/**
* Check if secure connection is available
*/
function fn_settings_actions_general_secure_auth(&$new_value, $old_value)
{
if ($new_value == 'Y') {
$content = fn_https_request('GET', Registry::get('config.https_location') . '/' . INDEX_SCRIPT . '?check_https=Y');
if (empty($content[1]) || $content[1] != 'OK') {
// Disable https
db_query("UPDATE ?:settings SET value = 'N' WHERE section_id = 'General' AND option_name LIKE 'secure\\_%'");
$new_value = 'N';
fn_set_notification('W', fn_get_lang_var('warning'), fn_get_lang_var('warning_https_disabled'));
}
}
}
function fn_paypal_request($request, $post_url, $cert_file)
{
$post = explode("\n", $request);
list($headers, $response) = fn_https_request("POST", $post_url, $post, "", "", "text/xml", "", $cert_file);
if ($headers == "0") {
return array('success' => false, 'error' => array('ShortMessage' => $response, 'LongMessage' => $response, 'ErrorCode' => 0));
}
$result = array('headers' => $headers, 'response' => $response);
#
# Parse and fill common fields
#
$result['success'] = false;
$ord_fields = array('Ack', 'TransactionID', 'Token', 'AVSCode', 'CVV2Code', 'PayerID', 'PayerStatus', 'FirstName', 'LastName', 'ContactPhone', 'TransactionType', 'PaymentStatus', 'PendingReason', 'ReasonCode', 'GrossAmount', 'FeeAmount', 'SettleAmount', 'TaxAmount', 'ExchangeRate');
foreach ($ord_fields as $field) {
if (preg_match('!<' . $field . '[^>]+>([^>]+)</' . $field . '>!', $response, $out)) {
$result[$field] = $out[1];
}
}
if (!strcasecmp($result['Ack'], 'Success') || !strcasecmp($result['Ack'], 'SuccessWithWarning')) {
$result['success'] = true;
}
if (preg_match('!<Payer(?:\\s[^>]*)?>([^>]+)</Payer>!', $response, $out)) {
$result['Payer'] = $out[1];
// e-mail address
}
if (preg_match('!<Errors[^>]*>(.+)</Errors>!', $response, $out_err)) {
$error = array();
if (preg_match('!<SeverityCode[^>]*>([^>]+)</SeverityCode>!', $out_err[1], $out)) {
$error['SeverityCode'] = $out[1];
}
if (preg_match('!<ErrorCode[^>]*>([^>]+)</ErrorCode>!', $out_err[1], $out)) {
$error['ErrorCode'] = $out[1];
}
if (preg_match('!<ShortMessage[^>]*>([^>]+)</ShortMessage>!', $out_err[1], $out)) {
$error['ShortMessage'] = $out[1];
}
if (preg_match('!<LongMessage[^>]*>([^>]+)</LongMessage>!', $out_err[1], $out)) {
$error['LongMessage'] = $out[1];
}
$result['error'] = $error;
}
if (preg_match('!<Address[^>]*>(.+)</Address>!', $response, $out)) {
$out_addr = $out[1];
$address = array();
if (preg_match('!<Street1[^>]*>([^>]+)</Street1>!', $out_addr, $out)) {
$address['Street1'] = $out[1];
}
if (preg_match('!<Street2[^>]*>([^>]+)</Street2>!', $out_addr, $out)) {
$address['Street2'] = $out[1];
}
if (preg_match('!<CityName[^>]*>([^>]+)</CityName>!', $out_addr, $out)) {
$address['CityName'] = $out[1];
}
if (preg_match('!<StateOrProvince[^>]*>([^>]+)</StateOrProvince>!', $out_addr, $out)) {
$address['StateOrProvince'] = $out[1];
}
if (preg_match('!<Country[^>]*>([^>]+)</Country>!', $out_addr, $out)) {
$address['Country'] = $out[1];
}
if (preg_match('!<PostalCode[^>]*>([^>]+)</PostalCode>!', $out_addr, $out)) {
$address['PostalCode'] = $out[1];
}
if (preg_match('!<AddressOwner[^>]*>([^>]+)</AddressOwner>!', $out_addr, $out)) {
$address['AddressOwner'] = $out[1];
}
if (preg_match('!<AddressStatus[^>]*>([^>]+)</AddressStatus>!', $out_addr, $out)) {
$address['AddressStatus'] = $out[1];
}
$result['address'] = $address;
}
return $result;
}
function fn_get_dhl_rates($code, $weight_data, $location, &$auth, $shipping_settings, $package_info, $origination)
{
static $rates = array();
static $all_codes = array();
if ($shipping_settings['dhl_enabled'] != 'Y') {
return false;
}
if (!empty($rates[$code])) {
return array('cost' => $rates[$code]);
}
if ($location['country'] == 'GB') {
$location['country'] = 'UK';
}
$request_type = $location['country'] != $origination['country'] ? 'IntlShipment' : 'Shipment';
$username = $shipping_settings['dhl']['system_id'];
$password = $shipping_settings['dhl']['password'];
$account = $shipping_settings['dhl']['account_number'];
$ship_key = $request_type == 'Shipment' ? $shipping_settings['dhl']['ship_key'] : $shipping_settings['dhl']['intl_ship_key'];
$url = $shipping_settings['dhl']['test_mode'] == 'Y' ? 'https://ecommerce.airborne.com:443/apilandingtest.asp' : 'https://ecommerce.airborne.com:443/apilanding.asp';
$weight = intval($weight_data['full_pounds']);
$total = !empty($_SESSION['cart']['subtotal']) ? intval($_SESSION['cart']['subtotal']) + 1 : 1;
// Package type (Package, Letter)
$package = $shipping_settings['dhl']['shipment_type'];
// Ship date
$ship_date = date("Y-m-d", TIME + (date('w', TIME) == 0 ? 86400 : 0));
//Shipping Billing Type FIXME!!! move to options (S - sender, R - receiver, 3 - 3rd party)
$billing_type = 'S';
if (empty($all_codes)) {
if ($request_type == 'Shipment') {
$all_codes = db_get_fields("SELECT code FROM ?:shipping_services WHERE code NOT IN ('', 'IE', 'IE:SAT')");
} else {
$all_codes = array('IE', 'IE:SAT');
// DHL has the only international service Intl Express
}
}
$ship_request = $bil_request = '';
// International shipping is not dutiable and have no customs fee
$dutiable = '';
if ($request_type == 'IntlShipment') {
$dutiable = "<Dutiable><DutiableFlag>N</DutiableFlag><CustomsValue>{$total}</CustomsValue></Dutiable>";
$content = $origination['name'];
$ship_request .= "<ContentDesc><![CDATA[{$content}]]></ContentDesc>";
// FIXME!!!
}
// Additional protection
$protection = $shipping_settings['dhl']['additional_protection'];
if ($protection != 'NR') {
$ship_request .= "<AdditionalProtection><Code>{$protection}</Code><Value>{$total}</Value></AdditionalProtection>";
}
// Cache-on-delivery payment
if ($shipping_settings['dhl']['cod_payment'] == 'Y') {
$cod_method = $shipping_settings['dhl']['cod_method'];
$cod_value = $shipping_settings['dhl']['cod_value'];
$bil_request .= "<CODPayment><Code>{$cod_method}</Code><Value>{$cod_value}</Value></CODPayment>";
}
if ($package != 'L') {
$length = $shipping_settings['dhl']['length'];
$width = $shipping_settings['dhl']['width'];
$height = $shipping_settings['dhl']['height'];
$ship_request .= "<Weight>{$weight}</Weight><Dimensions><Width>{$width}</Width><Height>{$height}</Height><Length>{$length}</Length></Dimensions>";
}
$shipment_request = '';
foreach ($all_codes as $c_code) {
$_code = explode(':', $c_code);
$service_code = $_code[0];
$special_request = '';
$shipment_instructions = '';
// Ship hazardous materials
if ($shipping_settings['dhl']['ship_hazardous'] == 'Y') {
$special_request .= "<SpecialService><Code>HAZ</Code></SpecialService>";
}
if (!empty($_code[1])) {
if ($_code[1] == 'SAT' && date('w', TIME) != '5') {
$shipment_instructions = "<ShipmentProcessingInstructions><Overrides><Override><Code>ES</Code></Override></Overrides></ShipmentProcessingInstructions>";
}
$special_request .= "<SpecialService><Code>{$_code['1']}</Code></SpecialService>";
}
// ZipCode override
//$shipment_instructions = "<ShipmentProcessingInstructions><Overrides><Override><Code>RP</Code></Override></Overrides></ShipmentProcessingInstructions>";
if (!empty($special_request)) {
$special_request = '<SpecialServices>' . $special_request . '</SpecialServices>';
}
$shipment_request .= <<<EOT
\t\t<{$request_type} action="RateEstimate" version="1.0">
\t\t\t<ShippingCredentials>
\t\t\t\t<ShippingKey>{$ship_key}</ShippingKey>
\t\t\t\t<AccountNbr>{$account}</AccountNbr>
\t\t\t</ShippingCredentials>
\t\t\t<ShipmentDetail>
\t\t\t\t<ShipDate>{$ship_date}</ShipDate>
\t\t\t\t<Service>
\t\t\t\t\t<Code>{$service_code}</Code>
