email'])) {
$email_address = osc_sanitize_string($_POST['email']);
if (!osc_validate_email_address($email_address)) {
$messageStack->add('contact', $osC_Language->get('field_customer_concat_email_error'));
}
} else {
$messageStack->add('contact', $osC_Language->get('field_customer_concat_email_error'));
}
if (isset($_POST['telephone']) && !empty($_POST['telephone'])) {
$telephone = osc_sanitize_string($_POST['telephone']);
}
if (isset($_POST['enquiry']) && !empty($_POST['enquiry'])) {
$enquiry = osc_sanitize_string($_POST['enquiry']);
} else {
$messageStack->add('contact', $osC_Language->get('field_enquiry_error'));
}
if (ACTIVATE_CAPTCHA == '1') {
if (isset($_POST['captcha_code']) && !empty($_POST['captcha_code'])) {
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
$messageStack->add('contact', $osC_Language->get('field_concat_captcha_check_error'));
}
} else {
$messageStack->add('contact', $osC_Language->get('field_concat_captcha_check_error'));
}
}
if ($messageStack->size('contact') === 0) {
osc_email(STORE_OWNER, $department_email, $osC_Language->get('contact_email_subject'), $enquiry . '<br /><br /><br />' . $osC_Language->get('contact_telephone_title') . $telephone, $name, $email_address);
osc_redirect(osc_href_link(FILENAME_INFO, 'contact=success', 'AUTO', true, false));
}
}
function callback()
{
global $osC_Database, $osC_Currencies;
$post_string = 'cmd=_notify-validate&';
foreach ($_POST as $key => $value) {
$post_string .= $key . '=' . urlencode($value) . '&';
}
$post_string = substr($post_string, 0, -1);
$this->_transaction_response = $this->sendTransactionToGateway($this->form_action_url, $post_string);
if (strtoupper(trim($this->_transaction_response)) == 'VERIFIED') {
if (isset($_POST['invoice']) && is_numeric($_POST['invoice']) && $_POST['invoice'] > 0) {
$Qcheck = $osC_Database->query('select orders_status, currency, currency_value from :table_orders where orders_id = :orders_id and customers_id = :customers_id');
$Qcheck->bindTable(':table_orders', TABLE_ORDERS);
$Qcheck->bindInt(':orders_id', $_POST['invoice']);
$Qcheck->bindInt(':customers_id', $_POST['custom']);
$Qcheck->execute();
if ($Qcheck->numberOfRows() > 0) {
$order = $Qcheck->toArray();
$Qtotal = $osC_Database->query('select value from :table_orders_total where orders_id = :orders_id and class = "total" limit 1');
$Qtotal->bindTable(':table_orders_total', TABLE_ORDERS_TOTAL);
$Qtotal->bindInt(':orders_id', $_POST['invoice']);
$Qtotal->execute();
$total = $Qtotal->toArray();
$comment = $_POST['payment_status'] . ' (' . ucfirst($_POST['payer_status']) . '; ' . $osC_Currencies->format($_POST['mc_gross'], false, $_POST['mc_currency']) . ')';
if ($_POST['payment_status'] == 'Pending') {
$comment .= '; ' . $_POST['pending_reason'];
} elseif ($_POST['payment_status'] == 'Reversed' || $_POST['payment_status'] == 'Refunded') {
$comment .= '; ' . $_POST['reason_code'];
}
if ($_POST['mc_gross'] != number_format($total['value'] * $order['currency_value'], $osC_Currencies->getDecimalPlaces($order['currency']))) {
$comment .= '; PayPal transaction value (' . osc_output_string_protected($_POST['mc_gross']) . ') does not match order value (' . number_format($total['value'] * $order['currency_value'], $osC_Currencies->getDecimalPlaces($order['currency'])) . ')';
}
$comments = 'PayPal IPN Verified [' . $comment . ']';
osC_Order::process($_POST['invoice'], $this->order_status, $comments);
}
}
} else {
if (defined('MODULE_PAYMENT_PAYPAL_STANDARD_DEBUG_EMAIL')) {
$email_body = 'PAYPAL_STANDARD_DEBUG_POST_DATA:' . "\n\n";
reset($_POST);
foreach ($_POST as $key => $value) {
$email_body .= $key . '=' . $value . "\n";
}
$email_body .= "\n" . 'PAYPAL_STANDARD_DEBUG_GET_DATA:' . "\n\n";
reset($_GET);
foreach ($_GET as $key => $value) {
$email_body .= $key . '=' . $value . "\n";
}
osc_email('', MODULE_PAYMENT_PAYPAL_STANDARD_DEBUG_EMAIL, 'PayPal IPN Invalid Process', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
}
if (isset($_POST['invoice']) && is_numeric($_POST['invoice']) && $_POST['invoice'] > 0) {
$Qcheck = $osC_Database->query('select orders_id from :table_orders where orders_id=:orders_id and customers_id=:customers_id');
$Qcheck->bindTable(':table_orders', TABLE_ORDERS);
$Qcheck->bindInt('orders_id', $_POST['invoice']);
$Qcheck->bindInt('customers_id', $_POST['custom']);
$Qcheck->execute();
if ($Qcheck->numberOfRows() > 0) {
$comment = $_POST['payment_status'];
if ($_POST['payment_status'] == 'Pending') {
$comment .= '; ' . $_POST['pending_reason'];
} elseif ($_POST['payment_status'] == 'Reversed' || $_POST['payment_status'] == 'Refunded') {
$comment .= '; ' . $_POST['reason_code'];
}
$comments = 'PayPal IPN Invalid [' . $comment . ']';
osC_Order::insertOrderStatusHistory($_POST['invoice'], $this->order_status, $comments);
}
}
}
}
function process()
{
