/**
* creates an escaped "INSERT INTO" sql-string
* @param string $table
* @param array $data with key=column_name and value=column_value
* for sql-commands set value like "sqlcommand:now()"
* @return string $returnString
*/
function getEscapedInsertInto($table, $data)
{
$table = trim($table);
if (!is_string($table) || !$table) {
return '';
}
if (!is_array($data) || !$data) {
return '';
}
$returnString = 'INSERT INTO `' . HelperFunctions::escapeSql($table) . '` (`';
$columns = array_keys($data);
$returnString .= implode('`, `', $columns);
$returnString .= '`) VALUES (';
foreach ($data as $value) {
if (strpos($value, 'sqlcommand:') === 0) {
$returnString .= HelperFunctions::escapeSql(substr($value, 11)) . ", ";
//its a sql-command
} else {
$returnString .= "'" . HelperFunctions::escapeSql($value) . "', ";
//its a normal string or int
}
}
$returnString = substr($returnString, 0, -2);
//deletes comma and whitespace
$returnString .= ')';
//dont add ';'
return $returnString;
}
function remove()
{
xtc_db_query("delete from " . HelperFunctions::escapeSql(TABLE_CONFIGURATION) . " where configuration_key LIKE 'MODULE_PAYMENT_SOFORT_SL%'");
xtc_db_query("delete from " . HelperFunctions::escapeSql(TABLE_CONFIGURATION) . " where configuration_key LIKE 'MODULE_PAYMENT_SOFORT_SOFORTLASTSCHRIFT%'");
//if this is the last removing of a multipay-paymentmethod --> we also remove all shared keys, that are used by all/most multipay-modules
parent::remove();
}
function remove()
{
xtc_db_query("delete from " . HelperFunctions::escapeSql(TABLE_CONFIGURATION) . " where configuration_key LIKE 'MODULE_ORDER_TOTAL_SOFORT_%'");
}
/**
* Insert serialized orderdata into shop-db, if it was not inserted by successUrl-call before
* @return int orderId or die() in case of failures
*/
function handleOrderInsertion($transactionId, $paymentSecret, $paymentMethod, $customerId)
{
require_once HelperFunctions::getSofortOrderhandlingLink();
$SofortOrderhandling = new SofortOrderhandling();
//get serialized sessiondata
$savedSession = $SofortOrderhandling->getSavedSessionData($transactionId, $paymentSecret);
//Order was already saved
if (!$savedSession) {
usleep(10000);
//avoid race-conditions between success-url and notification and needless error-mails
$orderId = $SofortOrderhandling->getOrderId($transactionId, $paymentSecret);
if (!$orderId) {
//saved sessiondata was not found and no order-id exists
xtc_db_query('UPDATE sofort_orders SET data_acquired = "0" WHERE payment_secret = "' . HelperFunctions::escapeSql($paymentSecret) . '" AND transaction_id = "' . HelperFunctions::escapeSql($transactionId) . '"');
$errors = array('description' => 'Order could not be saved in shop-DB and orderdata could not be found.', 'transactionId' => $transactionId, 'customerId' => $customerId, 'paymentmethod' => $paymentMethod);
HelperFunctions::sendAdminErrorMail($errors);
exit('Error: Order could not be saved.');
} else {
return $orderId;
}
} else {
//restore $_SESSION and $GLOBALS from saved serialized data
$SofortOrderhandling->restoreGivenSessionDataToSession($savedSession);
$insertData = $SofortOrderhandling->insertOrderIntoShop();
$orderId = $insertData['orderId'];
$sofortData = $insertData['sofortData'];
if (!$orderId) {
xtc_db_query('UPDATE sofort_orders SET data_acquired = "0" WHERE payment_secret = "' . HelperFunctions::escapeSql($paymentSecret) . '" AND transaction_id = "' . HelperFunctions::escapeSql($transactionId) . '"');
$errors = array('description' => 'Order was MAYBE not successfully saved in shop-DB or Order-ID is unknown. Please check the order for completeness!', 'transactionId' => $transactionId, 'paymentmethod' => $paymentMethod, 'customerId' => $customerId, 'orderdata' => $savedSession);
HelperFunctions::sendAdminErrorMail($errors);
exit('Error: MAYBE order could not be saved. Please check!');
} else {
// order was successfully saved, delete serialized session from db and send email to seller/customer
$SofortOrderhandling->insertOrderIdInSofortTables($transactionId, $paymentSecret, $orderId);
//save articleattributes (required for order-sync with SR)
if ($paymentMethod == 'sr') {
$SofortOrderhandling->insertOrderAttributesInSofortTables($orderId, $sofortData);
}
