unset($_SESSION['promotion_notices']);
$cart['pending_coupon'] = strtolower(trim($_REQUEST['coupon_code']));
$cart['recalculate'] = true;
if (!empty($cart['chosen_shipping'])) {
$cart['calculate_shipping'] = true;
}
return array(CONTROLLER_STATUS_OK);
}
if ($mode == 'add_profile') {
if (fn_image_verification('register', $_REQUEST) == false) {
fn_save_post_data('user_data');
return array(CONTROLLER_STATUS_REDIRECT, 'checkout.checkout?login_type=register');
}
if (list($user_id, $profile_id) = fn_update_user(0, $_REQUEST['user_data'], $auth, false, true)) {
$profile_fields = fn_get_profile_fields('O');
db_query("DELETE FROM ?:user_session_products WHERE session_id = ?s AND type = ?s AND user_type = ?s", Session::getId(), 'C', 'U');
fn_save_cart_content($cart, $user_id);
fn_login_user($user_id);
$step = 'step_two';
if (empty($profile_fields['B']) && empty($profile_fields['S'])) {
$step = 'step_three';
}
$suffix = '?edit_step=' . $step;
} else {
fn_save_post_data('user_data');
$suffix = '?login_type=register';
}
return array(CONTROLLER_STATUS_OK, 'checkout.checkout' . $suffix);
}
if ($mode == 'customer_info') {
$redirect_params = array();
/**
* Make cmpi_lookup request to 3-D Secure sevice provider
*
* @param array $processor_data Payment processor data
* @param array $order_info Order information
* @return boolean true
*/
function fn_cmpi_lookup($processor_data, $order_info, $mode = '')
{
unset($_SESSION['cmpi']);
$amount = preg_replace('/\\D/', '', $order_info['total']);
// array with ISO codes of currencies. //TODO: move to database.
$iso4217 = array('USD' => 840, 'GBP' => 826, 'EUR' => 978, 'AUD' => 036, 'CAD' => 124, 'JPY' => 392);
$settings = array('processor_id', 'merchant_id', 'transaction_password', 'transaction_url');
foreach ($settings as $setting) {
$_SESSION['cmpi'][$setting] = $processor_data['processor_params'][$setting];
}
$cardinal_request = <<<EOT
<CardinalMPI>
<MsgType>cmpi_lookup</MsgType>
<Version>1.7</Version>
<ProcessorId>{$_SESSION['cmpi']['processor_id']}</ProcessorId>
<MerchantId>{$_SESSION['cmpi']['merchant_id']}</MerchantId>
<TransactionPwd>{$_SESSION['cmpi']['transaction_password']}</TransactionPwd>
<TransactionType>C</TransactionType>
<Amount>{$amount}</Amount>
<CurrencyCode>{$iso4217[$processor_data['processor_params']['currency']]}</CurrencyCode>
<CardNumber>{$order_info['payment_info']['card_number']}</CardNumber>
<CardExpMonth>{$order_info['payment_info']['expiry_month']}</CardExpMonth>
<CardExpYear>20{$order_info['payment_info']['expiry_year']}</CardExpYear>
<OrderNumber>{$order_info['order_id']}</OrderNumber>
<OrderDesc>Order #{$order_info['order_id']}; customer: {$order_info['b_firstname']} {$order_info['b_lastname']};</OrderDesc>
<BrowserHeader>*/*</BrowserHeader>
<EMail>{$order_info['email']}</EMail>
<IPAddress>{$_SERVER['REMOTE_ADDR']}</IPAddress>
<BillingFirstName>{$order_info['b_firstname']}</BillingFirstName>
<BillingLastName>{$order_info['b_lastname']}</BillingLastName>
<BillingAddress1>{$order_info['b_address']}</BillingAddress1>
<BillingAddress2>{$order_info['b_address_2']}</BillingAddress2>
<BillingCity>{$order_info['b_city']}</BillingCity>
<BillingState>{$order_info['b_state']}</BillingState>
<BillingPostalCode>{$order_info['b_zipcode']}</BillingPostalCode>
<BillingCountryCode>{$order_info['b_country']}</BillingCountryCode>
<ShippingFirstName>{$order_info['s_firstname']}</ShippingFirstName>