\t\t\t\t</Service>
\t\t\t\t<ShipmentType>
\t\t\t\t<Code>{$package}</Code>
\t\t\t\t</ShipmentType>
\t\t\t\t{$ship_request}
\t\t\t\t{$special_request}
\t\t\t</ShipmentDetail>
\t\t\t<Billing>
\t\t\t\t<Party>
\t\t\t\t\t<Code>{$billing_type}</Code>
\t\t\t\t</Party>
\t\t\t\t{$bil_request}
\t\t\t\t<AccountNbr>{$account}</AccountNbr>
\t\t\t</Billing>
\t\t\t<Receiver>
\t\t\t\t<Address>
\t\t\t\t\t<Street>{$location['address']}</Street>
\t\t\t\t\t<City>{$location['city']}</City>
\t\t\t\t\t<State>{$location['state']}</State>
\t\t\t\t\t<PostalCode>{$location['zipcode']}</PostalCode>
\t\t\t\t\t<Country>{$location['country']}</Country>
\t\t\t\t</Address>
\t\t\t</Receiver>
\t\t\t{$dutiable}
\t\t\t{$shipment_instructions}
\t\t</{$request_type}>
EOT;
}
$request = <<<EOT
\t<?xml version="1.0" encoding="UTF-8" ?>
\t\t<eCommerce action="Request" version="1.1">
\t\t<Requestor>
\t\t\t<ID>{$username}</ID>
\t\t\t<Password>{$password}</Password>
\t\t</Requestor>
\t\t{$shipment_request}
\t\t</eCommerce>
EOT;
$post = explode("\n", $request);
list($a, $result) = fn_https_request('POST', $url, $post, '', '', 'text/xml');
$rates = fn_arb_get_rates($result, $request_type);
if (!empty($rates[$code])) {
return array('cost' => $rates[$code]);
} else {
if (defined('SHIPPING_DEBUG')) {
return array('error' => fn_arb_get_error($result, $request_type));
}
}
return false;
}
\t\t\t\t</Sale>
\t\t\t</Transaction>
\t\t</Transactions>
\t</RequestData>
\t<RequestAuth>
\t\t<UserPass>
\t\t\t<User>{$payflow_username}</User>
\t\t\t<Password>{$payflow_password}</Password>
\t\t</UserPass>
\t</RequestAuth>
</XMLPayRequest>
XML;
$headers = array("X-VPS-REQUEST-ID: {$payflow_order_id}", "X-VPS-VIT-CLIENT-CERTIFICATION-ID: 5b329b34269933161c60aeda0f14d0d8", "X-VPS-CLIENT-TIMEOUT: 45");
$post_url = "https://" . $payflow_url . ":443/transaction";
Registry::set('log_cut_data', array('CardNum', 'ExpDate', 'NameOnCard', 'CVNum'));
list($_headers, $response_data) = fn_https_request("POST", $post_url, $post, "", "", "text/xml", "", "", "", $headers);
$pp_response = array();
$pp_response['reason_text'] = '';
preg_match("/<Result>(.*)<\\/Result>/", $response_data, $_result);
if (!empty($_result[1])) {
$pp_response['reason_text'] = "Result: " . $_result[1];
}
preg_match_all("/<Message>(.*?)<\\/Message>/", $response_data, $_message);
if (!empty($_message[1])) {
$pp_response['reason_text'] .= "; " . end($_message[1]) . "; ";
}
preg_match("/<AuthCode>(.*)<\\/AuthCode>/", $response_data, $_auth);
if (!empty($_auth[1])) {
$pp_response['reason_text'] .= "Auth Code: " . $_auth[1] . "; ";
}
preg_match('/<TransactionResult (?:.*) Duplicate="(.*)"/i', $response_data, $_duplicate);
function fn_get_ups_rates($code, $weight_data, $location, &$auth, $shipping_settings, $package_info, $origination)
{
static $cached_rates = array();
if ($shipping_settings['ups_enabled'] != 'Y') {
return false;
}
$cached_rate_id = fn_generate_cached_rate_id($weight_data, $origination);
if (!empty($cached_rates[$cached_rate_id])) {
if (!empty($cached_rates[$cached_rate_id][$code])) {
return array('cost' => $cached_rates[$cached_rate_id][$code]);
} else {
return false;
}
}
if ($shipping_settings['ups']['test_mode'] == 'Y') {
$url = "https://wwwcie.ups.com:443/ups.app/xml/Rate";
} else {
$url = "https://www.ups.com:443/ups.app/xml/Rate";
}
// Prepare data for UPS request
$username = $shipping_settings['ups']['username'];
$password = $shipping_settings['ups']['password'];
$access_key = $shipping_settings['ups']['access_key'];
$origination_postal = $origination['zipcode'];
$origination_country = $origination['country'];
$height = $shipping_settings['ups']['height'];
$width = $shipping_settings['ups']['width'];
$length = $shipping_settings['ups']['length'];
$pickup_type = $shipping_settings['ups']['pickup_type'];
$package_type = $shipping_settings['ups']['package_type'];
$destination_postal = $location['zipcode'];
$destination_country = $location['country'];
// define weight unit and value
$weight = $weight_data['full_pounds'];
if (in_array($origination_country, array('US', 'DO', 'PR'))) {
$weight_unit = 'LBS';
$measure_unit = 'IN';
} else {
$weight_unit = 'KGS';
$measure_unit = 'CM';
$weight = $weight * 0.4536;
}
$customer_classification = '';
if ($origination_country == 'US' && $pickup_type == '11') {
$customer_classification = <<<EOT
\t<CustomerClassification>
\t\t<Code>04</Code>
\t</CustomerClassification>
EOT;
}
$request = <<<EOT
<?xml version="1.0"?>
<AccessRequest xml:lang="en-US">
\t<AccessLicenseNumber>{$access_key}</AccessLicenseNumber>
\t\t<UserId>{$username}</UserId>
\t\t<Password>{$password}</Password>
</AccessRequest>
<?xml version="1.0"?>
<RatingServiceSelectionRequest xml:lang='en-US'>
<Request>
\t<TransactionReference>
\t <CustomerContext>Rate Request</CustomerContext>
\t <XpciVersion>1.0</XpciVersion>
\t</TransactionReference>
\t<RequestAction>Rate</RequestAction>
\t<RequestOption>shop</RequestOption>
</Request>
\t<PickupType>
\t<Code>{$pickup_type}</Code>
</PickupType>
{$customer_classification}
<Shipment>
\t<Shipper>
\t\t<Address>
\t\t\t<PostalCode>{$destination_postal}</PostalCode>
\t\t\t<CountryCode>{$destination_country}</CountryCode>
\t\t</Address>
\t</Shipper>\t
\t<ShipTo>
\t\t<Address>
\t\t\t<PostalCode>{$destination_postal}</PostalCode>
\t\t\t<CountryCode>{$destination_country}</CountryCode>
\t\t\t<ResidentialAddressIndicator/>
\t\t</Address>
\t</ShipTo>
\t<ShipFrom>
\t\t<Address>
\t\t\t<PostalCode>{$origination_postal}</PostalCode>
\t\t\t<CountryCode>{$origination_country}</CountryCode>
\t\t</Address>
\t</ShipFrom>
\t<Package>
\t\t<PackagingType>
\t\t\t<Code>{$package_type}</Code>
\t\t</PackagingType>
\t\t\t<Dimensions>
\t\t\t\t<UnitOfMeasurement>
\t\t\t\t <Code>{$measure_unit}</Code>
\t\t\t\t</UnitOfMeasurement>
\t\t\t\t<Length>{$length}</Length>
\t\t\t\t<Width>{$width}</Width>
\t\t\t\t<Height>{$height}</Height>
\t\t\t</Dimensions>
\t\t<PackageWeight>
\t\t\t<UnitOfMeasurement>
\t\t\t\t <Code>{$weight_unit}</Code>
\t\t\t</UnitOfMeasurement>
\t\t\t<Weight>{$weight}</Weight>
\t\t</PackageWeight>
\t</Package>
</Shipment>
</RatingServiceSelectionRequest>
EOT;
$post = explode("\n", $request);
list($header, $result) = fn_https_request('POST', $url, $post, '', '', 'text/xml');
$rates = fn_ups_get_rates($result);
if (empty($cached_rates[$cached_rate_id]) && !empty($rates)) {
$cached_rates[$cached_rate_id] = $rates;
}
if (!empty($rates[$code])) {
return array('cost' => $rates[$code]);
} else {
if (defined('SHIPPING_DEBUG')) {
return array('error' => fn_ups_get_error($result));
}
}
return false;
}
}
$post[] = "Withroot=Y";
$post[] = "REMOTE_ADDR=" . $_SERVER['REMOTE_ADDR'];
if (isset($processor_data['params']['use_new_sha_method']) && $processor_data['params']['use_new_sha_method'] == 'Y') {
if (!empty($processor_data['params']['userid'])) {
$userid_condition = "USERID=" . $processor_data['params']['userid'] . $pp_secret;
} else {
$userid_condition = '';
}
//New SHA: All parameters in alphabetical order
$post[] = "SHASign=" . sha1("AMOUNT=" . 100 * $order_info["total"] . $pp_secret . "CARDNO=" . trim($order_info['payment_info']['card_number']) . $pp_secret . "CN=" . trim($order_info['payment_info']['cardholder_name']) . $pp_secret . "CURRENCY=" . $pp_curr . $pp_secret . "CVC=" . $order_info['payment_info']['cvv2'] . $pp_secret . "ED=" . $order_info['payment_info']['expiry_month'] . '/' . $order_info['payment_info']['expiry_year'] . $pp_secret . (!empty($email) ? "EMAIL=" . $email . $pp_secret : '') . "ORDERID=" . $_order_id . $pp_secret . (!empty($owneraddress) ? "OWNERADDRESS=" . $owneraddress . $pp_secret : '') . (!empty($ownercty) ? "OWNERCTY=" . $ownercty . $pp_secret : '') . (!empty($ownertelno) ? "OWNERTELNO=" . $ownertelno . $pp_secret : '') . (!empty($ownertown) ? "OWNERTOWN=" . $ownertown . $pp_secret : '') . (!empty($ownerzip) ? "OWNERZIP=" . $ownerzip . $pp_secret : '') . "PSPID=" . $pp_merch . $pp_secret . "PSWD=" . $pp_pass . $pp_secret . "REMOTE_ADDR=" . $_SERVER['REMOTE_ADDR'] . $pp_secret . $userid_condition . "WITHROOT=Y" . $pp_secret);
