if (strcmp($res, "VERIFIED") == 0) {
$str = '';
foreach ($_POST as $key => $value) {
$str .= $key . " = " . $value . "\n";
}
if (!isset($_POST['item_number'])) {
Core_mail('*****@*****.**', $_SERVER['HTTP_HOST'] . ' problem with PayPal payment', "There was a problem marking a purchase as Paid. Please contact" . " your website provider with the following details:\n\n" . $str);
Core_quit();
}
$id = (int) $_POST['item_number'];
if ($id < 1) {
Core_quit();
}
// check that payment_amount/payment_currency are correct
$order = dbRow("SELECT * FROM online_store_orders WHERE id={$id}");
if (round($order['total']) != round($_POST['mc_gross'])) {
// TODO: you should be able to edit the email address here - e.g. test domains will have a strange email address
$eml = 'info@' . preg_replace('/^www\\./', '', $_SERVER['HTTP_HOST']);
Core_mail($eml, $_SERVER['HTTP_HOST'] . ' paypal hack', $str, $eml);
Core_quit();
}
// process payment
require dirname(__FILE__) . '/../order-status.php';
OnlineStore_processOrder($id, $order);
} else {
if (strcmp($res, "INVALID") == 0) {
}
}
}
fclose($fp);
}
/**
* change the payment status of an Online-Store order
*
* @return array status
*/
function OnlineStore_adminChangeOrderStatus()
{
$id = (int) $_REQUEST['id'];
$status = (int) $_REQUEST['status'];
$invoices_by_email = (int) dbOne('select value from online_store_vars where name="invoices_by_email"', 'value');
if ($status == 1) {
// paid
require dirname(__FILE__) . '/order-status.php';
OnlineStore_processOrder($id);
} elseif ($status == 3) {
// cancelled
dbQuery('update online_store_orders set status=' . $status . ' where id=' . $id);
Core_trigger('after-order-cancelled', dbRow('select * from online_store_orders where id=' . $id));
} else {
dbQuery('update online_store_orders set status=' . $status . ' where id=' . $id);
require dirname(__FILE__) . '/order-status.php';
OnlineStore_sendInvoiceEmail($id);
OnlineStore_exportToFile($id);
}
return array('ok' => 1);
}