/** * Performs a sessionGet() CASH Request for the specified variable * */ public static function getPersistentData($var) { $helper_cash_request = new CASHRequest(null); $result = $helper_cash_request->sessionGet($var); unset($helper_cash_request); return $result; }
function testWhatever() { $request = new CASHRequest(); // test script-scope sesstion values: $value = $request->sessionGet('foobar', 'script'); $this->assertFalse($value); $request->sessionSet('foobar', 'baz', 'script'); $value = $request->sessionGet('foobar', 'script'); $this->assertEqual($value, 'baz'); $request->sessionClear('foobar', 'script'); $value = $request->sessionGet('foobar', 'script'); $this->assertFalse($value); $request->sessionSet('foobar', 'baz', 'script'); $request->sessionClearAll(); $value = $request->sessionGet('foobar', 'script'); $this->assertFalse($value); // test persistent-scope sesstion values: $value = $request->sessionGet('foobar'); $this->assertFalse($value); $request->sessionSet('foobar', 'baz'); $value = $request->sessionGet('foobar'); $this->assertFalse($value); // fail without startSession() $session = CASHSystem::startSession(); $this->assertTrue($session); echo 'Session started: ' . json_encode($session) . "\n"; $request->sessionSet('foobar', 'baz'); $value = $request->sessionGet('foobar'); $this->assertEqual($value, 'baz'); $request->sessionClear('foobar'); $value = $request->sessionGet('foobar'); $this->assertFalse($value); $request->sessionSet('foobar', 'baz'); $request->sessionClearAll(); $value = $request->sessionGet('foobar'); $this->assertFalse($value); }
public static function getWebAuthClient($redirect_uri) { $connections = CASHSystem::getSystemSettings('system_connections'); if (isset($connections['com.dropbox'])) { $app_info = new dbx\AppInfo($connections['com.dropbox']['app_key'], $connections['com.dropbox']['app_secret']); $cash_page_request = new CASHRequest(null); $csrf_token = $cash_page_request->sessionGet('dropbox_csrf_token'); if (!$csrf_token) { $user_id = AdminHelper::getPersistentData('cash_effective_user'); $csrf_token = sha1('com.dropbox:user-{$user_id}'); } $client_identifier = "CASH Music/1.0"; $csrf_array = array('dropbox-auth-csrf-token' => $csrf_token); $csrf_token_store = new dbx\ArrayEntryStore($csrf_array, 'dropbox-auth-csrf-token'); return new dbx\WebAuth($app_info, $client_identifier, $redirect_uri, $csrf_token_store); } else { return false; } }
$login_details = AdminHelper::doLogin($_POST['address'], $_POST['password']); if ($login_details !== false) { $admin_primary_cash_request->sessionSet('cash_actual_user', $login_details); $admin_primary_cash_request->sessionSet('cash_effective_user', $login_details); $admin_primary_cash_request->sessionSet('cash_effective_user_email', $_POST['address']); if ($include_filename == 'logout.php') { header('Location: ' . ADMIN_WWW_BASE_PATH); exit; } } else { $admin_primary_cash_request->sessionClearAll(); $login_message = "Try Again"; } } // make a few objects to use throughout the pages $cash_admin = new AdminCore($admin_primary_cash_request->sessionGet('cash_effective_user')); if (isset($_GET['hidebanner'])) { $current_settings = $cash_admin->getUserSettings(); if (isset($current_settings['banners'][BASE_PAGENAME])) { $current_settings['banners'][BASE_PAGENAME] = false; $cash_admin->setUserSettings($current_settings); } } // finally, output the template and page-specific markup (checking for current login) if ($admin_primary_cash_request->sessionGet('cash_actual_user')) { include $pages_path . 'definitions/' . $include_filename; include ADMIN_BASE_PATH . '/ui/default/top.php'; include $pages_path . 'markup/' . $include_filename; include ADMIN_BASE_PATH . '/ui/default/bottom.php'; } else { include ADMIN_BASE_PATH . '/ui/default/login.php';
