function draw_UpgradeAccount($admin) { global $adm_pass; global $adm_login; global $addrlink; global $pro_mysql_admin_table; global $pro_mysql_client_table; global $pro_mysql_product_table; global $pro_mysql_companies_table; global $pro_mysql_pending_renewal_table; global $secpayconf_currency_letters; if (!isset($secpayconf_currency_letters)) { get_secpay_conf(); } $out = ""; $nowrap = 'style="white-space:nowrap"'; $frm_start = "<form action=\"" . $_SERVER["PHP_SELF"] . "\">\n<input type=\"hidden\" name=\"adm_login\" value=\"{$adm_login}\">\n<input type=\"hidden\" name=\"adm_pass\" value=\"{$adm_pass}\">\n<input type=\"hidden\" name=\"addrlink\" value=\"{$addrlink}\">\n<input type=\"hidden\" name=\"action\" value=\"upgrade_myaccount\">\n"; $client = $admin["client"]; $out .= "<b><u>" . _("Upgrade my account:") . "</u></b><br>"; if ($admin["info"]["prod_id"] != 0) { $out .= "<i><u>" . _("Past account refundal") . "</u></i><br>"; $out .= _("Your last command expire on the: ") . $admin["info"]["expire"] . ".<br>"; $out .= _("Today is the: ") . date("Y-m-d") . "<br>"; $today = mktime(0, 0, 0, date("m"), date("d"), date("Y")); $ar = explode("-", $admin["info"]["expire"]); $expire = mktime(0, 0, 0, $ar[1], 0, $ar[0]); $remaining_seconds = $expire - $today; $days_remaining = $remaining_seconds / (60 * 60 * 24); $days_outstanding = 0; // don't give credit if there are negative days remaining if ($days_remaining < 0) { $days_outstanding = $days_remaining; $days_remaining = 0; } $q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='" . $admin["info"]["prod_id"] . "';"; $r = mysql_query($q) or die("Cannot querry: \"{$q}\" !!!" . mysql_error() . " line " . __LINE__ . " in file " . __FILE__); $prod = mysql_fetch_array($r); $ar = explode("-", $prod["period"]); $prod_period = mktime(0, 0, 0, $ar[1] + 1, 1, 1970 + $ar[0]); $prod_days = $prod_period / (60 * 60 * 24); $price_per_days = $prod["price_dollar"] / $prod_days; $refundal = floor($days_remaining * $price_per_days); $owing = floor($days_outstanding * $price_per_days); $out .= _("Your past account was: ") . $prod["price_dollar"] . " " . $secpayconf_currency_letters . " " . _("for") . " " . smartDate($prod["period"]) . "<br>"; $out .= _("Refund") . " (" . $days_remaining . _(" days) for upgrading will be: ") . "{$refundal} " . $secpayconf_currency_letters . "<br><br>"; $out .= _("You have") . " (" . $days_outstanding . _(" days), with ") . "{$owing}" . " " . $secpayconf_currency_letters . _(" remaining to be paid") . "<br>"; } else { $out .= _("You currently don't have a validated account. Please contact customer support."); return $out; } $out .= "<i><u>" . _("Step 1: choose your upgrade") . "</u></i><br>"; if (!isset($_REQUEST["prod_id"]) || $_REQUEST["prod_id"] == "") { $out .= _("Your current account is ") . smartByte($admin["info"]["quota"] * 1024 * 1024) . _(" disk storage and ") . smartByte($admin["info"]["bandwidth_per_month_mb"] * 1024 * 1024) . _(" of data transfer each month.") . "<br><br>" . _("To what capacity would you like to upgrade to?") . "<br>"; $q = "SELECT * FROM {$pro_mysql_product_table} WHERE (quota_disk > '" . $admin["info"]["quota"] . "' OR bandwidth > '" . $admin["info"]["bandwidth_per_month_mb"] . "' or max_domain>" . $admin["info"]["max_domain"] . ") and heb_type='shared';"; $r = mysql_query($q) or die("Cannot query \"{$q}\" !" . mysql_error()); $n = mysql_num_rows($r); $out .= "{$frm_start}"; $out .= "<table border=\"1\" cellspacing=\"0\" cellpadding=\"0\" width=\"100%\" height=\"1\">"; $out .= "<tr><td></td><td>" . _("Product") . "</td><td>" . _("Storage") . "</td><td>" . _("Bandwidth/month") . "</td>\n\t\t\t<td>" . _("Max. Domains") . "</td><td>" . _("Price") . "</td><td>" . _("Period") . "</td></tr>"; if ($n > 0) { for ($i = 0; $i < $n; $i++) { $ro = mysql_fetch_array($r); if ($i % 2) { $color = " bgcolor=\"#000000\" "; $fnt1 = "<font color=\"#FFFFFF\"> "; $fnt2 = "</font>"; } else { $color = ""; $fnt1 = ""; $fnt2 = ""; } $out .