function tep_update_whos_online()
{
global $customer_id;
if (tep_session_is_registered('customer_id')) {
$wo_customer_id = $customer_id;
$customer_query = tep_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $customer_id . "'");
$customer = tep_db_fetch_array($customer_query);
$wo_full_name = $customer['customers_firstname'] . ' ' . $customer['customers_lastname'];
} else {
$wo_customer_id = '';
$wo_full_name = 'Guest';
}
$wo_session_id = tep_session_id();
$wo_ip_address = tep_get_ip_address();
$wo_last_page_url = tep_db_prepare_input(getenv('REQUEST_URI'));
$current_time = time();
$xx_mins_ago = $current_time - 900;
// remove entries that have expired
tep_db_query("delete from " . TABLE_WHOS_ONLINE . " where time_last_click < '" . $xx_mins_ago . "'");
$stored_customer_query = tep_db_query("select session_id from " . TABLE_WHOS_ONLINE . " where session_id = '" . tep_db_input($wo_session_id) . "' limit 1");
if (tep_db_num_rows($stored_customer_query) > 0) {
tep_db_query("update " . TABLE_WHOS_ONLINE . " set customer_id = '" . (int) $wo_customer_id . "', full_name = '" . tep_db_input($wo_full_name) . "', ip_address = '" . tep_db_input($wo_ip_address) . "', time_last_click = '" . tep_db_input($current_time) . "', last_page_url = '" . tep_db_input($wo_last_page_url) . "' where session_id = '" . tep_db_input($wo_session_id) . "'");
} else {
tep_db_query("insert into " . TABLE_WHOS_ONLINE . " (customer_id, full_name, session_id, ip_address, time_entry, time_last_click, last_page_url) values ('" . (int) $wo_customer_id . "', '" . tep_db_input($wo_full_name) . "', '" . tep_db_input($wo_session_id) . "', '" . tep_db_input($wo_ip_address) . "', '" . tep_db_input($current_time) . "', '" . tep_db_input($current_time) . "', '" . tep_db_input($wo_last_page_url) . "')");
}
}
function process_button()
{
global $customer_id, $order, $sendto, $currency;
$process_button_string = $this->_InsertFP(MODULE_PAYMENT_AUTHORIZENET_CC_SIM_LOGIN_ID, MODULE_PAYMENT_AUTHORIZENET_CC_SIM_TRANSACTION_KEY, $this->format_raw($order->info['total']), rand(1, 1000), $currency);
$process_button_string .= tep_draw_hidden_field('x_login', substr(MODULE_PAYMENT_AUTHORIZENET_CC_SIM_LOGIN_ID, 0, 20)) . tep_draw_hidden_field('x_version', '3.1') . tep_draw_hidden_field('x_show_form', 'PAYMENT_FORM') . tep_draw_hidden_field('x_relay_response', 'TRUE') . tep_draw_hidden_field('x_relay_url', tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', false)) . tep_draw_hidden_field('x_first_name', substr($order->billing['firstname'], 0, 50)) . tep_draw_hidden_field('x_last_name', substr($order->billing['lastname'], 0, 50)) . tep_draw_hidden_field('x_company', substr($order->billing['company'], 0, 50)) . tep_draw_hidden_field('x_address', substr($order->billing['street_address'], 0, 60)) . tep_draw_hidden_field('x_city', substr($order->billing['city'], 0, 40)) . tep_draw_hidden_field('x_state', substr($order->billing['state'], 0, 40)) . tep_draw_hidden_field('x_zip', substr($order->billing['postcode'], 0, 20)) . tep_draw_hidden_field('x_country', substr($order->billing['country']['title'], 0, 60)) . tep_draw_hidden_field('x_phone', substr($order->customer['telephone'], 0, 25)) . tep_draw_hidden_field('x_cust_id', substr($customer_id, 0, 20)) . tep_draw_hidden_field('x_customer_ip', tep_get_ip_address()) . tep_draw_hidden_field('x_email', substr($order->customer['email_address'], 0, 255)) . tep_draw_hidden_field('x_description', substr(STORE_NAME, 0, 255)) . tep_draw_hidden_field('x_amount', substr($this->format_raw($order->info['total']), 0, 15)) . tep_draw_hidden_field('x_currency_code', substr($currency, 0, 3)) . tep_draw_hidden_field('x_method', 'CC') . tep_draw_hidden_field('x_type', MODULE_PAYMENT_AUTHORIZENET_CC_SIM_TRANSACTION_METHOD == 'Capture' ? 'AUTH_CAPTURE' : 'AUTH_ONLY');
if (is_numeric($sendto) && $sendto > 0) {
$process_button_string .= tep_draw_hidden_field('x_ship_to_first_name', substr($order->delivery['firstname'], 0, 50)) . tep_draw_hidden_field('x_ship_to_last_name', substr($order->delivery['lastname'], 0, 50)) . tep_draw_hidden_field('x_ship_to_company', substr($order->delivery['company'], 0, 50)) . tep_draw_hidden_field('x_ship_to_address', substr($order->delivery['street_address'], 0, 60)) . tep_draw_hidden_field('x_ship_to_city', substr($order->delivery['city'], 0, 40)) . tep_draw_hidden_field('x_ship_to_state', substr($order->delivery['state'], 0, 40)) . tep_draw_hidden_field('x_ship_to_zip', substr($order->delivery['postcode'], 0, 20)) . tep_draw_hidden_field('x_ship_to_country', substr($order->delivery['country']['title'], 0, 60));
}
if (MODULE_PAYMENT_AUTHORIZENET_CC_SIM_TRANSACTION_MODE == 'Test') {
$process_button_string .= tep_draw_hidden_field('x_test_request', 'TRUE');
}
for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
$process_button_string .= tep_draw_hidden_field('x_line_item', $i + 1 . '<|>' . substr($order->products[$i]['name'], 0, 31) . '<|>' . substr($order->products[$i]['name'], 0, 255) . '<|>' . $order->products[$i]['qty'] . '<|>' . $this->format_raw($order->products[$i]['final_price']) . '<|>' . ($order->products[$i]['tax'] > 0 ? 'YES' : 'NO'));
}
$tax_value = 0;
reset($order->info['tax_groups']);
while (list($key, $value) = each($order->info['tax_groups'])) {
if ($value > 0) {
$tax_value += $this->format_raw($value);
}
}
if ($tax_value > 0) {
$process_button_string .= tep_draw_hidden_field('x_tax', $this->format_raw($tax_value));
}
$process_button_string .= tep_draw_hidden_field('x_freight', $this->format_raw($order->info['shipping_cost'])) . tep_draw_hidden_field(tep_session_name(), tep_session_id());
return $process_button_string;
}
function tep_doautologin()
{
global $HTTP_COOKIE_VARS, $cart, $cart_cs, $cart_fv, $cart_pr, $customer_id, $customer_default_address_id, $customer_first_name, $customer_country_id, $customer_zone_id;
global $navigation;
if (isset($HTTP_COOKIE_VARS['osC_AutoCookieLogin'])) {
$ip_address = tep_get_ip_address();
$check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where md5(CONCAT(customers_id,customers_email_address,customers_password,'" . $ip_address . "'))= '" . $HTTP_COOKIE_VARS['osC_AutoCookieLogin'] . "'");
if (tep_db_num_rows($check_customer_query)) {
$check_customer = tep_db_fetch_array($check_customer_query);
if (SESSION_RECREATE == 'True') {
tep_session_recreate();
}
$check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'");
$check_country = tep_db_fetch_array($check_country_query);
$customer_id = $check_customer['customers_id'];
$customer_default_address_id = $check_customer['customers_default_address_id'];
$customer_first_name = $check_customer['customers_firstname'];
$customer_country_id = $check_country['entry_country_id'];
$customer_zone_id = $check_country['entry_zone_id'];
if (!tep_session_is_registered('customer_id')) {
tep_session_register('customer_id');
}
if (!tep_session_is_registered('customer_default_address_id')) {
tep_session_register('customer_default_address_id');
}
if (!tep_session_is_registered('customer_first_name')) {
tep_session_register('customer_first_name');
}
if (!tep_session_is_registered('customer_country_id')) {
tep_session_register('customer_country_id');
}
if (!tep_session_is_registered('customer_zone_id')) {
tep_session_register('customer_zone_id');
}
tep_autologincookie(true);
// Save cookie
tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int) $customer_id . "'");
$cart->restore_contents();
// restore cart contents
$cart_cs->restore_contents();
$cart_fv->restore_contents();
$cart_pr->restore_contents();
if (sizeof($navigation->snapshot) > 0) {
$origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']);
$navigation->clear_snapshot();
tep_redirect($origin_href);
} else {
// tep_redirect(tep_href_link(FILENAME_DEFAULT));
tep_redirect(substr(tep_href_link(getenv('REQUEST_URI')), strlen(HTTP_SERVER . DIR_WS_HTTP_CATALOG)));
}
}
}
}
function process_button()
{
global $order;
$zone_code = '';
if (is_numeric($order->billing['zone_id']) && $order->billing['zone_id'] > 0) {
$zone_query = tep_db_query("select zone_code from " . TABLE_ZONES . " where zone_id = '" . (int) $order->billing['zone_id'] . "'");
if (tep_db_num_rows($zone_query)) {
$zone = tep_db_fetch_array($zone_query);
$zone_code = $zone['zone_code'];
}
}
$process_button_string = tep_draw_hidden_field('silent', '1') . tep_draw_hidden_field('trx_paymenttyp', 'pp') . tep_draw_hidden_field('trxuser_id', MODULE_PAYMENT_IPAYMENT_PP_USER_ID) . tep_draw_hidden_field('trxpassword', MODULE_PAYMENT_IPAYMENT_PP_PASSWORD) . tep_draw_hidden_field('from_ip', tep_get_ip_address()) . tep_draw_hidden_field('trx_currency', $_SESSION['currency']) . tep_draw_hidden_field('trx_amount', $this->format_raw($order->info['total']) * 100) . tep_draw_hidden_field('trx_typ', MODULE_PAYMENT_IPAYMENT_PP_TRANSACTION_METHOD == 'Capture' ? 'auth' : 'preauth') . tep_draw_hidden_field('addr_email', $order->customer['email_address']) . tep_draw_hidden_field('addr_street', $order->billing['street_address']) . tep_draw_hidden_field('addr_city', $order->billing['city']) . tep_draw_hidden_field('addr_zip', $order->billing['postcode']) . tep_draw_hidden_field('addr_country', $order->billing['country']['iso_code_2']) . tep_draw_hidden_field('addr_state', $zone_code) . tep_draw_hidden_field('addr_telefon', $order->customer['telephone']) . tep_draw_hidden_field('redirect_url', tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', true)) . tep_draw_hidden_field('silent_error_url', tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code, 'SSL', true)) . tep_draw_hidden_field('hidden_trigger_url', tep_href_link('ext/modules/payment/ipayment/callback_pp.php', '', 'SSL', false)) . tep_draw_hidden_field('client_name', 'oscommerce') . tep_draw_hidden_field('client_version', $this->signature);
if (tep_not_null(MODULE_PAYMENT_IPAYMENT_PP_SECRET_HASH_PASSWORD)) {
$process_button_string .= tep_draw_hidden_field('trx_securityhash', md5(MODULE_PAYMENT_IPAYMENT_PP_USER_ID . $this->format_raw($order->info['total']) * 100 . $_SESSION['currency'] . MODULE_PAYMENT_IPAYMENT_PP_PASSWORD . MODULE_PAYMENT_IPAYMENT_PP_SECRET_HASH_PASSWORD));
}
return $process_button_string;
}
function tep_update_whos_online()
{
// WOL 1.6 - Need access to spider_flag and user_agent and moved some assignments up here from below
global $customer_id, $spider_flag, $user_agent;
$wo_ip_address = tep_get_ip_address();
$wo_last_page_url = request_uri();
$current_time = time();
$xx_mins_ago = $current_time - 900;
$wo_session_id = tep_session_id();
$wo_user_agent = $user_agent;
// WOL 1.6 EOF
if ($customer_id > 0) {
//if (tep_session_is_registered('customer_id')) {
//$wo_session_id = tep_session_id();
$wo_customer_id = $customer_id;
$customer_query = tep_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $customer_id . "'");
$customer = tep_db_fetch_array($customer_query);
$wo_full_name = $customer['customers_firstname'] . ' ' . $customer['customers_lastname'];
} else {
if ($spider_flag) {
// Bots are customerID = -1
$wo_customer_id = -1;
// The Bots name is extracted from the User Agent in the WOE Admin screen
$wo_full_name = $user_agent;
// Session IDs are the WOE primary key. If a Bot doesn't have a session (normally shouldn't),
// use the IP Address as unique identifier, otherwise, use the session ID
if ($wo_session_id == "") {
$wo_session_id = $wo_ip_address;
}
} else {
// Must be a Guest
$wo_full_name = 'Guest';
$wo_customer_id = 0;
}
// WOL 1.6 EOF
}
// remove entries that have expired
tep_db_query("delete from " . TABLE_WHOS_ONLINE . " where time_last_click < '" . $xx_mins_ago . "'");
$stored_customer_query = tep_db_query("select count(*) as count from " . TABLE_WHOS_ONLINE . " where session_id = '" . tep_db_input($wo_session_id) . "'");
$stored_customer = tep_db_fetch_array($stored_customer_query);
if ($stored_customer['count'] > 0) {
tep_db_query("update " . TABLE_WHOS_ONLINE . " set customer_id = '" . (int) $wo_customer_id . "', full_name = '" . tep_db_input($wo_full_name) . "', ip_address = '" . tep_db_input($wo_ip_address) . "', time_last_click = '" . tep_db_input($current_time) . "', last_page_url = '" . tep_db_input($wo_last_page_url) . "' where session_id = '" . tep_db_input($wo_session_id) . "'");
} else {
tep_db_query("insert into " . TABLE_WHOS_ONLINE . " (customer_id, full_name, session_id, ip_address, time_entry, time_last_click, last_page_url, http_referer, user_agent) values ('" . (int) $wo_customer_id . "', '" . tep_db_input($wo_full_name) . "', '" . tep_db_input($wo_session_id) . "', '" . tep_db_input($wo_ip_address) . "', '" . tep_db_input($current_time) . "', '" . tep_db_input($current_time) . "', '" . tep_db_input($wo_last_page_url) . "', '" . tep_db_input($_SERVER['HTTP_REFERER']) . "', '" . tep_db_input($user_agent) . "')");
}
}
/**
* Transform OsCommerce order to PaynetEasy order
*
* @param order $oscommerce_order OsCommerce order
* @param string $redirect_url Url for final payment processing
*
* @return PaymentTransaction PaynetEasy transaction
*/
protected function get_paynet_transaction(OsCommerceOrder $oscommerce_order, $redirect_url = null)
{
$oscommerce_customer = $oscommerce_order->customer;
$paynet_transaction = new PaymentTransaction();
$paynet_address = new BillingAddress();
$paynet_payment = new Payment();
$paynet_customer = new Customer();
$query_config = new QueryConfig();
$state_code = tep_get_zone_code($oscommerce_customer['country']['id'], $oscommerce_customer['zone_id'], $oscommerce_customer['state']);
$paynet_address->setCountry($oscommerce_customer['country']['iso_code_2'])->setState($state_code)->setCity($oscommerce_customer['city'])->setFirstLine($oscommerce_customer['street_address'])->setZipCode($oscommerce_customer['postcode'])->setPhone($oscommerce_customer['telephone']);