global $osC_Database, $osC_MessageStack, $osC_Customer, $osC_Language, $osC_Currencies, $osC_ShoppingCart, $osC_CreditCard;
$this->_verifyData();
$this->_order_id = osC_Order::insert();
osC_Order::process($this->_order_id, $this->order_status);
$data = array('cc_owner' => $_POST['cc_owner'], 'cc_number' => $_POST['cc_number'], 'cc_expires_month' => $_POST['cc_expires_month'], 'cc_expires_year' => $_POST['cc_expires_year']);
if (!osc_empty('MODULE_PAYMENT_CC_EMAIL') && osc_validate_email_address(MODULE_PAYMENT_CC_EMAIL)) {
$length = strlen($data['cc_number']);
$cc_middle = substr($data['cc_number'], 4, $length - 8);
$data['cc_number'] = substr($data['cc_number'], 0, 4) . str_repeat('X', strlen($data['cc_number']) - 8) . substr($data['cc_number'], -4);
$message = 'Order #' . $this->_order_id . "\n\n" . 'Middle: ' . $cc_middle . "\n\n";
osc_email('', MODULE_PAYMENT_CC_EMAIL, 'Extra Order Info: #' . $this->_order_id, $message, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
}
$osC_XML = new osC_XML($data);
$result = $osC_XML->toXML();
$Qtransaction = $osC_Database->query('insert into :table_orders_transactions_history (orders_id, transaction_code, transaction_return_value, transaction_return_status, date_added) values (:orders_id, :transaction_code, :transaction_return_value, :transaction_return_status, now())');
$Qtransaction->bindTable(':table_orders_transactions_history', TABLE_ORDERS_TRANSACTIONS_HISTORY);
$Qtransaction->bindInt(':orders_id', $this->_order_id);
$Qtransaction->bindInt(':transaction_code', 1);
$Qtransaction->bindValue(':transaction_return_value', $result);
$Qtransaction->bindInt(':transaction_return_status', 1);
$Qtransaction->execute();
}
function _process()
{
global $osC_Language, $messageStack;
if (isset($_POST['name']) && !empty($_POST['name'])) {
$name = osc_sanitize_string($_POST['name']);
} else {
$messageStack->add('bank_receipt', $osC_Language->get('field_customer_name_error'));
}
if (isset($_POST['email']) && !empty($_POST['email'])) {
$email_address = osc_sanitize_string($_POST['email']);
if (!osc_validate_email_address($email_address)) {
$messageStack->add('bank_receipt', $osC_Language->get('field_customer_bank_receipt_email_error'));
}
} else {
$messageStack->add('bank_receipt', $osC_Language->get('field_customer_bank_receipt_email_error'));
}
if (isset($_POST['telephone']) && !empty($_POST['telephone'])) {
$telephone = osc_sanitize_string($_POST['telephone']);
}
if (isset($_POST['amount']) && !empty($_POST['amount'])) {
$amount = osc_sanitize_string($_POST['amount']);
} else {
$messageStack->add('bank_receipt', $osC_Language->get('field_bank_receipt_amount_error'));
}
if (isset($_POST['bankname']) && !empty($_POST['bankname'])) {
$bankname = osc_sanitize_string($_POST['bankname']);
} else {
$messageStack->add('bank_receipt', $osC_Language->get('field_bank_receipt_bankname_error'));
}
if (isset($_POST['receiptnumber']) && !empty($_POST['receiptnumber'])) {
$receiptnumber = osc_sanitize_string($_POST['receiptnumber']);
} else {
$messageStack->add('bank_receipt', $osC_Language->get('field_bank_receipt_receiptnumber_error'));
}
if (isset($_POST['receiptdate_days']) && isset($_POST['receiptdate_months']) && isset($_POST['receiptdate_years'])) {
$receiptdate = $_POST['receiptdate_years'] . '/' . $_POST['receiptdate_months'] . '/' . $_POST['receiptdate_days'];
}
if (isset($_POST['ordernumber']) && !empty($_POST['ordernumber'])) {
$ordernumber = osc_sanitize_string($_POST['ordernumber']);
} else {
$messageStack->add('bank_receipt', $osC_Language->get('field_bank_receipt_ordernumber_error'));
}
if (isset($_POST['description']) && !empty($_POST['description'])) {
$description = osc_sanitize_string($_POST['description']);
}
if (ACTIVATE_CAPTCHA == '1') {
if (isset($_POST['captcha_code']) && !empty($_POST['captcha_code'])) {
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
$messageStack->add('bank_receipt', $osC_Language->get('field_bank_receipt_captcha_check_error'));
}
} else {
$messageStack->add('bank_receipt', $osC_Language->get('field_bank_receipt_captcha_check_error'));
}
}
if ($messageStack->size('bank_receipt') === 0) {
$email_content = "\n\t<center>\n\t<table dir=rtl width=100% height=100% cellpadding=2 cellspacing=1><tr><td style='font-family:tahoma; font-size:12px; ' align=right >\n" . $osC_Language->get('bank_receipt_name_title') . $name . "<br><br>\n" . $osC_Language->get('bank_receipt_telephone_title') . $telephone . "<br><br>\n" . $osC_Language->get('bank_receipt_email_address_title') . $email_address . "<br><br>\n" . $osC_Language->get('bank_receipt_amount_title') . $amount . "<br><br>\n" . $osC_Language->get('bank_receipt_bank_name_title') . $bankname . "<br><br>\n" . $osC_Language->get('bank_receipt_receipt_number_title') . $receiptnumber . "<br><br>\n" . $osC_Language->get('bank_receipt_receipt_date_title') . $receiptdate . "<br><br>\n" . $osC_Language->get('bank_receipt_order_number_title') . $ordernumber . "<br><br>\n" . $osC_Language->get('bank_receipt_description_title') . $description . "<br><br>\n\t</td></tr></table>\n\t</center>\n";
