protected static function validateInputData($data)
{
$errors = array();
if (empty($data)) {
Error::throwError('ip');
}
if (!isset($data['token']) && !isset($data['paymentMethod'])) {
$errors[] = Error::$errors['orderInput']['token'];
}
if (!isset($data['orderDescription'])) {
$errors[] = Error::$errors['orderInput']['orderDescription'];
}
if (!isset($data['amount']) || $data['amount'] > 0 && Utils::isFloat($data['amount'])) {
$errors[] = Error::$errors['orderInput']['amount'];
}
if (!isset($data['currencyCode'])) {
$errors[] = Error::$errors['orderInput']['currencyCode'];
}
if (!isset($data['name'])) {
$errors[] = Error::$errors['orderInput']['name'];
}
if (isset($data['billingAddress']) && !is_array($data['billingAddress'])) {
$errors[] = Error::$errors['orderInput']['billingAddress'];
}
if (isset($data['deliveryAddress']) && !is_array($data['deliveryAddress'])) {
$errors[] = Error::$errors['orderInput']['deliveryAddress'];
}
if (count($errors) > 0) {
Error::throwError('ip', implode(', ', $errors));
}
}
/**
*
* @param string $query
* @param boolean $callback
* @return mixed|PDOStatement
*/
protected function query($query, $callback = true)
{
// Préparation & Execution de la requête
try {
$sth = $this->_database->prepare($query);
$sth->execute();
} catch (\PDOException $e) {
Error::throwError('Erreur SQL!', "Erreur SQL ! :<br />{$e->getMessage()}");
}
// Si il y'a des retours a faire
if ($callback) {
if ($sth) {
$index = 0;
// Compteur de résultats
$results = array();
// Tableau associatif qui contiendra les résultats de la requète
while ($data = $sth->fetch(\PDO::FETCH_ASSOC)) {
$results[$index] = $data;
$index++;
}
return $results;
}
} else {
return $sth;
}
}
/**
*
* @param string $authLogin
* @param string $authPassword
* @return boolean
*/
public static function userLogin($authLogin, $authPassword)
{
// On assigne les paramètres dans des variables
include 'Config.php';
$dbHost = $settings['Database']['Host'];
$dbName = $settings['Database']['Name'];
$dbUser = $settings['Database']['User'];
$dbPassword = $settings['Database']['Password'];
$usersTable = $settings['Auth']['UsersTable'];
$usersIdField = $settings['Auth']['IdField'];
$usersLoginField = $settings['Auth']['LoginField'];
$usersPasswordField = $settings['Auth']['PasswordField'];
$usersLevelField = $settings['Auth']['LevelField'];
// Connexion avec PDO
try {
$db = new \PDO("mysql:host={$dbHost};dbname={$dbName}", $dbUser, $dbPassword);
$db->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
} catch (\PDOException $e) {
Error::throwError('Erreur SQL!', $e->getMessage());
}
// Requête avec PDO
try {
// Requête SQL
$query = "SELECT " . "`{$usersIdField}`, `{$usersLoginField}`, " . "`{$usersPasswordField}`, `{$usersLevelField}` " . "FROM `{$usersTable}` " . "WHERE `{$usersLoginField}` = :auth_login " . "AND `{$usersPasswordField}` = :auth_password";
// Paramètres à protéger
$options = array(':auth_login' => $authLogin, ':auth_password' => $authPassword);
// Préparation & Execution de la requête
$sth = $db->prepare($query);
$sth->execute($options);
} catch (\PDOException $e) {
Error::throwError('Erreur SQL!', $e->getMessage());
}
// Si la requète est réussie, l'utilisateur existe bel et bien...
// On déclare son id, login, password (hashé en SHA1), son level, et on lui
// crée un token de sécurité, puis on stock dans la variable de session sous
// forme de tableau associatif.
// Dans le cas ou le statement $sth est à faux (false) la requète est échouée
// ou l'utilisateur n'existe pas, et on renvoi un message d'erreur.
if ($sth) {
if (!empty($d = $sth->fetch(\PDO::FETCH_ASSOC))) {
// On crée l'index 'Auth' dans la variable de session.