$paynet_customer->setEmail($oscommerce_customer['email_address'])->setFirstName($oscommerce_customer['firstname'])->setLastName($oscommerce_customer['lastname'])->setIpAddress(tep_get_ip_address());
$paynet_payment->setClientId($oscommerce_order->info['order_id'])->setDescription($this->get_paynet_order_description($oscommerce_order))->setAmount($oscommerce_order->info['total'])->setCurrency($oscommerce_order->info['currency'])->setCustomer($paynet_customer)->setBillingAddress($paynet_address);
if (isset($oscommerce_order->info['paynet_order_id'])) {
$paynet_payment->setPaynetId($oscommerce_order->info['paynet_order_id']);
}
$query_config->setEndPoint((int) MODULE_PAYMENT_PAYNETEASYFORM_END_POINT)->setLogin(MODULE_PAYMENT_PAYNETEASYFORM_LOGIN)->setSigningKey(MODULE_PAYMENT_PAYNETEASYFORM_SIGNING_KEY)->setGatewayMode(MODULE_PAYMENT_PAYNETEASYFORM_GATEWAY_MODE)->setGatewayUrlSandbox(MODULE_PAYMENT_PAYNETEASYFORM_SANDBOX_GATEWAY)->setGatewayUrlProduction(MODULE_PAYMENT_PAYNETEASYFORM_PRODUCTION_GATEWAY);
if (Validator::validateByRule($redirect_url, Validator::URL, false)) {
$query_config->setRedirectUrl($redirect_url)->setCallbackUrl($redirect_url);
}
$paynet_transaction->setPayment($paynet_payment)->setQueryConfig($query_config);
return $paynet_transaction;
}
function tep_update_whos_online()
{
$OSCOM_Db = Registry::get('Db');
$wo_customer_id = 0;
$wo_full_name = 'Guest';
if (isset($_SESSION['customer_id'])) {
$wo_customer_id = $_SESSION['customer_id'];
$Qcustomer = $OSCOM_Db->prepare('select customers_firstname, customers_lastname from :table_customers where customers_id = :customers_id');
$Qcustomer->bindInt(':customers_id', $_SESSION['customer_id']);
$Qcustomer->execute();
$wo_full_name = $Qcustomer->value('customers_firstname') . ' ' . $Qcustomer->value('customers_lastname');
}
$wo_session_id = session_id();
$wo_ip_address = tep_get_ip_address();
if (is_null($wo_ip_address)) {
// database table field (ip_address) is not_null
$wo_ip_address = '';
}
$wo_last_page_url = '';
if (isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI'])) {
$wo_last_page_url = $_SERVER['REQUEST_URI'];
}
$current_time = time();
$xx_mins_ago = $current_time - 900;
// remove entries that have expired
$Qdel = $OSCOM_Db->prepare('delete from :table_whos_online where time_last_click < :time_last_click');
$Qdel->bindInt(':time_last_click', $xx_mins_ago);
$Qdel->execute();
$Qsession = $OSCOM_Db->prepare('select session_id from :table_whos_online where session_id = :session_id limit 1');
$Qsession->bindValue(':session_id', $wo_session_id);
$Qsession->execute();
if ($Qsession->fetch() !== false) {
$OSCOM_Db->save('whos_online', ['customer_id' => $wo_customer_id, 'full_name' => $wo_full_name, 'ip_address' => $wo_ip_address, 'time_last_click' => $current_time, 'last_page_url' => $wo_last_page_url], ['session_id' => $wo_session_id]);
} else {
$OSCOM_Db->save('whos_online', ['customer_id' => $wo_customer_id, 'full_name' => $wo_full_name, 'session_id' => $wo_session_id, 'ip_address' => $wo_ip_address, 'time_entry' => $current_time, 'time_last_click' => $current_time, 'last_page_url' => $wo_last_page_url]);
}
}
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2010 osCommerce
Released under the GNU General Public License
*/
chdir('../../../../');
require 'includes/application_top.php';
require 'includes/languages/' . $language . '/modules/payment/ipayment_pp.php';
require 'includes/modules/payment/ipayment_pp.php';
$ipayment_pp = new ipayment_pp();
if (!$ipayment_pp->check() || !$ipayment_pp->enabled) {
exit;
}
if (in_array(tep_get_ip_address(), $ipayment_pp->gateway_addresses)) {
$checksum_pass = 0;
// unknown
if (tep_not_null(MODULE_PAYMENT_IPAYMENT_PP_SECRET_HASH_PASSWORD)) {
// verify ret_param_checksum
if ($_POST['ret_param_checksum'] == md5(MODULE_PAYMENT_IPAYMENT_PP_USER_ID . $_POST['trx_amount'] . $_POST['trx_currency'] . $_POST['ret_authcode'] . $_POST['ret_booknr'] . MODULE_PAYMENT_IPAYMENT_PP_SECRET_HASH_PASSWORD)) {
$checksum_pass = 1;
// true
} else {
$checksum_pass = -1;
// false
}
}
$ipayment_pp->sendDebugEmail($checksum_pass);
}
}
}
if (isset($HTTP_GET_VARS['manufacturers_id']) && basename(SCRIPT_FILENAME) != FILENAME_MANUFACTURERS) {
if (basename(SCRIPT_FILENAME) != FILENAME_ADVANCED_SEARCH && basename(SCRIPT_FILENAME) != FILENAME_ADVANCED_SEARCH_RESULT) {
$manufacturers_query = tep_db_query("select manufacturers_name from " . TABLE_MANUFACTURERS_INFO . " where manufacturers_id = '" . (int) $HTTP_GET_VARS['manufacturers_id'] . "' and languages_id = '" . (int) DEFAULT_LANGUAGE_ID . "'");
if (tep_db_num_rows($manufacturers_query) > 0) {
$manufacturers = tep_db_fetch_array($manufacturers_query);
$breadcrumb->add($manufacturers['manufacturers_name'], tep_href_link(FILENAME_MANUFACTURERS, 'manufacturers_id=' . $HTTP_GET_VARS['manufacturers_id']));
}
}
}
// if partner is set update partners
if (isset($HTTP_GET_VARS['partner']) && $session_started == true) {
$partner_info_query = tep_db_query("select partners_id from " . TABLE_PARTNERS . " where partners_login = '******'partner'], 'CP1251', 'UTF-8'))) . "'");
if (tep_db_num_rows($partner_info_query) < 1) {
tep_db_query("insert into " . TABLE_PARTNERS . " (date_added, partners_login, date_of_last_logon, partners_register_type, partners_comission) values (now(), '" . tep_db_input(tep_db_prepare_input($HTTP_GET_VARS['partner'])) . "', now(), 'auto', '" . tep_db_input(str_replace(',', '.', PARTNERS_COMISSION_DEFAULT / 100)) . "')");
$partners_id = tep_db_insert_id();
} else {
$partner_info = tep_db_fetch_array($partner_info_query);
$partners_id = $partner_info['partners_id'];
}
tep_db_query("insert into " . TABLE_PARTNERS_STATISTICS . " (partners_id, date_added, partners_statistics_page, partners_statistics_referer, partners_statistics_ip, partners_statistics_sid) values ('" . (int) $partners_id . "', now(), '" . tep_db_input(tep_db_prepare_input(REQUEST_URI)) . "', '" . tep_db_input(tep_db_prepare_input($_SERVER['HTTP_REFERER'])) . "', '" . tep_db_input(tep_get_ip_address()) . "', '" . tep_db_input(tep_session_id()) . "')");
@tep_setcookie(str_replace('.', '_', STORE_NAME) . '_partner', $partners_id, time() + 60 * 60 * 24 * 30 * 2, '/');
}
// set which precautions should be checked
define('WARN_INSTALL_EXISTENCE', 'true');
define('WARN_CONFIG_WRITEABLE', 'false');
define('WARN_SESSION_DIRECTORY_NOT_WRITEABLE', 'true');
define('WARN_SESSION_AUTO_START', 'true');
define('WARN_DOWNLOAD_DIRECTORY_NOT_READABLE', 'true');
$holiday_products_array = array('pearls' => array('title' => 'Ђ∆емчужинаї вашей библиотеки', 'products' => '152879, 152879, 164742, 166080, 244419, 276036, 307975, 44451, 44455, 45277, 45284, 47537, 524851, 549504, 62377', 'categories' => ''), 'art_albums' => array('title' => 'јльбомы по искусству', 'products' => '151248, 177562, 227545, 275800, 302609, 305304, 305345, 305905, 306189, 308790, 310516, 326703, 332484, 333583, 351876, 355236, 385907, 3870, 3884, 394134, 408614, 416433, 417561, 423783, 43872, 43879, 43982, 45016, 450274, 45040, 45541, 467051, 468197, 473169, 473180, 473181, 473190, 50388, 50445, 512932, 526223, 545250, 62009', 'categories' => ''), 'pets' => array('title' => '¬аши любимые питомцы', 'products' => '11308, 19503, 243569, 392509, 39910, 39913, 439461, 470371, 49446, 49455, 544530', 'categories' => ''), 'children' => array('title' => 'ƒетский Ќовый год', 'products' => '124613, 225298, 25222, 269475, 271673, 272098, 275298, 289242, 293623, 293624, 297554, 297648, 297649, 298433, 298466, 304929, 304930, 305004, 307479, 308927, 309508, 309709, 309709, 309710, 309710, 309712, 309712, 31134, 38982, 39458, 39784, 39784, 39785, 39786, 39787, 39788, 39788, 39790, 39790, 39791, 39791, 39795, 39799, 39998, 39998, 44561, 477244, 480629, 481035, 481036, 481038, 488411, 488412, 488413, 50995, 51056, 512939, 513991, 524395, 524471, 525152, 525425, 528934, 529049, 529050, 529051, 530685, 530726, 530900, 530901, 530902, 530903, 533382, 54117, 54199, 54290, 548651, 550001, 57222, 666515, 671325, 78137, 246321, 301109, 308927, 315131, 40712, 447897, 49131, 533187, 548656', 'categories' => '4946, 4987'), 'adventures' => array('title' => 'ћир путешествий и приключений', 'products' => '102635, 221700, 227545, 313937, 422826, 43947, 43949, 448966, 45471, 455812, 468528, 529778', 'categories' => ''), 'men' => array('title' => 'ѕодарки дл¤ насто¤щих мужчин', 'products' => '43901, 111616, 39944, 98000, 43744, 39961, 106390, 166091, 39954, 245990, 39946, 434611, 127472, 310371, 334410, 411303, 437137, 439455, 467793, 478709, 501918, 501992, 524435, 524436, 524437, 524438, 525963, 54023, 548939, 65757, 90793', 'categories' => ''), 'feast' => array('title' => 'ѕраздничный стол', 'products' => '127377, 127463, 165179, 176134, 178534, 186113, 225259, 238505, 238509, 245601, 306174, 310010, 331002, 334380, 354418, 400956, 419019, 43726, 449824, 450048, 468194, 480992, 499862, 501919, 513356, 513551, 531134, 533353, 544816, 548809, 549123, 549398, 549503, 549863, 57003, 57666, 62235, 667042', 'categories' => ''), 'christmas' => array('title' => '–ождество', 'products' => '16739, 272302, 275543, 40210, 467253, 499757, 512645, 513038, 513046, 528760, 544610, 549263, 289391, 305962, 306345, 307085, 318316, 396525, 433076, 465379, 481098, 499328, 533278', 'categories' => ''), 'souvenirs' => array('title' => '—увениры и при¤тные мелочи', 'products' => '425028, 425065, 425094, 425170, 425171, 425175, 425176, 425177, 425178, 425180, 425181, 425183', 'categories' => '4893, 3406, 3415, 3419, 3429, 4872, 9506'), 'women' => array('title' => '“олько дл¤ женщин', 'products' => '49453, 76750, 102773, 174786, 195937, 241647, 245920, 258642, 267722, 270181, 275127, 306380, 308222, 43745, 448967, 464270, 49453, 500025, 525199, 531137, 532184, 544552, 545236, 549828', 'categories' => ''), 'encyclopedia' => array('title' => 'Ёнциклопедии', 'products' => '164683, 214042, 236812, 39907, 39939, 39940, 39945, 39949, 39953, 39966, 45020, 45378, 462128, 68400', 'categories' => ''));
function before_process()
{
global $HTTP_GET_VARS, $HTTP_POST_VARS, $sage_pay_server_securitykey, $sage_pay_server_nexturl, $customer_id, $order, $currency, $order_totals, $cartID;
$error = null;
if (isset($HTTP_GET_VARS['check']) && $HTTP_GET_VARS['check'] == 'SERVER') {
$sig = $HTTP_POST_VARS['VPSTxId'] . $HTTP_POST_VARS['VendorTxCode'] . $HTTP_POST_VARS['Status'];
if ($HTTP_POST_VARS['Status'] == 'OK') {
$sig .= $HTTP_POST_VARS['TxAuthNo'];
}
$sig .= substr(MODULE_PAYMENT_SAGE_PAY_SERVER_VENDOR_LOGIN_NAME, 0, 15);
if ($HTTP_POST_VARS['Status'] != 'AUTHENTICATED' && $HTTP_POST_VARS['Status'] != 'REGISTERED') {
$sig .= $HTTP_POST_VARS['AVSCV2'];
}
$sig .= $sage_pay_server_securitykey;
if ($HTTP_POST_VARS['Status'] != 'AUTHENTICATED' && $HTTP_POST_VARS['Status'] != 'REGISTERED') {
$sig .= $HTTP_POST_VARS['AddressResult'] . $HTTP_POST_VARS['PostCodeResult'] . $HTTP_POST_VARS['CV2Result'];
}
$sig .= $HTTP_POST_VARS['GiftAid'] . $HTTP_POST_VARS['3DSecureStatus'];
if ($HTTP_POST_VARS['3DSecureStatus'] == 'OK') {
$sig .= $HTTP_POST_VARS['CAVV'];
}
if ($HTTP_POST_VARS['AddressStatus'] == 'NONE' || $HTTP_POST_VARS['AddressStatus'] == 'CONFIRMED' || $HTTP_POST_VARS['AddressStatus'] == 'UNCONFIRMED') {
$sig .= $HTTP_POST_VARS['AddressStatus'];
}
if ($HTTP_POST_VARS['PayerStatus'] == 'VERIFIED' || $HTTP_POST_VARS['PayerStatus'] == 'UNVERIFIED') {
$sig .= $HTTP_POST_VARS['PayerStatus'];
}
if (in_array($HTTP_POST_VARS['CardType'], array('VISA', 'MC', 'DELTA', 'SOLO', 'MAESTRO', 'UKE', 'AMEX', 'DC', 'JCB', 'SWITCH', 'LASER', 'PAYPAL'))) {
$sig .= $HTTP_POST_VARS['CardType'];
}
$sig .= $HTTP_POST_VARS['Last4Digits'];
if (isset($HTTP_POST_VARS['VPSSignature']) && $HTTP_POST_VARS['VPSSignature'] == strtoupper(md5($sig))) {
if ($HTTP_POST_VARS['Status'] != 'OK' && $HTTP_POST_VARS['Status'] != 'AUTHENTICATED' && $HTTP_POST_VARS['Status'] != 'REGISTERED') {
tep_session_unregister('sage_pay_server_securitykey');
tep_session_unregister('sage_pay_server_nexturl');
$error = $this->getErrorMessageNumber($HTTP_POST_VARS['StatusDetail']);
if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE == 'Normal') {
$error_url = tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . (tep_not_null($error) ? '&error=' . $error : '') . '&' . tep_session_name() . '=' . tep_session_id(), 'SSL', false);
} else {
$error_url = tep_href_link('ext/modules/payment/sage_pay/redirect.php', 'payment_error=' . $this->code . (tep_not_null($error) ? '&error=' . $error : '') . '&' . tep_session_name() . '=' . tep_session_id(), 'SSL', false);
}
$result = 'Status=OK' . chr(13) . chr(10) . 'RedirectURL=' . $error_url;
} else {
$result = 'Status=OK' . chr(13) . chr(10) . 'RedirectURL=' . tep_href_link(FILENAME_CHECKOUT_PROCESS, 'check=PROCESS&key=' . md5($sage_pay_server_securitykey) . '&VPSTxId=' . $HTTP_POST_VARS['VPSTxId'] . '&' . tep_session_name() . '=' . tep_session_id(), 'SSL', false);
}
} else {
tep_session_unregister('sage_pay_server_securitykey');
tep_session_unregister('sage_pay_server_nexturl');
$error = $this->getErrorMessageNumber($HTTP_POST_VARS['StatusDetail']);
if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE == 'Normal') {
$error_url = tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . (tep_not_null($error) ? '&error=' . $error : '') . '&' . tep_session_name() . '=' . tep_session_id(), 'SSL', false);
} else {
$error_url = tep_href_link('ext/modules/payment/sage_pay/redirect.php', 'payment_error=' . $this->code . (tep_not_null($error) ? '&error=' . $error : '') . '&' . tep_session_name() . '=' . tep_session_id(), 'SSL', false);
}
$result = 'Status=INVALID' . chr(13) . chr(10) . 'RedirectURL=' . $error_url;
}
echo $result;
exit;
} elseif (isset($HTTP_GET_VARS['check']) && $HTTP_GET_VARS['check'] == 'PROCESS') {
if ($HTTP_GET_VARS['key'] == md5($sage_pay_server_securitykey)) {
tep_session_unregister('sage_pay_server_securitykey');
tep_session_unregister('sage_pay_server_nexturl');
