예제 #1
0
파일: AdminHelper.php 프로젝트: nodots/DIY
 /**
  * Performs a sessionGet() CASH Request for the specified variable
  *
  */
 public static function getPersistentData($var)
 {
     $helper_cash_request = new CASHRequest(null);
     $result = $helper_cash_request->sessionGet($var);
     unset($helper_cash_request);
     return $result;
 }
예제 #2
0
 function testWhatever()
 {
     $request = new CASHRequest();
     // test script-scope sesstion values:
     $value = $request->sessionGet('foobar', 'script');
     $this->assertFalse($value);
     $request->sessionSet('foobar', 'baz', 'script');
     $value = $request->sessionGet('foobar', 'script');
     $this->assertEqual($value, 'baz');
     $request->sessionClear('foobar', 'script');
     $value = $request->sessionGet('foobar', 'script');
     $this->assertFalse($value);
     $request->sessionSet('foobar', 'baz', 'script');
     $request->sessionClearAll();
     $value = $request->sessionGet('foobar', 'script');
     $this->assertFalse($value);
     // test persistent-scope sesstion values:
     $value = $request->sessionGet('foobar');
     $this->assertFalse($value);
     $request->sessionSet('foobar', 'baz');
     $value = $request->sessionGet('foobar');
     $this->assertFalse($value);
     // fail without startSession()
     $session = CASHSystem::startSession();
     $this->assertTrue($session);
     echo 'Session started: ' . json_encode($session) . "\n";
     $request->sessionSet('foobar', 'baz');
     $value = $request->sessionGet('foobar');
     $this->assertEqual($value, 'baz');
     $request->sessionClear('foobar');
     $value = $request->sessionGet('foobar');
     $this->assertFalse($value);
     $request->sessionSet('foobar', 'baz');
     $request->sessionClearAll();
     $value = $request->sessionGet('foobar');
     $this->assertFalse($value);
 }
예제 #3
0
 public static function getWebAuthClient($redirect_uri)
 {
     $connections = CASHSystem::getSystemSettings('system_connections');
     if (isset($connections['com.dropbox'])) {
         $app_info = new dbx\AppInfo($connections['com.dropbox']['app_key'], $connections['com.dropbox']['app_secret']);
         $cash_page_request = new CASHRequest(null);
         $csrf_token = $cash_page_request->sessionGet('dropbox_csrf_token');
         if (!$csrf_token) {
             $user_id = AdminHelper::getPersistentData('cash_effective_user');
             $csrf_token = sha1('com.dropbox:user-{$user_id}');
         }
         $client_identifier = "CASH Music/1.0";
         $csrf_array = array('dropbox-auth-csrf-token' => $csrf_token);
         $csrf_token_store = new dbx\ArrayEntryStore($csrf_array, 'dropbox-auth-csrf-token');
         return new dbx\WebAuth($app_info, $client_identifier, $redirect_uri, $csrf_token_store);
     } else {
         return false;
     }
 }
예제 #4
0
파일: controller.php 프로젝트: nodots/DIY
    $login_details = AdminHelper::doLogin($_POST['address'], $_POST['password']);
    if ($login_details !== false) {
        $admin_primary_cash_request->sessionSet('cash_actual_user', $login_details);
        $admin_primary_cash_request->sessionSet('cash_effective_user', $login_details);
        $admin_primary_cash_request->sessionSet('cash_effective_user_email', $_POST['address']);
        if ($include_filename == 'logout.php') {
            header('Location: ' . ADMIN_WWW_BASE_PATH);
            exit;
        }
    } else {
        $admin_primary_cash_request->sessionClearAll();
        $login_message = "Try Again";
    }
}
// make a few objects to use throughout the pages
$cash_admin = new AdminCore($admin_primary_cash_request->sessionGet('cash_effective_user'));
if (isset($_GET['hidebanner'])) {
    $current_settings = $cash_admin->getUserSettings();
    if (isset($current_settings['banners'][BASE_PAGENAME])) {
        $current_settings['banners'][BASE_PAGENAME] = false;
        $cash_admin->setUserSettings($current_settings);
    }
}
// finally, output the template and page-specific markup (checking for current login)
if ($admin_primary_cash_request->sessionGet('cash_actual_user')) {
    include $pages_path . 'definitions/' . $include_filename;
    include ADMIN_BASE_PATH . '/ui/default/top.php';
    include $pages_path . 'markup/' . $include_filename;
    include ADMIN_BASE_PATH . '/ui/default/bottom.php';
} else {
    include ADMIN_BASE_PATH . '/ui/default/login.php';
예제 #5
0
 
 	Love,
 
 	Jesse in the past
 	AKA "Smart Jesse"
 
 	PS: you're dumb.