= '<tr><td>' . $fnt1 . '<input type="radio" name="prod_id" value="' . $ro["id"] . '">' . $fnt2 . '</td>'; $out .= "<td {$color} {$nowrap} >{$fnt1}" . $ro["name"] . $fnt2 . '</td>'; $out .= "<td {$color} {$nowrap} >{$fnt1}" . smartByte($ro["quota_disk"] * 1024 * 1024) . $fnt2 . '</td>'; $out .= "<td {$color} {$nowrap} >{$fnt1}" . smartByte($ro["bandwidth"] * 1024 * 1024) . $fnt2 . '</td>'; $out .= "<td {$color} {$nowrap} >{$fnt1}" . $ro["max_domain"] . $fnt2 . '</td>'; $out .= "<td {$color} {$nowrap} >{$fnt1}" . $ro["price_dollar"] . $fnt2 . '</td>'; $out .= "<td {$color} {$nowrap} >{$fnt1}" . smartDate($ro["period"]) . $fnt2 . '</td></tr>'; } $out .= '</table><center><input type="submit" value="' . _("Calculate price") . '"></center></form>'; } else { $out .= '</table><center>' . _("There is no product with greater capacity available, please contact Support service.") . '</center></form>'; } return $out; } $q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='" . $_REQUEST["prod_id"] . "';"; $r = mysql_query($q) or die("Cannot query \"{$q}\" !" . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { die("Product not found !!!"); } $ro = mysql_fetch_array($r); $q = "SELECT * FROM {$pro_mysql_client_table} WHERE id='" . $admin["info"]["id_client"] . "';"; $r = mysql_query($q) or die("Cannot query \"{$q}\" !" . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { die("Client not found !!!"); } $rocli = mysql_fetch_array($r); $frm_start .= '<input type="hidden" name="prod_id" value="' . $ro["id"] . '">'; $out .= _("You have selected") . ": " . $ro["name"]; $out .= " (" . _("Storage") . ": " . smartByte($ro["quota_disk"] * 1024 * 1024); $out .= ", " . _("Transfer") . ": " . smartByte($ro["bandwidth"] * 1024 * 1024) . '), '; $out .= ", " . _("Max. Domains") . ": " . $ro["max_domain"] . '), '; $out .= '$' . $ro["price_dollar"] . ' ' . _("each") . ' ' . smartDate($ro["period"]); $out .= "<br><br><i><u>" . _("Step 2: proceed to upgrade") . "</u></i><br>"; $remaining = $admin["client"]["dollar"]; $ze_price = $ro["price_dollar"]; $heber_price = $ze_price - $refundal; if (isset($_REQUEST["inner_action"]) && $_REQUEST["inner_action"] == "return_from_paypal_upgrade_account") { $ze_refund = isPayIDValidated(addslashes($_REQUEST["pay_id"])); if ($ze_refund == 0) { $out .= "<font color=\"red\">" . _("The transaction failed, please try again!") . "</font>"; } else { $out .= "<font color=\"green\">" . _("Funds added to your account!") . "</font><br>"; $q = "UPDATE {$pro_mysql_client_table} SET dollar = dollar+" . $ze_refund . " WHERE id='" . $admin["info"]["id_client"] . "';"; $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $admin["client"]["dollar"] += $ze_refund; $remaining += $ze_refund; } } $out .= _("Remaining on your account") . ": " . $remaining . "{$secpayconf_currency_letters}<br>\n" . _("New account price") . ": " . $ze_price . "{$secpayconf_currency_letters}<br>\n" . _("Past account refundal") . ": " . $refundal . "{$secpayconf_currency_letters}<br>\n" . _("Total price") . ": " . $heber_price . "{$secpayconf_currency_letters}<br>"; if ($heber_price > $remaining) { $to_pay = $heber_price - $remaining; $payid = createCreditCardPaiementID($to_pay, $admin["info"]["id_client"], "Account upgrade: " . $ro["name"], "no"); $return_url = $_SERVER["PHP_SELF"] . "?adm_login={$adm_login}&adm_pass={$adm_pass}" . "&addrlink={$addrlink}&action=upgrade_myaccount&prod_id=9&inner_action=return_from_paypal_upgrade_account&payid={$payid}"; $service_location = $conf_this_server_country_code; $company_invoicing_id = findInvoicingCompany($conf_this_server_country_code, $rocli["country"]); $q = "SELECT * FROM {$pro_mysql_companies_table} WHERE id='{$company_invoicing_id}';"; $r = mysql_query($q) or die("Cannot query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error()); if ($n != 1) { $form = "Cannot find company invoicing line " . __LINE__ . " file " . __FILE__; break; } $company_invoicing = mysql_fetch_array($r); // If VAT is set, use it. if ($company_invoicing["vat_rate"] == 0 || $company_invoicing["vat_number"] == "") { $vat_rate = 0; $use_vat = "no"; } else { // Both companies are in europe, in different countries, and customer as a VAT number, // then there is no VAT and the customer shall pay the VAT in it's own country // These are the VAT rules in the European Union... if ($client["is_company"] == "yes" && $client["vat_num"] != "" && isset($cc_europe[$client["country"]]) && isset($cc_europe[$company_invoicing["country"]]) && $client["country"] != $company_invoicing["country"]) { $vat_rate = 0; $use_vat = "no"; } else { $use_vat = "yes"; $vat_rate = $company_invoicing["vat_rate"]; } } // Save the values in SQL and process the paynow buttons $q = "INSERT INTO {$pro_mysql_pending_renewal_table} (id,adm_login,renew_date,renew_time,product_id,renew_id,heb_type,country_code)\n\t\tVALUES ('','" . $_REQUEST["adm_login"] . "',now(),now(),'" . $ro["id"] . "','" . $rocli["id"] . "','shared-upgrade','{$country}');"; $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $renew_id = mysql_insert_id(); $payid = createCreditCardPaiementID($heber_price, $renew_id, "Account upgrade: " . $ro["name"] . " (login: "******"adm_login"] . ")", "no", $prod_id, $vat_rate); $q = "UPDATE {$pro_mysql_pending_renewal_table} SET pay_id='{$payid}' WHERE id='{$renew_id}';"; $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $payButton = paynowButton($payid, $heber_price, "Account upgrade: " . $ro["name"], $return_url, $vat_rate); $out .= "<br>" . _("You currently don't have enough funds on your account. You will be redirected to our payment system. Please click on the button below to pay.") . "<br><br>" . $payButton; return $out; } $after_upgrade_remaining = $remaining - $heber_price; $out .= _("After upgrade, you will have") . ": " . $after_upgrade_remaining . " " . $secpayconf_currency_letters . "<br><br>"; // Check for confirmation if (isset($_REQUEST["toreg_confirm_register"]) && $_REQUEST["toreg_confirm_register"] != "yes") { $out .= _("You have enough funds on your account to proceed account upgrade. Press the confirm button and your order will be proceeded.") . "<br><br>\n{$frm_start}\n<input type=\"hidden\" name=\"toreg_confirm_register\" value=\"yes\">\n<input type=\"submit\" value=\"" . _("Proceed to account upgrade") . "\">\n</form>"; return $out; } return $out; }
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { die("Could not found the invoice or download_pass not correct"); } $completedorder = mysql_fetch_array($r); // Get the client file $q = "SELECT * FROM {$pro_mysql_client_table} WHERE id='" . $completedorder["id_client"] . "';"; $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { die("Could not found the client file"); } $client = mysql_fetch_array($r); // Guess the company ID depending on the service location, then client country $company_id = findInvoicingCompany($completedorder["country_code"], $client["country"]); // Get the company information $q = "SELECT * FROM {$pro_mysql_companies_table} WHERE id='{$company_id}' LIMIT 1"; $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { die("Could not get company informations"); } $company = mysql_fetch_array($r); $q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='" . $completedorder["product_id"] . "';"; $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { die("Could not found the product"); } $product = mysql_fetch_array($r);