if (isset($HTTP_GET_VARS['VPSTxId'])) {
$order->info['comments'] = 'Sage Pay Reference ID: ' . $HTTP_GET_VARS['VPSTxId'] . (tep_not_null($order->info['comments']) ? "\n\n" . $order->info['comments'] : '');
}
return true;
}
} else {
$params = array('VPSProtocol' => '2.23', 'ReferrerID' => 'C74D7B82-E9EB-4FBD-93DB-76F0F551C802', 'Vendor' => substr(MODULE_PAYMENT_SAGE_PAY_SERVER_VENDOR_LOGIN_NAME, 0, 15), 'VendorTxCode' => substr(date('YmdHis') . '-' . $customer_id . '-' . $cartID, 0, 40), 'Amount' => $this->format_raw($order->info['total']), 'Currency' => $currency, 'Description' => substr(STORE_NAME, 0, 100), 'NotificationURL' => tep_href_link(FILENAME_CHECKOUT_PROCESS, 'check=SERVER&' . tep_session_name() . '=' . tep_session_id(), 'SSL', false), 'BillingSurname' => substr($order->billing['lastname'], 0, 20), 'BillingFirstnames' => substr($order->billing['firstname'], 0, 20), 'BillingAddress1' => substr($order->billing['street_address'], 0, 100), 'BillingCity' => substr($order->billing['city'], 0, 40), 'BillingPostCode' => substr($order->billing['postcode'], 0, 10), 'BillingCountry' => $order->billing['country']['iso_code_2'], 'BillingPhone' => substr($order->customer['telephone'], 0, 20), 'DeliverySurname' => substr($order->delivery['lastname'], 0, 20), 'DeliveryFirstnames' => substr($order->delivery['firstname'], 0, 20), 'DeliveryAddress1' => substr($order->delivery['street_address'], 0, 100), 'DeliveryCity' => substr($order->delivery['city'], 0, 40), 'DeliveryPostCode' => substr($order->delivery['postcode'], 0, 10), 'DeliveryCountry' => $order->delivery['country']['iso_code_2'], 'DeliveryPhone' => substr($order->customer['telephone'], 0, 20), 'CustomerEMail' => substr($order->customer['email_address'], 0, 255), 'Apply3DSecure' => '0');
$ip_address = tep_get_ip_address();
if (ip2long($ip_address) != -1 && ip2long($ip_address) != false) {
$params['ClientIPAddress'] = $ip_address;
}
if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Payment') {
$params['TxType'] = 'PAYMENT';
} elseif (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Deferred') {
$params['TxType'] = 'DEFERRED';
} else {
$params['TxType'] = 'AUTHENTICATE';
}
if ($params['BillingCountry'] == 'US') {
$params['BillingState'] = tep_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], '');
}
if ($params['DeliveryCountry'] == 'US') {
$params['DeliveryState'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], '');
}
if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE != 'Normal') {
$params['Profile'] = 'LOW';
}
$contents = array();
foreach ($order->products as $product) {
$product_name = $product['name'];
if (isset($product['attributes'])) {
foreach ($product['attributes'] as $att) {
$product_name .= '; ' . $att['option'] . '=' . $att['value'];
}
}
$contents[] = str_replace(array(':', "\n", "\r", '&'), '', $product_name) . ':' . $product['qty'] . ':' . $this->format_raw($product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price'] + $product['final_price']) . ':' . $this->format_raw(($product['tax'] / 100 * $product['final_price'] + $product['final_price']) * $product['qty']);
}
foreach ($order_totals as $ot) {
$contents[] = str_replace(array(':', "\n", "\r", '&'), '', strip_tags($ot['title'])) . ':---:---:---:---:' . $this->format_raw($ot['value']);
}
$params['Basket'] = substr(sizeof($contents) . ':' . implode(':', $contents), 0, 7500);
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '=' . urlencode(trim($value)) . '&';
}
switch (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_SERVER) {
case 'Live':
$gateway_url = 'https://live.sagepay.com/gateway/service/vspserver-register.vsp';
break;
case 'Test':
$gateway_url = 'https://test.sagepay.com/gateway/service/vspserver-register.vsp';
break;
default:
$gateway_url = 'https://test.sagepay.com/Simulator/VSPServerGateway.asp?Service=VendorRegisterTx';
break;
}
$transaction_response = $this->sendTransactionToGateway($gateway_url, $post_string);
$string_array = explode(chr(10), $transaction_response);
$return = array();
foreach ($string_array as $string) {
if (strpos($string, '=') != false) {
$parts = explode('=', $string, 2);
$return[trim($parts[0])] = trim($parts[1]);
}
}
if ($return['Status'] == 'OK') {
tep_session_register('sage_pay_server_securitykey');
$sage_pay_server_securitykey = $return['SecurityKey'];
tep_session_register('sage_pay_server_nexturl');
$sage_pay_server_nexturl = $return['NextURL'];
if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE == 'Normal') {
tep_redirect($return['NextURL']);
} else {
tep_redirect(tep_href_link('ext/modules/payment/sage_pay/checkout.php', '', 'SSL'));
}
} else {
$error = $this->getErrorMessageNumber($return['StatusDetail']);
}
}
tep_session_unregister('sage_pay_server_securitykey');
tep_session_unregister('sage_pay_server_nexturl');
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . (tep_not_null($error) ? '&error=' . $error : ''), 'SSL'));
}
function _process()
{
global $osC_Database, $osC_Session, $osC_Customer, $osC_Currencies, $cart, $order, $payment_modules, $shipping_modules, $order_total_modules;
// load selected payment module
require DIR_WS_CLASSES . 'payment.php';
$payment_modules = new payment($osC_Session->value('payment'));
// load the selected shipping module
require DIR_WS_CLASSES . 'shipping.php';
$shipping_modules = new shipping($osC_Session->value('shipping'));
$order = new order();
// load the before_process function from the payment modules
$payment_modules->before_process();
require DIR_WS_CLASSES . 'order_total.php';
$order_total_modules = new order_total();
$order_totals = $order_total_modules->process();
$Qorder = $osC_Database->query('insert into :table_orders (customers_id, customers_name, customers_company, customers_street_address, customers_suburb, customers_city, customers_postcode, customers_state, customers_country, customers_telephone, customers_email_address, customers_address_format_id, customers_ip_address, delivery_name, delivery_company, delivery_street_address, delivery_suburb, delivery_city, delivery_postcode, delivery_state, delivery_country, delivery_address_format_id, billing_name, billing_company, billing_street_address, billing_suburb, billing_city, billing_postcode, billing_state, billing_country, billing_address_format_id, payment_method, cc_type, cc_owner, cc_number, cc_expires, date_purchased, orders_status, currency, currency_value) values (:customers_id, :customers_name, :customers_company, :customers_street_address, :customers_suburb, :customers_city, :customers_postcode, :customers_state, :customers_country, :customers_telephone, :customers_email_address, :customers_address_format_id, :customers_ip_address, :delivery_name, :delivery_company, :delivery_street_address, :delivery_suburb, :delivery_city, :delivery_postcode, :delivery_state, :delivery_country, :delivery_address_format_id, :billing_name, :billing_company, :billing_street_address, :billing_suburb, :billing_city, :billing_postcode, :billing_state, :billing_country, :billing_address_format_id, :payment_method, :cc_type, :cc_owner, :cc_number, :cc_expires, :date_purchased, :orders_status, :currency, :currency_value)');
$Qorder->bindTable(':table_orders', TABLE_ORDERS);
$Qorder->bindInt(':customers_id', $osC_Customer->id);
$Qorder->bindValue(':customers_name', $order->customer['firstname'] . ' ' . $order->customer['lastname']);
$Qorder->bindValue(':customers_company', $order->customer['company']);
$Qorder->bindValue(':customers_street_address', $order->customer['street_address']);
$Qorder->bindValue(':customers_suburb', $order->customer['suburb']);
$Qorder->bindValue(':customers_city', $order->customer['city']);
$Qorder->bindValue(':customers_postcode', $order->customer['postcode']);
$Qorder->bindValue(':customers_state', $order->customer['state']);
$Qorder->bindValue(':customers_country', $order->customer['country']['title']);
$Qorder->bindValue(':customers_telephone', $order->customer['telephone']);
$Qorder->bindValue(':customers_email_address', $order->customer['email_address']);
$Qorder->bindInt(':customers_address_format_id', $order->customer['format_id']);
$Qorder->bindValue(':customers_ip_address', tep_get_ip_address());
$Qorder->bindValue(':delivery_name', $order->delivery['firstname'] . ' ' . $order->delivery['lastname']);
$Qorder->bindValue(':delivery_company', $order->delivery['company']);
$Qorder->bindValue(':delivery_street_address', $order->delivery['street_address']);
$Qorder->bindValue(':delivery_suburb', $order->delivery['suburb']);
$Qorder->bindValue(':delivery_city', $order->delivery['city']);
$Qorder->bindValue(':delivery_postcode', $order->delivery['postcode']);
$Qorder->bindValue(':delivery_state', $order->delivery['state']);
$Qorder->bindValue(':delivery_country', $order->delivery['country']['title']);
$Qorder->bindInt(':delivery_address_format_id', $order->delivery['format_id']);
$Qorder->bindValue(':billing_name', $order->billing['firstname'] . ' ' . $order->billing['lastname']);
$Qorder->bindValue(':billing_company', $order->billing['company']);
$Qorder->bindValue(':billing_street_address', $order->billing['street_address']);
$Qorder->bindValue(':billing_suburb', $order->billing['suburb']);
$Qorder->bindValue(':billing_city', $order->billing['city']);
$Qorder->bindValue(':billing_postcode', $order->billing['postcode']);
$Qorder->bindValue(':billing_state', $order->billing['state']);
$Qorder->bindValue(':billing_country', $order->billing['country']['title']);
$Qorder->bindInt(':billing_address_format_id', $order->billing['format_id']);
$Qorder->bindValue(':payment_method', $order->info['payment_method']);
$Qorder->bindValue(':cc_type', $order->info['cc_type']);
$Qorder->bindValue(':cc_owner', $order->info['cc_owner']);
$Qorder->bindValue(':cc_number', $order->info['cc_number']);
$Qorder->bindValue(':cc_expires', $order->info['cc_expires']);
$Qorder->bindRaw(':date_purchased', 'now()');
$Qorder->bindValue(':orders_status', $order->info['order_status']);
$Qorder->bindValue(':currency', $order->info['currency']);
$Qorder->bindValue(':currency_value', $order->info['currency_value']);
$Qorder->execute();
$insert_id = $osC_Database->nextID();
for ($i = 0, $n = sizeof($order_totals); $i < $n; $i++) {
$Qtotals = $osC_Database->query('insert into :table_orders_total (orders_id, title, text, value, class, sort_order) values (:orders_id, :title, :text, :value, :class, :sort_order)');
$Qtotals->bindTable(':table_orders_total', TABLE_ORDERS_TOTAL);
$Qtotals->bindInt(':orders_id', $insert_id);
$Qtotals->bindValue(':title', $order_totals[$i]['title']);
$Qtotals->bindValue(':text', $order_totals[$i]['text']);
$Qtotals->bindValue(':value', $order_totals[$i]['value']);
$Qtotals->bindValue(':class', $order_totals[$i]['code']);
$Qtotals->bindInt(':sort_order', $order_totals[$i]['sort_order']);
$Qtotals->execute();
}
$Qstatus = $osC_Database->query('insert into :table_orders_status_history (orders_id, orders_status_id, date_added, customer_notified, comments) values (:orders_id, :orders_status_id, :date_added, :customer_notified, :comments)');
$Qstatus->bindTable(':table_orders_status_history', TABLE_ORDERS_STATUS_HISTORY);
$Qstatus->bindInt(':orders_id', $insert_id);
$Qstatus->bindInt(':orders_status_id', $order->info['order_status']);
$Qstatus->bindRaw(':date_added', 'now()');
$Qstatus->bindInt(':customer_notified', SEND_EMAILS == 'true' ? '1' : '0');
$Qstatus->bindValue(':comments', $order->info['comments']);
$Qstatus->execute();
// initialized for the email confirmation
$products_ordered = '';
$subtotal = 0;
$total_tax = 0;
$total_weight = 0;
$total_cost = 0;
for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
// Stock Update - Joao Correia
if (STOCK_LIMITED == 'true') {
if (DOWNLOAD_ENABLED == 'true') {
$Qstock = $osC_Database->query('select products_quantity, pad.products_attributes_filename from :table_products p left join :table_products_attributes pa on (p.products_id = pa.products_id) left join :table_products_attributes_download pad on (pa.products_attributes_id = pad.products_attributes_id) where p.products_id = :products_id');
$Qstock->bindTable(':table_products', TABLE_PRODUCTS);
$Qstock->bindTable(':table_products_attributes', TABLE_PRODUCTS_ATTRIBUTES);
$Qstock->bindTable(':table_products_attributes_download', TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD);
$Qstock->bindInt(':products_id', tep_get_prid($order->products[$i]['id']));
// Will work with only one option for downloadable products otherwise, we have to build the query dynamically with a loop
$products_attributes = $order->products[$i]['attributes'];
if (is_array($products_attributes)) {
$Qstock->appendQuery('and pa.options_id = :options_id and pa.options_values_id = :options_values_id');
$Qstock->bindInt(':options_id', $products_attributes[0]['option_id']);
$Qstock->bindInt(':options_values_id', $products_attributes[0]['value_id']);
}
} else {
$Qstock = $osC_Database->query('select products_quantity from :table_products where products_id = :products_id');
$Qstock->bindTable(':table_products', TABLE_PRODUCTS);
$Qstock->bindInt(':products_id', tep_get_prid($order->products[$i]['id']));
}
$Qstock->execute();
if ($Qstock->numberOfRows() > 0) {
$stock_left = $Qstock->valueInt('products_quantity');
// do not decrement quantities if products_attributes_filename exists
if (DOWNLOAD_ENABLED != 'true' || DOWNLOAD_ENABLED == 'true' && strlen($Qstock->value('products_attributes_filename')) < 1) {
$stock_left = $stock_left - $order->products[$i]['qty'];
$Qupdate = $osC_Database->query('update :table_products set products_quantity = :products_quantity where products_id = :products_id');
$Qupdate->bindTable(':table_products', TABLE_PRODUCTS);
$Qupdate->bindInt(':products_quantity', $stock_left);
$Qupdate->bindInt(':products_id', tep_get_prid($order->products[$i]['id']));