 */
 if (isset($_GET['cash_action']) && isset($_GET['element_id'])) {
     $requests = array('embed', $_GET['element_id']);
 }
 if ($requests) {
     require_once dirname(__FILE__) . '/constants.php';
     require_once CASH_PLATFORM_PATH;
     $cash_page_request = new CASHRequest(null);
     $initial_page_request = $cash_page_request->sessionGet('initial_page_request', 'script');
     if ($requests[0] != 'payload' || $requests[0] != 'json') {
         // open up some mustache in here:
         include_once dirname(CASH_PLATFORM_PATH) . '/lib/mustache/Mustache.php';
         $freddiemercury = new Mustache();
     }
     // pass basic no-cache headers
     header('P3P: CP="ALL CUR OUR"');
     // P3P privacy policy fix
     header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
     header("Cache-Control: post-check=0, pre-check=0", false);
     header("Pragma: no-cache");
     header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
     header("Access-Control-Allow-Origin: *");
     header('Access-Control-Allow-Credentials: true');
     header('Access-Control-Allow-Headers: X-Requested-With, Content-Type');
예제 #6
0
 protected function finalizeRedirectedPayment($order_id, $creation_date, $direct_post_details = false, $session_id = false)
 {
     $order_details = $this->getOrder($order_id);
     $transaction_details = $this->getTransaction($order_details['transaction_id']);
     $connection_type = $this->getConnectionType($transaction_details['connection_id']);
     $r = new CASHRequest();
     $r->startSession(false, $session_id);
     $finalize_url = $r->sessionGet('payment_finalize_url');
     if ($finalize_url) {
         $r->sessionClear('payment_finalize_url');
     }
     switch ($connection_type) {
         case 'com.paypal':
             if (isset($_GET['token'])) {
                 if (isset($_GET['PayerID'])) {
                     $pp = new PaypalSeed($order_details['user_id'], $transaction_details['connection_id'], $_GET['token']);
                     $initial_details = $pp->getExpressCheckout();
                     if ($initial_details['ACK'] == 'Success') {
                         $order_totals = $this->getOrderTotals($order_details['order_contents']);
                         if ($initial_details['AMT'] >= $order_totals['price']) {
                             $final_details = $pp->doExpressCheckout();
                             if ($final_details) {
                                 // look for a user to match the email. if not present, make one
                                 $user_request = new CASHRequest(array('cash_request_type' => 'people', 'cash_action' => 'getuseridforaddress', 'address' => $initial_details['EMAIL']));
                                 $user_id = $user_request->response['payload'];
                                 if (!$user_id) {
                                     $user_request = new CASHRequest(array('cash_request_type' => 'system', 'cash_action' => 'addlogin', 'address' => $initial_details['EMAIL'], 'password' => time(), 'is_admin' => 0, 'display_name' => $initial_details['FIRSTNAME'] . ' ' . $initial_details['LASTNAME'], 'first_name' => $initial_details['FIRSTNAME'], 'last_name' => $initial_details['LASTNAME'], 'address_country' => $initial_details['COUNTRYCODE']));
                                     $user_id = $user_request->response['payload'];
                                 }
                                 // deal with physical quantities
                                 if ($order_details['physical'] == 1) {
                                     $order_items = json_decode($order_details['order_contents'], true);
                                     if (is_array($order_items)) {
                                         foreach ($order_items as $i) {
                                             if ($i['available_units'] > 0 && $i['physical_fulfillment'] == 1) {
                                                 $item = $this->getItem($i['id']);
                                                 if ($i['variant']) {
                                                     $variant_id = 0;
                                                     $variant_qty = 0;
                                                     if ($item['variants']) {
                                                         foreach ($item['variants']['quantities'] as $q) {
                                                             if ($q['key'] == $i['variant']) {
                                                                 $variant_id = $q['id'];
                                                                 $variant_qty = $q['value'];
                                                                 break;
                                                             }
                                                         }
                                                         if ($variant_id) {
                                                             $this->editItemVariant($variant_id, max($variant_qty - $i['qty'], 0), $i['id']);
                                                         }
                                                     }
                                                 } else {
                                                     $available_units = $this->editItem($i['id'], false, false, false, false, false, max($item['available_units'] - $i['qty'], 0));
                                                 }
                                             }
                                         }
                                     }
                                 }
                                 // record all the details
                                 if ($order_details['digital'] == 1 && $order_details['physical'] == 0) {
                                     // if the order is 100% digital just mark it as fulfilled
                                     $is_fulfilled = 1;
                                 } else {
                                     // there's something physical. sorry dude. gotta deal with it still.