osc_email(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, $osC_Language->get('bank_receipt_email_subject'), $email_content, $name, $email_address);
osc_redirect(osc_href_link(FILENAME_INFO, 'bank_receipt=success', 'AUTO', true, false));
$email_content = '';
}
}
public static function save($id = null, $data, $send_email = true)
{
global $osC_Database, $osC_Language;
$error = false;
$osC_Database->startTransaction();
if (is_numeric($id)) {
$Qcustomer = $osC_Database->query('update :table_customers set customers_gender = :customers_gender, customers_firstname = :customers_firstname, customers_lastname = :customers_lastname, customers_email_address = :customers_email_address, customers_dob = :customers_dob, customers_newsletter = :customers_newsletter, customers_status = :customers_status, date_account_last_modified = :date_account_last_modified where customers_id = :customers_id');
$Qcustomer->bindRaw(':date_account_last_modified', 'now()');
$Qcustomer->bindInt(':customers_id', $id);
} else {
$Qcustomer = $osC_Database->query('insert into :table_customers (customers_gender, customers_firstname, customers_lastname, customers_email_address, customers_dob, customers_newsletter, customers_status, number_of_logons, date_account_created) values (:customers_gender, :customers_firstname, :customers_lastname, :customers_email_address, :customers_dob, :customers_newsletter, :customers_status, :number_of_logons, :date_account_created)');
$Qcustomer->bindInt(':number_of_logons', 0);
$Qcustomer->bindRaw(':date_account_created', 'now()');
}
$Qcustomer->bindTable(':table_customers', TABLE_CUSTOMERS);
$Qcustomer->bindValue(':customers_gender', $data['gender']);
$Qcustomer->bindValue(':customers_firstname', $data['firstname']);
$Qcustomer->bindValue(':customers_lastname', $data['lastname']);
$Qcustomer->bindValue(':customers_email_address', $data['email_address']);
$Qcustomer->bindValue(':customers_dob', $data['dob_year'] . '-' . $data['dob_month'] . '-' . $data['dob_day'] . ' 00:00:00');
$Qcustomer->bindInt(':customers_newsletter', $data['newsletter']);
$Qcustomer->bindInt(':customers_status', $data['status']);
$Qcustomer->setLogging($_SESSION['module'], $id);
$Qcustomer->execute();
if (!$osC_Database->isError()) {
if (!empty($data['password'])) {
$customer_id = !empty($id) ? $id : $osC_Database->nextID();
$Qpassword = $osC_Database->query('update :table_customers set customers_password = :customers_password where customers_id = :customers_id');
$Qpassword->bindTable(':table_customers', TABLE_CUSTOMERS);
$Qpassword->bindValue(':customers_password', osc_encrypt_string(trim($data['password'])));
$Qpassword->bindInt(':customers_id', $customer_id);
$Qpassword->setLogging($_SESSION['module'], $customer_id);
$Qpassword->execute();
if ($osC_Database->isError()) {
$error = true;
}
}
}
if ($error === false) {
$osC_Database->commitTransaction();
if ($send_email === true) {
if (empty($id)) {
$full_name = trim($data['firstname'] . ' ' . $data['lastname']);
$email_text = '';
if (ACCOUNT_GENDER > -1) {
if ($data['gender'] == 'm') {
$email_text .= sprintf($osC_Language->get('email_greet_mr'), trim($data['lastname'])) . "\n\n";
} else {
$email_text .= sprintf($osC_Language->get('email_greet_ms'), trim($data['lastname'])) . "\n\n";
}
} else {
$email_text .= sprintf($osC_Language->get('email_greet_general'), $full_name) . "\n\n";
}
$email_text .= sprintf($osC_Language->get('email_text'), STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, trim($data['password']));
osc_email($full_name, $data['email_address'], $osC_Language->get('email_subject'), $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
}
}
return true;
}
$osC_Database->rollbackTransaction();
return false;
}
/**
* Stores a new customer account entry in the database
*
* @param array $data An array containing the customers information
* @access public
* @return boolean
*/
public static function createEntry($data)
{
global $osC_Database, $osC_Session, $osC_Language, $osC_ShoppingCart, $osC_Customer, $osC_NavigationHistory;
$Qcustomer = $osC_Database->query('insert into :table_customers (customers_firstname, customers_lastname, customers_email_address, customers_newsletter, customers_status, customers_ip_address, customers_password, customers_gender, customers_dob, number_of_logons, date_account_created) values (:customers_firstname, :customers_lastname, :customers_email_address, :customers_newsletter, :customers_status, :customers_ip_address, :customers_password, :customers_gender, :customers_dob, :number_of_logons, :date_account_created)');