} else {
//SHA-1(OrderID + Amount + Currency + Cardno + PSPID + operation + additional string)
$post[] = "SHASign=" . sha1($_order_id . 100 * $order_info["total"] . $pp_curr . $order_info['payment_info']['card_number'] . $pp_merch . $pp_secret);
}
list($a, $return) = fn_https_request("POST", $pp_url, $post);
$pp_response = array();
preg_match("/[^NC]STATUS=\"(.+)\"/U", $return, $a);
$pp_response["reason_text"] = empty($status[$a[1]]) ? "Status code: " . $a[1] : $status[$a[1]];
if ($a[1] == "5" || $a[1] == "9") {
preg_match("/PAYID=\"(.+)\"/U", $return, $authno);
$pp_response['transaction_id'] = $authno[1];
preg_match("/ACCEPTANCE=\"(.+)\"/U", $return, $authno);
$pp_response["reason_text"] .= " (ACCEPTANCE: " . $authno[1] . ")";
$pp_response["order_status"] = 'P';
} else {
preg_match("/NCERRORPLUS=\"(.+)\"/U", $return, $stat);
$pp_response["reason_text"] .= ": " . $stat[1];
$pp_response["order_status"] = 'F';
}
preg_match("/NCERROR=\"(.+)\"/U", $return, $a);
$pp_mc_gross = !empty($_REQUEST['mc_gross']) ? $_REQUEST['mc_gross'] : 0;
if (fn_format_price($pp_mc_gross) != fn_format_price($order_info['total'])) {
$pp_response['order_status'] = 'F';
$pp_response['reason_text'] = fn_get_lang_var('order_total_not_correct');
$pp_response['transaction_id'] = @$_REQUEST['txn_id'];
} elseif (stristr($_REQUEST['payment_status'], 'Completed')) {
$params = $processor_data['params'];
$paypal_host = $params['mode'] == 'test' ? "www.sandbox.paypal.com" : "www.paypal.com";
$post_data = array();
$paypal_post = $_REQUEST;
unset($paypal_post['dispatch']);
$paypal_post["cmd"] = "_notify-validate";
foreach ($paypal_post as $k => $v) {
$post_data[] = "{$k}={$v}";
}
list($headers, $result) = fn_https_request('POST', "https://{$paypal_host}:443/cgi-bin/webscr", $post_data);
if (stristr($result, 'VERIFIED')) {
$pp_response['order_status'] = 'P';
$pp_response['reason_text'] = '';
$pp_response['transaction_id'] = @$_REQUEST['txn_id'];
} elseif (stristr($result, 'INVALID')) {
$pp_response['order_status'] = 'D';
$pp_response['reason_text'] = '';
$pp_response['transaction_id'] = @$_REQUEST['txn_id'];
} else {
$pp_response['order_status'] = 'F';
$pp_response['reason_text'] = '';
$pp_response['transaction_id'] = @$_REQUEST['txn_id'];
}
} elseif (stristr($_REQUEST['payment_status'], 'Pending')) {
$pp_response['order_status'] = 'O';
function fn_google_send_order_command($post, $processor_data, $request_url, $action, $order_id)
{
$_id = base64_encode($processor_data['params']['merchant_id'] . ":" . $processor_data['params']['merchant_key']);
$headers[] = "Authorization: Basic {$_id}";
$headers[] = "Accept: application/xml ";
list($a, $return) = fn_https_request('POST', $request_url, $post, '', '', 'application/xml', '', '', '', $headers);
preg_match("/<error-message>(.*)<\\/error-message>/", $return, $error);
if (!empty($error[1])) {
fn_set_notification('E', fn_get_lang_var('notice'), $error[1]);
} else {
if (in_array($action, array('refund', 'cancel', 'deliver'))) {
$_SESSION['google_info'] = db_get_field("SELECT data FROM ?:order_data WHERE order_id = ?i AND type = ?s", $order_id, GOOGLE_ORDER_DATA);
echo "Request is successfully sent.<br />";
echo "Waiting for a Google response. Please be patient.";
return array(CONTROLLER_STATUS_OK, "orders.google.wait_response?order_id={$order_id}");
}
fn_set_notification('N', fn_get_lang_var('notice'), str_replace('[action]', fn_get_lang_var($action), fn_get_lang_var('google_request_sent')));
}
return true;
}
if (!defined('AREA') && is_array($_POST)) {
DEFINE('AREA', 'C');
DEFINE('AREA_NAME', 'customer');
require './../prepare.php';
require './../init.php';
$post[] = "transaction_id=" . $_REQUEST['transaction_id'];
$post[] = "transaction_date=" . $_REQUEST['transaction_date'];
$post[] = "from_email=" . $_REQUEST['from_email'];
$post[] = "to_email=" . $_REQUEST['to_email'];
$post[] = "order_id=" . $_REQUEST['order_id'];
$post[] = "amount=" . $_REQUEST['amount'];
$post[] = "security_key=" . $_REQUEST['security_key'];
$order_id = strpos($_REQUEST['order_id'], '_') ? substr($_REQUEST['order_id'], 0, strpos($_REQUEST['order_id'], '_')) : $_REQUEST['order_id'];
$order_info = fn_get_order_info($order_id);
// Post a request and analyse the response
list($a, $return) = fn_https_request("POST", "https://www.nochex.com/nochex.dll/apc/apc", $post);
$result = str_replace("\n", "&", $return);
$order_info['total'] = fn_format_price($order_info['total']);
$_REQUEST['amount'] = fn_format_price($_REQUEST['amount']);
$pp_response['order_status'] = $result == 'AUTHORISED' && $order_info['total'] == $_REQUEST['amount'] ? 'P' : 'F';
$pp_response["reason_text"] = "SecurityKey: {$_REQUEST['security_key']}, Transaction Date: {$_REQUEST['transaction_date']}";
if ($order_info['total'] != $_REQUEST['amount']) {
$pp_response["reason_text"] .= '; ' . fn_get_lang_var('order_total_not_correct');
}
$pp_response["transaction_id"] = $_REQUEST['transaction_id'];
fn_finish_payment($order_id, $pp_response);
exit;
} elseif (defined('PAYMENT_NOTIFICATION')) {
if ($mode == 'notify') {
$order_info = fn_get_order_info($_REQUEST['order_id']);
if ($order_info['status'] == 'O') {
// Addons
$fdata['addons'] = db_get_array("SELECT addon, status, priority FROM ?:addons ORDER BY addon");
// Addon options
$allowed_addons = array('access_restrictions', 'affiliate', 'discussion', 'gift_certificates', 'gift_registry', 'google_sitemap', 'live_help', 'barcode', 'polls', 'quickbooks', 'reward_points', 'rma', 'seo', 'tags');
$_addon_options = db_get_hash_single_array("SELECT addon, options FROM ?:addons WHERE addon IN (?a)", array('addon', 'options'), $allowed_addons);
if (is_array($fdata['addons'])) {
foreach ($fdata['addons'] as $k => $data) {
if ($mode == 'prepare') {
// This line is to display addon options
if (!empty($_addon_options[$data['addon']])) {
$fdata[fn_get_lang_var('options_for') . ' ' . $data['addon']] = unserialize($_addon_options[$data['addon']]);
}
} else {
// This line is to send addon options
$fdata['addons'][$k]['options'] = !empty($_addon_options[$data['addon']]) ? $_addon_options[$data['addon']] : array();
}
}
}
if ($mode == 'prepare') {
$view->assign("fdata", $fdata);
} elseif ($mode == 'send') {
list($headers, $result) = fn_https_request('POST', "http://anonym.to/?http://helpdesk.cs-cart.com/index.php?target=feedback", http_build_query(array('fdata' => $fdata)), '', '', 'application/x-www-form-urlencoded', '', '', '', array('Expect: '));
/* NULLED BY FLIPMODE! @ 2010/09/06 */
if (!empty($_REQUEST['action']) && $_REQUEST['action'] == 'auto') {
db_query("UPDATE ?:settings SET value = ?i WHERE option_name = 'send_feedback'", mktime(0, 0, 0, date("n") + 1, date("j"), date("Y")));
} else {
// Even if there is any problem we do not set the error.
fn_set_notification('N', fn_get_lang_var('notice'), fn_get_lang_var('feedback_is_sent_successfully'));
}
return array(CONTROLLER_STATUS_REDIRECT, "{$index_script}");
}
/**
* Make cmpi_authenticate request to 3-D Secure service provider.