                                     $is_fulfilled = 0;
                                 }
                                 $this->editOrder($order_id, $is_fulfilled, 0, false, $initial_details['COUNTRYCODE'], $user_id);
                                 $this->editTransaction($order_details['transaction_id'], strtotime($final_details['TIMESTAMP']), $final_details['CORRELATIONID'], json_encode($initial_details), json_encode($final_details), 1, $final_details['PAYMENTINFO_0_AMT'], $final_details['PAYMENTINFO_0_FEEAMT'], 'complete');
                                 // empty the cart at this point
                                 $this->emptyCart($session_id);
                                 // TODO: add code to order metadata so we can track opens, etc
                                 $order_details['customer_details']['email_address'] = $initial_details['EMAIL'];
                                 $order_details['gross_price'] = $final_details['PAYMENTINFO_0_AMT'];
                                 $this->sendOrderReceipt(false, $order_details, $finalize_url);
                                 return $order_details['id'];
                             } else {
                                 // make sure this isn't an accidentally refreshed page
                                 if ($initial_details['CHECKOUTSTATUS'] != 'PaymentActionCompleted') {
                                     $initial_details['ERROR_MESSAGE'] = $pp->getErrorMessage();
                                     // there was an error processing the transaction
                                     $this->editOrder($order_id, 0, 1);
                                     $this->editTransaction($order_details['transaction_id'], strtotime($initial_details['TIMESTAMP']), $initial_details['CORRELATIONID'], false, json_encode($initial_details), 0, false, false, 'error processing payment');
                                     return false;
                                 } else {
                                     // this is a successful transaction with the user hitting refresh
                                     // as long as it's within 30 minutes of the original return true, otherwise
                                     // call it false and allow the page to expire
                                     if (time() - strtotime($initial_details['TIMESTAMP']) < 180) {
                                         return true;
                                     } else {
                                         return false;
                                     }
                                 }
                             }
                         } else {
                             // insufficient funds — user changed amount?