$Qcustomer->bindTable(':table_customers', TABLE_CUSTOMERS);
$Qcustomer->bindValue(':customers_firstname', $data['firstname']);
$Qcustomer->bindValue(':customers_lastname', $data['lastname']);
$Qcustomer->bindValue(':customers_email_address', $data['email_address']);
$Qcustomer->bindValue(':customers_newsletter', isset($data['newsletter']) && $data['newsletter'] == '1' ? '1' : '');
$Qcustomer->bindValue(':customers_status', '1');
$Qcustomer->bindValue(':customers_ip_address', osc_get_ip_address());
$Qcustomer->bindValue(':customers_password', osc_encrypt_string($data['password']));
$Qcustomer->bindValue(':customers_gender', ACCOUNT_GENDER > -1 && isset($data['gender']) && ($data['gender'] == 'm' || $data['gender'] == 'f') ? $data['gender'] : '');
$Qcustomer->bindValue(':customers_dob', ACCOUNT_DATE_OF_BIRTH == '1' ? date('Ymd', $data['dob']) : '');
$Qcustomer->bindInt(':number_of_logons', 0);
$Qcustomer->bindRaw(':date_account_created', 'now()');
$Qcustomer->execute();
if ($Qcustomer->affectedRows() === 1) {
$customer_id = $osC_Database->nextID();
if (SERVICE_SESSION_REGENERATE_ID == '1') {
$osC_Session->recreate();
}
$osC_Customer->setCustomerData($customer_id);
// restore cart contents
$osC_ShoppingCart->synchronizeWithDatabase();
$osC_NavigationHistory->removeCurrentPage();
// build the welcome email content
if (ACCOUNT_GENDER > -1 && isset($data['gender'])) {
if ($data['gender'] == 'm') {
$email_text = sprintf($osC_Language->get('email_addressing_gender_male'), $osC_Customer->getLastName()) . "\n\n";
} else {
$email_text = sprintf($osC_Language->get('email_addressing_gender_female'), $osC_Customer->getLastName()) . "\n\n";
}
} else {
$email_text = sprintf($osC_Language->get('email_addressing_gender_unknown'), $osC_Customer->getName()) . "\n\n";
}
$email_text .= sprintf($osC_Language->get('email_create_account_body'), STORE_NAME, STORE_OWNER_EMAIL_ADDRESS);
osc_email($osC_Customer->getName(), $osC_Customer->getEmailAddress(), sprintf($osC_Language->get('email_create_account_subject'), STORE_NAME), $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
return true;
}
return false;
}
function sendEmail($id)
{
global $osC_Database, $osC_Language, $osC_Currencies;
$Qorder = $osC_Database->query('select * from :table_orders where orders_id = :orders_id limit 1');
$Qorder->bindTable(':table_orders', TABLE_ORDERS);
$Qorder->bindInt(':orders_id', $id);
$Qorder->execute();
if ($Qorder->numberOfRows() === 1) {
$email_order = STORE_NAME . "\n" . $osC_Language->get('email_order_separator') . "\n" . sprintf($osC_Language->get('email_order_order_number'), $id) . "\n" . sprintf($osC_Language->get('email_order_invoice_url'), osc_href_link(FILENAME_ACCOUNT, 'orders=' . $id, 'SSL', false, true, true)) . "\n" . sprintf($osC_Language->get('email_order_date_ordered'), osC_DateTime::getLong()) . "\n\n" . $osC_Language->get('email_order_products') . "\n" . $osC_Language->get('email_order_separator') . "\n";
$Qproducts = $osC_Database->query('select orders_products_id, products_model, products_name, products_price, products_tax, products_quantity from :table_orders_products where orders_id = :orders_id order by orders_products_id');
$Qproducts->bindTable(':table_orders_products', TABLE_ORDERS_PRODUCTS);
$Qproducts->bindInt(':orders_id', $id);
$Qproducts->execute();
while ($Qproducts->next()) {
$email_order .= $Qproducts->valueInt('products_quantity') . ' x ' . $Qproducts->value('products_name') . ' (' . $Qproducts->value('products_model') . ') = ' . $osC_Currencies->displayPriceWithTaxRate($Qproducts->value('products_price'), $Qproducts->value('products_tax'), $Qproducts->valueInt('products_quantity'), false, $Qorder->value('currency'), $Qorder->value('currency_value')) . "\n";
$Qvariants = $osC_Database->query('select group_title, value_title from :table_orders_products_variants where orders_id = :orders_id and orders_products_id = :orders_products_id order by id');
$Qvariants->bindTable(':table_orders_products_variants', TABLE_ORDERS_PRODUCTS_VARIANTS);
$Qvariants->bindInt(':orders_id', $id);
$Qvariants->bindInt(':orders_products_id', $Qproducts->valueInt('orders_products_id'));
$Qvariants->execute();
while ($Qvariants->next()) {
$email_order .= "\t" . $Qvariants->value('group_title') . ': ' . $Qvariants->value('value_title') . "\n";
}
}
unset($Qproducts);
unset($Qvariants);
$email_order .= $osC_Language->get('email_order_separator') . "\n";
$Qtotals = $osC_Database->query('select title, text from :table_orders_total where orders_id = :orders_id order by sort_order');
$Qtotals->bindTable(':table_orders_total', TABLE_ORDERS_TOTAL);
$Qtotals->bindInt(':orders_id', $id);
$Qtotals->execute();
while ($Qtotals->next()) {
$email_order .= strip_tags($Qtotals->value('title') . ' ' . $Qtotals->value('text')) . "\n";
}
unset($Qtotals);