<ShippingLastName>{$order_info['s_lastname']}</ShippingLastName>
<ShippingAddress1>{$order_info['s_address']}</ShippingAddress1>
<ShippingAddress2>{$order_info['s_address_2']}</ShippingAddress2>
<ShippingCity>{$order_info['s_city']}</ShippingCity>
<ShippingState>{$order_info['s_state']}</ShippingState>
<ShippingPostalCode>{$order_info['s_zipcode']}</ShippingPostalCode>
<ShippingCountryCode>{$order_info['s_country']}</ShippingCountryCode>
</CardinalMPI>
EOT;
Registry::set('log_cut_data', array('CardNumber', 'CardExpMonth', 'CardExpYear'));
$response_data = Http::post($_SESSION['cmpi']['transaction_url'], array('cmpi_msg' => $cardinal_request));
$cmpi = @simplexml_load_string($response_data);
$err_no = 0;
$_SESSION['cmpi']['enrolled'] = 'U';
$acs_url = '';
if (empty($response_data) || $cmpi === false) {
$_SESSION['cmpi']['eci_flag'] = fn_get_payment_card($order_info['payment_info']['card_number'], array('mastercard' => 1, 'visa' => 7, 'jcb' => 7));
$err_desc = 'Connection problem';
} else {
$err_no = intval((string) $cmpi->ErrorNo);
$err_desc = (string) $cmpi->ErrorDesc;
$acs_url = (string) $cmpi->ACSUrl;
$_SESSION['cmpi']['enrolled'] = (string) $cmpi->Enrolled;
$_SESSION['cmpi']['transaction_id'] = (string) $cmpi->TransactionId;
$_SESSION['cmpi']['eci_flag'] = (string) $cmpi->EciFlag;
}
if ($err_no == 0 && $_SESSION['cmpi']['enrolled'] == 'Y' && !empty($acs_url)) {
$sess = Session::getName() . '=' . Session::getId();
$payment_name = str_replace('.php', '', $processor_data['processor_script']);
$_SESSION['cmpi']['acs_url'] = $acs_url;
$_SESSION['cmpi']['order_id'] = $order_info['order_id'];
$_SESSION['cmpi']['frame_data'] = array('PaReq' => (string) $cmpi->Payload, 'TermUrl' => fn_url("payment_notification.bank?payment={$payment_name}&{$sess}", AREA, 'current'), 'MD' => '');
$frame_src = fn_url("payment_notification.frame?payment={$payment_name}&{$sess}", AREA, 'current');
$msg = __('text_cmpi_frame_message');
$back_link_msg = __('text_cmpi_go_back');
$dispatch = $mode == 'repay' ? 'orders.details?order_id=' . $order_info['order_id'] . '&' : 'checkout.checkout?';
$back_link = fn_url($dispatch . $sess, AREA, 'current');
echo <<<EOT
<table width="100%" cellspacing="0" cellpadding="0">
<tr>
<td valign="top" align="center">
<div style="width:500px;">
{$msg}
<br /><br />
</div>
</td>
</tr>
<tr>
<td valign="top" align="center">
<iframe width="420" height="420" marginwidth="0" marginheight="0" src="{$frame_src}"></iframe><br />
<br />
<div>
<a href="{$back_link}>{$back_link_msg}</a>
</div>
</td>
</tr>
</table>
EOT;
exit;
} else {
$_SESSION['cmpi']['err_no'][0] = $err_no;
$_SESSION['cmpi']['err_desc'][0] = $err_desc;
define('DO_DIRECT_PAYMENT', true);
}
return true;
}
} elseif ($mode == 'finish') {
$order_info = fn_get_order_info($order_id);
if ($order_info['status'] == 'O') {
$pp_response = array();
$pp_response['order_status'] = 'F';
$pp_response['reason_text'] = __('merchant_response_was_not_received');
$pp_response['transaction_id'] = '';
fn_finish_payment($order_id, $pp_response);
}
fn_order_placement_routines('route', $order_id, false);
}
}
} else {
$current_location = Registry::get('config.current_location');
$lang_code = CART_LANGUAGE == 'th' ? 'TH' : 'EN';
$sess = '&' . Session::getName() . '=' . Session::getId();
$_SESSION['thaiepay_refno'] = $order_id;
$return_url = fn_url("payment_notification.finish?payment=thaiepay&refno={$order_id}{$sess}", AREA, 'current');