*
* @return boolean true
*/
function fn_cmpi_authenticate()
{
$cardinal_request = <<<EOT
<CardinalMPI>
<Version>1.7</Version>
<MsgType>cmpi_authenticate</MsgType>
<ProcessorId>{$_SESSION['cmpi']['processor_id']}</ProcessorId>
<MerchantId>{$_SESSION['cmpi']['merchant_id']}</MerchantId>
<TransactionPwd>{$_SESSION['cmpi']['transaction_password']}</TransactionPwd>
<TransactionType>C</TransactionType>
<TransactionId>{$_SESSION['cmpi']['transaction_id']}</TransactionId>
<PAResPayload>{$_SESSION['cmpi']['pares']}</PAResPayload>
</CardinalMPI>\t
EOT;
list($headers, $response_data) = fn_https_request('POST', $_SESSION['cmpi']['transaction_url'], array("cmpi_msg=" . $cardinal_request));
$cmpi = @simplexml_load_string($response_data);
if ($headers == '0' || $cmpi === false) {
$_SESSION['cmpi']['err_no'][1] = 0;
$_SESSION['cmpi']['err_desc'][1] = 'Connection problem';
$_SESSION['cmpi']['signature'] = 'N';
$_SESSION['cmpi']['pares'] = 'N';
} else {
$_SESSION['cmpi']['signature'] = (string) $cmpi->SignatureVerification;
$_SESSION['cmpi']['pares'] = (string) $cmpi->PAResStatus;
$_SESSION['cmpi']['eci_flag'] = (string) $cmpi->EciFlag;
$_SESSION['cmpi']['xid'] = (string) $cmpi->Xid;
$_SESSION['cmpi']['cavv'] = (string) $cmpi->Cavv;
$_SESSION['cmpi']['err_no'][1] = (string) $cmpi->ErrorNo;
$_SESSION['cmpi']['err_desc'][1] = (string) $cmpi->ErrDesc;
}
return true;
}
$post[] = "baddress=" . $order_info['b_address'];
$post[] = "baddress1=" . $order_info['b_address_2'];
$post[] = "bcity=" . $order_info['b_city'];
$post[] = "bstate=" . $order_info['b_state'];
$post[] = "bzip=" . $order_info['b_zipcode'];
$post[] = "bcountry=" . $order_info['b_country'];
// TWO DIGIT COUNTRY (United States = "US")
$post[] = "bphone=" . $order_info['phone'];
$post[] = "email=" . $order_info['email'];
// Check if test mode is used
if ($processor_data['params']['mode'] == 'test') {
$post[] = "test_override_errors=Y";
}
// Post a request and analyse the response
Registry::set('log_cut_data', array('ccnumber', 'month', 'year'));
list($a, $return) = fn_https_request('POST', "https://transactions.innovativegateway.com/servlet/com.gateway.aai.Aai", $post);
// Create array with response values
$response_ = explode('||', $return);
foreach ($response_ as $v) {
$response[substr($v, 0, strpos($v, '='))] = substr(strstr($v, "="), 1);
}
// Form an order result data
$pp_response['order_status'] = empty($response['error']) && !empty($response['approval']) ? 'P' : 'F';
$pp_response['transaction_id'] = $response['anatransid'];
if (!empty($response['avs'])) {
$pp_response['descr_avs'] = $avs_responses[$response['avs']];
}
$pp_response['reason_text'] = empty($response['error']) && !empty($response['approval']) ? "Approval code: " . $response['approval'] : strip_tags($response['error']);
if (!empty($response['test_override_errors'])) {
$pp_response["reason_text"] .= '; TEST TRANSACTION!';
}
\t\t\t\t\t<AcquirerId>{$ticketing_data['AcquirerId']}</AcquirerId>
\t\t\t\t\t<MerchantReference>{$ticketing_data['MerchantReference']}</MerchantReference>
\t\t\t\t\t<RequestType>{$ticketing_data['RequestType']}</RequestType>
\t\t\t\t\t<ExpirePreauth>{$ticketing_data['ExpirePreauth']}</ExpirePreauth>
\t\t\t\t\t<Amount>{$ticketing_data['Amount']}</Amount>
\t\t\t\t\t<CurrencyCode>{$ticketing_data['CurrencyCode']}</CurrencyCode>
\t\t\t\t\t<Installments>{$ticketing_data['Installments']}</Installments>
\t\t\t\t\t<Bnpl>0</Bnpl>
\t\t\t\t\t<Parameters>{$ticketing_data['Parameters']}</Parameters>
\t\t\t\t</Request>
\t\t\t</IssueNewTicket>
\t\t</soap:Body>
\t</soap:Envelope>
EOT;
$str = str_replace(array("\t", "\n", "\r"), '', $str);
list($headers, $response_data) = fn_https_request("POST", "https://paycenter.winbank.gr/services/tickets/issuer.asmx", array($str), "", "", "text/xml", "", "", "", array("SOAPAction: \"http://piraeusbank.gr/paycenter/redirection/IssueNewTicket\""));
$resultcode = true;
$pp_response = array();
if (strpos($response_data, '<ResultCode') !== false) {
if (preg_match('!<ResultCode[^>]*>([^>]+)</ResultCode>!', $response_data, $matches)) {
$resultcode = $matches[1];
}
}
if ($resultcode == "0") {
if (strpos($response_data, '<TranTicket') !== false) {
if (preg_match('!<TranTicket[^>]*>([^>]+)</TranTicket>!', $response_data, $matches)) {
$pp_response['TranTicket'] = $matches[1];
}
}
if (strpos($response_data, '<Timestamp') !== false) {
if (preg_match('!<Timestamp[^>]*>([^>]+)</Timestamp>!', $response_data, $matches)) {
****************************************************************************/
//
// $Id: camtech_direct.php 7502 2009-05-19 14:54:59Z zeke $
//
if (!defined('AREA')) {
die('Access denied');
}
$test_mode = $processor_data["params"]["test"] == "Y" ? "TRUE" : "";
$request_script = $processor_data["params"]["test"] == "Y" ? "www.securepay.com.au/test/payment" : "www.securepay.com.au/xmlapi/payment";
$_order_id = $processor_data['params']['order_prefix'] . ($order_info['repaid'] ? $order_id . '_' . $order_info['repaid'] : $order_id);
$camtech_password = $processor_data['params']['password'];
$camtech_username = $processor_data['params']['client_id'];
$timestamp = fn_camtech_getgmttimestamp();
$vars = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" . "<SecurePayMessage>" . "<MessageInfo>" . "<messageID>8af793f9af34bea0cf40f5fb5c630c</messageID>" . "<messageTimestamp>" . urlencode($timestamp) . "</messageTimestamp>" . "<timeoutValue>60</timeoutValue>" . "<apiVersion>xml-4.2</apiVersion>" . "</MessageInfo>" . "<MerchantInfo>" . "<merchantID>" . $camtech_username . "</merchantID>" . "<password>" . $camtech_password . "</password>" . "</MerchantInfo>" . "<RequestType>Payment</RequestType>" . "<Payment>" . "<TxnList count=\"1\">" . "<Txn ID=\"1\">" . "<txnType>0</txnType>" . "<txnSource>23</txnSource>" . "<amount>" . 100 * $order_info['total'] . "</amount>" . "<purchaseOrderNo>" . $_order_id . "</purchaseOrderNo>" . "<CreditCardInfo>" . "<cardNumber>" . $order_info['payment_info']['card_number'] . "</cardNumber>" . "<expiryDate>" . $order_info['payment_info']['expiry_month'] . "/" . $order_info['payment_info']['expiry_year'] . "</expiryDate>" . "<cvv>" . $order_info['payment_info']['cvv2'] . "</cvv>" . "</CreditCardInfo>" . "</Txn>" . "</TxnList>" . "</Payment>" . "</SecurePayMessage>";
Registry::set('log_cut_data', array('cardNumber', 'expiryDate', 'cvv'));
list($a, $response) = fn_https_request('POST', $request_script, $vars, '', '', 'text/xml');
$xmlres = fn_camtech_makexmltree($response);
$status_code = trim($xmlres['SecurePayMessage']['Status']['statusCode']);
$status_description = trim($xmlres['SecurePayMessage']['Status']['statusDescription']);
$approved = !empty($xmlres['SecurePayMessage']['Payment']['TxnList']['Txn']['approved']) ? trim($xmlres['SecurePayMessage']['Payment']['TxnList']['Txn']['approved']) : 'No';
$response_code = !empty($xmlres['SecurePayMessage']['Payment']['TxnList']['Txn']['responseCode']) ? trim($xmlres['SecurePayMessage']['Payment']['TxnList']['Txn']['responseCode']) : '';
$response_text = !empty($xmlres['SecurePayMessage']['Payment']['TxnList']['Txn']['responseText']) ? trim($xmlres['SecurePayMessage']['Payment']['TxnList']['Txn']['responseText']) : '';
$txn_id = !empty($xmlres['SecurePayMessage']['Payment']['TxnList']['Txn']['txnID']) ? trim($xmlres['SecurePayMessage']['Payment']['TxnList']['Txn']['txnID']) : '';
if ($status_code == "000" && $approved == "Yes") {
$pp_response['order_status'] = 'P';
$pp_response["reason_text"] = "Response Code: " . $response_code . ", Trans ID: " . $txn_id;
} else {
$pp_response['order_status'] = 'F';
$pp_response["reason_text"] = "Status Code:" . $status_code . ", Description: " . $status_description . ", Response Code: " . $response_code;
}
function fn_camtech_getgmttimestamp()
$post = array();
$post[] = "<Txn>";
$post[] = "<PostUsername>" . $processor_data["params"]["merchantid"] . "</PostUsername>";
$post[] = "<PostPassword>" . $processor_data["params"]["password"] . "</PostPassword>";
$post[] = "<TxnType>Purchase</TxnType>";
$post[] = "<CardHolderName>" . $order_info['payment_info']['cardholder_name'] . "</CardHolderName>";
$post[] = "<CardNumber>" . $order_info['payment_info']['card_number'] . "</CardNumber>";
$post[] = "<Cvc2>" . $order_info['payment_info']['cvv2'] . "</Cvc2>";
$post[] = "<Amount>" . $order_info["total"] . "</Amount>";
$post[] = "<DateExpiry>" . $order_info['payment_info']['expiry_month'] . '/' . $order_info['payment_info']['expiry_year'] . "</DateExpiry>";
$post[] = "<MerchantReference>" . ($order_info['repaid'] ? $order_id . '_' . $order_info['repaid'] : $order_id) . "</MerchantReference>";
$post[] = "<InputCurrency>" . $processor_data["params"]["currency"] . "</InputCurrency>";
$post[] = "</Txn>";
// Post a request and analyse the response
Registry::set('log_cut_data', array('CardHolderName', 'CardNumber', 'Cvc2', 'DateExpiry'));
list($a, $return) = fn_https_request("POST", "https://www.paymentexpress.com/pxpost.aspx", $post, '');
preg_match("/<Success>(.*)<\\/Success>/", $return, $success);
preg_match("/<Amount>(.*)<\\/Amount>/", $return, $amount);
// Check whethe success parameter is 1 and amount is equal to the cart[total], If everything allright than order is Processed
if ($success[1] == "1" && fn_format_price($amount[1]) == fn_format_price($order_info['total'])) {
$pp_response['order_status'] = 'P';
preg_match("/<AuthCode>(.*)<\\/AuthCode>/", $return, $authcode);
$pp_response["reason_text"] = "(AuthCode: " . $authcode[1] . ") ";
} else {
// Otherwise the order is failed
$pp_response['order_status'] = 'F';
$pp_response["reason_text"] = '';
}
// Fill the payment info that will be shown on the order details in admin area.