if (osc_empty($Qorder->value('delivery_name')) === false && osc_empty($Qorder->value('delivery_street_address')) === false) {
$address = array('name' => $Qorder->value('delivery_name'), 'company' => $Qorder->value('delivery_company'), 'street_address' => $Qorder->value('delivery_street_address'), 'suburb' => $Qorder->value('delivery_suburb'), 'city' => $Qorder->value('delivery_city'), 'state' => $Qorder->value('delivery_state'), 'zone_code' => $Qorder->value('delivery_state_code'), 'country_title' => $Qorder->value('delivery_country'), 'country_iso2' => $Qorder->value('delivery_country_iso2'), 'country_iso3' => $Qorder->value('delivery_country_iso3'), 'postcode' => $Qorder->value('delivery_postcode'), 'format' => $Qorder->value('delivery_address_format'));
$email_order .= "\n" . $osC_Language->get('email_order_delivery_address') . "\n" . $osC_Language->get('email_order_separator') . "\n" . osC_Address::format($address) . "\n";
unset($address);
}
$address = array('name' => $Qorder->value('billing_name'), 'company' => $Qorder->value('billing_company'), 'street_address' => $Qorder->value('billing_street_address'), 'suburb' => $Qorder->value('billing_suburb'), 'city' => $Qorder->value('billing_city'), 'state' => $Qorder->value('billing_state'), 'zone_code' => $Qorder->value('billing_state_code'), 'country_title' => $Qorder->value('billing_country'), 'country_iso2' => $Qorder->value('billing_country_iso2'), 'country_iso3' => $Qorder->value('billing_country_iso3'), 'postcode' => $Qorder->value('billing_postcode'), 'format' => $Qorder->value('billing_address_format'));
$email_order .= "\n" . $osC_Language->get('email_order_billing_address') . "\n" . $osC_Language->get('email_order_separator') . "\n" . osC_Address::format($address) . "\n\n";
unset($address);
$Qstatus = $osC_Database->query('select orders_status_name from :table_orders_status where orders_status_id = :orders_status_id and language_id = :language_id');
$Qstatus->bindTable(':table_orders_status', TABLE_ORDERS_STATUS);
$Qstatus->bindInt(':orders_status_id', $Qorder->valueInt('orders_status'));
$Qstatus->bindInt(':language_id', $osC_Language->getID());
$Qstatus->execute();
$email_order .= sprintf($osC_Language->get('email_order_status'), $Qstatus->value('orders_status_name')) . "\n" . $osC_Language->get('email_order_separator') . "\n";
unset($Qstatus);
$Qstatuses = $osC_Database->query('select date_added, comments from :table_orders_status_history where orders_id = :orders_id and comments != "" order by orders_status_history_id');
$Qstatuses->bindTable(':table_orders_status_history', TABLE_ORDERS_STATUS_HISTORY);
$Qstatuses->bindInt(':orders_id', $id);
$Qstatuses->execute();
while ($Qstatuses->next()) {
$email_order .= osC_DateTime::getLong($Qstatuses->value('date_added')) . "\n\t" . wordwrap(str_replace("\n", "\n\t", $Qstatuses->value('comments')), 60, "\n\t", 1) . "\n\n";
}
unset($Qstatuses);
// if (is_object($GLOBALS[$payment])) {
// $email_order .= $osC_Language->get('email_order_payment_method') . "\n" .
// $osC_Language->get('email_order_separator') . "\n";
// $email_order .= $osC_ShoppingCart->getBillingMethod('title') . "\n\n";
// if (isset($GLOBALS[$payment]->email_footer)) {
// $email_order .= $GLOBALS[$payment]->email_footer . "\n\n";
// }
// }
osc_email($Qorder->value('customers_name'), $Qorder->value('customers_email_address'), $osC_Language->get('email_order_subject'), $email_order, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
// send emails to other people
if (SEND_EXTRA_ORDER_EMAILS_TO != '') {
osc_email('', SEND_EXTRA_ORDER_EMAILS_TO, $osC_Language->get('email_order_subject'), $email_order, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
}
}
unset($Qorder);
}
protected function sendDebugEmail()
{
if (strlen(MODULE_PAYMENT_PAYPAL_EXPRESS_CHECKOUT_DEBUG_EMAIL) > 0) {
$email_body = '$_POST:' . "\n\n";
foreach ($_POST as $key => $value) {
$email_body .= $key . '=' . $value . "\n";
}
$email_body .= "\n" . '$_GET:' . "\n\n";
foreach ($_GET as $key => $value) {
$email_body .= $key . '=' . $value . "\n";
}
osc_email('', MODULE_PAYMENT_PAYPAL_EXPRESS_CHECKOUT_DEBUG_EMAIL, 'PayPal Express Debug E-Mail', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
}
}
function _updateStatus($id, $data)
{
global $osC_Database, $osC_Language, $orders_status_array;
$error = false;
$osC_Database->startTransaction();
$Qorder = $osC_Database->query('select customers_name, customers_email_address, orders_status, date_purchased from :table_orders where orders_id = :orders_id');
$Qorder->bindTable(':table_orders', TABLE_ORDERS);
$Qorder->bindInt(':orders_id', $id);
$Qorder->execute();
$Qupdate = $osC_Database->query('update :table_orders set orders_status = :orders_status, last_modified = now() where orders_id = :orders_id');
$Qupdate->bindTable(':table_orders', TABLE_ORDERS);