function renew_form() { global $pro_mysql_admin_table; global $pro_mysql_new_admin_table; global $pro_mysql_product_table; global $pro_mysql_pending_renewal_table; global $pro_mysql_client_table; global $pro_mysql_companies_table; global $pro_mysql_vps_table; global $pro_mysql_dedicated_table; global $pro_mysql_vps_server_table; global $conf_webmaster_email_addr; global $conf_message_subject_header; global $conf_this_server_country_code; global $secpayconf_currency_letters; global $cc_europe; get_secpay_conf(); // Do field format checking and escaping for all fields if (!isFtpLogin($_REQUEST["adm_login"])) { $ret["err"] = 2; $ret["mesg"] = "User login format incorrect. Please use letters and numbers only and from 4 to 16 chars."; return $ret; } $q = "SELECT adm_login,id_client FROM {$pro_mysql_admin_table} WHERE adm_login='******';"; $r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $ret["err"] = 3; $ret["mesg"] = "Username not found in database! Try again."; return $ret; } else { $admin = mysql_fetch_array($r); } if (isset($_REQUEST["renew_type"]) && ($_REQUEST["renew_type"] == "ssl" || $_REQUEST["renew_type"] == "ssl_renew")) { $q = "SELECT * FROM {$pro_mysql_product_table} WHERE heb_type ='ssl';"; } else { $q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='" . addslashes($_REQUEST["product_id"]) . "';"; } $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $ret["err"] = 3; $ret["mesg"] = "<font color=\"red\">Cannot find product id!</font>"; return $ret; } $a = mysql_fetch_array($r); $product = $a; $the_prod = $a["name"] . " (" . $a["price_dollar"] . " {$secpayconf_currency_letters})"; $prod_id = $a["id"]; $form = "<b><u>" . _("Renewal for login:"******"</u></b> " . $_REQUEST["adm_login"] . "<br>"; $form .= "<b><u>" . _("Product to renew:") . "</u></b> " . $a["name"] . " (" . number_format($a["price_dollar"], 2) . " {$secpayconf_currency_letters})<br><br>"; switch ($_REQUEST["renew_type"]) { case "vps": if (!isRandomNum($_REQUEST["vps_id"])) { $ret["err"] = 3; $ret["mesg"] = "<font color=\"red\">VPS id is not a valid number!</font>"; return $ret; } $client_id = $_REQUEST["vps_id"]; $q = "SELECT country_code FROM {$pro_mysql_vps_table},{$pro_mysql_vps_server_table}\n\t\tWHERE {$pro_mysql_vps_table}.id='" . $_REQUEST["vps_id"] . "' AND {$pro_mysql_vps_server_table}.hostname = {$pro_mysql_vps_table}.vps_server_hostname"; $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " mysql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $ret["err"] = 3; $ret["mesg"] = "<font color=\"red\">Cannot find vps server country</font>"; return $ret; } $ax = mysql_fetch_array($r); $country = $ax["country_code"]; break; case "shared": case "ssl": if (!isRandomNum($_REQUEST["client_id"])) { $ret["err"] = 3; $ret["mesg"] = "<font color=\"red\">Client id is not a valid number!</font>"; return $ret; } $client_id = $_REQUEST["client_id"]; $country = $conf_this_server_country_code; break; case "ssl_renew": if (!isRandomNum($_REQUEST["ssl_ip_id"])) { $ret["err"] = 3; $ret["mesg"] = "<font color=\"red\">ssl_ip_id is not a valid number!</font>"; return $ret; } $client_id = $_REQUEST["ssl_ip_id"]; $country = $conf_this_server_country_code; break; case "server": if (!isRandomNum($_REQUEST["server_id"])) { $ret["err"] = 3; $ret["mesg"] = "<font color=\"red\">Server id is not a valid number!</font>"; return $ret; } $client_id = $_REQUEST["server_id"]; $q = "SELECT country_code FROM {$pro_mysql_dedicated_table} WHERE id='" . $_REQUEST["server_id"] . "';"; $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " mysql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $ret["err"] = 3; $ret["mesg"] = "<font color=\"red\">Cannot find dedicated server country</font>"; return $ret; } $ax = mysql_fetch_array($r); $country = $ax["country_code"]; break; default: die("Renew type unknown line " . __LINE__ . " file " . __FILE__); // To be implemented for other means! break; } $mail_content = "\nSomebody tried to renew a contract. Here is the details of the renewal:\n\nlogin: "******"adm_login"] . "\nProduct name: {$the_prod}\nRenew product type: " . $_REQUEST["renew_type"] . "\nService country: {$country}\n"; if ($admin["id_client"] == 0) { $ret["err"] = 3; $ret["mesg"] = "Admin does not link to a client."; return $ret; } // Get the client ID so we can get the country $q = "SELECT * FROM {$pro_mysql_client_table} WHERE id='" . $admin["id_client"] . "'"; $r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $ret["err"] = 