preg_match("/<MerchantResponseText>(.*)<\\/MerchantResponseText>/", $return, $text);
preg_match("/<MerchantResponseDescription>(.*)<\\/MerchantResponseDescription>/", $return, $text2);
function fn_associate_order_id($order_id, $transaction_id, $schema_url)
{
$payment_id = db_get_field("SELECT payment_id FROM ?:orders WHERE order_id = ?i", $order_id);
$processor_data = fn_get_payment_method_data($payment_id);
$base_url = 'https://' . ($processor_data['params']['test'] == 'N' ? 'checkout.google.com' : 'sandbox.google.com/checkout') . '/cws/v2/Merchant/' . $processor_data['params']['merchant_id'];
$request_url = $base_url . '/request';
$post = array();
$post[] = "<add-merchant-order-number xmlns='" . $schema_url . "' google-order-number='" . $transaction_id . "'>";
$post[] = "<merchant-order-number>" . $order_id . "</merchant-order-number>";
$post[] = "</add-merchant-order-number>";
$_id = base64_encode($processor_data['params']['merchant_id'] . ":" . $processor_data['params']['merchant_key']);
$headers[] = "Authorization: Basic {$_id}";
$headers[] = "Accept: application/xml ";
list($a, $return) = fn_https_request("POST", $request_url, $post, '', '', 'application/xml', '', '', '', $headers);
return true;
}
$pp_response['reason_text'] = $response['3'];
} elseif ($status[1] == '4') {
$pp_response['order_status'] = 'D';
$pp_response['reason_text'] = $response['4'];
} elseif ($status[1] == '5') {
$pp_response['order_status'] = 'D';
$pp_response['reason_text'] = fn_get_lang_var('order_id') . '-' . $_REQUEST['order_id'];
}
$pp_response['transaction_id'] = '';
fn_finish_payment($_REQUEST['order_id'], $pp_response, false);
fn_order_placement_routines($_REQUEST['order_id']);
} else {
$str = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:SOAP-ENC=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:si=\"http://soapinterop.org/xsd\">\n<SOAP-ENV:Body>\n<PrepareTransaction xmlns=\"https://secure.cardia.no/Service/Card/Transaction/1.2/Transaction.asmx\">\n\t<merchantToken>" . $processor_data["params"]["merchanttoken"] . "</merchantToken>\n\t<applicationIdentifier></applicationIdentifier>\n\t<store>" . $processor_data["params"]["store"] . "</store>\n\t<orderDescription>Order#" . $order_id . "</orderDescription>\n\t<merchantReference>" . ($order_info['repaid'] ? $order_id . '_' . $order_info['repaid'] : "{$order_id}") . "</merchantReference>\n\t<currencyCode>" . $processor_data["params"]["currency"] . "</currencyCode>\n\t<successfulTransactionUrl>" . htmlspecialchars($processor_data["params"]["postbackurl"] . "&order_id=" . $order_id) . "</successfulTransactionUrl>\n\t<unsuccessfulTransactionUrl>" . htmlspecialchars($processor_data["params"]["postbackurl"] . "&order_id=" . $order_id) . "</unsuccessfulTransactionUrl>\n\t<authorizedNotAuthenticatedUrl></authorizedNotAuthenticatedUrl>\n\t<amount>" . str_replace(",", ". ", $order_info["total"]) . "</amount>\n\t<skipFirstPage>" . $processor_data["params"]["skipFirstPage"] . "</skipFirstPage>\n\t<skipLastPage>" . $processor_data["params"]["skipLastPage"] . "</skipLastPage>\n\t<isOnHold>" . $processor_data["params"]["isOnHold"] . "</isOnHold>\n\t<useThirdPartySecurity>" . $processor_data["params"]["useThirdPartySecurity"] . "</useThirdPartySecurity>\n\t<paymentMethod>3000</paymentMethod>\n</PrepareTransaction>\n</SOAP-ENV:Body>\n</SOAP-ENV:Envelope>";
$str = str_replace("\t", '', $str);
$str = str_replace("\n", '', $str);
list($headers, $response) = fn_https_request("POST", "https://secure.cardia.no:443/Service/Card/Transaction/1.2/Transaction.asmx", array($str), "", "", "text/xml", "", "", "", array("SOAPAction: \"https://secure.cardia.no/Service/Card/Transaction/1.2/Transaction.asmx/PrepareTransaction\""));
if (preg_match("/Address>([^<]+)<\\/Address/", $response, $a_addr) && preg_match("/ReferenceGuid>([^<]+)<\\/ReferenceGuid/", $response, $a_guid)) {
$addr = $a_addr[1];
$guid = $a_guid[1];
if (!empty($guid) && !empty($addr)) {
$msg = fn_get_lang_var('text_cc_processor_connection');
$msg = str_replace('[processor]', 'Cardia Shop', $msg);
$cardia_request = <<<EOT
\t\t\t<html>
\t\t\t<body onload="document.process.submit();">
\t\t\t<form action="{$addr}" name="process" method="get">
\t\t\t<input type="hidden" name="guid" value="{$guid}">
\t\t\t</form>
\t\t\t<div align=center>{$msg}</div>
\t\t\t</body>
\t\t\t</html>
$pp_data[] = "x_amount=" . fn_format_price($order_info['total']);
$pp_data[] = "x_currency_code=" . $processor_data['params']['currency'];
$pp_data[] = "x_method=CC";
$pp_data[] = "x_recurring_billing=NO";
$pp_data[] = "x_type=" . $transaction_types[$trans_type];
// CC information
$pp_data[] = "x_card_num=" . $order_info['payment_info']['card_number'];
$pp_data[] = "x_exp_date=" . $order_info['payment_info']['expiry_month'] . '/' . $order_info['payment_info']['expiry_year'];
$pp_data[] = "x_card_code=" . $order_info['payment_info']['cvv2'];
// Cart totals
$pp_data[] = "x_relay_response=FALSE";
$pp_data[] = "x_tax=" . fn_format_price($order_info['tax_subtotal']);
$pp_data[] = "x_freight=" . fn_format_price($order_info['shipping_cost']);
$payment_url = $processor_data['params']['mode'] == 'developer' ? "https://test.authorize.net/gateway/transact.dll" : "https://secure.authorize.net:443/gateway/transact.dll";
Registry::set('log_cut_data', array('x_card_num', 'x_exp_date', 'x_card_code'));
$__response = fn_https_request('POST', $payment_url, $pp_data);
// TESTING: failed response
//$__response[1] = "|3|,|2|,|33|,|(TESTMODE) A valid referenced transaction ID is required.|,|000000|,|P|,|0|,|TO-40|,||,|78.00|,|CC|,|prior_auth_capture|,|1|,|admin|,|admin|,|Company|,|admin|,|admin|,|MI|,|admin|,|US|,|admin|,||,|customer@192.168.0.33|,|admin|,|admin|,|Company|,|admin|,|admin|,|MI|,|admin|,|US|,|0.0000|,||,||,||,||,|BBF4A22888BA05DD5B5E738F451680E5|,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||";
// TESTING: approved response
//$__response[1] = "|1|,|1|,|1|,|(TESTMODE) This transaction has been approved.|,|000000|,|P|,|0|,|TO-69|,||,|999.00|,|CC|,|auth_capture|,|1|,|admin|,|admin|,|Company|,|admin|,|admin|,|MI|,|admin|,|US|,|admin|,||,|aa@bb.cc|,|admin|,|admin|,|Company|,|admin|,|admin|,|MI|,|admin|,|US|,|0.0000|,||,|0.0000|,||,||,|6C4073133067D5176BE6F9F389CCE229|,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||,||";
// Gateway answered
if (is_array($__response) && !empty($__response[1])) {
$response_data = explode('|,|', '|,' . $__response[1] . ',|');
// Gateway didn't answer - set some kind of error ;)
} else {
$response_data = array();
$response_data[1] = 3;
// Transaction failed
$response_data[4] = '';
}
$pp_response = array();
function fn_specific_development_before_login($request, $redirect_url)
{
if (!empty($request['token'])) {
$auth =& $auth;
$_request = array();
$_request[] = 'apiKey=' . Registry::get('addons.specific_development.apikey');
$_request[] = 'token=' . $request['token'];
list($header, $_result) = fn_https_request('POST', 'https://rpxnow.com/api/v2/auth_info', $_request);
$data = fn_from_json($_result, true);
if (isset($data['stat']) && $data['stat'] == 'ok') {
$user_data = array();
$user_data = db_get_row('SELECT user_id, password FROM ?:users WHERE janrain_identifier = ?s', md5($data['profile']['identifier']));
if (empty($user_data['user_id'])) {
Registry::get('settings.General.address_position') == 'billing_first' ? $address_zone = 'b' : ($address_zone = 's');
$user_data = array();
$user_data['janrain_identifier'] = md5($data['profile']['identifier']);
$user_data['email'] = !empty($data['profile']['verifiedEmail']) ? $data['profile']['verifiedEmail'] : (!empty($data['profile']['email']) ? $data['profile']['email'] : $data['profile']['displayName'] . '@' . $data['profile']['preferredUsername'] . '.com');
