$_SESSION[PP_CART_VAR]['prevpage'] = $view; $content .= $ppGCart->View(true); $page_title = $LANG_PP['view_order']; break; case 'detail': // deprecated, should be displayed via detail.php USES_paypal_class_product(); $P = new Product($id); $content .= $P->Detail(); $menu_opt = $LANG_PP['product_list']; $page_title = $LANG_PP['product_detail']; break; case 'cart': case 'viewcart': $menu_opt = $LANG_PP['viewcart']; if ($ppGCart->hasItems()) { $content .= $ppGCart->View(); } else { LGLIB_storeMessage($LANG_PP['cart_empty']); COM_refresh(PAYPAL_URL . '/index.php'); exit; } break; case 'checkoutcart': // Need to create an order or save the cart, so IPN class // can access the data. For now, use the cart. /*USES_paypal_class_order(); if (empty($_SESSION[PP_CART_VAR]['invoice'])) { $Ord = new ppOrder(); $Ord->CreateFromCart($ppGCart); } else {
/** * Processes the purchase, for purchases made without an IPN message. * * @param array $vals Submitted values, e.g. $_POST */ public function handlePurchase($vals = array()) { global $_TABLES, $_CONF, $_PP_CONF; USES_paypal_functions(); USES_paypal_class_cart(); USES_paypal_class_order(); USES_paypal_class_product(); if (!empty($vals['cart_id'])) { $cart = new ppCart($vals['cart_id']); if (!$cart->hasItems()) { return; } // shouldn't be empty $items = $cart->Cart(); } else { $cart = new ppCart(); } // Create an order record to get the order ID $Order = $this->CreateOrder($vals, $cart); $db_order_id = DB_escapeString($Order->order_id); $prod_types = 0; // For each item purchased, record purchase in purchase table foreach ($items as $id => $item) { //COM_errorLog("Processing item: $id"); list($item_number, $item_opts) = PAYPAL_explode_opts($id, true); // If the item number is numeric, assume it's an // inventory item. Otherwise, it should be a plugin-supplied // item with the item number like pi_name:item_number:options if (PAYPAL_is_plugin_item($item_number)) { PAYPAL_debug("handlePurchase for Plugin item " . $item_number); // Initialize item info array to be used later $A = array(); // Split the item number into component parts. It could // be just a single string, depending on the plugin's needs. $pi_info = explode(':', $item['item_number']); PAYPAL_debug('Paymentgw::handlePurchase() pi_info: ' . print_r($pi_info, true)); $status = LGLIB_invokeService($pi_info[0], 'productinfo', array($item_number, $item_opts), $product_info, $svc_msg); if ($status != PLG_RET_OK) { $product_info = array(); } if (!empty($product_info)) { $items[$id]['name'] = $product_info['name']; } PAYPAL_debug("Paymentgw::handlePurchase() Got name " . $items[$id]['name']); $vars = array('item' => $item, 'ipn_data' => array()); $status = LGLIB_invokeService($pi_info[0], 'handlePurchase', $vars, $A, $svc_msg); if ($status != PLG_RET_OK) { $A = array(); } // Mark what type of product this is $prod_types |= PP_PROD_VIRTUAL; } else { PAYPAL_debug("Paypal item " . $item_number); $P = new Product($item_number); $A = array('name' => $P->name, 'short_description' => $P->short_description, 'expiration' => $P->expiration, 'prod_type' => $P->prod_type, 'file' => $P->file, 'price' => $item['price']); if (!empty($item_opts)) { $opts = explode(',', $itemopts); $opt_str = $P->getOptionDesc($opts); if (!empty($opt_str)) { $A['short_description'] .= " ({$opt_str})"; } $item_number .= '|' . $item_opts; } // Mark what type of product this is $prod_types |= $P->prod_type; } // An invalid item number, or nothing returned for a plugin if (empty($A)) { //$this->Error("Item {$item['item_number']} not found"); continue; } // If it's a downloadable item, then get the full path to the file. // TODO: pp_data isn't available here, should be from $vals? if (!empty($A['file'])) { $this->items[$id]['file'] = $_PP_CONF['download_path'] . $A['file']; $token_base = $this->pp_data['txn_id'] . time() . rand(0, 99); $token = md5($token_base); $this->items[$id]['token'] = $token; } else { $token = ''; } $items[$id]['prod_type'] = $A['prod_type']; // If a custom name was supplied by the gateway's IPN processor, // then use that. Otherwise, plug in the name from inventory or // the plugin, for the notification email. if (empty($item['name'])) { $items[$id]['name'] = $A['short_description']; } // Add the purchase to the paypal purchase table $uid = isset($vals['uid']) ? (int) $vals['uid'] : $_USER['uid']; $sql = "INSERT INTO {$_TABLES['paypal.purchases']} SET \n order_id = '{$db_order_id}',\n product_id = '{$item_number}',\n description = '{$items[$id]['name']}',\n quantity = '{$item['quantity']}', \n user_id = '{$uid}', \n txn_type = '{$this->gw_id}',\n txn_id = '', \n purchase_date = '{$_PP_CONF['now']->toMySQL()}', \n status = 'complete',\n token = '{$token}',\n price = " . (double) $item['price'] . ",\n options = '" . DB_escapeString($item_opts) . "'"; // add an expiration date if appropriate if (is_numeric($A['expiration']) && $A['expiration'] > 0) { $sql .= ", expiration = DATE_ADD('{$_PP_CONF['now']->toMySQL()}', INTERVAL {$A['expiration']} DAY)"; } //echo $sql;die; PAYPAL_debug($sql); DB_query($sql); } // foreach item // If this was a user's cart, then clear that also if (isset($vals['cart_id']) && !empty($vals['cart_id'])) { DB_delete($_TABLES['paypal.cart'], 'cart_id', $vals['cart_id']); } }