3; $ret["mesg"] = "Client not found in database! Try again."; return $ret; } else { $client = mysql_fetch_array($r); } // Get the VAT from the invoicing company $company_invoicing_id = findInvoicingCompany($country, $client["country"]); $q = "SELECT * FROM {$pro_mysql_companies_table} WHERE id='{$company_invoicing_id}';"; $r = mysql_query($q) or die("Cannot query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error()); if ($n != 1) { $ret["err"] = 3; $ret["mesg"] = "Cannot find company for invoicing."; return $ret; } $company_invoicing = mysql_fetch_array($r); // If VAT is set, use it. if ($company_invoicing["vat_rate"] == 0 || $company_invoicing["vat_number"] == "") { $vat_rate = 0; $use_vat = "no"; } else { // Both companies are in europe, in different countries, and customer as a VAT number, // then there is no VAT and the customer shall pay the VAT in it's own country // These are the VAT rules in the European Union... if ($client["is_company"] == "yes" && $client["vat_num"] != "" && isset($cc_europe[$client["country"]]) && isset($cc_europe[$company_invoicing["country"]]) && $client["country"] != $company_invoicing["country"]) { $vat_rate = 0; $use_vat = "no"; } else { $use_vat = "yes"; $vat_rate = $company_invoicing["vat_rate"]; } } $headers = "From: DTC Robot <{$conf_webmaster_email_addr}>"; $subject = $admin["adm_login"] . " tried to renew {$the_prod}"; mail($conf_webmaster_email_addr, "{$conf_message_subject_header} {$subject}", $mail_content, $headers); // Save the values in SQL and process the paynow buttons $q = "INSERT INTO {$pro_mysql_pending_renewal_table} (id,adm_login,renew_date,renew_time,product_id,renew_id,heb_type,country_code)\n\tVALUES ('','" . $_REQUEST["adm_login"] . "',now(),now(),'" . $prod_id . "','" . $client_id . "','" . $_REQUEST["renew_type"] . "','{$country}');"; $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $renew_id = mysql_insert_id(); $payid = createCreditCardPaiementID($a["price_dollar"], $renew_id, $a["name"] . " (login: "******"adm_login"] . ")", "no", $prod_id, $vat_rate); $q = "UPDATE {$pro_mysql_pending_renewal_table} SET pay_id='{$payid}' WHERE id='{$renew_id}';"; $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $return_url = $_SERVER["PHP_SELF"] . "?action=return_from_pay®id={$payid}"; $paybutton = paynowButton($payid, $a["price_dollar"], $a["name"] . " (login: "******"adm_login"] . ")", $return_url, $vat_rate); $form .= _("Please click on the button below to send money in your account:") . "<br><br>" . $paybutton; $ret["err"] = 0; $ret["mesg"] = $form; return $ret; }
case "vps": $q = "SELECT * FROM {$pro_mysql_vps_server_table} WHERE hostname='" . $newadmin["vps_location"] . "'"; $r = mysql_query($q) or die("Cannot query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error()); if ($n != 1) { $form = _("Cannot reselect product: registration failed!"); //"Cannot reselect product: registration failed!"; $print_form = "no"; $service_location = $conf_this_server_country_code; } else { $vps_server = mysql_fetch_array($r); $service_location = $vps_server["country_code"]; } break; } if ($print_form == "yes") { $company_invoicing_id = findInvoicingCompany($service_location, $newadmin["country"]); $q = "SELECT * FROM {$pro_mysql_companies_table} WHERE id='{$company_invoicing_id}';"; $r = mysql_query($q) or die("Cannot query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error()); if ($n != 1) { $form = "Cannot find company invoicing line " . __LINE__ . " file " . __FILE__; $print_form = "no"; } else { $company_invoicing = mysql_fetch_array($r); // If VAT is set, use it. if ($company_invoicing["vat_rate"] == 0 || $company_invoicing["vat_number"] == "") { $vat_rate = 0; $use_vat = "no"; } else { // Both companies are in europe, in different countries, and customer as a VAT number, // then there is no VAT and the customer shall pay the VAT in it's own country // These are the VAT rules in the European Union...