echo <<<EOT
<form method="post" action="https://www.thaiepay.com/epaylink/payment.aspx" name="process">
<input type="hidden" name="refno" value="{$order_id}">
<input type="hidden" name="merchantid" value="{$processor_data['processor_params']['merchantid']}">
<input type="hidden" name="customeremail" value="{$order_info['email']}">
<input type="hidden" name="productdetail" value="{$processor_data['processor_params']['details']}">
<input type="hidden" name="total" value="{$order_info['total']}">
<input type="hidden" name="cc" value="{$processor_data['processor_params']['currency']}">
<input type="hidden" name="lang" value="{$lang_code}">
<input type="hidden" name="returnurl" value="{$return_url}">
EOT;
$msg = __('text_cc_processor_connection', array('[processor]' => 'thaiepay.com server'));
echo <<<EOT
} elseif ($_REQUEST['amount'] != $adjusted_order_total) {
$pp_response['reason_text'] .= __('mb_amounts_not_match');
}
if ($_REQUEST['currency'] != $processor_data['processor_params']['currency']) {
$pp_response['reason_text'] .= __('mb_currencies_not_match');
}
}
if (fn_check_payment_script('skrill_qc.php', $_REQUEST['order_id'])) {
fn_finish_payment($_REQUEST['order_id'], $pp_response);
}
exit;
}
} else {
$url = 'https://www.moneybookers.com/app/payment.pl';
$suffix = AREA != 'A' && empty($order_info['repaid']) && defined('IFRAME_MODE') ? '&iframe_mode=true' : '';
$post_data = array('pay_to_email' => $processor_data['processor_params']['pay_to_email'], 'recipient_description' => $processor_data['processor_params']['recipient_description'], 'transaction_id' => $processor_data['processor_params']['order_prefix'] . (!empty($order_info['repaid']) ? $order_id . '_' . $order_info['repaid'] : $order_id), 'return_url' => fn_url("payment_notification.return?payment=skrill_qc&order_id={$order_id}{$suffix}", AREA, 'current'), 'return_url_text' => '', 'cancel_url' => fn_url("payment_notification.cancel?payment=skrill_qc&order_id={$order_id}{$suffix}", AREA, 'current'), 'status_url' => fn_url("payment_notification.status?payment=skrill_qc&order_id={$order_id}{$suffix}", AREA, 'current'), 'language' => $processor_data['processor_params']['language'], 'amount' => $order_info['total'], 'currency' => $processor_data['processor_params']['currency'], 'return_url_target' => '_parent', 'cancel_url_target' => '_parent', 'merchant_fields' => 'platform,mb_sess_id,inner_order_id', 'mb_sess_id' => base64_encode(Session::getId()), 'inner_order_id' => $order_id, 'platform' => '21477207');
$post_data['amount'] = fn_mb_adjust_amount($post_data['amount'], $post_data['currency']);
if (!$post_data['amount']) {
if (!empty($suffix)) {
echo __('text_unsupported_currency');
} else {
fn_set_notification('E', __('error'), __('text_unsupported_currency'));
$url = fn_url("payment_notification.unsupported_currency?payment=skrill_qc&order_id={$order_id}", AREA, 'current');
echo <<<EOT
<form action="{$url}" method="POST" name="process">
</form>
<script type="text/javascript">
window.onload = function(){
document.process.submit();
};
</script>
if (Registry::get('runtime.action') == 'from_status') {
fn_calculate_cart_content($cart, $auth, 'S', true, 'F', true);
}
}
return array(CONTROLLER_STATUS_REDIRECT, "checkout." . $_REQUEST['redirect_mode']);
//Clear cart
} elseif ($mode == 'clear') {
fn_clear_cart($cart);
//fn_save_cart_content($cart, $auth['user_id']);