                             $this->editOrder($order_id, 0, 1);
                             $this->editTransaction($order_details['transaction_id'], strtotime($initial_details['TIMESTAMP']), $initial_details['CORRELATIONID'], false, json_encode($initial_details), 0, false, false, 'incorrect amount');
                             return false;
                         }
                     } else {
                         // order reporting failure
                         $this->editOrder($order_id, 0, 1);
                         $this->editTransaction($order_details['transaction_id'], strtotime($initial_details['TIMESTAMP']), $initial_details['CORRELATIONID'], false, json_encode($initial_details), 0, false, false, 'payment failed');
                         return false;
                     }
                 } else {
                     // user canceled transaction
                     $this->editOrder($order_id, 0, 1);
                     $this->editTransaction($order_details['transaction_id'], time(), false, false, false, 0, false, false, 'canceled');
                     return false;
                 }
             }
             break;
         default:
             return false;
     }
 }
예제 #7
0
                $include_filename = BASE_PAGENAME . '.php';
                // turn the rest of the request into the parameters array
                $request_parameters = array_slice($exploded_request, 0 - (sizeof($exploded_request) - $fails_at_level));
            }
        } else {
            define('BASE_PAGENAME', '');
            $include_filename = 'error.php';
        }
    }
} else {
    define('BASE_PAGENAME', 'mainpage');
    $include_filename = 'mainpage.php';
}
$run_login_scripts = false;
// make an object to use throughout the pages
$cash_admin = new AdminCore($admin_primary_cash_request->sessionGet('cash_effective_user'));
$cash_admin->page_data['www_path'] = ADMIN_WWW_BASE_PATH;
// if a login needs doing, do it
$cash_admin->page_data['login_message'] = 'Log In';
if (isset($_POST['login'])) {
    $browseridassertion = false;
    if (isset($_POST['browseridassertion'])) {
        if ($_POST['browseridassertion'] != -1) {
            $browseridassertion = $_POST['browseridassertion'];
        }
    }
    $login_details = AdminHelper::doLogin($_POST['address'], $_POST['password'], true, $browseridassertion);
    if ($login_details !== false) {
        $admin_primary_cash_request->sessionSet('cash_actual_user', $login_details);
        $admin_primary_cash_request->sessionSet('cash_effective_user', $login_details);
        if ($browseridassertion) {
예제 #8
0
 protected function finalizeRedirectedPayment($order_id, $creation_date, $direct_post_details = false, $session_id = false)
 {
     $order_details = $this->getOrder($order_id);
     $transaction_details = $this->getTransaction($order_details['transaction_id']);
     $connection_type = $this->getConnectionType($transaction_details['connection_id']);
     $r = new CASHRequest();
     $r->startSession(false, $session_id);
     $finalize_url = $r->sessionGet('payment_finalize_url');
     if ($finalize_url) {
         $r->sessionClear('payment_finalize_url');
     }
     switch ($connection_type) {
         case 'com.paypal':
             if (isset($_GET['token'])) {
                 if (isset($_GET['PayerID'])) {
                     $pp = new PaypalSeed($order_details['user_id'], $transaction_details['connection_id'], $_GET['token']);
                     $initial_details = $pp->getExpressCheckout();
                     if ($initial_details['ACK'] == 'Success') {
                         $order_totals = $this->getOrderTotals($order_details['order_contents']);
                         if ($initial_details['AMT'] >= $order_totals['price']) {
                             $final_details = $pp->doExpressCheckout();
                             if ($final_details) {
                                 // look for a user to match the email. if not present, make one
                                 $user_request = new CASHRequest(array('cash_request_type' => 'people', 'cash_action' => 'getuseridforaddress', 'address' => $initial_details['EMAIL']));
                                 $user_id = $user_request->response['payload'];
                                 if (!$user_id) {
                                     $user_request = new CASHRequest(array('cash_request_type' => 'system', 'cash_action' => 'addlogin', 'address' => $initial_details['EMAIL'], 'password' => time(), 'is_admin' => 0, 'display_name' => $initial_details['FIRSTNAME'] . ' ' . $initial_details['LASTNAME'], 'first_name' => $initial_details['FIRSTNAME'], 'last_name' => $initial_details['LASTNAME'], 'address_country' => $initial_details['COUNTRYCODE']));
                                     $user_id = $user_request->response['payload'];
                                 }
                                 // deal with physical quantities
                                 if ($order_details['physical'] == 1) {
                                     $order_items = json_decode($order_details['order_contents'], true);
                                     if (is_array($order_items)) {
                                         foreach ($order_items as $i) {
                                             if ($i['available_units'] > 0 && $i['physical_fulfillment'] == 1) {
                                                 $item = $this->getItem($i['id']);
                                                 if ($i['variant']) {
                                                     $variant_id = 0;
                                                     $variant_qty = 0;
                                                     if ($item['variants']) {
                                                         foreach ($item['variants']['quantities'] as $q) {
                                                             if ($q['key'] == $i['variant']) {
                                                                 $variant_id = $q['id'];
                                                                 $variant_qty = $q['value'];
                                                                 break;
                                                             }
                                                         }
                                                         if ($variant_id) {
                                                             $this->editItemVariant($variant_id, max($variant_qty - $i['qty'], 0), $i['id']);
                                                         }
                                                     }
                                                 } else {
                                                     $available_units = $this->editItem($i['id'], false, false, false, false, false, max($item['available_units'] - $i['qty'], 0));
                                                 }
                                             }
                                         }
                                     }
                                 }
                                 // record all the details
                                 if ($order_details['digital'] == 1 && $order_details['physical'] == 0) {
                                     // if the order is 100% digital just mark it as fulfilled
                                     $is_fulfilled = 1;
                                 } else {
                                     // there's something physical. sorry dude. gotta deal with it still.
