<?php

require 'includes/application_top.php';
require DIR_WS_MODULES . 'payment/libwebtopay/WebToPay.php';
$query = tep_db_query("SELECT configuration_value FROM " . TABLE_CONFIGURATION . " WHERE `configuration_key` = 'MODULE_PAYMENT_PAYSERA_PROJECT_ID'");
$data = tep_db_fetch_array($query);
$projectID = $data['configuration_value'];
$query = tep_db_query("SELECT configuration_value FROM " . TABLE_CONFIGURATION . " WHERE `configuration_key` = 'MODULE_PAYMENT_PAYSERA_PROJECT_PASS'");
$data = tep_db_fetch_array($query);
$projectPass = $data['configuration_value'];
try {
    WebToPay::toggleSS2(true);
    $response = WebToPay::checkResponse($_REQUEST, array('projectid' => $projectID, 'sign_password' => $projectPass));
    if ($response['status'] == 1) {
        $orderID = $response['orderid'];
        $query = tep_db_query("SELECT `value` FROM " . TABLE_ORDERS_TOTAL . " WHERE orders_id = '" . $orderID . "'");
        $amount = tep_db_fetch_array($query);
        $query = tep_db_query("SELECT `currency` FROM " . TABLE_ORDERS . " WHERE orders_id = '" . $orderID . "'");
        $currency = tep_db_fetch_array($query);
        $Order = array('currency' => $currency['currency'], 'total' => $amount['value']);
        if ($response['amount'] < intval(number_format($Order['total'], 2, '', ''))) {
            exit('Bad amount!');
        }
        if ($Order['currency'] != $response['currency']) {
            exit('Bad currency!');
        }
        tep_db_query('UPDATE ' . TABLE_ORDERS . ' SET orders_status = 2 WHERE orders_id = ' . $orderID);
        tep_db_query('UPDATE ' . TABLE_ORDERS_STATUS_HISTORY . ' SET orders_status_id = 2 WHERE orders_status_history_id = ' . $orderID);
        exit('OK');
    }
} catch (Exception $e) {
 function validateOrder($orderID)
 {
     if (ltrim($_GET[WebToPay::PREFIX . 'orderid'], "0") != $orderID) {
         exit('Order ID mismatch!');
     }
     global $application;
     $msg =& $application->getInstance('MessageResources', "payment-module-wtp-messages", "AdminZone");
     $moduleData = $this->getSettings();
     $query = new DB_Select();
     $query->addSelectTable('order_prices');
     $query->addSelectField('*');
     $query->WhereValue('order_id', DB_EQ, $orderID);
     $Order = $application->db->getDB_Result($query);
     try {
         WebToPay::toggleSS2(true);
         $response = WebToPay::checkResponse($_GET, array('projectid' => $moduleData['MODULE_METHOD_ID'], 'sign_password' => $moduleData['MODULE_METHOD_PASS']));
     } catch (Exception $e) {
         exit(get_class($e) . ': ' . $e->getMessage());
     }
     if (intval(number_format($Order[0]['order_total'], 2, '', '')) > $_GET[WebToPay::PREFIX . 'amount']) {
         exit('Bad amount!');
     } else {
         if ($Order[0]['currency_code'] != $_GET[WebToPay::PREFIX . 'currency']) {
             exit('Bad currency!');
         } else {
             modApiFunc("Checkout", "UpdatePaymentStatusInDB", $orderID, 2, 'Payment accepted.');
             exit('OK');
         }
     }
 }