Love, Jesse in the past AKA "Smart Jesse" PS: you're dumb. */ if (isset($_GET['cash_action']) && isset($_GET['element_id'])) { $requests = array('embed', $_GET['element_id']); } if ($requests) { require_once dirname(__FILE__) . '/constants.php'; require_once CASH_PLATFORM_PATH; $cash_page_request = new CASHRequest(null); $initial_page_request = $cash_page_request->sessionGet('initial_page_request', 'script'); if ($requests[0] != 'payload' || $requests[0] != 'json') { // open up some mustache in here: include_once dirname(CASH_PLATFORM_PATH) . '/lib/mustache/Mustache.php'; $freddiemercury = new Mustache(); } // pass basic no-cache headers header('P3P: CP="ALL CUR OUR"'); // P3P privacy policy fix header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); header("Access-Control-Allow-Origin: *"); header('Access-Control-Allow-Credentials: true'); header('Access-Control-Allow-Headers: X-Requested-With, Content-Type');
protected function finalizeRedirectedPayment($order_id, $creation_date, $direct_post_details = false, $session_id = false) { $order_details = $this->getOrder($order_id); $transaction_details = $this->getTransaction($order_details['transaction_id']); $connection_type = $this->getConnectionType($transaction_details['connection_id']); $r = new CASHRequest(); $r->startSession(false, $session_id); $finalize_url = $r->sessionGet('payment_finalize_url'); if ($finalize_url) { $r->sessionClear('payment_finalize_url'); } switch ($connection_type) { case 'com.paypal': if (isset($_GET['token'])) { if (isset($_GET['PayerID'])) { $pp = new PaypalSeed($order_details['user_id'], $transaction_details['connection_id'], $_GET['token']); $initial_details = $pp->getExpressCheckout(); if ($initial_details['ACK'] == 'Success') { $order_totals = $this->getOrderTotals($order_details['order_contents']); if ($initial_details['AMT'] >= $order_totals['price']) { $final_details = $pp->doExpressCheckout(); if ($final_details) { // look for a user to match the email. if not present, make one $user_request = new CASHRequest(array('cash_request_type' => 'people', 'cash_action' => 'getuseridforaddress', 'address' => $initial_details['EMAIL'])); $user_id = $user_request->response['payload']; if (!$user_id) { $user_request = new CASHRequest(array('cash_request_type' => 'system', 'cash_action' => 'addlogin', 'address' => $initial_details['EMAIL'], 'password' => time(), 'is_admin' => 0, 'display_name' => $initial_details['FIRSTNAME'] . ' ' . $initial_details['LASTNAME'], 'first_name' => $initial_details['FIRSTNAME'], 'last_name' => $initial_details['LASTNAME'], 'address_country' => $initial_details['COUNTRYCODE'])); $user_id = $user_request->response['payload']; } // deal with physical quantities if ($order_details['physical'] == 1) { $order_items = json_decode($order_details['order_contents'], true); if (is_array($order_items)) { foreach ($order_items as $i) { if ($i['available_units'] > 0 && $i['physical_fulfillment'] == 1) { $item = $this->getItem($i['id']); if ($i['variant']) { $variant_id = 0; $variant_qty = 0; if ($item['variants']) { foreach ($item['variants']['quantities'] as $q) { if ($q['key'] == $i['variant']) { $variant_id = $q['id']; $variant_qty = $q['value']; break; } } if ($variant_id) { $this->editItemVariant($variant_id, max($variant_qty - $i['qty'], 0), $i['id']); } } } else { $available_units = $this->editItem($i['id'], false, false, false, false, false, max($item['available_units'] - $i['qty'], 0)); } } } } } // record all the details if ($order_details['digital'] == 1 && $order_details['physical'] == 0) { // if the order is 100% digital just mark it as fulfilled $is_fulfilled = 1; } else { // there's something physical. sorry dude. gotta deal with it still. $is_fulfilled = 0; } $this->editOrder($order_id, $is_fulfilled, 0, false, $initial_details['COUNTRYCODE'], $user_id); $this->editTransaction($order_details['transaction_id'], strtotime($final_details['TIMESTAMP']), $final_details['CORRELATIONID'], json_encode($initial_details), json_encode($final_details), 1, $final_details['PAYMENTINFO_0_AMT'], $final_details['PAYMENTINFO_0_FEEAMT'], 'complete'); // empty the cart at this point $this->emptyCart($session_id); // TODO: add code to order metadata so we can track opens, etc $order_details['customer_details']['email_address'] = $initial_details['EMAIL']; $order_details['gross_price'] = $final_details['PAYMENTINFO_0_AMT']; $this->sendOrderReceipt(false, $order_details, $finalize_url); return $order_details['id']; } else { // make sure this isn't an accidentally refreshed page if ($initial_details['CHECKOUTSTATUS'] != 'PaymentActionCompleted') { $initial_details['ERROR_MESSAGE'] = $pp->getErrorMessage(); // there was an error processing the transaction $this->editOrder($order_id, 0, 1); $this->editTransaction($order_details['transaction_id'], strtotime($initial_details['TIMESTAMP']), $initial_details['CORRELATIONID'], false, json_encode($initial_details), 0, false, false, 'error processing payment'); return false; } else { // this is a successful transaction with the user hitting refresh // as long as it's within 30 minutes of the original return true, otherwise // call it false and allow the page to expire if (time() - strtotime($initial_details['TIMESTAMP']) < 180) { return true; } else { return false; } } } } else { // insufficient funds — user changed amount? $this->editOrder($order_id, 0, 1); $this->editTransaction($order_details['transaction_id'], strtotime($initial_details['TIMESTAMP']), $initial_details['CORRELATIONID'], false, json_encode($initial_details), 0, false, false, 'incorrect amount'); return false; } } else { // order reporting failure $this->editOrder($order_id, 0, 1); $this->editTransaction($order_details['transaction_id'], strtotime($initial_details['TIMESTAMP']), $initial_details['CORRELATIONID'], false, json_encode($initial_details), 0, false, false, 'payment failed'); return false; } } else { // user canceled transaction $this->editOrder($order_id, 0, 1); $this->editTransaction($order_details['transaction_id'], time(), false, false, false, 0, false, false, 'canceled'); return false; } } break; default: return false; } }
$include_filename = BASE_PAGENAME . '.php'; // turn the rest of the request into the parameters array $request_parameters = array_slice($exploded_request, 0 - (sizeof($exploded_request) - $fails_at_level)); } } else { define('BASE_PAGENAME', ''); $include_filename = 'error.php'; } } } else { define('BASE_PAGENAME', 'mainpage'); $include_filename = 'mainpage.php'; } $run_login_scripts = false; // make an object to use throughout the pages $cash_admin = new AdminCore($admin_primary_cash_request->sessionGet('cash_effective_user')); $cash_admin->page_data['www_path'] = ADMIN_WWW_BASE_PATH; // if a login needs doing, do it $cash_admin->page_data['login_message'] = 'Log In'; if (isset($_POST['login'])) { $browseridassertion = false; if (isset($_POST['browseridassertion'])) { if ($_POST['browseridassertion'] != -1) { $browseridassertion = $_POST['browseridassertion']; } } $login_details = AdminHelper::doLogin($_POST['address'], $_POST['password'], true, $browseridassertion); if ($login_details !== false) { $admin_primary_cash_request->sessionSet('cash_actual_user', $login_details); $admin_primary_cash_request->sessionSet('cash_effective_user', $login_details); if ($browseridassertion) {
protected function finalizeRedirectedPayment($order_id, $creation_date, $direct_post_details = false, $session_id = false) { $order_details = $this->getOrder($order_id); $transaction_details = $this->getTransaction($order_details['transaction_id']); $connection_type = $this->getConnectionType($transaction_details['connection_id']); $r = new CASHRequest(); $r->startSession(false, $session_id); $finalize_url = $r->sessionGet('payment_finalize_url'); if ($finalize_url) { $r->sessionClear('payment_finalize_url'); } switch ($connection_type) { case 'com.paypal': if (isset($_GET['token'])) { if (isset($_GET['PayerID'])) { $pp = new PaypalSeed($order_details['user_id'], $transaction_details['connection_id'], $_GET['token']); $initial_details = $pp->getExpressCheckout(); if ($initial_details['ACK'] == 'Success') { $order_totals = $this->getOrderTotals($order_details['order_contents']); if ($initial_details['AMT'] >= $order_totals['price']) { $final_details = $pp->doExpressCheckout(); if ($final_details) { // look for a user to match the email. if not present, make one $user_request = new CASHRequest(array('cash_request_type' => 'people', 'cash_action' => 'getuseridforaddress', 'address' => $initial_details['EMAIL'])); $user_id = $user_request->response['payload']; if (!