                                     $is_fulfilled = 0;
                                 }
                                 $this->editOrder($order_id, $is_fulfilled, 0, false, $initial_details['COUNTRYCODE'], $user_id);
                                 $this->editTransaction($order_details['transaction_id'], strtotime($final_details['TIMESTAMP']), $final_details['CORRELATIONID'], json_encode($initial_details), json_encode($final_details), 1, $final_details['PAYMENTINFO_0_AMT'], $final_details['PAYMENTINFO_0_FEEAMT'], 'complete');
                                 // empty the cart at this point
                                 $this->emptyCart($session_id);
                                 // TODO: add code to order metadata
                                 // bit of a hack, hard-wiring the email bits:
                                 try {
                                     $personalized_message = '';
                                     if ($order_details['element_id']) {
                                         $element_request = new CASHRequest(array('cash_request_type' => 'element', 'cash_action' => 'getelement', 'id' => $order_details['element_id']));
                                         if ($element_request->response['payload']) {
                                             if (isset($element_request->response['payload']['options']['message_email'])) {
                                                 if ($element_request->response['payload']['options']['message_email']) {
                                                     $personalized_message = $element_request->response['payload']['options']['message_email'] . "\n\n";
                                                 }
                                             }
                                         }
                                     }
                                     if ($order_details['digital']) {
                                         $addcode_request = new CASHRequest(array('cash_request_type' => 'element', 'cash_action' => 'addlockcode', 'element_id' => $order_details['element_id']));
                                         if (!$finalize_url) {
                                             $finalize_url = CASHSystem::getCurrentURL();
                                         }
                                         CASHSystem::sendEmail('Thank you for your order', $order_details['user_id'], $initial_details['EMAIL'], $personalized_message . "Your order is complete. Here are some details:\n\n**Order #" . $order_details['id'] . "**  \n" . $initial_details['PAYMENTREQUEST_0_DESC'] . "  \n Total: " . CASHSystem::getCurrencySymbol($order_details['currency']) . number_format($final_details['PAYMENTINFO_0_AMT'], 2) . "\n\n" . "\n\n" . '[View your receipt and any downloads](' . $finalize_url . '?cash_request_type=element&cash_action=redeemcode&code=' . $addcode_request->response['payload'] . '&element_id=' . $order_details['element_id'] . '&email=' . urlencode($initial_details['EMAIL']) . '&order_id=' . $order_details['id'] . ')', 'Thank you.');
                                     } else {
                                         CASHSystem::sendEmail('Thank you for your order', $order_details['user_id'], $initial_details['EMAIL'], $personalized_message . "Your order is complete. Here are some details:\n\n**Order #" . $order_details['id'] . "**  \n" . $initial_details['PAYMENTREQUEST_0_DESC'] . "  \n Total: " . CASHSystem::getCurrencySymbol($order_details['currency']) . number_format($final_details['PAYMENTINFO_0_AMT'], 2) . "\n\n", 'Thank you.');
                                     }
                                 } catch (Exception $e) {
                                     // TODO: handle the case where an email can't be sent. maybe display the download
                                     //       code on-screen? that plus storing it with the order is probably enough
                                 }
                                 return $order_details['id'];
                             } else {
                                 // make sure this isn't an accidentally refreshed page
                                 if ($initial_details['CHECKOUTSTATUS'] != 'PaymentActionCompleted') {
                                     $initial_details['ERROR_MESSAGE'] = $pp->getErrorMessage();
                                     // there was an error processing the transaction
                                     $this->editOrder($order_id, 0, 1);
                                     $this->editTransaction($order_details['transaction_id'], strtotime($initial_details['TIMESTAMP']), $initial_details['CORRELATIONID'], false, json_encode($initial_details), 0, false, false, 'error processing payment');
                                     return false;
                                 } else {
                                     // this is a successful transaction with the user hitting refresh
                                     // as long as it's within 30 minutes of the original return true, otherwise
                                     // call it false and allow the page to expire
                                     if (time() - strtotime($initial_details['TIMESTAMP']) < 180) {
                                         return true;
                                     } else {
                                         return false;
                                     }
                                 }
                             }
                         } else {
                             // insufficient funds — user changed amount?