$cart_user_id = $_SESSION['auth']['user_id'];
if (!$cart_user_id) {
$cart_user_id = fn_get_session_data('cu_id');
}
db_query("DELETE FROM ?:user_session_products WHERE session_id = ?s AND type = ?s AND user_id = ?s", Session::getId(), 'C', $cart_user_id);
if ($auth['user_id']) {
db_query("UPDATE ?:user_session_products SET user_id = ?s WHERE session_id = ?s AND type = ?s AND user_type = ?s", $auth['user_id'], Session::getId(), 'C', 'U');
}
return array(CONTROLLER_STATUS_REDIRECT, "checkout.cart");
//Purge undeliverable products
} elseif ($mode == 'purge_undeliverable') {
fn_purge_undeliverable_products($cart);
fn_set_notification('N', __('notice'), __('notice_undeliverable_products_removed'));
return array(CONTROLLER_STATUS_REDIRECT, "checkout.checkout");
} elseif ($mode == 'complete') {
if (!empty($_REQUEST['order_id'])) {
if (empty($auth['user_id'])) {
if (empty($auth['order_ids'])) {
return array(CONTROLLER_STATUS_REDIRECT, "auth.login_form?return_url=" . urlencode(Registry::get('config.current_url')));
} else {
$allowed_id = in_array($_REQUEST['order_id'], $auth['order_ids']);
}
function fn_get_ebay_orders()
{
$success_orders = $failed_orders = array();
setlocale(LC_TIME, 'en_US');
$params = array('OrderStatus' => 'Completed');
$last_transaction = db_get_field('SELECT timestamp FROM ?:ebay_cached_transactions WHERE type = ?s AND status = ?s ORDER BY timestamp DESC', 'orders', 'C');
// Need user_id
if (!empty($last_transaction)) {
$params['CreateTimeFrom'] = gmstrftime("%Y-%m-%dT%H:%M:%S", $last_transaction);
$params['CreateTimeTo'] = gmstrftime("%Y-%m-%dT%H:%M:%S", TIME);
}
$data = array('timestamp' => TIME, 'user_id' => $_SESSION['auth']['user_id'], 'session_id' => Session::getId(), 'status' => 'A', 'type' => 'orders', 'result' => '', 'site_id' => 0);
$transaction_id = db_query('INSERT INTO ?:ebay_cached_transactions ?e', $data);
list(, $ebay_orders) = Ebay::instance()->GetOrders($params);
$data = array('status' => 'C', 'result' => count($ebay_orders));
db_query('UPDATE ?:ebay_cached_transactions SET ?u WHERE transaction_id = ?i', $data, $transaction_id);
if (!empty($ebay_orders)) {
foreach ($ebay_orders as $k => $v) {
$item_transactions = $v['TransactionArray'];
$cart = $products = array();
if (!is_array($item_transactions)) {
$item_transactions = array($item_transactions->Transaction);
}
$i = 1;
foreach ($item_transactions as $item) {
$email = (string) $item->Buyer->Email;
break;
}
$shipping_address = $v['ShippingAddress'];
$customer_name = explode(' ', (string) $shipping_address->Name);
$firstname = array_shift($customer_name);
$lastname = implode(' ', $customer_name);
$cart = array('user_id' => 0, 'company_id' => Registry::get('runtime.company_id'), 'email' => $email, 'ebay_order_id' => $v['OrderID'], 'status' => 'P', 'timestamp' => strtotime($v['CreatedTime']), 'payment_id' => 0, 'user_data' => array('firstname' => $firstname, 'lastname' => $lastname, 'phone' => (string) $shipping_address->Phone, 's_firstname' => $firstname, 's_lastname' => $lastname, 's_address' => (string) $shipping_address->Street1, 's_city' => (string) $shipping_address->CityName, 's_state' => (string) $shipping_address->StateOrProvince, 's_country' => (string) $shipping_address->Country, 's_phone' => (string) $shipping_address->Phone, 's_zipcode' => (string) $shipping_address->PostalCode, 'b_firstname' => $firstname, 'b_lastname' => $lastname, 'b_address' => (string) $shipping_address->Street1, 'b_city' => (string) $shipping_address->CityName, 'b_state' => (string) $shipping_address->StateOrProvince, 'b_country' => (string) $shipping_address->Country, 'b_phone' => (string) $shipping_address->Phone, 'b_zipcode' => (string) $shipping_address->PostalCode), 'total' => $v['Total'], 'subtotal' => $v['Subtotal'], 'shipping_cost' => (double) $v['ShippingServiceSelected']->ShippingServiceCost);