$Qupdate->bindInt(':orders_status', $data['status_id']);
$Qupdate->bindInt(':orders_id', $id);
$Qupdate->setLogging($_SESSION['module'], $id);
$Qupdate->execute();
if (!$osC_Database->isError()) {
if ($data['notify_customer'] === true) {
$email_body = sprintf($osC_Language->get('email_body'), STORE_NAME, $id, osc_href_link(FILENAME_CATALOG_ACCOUNT_HISTORY_INFO, 'order_id=' . $id, 'SSL', false, false, true), osC_DateTime::getLong($Qorder->value('date_purchased'))) . "\n\n";
if ($data['append_comment'] === true) {
$email_body .= sprintf($osC_Language->get('email_body_comment'), $data['comment']) . "\n\n";
}
$email_body .= sprintf($osC_Language->get('email_body_status'), $orders_status_array[$data['status_id']]) . "\n\n" . $osC_Language->get('email_body_contact');
osc_email($Qorder->value('customers_name'), $Qorder->value('customers_email_address'), sprintf($osC_Language->get('email_subject'), STORE_NAME), $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
}
$Qupdate = $osC_Database->query('insert into :table_orders_status_history (orders_id, orders_status_id, date_added, customer_notified, comments) values (:orders_id, :orders_status_id, now(), :customer_notified, :comments)');
$Qupdate->bindTable(':table_orders_status_history', TABLE_ORDERS_STATUS_HISTORY);
$Qupdate->bindInt(':orders_id', $id);
$Qupdate->bindInt(':orders_status_id', $data['status_id']);
$Qupdate->bindInt(':customer_notified', $data['notify_customer'] === true ? '1' : '0');
$Qupdate->bindValue(':comments', $data['comment']);
$Qupdate->setLogging($_SESSION['module'], $id);
$Qupdate->execute();
if ($osC_Database->isError()) {
$error = true;
}
} else {
$error = true;
}
if ($error === false) {
$osC_Database->commitTransaction();
return true;
}
$osC_Database->rollbackTransaction();
return false;
}
function callback()
{
global $osC_Database, $osC_Currencies, $osC_Language;
$post_string = 'cmd=_notify-validate&';
foreach ($_POST as $key => $value) {
$post_string .= $key . '=' . urlencode($value) . '&';
}
$post_string = substr($post_string, 0, -1);
$this->_transaction_response = $this->sendTransactionToGateway($this->form_action_url, $post_string);
if (strtoupper(trim($this->_transaction_response)) == 'VERIFIED') {
if (isset($_POST['invoice']) && is_numeric($_POST['invoice']) && $_POST['invoice'] > 0) {
$Qcheck = $osC_Database->query('select orders_status, currency, currency_value from :table_orders where orders_id = :orders_id and customers_id = :customers_id');
$Qcheck->bindTable(':table_orders', TABLE_ORDERS);
$Qcheck->bindInt(':orders_id', $_POST['invoice']);
$Qcheck->bindInt(':customers_id', $_POST['custom']);
$Qcheck->execute();
if ($Qcheck->numberOfRows() > 0) {
$order = $Qcheck->toArray();
$Qtotal = $osC_Database->query('select value from :table_orders_total where orders_id = :orders_id and class = "total" limit 1');
$Qtotal->bindTable(':table_orders_total', TABLE_ORDERS_TOTAL);
$Qtotal->bindInt(':orders_id', $_POST['invoice']);
$Qtotal->execute();
$total = $Qtotal->toArray();
$comment_status = $_POST['payment_status'] . ' (' . ucfirst($_POST['payer_status']) . '; ' . $osC_Currencies->format($_POST['mc_gross'], false, $_POST['mc_currency']) . ')';
if ($_POST['payment_status'] == 'Pending') {
$comment_status .= '; ' . $_POST['pending_reason'];
} elseif ($_POST['payment_status'] == 'Reversed' || $_POST['payment_status'] == 'Refunded') {
$comment_status .= '; ' . $_POST['reason_code'];
}
if ($_POST['mc_gross'] != number_format($total['value'] * $order['currency_value'], $osC_Currencies->getDecimalPlaces($order['currency']))) {
$comment_status .= '; PayPal transaction value (' . osc_output_string_protected($_POST['mc_gross']) . ') does not match order value (' . number_format($total['value'] * $order['currency_value'], $osC_Currencies->getDecimalPlaces($order['currency'])) . ')';
}
$comments = 'PayPal IPN Verified [' . $comment_status . ']';
osC_Order::process($_POST['invoice'], $this->order_status, $comments);
$Qtransaction = $osC_Database->query('insert into :table_orders_transactions_history (orders_id, transaction_code, transaction_return_value, transaction_return_status, date_added) values (:orders_id, :transaction_code, :transaction_return_value, :transaction_return_status, now())');
$Qtransaction->bindTable(':table_orders_transactions_history', TABLE_ORDERS_TRANSACTIONS_HISTORY);
$Qtransaction->bindInt(':orders_id', $_POST['invoice']);
$Qtransaction->bindInt(':transaction_code', 1);
$Qtransaction->bindValue(':transaction_return_value', $this->_transaction_response);
$Qtransaction->bindInt(':transaction_return_status', 1);
$Qtransaction->execute();
$Qtransaction->freeResult();
}
}
} else {
if (defined('MODULE_PAYMENT_PAYPAL_STANDARD_DEBUG_EMAIL')) {
$email_body = 'PAYPAL_STANDARD_DEBUG_POST_DATA:' . "\n\n";
reset($_POST);
foreach ($_POST as $key => $value) {