                             $this->editOrder($order_id, 0, 1);
                             $this->editTransaction($order_details['transaction_id'], strtotime($initial_details['TIMESTAMP']), $initial_details['CORRELATIONID'], false, json_encode($initial_details), 0, false, false, 'incorrect amount');
                             return false;
                         }
                     } else {
                         // order reporting failure
                         $this->editOrder($order_id, 0, 1);
                         $this->editTransaction($order_details['transaction_id'], strtotime($initial_details['TIMESTAMP']), $initial_details['CORRELATIONID'], false, json_encode($initial_details), 0, false, false, 'payment failed');
                         return false;
                     }
                 } else {
                     // user canceled transaction
                     $this->editOrder($order_id, 0, 1);
                     $this->editTransaction($order_details['transaction_id'], time(), false, false, false, 0, false, false, 'canceled');
                     return false;
                 }
             }
             break;
         default:
             return false;
     }
 }
예제 #9
0
파일: CASHSystem.php 프로젝트: nodots/DIY
 /**
  * The main public method to embed elements. Notice that it echoes rather
  * than returns, because it's meant to be used simply by calling and spitting
  * out the needed code...
  *
  * @return none
  */
 public static function embedElement($element_id)
 {
     // fire up the platform sans-direct-request to catch any GET/POST info sent
     // in to the page
     $cash_page_request = new CASHRequest(null);
     $initial_page_request = $cash_page_request->sessionGet('initial_page_request', 'script');
     if ($initial_page_request && isset($initial_page_request['request']['element_id'])) {
         // now test that the initial POST/GET was targeted for this element:
         if ($initial_page_request['request']['element_id'] == $element_id) {
             $status_uid = $initial_page_request['status_uid'];
             $original_request = $initial_page_request['request'];
             $original_response = $initial_page_request['response'];
         } else {
             $status_uid = false;
             $original_request = false;
             $original_response = false;
         }
     } else {
         $status_uid = false;
         $original_request = false;
         $original_response = false;
     }
     $cash_body_request = new CASHRequest(array('cash_request_type' => 'element', 'cash_action' => 'getmarkup', 'id' => $element_id, 'status_uid' => $status_uid, 'original_request' => $original_request, 'original_response' => $original_response));
     if ($cash_body_request->response['status_uid'] == 'element_getmarkup_400') {
         echo '<div class="cash_system_error">Element #' . $element_id . ' could not be found.</div>';
     }
     if (is_string($cash_body_request->response['payload'])) {
         echo $cash_body_request->response['payload'];
     }
     if ($cash_body_request->sessionGet('initialized_element_' . $element_id, 'script')) {
         if (ob_get_level()) {
             ob_flush();
         }
     }
     unset($cash_page_request);
     unset($cash_body_request);
 }
예제 #10
0
 /**
  * Gets API credentials for the effective or actual user
  *
  * @param {string} effective || actual
  * @return array
  */
 public static function getAPICredentials($user_type = 'effective')
 {
     $data_request = new CASHRequest(null);
     $user_id = $data_request->sessionGet('cash_' . $user_type . '_user');
     if ($user_id) {
         $data_request = new CASHRequest(array('cash_request_type' => 'system', 'cash_action' => 'getapicredentials', 'user_id' => $user_id));
         return $data_request->response['payload'];
     }
     return false;
 }