$SofortOrderhandling->deleteSavedSessionFromDb($transactionId, $paymentSecret);
$SofortOrderhandling->insertTransIdInTableOrders($transactionId, $orderId);
if ($paymentMethod == 'sr') {
HelperFunctions::sendOrderIdToSofort(MODULE_PAYMENT_SOFORT_MULTIPAY_APIKEY, $transactionId, $orderId);
}
$SofortOrderhandling->sendOrderEmails($orderId);
$SofortOrderhandling->doSpecialThingsAfterSuccessfulInsertion();
return $orderId;
}
}
}
/**
* set the given orderId into orders-table to the affected dataset
* @return always true
*/
public function insertTransIdInTableOrders($transactionId, $orderId)
{
xtc_db_query('UPDATE ' . HelperFunctions::escapeSql(TABLE_ORDERS) . ' SET orders_ident_key=\'' . HelperFunctions::escapeSql($transactionId) . '\' WHERE orders_id=\'' . HelperFunctions::escapeSql($orderId) . '\'');
return true;
}
/**
* manager for: save orderdata in shop-DB, emails, cleanup sofort-tables (if a notification has not done it before)
* @return nothing (always redirects)
*/
function _finalizeOrderprocessAfterSuccessfulPayment($transactionId, $paymentSecret)
{
//get serialized session
$savedSession = $this->SofortOrderhandling->getSavedSessionData($transactionId, $paymentSecret);
//Order was already saved
if (!$savedSession) {
usleep(10000);
//avoid race-conditions between success-url and notification and needless error-mails
$orderId = $this->SofortOrderhandling->getOrderId($transactionId, $paymentSecret);
if (!$orderId) {
//saved sessiondata was not found and no order-id exists
$errors = array('Description' => 'Order could not be saved in shop-DB and orderdata could not be found.', 'Transaction-ID' => $transactionId, 'Customer-ID' => $_SESSION['customer_id'], 'Paymentmethod' => $this->code);
HelperFunctions::sendAdminErrorMail($errors);
$errors = array(0 => array('code' => '10006'));
//Fatal error: saving in sofort_orders failed, seller informed
xtc_redirect(HelperFunctions::getCancelUrl($this->code, $errors));
} else {
// order was saved by notification
$this->SofortOrderhandling->deleteShopSessionData();
$this->SofortOrderhandling->deleteSofortSessionData();
$this->_redirectToSuccessPage($orderId);
}
} else {
$this->SofortOrderhandling->restoreGivenSessionDataToSession($savedSession);
$insertData = $this->SofortOrderhandling->insertOrderIntoShop();
$orderId = $insertData['orderId'];
$sofortData = $insertData['sofortData'];
if (!$orderId) {
xtc_db_query('UPDATE sofort_orders SET data_acquired = "0" WHERE payment_secret = "' . HelperFunctions::escapeSql($paymentSecret) . '" AND transaction_id = "' . HelperFunctions::escapeSql($transactionId) . '"');
$errors = array('description' => 'Order may not have been successfully saved in shop-DB or Order-ID is unknown. Please check the order for completeness!', 'transactionId' => $transactionId, 'paymentmethod' => $this->code, 'customerId' => $_SESSION['customer_id'], 'orderdata' => $savedSession);
HelperFunctions::sendAdminErrorMail($errors);
$errors = array(0 => array('code' => '10005'));
//Fatal error: saving in sofort_orders might have failed, seller informed
xtc_redirect(HelperFunctions::getCancelUrl($this->code, $errors));
} else {
//order was successfully saved, now delete serialized session from db, cleanup $_SESSION and send email to seller/customer
//Notice: success-message will always be set by notification into history!
$this->SofortOrderhandling->insertOrderIdInSofortTables($transactionId, $paymentSecret, $orderId);
//save articleattributes (required for order-sync with SR)
if ($this->code == 'sofort_sofortrechnung') {
$this->SofortOrderhandling->insertOrderAttributesInSofortTables($orderId, $sofortData);
}
$this->SofortOrderhandling->deleteSavedSessionFromDb($transactionId, $paymentSecret);
$this->SofortOrderhandling->insertTransIdInTableOrders($transactionId, $orderId);
if ($this->code == 'sofort_sofortrechnung') {
HelperFunctions::sendOrderIdToSofort(MODULE_PAYMENT_SOFORT_MULTIPAY_APIKEY, $transactionId, $orderId);
}
$this->SofortOrderhandling->deleteShopSessionData();
$this->SofortOrderhandling->deleteSofortSessionData();
if (SEND_EMAILS == 'true') {
$this->SofortOrderhandling->sendOrderEmails($orderId);
}
$this->SofortOrderhandling->doSpecialThingsAfterSuccessfulInsertion();
$this->_redirectToSuccessPage($orderId);
}
}
}