foreach ($item_transactions as $item) {
$_item = (array) $item->Item;
$product_id = db_get_field('SELECT product_id FROM ?:ebay_template_products WHERE ebay_item_id = ?i', $_item['ItemID']);
// Need check company_id
if (!$product_id) {
continue;
}
$product = fn_get_product_data($product_id, $cart['user_data']);
$extra = array("product_options" => array());
$options = db_get_array('SELECT ?:product_options.option_id, ?:product_options_descriptions.option_name, ?:product_option_variants_descriptions.variant_id, ?:product_option_variants_descriptions.variant_name
FROM ?:product_options
JOIN ?:product_option_variants ON ?:product_option_variants.option_id = ?:product_options.option_id
JOIN ?:product_options_descriptions ON ?:product_options_descriptions.option_id = ?:product_options.option_id
JOIN ?:product_option_variants_descriptions ON ?:product_option_variants_descriptions.variant_id = ?:product_option_variants.variant_id
WHERE product_id =?i', $product_id);
if (isset($item->Variation)) {
$variations_xml = (array) $item->Variation->VariationSpecifics;
if (isset($variations_xml['NameValueList']->Name)) {
$variations = (array) $variations_xml['NameValueList'];
} else {
foreach ($variations_xml['NameValueList'] as $variation) {
$variations[] = (array) $variation;
}
}
if (isset($variations)) {
if (isset($variations['Name'])) {
foreach ($options as $option) {
if ($variations['Name'] == $option['option_name'] && $variations['Value'] == $option['variant_name']) {
$extra['product_options'][$option['option_id']] = $option['variant_id'];
}
}
} else {
foreach ($variations as $variation) {
foreach ($options as $option) {
if ($variation['Name'] == $option['option_name'] && $variation['Value'] == $option['variant_name']) {
$extra['product_options'][$option['option_id']] = $option['variant_id'];
}
}
}
}
$variations = array();
}
}
$products[$i] = array('product_id' => $product_id, 'amount' => (int) $item->QuantityPurchased, 'price' => (double) $item->TransactionPrice, 'base_price' => (double) $item->TransactionPrice, 'is_edp' => $product['is_edp'], 'edp_shipping' => $product['edp_shipping'], 'free_shipping' => $product['free_shipping'], 'stored_price' => 'Y', 'company_id' => Registry::get('runtime.company_id'), 'extra' => $extra);
unset($product);
$i += 1;
}
if (empty($products)) {
continue;
}
$cart['products'] = $products;
unset($products);
$location = fn_get_customer_location($cart['user_data'], $cart);
$cart['product_groups'] = Shippings::groupProductsList($cart['products'], $location);
list($order_id, $status) = fn_update_order($cart);
if (!empty($order_id)) {
fn_change_order_status($order_id, 'P', $status, fn_get_notification_rules(array(), false));
$success_orders[] = $order_id;
} else {
$failed_orders[] = $cart['ebay_order_id'];
}
}
}
return array($success_orders, $failed_orders);
}
/**
* Generate security hash to protect forms from CRSF attacks
*
* @return string salted hash
*/