$Qupdate->execute();
}
if (STOCK_ALLOW_CHECKOUT == 'false' && $stock_left < 1) {
$Qupdate = $osC_Database->query('update :table_products set products_status = :products_status where products_id = :products_id');
$Qupdate->bindTable(':table_products', TABLE_PRODUCTS);
$Qupdate->bindInt(':products_status', 0);
$Qupdate->bindInt(':products_id', tep_get_prid($order->products[$i]['id']));
$Qupdate->execute();
}
}
}
// Update products_ordered (for bestsellers list)
$Qupdate = $osC_Database->query('update :table_products set products_ordered = products_ordered + :products_ordered where products_id = :products_id');
$Qupdate->bindTable(':table_products', TABLE_PRODUCTS);
$Qupdate->bindInt(':products_ordered', $order->products[$i]['qty']);
$Qupdate->bindInt(':products_id', tep_get_prid($order->products[$i]['id']));
$Qupdate->execute();
$Qproducts = $osC_Database->query('insert into :table_orders_products (orders_id, products_id, products_model, products_name, products_price, final_price, products_tax, products_quantity) values (:orders_id, :products_id, :products_model, :products_name, :products_price, :final_price, :products_tax, :products_quantity)');
$Qproducts->bindTable(':table_orders_products', TABLE_ORDERS_PRODUCTS);
$Qproducts->bindInt(':orders_id', $insert_id);
$Qproducts->bindInt(':products_id', tep_get_prid($order->products[$i]['id']));
$Qproducts->bindValue(':products_model', $order->products[$i]['model']);
$Qproducts->bindValue(':products_name', $order->products[$i]['name']);
$Qproducts->bindValue(':products_price', $order->products[$i]['price']);
$Qproducts->bindValue(':final_price', $order->products[$i]['final_price']);
$Qproducts->bindValue(':products_tax', $order->products[$i]['tax']);
$Qproducts->bindInt(':products_quantity', $order->products[$i]['qty']);
$Qproducts->execute();
$order_products_id = $osC_Database->nextID();
//------insert customer choosen option to order--------
$attributes_exist = '0';
$products_ordered_attributes = '';
if (isset($order->products[$i]['attributes'])) {
$attributes_exist = '1';
for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) {
if (DOWNLOAD_ENABLED == 'true') {
$Qattributes = $osC_Database->query('select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount, pad.products_attributes_filename from :table_products_options popt, :table_products_options_values poval, :table_products_attributes pa left join :table_products_attributes_download pad on (pa.products_attributes_id = pad.products_attributes_id) where pa.products_id = :products_id and pa.options_id = :options_id and pa.options_id = popt.products_options_id and pa.options_values_id = :options_values_id and pa.options_values_id = poval.products_options_values_id and popt.language_id = :popt_language_id and poval.language_id = :poval_language_id');
$Qattributes->bindTable(':table_products_options', TABLE_PRODUCTS_OPTIONS);
$Qattributes->bindTable(':table_products_options_values', TABLE_PRODUCTS_OPTIONS_VALUES);
$Qattributes->bindTable(':table_products_attributes', TABLE_PRODUCTS_ATTRIBUTES);
$Qattributes->bindTable(':table_products_attributes_download', TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD);
$Qattributes->bindInt(':products_id', $order->products[$i]['id']);
$Qattributes->bindInt(':options_id', $order->products[$i]['attributes'][$j]['option_id']);
$Qattributes->bindInt(':options_values_id', $order->products[$i]['attributes'][$j]['value_id']);
$Qattributes->bindInt(':popt_language_id', $osC_Session->value('languages_id'));
$Qattributes->bindInt(':poval_language_id', $osC_Session->value('languages_id'));
} else {
$Qattributes = $osC_Database->query('select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from :table_products_options popt, :table_products_options_values poval, :table_products_attributes pa where pa.products_id = :products_id and pa.options_id = :options_id and pa.options_id = popt.products_options_id and pa.options_values_id = :options_values_id and pa.options_values_id = poval.products_options_values_id and popt.language_id = :popt_language_id and poval.language_id = :poval_language_id');
$Qattributes->bindTable(':table_products_options', TABLE_PRODUCTS_OPTIONS);
$Qattributes->bindTable(':table_products_options_values', TABLE_PRODUCTS_OPTIONS_VALUES);
$Qattributes->bindTable(':table_products_attributes', TABLE_PRODUCTS_ATTRIBUTES);
$Qattributes->bindInt(':products_id', $order->products[$i]['id']);
$Qattributes->bindInt(':options_id', $order->products[$i]['attributes'][$j]['option_id']);
$Qattributes->bindInt(':options_values_id', $order->products[$i]['attributes'][$j]['value_id']);
$Qattributes->bindInt(':popt_language_id', $osC_Session->value('languages_id'));
$Qattributes->bindInt(':poval_language_id', $osC_Session->value('languages_id'));
}
$Qattributes->execute();
$Qopa = $osC_Database->query('insert into :table_orders_products_attributes (orders_id, orders_products_id, products_options, products_options_values, options_values_price, price_prefix) values (:orders_id, :orders_products_id, :products_options, :products_options_values, :options_values_price, :price_prefix)');
$Qopa->bindTable(':table_orders_products_attributes', TABLE_ORDERS_PRODUCTS_ATTRIBUTES);
$Qopa->bindInt(':orders_id', $insert_id);
$Qopa->bindInt(':orders_products_id', $order_products_id);
$Qopa->bindValue(':products_options', $attributes_values['products_options_name']);
$Qopa->bindValue(':products_options_values', $attributes_values['products_options_values_name']);
$Qopa->bindValue(':options_values_price', $attributes_values['options_values_price']);
$Qopa->bindValue(':price_prefix', $attributes_values['price_prefix']);
$Qopa->execute();
if (DOWNLOAD_ENABLED == 'true' && strlen($Qattributes->value('products_attributes_filename')) > 0) {
$Qopd = $osC_Database->query('insert into :table_orders_products_download (orders_id, orders_products_id, orders_products_filename, download_maxdays, download_count) values (:orders_id, :orders_products_id, :orders_products_filename, :download_maxdays, :download_count)');
$Qopd->bindTable(':table_orders_products_download', TABLE_ORDERS_PRODUCTS_DOWNLOAD);
$Qopd->bindInt(':orders_id', $insert_id);
$Qopd->bindInt(':orders_products_id', $order_products_id);
$Qopd->bindValue(':orders_products_filename', $Qattributes->value('products_attributes_filename'));
$Qopd->bindValue(':download_maxdays', $Qattributes->value('products_attributes_maxdays'));
$Qopd->bindValue(':download_count', $Qattributes->value('products_attributes_maxcount'));
$Qopd->execute();
}
$products_ordered_attributes .= "\n\t" . $Qattributes->value('products_options_name') . ' ' . $Qattributes->value('products_options_values_name');
}
}
//------insert customer choosen option eof ----
$total_weight += $order->products[$i]['qty'] * $order->products[$i]['weight'];
$total_tax += tep_calculate_tax($order->products[$i]['final_price'], $order->products[$i]['tax']) * $order->products[$i]['qty'];
$total_cost += $order->products[$i]['final_price'];
$products_ordered .= $order->products[$i]['qty'] . ' x ' . $order->products[$i]['name'] . ' (' . $order->products[$i]['model'] . ') = ' . $osC_Currencies->displayPrice($order->products[$i]['final_price'], $order->products[$i]['tax_class_id'], $order->products[$i]['qty']) . $products_ordered_attributes . "\n";
}
// lets start with the email confirmation
$email_order = STORE_NAME . "\n" . EMAIL_SEPARATOR . "\n" . EMAIL_TEXT_ORDER_NUMBER . ' ' . $insert_id . "\n" . EMAIL_TEXT_INVOICE_URL . ' ' . tep_href_link(FILENAME_ACCOUNT, 'orders=' . $insert_id, 'SSL', false) . "\n" . EMAIL_TEXT_DATE_ORDERED . ' ' . strftime(DATE_FORMAT_LONG) . "\n\n";
if ($order->info['comments']) {
$email_order .= tep_output_string_protected($order->info['comments']) . "\n\n";
}
$email_order .= EMAIL_TEXT_PRODUCTS . "\n" . EMAIL_SEPARATOR . "\n" . $products_ordered . EMAIL_SEPARATOR . "\n";
for ($i = 0, $n = sizeof($order_totals); $i < $n; $i++) {
$email_order .= strip_tags($order_totals[$i]['title']) . ' ' . strip_tags($order_totals[$i]['text']) . "\n";
}
if ($order->content_type != 'virtual') {
$email_order .= "\n" . EMAIL_TEXT_DELIVERY_ADDRESS . "\n" . EMAIL_SEPARATOR . "\n" . tep_address_label($osC_Customer->id, $osC_Session->value('sendto'), 0, '', "\n") . "\n";
}
$email_order .= "\n" . EMAIL_TEXT_BILLING_ADDRESS . "\n" . EMAIL_SEPARATOR . "\n" . tep_address_label($osC_Customer->id, $osC_Session->value('billto'), 0, '', "\n") . "\n\n";
$payment =& $osC_Session->value('payment');
if (is_object(${$payment})) {
$email_order .= EMAIL_TEXT_PAYMENT_METHOD . "\n" . EMAIL_SEPARATOR . "\n";
$payment_class = ${$payment};
$email_order .= $payment_class->title . "\n\n";
if (isset($payment_class->email_footer)) {
$email_order .= $payment_class->email_footer . "\n\n";
}
}
tep_mail($order->customer['firstname'] . ' ' . $order->customer['lastname'], $order->customer['email_address'], EMAIL_TEXT_SUBJECT, $email_order, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
// send emails to other people
if (SEND_EXTRA_ORDER_EMAILS_TO != '') {
tep_mail('', SEND_EXTRA_ORDER_EMAILS_TO, EMAIL_TEXT_SUBJECT, $email_order, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
}
// load the after_process function from the payment modules
$payment_modules->after_process();
$cart->reset(true);
// unregister session variables used during checkout
$osC_Session->remove('sendto');
$osC_Session->remove('billto');
$osC_Session->remove('shipping');
$osC_Session->remove('payment');
$osC_Session->remove('comments');
tep_redirect(tep_href_link(FILENAME_CHECKOUT, 'success', 'SSL'));
}
function before_process()
{
global $HTTP_POST_VARS, $order, $sendto;
if (isset($HTTP_POST_VARS['cc_owner_firstname']) && !empty($HTTP_POST_VARS['cc_owner_firstname']) && isset($HTTP_POST_VARS['cc_owner_lastname']) && !empty($HTTP_POST_VARS['cc_owner_lastname']) && isset($HTTP_POST_VARS['cc_type']) && isset($this->cc_types[$HTTP_POST_VARS['cc_type']]) && isset($HTTP_POST_VARS['cc_number_nh-dns']) && !empty($HTTP_POST_VARS['cc_number_nh-dns'])) {
if (MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_TRANSACTION_SERVER == 'Live') {
$api_url = 'https://payflowpro.verisign.com/transaction';
} else {
$api_url = 'https://pilot-payflowpro.verisign.com/transaction';
}
$name = explode(' ', $HTTP_POST_VARS['cc_owner'], 2);
$params = array('USER' => tep_not_null(MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_USERNAME) ? MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_USERNAME : MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_VENDOR, 'VENDOR' => MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_VENDOR, 'PARTNER' => MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_PARTNER, 'PWD' => MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_PASSWORD, 'TENDER' => 'C', 'TRXTYPE' => MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_TRANSACTION_METHOD == 'Sale' ? 'S' : 'A', 'AMT' => $this->format_raw($order->info['total']), 'CURRENCY' => $order->info['currency'], 'FIRSTNAME' => $HTTP_POST_VARS['cc_owner_firstname'], 'LASTNAME' => $HTTP_POST_VARS['cc_owner_lastname'], 'STREET' => $order->billing['street_address'], 'CITY' => $order->billing['city'], 'STATE' => tep_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], $order->billing['state']), 'COUNTRY' => $order->billing['country']['iso_code_2'], 'ZIP' => $order->billing['postcode'], 'CLIENTIP' => tep_get_ip_address(), 'EMAIL' => $order->customer['email_address'], 'ACCT' => $HTTP_POST_VARS['cc_number_nh-dns'], 'ACCTTYPE' => $HTTP_POST_VARS['cc_type'], 'CARDSTART' => $HTTP_POST_VARS['cc_starts_month'] . $HTTP_POST_VARS['cc_starts_year'], 'EXPDATE' => $HTTP_POST_VARS['cc_expires_month'] . $HTTP_POST_VARS['cc_expires_year'], 'CVV2' => $HTTP_POST_VARS['cc_cvc_nh-dns'], 'BUTTONSOURCE' => 'osCommerce22_Default_PRO2DP');
if ($HTTP_POST_VARS['cc_type'] == '9' || $HTTP_POST_VARS['cc_type'] == 'S') {
$params['CARDISSUE'] = $HTTP_POST_VARS['cc_issue_nh-dns'];
}
if (is_numeric($sendto) && $sendto > 0) {
$params['SHIPTOFIRSTNAME'] = $order->delivery['firstname'];
$params['SHIPTOLASTNAME'] = $order->delivery['lastname'];
$params['SHIPTOSTREET'] = $order->delivery['street_address'];
$params['SHIPTOCITY'] = $order->delivery['city'];
$params['SHIPTOSTATE'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], $order->delivery['state']);
$params['SHIPTOCOUNTRY'] = $order->delivery['country']['iso_code_2'];
$params['SHIPTOZIP'] = $order->delivery['postcode'];
}
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '[' . strlen(urlencode(utf8_encode(trim($value)))) . ']=' . urlencode(utf8_encode(trim($value))) . '&';
}
$post_string = substr($post_string, 0, -1);
$response = $this->sendTransactionToGateway($api_url, $post_string, array('X-VPS-REQUEST-ID: ' . md5($cartID . tep_session_id() . rand())));
$response_array = array();
parse_str($response, $response_array);
if ($response_array['RESULT'] != '0') {
switch ($response_array['RESULT']) {
case '1':
case '26':
$error_message = MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_ERROR_CFG_ERROR;
break;
case '7':
$error_message = MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_ERROR_ADDRESS;
break;
case '12':
$error_message = MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_ERROR_DECLINED;
break;
case '23':
case '24':
$error_message = MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_ERROR_INVALID_CREDIT_CARD;
break;
default:
$error_message = MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_ERROR_GENERAL;
break;
}
tep_redirect(tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, 'error_message=' . urlencode($error_message), 'SSL'));
}
} else {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, 'error_message=' . MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_ERROR_ALL_FIELDS_REQUIRED, 'SSL'));
}
}
function before_process()
{