/** * Create and populate an Order record for this purchase. * Gets the billto and shipto addresses from the cart, if any. * Items are saved in the purchases table by handlePurchase(). * * This function is called only by our own handlePurchase() function, * but is made "protected" so a derived class can use it if necessary. * * @return string Order ID, to link to the purchases table */ protected function CreateOrder() { global $_TABLES, $_PP_CONF; // See if an order already exists for this transaction. // If so, load it and update the status. If not, continue on // and create a new order $order_id = DB_getItem($_TABLES['paypal.orders'], 'order_id', "pmt_txn_id='" . DB_escapeString($this->pp_data['txn_id']) . "'"); if (!empty($order_id)) { $this->Order = new ppOrder($order_id); if ($this->Order->order_id != '') { $this->Order->log_user = $this->gw->Description(); $this->Order->UpdateStatus($this->pp_data['status']); } return 2; } $this->Order = new ppOrder(); USES_paypal_class_cart(); if (isset($this->pp_data['custom']['cart_id'])) { $cart = new ppCart($this->pp_data['custom']['cart_id']); if (!$_PP_CONF['sys_test_ipn'] && !$cart->hasItems()) { return 1; // shouldn't normally be empty except during testing } } else { $cart = NULL; } $uid = (int) $this->pp_data['custom']['uid']; $this->Order->uid = $uid; $this->Order->status = !empty($this->pp_data['status']) ? $this->pp_data['status'] : 'pending'; if ($uid > 1) { USES_paypal_class_userinfo(); $U = new ppUserInfo($uid); } // Get the billing and shipping addresses from the cart record, // if any. There may not be a cart in the database if it was // removed by a previous IPN, e.g. this is the 'completed' message // and we already processed a 'pending' message if ($cart) { $BillTo = $cart->getAddress('billto'); } if (empty($BillTo) && $uid > 1) { $BillTo = $U->getDefaultAddress('billto'); } if (is_array($BillTo)) { $this->Order->setBilling($BillTo); } $ShipTo = $this->pp_data['shipto']; if (empty($ShipTo)) { if ($cart) { $ShipTo = $cart->getAddress('shipto'); } if (empty($ShipTo) && $uid > 1) { $ShipTo = $U->getDefaultAddress('shipto'); } } if (is_array($ShipTo)) { $this->Order->setShipping($ShipTo); } if (isset($this->pp_data['shipto']['phone'])) { $this->Order->phone = $this->pp_data['shipto']['phone']; } $this->Order->pmt_method = $this->gw_id; $this->Order->pmt_txn_id = $this->pp_data['txn_id']; $this->Order->tax = $this->pp_data['pmt_tax']; $this->Order->shipping = $this->pp_data['pmt_shipping']; $this->Order->handling = $this->pp_data['pmt_handling']; $this->Order->buyer_email = $this->pp_data['payer_email']; $this->Order->log_user = $this->gw->Description(); $order_id = $this->Order->Save(); $db_order_id = DB_escapeString($order_id); $this->Order->items = array(); foreach ($this->items as $id => $item) { $options = DB_escapeString($item['options']); list($item_number, $options) = explode('|', $item['item_number']); //if (is_numeric($item['item_number'])) { if (is_numeric($item_number)) { // For Paypal catalog options, check for options and append // to the description. Update quantity on hand if tracking // is enabled. These actions don't apply to items from // other plugins. if (!empty($options)) { // options is expected as CSV $sql = "SELECT attr_value\n FROM {$_TABLES['paypal.prod_attr']}\n WHERE attr_id IN ({$options})"; $optres = DB_query($sql); $opt_str = ''; while ($O = DB_fetchArray($optres, false)) { $opt_str .= ', ' . $O['attr_value']; } $item['name'] .= $opt_str; } /*$sql = "UPDATE {$_TABLES['paypal.products']} SET onhand = GREATEST(0, onhand - " . (int)$item['quantity'] . ") WHERE id = '" . (int)$item['item_number'] . "' AND track_onhand > 0";*/ //COM_errorLog($sql); DB_query($sql, 1); } $sql = "INSERT INTO {$_TABLES['paypal.purchases']} SET \n order_id = '{$db_order_id}',\n product_id = '{$item['item_number']}',\n description = '" . DB_escapeString($item['name']) . "',\n quantity = '{$item['quantity']}', \n user_id = '{$this->pp_data['custom']['uid']}', \n txn_type = '{$this->pp_data['custom']['transtype']}',\n txn_id = '{$this->pp_data['txn_id']}', \n purchase_date = '{$this->sql_date}', \n status = 'pending',\n token = '" . md5(time()) . "',\n price = " . (double) $item['price'] . ",\n options = '{$options}'"; // add an expiration date if appropriate if (is_numeric($item['expiration']) && $item['expiration'] > 0) { $sql .= ", expiration = DATE_ADD('{$_PP_CONF['now']}', INTERVAL {$item['expiration']} DAY)"; } PAYPAL_debug($sql); DB_query($sql); } // foreach item // Reload the order to get the items $this->Order->Load(); // If this was a user's cart, then clear that also if (isset($this->pp_data['custom']['cart_id']) && !empty($this->pp_data['custom']['cart_id'])) { if (!$_PP_CONF['sys_test_ipn']) { DB_delete($_TABLES['paypal.cart'], 'cart_id', $this->pp_data['custom']['cart_id']); PAYPAL_debug('Cart ' . $this->pp_data['custom']['cart_id'] . ' deleted'); } } else { PAYPAL_debug('no cart to delete'); } return 0; }