$user_data['user_login'] = !empty($data['profile']['verifiedEmail']) ? $data['profile']['verifiedEmail'] : (!empty($data['profile']['email']) ? $data['profile']['email'] : $data['profile']['displayName'] . '@' . $data['profile']['preferredUsername'] . '.com');
$user_data['user_type'] = 'C';
$user_data['is_root'] = 'N';
$user_data['password1'] = $user_data['password2'] = '';
$user_data['title'] = 'mr';
$user_data[$address_zone . '_firstname'] = !empty($data['profile']['name']['givenName']) ? $data['profile']['name']['givenName'] : $data['profile']['displayName'];
$user_data[$address_zone . '_lastname'] = !empty($data['profile']['name']['familyName']) ? $data['profile']['name']['familyName'] : '';
list($user_data['user_id'], $profile_id) = fn_update_user('', $user_data, $auth, true, false, false);
}
$user_status = empty($user_data['user_id']) ? LOGIN_STATUS_USER_NOT_FOUND : fn_login_user($user_data['user_id']);
if ($user_status == LOGIN_STATUS_OK) {
if (empty($user_data['password'])) {
$subscriber = db_get_row("SELECT * FROM ?:subscribers WHERE email = ?s", $user_data['email']);
if (empty($subscriber)) {
$c_data = array('email' => $user_data['email'], 'timestamp' => TIME);
$subscriber_id = db_query("INSERT INTO ?:subscribers ?e", $c_data);
$_data['subscriber_id'] = $subscriber_id;
$_data['list_id'] = "1";
$_data['timestamp'] = TIME;
$_data['activation_key'] = md5(uniqid(rand()));
$_data['unsubscribe_key'] = md5(uniqid(rand()));
db_query("INSERT INTO ?:user_mailing_lists ?e", $_data);
} else {
$subscriber_id = $subscriber['subscriber_id'];
}
$redirect_url = 'checkout.checkout&edit_step=step_two&from_step=step_one';
} else {
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : $index_script;
}
} elseif ($user_status == LOGIN_STATUS_USER_DISABLED) {
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_account_disabled'));
fn_save_post_data();
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : $index_script;
} elseif ($user_status == LOGIN_STATUS_USER_NOT_FOUND) {
fn_delete_notification('user_exist');
fn_set_notification('W', fn_get_lang_var('warning'), fn_get_lang_var('janrain_cant_create_profile'));
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : $index_script;
}
fn_delete_user($user_data['user_id']);
}
unset($request['token']);
} elseif (empty($_REQUEST['user_login']) || empty($_REQUEST['password'])) {
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : $index_script;
}
}
$cvverr = array('M' => 'Match', 'N' => 'No Match', 'U' => 'Issuer Not Identified');
$post = array();
$post[] = 'MerchantID=' . $processor_data['params']['merchant_id'];
$post[] = 'RegKey=' . $processor_data['params']['key'];
$post[] = 'Amount=' . $order_info['total'];
$post[] = 'REFID=' . $processor_data['params']['order_prefix'] . ($order_info['repaid'] ? $order_id . '_' . $order_info['repaid'] : $order_id);
$post[] = 'AccountNo=' . $order_info['payment_info']['card_number'];
$post[] = 'CCMonth=' . $order_info['payment_info']['expiry_month'];
$post[] = 'CCYear=' . $order_info['payment_info']['expiry_year'];
$post[] = 'NameonAccount=' . $order_info['payment_info']['cardholder_name'];
$post[] = 'AVSADDR=' . $order_info['b_address'];
$post[] = 'AVSZIP=' . $order_info['b_zipcode'];
$post[] = 'CVV2=' . $order_info['payment_info']['cvv2'];
$post[] = 'CCRURL=Unix';
Registry::set('log_cut_data', array('AccountNo', 'CCMonth', 'CCYear', 'CVV2'));
list($a, $return) = fn_https_request("POST", "https://webservices.primerchants.com:443/billing/TransactionCentral/processCC.asp", $post);
if (preg_match("/Auth=(.*)&/U", $return, $res)) {
if ($res[1] != "Declined") {
$pp_response['order_status'] = 'P';
$pp_response["reason_text"] = "AuthCode: " . $res[1];
if ($res[1] == '999999') {
$pp_response["reason_text"] .= "; " . fn_get_lang_var("test_transaction");
}
} else {
$pp_response['order_status'] = 'F';
preg_match("/Notes=(.*)&/U", $return, $mess);
$pp_response["reason_text"] = $res[1] . ": " . $mess[1];
}
if (preg_match("/TransID=(.*)&/U", $return, $tran)) {
$pp_response["transaction_id"] = $tran[1];
}
$post_data[] = '<TransRequestID>' . $processor_data['params']['order_prefix'] . ($order_info['repaid'] ? $order_id . '_' . $order_info['repaid'] : $order_id) . '</TransRequestID>';
$post_data[] = '<CreditCardNumber>' . $order_info['payment_info']['card_number'] . '</CreditCardNumber>';
$post_data[] = '<ExpirationMonth>' . $order_info['payment_info']['expiry_month'] . '</ExpirationMonth>';
$post_data[] = '<ExpirationYear>20' . $order_info['payment_info']['expiry_year'] . '</ExpirationYear>';
$post_data[] = '<IsCardPresent>1</IsCardPresent>';
$post_data[] = '<Amount>' . $order_info['total'] . '</Amount>';
$post_data[] = '<NameOnCard>' . $order_info['payment_info']['cardholder_name'] . '</NameOnCard>';
$post_data[] = '<CreditCardAddress>' . $order_info['b_address'] . '</CreditCardAddress>';
$post_data[] = '<CreditCardPostalCode>' . $order_info['b_zipcode'] . '</CreditCardPostalCode>';
$post_data[] = '<CardSecurityCode>' . $order_info['payment_info']['cvv2'] . '</CardSecurityCode>';
$post_data[] = '</CustomerCreditCardChargeRq>';
$post_data[] = '</QBMSXMLMsgsRq>';
$post_data[] = '</QBMSXML>';
// Make a request to the QBMS Server
Registry::set('log_cut_data', array('CreditCardNumber', 'ExpirationMonth', 'ExpirationYear', 'CardSecurityCode'));
list($a, $__response) = fn_https_request("POST", $post_url, $post_data, "", "", "application/x-qbmsxml", "", $sslcert, $sslcert);
// Parse the Response from the Server
$root = fn_qb_get_xml_body($__response);
$signon = $root->getElementByPath("SignonMsgsRs/SignonTicketRs");
$response['signon_status'] = $signon->getAttribute("statusCode");
$customer = $root->getElementByPath("QBMSXMLMsgsRs/CustomerCreditCardChargeRs");
$response['customer_status'] = $customer->getAttribute("statusCode");
// Got Signon error
if (!empty($response['signon_status'])) {
$pp_response['order_status'] = 'F';
$pp_response['reason_text'] = $response['signon_status'] . ': ' . $signon->getAttribute("statusMessage");
// Got Customer error
} elseif (!empty($response['customer_status'])) {
$pp_response['order_status'] = 'F';
$pp_response['reason_text'] = $response['customer_status'] . ': ' . $customer->getAttribute("statusMessage");
// Transaction is successfull
/**
* sends a request to FedEx using cUrl
*
* @return string
* @access private
*/
function _sendCurl()
{
list($header, $this->httpBody) = fn_https_request('POST', $this->fedex_uri, $this->sBuf, '', '');
if (empty($header)) {
$this->setError($this->httpBody);
return false;
}
if (strlen($this->httpBody) == 0) {
$this->debug("body contains no data");
$this->setError("body contains no data");
return false;
}
$time = $this->getmicrotime() - $this->time_start;
$this->debug('Got response from FedEx (' . $time . ')');
return $this->httpBody;
}
$post_data[] = 'dc_number=' . $order_info['payment_info']['card_number'];
$post_data[] = 'dc_expiration_month=' . $order_info['payment_info']['expiry_month'];
$post_data[] = 'dc_expiration_year=' . $order_info['payment_info']['expiry_year'];
$post_data[] = 'dc_verification_number=' . $order_info['payment_info']['cvv2'];
// Transaction
$post_data[] = 'dc_transaction_amount=' . $order_info['total'];
$post_data[] = 'dc_transaction_type=' . $processor_data['params']['type'];
$post_data[] = 'dc_version=1.2';
// Credit Card Address
$post_data[] = 'dc_address=' . $order_info['b_address'];
$post_data[] = 'dc_city=' . $order_info['b_city'];
$post_data[] = 'dc_state=' . $order_info['b_state'];
$post_data[] = 'dc_zipcode=' . $order_info['b_zipcode'];
$post_data[] = 'dc_country=' . $order_info['b_country'];