$_SESSION['Auth'] = array('UserId' => $d[$usersIdField], 'UserLogin' => $d[$usersLoginField], 'UserPassword' => sha1($d[$usersPasswordField]), 'UserLevel' => $d[$usersLevelField], 'UserToken' => md5(time() * rand(0, 100) . $d[$usersLoginField] . $d[$usersIdField]));
// Tout s'est bien passé, on retourne true.
return true;
} else {
// Le couple utilisateur/mot de passe est faux, on retourne false.
return false;
}
} else {
// Il y'a eu une erreur dans la requête, on retourne l'exception PDO.
Error::throwError('Erreur 404!', $e->getMessage());
}
}
/**
* Sends request to Worldpay API
* @param string $action
* @param string $json
* @param bool $expectResponse
* @param string $method
* @return string JSON string from Worldpay
* */
public function sendRequest($action, $json = false, $expectResponse = false, $method = 'POST')
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $this->endpoint . $action);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
curl_setopt($ch, CURLOPT_POSTFIELDS, $json);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: {$this->service_key}", "Content-Type: application/json", "X-wp-client-user-agent: {$this->client_user_agent}", "Content-Length: " . strlen($json)));
// Disabling SSL used for localhost testing
if ($this->ssl_check === false) {
if (substr($this->service_key, 0, 1) != 'T') {
Error::throwError('ssl');
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
}
$result = curl_exec($ch);
$info = curl_getinfo($ch);
$err = curl_error($ch);
$errno = curl_errno($ch);
curl_close($ch);
// Curl error
if ($result === false) {
if ($errno === 60) {
Error::throwError('sslerror', false, $errno, null, $err);
} elseif ($errno === 28) {
Error::throwError('timeouterror', false, $errno, null, $err);
} else {
Error::throwError('uanv', false, $errno, null, $err);
}
}
if (substr($result, -1) != '}') {
$result = substr($result, 0, -1);
}
// Decode JSON
$response = self::handleResponse($result);
// Check JSON has decoded correctly
if ($expectResponse && ($response === null || $response === false)) {
Error::throwError('uanv', Error::$errors['json'], 503);
}
// Check the status code exists
if (isset($response["httpStatusCode"])) {
if ($response["httpStatusCode"] != 200) {
Error::throwError(false, $response["message"], $info['http_code'], $response['httpStatusCode'], $response['description'], $response['customCode']);
}
} elseif ($expectResponse && $info['http_code'] != 200) {
// If we expect a result and we have an error
Error::throwError('uanv', Error::$errors['json'], 503);
} elseif (!$expectResponse) {
if ($info['http_code'] != 200) {
Error::throwError('apierror', $result, $info['http_code']);
} else {
$response = true;
}
}
return $response;
}
function error()
{
$controller = new Error();
$controller->throwError("Böyle bir sayfa bulunmamaktadır", URL);
return false;
}
function restricted()
{
$index = URL . "admin";
Error::throwError("Bu sayfaya giriş yetkiniz bulunmamaktadır.", $index);
}
/**
*
* @param string $message
* @param string $type
*/
protected function setFlash($message, $type)
{
$viewFilePath = FLASHS_DIR . $type . '.flash';
ob_start();
// On charge la vue "flash"
if (file_exists($viewFilePath)) {
include_once $viewFilePath;
} else {
Error::throwError("Fichier manquant !", "Fichier manquant !, Le fichier : {$viewFilePath} est inexistant !");
}
$_SESSION['Flash'] = ob_get_clean();
}
/**
* Get card details from Worldpay token
* @param string $token
* @return array card details
* */
public function getStoredCardDetails($token = false)
{
if (empty($token) || !is_string($token)) {
Error::throwError('ip', Error::$errors['orderInput']['token']);
}
$response = TokenService::getStoredCardDetails($token);
if (!isset($response['paymentMethod'])) {
Error::throwError("apierror");
}
return $response['paymentMethod'];
}