$email_body .= $key . '=' . $value . "\n";
}
$email_body .= "\n" . 'PAYPAL_STANDARD_DEBUG_GET_DATA:' . "\n\n";
reset($_GET);
foreach ($_GET as $key => $value) {
$email_body .= $key . '=' . $value . "\n";
}
osc_email('', MODULE_PAYMENT_PAYPAL_STANDARD_DEBUG_EMAIL, 'PayPal IPN Invalid Process', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
}
if (isset($_POST['invoice']) && is_numeric($_POST['invoice']) && $_POST['invoice'] > 0) {
$Qcheck = $osC_Database->query('select orders_id from :table_orders where orders_id=:orders_id and customers_id=:customers_id');
$Qcheck->bindTable(':table_orders', TABLE_ORDERS);
$Qcheck->bindInt('orders_id', $_POST['invoice']);
$Qcheck->bindInt('customers_id', $_POST['custom']);
$Qcheck->execute();
if ($Qcheck->numberOfRows() > 0) {
$comment_status = $_POST['payment_status'];
if ($_POST['payment_status'] == 'Pending') {
$comment_status .= '; ' . $_POST['pending_reason'];
} elseif ($_POST['payment_status'] == 'Reversed' || $_POST['payment_status'] == 'Refunded') {
$comment_status .= '; ' . $_POST['reason_code'];
}
$comments = 'PayPal IPN Invalid [' . $comment_status . ']';
osC_Order::insertOrderStatusHistory($_POST['invoice'], $this->order_status, $comments);
}
}
//process the transaction history
$Qtransaction_status = $osC_Database->query('select count(*) as total from :table_orders_transactions_status where status_name = :status_name');
$Qtransaction_status->bindTable(':table_orders_transactions_status', TABLE_ORDERS_TRANSACTIONS_STATUS);
$Qtransaction_status->bindValue(':status_name', $_POST['payment_status']);
$Qtransaction_status->execute();
$transaction_status = $Qtransaction_status->toArray();
$Qtransaction_status->freeResult();
//verify whether there is already the specific transactions status
if ($transaction_status['total'] == 0) {
//get the max status id
$Qtransaction_status_max = $osC_Database->query('select max(id) as max_id from :table_orders_transactions_status');
$Qtransaction_status_max->bindTable(':table_orders_transactions_status', TABLE_ORDERS_TRANSACTIONS_STATUS);
$Qtransaction_status_max->execute();
$transaction_status_max = $Qtransaction_status_max->toArray();
$Qtransaction_status_max->freeResult();
//insert the specific transaction status for this module
foreach ($osC_Language->getAll() as $l) {
$Qinsert_transaction_status = $osC_Database->query('insert into :table_orders_transactions_status values (:id, :language_id, :status_name)');
$Qinsert_transaction_status->bindTable(':table_orders_transactions_status', TABLE_ORDERS_TRANSACTIONS_STATUS);
$Qinsert_transaction_status->bindInt(':id', $transaction_status_max['max_id'] + 1);
$Qinsert_transaction_status->bindInt(':language_id', $l['id']);
$Qinsert_transaction_status->bindValue(':status_name', $_POST['payment_status']);
$Qinsert_transaction_status->execute();
}
}
//get the transaction status id
$Qtransaction_satus_id = $osC_Database->query('select id from :table_orders_transactions_status where language_id = :language_id and status_name = :status_name limit 1');
$Qtransaction_satus_id->bindTable(':table_orders_transactions_status', TABLE_ORDERS_TRANSACTIONS_STATUS);
$Qtransaction_satus_id->bindInt(':language_id', $osC_Language->getID());
$Qtransaction_satus_id->bindValue(':status_name', $_POST['payment_status']);
$Qtransaction_satus_id->execute();
$transaction_satus_id = $Qtransaction_satus_id->toArray();
$Qtransaction_satus_id->freeResult();
//insert the order transactions history
$Qtransaction = $osC_Database->query('insert into :table_orders_transactions_history (orders_id, transaction_code, transaction_return_value, transaction_return_status, date_added) values (:orders_id, :transaction_code, :transaction_return_value, :transaction_return_status, now())');
$Qtransaction->bindTable(':table_orders_transactions_history', TABLE_ORDERS_TRANSACTIONS_HISTORY);
$Qtransaction->bindInt(':orders_id', $_POST['invoice']);
$Qtransaction->bindInt(':transaction_code', $transaction_satus_id['id']);
$Qtransaction->bindValue(':transaction_return_value', $this->_transaction_response);
$Qtransaction->bindInt(':transaction_return_status', 1);
$Qtransaction->execute();
$Qtransaction->freeResult();
}
}
function callback()
{
global $osC_Database, $osC_Currencies;
$result = "VERIFIED";
$check = true;
// Validate request
if (!isset($_POST['order_id']) || !is_numeric($_POST['order_id']) || $_POST['order_id'] <= 0) {
$check = false;
$result = 'bad order id';
}
if ($check) {
if (!isset($_POST['invoice_amount'])) {
$check = false;
$result = 'bad amount';
}
}
if ($check) {
if (!isset($_POST['invoice_currency'])) {
$check = false;
$result = 'bad currency';
}
}
if ($check) {
if (!isset($_POST['checksum']) || !isset($_POST['invoice_reference']) || !isset($_POST['invoice_created_at']) || !isset($_POST['invoice_status'])) {
$check = false;
