$targetUrl = 'index.php';
if (isset($_GET['code'])) {
try {
$access_token = acquire_access_token($_GET['code']);
if (!isset($access_token)) {
throw new Exception('Failed to get access token');
}
// For use with "Log In and Checkout", when we just want the access token and not a full user account
$_SESSION['access_token'] = $access_token;
$profile = acquire_paypal_user_profile($access_token);
if (!isset($profile)) {
throw new Exception('Failed to get user profile');
}
$_SESSION['username'] = $profile->given_name;
$_SESSION['user'] = array("email" => $profile->email, "given_name" => $profile->given_name, "family_name" => $profile->family_name, "language" => $profile->language, "phone_number" => $profile->phone_number, "street_address" => $profile->address->street_address, "locality" => $profile->address->locality, "region" => $profile->address->region, "postal_code" => $profile->address->postal_code, "country" => $profile->address->country, "payer_id" => $profile->payer_id, "access_token" => $access_token);
if (does_user_have_account($profile->email)) {
set_user_logged_in($profile->given_name, $profile->email);
store_access_token($profile->email, $access_token);
if (!does_user_have_paypal_id($profile->email)) {
$targetUrl = 'link-accounts.php?email=' . urlencode($profile->email) . '&payer_id=' . $profile->payer_id;
}
} else {
$targetUrl = 'create-account.php';
}
} catch (Exception $e) {
throw_error_in_console($e->getMessage());
}
}
?>
<script>
/**
* create merchant account
* @return string error
*/
function create_account()
{
if (!verify_nonce()) {
return "Cross-site scripting detection error";
}
if (!isset($_POST['email']) || strlen($_POST['email']) == 0) {
return "Email address not found.";
}
if (does_user_have_account($_POST['email'])) {
return "Email account already exists.";
}
cull_accounts();
try {
global $pdo;
$query = "INSERT INTO users VALUES(\n\t\t\t\t\t0,\n\t\t\t\t\tAES_ENCRYPT(:email,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:password,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:given_name,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:family_name,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:language,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:phone_number,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:street_address,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:locality,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:region,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:postal_code,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:country,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:payer_id,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:access_token,':aes_key'),\n\t\t\t\t\tNOW(),\n\t\t\t\t\tAES_ENCRYPT(:session_key,':aes_key')\n\t\t\t\t\t)";
$query = str_replace(":aes_key", AES_KEY, $query);
$sql = $pdo->prepare($query);
$sql->bindParam(':email', $_POST['email'], PDO::PARAM_STR);
$sql->bindParam(':password', $_POST['password'], PDO::PARAM_STR);
$sql->bindParam(':given_name', $_POST['given_name'], PDO::PARAM_STR);
$sql->bindParam(':family_name', $_POST['family_name'], PDO::PARAM_STR);
$sql->bindParam(':language', $_POST['language'], PDO::PARAM_STR);
$sql->bindParam(':phone_number', $_POST['phone_number'], PDO::PARAM_STR);
$sql->bindParam(':street_address', $_POST['street_address'], PDO::PARAM_STR);
$sql->bindParam(':locality', $_POST['locality'], PDO::PARAM_STR);
$sql->bindParam(':region', $_POST['region'], PDO::PARAM_STR);
$sql->bindParam(':postal_code', $_POST['postal_code'], PDO::PARAM_STR);
$sql->bindParam(':country', $_POST['country'], PDO::PARAM_STR);
$sql->bindParam(':payer_id', $_POST['payer_id'], PDO::PARAM_STR);
$sql->bindParam(':access_token', $_POST['access_token'], PDO::PARAM_STR);
$sql->bindParam(':session_key', $_COOKIE['session_key'], PDO::PARAM_STR);
$sql->execute();
set_user_logged_in($_POST['given_name'], $_POST['email']);
} catch (Exception $e) {
echo 'Foo' . $e->getMessage();
return 'Error creating data: ' . $e->getMessage();
}
return null;
}