global $HTTP_GET_VARS, $HTTP_POST_VARS, $customer_id, $order, $currency, $order_totals, $cartID;
$error = null;
if (isset($HTTP_GET_VARS['check']) && $HTTP_GET_VARS['check'] == '3D' && isset($HTTP_POST_VARS['MD']) && tep_not_null($HTTP_POST_VARS['MD']) && isset($HTTP_POST_VARS['PaRes']) && tep_not_null($HTTP_POST_VARS['PaRes'])) {
switch (MODULE_PAYMENT_SAGE_PAY_DIRECT_TRANSACTION_SERVER) {
case 'Live':
$gateway_url = 'https://live.sagepay.com/gateway/service/direct3dcallback.vsp';
break;
case 'Test':
$gateway_url = 'https://test.sagepay.com/gateway/service/direct3dcallback.vsp';
break;
default:
$gateway_url = 'https://test.sagepay.com/Simulator/VSPDirectCallback.asp';
break;
}
$post_string = 'MD=' . $HTTP_POST_VARS['MD'] . '&PARes=' . $HTTP_POST_VARS['PaRes'];
$transaction_response = $this->sendTransactionToGateway($gateway_url, $post_string);
} else {
$cc_type = substr($HTTP_POST_VARS['cc_type'], 0, 15);
$cc_owner = substr($HTTP_POST_VARS['cc_owner'], 0, 50);
$cc_number = substr(preg_replace('/[^0-9]/', '', $HTTP_POST_VARS['cc_number_nh-dns']), 0, 20);
$cc_start = null;
$cc_expires = null;
$cc_issue = null;
$cc_cvc = null;
$today = getdate();
$months_array = array();
for ($i = 1; $i < 13; $i++) {
$months_array[] = sprintf('%02d', $i);
}
$year_valid_to_array = array();
for ($i = $today['year']; $i < $today['year'] + 10; $i++) {
$year_valid_to_array[] = strftime('%y', mktime(0, 0, 0, 1, 1, $i));
}
$year_valid_from_array = array();
for ($i = $today['year'] - 4; $i < $today['year'] + 1; $i++) {
$year_valid_from_array[] = strftime('%Y', mktime(0, 0, 0, 1, 1, $i));
}
if (isset($HTTP_POST_VARS['cc_type']) == false || $this->isCard($cc_type) == false) {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . '&error=cardtype', 'SSL'));
}
if (isset($HTTP_POST_VARS['cc_owner']) == false || empty($cc_owner)) {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . '&error=cardowner', 'SSL'));
}
if (isset($HTTP_POST_VARS['cc_number_nh-dns']) == false || is_numeric($cc_number) == false) {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . '&error=cardnumber', 'SSL'));
}
if ($cc_type == 'MAESTRO' && MODULE_PAYMENT_SAGE_PAY_DIRECT_ALLOW_MAESTRO == 'True' || $cc_type == 'SOLO' && MODULE_PAYMENT_SAGE_PAY_DIRECT_ALLOW_SOLO == 'True' || $cc_type == 'AMEX' && MODULE_PAYMENT_SAGE_PAY_DIRECT_ALLOW_AMEX == 'True') {
if (in_array($HTTP_POST_VARS['cc_starts_month'], $months_array) == false) {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . '&error=cardstart', 'SSL'));
}
if (in_array($HTTP_POST_VARS['cc_starts_year'], $year_valid_from_array) == false) {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . '&error=cardstart', 'SSL'));
}
$cc_start = substr($HTTP_POST_VARS['cc_starts_month'] . $HTTP_POST_VARS['cc_starts_year'], 0, 4);
}
if (in_array($HTTP_POST_VARS['cc_expires_month'], $months_array) == false) {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . '&error=cardexpires', 'SSL'));
}
if (in_array($HTTP_POST_VARS['cc_expires_year'], $year_valid_to_array) == false) {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . '&error=cardexpires', 'SSL'));
}
if ($HTTP_POST_VARS['cc_expires_year'] == date('y') && $HTTP_POST_VARS['cc_expires_month'] < date('m')) {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . '&error=cardexpires', 'SSL'));
}
$cc_expires = substr($HTTP_POST_VARS['cc_expires_month'] . $HTTP_POST_VARS['cc_expires_year'], 0, 4);
if ($cc_type == 'MAESTRO' && MODULE_PAYMENT_SAGE_PAY_DIRECT_ALLOW_MAESTRO == 'True' || $cc_type == 'SOLO' && MODULE_PAYMENT_SAGE_PAY_DIRECT_ALLOW_SOLO == 'True') {
$cc_issue = substr($HTTP_POST_VARS['cc_issue_nh-dns'], 0, 2);
if (isset($HTTP_POST_VARS['cc_issue_nh-dns']) == false || empty($cc_issue)) {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . '&error=cardissue', 'SSL'));
}
}
if (MODULE_PAYMENT_SAGE_PAY_DIRECT_VERIFY_WITH_CVC == 'True') {
$cc_cvc = substr($HTTP_POST_VARS['cc_cvc_nh-dns'], 0, 4);
if (isset($HTTP_POST_VARS['cc_cvc_nh-dns']) == false || empty($cc_cvc)) {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . '&error=cardcvc', 'SSL'));
}
}
$params = array('VPSProtocol' => '2.23', 'ReferrerID' => 'C74D7B82-E9EB-4FBD-93DB-76F0F551C802', 'Vendor' => substr(MODULE_PAYMENT_SAGE_PAY_DIRECT_VENDOR_LOGIN_NAME, 0, 15), 'VendorTxCode' => substr(date('YmdHis') . '-' . $customer_id . '-' . $cartID, 0, 40), 'Amount' => $this->format_raw($order->info['total']), 'Currency' => $currency, 'Description' => substr(STORE_NAME, 0, 100), 'CardHolder' => $cc_owner, 'CardNumber' => $cc_number, 'ExpiryDate' => $cc_expires, 'CardType' => $cc_type, 'BillingSurname' => substr($order->billing['lastname'], 0, 20), 'BillingFirstnames' => substr($order->billing['firstname'], 0, 20), 'BillingAddress1' => substr($order->billing['street_address'], 0, 100), 'BillingCity' => substr($order->billing['city'], 0, 40), 'BillingPostCode' => substr($order->billing['postcode'], 0, 10), 'BillingCountry' => $order->billing['country']['iso_code_2'], 'BillingPhone' => substr($order->customer['telephone'], 0, 20), 'DeliverySurname' => substr($order->delivery['lastname'], 0, 20), 'DeliveryFirstnames' => substr($order->delivery['firstname'], 0, 20), 'DeliveryAddress1' => substr($order->delivery['street_address'], 0, 100), 'DeliveryCity' => substr($order->delivery['city'], 0, 40), 'DeliveryPostCode' => substr($order->delivery['postcode'], 0, 10), 'DeliveryCountry' => $order->delivery['country']['iso_code_2'], 'CustomerName' => substr($order->billing['firstname'] . ' ' . $order->billing['lastname'], 0, 100), 'DeliveryPhone' => substr($order->customer['telephone'], 0, 20), 'CustomerEMail' => substr($order->customer['email_address'], 0, 255), 'Apply3DSecure' => '0');
$ip_address = tep_get_ip_address();
if (ip2long($ip_address) != -1 && ip2long($ip_address) != false) {
$params['ClientIPAddress'] = $ip_address;
}
if (MODULE_PAYMENT_SAGE_PAY_DIRECT_TRANSACTION_METHOD == 'Payment') {
$params['TxType'] = 'PAYMENT';
} elseif (MODULE_PAYMENT_SAGE_PAY_DIRECT_TRANSACTION_METHOD == 'Deferred') {
$params['TxType'] = 'DEFERRED';
} else {
$params['TxType'] = 'AUTHENTICATE';
}
if ($cc_type == 'MAESTRO' && MODULE_PAYMENT_SAGE_PAY_DIRECT_ALLOW_MAESTRO == 'True' || $cc_type == 'SOLO' && MODULE_PAYMENT_SAGE_PAY_DIRECT_ALLOW_SOLO == 'True' || $cc_type == 'AMEX' && MODULE_PAYMENT_SAGE_PAY_DIRECT_ALLOW_AMEX == 'True') {
$params['StartDate'] = $cc_start;
}
if ($cc_type == 'MAESTRO' && MODULE_PAYMENT_SAGE_PAY_DIRECT_ALLOW_MAESTRO == 'True' || $cc_type == 'SOLO' && MODULE_PAYMENT_SAGE_PAY_DIRECT_ALLOW_SOLO == 'True') {
$params['IssueNumber'] = $cc_issue;
}
if (MODULE_PAYMENT_SAGE_PAY_DIRECT_VERIFY_WITH_CVC == 'True') {
$params['CV2'] = $cc_cvc;
}
if ($params['BillingCountry'] == 'US') {
$params['BillingState'] = tep_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], '');
}
if ($params['DeliveryCountry'] == 'US') {
$params['DeliveryState'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], '');
}
$contents = array();
foreach ($order->products as $product) {
$product_name = $product['name'];
if (isset($product['attributes'])) {
foreach ($product['attributes'] as $att) {
$product_name .= '; ' . $att['option'] . '=' . $att['value'];
}
}
$contents[] = str_replace(array(':', "\n", "\r", '&'), '', $product_name) . ':' . $product['qty'] . ':' . $this->format_raw($product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price'] + $product['final_price']) . ':' . $this->format_raw(($product['tax'] / 100 * $product['final_price'] + $product['final_price']) * $product['qty']);
}
foreach ($order_totals as $ot) {
$contents[] = str_replace(array(':', "\n", "\r", '&'), '', strip_tags($ot['title'])) . ':---:---:---:---:' . $this->format_raw($ot['value']);
}
$params['Basket'] = substr(sizeof($contents) . ':' . implode(':', $contents), 0, 7500);
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '=' . urlencode(trim($value)) . '&';
}
switch (MODULE_PAYMENT_SAGE_PAY_DIRECT_TRANSACTION_SERVER) {
case 'Live':
$gateway_url = 'https://live.sagepay.com/gateway/service/vspdirect-register.vsp';
break;
case 'Test':
$gateway_url = 'https://test.sagepay.com/gateway/service/vspdirect-register.vsp';
break;
default:
$gateway_url = 'https://test.sagepay.com/Simulator/VSPDirectGateway.asp';
break;
}
$transaction_response = $this->sendTransactionToGateway($gateway_url, $post_string);
}
$string_array = explode(chr(10), $transaction_response);
$return = array();
foreach ($string_array as $string) {
if (strpos($string, '=') != false) {
$parts = explode('=', $string, 2);
$return[trim($parts[0])] = trim($parts[1]);
}
}
if ($return['Status'] == '3DAUTH') {
global $sage_pay_direct_acsurl, $sage_pay_direct_pareq, $sage_pay_direct_md;
tep_session_register('sage_pay_direct_acsurl');
$sage_pay_direct_acsurl = $return['ACSURL'];
tep_session_register('sage_pay_direct_pareq');
$sage_pay_direct_pareq = $return['PAReq'];
tep_session_register('sage_pay_direct_md');
$sage_pay_direct_md = $return['MD'];
tep_redirect(tep_href_link('ext/modules/payment/sage_pay/checkout.php', '', 'SSL'));
}
if ($return['Status'] != 'OK' && $return['Status'] != 'AUTHENTICATED' && $return['Status'] != 'REGISTERED') {
$error = $this->getErrorMessageNumber($return['StatusDetail']);
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . (tep_not_null($error) ? '&error=' . $error : ''), 'SSL'));
}
if (isset($return['VPSTxId'])) {
$order->info['comments'] = 'Sage Pay Reference ID: ' . $return['VPSTxId'] . (tep_not_null($order->info['comments']) ? "\n\n" . $order->info['comments'] : '');
}
}
function getTestConnectionResult()
{
if (MODULE_PAYMENT_SAGE_PAY_DIRECT_TRANSACTION_SERVER == 'Live') {
$gateway_url = 'https://live.sagepay.com/gateway/service/vspdirect-register.vsp';
} else {
$gateway_url = 'https://test.sagepay.com/gateway/service/vspdirect-register.vsp';
}
$params = array('VPSProtocol' => $this->api_version, 'ReferrerID' => 'C74D7B82-E9EB-4FBD-93DB-76F0F551C802', 'Vendor' => substr(MODULE_PAYMENT_SAGE_PAY_DIRECT_VENDOR_LOGIN_NAME, 0, 15), 'Amount' => 0, 'Currency' => DEFAULT_CURRENCY);
$ip_address = tep_get_ip_address();
if (!empty($ip_address) && ip2long($ip_address) != -1 && ip2long($ip_address) != false) {
$params['ClientIPAddress'] = $ip_address;
}
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '=' . urlencode(trim($value)) . '&';
}
$response = $this->sendTransactionToGateway($gateway_url, $post_string);
if ($response != false) {
return 1;
}
return -1;
}
function before_process()
{
global $HTTP_POST_VARS, $order, $sendto, $messageStack, $currencies;
if (isset($HTTP_POST_VARS['cc_owner']) && !empty($HTTP_POST_VARS['cc_owner']) && isset($HTTP_POST_VARS['cc_type']) && isset($this->cc_types[$HTTP_POST_VARS['cc_type']]) && isset($HTTP_POST_VARS['cc_number_nh-dns']) && !empty($HTTP_POST_VARS['cc_number_nh-dns'])) {
if (MODULE_PAYMENT_PAYPAL_DIRECT_TRANSACTION_SERVER == 'Live') {
$api_url = 'https://api-3t.paypal.com/nvp';
} else {
$api_url = 'https://api-3t.sandbox.paypal.com/nvp';
}
$new_order_number_query = tep_db_query("show table status like '" . TABLE_ORDERS . "'");
$new_order_number_row = tep_db_fetch_array($new_order_number_query);
$new_order_number = (int) $new_order_number_row['Auto_increment'];
$params = array('METHOD' => 'DoDirectPayment', 'VERSION' => '51.0', 'PWD' => MODULE_PAYMENT_PAYPAL_DIRECT_API_PASSWORD, 'USER' => MODULE_PAYMENT_PAYPAL_DIRECT_API_USERNAME, 'SIGNATURE' => MODULE_PAYMENT_PAYPAL_DIRECT_API_SIGNATURE, 'PAYMENTACTION' => MODULE_PAYMENT_PAYPAL_DIRECT_TRANSACTION_METHOD == 'Sale' ? 'Sale' : 'Authorization', 'IPADDRESS' => tep_get_ip_address(), 'DESC' => 'Payment against an invoice #' . $new_order_number, 'CUSTOM' => '', 'INVNUM' => $new_order_number, 'NOTIFYURL' => HTTPS_SERVER . DIR_WS_CATALOG . 'ext/modules/payment/paypal/index.php', 'AMT' => $this->format_raw($order->info['total'], $HTTP_POST_VARS['cc_currency']), 'CREDITCARDTYPE' => $HTTP_POST_VARS['cc_type'], 'ACCT' => $HTTP_POST_VARS['cc_number_nh-dns'], 'EXPDATE' => $HTTP_POST_VARS['cc_expires_month'] . $HTTP_POST_VARS['cc_expires_year'], 'CVV2' => $HTTP_POST_VARS['cc_cvc_nh-dns'], 'FIRSTNAME' => substr($HTTP_POST_VARS['cc_owner'], 0, strpos($HTTP_POST_VARS['cc_owner'], ' ')), 'LASTNAME' => substr($HTTP_POST_VARS['cc_owner'], strpos($HTTP_POST_VARS['cc_owner'], ' ') + 1), 'STREET' => $HTTP_POST_VARS['cc_billing_street'], 'CITY' => $HTTP_POST_VARS['cc_billing_city'], 'STATE' => $HTTP_POST_VARS['cc_billing_state'], 'ZIP' => $HTTP_POST_VARS['cc_billing_postcode'], 'COUNTRYCODE' => $HTTP_POST_VARS['cc_billing_country'], 'CURRENCYCODE' => $HTTP_POST_VARS['cc_currency'], 'EMAIL' => $order->customer['email_address'], 'PHONENUM' => $order->delivery['telephone']);
if ($HTTP_POST_VARS['cc_type'] == 'SWITCH' || $HTTP_POST_VARS['cc_type'] == 'SOLO') {
$params['ISSUENUMBER'] = $HTTP_POST_VARS['cc_issue_nh-dns'];
}
$post_string = '';
reset($params);
while (list($key, $value) = each($params)) {
$post_string .= $key . '=' . urlencode(trim($value)) . '&';
}
$post_string = substr($post_string, 0, -1);
$response = $this->sendTransactionToGateway($api_url, $post_string);
$response_array = array();
parse_str($response, $response_array);
if ($response_array['ACK'] != 'Success' && $response_array['ACK'] != 'SuccessWithWarning') {
$messageStack->add_session('header', $response_array['L_LONGMESSAGE0']);
$payment_error_return = 'cc_owner=' . urlencode($HTTP_POST_VARS['cc_owner']) . '&cc_type=' . $HTTP_POST_VARS['cc_type'] . '&cc_expires_month=' . $HTTP_POST_VARS['cc_expires_month'] . '&cc_expires_year=' . $HTTP_POST_VARS['cc_expires_year'] . '&cc_currency=' . $HTTP_POST_VARS['cc_currency'] . '&cc_billing_country=' . urlencode($HTTP_POST_VARS['cc_billing_country']) . '&cc_billing_postcode=' . urlencode($HTTP_POST_VARS['cc_billing_postcode']) . '&cc_billing_state=' . urlencode($HTTP_POST_VARS['cc_billing_state']) . '&cc_billing_city=' . urlencode($HTTP_POST_VARS['cc_billing_city']) . '&cc_billing_street=' . urlencode($HTTP_POST_VARS['cc_billing_street']) . '';