Registry::set('log_cut_data', array('dc_number', 'dc_expiration_month', 'dc_expiration_year', 'dc_verification_number'));
list($a, $return) = fn_https_request("POST", "https://payjunction.com/quick_link", $post_data);
$return = strtr($return, array(chr(28) => "&"));
parse_str($return, $response);
$pp_response = array();
if (empty($response["response_code"])) {
$response["response_code"] = @$response["dc_response_code"];
}
$pp_response['order_status'] = $response["response_code"] == "00" || $response["response_code"] == "85" ? 'P' : 'D';
$pp_response["reason_text"] = !empty($response["response_message"]) ? $response["response_message"] : @$response["dc_response_message"];
if (!empty($response["dc_approval_code"])) {
$pp_response["reason_text"] .= " (Approval Code: " . $response["dc_approval_code"] . ")";
}
if (!empty($response["dc_posture"])) {
$pp_response["reason_text"] .= " (Posture status: " . $response["dc_posture"] . ")";
}
if (!empty($response["dc_transaction_id"]) && $response["dc_transaction_id"] != 'null') {
//
if (!defined('AREA')) {
die('Access denied');
}
$post_address = "https://va.eftsecure.net/cgi-bin/eftBankcard.dll?transaction";
$post = array();
$post[] = "M_id=" . $processor_data["params"]["merchant_id"];
$post[] = "M_key=" . $processor_data["params"]["merchant_key"];
$post[] = "T_code=01";
$post[] = "T_ordernum=" . ($order_info['repaid'] ? $order_id . $order_info['repaid'] : $order_id);
$post[] = "T_amt=" . $order_info["total"];
$post[] = "C_name=" . $order_info['payment_info']['cardholder_name'];
$post[] = "C_cardnumber=" . $order_info['payment_info']['card_number'];
$post[] = "C_exp=" . $order_info['payment_info']['expiry_month'] . $order_info['payment_info']['expiry_year'];
$post[] = "C_address=" . $order_info["b_address"];
$post[] = "C_city=" . $order_info["b_city"];
if (!empty($order_info["b_state"])) {
$post[] = "C_state=" . $order_info['b_state_descr'];
}
$post[] = "C_country=" . $order_info['b_country_descr'];
$post[] = "C_zip=" . $order_info["b_zipcode"];
$post[] = "C_cvv=" . $order_info['payment_info']['cvv2'];
// Post a request and analyse the response
Registry::set('log_cut_data', array('C_name', 'C_cardnumber', 'C_exp', 'C_cvv'));
list($a, $return) = fn_https_request("POST", $post_address, $post);
$pp_response["order_status"] = substr($return, 1, 1) == 'A' ? 'P' : 'F';
$pp_response["reason_text"] = substr($return, 8, 32);
$pp_response["reason_text"] .= "<br>CVV Indicator=" . substr($return, 42, 1);
$pp_response["reason_text"] .= "<br>AVS Indicator=" . substr($return, 43, 1);
$pp_response["reason_text"] .= "<br>Risk Indicator=" . substr($return, 44, 2);
$pp_response["transaction_id"] = substr($return, 46, 10);
<PostalCode>{$order_info['b_zipcode']}</PostalCode>
</Address>
</CardOwner>
<CVV2>{$paypal_card_cvv2}</CVV2>
</CreditCard>
<IPAddress>{$_SERVER['REMOTE_ADDR']}</IPAddress>
{$paypal_3dsecure}
</DoDirectPaymentRequestDetails>
</DoDirectPaymentRequest>
</DoDirectPaymentReq>
</soap:Body>
</soap:Envelope>
EOT;
$post = explode("\n", $paypal_request);
Registry::set('log_cut_data', array('CreditCardType', 'CreditCardNumber', 'ExpMonth', 'ExpYear', 'CVV2', 'StartMonth', 'StartYear'));
list($headers, $response_data) = fn_https_request('POST', $paypal_url, $post, '', '', 'text/xml', '', $paypal_sslcertpath);
$paypal_response = array();
$paypal_response['reason_text'] = '';
if (strpos($response_data, '<faultstring') !== false) {
if (preg_match('!<faultstring[^>]*>([^>]+)</faultstring>!', $response_data, $matches)) {
$paypal_response['reason_text'] = $matches[1];
}
$paypal_response['order_status'] = 'F';
// FIXME. Shouldn't be hardcoded
}
if (strpos($response_data, '<Errors') !== false) {
if (preg_match('!<LongMessage[^>]*>([^>]+)</LongMessage>!', $response_data, $matches)) {
$paypal_response['reason_text'] = $matches[1];
}
$paypal_response['order_status'] = 'F';
// FIXME. Shouldn't be hardcoded
$post[] = 'authorization=' . $authorisation;
$post[] = 'merchant_email=' . Registry::get('settings.Company.company_orders_department');
$post[] = 'grand_total=' . $order_info['total'];
$post[] = 'original_amount=' . $order_info['total'];
$post[] = 'cc_number=' . $order_info['payment_info']['card_number'];
$post[] = 'ccexp_month=' . $order_info['payment_info']['expiry_month'];
$post[] = 'ccexp_year=20' . $order_info['payment_info']['expiry_year'];
$post[] = 'cnp_security=' . $order_info['payment_info']['cvv2'];
$post[] = 'merchant_trace_nbr=' . $processor_data['params']['order_prefix'] . ($order_info['repaid'] ? $order_id . '_' . $order_info['repaid'] : $order_id);
$post[] = 'order_number=' . $order_num;
$post[] = 'original_trandate_mm=' . date('m');
$post[] = 'original_trandate_dd=' . date('d');
$post[] = 'original_trandate_yyyy=' . date('Y');
$post[] = 'counter=1';
Registry::set('log_cut_data', array('cc_number', 'ccexp_month', 'ccexp_year', 'cnp_security'));
list($a, $return) = fn_https_request("POST", "https://wwws1.echo-inc.com:443/scripts/INR200.EXE", $post);
preg_match("/<ECHOTYPE3>.*<status>(.*)<\\/status>.*<\\/ECHOTYPE3>/U", $return, $out);
$respcode = $out[1];
if ($respcode == "G") {
preg_match("/<ECHOTYPE3>.*<echo_reference>(.*)<\\/echo_reference>.*<\\/ECHOTYPE3>/U", $return, $out);
if (!empty($out[1])) {
$pp_response['reason_text'] .= " (ECHO Reference=" . $out[1] . ")";
}
$pp_response['order_status'] = 'P';
} else {
preg_match("/<ECHOTYPE3>.*<decline_code>(.*)<\\/decline_code>.*<\\/ECHOTYPE3>/U", $return, $out);
if (!empty($out[1])) {
if ($out[1] > 9000) {
$out[1] = 9000;
}
$out[1] += 0;
$post_data[] = '<billing>';
$post_data[] = '<name>' . $order_info['b_firstname'] . ' ' . $order_info['b_lastname'] . '</name>';
$post_data[] = '<address1>' . $order_info['b_address'] . '</address1>';
$post_data[] = '<addrnum>' . $addrnum . '</addrnum>';
$post_data[] = '<city>' . $order_info['b_city'] . '</city>';
$post_data[] = '<state>' . $order_info['b_state'] . '</state>';
$post_data[] = '<zip>' . $order_info['b_zipcode'] . '</zip>';
$post_data[] = '<country>' . $order_info['b_country'] . '</country>';
$post_data[] = '<phone>' . $order_info['phone'] . '</phone>';
$post_data[] = '<email>' . $order_info['email'] . '</email></billing>';
$post_data[] = '<transactiondetails>';
$post_data[] = '<oid>' . $o_prefix . ($order_info['repaid'] ? $order_id . '_' . $order_info['repaid'] : $order_id) . '</oid>';
$post_data[] = '</transactiondetails>';
$post_data[] = '</order>';
Registry::set('log_cut_data', array('cardnumber', 'cardexpmonth', 'cardexpyear', 'cvmvalue'));
list($a, $__response) = fn_https_request("POST", "https://{$host}:{$port}/LSGSXML", $post_data, "", "", "application/x-www-form-urlencoded", "", $sert, $sert);
$pp_response = array();
if (preg_match("/<r_approved>(.*)<\\/r_approved>/", $__response, $out)) {
if ($out[1] == "APPROVED") {
$pp_response['order_status'] = 'P';
if (preg_match("/<r_code>(.*)<\\/r_code>/", $__response, $out)) {
if (preg_match("/^(\\w{6})(\\w{10}):(\\w{2})(\\w)(\\w):(.*):\$/", $out[1], $response_data)) {
$pp_response['reason_text'] = "Approval number: " . $response_data[1] . "; Reference number: " . $response_data[2] . "; Leaseline transaction identifier: " . $response_data[6];
$pp_response['transaction_id'] = !empty($response_data[6]) ? $response_data[6] : '';
$pp_response['descr_avs'] = !empty($response_data[3]) ? $processor_error['avs'][$response_data[3]] : '';
$pp_response['descr_cvv'] = !empty($response_data[5]) ? $processor_error['cvv'][$response_data[5]] : '';
}
}
} else {
$pp_response['order_status'] = 'D';
$pp_response['reason_text'] = "[" . $out[1] . "] ";
$post[] = '<ewayCustomerEmail>' . $order_info['email'] . '</ewayCustomerEmail>';