function fn_generate_security_hash()
{
if (empty($_SESSION['security_hash'])) {
$_SESSION['security_hash'] = md5(Registry::get('config.crypt_key') . Session::getId());
}
return $_SESSION['security_hash'];
}
public static function display()
{
if (!self::isActive()) {
return false;
}
$data_time = time();
$debugger_id = !empty(self::$debugger_cookie) ? self::$debugger_cookie : substr(Session::getId(), 0, 8);
$ch_p = array_values(self::$checkpoints);
$included_templates = array();
$depth = array();
$d = 0;
foreach (Registry::get('view')->template_objects as $k => $v) {
if (count(explode('#', $k)) == 1) {
continue;
}
list(, $tpl) = explode('#', $k);
if (!empty($v->parent)) {
if (property_exists($v->parent, 'template_resource')) {
if (empty($depth[$v->parent->template_resource])) {
$depth[$v->parent->template_resource] = ++$d;
}
$included_templates[] = array('filename' => $tpl, 'depth' => $depth[$v->parent->template_resource]);
}
}
}
$assigned_vars = Registry::get('view')->tpl_vars;
ksort($assigned_vars);
$exclude_vars = array('_REQUEST', 'config', 'settings', 'runtime', 'demo_password', 'demo_username', 'empty', 'ldelim', 'rdelim');
foreach ($assigned_vars as $name => $value_obj) {
if (in_array($name, $exclude_vars)) {
unset($assigned_vars[$name]);
} else {
$assigned_vars[$name] = $value_obj->value;
}
}
self::$totals['time_page'] = $ch_p[count($ch_p) - 1]['time'] - $ch_p[0]['time'];
self::$totals['memory_page'] = ($ch_p[count($ch_p) - 1]['memory'] - $ch_p[0]['memory']) / 1024;
self::$totals['count_queries'] = count(self::$queries);
self::$totals['count_tpls'] = count($included_templates);
$runtime = fn_foreach_recursive(Registry::get('runtime'), '.');
foreach ($runtime as $key => $value) {
if (in_array(gettype($value), array('object', 'resource'))) {
$runtime[$key] = gettype($value);
}
}
$data = array('request' => array('request' => $_REQUEST, 'server' => $_SERVER, 'cookie' => $_COOKIE), 'config' => array('runtime' => $runtime), 'sql' => array('totals' => array('count' => self::$totals['count_queries'], 'rcount' => 0, 'time' => self::$totals['time_queries']), 'queries' => self::$queries), 'backtraces' => self::$backtraces, 'logging' => self::$checkpoints, 'templates' => array('tpls' => $included_templates, 'vars' => $assigned_vars), 'totals' => self::$totals);
$datas = Registry::get('debugger.data');
$datas = is_array($datas) ? $datas : array();
foreach (array_keys($datas) as $id) {
foreach (array_keys($datas[$id]) as $time) {
if ($time < time() - self::EXPIRE_DEBUGGER) {
unset($datas[$id][$time]);
}
}
if (empty($datas[$id])) {
unset($datas[$id]);
}
}
$datas[$debugger_id][$data_time] = $data;
Registry::set('debugger.data', $datas);
Registry::get('view')->assign('debugger_id', $debugger_id);
Registry::get('view')->assign('debugger_hash', $data_time);
Registry::get('view')->assign('totals', self::$totals);
Registry::get('view')->display('views/debugger/debugger.tpl');
return true;
}
function fn_order_placement_routines($action = '', $order_id = 0, $force_notification = array(), $clear_cart = true, $area = AREA)
{
if (Embedded::isLeft() && !Embedded::isEnabled()) {
Embedded::enable();
}
if ($action == 'checkout_redirect') {
if ($area == 'A') {
fn_redirect("order_management.edit?order_id=" . reset($_SESSION['cart']['processed_order_id']));
} else {
fn_redirect('checkout.checkout');
}
} elseif (in_array($action, array('save', 'repay', 'route')) && !empty($order_id)) {