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, $payment_error_return, 'SSL'));
} else {
$billing_country_info = tep_get_countries('', true, $HTTP_POST_VARS['cc_billing_country']);
if (sizeof($billing_country_info) == 0) {
$countries = file(DIR_WS_MODULES . 'payment/all_countries.csv');
reset($countries);
while (list(, $country_info) = each($countries)) {
list($country_code, $country_name, $country_iso_code_3) = explode(';', $country_info);
if ($country_code == $HTTP_POST_VARS['cc_billing_country']) {
$billing_country_info = array('countries_id' => '', 'countries_name' => $country_name, 'countries_iso_code_2' => $country_code, 'countries_iso_code_3' => $country_iso_code_3);
}
}
}
$order->info['cc_type'] = $HTTP_POST_VARS['cc_type'];
$order->info['cc_owner'] = $HTTP_POST_VARS['cc_owner'];
$order->info['cc_number'] = $HTTP_POST_VARS['cc_number_nh-dns'];
$order->info['cc_expires'] = $HTTP_POST_VARS['cc_expires_month'] . '/' . $HTTP_POST_VARS['cc_expires_year'];
list($billing_firstname, $billing_lastname) = explode(' ', $HTTP_POST_VARS['cc_owner']);
$order->billing['firstname'] = $billing_firstname;
$order->billing['lastname'] = $billing_lastname;
$order->billing['street_address'] = $HTTP_POST_VARS['cc_billing_street'];
$order->billing['city'] = $HTTP_POST_VARS['cc_billing_city'];
$order->billing['country'] = array('id' => $billing_country_info['countries_id'], 'title' => $billing_country_info['countries_name'], 'iso_code_2' => $billing_country_info['countries_iso_code_2'], 'iso_code_3' => $billing_country_info['countries_iso_code_3']);
$order->billing['postcode'] = $HTTP_POST_VARS['cc_billing_postcode'];
$order->billing['state'] = $HTTP_POST_VARS['cc_billing_state'];
$order->info['currency'] = $HTTP_POST_VARS['cc_currency'];
$order->info['currency_value'] = $currencies->currencies[$HTTP_POST_VARS['cc_currency']]['value'];
$order->info['is_paid'] = '1';
}
} else {
$messageStack->add_session('header', MODULE_PAYMENT_PAYPAL_DIRECT_ERROR_ALL_FIELDS_REQUIRED);
tep_redirect(tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, '', 'SSL'));
}
}
function before_process()
{
global $HTTP_POST_VARS, $order, $sendto;
if (isset($HTTP_POST_VARS['cc_owner']) && $HTTP_POST_VARS['cc_owner'] != '' && isset($HTTP_POST_VARS['cc_type']) && isset($this->cc_types[$HTTP_POST_VARS['cc_type']]) && isset($HTTP_POST_VARS['cc_number_nh-dns']) && $HTTP_POST_VARS['cc_number_nh-dns'] != '') {
if (MODULE_PAYMENT_PAYPAL_DIRECT_TRANSACTION_SERVER == 'Live') {
$api_url = 'https://api-3t.paypal.com/nvp';
} else {
$api_url = 'https://api-3t.sandbox.paypal.com/nvp';
}
$params = array('USER' => MODULE_PAYMENT_PAYPAL_DIRECT_API_USERNAME, 'PWD' => MODULE_PAYMENT_PAYPAL_DIRECT_API_PASSWORD, 'VERSION' => '3.2', 'SIGNATURE' => MODULE_PAYMENT_PAYPAL_DIRECT_API_SIGNATURE, 'METHOD' => 'DoDirectPayment', 'PAYMENTACTION' => MODULE_PAYMENT_PAYPAL_DIRECT_TRANSACTION_METHOD == 'Sale' ? 'Sale' : 'Authorization', 'IPADDRESS' => tep_get_ip_address(), 'AMT' => $this->format_raw($order->info['total']), 'CREDITCARDTYPE' => $HTTP_POST_VARS['cc_type'], 'ACCT' => $HTTP_POST_VARS['cc_number_nh-dns'], 'STARTDATE' => $HTTP_POST_VARS['cc_starts_month'] . $HTTP_POST_VARS['cc_starts_year'], 'EXPDATE' => $HTTP_POST_VARS['cc_expires_month'] . $HTTP_POST_VARS['cc_expires_year'], 'CVV2' => $HTTP_POST_VARS['cc_cvc_nh-dns'], 'FIRSTNAME' => substr($HTTP_POST_VARS['cc_owner'], 0, strpos($HTTP_POST_VARS['cc_owner'], ' ')), 'LASTNAME' => substr($HTTP_POST_VARS['cc_owner'], strpos($HTTP_POST_VARS['cc_owner'], ' ') + 1), 'STREET' => $order->billing['street_address'], 'CITY' => $order->billing['city'], 'STATE' => tep_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], $order->billing['state']), 'COUNTRYCODE' => $order->billing['country']['iso_code_2'], 'ZIP' => $order->billing['postcode'], 'EMAIL' => $order->customer['email_address'], 'PHONENUM' => $order->customer['telephone'], 'CURRENCYCODE' => $order->info['currency'], 'BUTTONSOURCE' => 'osCommerce22_Default_DP');
/*if ( ($HTTP_POST_VARS['cc_type'] == 'SWITCH') || ($HTTP_POST_VARS['cc_type'] == 'SOLO') ) {
$params['ISSUENUMBER'] = $HTTP_POST_VARS['cc_issue_nh-dns'];
}*/
if (is_numeric($sendto) && $sendto > 0) {
$params['SHIPTONAME'] = $order->delivery['firstname'] . ' ' . $order->delivery['lastname'];
$params['SHIPTOSTREET'] = $order->delivery['street_address'];
$params['SHIPTOCITY'] = $order->delivery['city'];
$params['SHIPTOSTATE'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], $order->delivery['state']);
$params['SHIPTOCOUNTRYCODE'] = $order->delivery['country']['iso_code_2'];
$params['SHIPTOZIP'] = $order->delivery['postcode'];
}
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '=' . urlencode(trim($value)) . '&';
}
$post_string = substr($post_string, 0, -1);
$response = $this->sendTransactionToGateway($api_url, $post_string);
$response_array = array();
parse_str($response, $response_array);
if ($response_array['ACK'] != 'Success' && $response_array['ACK'] != 'SuccessWithWarning') {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, 'error_payment=' . stripslashes($response_array['L_LONGMESSAGE0']), 'NONSSL'));
}
} else {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, 'error_payment=' . MODULE_PAYMENT_PAYPAL_DIRECT_ERROR_ALL_FIELDS_REQUIRED, 'NONSSL'));
}
}
function getTestConnectionResult()
{
if (MODULE_PAYMENT_PAYPAL_PRO_DP_TRANSACTION_SERVER == 'Live') {
$api_url = 'https://api-3t.paypal.com/nvp';
} else {
$api_url = 'https://api-3t.sandbox.paypal.com/nvp';
}
$params = array('USER' => MODULE_PAYMENT_PAYPAL_PRO_DP_API_USERNAME, 'PWD' => MODULE_PAYMENT_PAYPAL_PRO_DP_API_PASSWORD, 'VERSION' => $this->api_version, 'SIGNATURE' => MODULE_PAYMENT_PAYPAL_PRO_DP_API_SIGNATURE, 'METHOD' => 'DoDirectPayment', 'PAYMENTACTION' => MODULE_PAYMENT_PAYPAL_PRO_DP_TRANSACTION_METHOD == 'Sale' ? 'Sale' : 'Authorization', 'IPADDRESS' => tep_get_ip_address());
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '=' . urlencode(utf8_encode(trim($value))) . '&';
}
$post_string = substr($post_string, 0, -1);
$response = $this->sendTransactionToGateway($api_url, $post_string);
$response_array = array();
parse_str($response, $response_array);
if (is_array($response_array) && isset($response_array['ACK'])) {
return 1;
}
return -1;
}
protected function init()
{
global $request_type, $cookie_domain, $cookie_path, $PHP_SELF, $SID, $currencies, $messageStack, $oscTemplate, $breadcrumb;
Registry::set('Cache', new Cache());
$OSCOM_Db = Db::initialize();
Registry::set('Db', $OSCOM_Db);
// set the application parameters
$Qcfg = $OSCOM_Db->get('configuration', ['configuration_key as k', 'configuration_value as v']);
//, null, null, null, 'configuration'); // TODO add cache when supported by admin
while ($Qcfg->fetch()) {
define($Qcfg->value('k'), $Qcfg->value('v'));
}
// set the type of request (secure or not)
if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' || isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443) {
$request_type = 'SSL';
define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG);
$cookie_domain = HTTPS_COOKIE_DOMAIN;
$cookie_path = HTTPS_COOKIE_PATH;
} else {
$request_type = 'NONSSL';
define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG);
$cookie_domain = HTTP_COOKIE_DOMAIN;
$cookie_path = HTTP_COOKIE_PATH;
}
// set php_self in the global scope
$req = parse_url($_SERVER['SCRIPT_NAME']);
$PHP_SELF = substr($req['path'], $request_type == 'NONSSL' ? strlen(DIR_WS_HTTP_CATALOG) : strlen(DIR_WS_HTTPS_CATALOG));
// set the session name and save path
session_name('oscomid');
session_save_path(SESSION_WRITE_DIRECTORY);
// set the session cookie parameters
session_set_cookie_params(0, $cookie_path, $cookie_domain);
if (function_exists('ini_set')) {
ini_set('session.use_only_cookies', SESSION_FORCE_COOKIE_USE == 'True' ? 1 : 0);
}
// set the session ID if it exists
if (SESSION_FORCE_COOKIE_USE == 'False') {
if (isset($_GET[session_name()]) && (!isset($_COOKIE[session_name()]) || $_COOKIE[session_name()] != $_GET[session_name()])) {
session_id($_GET[session_name()]);
} elseif (isset($_POST[session_name()]) && (!isset($_COOKIE[session_name()]) || $_COOKIE[session_name()] != $_POST[session_name()])) {
session_id($_POST[session_name()]);
}
}
// start the session
if (SESSION_FORCE_COOKIE_USE == 'True') {
tep_setcookie('cookie_test', 'please_accept_for_session', time() + 60 * 60 * 24 * 30);
if (isset($_COOKIE['cookie_test'])) {
tep_session_start();
}
} elseif (SESSION_BLOCK_SPIDERS == 'True') {
$user_agent = '';
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$user_agent = strtolower($_SERVER['HTTP_USER_AGENT']);
}
$spider_flag = false;
if (!empty($user_agent)) {
foreach (file(OSCOM::BASE_DIR . 'spiders.txt') as $spider) {
if (!empty($spider)) {
if (strpos($user_agent, $spider) !== false) {
$spider_flag = true;
break;
}
}
}
}
if ($spider_flag === false) {
tep_session_start();
}
} else {
tep_session_start();
}
$this->ignored_actions[] = session_name();
// initialize a session token
if (!isset($_SESSION['sessiontoken'])) {
$_SESSION['sessiontoken'] = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());
}
// set SID once, even if empty
$SID = defined('SID') ? SID : '';
// verify the ssl_session_id if the feature is enabled
if ($request_type == 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'True' && ENABLE_SSL == true && session_status() === PHP_SESSION_ACTIVE) {
if (!isset($_SESSION['SSL_SESSION_ID'])) {
$_SESSION['SESSION_SSL_ID'] = $_SERVER['SSL_SESSION_ID'];
}
if ($_SESSION['SESSION_SSL_ID'] != $_SERVER['SSL_SESSION_ID']) {
tep_session_destroy();
OSCOM::redirect('ssl_check.php');
}
}
// verify the browser user agent if the feature is enabled
if (SESSION_CHECK_USER_AGENT == 'True') {
if (!isset($_SESSION['SESSION_USER_AGENT'])) {
$_SESSION['SESSION_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];
}
if ($_SESSION['SESSION_USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) {
tep_session_destroy();
OSCOM::redirect('index.php', 'Account&LogIn');
}
}
// verify the IP address if the feature is enabled
if (SESSION_CHECK_IP_ADDRESS == 'True') {
if (!isset($_SESSION['SESSION_IP_ADDRESS'])) {
$_SESSION['SESSION_IP_ADDRESS'] = tep_get_ip_address();
}
if ($_SESSION['SESSION_IP_ADDRESS'] != tep_get_ip_address()) {
tep_session_destroy();
OSCOM::redirect('index.php', 'Account&LogIn');
}
}
// create the shopping cart
if (!isset($_SESSION['cart']) || !is_object($_SESSION['cart']) || get_class($_SESSION['cart']) != 'shoppingCart') {
$_SESSION['cart'] = new \shoppingCart();
}
// include currencies class and create an instance
$currencies = new \currencies();
// set the language
if (!isset($_SESSION['language']) || isset($_GET['language'])) {
$lng = new \language();
if (isset($_GET['language']) && !empty($_GET['language'])) {
$lng->set_language($_GET['language']);
} else {
$lng->get_browser_language();
}
$_SESSION['language'] = $lng->language['directory'];
$_SESSION['languages_id'] = $lng->language['id'];
}
// include the language translations
$system_locale_numeric = setlocale(LC_NUMERIC, 0);
include OSCOM::BASE_DIR . 'languages/' . $_SESSION['language'] . '.php';
setlocale(LC_NUMERIC, $system_locale_numeric);
// Prevent LC_ALL from setting LC_NUMERIC to a locale with 1,0 float/decimal values instead of 1.0 (see bug #634)
// currency
if (!isset($_SESSION['currency']) || isset($_GET['currency']) || USE_DEFAULT_LANGUAGE_CURRENCY == 'true' && LANGUAGE_CURRENCY != $_SESSION['currency']) {
if (isset($_GET['currency']) && $currencies->is_set($_GET['currency'])) {
$_SESSION['currency'] = $_GET['currency'];
} else {
$_SESSION['currency'] = USE_DEFAULT_LANGUAGE_CURRENCY == 'true' && $currencies->is_set(LANGUAGE_CURRENCY) ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY;
}
}
// navigation history
if (!isset($_SESSION['navigation']) || !is_object($_SESSION['navigation']) || get_class($_SESSION['navigation']) != 'navigationHistory') {
$_SESSION['navigation'] = new \navigationHistory();
}
$_SESSION['navigation']->add_current_page();
$messageStack = new \messageStack();
tep_update_whos_online();
tep_activate_banners();
tep_expire_banners();
tep_expire_specials();
$oscTemplate = new \oscTemplate();
$breadcrumb = new \breadcrumb();
$breadcrumb->add(HEADER_TITLE_TOP, HTTP_SERVER);
$breadcrumb->add(HEADER_TITLE_CATALOG, OSCOM::link('index.php'));
Registry::set('Hooks', new Hooks());
}
while ($cc_list = tep_db_fetch_array($cc_query)) {
$rows++;
if (strlen($rows) < 2) {
$rows = '0' . $rows;
}
if ((!$_GET['uid'] || @$_GET['uid'] == $cc_list['unique_id']) && !$cInfo) {
$cInfo = new objectInfo($cc_list);
}
if (is_object($cInfo) && $cc_list['unique_id'] == $cInfo->unique_id) {
echo ' <tr class="dataTableRowSelected" onmouseover="this.style.cursor=\'hand\'" onclick="document.location.href=\'' . tep_href_link(FILENAME_COUPON_ADMIN, tep_get_all_get_params(array('cid', 'action', 'uid')) . 'cid=' . $cInfo->coupon_id . '&action=voucherreport&uid=' . $cinfo->unique_id) . '\'">' . "\n";
} else {
echo ' <tr class="dataTableRow" onmouseover="this.className=\'dataTableRowOver\';this.style.cursor=\'hand\'" onmouseout="this.className=\'dataTableRow\'" onclick="document.location.href=\'' . tep_href_link(FILENAME_COUPON_ADMIN, tep_get_all_get_params(array('cid', 'action', 'uid')) . 'cid=' . $cc_list['coupon_id'] . '&action=voucherreport&uid=' . $cc_list['unique_id']) . '\'">' . "\n";
}
$customer_query = tep_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . $cc_list['customer_id'] . "'");
$customer = tep_db_fetch_array($customer_query);
$redeem_ip = tep_get_ip_address();
?>
<td class="dataTableContent"><?php
echo $cc_list['customer_id'];
?>
</td>
<td class="dataTableContent" align="center"><?php
echo $customer['customers_firstname'] . ' ' . $customer['customers_lastname'];
?>
</td>
<td class="dataTableContent" align="center"><?php