$post[] = '<ewayCustomerAddress>' . $order_info['b_address'] . '</ewayCustomerAddress>';
$post[] = '<ewayCustomerPostcode>' . $order_info['b_zipcode'] . '</ewayCustomerPostcode>';
$post[] = '<ewayCustomerInvoiceDescription>' . $payment_description . '</ewayCustomerInvoiceDescription>';
$post[] = '<ewayCustomerInvoiceRef>' . $_order_id . '</ewayCustomerInvoiceRef>';
$post[] = '<ewayCardHoldersName>' . $order_info['payment_info']['cardholder_name'] . '</ewayCardHoldersName>';
$post[] = '<ewayCardNumber>' . $order_info['payment_info']['card_number'] . '</ewayCardNumber>';
$post[] = '<ewayCardExpiryMonth>' . $order_info['payment_info']['expiry_month'] . '</ewayCardExpiryMonth>';
$post[] = '<ewayCardExpiryYear>' . $order_info['payment_info']['expiry_year'] . '</ewayCardExpiryYear>';
$post[] = '<ewayTrxnNumber></ewayTrxnNumber>';
$post[] = '<ewayOption1></ewayOption1>';
$post[] = '<ewayOption2></ewayOption2>';
$post[] = '<ewayOption3>' . $test_mode . '</ewayOption3>';
$post[] = '</ewaygateway>';
Registry::set('log_cut_data', array('ewayCardNumber', 'ewayCardExpiryMonth', 'ewayCardExpiryYear'));
list($a, $return) = fn_https_request("POST", "https://www.eway.com.au:443/" . $request_script, $post, "", "", "text/xml");
preg_match("/<ewayTrxnStatus>(.*)<\\/ewayTrxnStatus>/", $return, $result);
preg_match("/<ewayReturnAmount>(.*)<\\/ewayReturnAmount>/", $return, $amount);
if ($result[1] == "True" && fn_format_price($amount[1]) == fn_format_price($order_info['total'] * 100)) {
$pp_response['order_status'] = 'P';
preg_match("/<ewayAuthCode>(.*)<\\/ewayAuthCode>/", $return, $authno);
$pp_response["reason_text"] = "AuthNo: " . $authno[1];
} else {
$pp_response['order_status'] = 'F';
preg_match("/<ewayTrxnError>(.*)<\\/ewayTrxnError>/", $return, $error);
if (!empty($error[1])) {
$pp_response["reason_text"] = "Error:" . $error[1];
}
}
preg_match("/<ewayTrxnNumber>(.*)<\\/ewayTrxnNumber>/", $return, $transaction_id);
if (!empty($transaction_id[1])) {
****************************************************************************
* PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE *
* "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. *
****************************************************************************/
//
// $Id: estpay.php 10229 2010-07-27 14:21:39Z 2tl $
//
if (!defined('AREA')) {
die('Access denied');
}
$_order_id = $order_info['repaid'] ? $order_id . '_' . $order_info['repaid'] : $order_id;
// XML request sablonu
$post_data[] = "DATA=<?xml version=\"1.0\" encoding=\"ISO-8859-9\"?>\n<CC5Request>\n<Name>" . $processor_data['params']['merchant_name'] . "</Name>\n<Password>" . $processor_data['params']['merchant_password'] . "</Password>\n<ClientId>" . $processor_data['params']['client_id'] . "</ClientId>\n<IPAddress>" . $_SERVER['REMOTE_ADDR'] . "</IPAddress>\n<Email>" . $order_info['email'] . "</Email>\n<Mode>P</Mode>\n<OrderId>" . $_order_id . "</OrderId>\n<GroupId></GroupId>\n<TransId></TransId>\n<UserId></UserId>\n<Type>Auth</Type>\n<Number>" . $order_info['payment_info']['card_number'] . "</Number>\n<Expires>" . $order_info['payment_info']['expiry_month'] . '/' . $order_info['payment_info']['expiry_year'] . "</Expires>\n<Cvv2Val>" . $order_info['payment_info']['cvv2'] . "</Cvv2Val>\n<Total>" . $order_info['total'] . "</Total>\n<Currency>" . $processor_data['params']['currency'] . "</Currency>\n<BillTo>\n\t<Name>" . $order_info['firstname'] . '+' . $order_info['lastname'] . "</Name>\n\t<Street1>" . $order_info["b_address"] . "</Street1>\n\t<Street2>" . $order_info["b_address_2"] . "</Street2>\n\t<Street3></Street3>\n\t<City>" . $order_info["b_city"] . "</City>\n\t<StateProv>" . $order_info["b_state"] . "</StateProv>\n\t<PostalCode>" . $order_info["b_zipcode"] . "</PostalCode>\n\t<Country>" . $order_info["b_country"] . "</Country>\n\t<Company>" . $order_info["company"] . "</Company>\n\t<TelVoice>" . $order_info['phone'] . "</TelVoice>\n</BillTo>\n\t<ShipTo>\n\t<Name>" . $order_info['firstname'] . '+' . $order_info['lastname'] . "</Name>\n\t<Street1>" . $order_info["s_address"] . "</Street1>\n\t<Street2>" . $order_info["s_address_2"] . "</Street2>\n\t<Street3></Street3>\n\t<City>" . $order_info["s_city"] . "</City>\n\t<StateProv>" . $order_info["s_state"] . "</StateProv>\n\t<PostalCode>" . $order_info["s_zipcode"] . "</PostalCode>\n\t<Country>" . $order_info["s_country"] . "</Country>\n</ShipTo>\n<Extra></Extra>\n</CC5Request>\n";
$url = $processor_data['params']['mode'] == 'test' ? "https://cc5test.est.com.tr/servlet/cc5ApiServer" : "https://vpos.est.com.tr/servlet/cc5ApiServer";
Registry::set('log_cut_data', array('Number', 'Expires', 'Cvv2Val'));
list($a, $return) = fn_https_request("POST", $url, $post_data, '');
$pp_response = array();
if (preg_match("/<Response>(.*)<\\/Response>/", $return, $response)) {
$pp_response['order_status'] = $response[1] == 'Approved' ? 'P' : 'D';
$pp_response['reason_text'] = '';
if (preg_match("/<TransId>(.*)<\\/TransId>/", $return, $transaction_id)) {
$pp_response['transaction_id'] = $transaction_id[1];
}
if ($response[1] === "Approved") {
if (preg_match("/<AuthCode>(.*)<\\/AuthCode>/", $return, $auth_code)) {
$pp_response['reason_text'] = 'Auth code: ' . $auth_code[1] . ' ';
}
$pp_response['reason_text'] .= $response[1];
} else {
if (preg_match("/<ProcReturnCode>(.*)<\\/ProcReturnCode>/", $return, $proc_return_code)) {
$pp_response['reason_text'] = 'Response code: ' . $proc_return_code[1] . ' ';
Registry::get('view_mail')->assign('email', $_REQUEST['email']);
Registry::get('view_mail')->assign('cust_id', $_REQUEST['cust_id']);
fn_send_mail($moneybookers_email, $_REQUEST['email'], 'payments/cc_processors/activate_moneybookers_subj.tpl', 'payments/cc_processors/activate_moneybookers.tpl', '', Registry::get('settings.Appearance.admin_default_language'));
fn_set_notification('N', fn_get_lang_var('notice'), str_replace('[date]', date('m.d.Y'), fn_get_lang_var('text_moneybookers_activate_quick_checkout_short_explanation_1')));
} else {
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('text_moneybookers_empty_input_data'));
}
}
if ($mode == 'validate_secret_word') {
if (!empty($_REQUEST['email']) && !empty($_REQUEST['payment_id']) && !empty($_REQUEST['cust_id']) && !empty($_REQUEST['secret'])) {
$processor_params['pay_to_email'] = $_REQUEST['email'];
$get_data = array();
$get_data['email'] = $_REQUEST['email'];
$get_data['cust_id'] = $master_account_cust_id;
$get_data['secret'] = md5(md5($_REQUEST['secret']) . md5($master_account_secret_word));
list($headers, $result) = fn_https_request("GET", "https://www.moneybookers.com/app/secret_word_check.pl?email={$get_data['email']}&secret={$get_data['secret']}&cust_id={$get_data['cust_id']}");
$result_array = explode(',', $result);
if ($result_array[0] == 'OK') {
fn_set_notification('N', fn_get_lang_var('notice'), fn_get_lang_var('text_moneybookers_secret_word_is_correct'));
} else {
fn_set_notification('E', fn_get_lang_var('error'), str_replace('[date]', date('m.d.Y'), fn_get_lang_var('text_moneybookers_secret_word_is_incorrect')));
}
$processor_params['secret_word'] = $_REQUEST['secret'];
$old_processor_data = fn_get_processor_data($_REQUEST['payment_id']);
$old_processor_param = empty($old_processor_data['params']) ? array() : $old_processor_data['params'];
$new_processor_param = $processor_params;
$new_processor_param = array_merge($old_processor_param, $new_processor_param);
$new_processor_data = serialize($new_processor_param);
db_query("UPDATE ?:payments SET params = ?s WHERE payment_id = ?i", $new_processor_data, $_REQUEST['payment_id']);
$ajax->assign("secret_word_{$_REQUEST['payment_id']}", $processor_params['secret_word']);
}