$user_id) { $user_request = new CASHRequest(array('cash_request_type' => 'system', 'cash_action' => 'addlogin', 'address' => $initial_details['EMAIL'], 'password' => time(), 'is_admin' => 0, 'display_name' => $initial_details['FIRSTNAME'] . ' ' . $initial_details['LASTNAME'], 'first_name' => $initial_details['FIRSTNAME'], 'last_name' => $initial_details['LASTNAME'], 'address_country' => $initial_details['COUNTRYCODE'])); $user_id = $user_request->response['payload']; } // deal with physical quantities if ($order_details['physical'] == 1) { $order_items = json_decode($order_details['order_contents'], true); if (is_array($order_items)) { foreach ($order_items as $i) { if ($i['available_units'] > 0 && $i['physical_fulfillment'] == 1) { $item = $this->getItem($i['id']); if ($i['variant']) { $variant_id = 0; $variant_qty = 0; if ($item['variants']) { foreach ($item['variants']['quantities'] as $q) { if ($q['key'] == $i['variant']) { $variant_id = $q['id']; $variant_qty = $q['value']; break; } } if ($variant_id) { $this->editItemVariant($variant_id, max($variant_qty - $i['qty'], 0), $i['id']); } } } else { $available_units = $this->editItem($i['id'], false, false, false, false, false, max($item['available_units'] - $i['qty'], 0)); } } } } } // record all the details if ($order_details['digital'] == 1 && $order_details['physical'] == 0) { // if the order is 100% digital just mark it as fulfilled $is_fulfilled = 1; } else { // there's something physical. sorry dude. gotta deal with it still. $is_fulfilled = 0; } $this->editOrder($order_id, $is_fulfilled, 0, false, $initial_details['COUNTRYCODE'], $user_id); $this->editTransaction($order_details['transaction_id'], strtotime($final_details['TIMESTAMP']), $final_details['CORRELATIONID'], json_encode($initial_details), json_encode($final_details), 1, $final_details['PAYMENTINFO_0_AMT'], $final_details['PAYMENTINFO_0_FEEAMT'], 'complete'); // empty the cart at this point $this->emptyCart($session_id); // TODO: add code to order metadata // bit of a hack, hard-wiring the email bits: try { $personalized_message = ''; if ($order_details['element_id']) { $element_request = new CASHRequest(array('cash_request_type' => 'element', 'cash_action' => 'getelement', 'id' => $order_details['element_id'])); if ($element_request->response['payload']) { if (isset($element_request->response['payload']['options']['message_email'])) { if ($element_request->response['payload']['options']['message_email']) { $personalized_message = $element_request->response['payload']['options']['message_email'] . "\n\n"; } } } } if ($order_details['digital']) { $addcode_request = new CASHRequest(array('cash_request_type' => 'element', 'cash_action' => 'addlockcode', 'element_id' => $order_details['element_id'])); if (!$finalize_url) { $finalize_url = CASHSystem::getCurrentURL(); } CASHSystem::sendEmail('Thank you for your order', $order_details['user_id'], $initial_details['EMAIL'], $personalized_message . "Your order is complete. Here are some details:\n\n**Order #" . $order_details['id'] . "** \n" . $initial_details['PAYMENTREQUEST_0_DESC'] . " \n Total: " . CASHSystem::getCurrencySymbol($order_details['currency']) . number_format($final_details['PAYMENTINFO_0_AMT'], 2) . "\n\n" . "\n\n" . '[View your receipt and any downloads](' . $finalize_url . '?cash_request_type=element&cash_action=redeemcode&code=' . $addcode_request->response['payload'] . '&element_id=' . $order_details['element_id'] . '&email=' . urlencode($initial_details['EMAIL']) . '&order_id=' . $order_details['id'] . ')', 'Thank you.'); } else { CASHSystem::sendEmail('Thank you for your order', $order_details['user_id'], $initial_details['EMAIL'], $personalized_message . "Your order is complete. Here are some details:\n\n**Order #" . $order_details['id'] . "** \n" . $initial_details['PAYMENTREQUEST_0_DESC'] . " \n Total: " . CASHSystem::getCurrencySymbol($order_details['currency']) . number_format($final_details['PAYMENTINFO_0_AMT'], 2) . "\n\n", 'Thank you.'); } } catch (Exception $e) { // TODO: handle the case where an email can't be sent. maybe display the download // code on-screen? that plus storing it with the order is probably enough } return $order_details['id']; } else { // make sure this isn't an accidentally refreshed page if ($initial_details['CHECKOUTSTATUS'] != 'PaymentActionCompleted') { $initial_details['ERROR_MESSAGE'] = $pp->getErrorMessage(); // there was an error processing the transaction $this->editOrder($order_id, 0, 1); $this->editTransaction($order_details['transaction_id'], strtotime($initial_details['TIMESTAMP']), $initial_details['CORRELATIONID'], false, json_encode($initial_details), 0, false, false, 'error processing payment'); return false; } else { // this is a successful transaction with the user hitting refresh // as long as it's within 30 minutes of the original return true, otherwise // call it false and allow the page to expire if (time() - strtotime($initial_details['TIMESTAMP']) < 180) { return true; } else { return false; } } } } else { // insufficient funds — user changed amount? $this->editOrder($order_id, 0, 1); $this->editTransaction($order_details['transaction_id'], strtotime($initial_details['TIMESTAMP']), $initial_details['CORRELATIONID'], false, json_encode($initial_details), 0, false, false, 'incorrect amount'); return false; } } else { // order reporting failure $this->editOrder($order_id, 0, 1); $this->editTransaction($order_details['transaction_id'], strtotime($initial_details['TIMESTAMP']), $initial_details['CORRELATIONID'], false, json_encode($initial_details), 0, false, false, 'payment failed'); return false; } } else { // user canceled transaction $this->editOrder($order_id, 0, 1); $this->editTransaction($order_details['transaction_id'], time(), false, false, false, 0, false, false, 'canceled'); return false; } } break; default: return false; } }
/** * The main public method to embed elements. Notice that it echoes rather * than returns, because it's meant to be used simply by calling and spitting * out the needed code... * * @return none */ public static function embedElement($element_id) { // fire up the platform sans-direct-request to catch any GET/POST info sent // in to the page $cash_page_request = new CASHRequest(null); $initial_page_request = $cash_page_request->sessionGet('initial_page_request', 'script'); if ($initial_page_request && isset($initial_page_request['request']['element_id'])) { // now test that the initial POST/GET was targeted for this element: if ($initial_page_request['request']['element_id'] == $element_id) { $status_uid = $initial_page_request['status_uid']; $original_request = $initial_page_request['request']; $original_response = $initial_page_request['response']; } else { $status_uid = false; $original_request = false; $original_response = false; } } else { $status_uid = false; $original_request = false; $original_response = false; } $cash_body_request = new CASHRequest(array('cash_request_type' => 'element', 'cash_action' => 'getmarkup', 'id' => $element_id, 'status_uid' => $status_uid, 'original_request' => $original_request, 'original_response' => $original_response)); if ($cash_body_request->response['status_uid'] == 'element_getmarkup_400') { echo '<div class="cash_system_error">Element #' . $element_id . ' could not be found.</div>'; } if (is_string($cash_body_request->response['payload'])) { echo $cash_body_request->response['payload']; } if ($cash_body_request->sessionGet('initialized_element_' . $element_id, 'script')) { if (ob_get_level()) { ob_flush(); } } unset($cash_page_request); unset($cash_body_request); }
/** * Gets API credentials for the effective or actual user * * @param {string} effective || actual * @return array */ public static function getAPICredentials($user_type = 'effective') { $data_request = new CASHRequest(null); $user_id = $data_request->sessionGet('cash_' . $user_type . '_user'); if ($user_id) { $data_request = new CASHRequest(array('cash_request_type' => 'system', 'cash_action' => 'getapicredentials', 'user_id' => $user_id)); return $data_request->response['payload']; } return false; }