echo $redeem_ip;
?>
</td>
<td class="dataTableContent" align="center"><?php
echo tep_date_short($cc_list['redeem_date']);
function process_button()
{
global $customer_id, $order, $sendto, $currency;
$tstamp = time();
$sequence = rand(1, 1000);
$params = array('x_login' => substr(MODULE_PAYMENT_AUTHORIZENET_CC_SIM_LOGIN_ID, 0, 20), 'x_version' => $this->api_version, 'x_show_form' => 'PAYMENT_FORM', 'x_delim_data' => 'FALSE', 'x_relay_response' => 'TRUE', 'x_relay_url' => tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', false), 'x_first_name' => substr($order->billing['firstname'], 0, 50), 'x_last_name' => substr($order->billing['lastname'], 0, 50), 'x_company' => substr($order->billing['company'], 0, 50), 'x_address' => substr($order->billing['street_address'], 0, 60), 'x_city' => substr($order->billing['city'], 0, 40), 'x_state' => substr($order->billing['state'], 0, 40), 'x_zip' => substr($order->billing['postcode'], 0, 20), 'x_country' => substr($order->billing['country']['title'], 0, 60), 'x_phone' => substr(preg_replace('/[^0-9]/', '', $order->customer['telephone']), 0, 25), 'x_cust_id' => substr($customer_id, 0, 20), 'x_customer_ip' => tep_get_ip_address(), 'x_email' => substr($order->customer['email_address'], 0, 255), 'x_description' => substr(STORE_NAME, 0, 255), 'x_amount' => $this->format_raw($order->info['total']), 'x_currency_code' => substr($currency, 0, 3), 'x_method' => 'CC', 'x_type' => MODULE_PAYMENT_AUTHORIZENET_CC_SIM_TRANSACTION_METHOD == 'Capture' ? 'AUTH_CAPTURE' : 'AUTH_ONLY', 'x_freight' => $this->format_raw($order->info['shipping_cost']), 'x_fp_sequence' => $sequence, 'x_fp_timestamp' => $tstamp, 'x_fp_hash' => $this->_hmac(MODULE_PAYMENT_AUTHORIZENET_CC_SIM_TRANSACTION_KEY, MODULE_PAYMENT_AUTHORIZENET_CC_SIM_LOGIN_ID . '^' . $sequence . '^' . $tstamp . '^' . $this->format_raw($order->info['total']) . '^' . $currency), 'x_cancel_url' => tep_href_link(FILENAME_SHOPPING_CART, '', 'SSL'), 'x_cancel_url_text' => MODULE_PAYMENT_AUTHORIZENET_CC_SIM_TEXT_RETURN_BUTTON);
if (is_numeric($sendto) && $sendto > 0) {
$params['x_ship_to_first_name'] = substr($order->delivery['firstname'], 0, 50);
$params['x_ship_to_last_name'] = substr($order->delivery['lastname'], 0, 50);
$params['x_ship_to_company'] = substr($order->delivery['company'], 0, 50);
$params['x_ship_to_address'] = substr($order->delivery['street_address'], 0, 60);
$params['x_ship_to_city'] = substr($order->delivery['city'], 0, 40);
$params['x_ship_to_state'] = substr($order->delivery['state'], 0, 40);
$params['x_ship_to_zip'] = substr($order->delivery['postcode'], 0, 20);
$params['x_ship_to_country'] = substr($order->delivery['country']['title'], 0, 60);
}
if (MODULE_PAYMENT_AUTHORIZENET_CC_SIM_TRANSACTION_MODE == 'Test') {
$params['x_test_request'] = 'TRUE';
}
$tax_value = 0;
foreach ($order->info['tax_groups'] as $value) {
if ($value > 0) {
$tax_value += $this->format_raw($value);
}
}
if ($tax_value > 0) {
$params['x_tax'] = $this->format_raw($tax_value);
}
$process_button_string = '';
foreach ($params as $key => $value) {
$process_button_string .= tep_draw_hidden_field($key, $value);
}
for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
$process_button_string .= tep_draw_hidden_field('x_line_item', $i + 1 . '<|>' . substr($order->products[$i]['name'], 0, 31) . '<|><|>' . $order->products[$i]['qty'] . '<|>' . $this->format_raw($order->products[$i]['final_price']) . '<|>' . ($order->products[$i]['tax'] > 0 ? 'YES' : 'NO'));
}
$process_button_string .= tep_draw_hidden_field(tep_session_name(), tep_session_id());
return $process_button_string;
}
function getTestConnectionResult()
{
if (MODULE_PAYMENT_AUTHORIZENET_CC_AIM_TRANSACTION_SERVER == 'Live') {
$api_url = 'https://secure.authorize.net/gateway/transact.dll';
} else {
$api_url = 'https://test.authorize.net/gateway/transact.dll';
}
$params = array('x_login' => substr(MODULE_PAYMENT_AUTHORIZENET_CC_AIM_LOGIN_ID, 0, 20), 'x_tran_key' => substr(MODULE_PAYMENT_AUTHORIZENET_CC_AIM_TRANSACTION_KEY, 0, 16), 'x_version' => $this->api_version, 'x_customer_ip' => tep_get_ip_address(), 'x_relay_response' => 'FALSE', 'x_delim_data' => 'TRUE', 'x_delim_char' => ',', 'x_encap_char' => '|');
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '=' . urlencode(trim($value)) . '&';
}
$post_string = substr($post_string, 0, -1);
$result = $this->sendTransactionToGateway($api_url, $post_string);
$response = array('x_response_code' => '-1');
if (!empty($result)) {
$raw = explode('|,|', substr($result, 1, -1));
if (count($raw) > 54) {
$response['x_response_code'] = $raw[0];
}
}
if ($response['x_response_code'] != '-1') {
return 1;
}
return -1;
}
function tep_get_ip_info($ip = '')
{
if (empty($ip)) {
$ip = tep_get_ip_address();
}
$country_code = '';
if (tep_not_null($ip)) {
$ip_to_int = tep_ip_to_int($ip);
$ip_check_query = tep_db_query("select country_code from " . TABLE_IPS . " where " . $ip_to_int . ">= ip_from and " . $ip_to_int . "<= ip_to");
$ip_check = tep_db_fetch_array($ip_check_query);
if (!is_array($ip_check)) {
$ip_check = array();
}
$country_code = $ip_check['country_code'];
}
return $country_code;
}
}
// verify the browser user agent if the feature is enabled
if (SESSION_CHECK_USER_AGENT == 'True') {
$http_user_agent = getenv('HTTP_USER_AGENT');
if (!tep_session_is_registered('SESSION_USER_AGENT')) {
$SESSION_USER_AGENT = $http_user_agent;
tep_session_register('SESSION_USER_AGENT');
}
if ($SESSION_USER_AGENT != $http_user_agent) {
tep_session_destroy();
tep_redirect(tep_href_link(FILENAME_LOGIN));
}
}
// verify the IP address if the feature is enabled
if (SESSION_CHECK_IP_ADDRESS == 'True') {
$ip_address = tep_get_ip_address();
if (!tep_session_is_registered('SESSION_IP_ADDRESS')) {
$SESSION_IP_ADDRESS = $ip_address;
tep_session_register('SESSION_IP_ADDRESS');
}
if ($SESSION_IP_ADDRESS != $ip_address) {
tep_session_destroy();
tep_redirect(tep_href_link(FILENAME_LOGIN));
}
}
// create the shopping cart
if (!tep_session_is_registered('cart') || !is_object($cart)) {
tep_session_register('cart');
$cart = new shoppingCart();
}
// include currencies class and create an instance
function setIdentifier()
{
$this->_identifier = tep_get_ip_address();
}
function before_process()
{
global $HTTP_POST_VARS, $customer_id, $order, $sendto, $currency;
$params = array('x_login' => substr(MODULE_PAYMENT_AUTHORIZENET_CC_AIM_LOGIN_ID, 0, 20), 'x_tran_key' => substr(MODULE_PAYMENT_AUTHORIZENET_CC_AIM_TRANSACTION_KEY, 0, 16), 'x_version' => '3.1', 'x_delim_data' => 'TRUE', 'x_delim_char' => ',', 'x_encap_char' => '"', 'x_relay_response' => 'FALSE', 'x_first_name' => substr($order->billing['firstname'], 0, 50), 'x_last_name' => substr($order->billing['lastname'], 0, 50), 'x_company' => substr($order->billing['company'], 0, 50), 'x_address' => substr($order->billing['street_address'], 0, 60), 'x_city' => substr($order->billing['city'], 0, 40), 'x_state' => substr($order->billing['state'], 0, 40), 'x_zip' => substr($order->billing['postcode'], 0, 20), 'x_country' => substr($order->billing['country']['title'], 0, 60), 'x_phone' => substr($order->customer['telephone'], 0, 25), 'x_cust_id' => substr($customer_id, 0, 20), 'x_customer_ip' => tep_get_ip_address(), 'x_email' => substr($order->customer['email_address'], 0, 255), 'x_description' => substr(STORE_NAME, 0, 255), 'x_amount' => substr($this->format_raw($order->info['total']), 0, 15), 'x_currency_code' => substr($currency, 0, 3), 'x_method' => 'CC', 'x_type' => MODULE_PAYMENT_AUTHORIZENET_CC_AIM_TRANSACTION_METHOD == 'Capture' ? 'AUTH_CAPTURE' : 'AUTH_ONLY', 'x_card_num' => substr($HTTP_POST_VARS['cc_number_nh-dns'], 0, 22), 'x_exp_date' => $HTTP_POST_VARS['cc_expires_month'] . $HTTP_POST_VARS['cc_expires_year'], 'x_card_code' => substr($HTTP_POST_VARS['cc_cvc_nh-dns'], 0, 4));
if (is_numeric($sendto) && $sendto > 0) {
$params['x_ship_to_first_name'] = substr($order->delivery['firstname'], 0, 50);
$params['x_ship_to_last_name'] = substr($order->delivery['lastname'], 0, 50);
$params['x_ship_to_company'] = substr($order->delivery['company'], 0, 50);
$params['x_ship_to_address'] = substr($order->delivery['street_address'], 0, 60);
$params['x_ship_to_city'] = substr($order->delivery['city'], 0, 40);
$params['x_ship_to_state'] = substr($order->delivery['state'], 0, 40);
$params['x_ship_to_zip'] = substr($order->delivery['postcode'], 0, 20);
$params['x_ship_to_country'] = substr($order->delivery['country']['title'], 0, 60);
}
if (MODULE_PAYMENT_AUTHORIZENET_CC_AIM_TRANSACTION_MODE == 'Test') {
$params['x_test_request'] = 'TRUE';
}
$tax_value = 0;
foreach ($order->info['tax_groups'] as $key => $value) {
if ($value > 0) {
$tax_value += $this->format_raw($value);
}
}
if ($tax_value > 0) {
$params['x_tax'] = $this->format_raw($tax_value);
}
$params['x_freight'] = $this->format_raw($order->info['shipping_cost']);
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '=' . urlencode(trim($value)) . '&';
}
$post_string = substr($post_string, 0, -1);
for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
$post_string .= '&x_line_item=' . urlencode($i + 1) . '<|>' . urlencode(substr($order->products[$i]['name'], 0, 31)) . '<|>' . urlencode(substr($order->products[$i]['name'], 0, 255)) . '<|>' . urlencode($order->products[$i]['qty']) . '<|>' . urlencode($this->format_raw($order->products[$i]['final_price'])) . '<|>' . urlencode($order->products[$i]['tax'] > 0 ? 'YES' : 'NO');
}
switch (MODULE_PAYMENT_AUTHORIZENET_CC_AIM_TRANSACTION_SERVER) {
case 'Live':
$gateway_url = 'https://secure.authorize.net/gateway/transact.dll';
break;
default:
$gateway_url = 'https://test.authorize.net/gateway/transact.dll';
break;
}
$transaction_response = $this->sendTransactionToGateway($gateway_url, $post_string);
if (!empty($transaction_response)) {
$regs = preg_split("/,(?=(?:[^\"]*\"[^\"]*\")*(?![^\"]*\"))/", $transaction_response);
foreach ($regs as $key => $value) {
$regs[$key] = substr($value, 1, -1);
// remove double quotes
}
} else {
$regs = array('-1', '-1', '-1');
}
$error = false;
if ($regs[0] == '1') {
if (tep_not_null(MODULE_PAYMENT_AUTHORIZENET_CC_AIM_MD5_HASH)) {
if (strtoupper($regs[37]) != strtoupper(md5(MODULE_PAYMENT_AUTHORIZENET_CC_AIM_MD5_HASH . MODULE_PAYMENT_AUTHORIZENET_CC_AIM_LOGIN_ID . $regs[6] . $this->format_raw($order->info['total'])))) {
$error = 'general';
}
}
} else {
switch ($regs[2]) {
case '7':
$error = 'invalid_expiration_date';
break;
case '8':
$error = 'expired';
break;
case '6':
case '17':
case '28':
$error = 'declined';
break;
case '78':
$error = 'cvc';
break;
default:
$error = 'general';
break;
}
}
if ($error != false) {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . '&error=' . $error, 'SSL'));
}
}
function before_process()
{
global $HTTP_POST_VARS, $order, $order_totals, $sendto, $response_array;
if (isset($HTTP_POST_VARS['cc_owner_firstname']) && !empty($HTTP_POST_VARS['cc_owner_firstname']) && isset($HTTP_POST_VARS['cc_owner_lastname']) && !empty($HTTP_POST_VARS['cc_owner_lastname']) && isset($HTTP_POST_VARS['cc_number_nh-dns']) && !empty($HTTP_POST_VARS['cc_number_nh-dns'])) {
if (MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_TRANSACTION_SERVER == 'Live') {
$api_url = 'https://payflowpro.paypal.com';
} else {
$api_url = 'https://pilot-payflowpro.paypal.com';
}
$params = array('USER' => tep_not_null(MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_USERNAME) ? MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_USERNAME : MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_VENDOR, 'VENDOR' => MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_VENDOR, 'PARTNER' => MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_PARTNER, 'PWD' => MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_PASSWORD, 'TENDER' => 'C', 'TRXTYPE' => MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_TRANSACTION_METHOD == 'Sale' ? 'S' : 'A', 'AMT' => $this->format_raw($order->info['total']), 'CURRENCY' => $order->info['currency'], 'BILLTOFIRSTNAME' => $HTTP_POST_VARS['cc_owner_firstname'], 'BILLTOLASTNAME' => $HTTP_POST_VARS['cc_owner_lastname'], 'BILLTOSTREET' => $order->billing['street_address'], 'BILLTOCITY' => $order->billing['city'], 'BILLTOSTATE' => tep_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], $order->billing['state']), 'BILLTOCOUNTRY' => $order->billing['country']['iso_code_2'], 'BILLTOZIP' => $order->billing['postcode'], 'CUSTIP' => tep_get_ip_address(), 'EMAIL' => $order->customer['email_address'], 'ACCT' => $HTTP_POST_VARS['cc_number_nh-dns'], 'EXPDATE' => $HTTP_POST_VARS['cc_expires_month'] . $HTTP_POST_VARS['cc_expires_year'], 'CVV2' => $HTTP_POST_VARS['cc_cvc_nh-dns'], 'BUTTONSOURCE' => 'OSCOM23_DPPF');
if (is_numeric($sendto) && $sendto > 0) {
$params['SHIPTOFIRSTNAME'] = $order->delivery['firstname'];
$params['SHIPTOLASTNAME'] = $order->delivery['lastname'];
$params['SHIPTOSTREET'] = $order->delivery['street_address'];
$params['SHIPTOCITY'] = $order->delivery['city'];
$params['SHIPTOSTATE'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], $order->delivery['state']);
$params['SHIPTOCOUNTRY'] = $order->delivery['country']['iso_code_2'];
$params['SHIPTOZIP'] = $order->delivery['postcode'];
}
$item_params = array();
$line_item_no = 0;
foreach ($order->products as $product) {
$item_params['L_NAME' . $line_item_no] = $product['name'];
$item_params['L_COST' . $line_item_no] = $this->format_raw($product['final_price']);
$item_params['L_QTY' . $line_item_no] = $product['qty'];
$line_item_no++;
}
$items_total = $this->format_raw($order->info['subtotal']);
foreach ($order_totals as $ot) {
if (!in_array($ot['code'], array('ot_subtotal', 'ot_shipping', 'ot_tax', 'ot_total'))) {
$item_params['L_NAME' . $line_item_no] = $ot['title'];
$item_params['L_COST' . $line_item_no] = $this->format_raw($ot['value']);
$item_params['L_QTY' . $line_item_no] = 1;
