function fn_exim_orders_set_data($order_id, $data, $type)
{
$set_delimiter = ';';
$pair_delimiter = ':';
$left = '[';
$right = ']';
$data = YAML_Parser::unserialize($data);
if (is_array($data)) {
$data = serialize($data);
if ($type == 'P') {
$data = fn_encrypt_text($data);
}
$insert = array('order_id' => $order_id, 'type' => $type, 'data' => $data);
db_query("REPLACE INTO ?:order_data ?e", $insert);
}
return true;
}
function fn_cleanup_payment_info($order_id = '', $payment_info, $silent = false)
{
if ($silent == false) {
fn_set_progress('echo', __('processing_order') . ' <b>#' . $order_id . '</b>...');
}
if (!is_array($payment_info)) {
$info = @unserialize(fn_decrypt_text($payment_info));
} else {
$info = $payment_info;
}
if (!empty($info['cvv2'])) {
$info['cvv2'] = 'XXX';
}
if (!empty($info['card_number'])) {
$info['card_number'] = str_replace(array('-', ' '), '', $info['card_number']);
$info['card_number'] = substr_replace($info['card_number'], str_repeat('X', strlen($info['card_number']) - 4), 0, strlen($info['card_number']) - 4);
}
foreach (array('expiry_month', 'expiry_year') as $v) {
if (!empty($info[$v])) {
$info[$v] = 'XX';
}
}
$_data = fn_encrypt_text(serialize($info));
if (!empty($order_id)) {
db_query("UPDATE ?:order_data SET data = ?s WHERE order_id = ?i AND type = 'P'", $_data, $order_id);
} else {
return $_data;
}
}
function fn_cleanup_payment_info($order_id, $payment_info, $silent = false)
{
if ($silent == false) {
$processing_msg = fn_get_lang_var('processing_order');
$done_msg = fn_get_lang_var('uc_ok');
echo $processing_msg . ' <b>#' . $order_id . '</b>...';
fn_flush();
}
if (!is_array($payment_info)) {
$info = @unserialize(fn_decrypt_text($payment_info));
} else {
$info = $payment_info;
}
if (!empty($info['cvv2'])) {
$info['cvv2'] = 'XXX';
}
if (!empty($info['card_number'])) {
$info['card_number'] = substr_replace($info['card_number'], str_repeat('X', strlen($info['card_number']) - 4), 0, strlen($info['card_number']) - 4);
}
foreach (array('start_month', 'start_year', 'expiry_month', 'expiry_year') as $v) {
if (!empty($info[$v])) {
$info[$v] = 'XX';
}
}
$_data = fn_encrypt_text(serialize($info));
db_query("UPDATE ?:order_data SET data = ?s WHERE order_id = ?i AND type = 'P'", $_data, $order_id);
if ($silent == false) {
echo $done_msg . '<br />';
}
}
if (empty($allowed_id)) {
// Access denied
return array(CONTROLLER_STATUS_DENIED);
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($mode == 'repay') {
$order_info = fn_get_order_info($_REQUEST['order_id']);
$payment_info = empty($_REQUEST['payment_info']) ? array() : $_REQUEST['payment_info'];
// Save payment information
if (!empty($payment_info)) {
// This should not be here, repay must be refactored to use fn_place_order
if (!empty($payment_info['card_number'])) {
$payment_info['card_number'] = str_replace(array(' ', '-'), '', $payment_info['card_number']);
}
$_data = array('order_id' => $_REQUEST['order_id'], 'type' => 'P', 'data' => fn_encrypt_text(serialize($payment_info)));
db_query("REPLACE INTO ?:order_data ?e", $_data);
} else {
db_query("DELETE FROM ?:order_data WHERE type = 'P' AND order_id = ?i", $_REQUEST['order_id']);
}
// Change payment method
$update_order['payment_id'] = $_REQUEST['payment_id'];
$update_order['repaid'] = ++$order_info['repaid'];
// Add new customer notes
if (!empty($_REQUEST['customer_notes'])) {
$update_order['notes'] = (!empty($order_info['notes']) ? $order_info['notes'] . "\n" : '') . $_REQUEST['customer_notes'];
}
// Update total and surcharge amount
$payment = fn_get_payment_method_data($_REQUEST['payment_id']);
if (!empty($payment['p_surcharge']) || !empty($payment['a_surcharge'])) {
$surcharge_value = 0;
return array(CONTROLLER_STATUS_OK, "profiles.update?user_id=" . $uid);
} elseif ($mode == 'delete_card') {
if (AREA == 'A' && fn_is_restricted_admin($_REQUEST) == true) {
return array(CONTROLLER_STATUS_DENIED);
}
if (!empty($_REQUEST['card_id']) && !empty($_REQUEST['profile_id'])) {
$cards_data = db_get_field("SELECT credit_cards FROM ?:user_profiles WHERE profile_id = ?i", $_REQUEST['profile_id']);
if (!empty($cards_data)) {
$cards = unserialize(fn_decrypt_text($cards_data));
$is_default = $cards[$_REQUEST['card_id']]['default'];
unset($cards[$_REQUEST['card_id']]);
if ($is_default && !empty($cards)) {
reset($cards);
$cards[key($cards)]['default'] = true;
}
$cards_data = array('credit_cards' => empty($cards) ? '' : fn_encrypt_text(serialize($cards)));
db_query('UPDATE ?:user_profiles SET ?u WHERE profile_id = ?i', $cards_data, $_REQUEST['profile_id']);
if (AREA == 'A') {
$uid = empty($_REQUEST['user_id']) ? $auth['user_id'] : $_REQUEST['user_id'];
} else {
$uid = $auth['user_id'];
}
return array(CONTROLLER_STATUS_OK, "profiles.update?user_id={$uid}&profile_id={$_REQUEST['profile_id']}");
}
}
exit;
} elseif ($mode == 'request_usergroup') {
if (AREA == 'A' && fn_is_restricted_admin($_REQUEST) == true) {
return array(CONTROLLER_STATUS_DENIED);
}
$uid = $auth['user_id'];