$order_info = fn_get_order_info($order_id, true);
$display_notification = true;
fn_set_hook('placement_routines', $order_id, $order_info, $force_notification, $clear_cart, $action, $display_notification);
if (!empty($_SESSION['cart']['placement_action'])) {
if (empty($action)) {
$action = $_SESSION['cart']['placement_action'];
}
unset($_SESSION['cart']['placement_action']);
}
if ($area == 'C' && !empty($order_info['user_id'])) {
$__fake = '';
fn_save_cart_content($__fake, $order_info['user_id']);
}
$edp_data = fn_generate_ekeys_for_edp(array(), $order_info);
fn_order_notification($order_info, $edp_data, $force_notification);
$_error = false;
if ($action == 'save') {
if ($display_notification) {
fn_set_notification('N', __('congratulations'), __('text_order_saved_successfully'));
}
} else {
if ($order_info['status'] == STATUS_PARENT_ORDER) {
$child_orders = db_get_hash_single_array("SELECT order_id, status FROM ?:orders WHERE parent_order_id = ?i", array('order_id', 'status'), $order_id);
$status = reset($child_orders);
$child_orders = array_keys($child_orders);
} else {
$status = $order_info['status'];
}
if (in_array($status, fn_get_order_paid_statuses())) {
if ($action == 'repay') {
fn_set_notification('N', __('congratulations'), __('text_order_repayed_successfully'));
} else {
fn_set_notification('N', __('order_placed'), __('text_order_placed_successfully'));
}
} elseif ($status == STATUS_BACKORDERED_ORDER) {
fn_set_notification('W', __('important'), __('text_order_backordered'));
} else {
if ($area == 'A' || $action == 'repay') {
if ($status != STATUS_CANCELED_ORDER) {
$_payment_info = db_get_field("SELECT data FROM ?:order_data WHERE order_id = ?i AND type = 'P'", $order_id);
if (!empty($_payment_info)) {
$_payment_info = unserialize(fn_decrypt_text($_payment_info));
$_msg = !empty($_payment_info['reason_text']) ? $_payment_info['reason_text'] : '';
$_msg .= empty($_msg) ? __('text_order_placed_error') : '';
fn_set_notification('E', '', $_msg);
}
}
} else {
$_error = true;
if (!empty($child_orders)) {
array_unshift($child_orders, $order_id);
} else {
$child_orders = array();
$child_orders[] = $order_id;
}
$_SESSION['cart'][$status == STATUS_INCOMPLETED_ORDER ? 'processed_order_id' : 'failed_order_id'] = $child_orders;
}
if ($status == STATUS_INCOMPLETED_ORDER || $action == 'repay' && $status == STATUS_CANCELED_ORDER) {
fn_set_notification('W', __('important'), __('text_transaction_cancelled'));
}
}
}
// Empty cart
if ($clear_cart == true && $_error == false) {
$_SESSION['cart'] = array('user_data' => !empty($_SESSION['cart']['user_data']) ? $_SESSION['cart']['user_data'] : array(), 'profile_id' => !empty($_SESSION['cart']['profile_id']) ? $_SESSION['cart']['profile_id'] : 0, 'user_id' => !empty($_SESSION['cart']['user_id']) ? $_SESSION['cart']['user_id'] : 0);
$_SESSION['shipping_rates'] = array();
unset($_SESSION['shipping_hash']);
db_query('DELETE FROM ?:user_session_products WHERE session_id = ?s AND type = ?s', Session::getId(), 'C');
}
fn_set_hook('order_placement_routines', $order_id, $force_notification, $order_info, $_error);
if ($area == 'A') {
fn_redirect("orders.details?order_id={$order_id}");
} else {
fn_redirect('checkout.' . ($_error ? 'checkout' : "complete?order_id={$order_id}"));
}
} elseif ($action == 'index_redirect') {
fn_redirect(fn_url('', 'C', 'http'));
} else {