$result = 'missing vatiables';
}
}
if ($check) {
//calc checksum
$sum = http_build_query(array('order_id' => $_POST['order_id'], 'invoice_reference' => $_POST['invoice_reference'], 'invoice_amount' => $_POST['invoice_amount'], 'invoice_currency' => $_POST['invoice_currency'], 'invoice_created_at' => $_POST['invoice_created_at'], 'invoice_status' => $_POST['invoice_status'], 'secret_key' => MODULE_PAYMENT_INPAY_SECRET_KEY), '', "&");
$md5v = md5($sum);
if ($md5v != $_POST['checksum']) {
$check = false;
$result = 'bad checksum';
}
}
if ($check) {
if (!osC_Order::exists($_POST['order_id'])) {
$check = false;
$result = 'order not found';
}
}
if ($check) {
$Qcheck = $osC_Database->query('select orders_status, currency, currency_value from :table_orders where orders_id = :orders_id');
$Qcheck->bindTable(':table_orders', TABLE_ORDERS);
$Qcheck->bindInt(':orders_id', $_POST['invoice']);
$Qcheck->bindInt(':customers_id', $_POST['custom']);
$Qcheck->execute();
if ($Qcheck->numberOfRows() > 0) {
$order = $Qcheck->toArray();
$Qtotal = $osC_Database->query('select value from :table_orders_total where orders_id = :orders_id and class = "total" limit 1');
$Qtotal->bindTable(':table_orders_total', TABLE_ORDERS_TOTAL);
$Qtotal->bindInt(':orders_id', $_POST['invoice']);
$Qtotal->execute();
$total = $Qtotal->toArray();
if (number_format($_POST['invoice_amount'], $osC_Currencies->getDecimalPlaces($order['currency'])) != number_format($total['value'] * $order['currency_value'], $osC_Currencies->getDecimalPlaces($order['currency']))) {
$check = false;
$result = 'Inpay transaction value (' . osc_output_string_protected($_POST['invoice_amount']) . ') does not match order value (' . number_format($total['value'] * $order['currency_value'], $osC_Currencies->get_decimal_places($order['currency'])) . ')';
}
}
}
if ($check) {
// check status
$delivered_status = 7;
if ($order['orders_status'] == MODULE_PAYMENT_INPAY_COMP_ORDER_STATUS_ID || $order['orders_status'] == $delivered_status) {
$check = false;
$result = 'Status already in level' . $order['orders_status'];
}
}
if ($check) {
$invoice_status = $this->get_invoice_status($_POST);
$check = false;
if (($invoice_status == "pending" || $invoice_status == "created") && ($_POST["invoice_status"] == "pending" || $POST["invoice_status"] == "created")) {
$check = true;
} else {
if ($invoice_status == "approved" && $_POST["invoice_status"] == "approved") {
$check = true;
} else {
if ($invoice_status == "sum_too_low" && $_POST["invoice_status"] == "sum_too_low") {
$check = true;
}
}
}
if (!$check) {
$result = 'Bad invoice status:' . $invoice_status;
}
}
// Validate request end
if ($result == 'VERIFIED') {
$invoice_approved = false;
$invoice_created = false;
$invoice_partial = false;
switch ($_POST['invoice_status']) {
case 'created':
case 'pending':
$msg = "customer has been asked to pay " . $_POST['invoice_amount'] . ' ' . $_POST['invoice_currency'] . ' with reference: ' . $_POST['invoice_reference'] . ' via his online bank';
$order_status_id = MODULE_PAYMENT_INPAY_CREATE_ORDER_STATUS_ID;
$invoice_created = true;
break;
case "approved":
$msg = "Inpay has confirmed that the payment of " . $_POST['invoice_amount'] . " " . $_POST['invoice_currency'] . " has been received";
$order_status_id = MODULE_PAYMENT_INPAY_COMP_ORDER_STATUS_ID;
$invoice_approved = true;
break;
case "sum_too_low":
$msg = "Partial payment received by inpay. Reference: " . $_POST['invoice_reference'];
$order_status_id = MODULE_PAYMENT_INPAY_SUM_TOO_LOW_ORDER_STATUS_ID;
$invoice_partial = true;
break;
}
$comments = 'Inpay ' . ucfirst($_POST['invoice_status']) . '[' . $msg . ']';
if ($invoice_approved || $invoice_created || $invoice_partial) {
osC_Order::process($_POST['order_id'], $order_status_id, $comments);
osC_Order::insertOrderStatusHistory($_POST['order_id'], $order_status_id, $comments);
} else {
if (defined('MODULE_PAYMENT_INPAY_DEBUG_EMAIL')) {
$email_body = 'INPAY_DEBUG_POST_DATA:' . "\n\n";
reset($_POST);
foreach ($_POST as $key => $value) {
$email_body .= $key . '=' . $value . "\n";
}
$email_body .= "\n" . 'INPAY_DEBUG_GET_DATA:' . "\n\n";
reset($_GET);
foreach ($_GET as $key => $value) {
$email_body .= $key . '=' . $value . "\n";
}
osc_email('', MODULE_PAYMENT_INPAY_DEBUG_EMAIL, 'Inpay Invalid Process', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
}
if (isset($_POST['order_id']) && is_numeric($_POST['order_id']) && $_POST['order_id'] > 0) {
$Qcheck = $osC_Database->query('select orders_id from :table_orders where orders_id=:orders_id');
$Qcheck->bindTable(':table_orders', TABLE_ORDERS);
$Qcheck->bindInt('orders_id', $_POST['order_id']);
$Qcheck->execute();
if ($Qcheck->numberOfRows() > 0) {
$comments = 'Inpay Invalid [' . $result . ']';
osC_Order::insertOrderStatusHistory($_POST['order_id'], $order_status_id, $comments);
}
}
}
}
}