$items_total += $this->format_raw($ot['value']);
$line_item_no++;
}
}
$item_params['ITEMAMT'] = $items_total;
$item_params['TAXAMT'] = $this->format_raw($order->info['tax']);
$item_params['FREIGHTAMT'] = $this->format_raw($order->info['shipping_cost']);
if ($this->format_raw($item_params['ITEMAMT'] + $item_params['TAXAMT'] + $item_params['FREIGHTAMT']) == $params['AMT']) {
$params = array_merge($params, $item_params);
}
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '[' . strlen(trim($value)) . ']=' . trim($value) . '&';
}
$post_string = substr($post_string, 0, -1);
$response = $this->sendTransactionToGateway($api_url, $post_string);
$response_array = array();
parse_str($response, $response_array);
if ($response_array['RESULT'] != '0') {
$this->sendDebugEmail($response_array);
switch ($response_array['RESULT']) {
case '1':
case '26':
$error_message = MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_ERROR_CFG_ERROR;
break;
case '7':
$error_message = MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_ERROR_ADDRESS;
break;
case '12':
$error_message = MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_ERROR_DECLINED;
break;
case '23':
case '24':
$error_message = MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_ERROR_INVALID_CREDIT_CARD;
break;
default:
$error_message = MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_ERROR_GENERAL;
break;
}
tep_redirect(tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, 'error_message=' . urlencode($error_message), 'SSL'));
}
} else {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, 'error_message=' . MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_DP_ERROR_ALL_FIELDS_REQUIRED, 'SSL'));
}
}
// verify the browser user agent if the feature is enabled
if (SESSION_CHECK_USER_AGENT == 'True') {
if (!isset($_SESSION['SESSION_USER_AGENT'])) {
$_SESSION['SESSION_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];
}
if ($_SESSION['SESSION_USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) {
tep_session_destroy();
OSCOM::redirect('login.php');
}
}
// verify the IP address if the feature is enabled
if (SESSION_CHECK_IP_ADDRESS == 'True') {
if (!isset($_SESSION['SESSION_IP_ADDRESS'])) {
$_SESSION['SESSION_IP_ADDRESS'] = tep_get_ip_address();
}
if ($_SESSION['SESSION_IP_ADDRESS'] != tep_get_ip_address()) {
tep_session_destroy();
OSCOM::redirect('login.php');
}
}
// create the shopping cart
if (!isset($_SESSION['cart']) || !is_object($_SESSION['cart']) || get_class($_SESSION['cart']) != 'shoppingCart') {
$_SESSION['cart'] = new shoppingCart();
}
// include currencies class and create an instance
require 'includes/classes/currencies.php';
$currencies = new currencies();
// include the mail classes
require 'includes/classes/mime.php';
require 'includes/classes/email.php';
// set the language
function make_gateway_vars()
{
global $order, $osC_Customer;
if (MODULE_PAYMENT_AUTHORIZENET_METHOD == 'Credit Card') {
$gw_pay_type = array('x_Card_Num' => $this->cc_card_number, 'x_Exp_Date' => $this->cc_expiry_month . substr($this->cc_expiry_year, -2), 'x_Type' => MODULE_PAYMENT_AUTHORIZENET_CREDIT_CAPTURE, 'x_Method' => 'CC');
}
if (MODULE_PAYMENT_AUTHORIZENET_METHOD == 'eCheck') {
$gw_pay_type = array('x_bank_acct_name' => $this->ec_bank_owner, 'x_bank_acct_type' => $this->ec_bank_acct_type, 'x_bank_name' => $this->ec_bank_name, 'x_bank_aba_code' => $this->ec_bank_aba, 'x_bank_acct_num' => $this->ec_bank_acct, 'x_Type' => 'AUTH_CAPTURE', 'x_echeck_type' => 'WEB', 'x_Method' => 'ECHECK');
if (MODULE_PAYMENT_AUTHORIZENET_WELLSFARGO == 'Yes') {
// Add extra fields
if (tep_not_null($this->wf_taxid)) {
$gw_pay_type2 = array('x_customer_tax_id' => $this->wf_taxid, 'x_customer_organization_type' => $this->wf_org_type);
} else {
$gw_pay_type2 = array('x_drivers_license_number' => $this->wf_dlnum, 'x_drivers_license_state' => $this->wf_state, 'x_drivers_license_dob' => $this->wf_dob, 'x_customer_organization_type' => $this->wf_org_type);
}
$gw_pay_type = array_merge($gw_pay_type, $gw_pay_type2);
}
}
$gw_common = array('x_Login' => MODULE_PAYMENT_AUTHORIZENET_LOGIN, 'x_tran_key' => MODULE_PAYMENT_AUTHORIZENET_TXNKEY, 'x_Amount' => number_format($order->info['total'], 2, '.', ''), 'x_Version' => '3.0', 'x_Cust_ID' => $osC_Customer, 'x_Email_Customer' => MODULE_PAYMENT_AUTHORIZENET_EMAIL_CUSTOMER == 'True' ? 'TRUE' : 'FALSE', 'x_first_name' => $order->billing['firstname'], 'x_last_name' => $order->billing['lastname'], 'x_company' => $order->billing['company'], 'x_address' => $order->billing['street_address'], 'x_city' => $order->billing['city'], 'x_state' => $order->billing['state'], 'x_zip' => $order->billing['postcode'], 'x_country' => $order->billing['country']['title'], 'x_phone' => $order->customer['telephone'], 'x_email' => $order->customer['email_address'], 'x_ship_to_first_name' => $order->delivery['firstname'], 'x_ship_to_last_name' => $order->delivery['lastname'], 'x_ship_to_address' => $order->delivery['street_address'], 'x_ship_to_city' => $order->delivery['city'], 'x_ship_to_state' => $order->delivery['state'], 'x_ship_to_zip' => $order->delivery['postcode'], 'x_ship_to_country' => $order->delivery['country']['title'], 'x_Customer_IP' => tep_get_ip_address());
$gw_vars = array_merge($gw_common, $gw_pay_type);
return $gw_vars;
}
}
if (!isset($_POST['password']) || strlen(trim($_POST['password'])) < ACCOUNT_PASSWORD) {
$messageStack->add('create_account', ENTRY_PASSWORD_ERROR);
} elseif (!isset($_POST['confirmation']) || trim($_POST['password']) != trim($_POST['confirmation'])) {
$messageStack->add('create_account', ENTRY_PASSWORD_ERROR_NOT_MATCHING);
}
if ($messageStack->size('create_account') === 0) {
$osC_Database->startTransaction();
$Qcustomer = $osC_Database->query('insert into :table_customers (customers_firstname, customers_lastname, customers_email_address, customers_newsletter, customers_status, customers_ip_address, customers_password, customers_gender, customers_dob) values (:customers_firstname, :customers_lastname, :customers_email_address, :customers_newsletter, :customers_status, :customers_ip_address, :customers_password, :customers_gender, :customers_dob)');
$Qcustomer->bindRaw(':table_customers', TABLE_CUSTOMERS);
$Qcustomer->bindValue(':customers_firstname', trim($_POST['firstname']));
$Qcustomer->bindValue(':customers_lastname', trim($_POST['lastname']));
$Qcustomer->bindValue(':customers_email_address', trim($_POST['email_address']));
$Qcustomer->bindValue(':customers_newsletter', isset($_POST['newsletter']) && $_POST['newsletter'] == '1' ? '1' : '');
$Qcustomer->bindValue(':customers_status', '1');
$Qcustomer->bindValue(':customers_ip_address', tep_get_ip_address());
$Qcustomer->bindValue(':customers_password', tep_encrypt_password(trim($_POST['password'])));
$Qcustomer->bindValue(':customers_gender', ACCOUNT_GENDER > -1 && isset($_POST['gender']) && ($_POST['gender'] == 'm' || $_POST['gender'] == 'f') ? $_POST['gender'] : '');
$Qcustomer->bindValue(':customers_dob', ACCOUNT_DATE_OF_BIRTH > -1 ? date('Ymd', $dob) : '');
$Qcustomer->execute();
if ($Qcustomer->affectedRows() === 1) {
$customer_id = $osC_Database->nextID();
$Qci = $osC_Database->query('insert into :table_customers_info (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values (:customers_info_id, :customers_info_number_of_logons, :customers_info_date_account_created)');
$Qci->bindRaw(':table_customers_info', TABLE_CUSTOMERS_INFO);
$Qci->bindInt(':customers_info_id', $customer_id);
$Qci->bindInt(':customers_info_number_of_logons', 0);
$Qci->bindRaw(':customers_info_date_account_created', 'now()');
$Qci->execute();
if ($Qci->affectedRows() === 1) {
$osC_Database->commitTransaction();
if (SERVICE_SESSION_REGENERATE_ID == 'True') {
$order_total_modules = new order_total();
$order_totals = $order_total_modules->process();
if ($customer_id == '58543') {
reset($order_totals);
while (list($i) = each($order_totals)) {
if ($order_totals[$i]['code'] == 'ot_shipping') {
$order_totals[$i]['title'] = 'Самовывоз';
$order_totals[$i]['text'] = $currencies->format(0);
$order_totals[$i]['value'] = '0';
}
}
$shipping = array('id' => 'slf_0', 'title' => 'Самовывоз', 'cost' => 0);
}
// load the before_process function from the payment modules
$payment_modules->before_process();
$sql_data_array = array('orders_code' => $order->info['code'], 'customers_id' => $customer_id, 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], 'customers_company' => $order->customer['company'], 'customers_company_full_name' => $order->customer['company_full'], 'customers_company_name' => $order->customer['company'], 'customers_company_inn' => $order->customer['company_inn'], 'customers_company_kpp' => $order->customer['company_kpp'], 'customers_company_ogrn' => $order->customer['company_ogrn'], 'customers_company_okpo' => $order->customer['company_okpo'], 'customers_company_okogu' => $order->customer['company_okogu'], 'customers_company_okato' => $order->customer['company_okato'], 'customers_company_okved' => $order->customer['company_okved'], 'customers_company_okfs' => $order->customer['company_okfs'], 'customers_company_okopf' => $order->customer['company_okopf'], 'customers_company_address_corporate' => $order->customer['company_address_corporate'], 'customers_company_address_post' => $order->customer['company_address_post'], 'customers_company_telephone' => $order->customer['company_telephone'], 'customers_company_fax' => $order->customer['company_fax'], 'customers_company_bank' => $order->customer['company_bank'], 'customers_company_rs' => $order->customer['company_rs'], 'customers_company_ks' => $order->customer['company_ks'], 'customers_company_bik' => $order->customer['company_bik'], 'customers_company_general' => $order->customer['company_general'], 'customers_company_financial' => $order->customer['company_financial'], 'customers_street_address' => $order->customer['street_address'], 'customers_suburb' => $order->customer['suburb'], 'customers_city' => $order->customer['city'], 'customers_postcode' => $order->customer['postcode'], 'customers_state' => $order->customer['state'], 'customers_country' => $order->customer['country']['title'], 'customers_telephone' => $order->customer['telephone'], 'customers_email_address' => $order->customer['email_address'], 'customers_address_format_id' => $order->customer['format_id'], 'customers_ip' => tep_get_ip_address(), 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'], 'delivery_company' => $order->delivery['company'], 'delivery_street_address' => $order->delivery['street_address'], 'delivery_suburb' => $order->delivery['suburb'], 'delivery_city' => $order->delivery['city'], 'delivery_postcode' => $order->delivery['postcode'], 'delivery_state' => $order->delivery['state'], 'delivery_country' => $order->delivery['country']['title'], 'delivery_telephone' => $order->delivery['telephone'], 'delivery_address_format_id' => $order->delivery['format_id'], 'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'], 'billing_company' => $order->billing['company'], 'billing_street_address' => $order->billing['street_address'], 'billing_suburb' => $order->billing['suburb'], 'billing_city' => $order->billing['city'], 'billing_postcode' => $order->billing['postcode'], 'billing_state' => $order->billing['state'], 'billing_country' => $order->billing['country']['title'], 'billing_telephone' => $order->billing['telephone'], 'billing_address_format_id' => $order->billing['format_id'], 'payment_method' => strpos($order->info['payment_method'], '(') !== false ? trim(substr($order->info['payment_method'], 0, strpos($order->info['payment_method'], '('))) : $order->info['payment_method'], 'cc_type' => $order->info['cc_type'], 'cc_owner' => $order->info['cc_owner'], 'cc_number' => tep_not_null($order->info['cc_number']) ? substr($order->info['cc_number'], 0, 4) . str_repeat('X', strlen($order->info['cc_number']) - 8) . substr($order->info['cc_number'], -4) : '', 'cc_expires' => $order->info['cc_expires'], 'check_account_type' => $order->info['check_account_type'], 'check_bank_name' => $order->info['check_bank_name'], 'check_routing_number' => $order->info['check_routing_number'], 'check_account_number' => $order->info['check_account_number'], 'date_purchased' => 'now()', 'orders_status' => $order->info['order_status'], 'currency' => $order->info['currency'], 'currency_value' => $order->info['currency_value'], 'orders_is_paid' => $order->info['is_paid'], 'delivery_transfer' => tep_calculate_date_available($order->info['delivery_transfer']), 'orders_ssl_enabled' => ENABLE_SSL == true ? '1' : '0', 'shops_id' => (int) SHOP_ID);
tep_db_perform(TABLE_ORDERS, $sql_data_array);
$insert_id = tep_db_insert_id();
tep_order_log($insert_id, '*** Order #' . $insert_id . ' created (pid=' . getmypid() . ', memory_peak=' . memory_get_peak_usage(true) . ')');
tep_order_log($insert_id, tep_get_memory());
$order_delivery_transfer = $order->info['delivery_transfer'];
$order_delivery_country_code = $order->delivery['country']['iso_code_2'];
$order_products_sum = 0;
for ($i = 0, $n = sizeof($order_totals); $i < $n; $i++) {
$total_title = $order_totals[$i]['title'];
if ($order_totals[$i]['code'] != 'ot_discount' && strpos($order_totals[$i]['code'], 'tax') === false) {
list($total_title) = explode('(', $order_totals[$i]['title']);
}
// if (preg_match('/^([^\(]+)\(.*$/i', $total_title, $regs)) $total_title = $regs[1];
$total_title = trim($total_title);
tep_db_query("insert into " . TABLE_ORDERS_TOTAL . " (orders_id, title, text, value, class, sort_order) values ('" . (int) $insert_id . "', '" . tep_db_input($total_title) . "', '" . tep_db_input($order_totals[$i]['text']) . "', '" . str_replace(',', '.', tep_db_input($order_totals[$i]['value'])) . "', '" . tep_db_input($order_totals[$i]['code']) . "', '" . tep_db_input($order_totals[$i]['sort_order']) . "')");