fn_redirect(fn_url($action, 'C', 'http'));
}
}
function fn_pay4later_order_placement_routines()
{
$_SESSION['cart'] = array('user_data' => !empty($_SESSION['cart']['user_data']) ? $_SESSION['cart']['user_data'] : array(), 'profile_id' => !empty($_SESSION['cart']['profile_id']) ? $_SESSION['cart']['profile_id'] : 0, 'user_id' => !empty($_SESSION['cart']['user_id']) ? $_SESSION['cart']['user_id'] : 0);
$_SESSION['shipping_rates'] = array();
unset($_SESSION['shipping_hash']);
db_query('DELETE FROM ?:user_session_products WHERE session_id = ?s AND type = ?s', Session::getId(), 'C');
}
$area = $_REQUEST['area'];
} else {
$area = fn_check_user_type_admin_area($user_data) ? 'A' : 'C';
}
if (fn_allowed_for('MULTIVENDOR')) {
if ($user_data['user_type'] == 'V') {
$area = $area == 'A' ? 'V' : $area;
}
}
$sess_data = array('auth' => fn_fill_auth($user_data, array(), true, $area), 'last_status' => empty($_SESSION['last_status']) ? '' : $_SESSION['last_status']);
if (Registry::get('settings.General.store_mode') == 'Y') {
$sess_data['store_access_key'] = Registry::get('settings.General.store_access_key');
}
$areas = array('A' => 'admin', 'V' => 'vendor', 'C' => 'customer');
fn_init_user_session_data($sess_data, $_REQUEST['user_id'], true);
$old_sess_id = Session::getId();
$redirect_url = !empty($_REQUEST['redirect_url']) ? $_REQUEST['redirect_url'] : '';
if ($area != 'C') {
Session::setName($areas[$area]);
$sess_id = Session::regenerateId();
Session::save($sess_id, $sess_data, $area);
Session::setName(ACCOUNT_TYPE);
Session::setId($old_sess_id, false);
} else {
// Save unique key for session
$key = fn_crc32(microtime()) . fn_crc32(microtime() + 1);
fn_set_storage_data('session_' . $key . '_data', serialize($sess_data));
if (fn_allowed_for('ULTIMATE')) {
$company_id_in_url = fn_get_company_id_from_uri($redirect_url);
if (Registry::get('runtime.company_id') || !empty($user_data['company_id']) || Registry::get('runtime.simple_ultimate') || !empty($company_id_in_url)) {
// Redirect to the personal frontend
$pp_response['order_status'] = $_REQUEST['transStatus'] == 'Y' && (!empty($processor_data['processor_params']['callback_password']) ? !empty($_REQUEST['callbackPW']) && $_REQUEST['callbackPW'] == $processor_data['processor_params']['callback_password'] : true) ? 'P' : 'F';
if ($_REQUEST['transStatus'] == 'Y') {
$pp_response['reason_text'] = $_REQUEST['rawAuthMessage'];
$pp_response['transaction_id'] = $_REQUEST['transId'];
$pp_response['descr_avs'] = 'CVV (Security Code): ' . $avs_res[substr($_REQUEST['AVS'], 0, 1)] . '; Postcode: ' . $avs_res[substr($_REQUEST['AVS'], 1, 1)] . '; Address: ' . $avs_res[substr($_REQUEST['AVS'], 2, 1)] . '; Country: ' . $avs_res[substr($_REQUEST['AVS'], 3)];
}
if (!empty($_REQUEST['testMode'])) {
$pp_response['reason_text'] .= '; This a TEST Transaction';
}
$area = db_get_field("SELECT data FROM ?:order_data WHERE order_id = ?i AND type = 'E'", $order_id);
$override = $area == 'A' ? true : false;
fn_finish_payment($order_id, $pp_response, false);
echo "<head><meta http-equiv='refresh' content='0; url=" . fn_url("payment_notification.notify?payment=worldpay&order_id={$order_id}", $area, 'current', CART_LANGUAGE, $override) . "'></head><body><wpdisplay item=banner></body>";
exit;
} else {
if (!defined('BOOTSTRAP')) {
die('Access denied');
}
$_order_id = $order_info['repaid'] ? $order_id . '_' . $order_info['repaid'] : $order_id;
$s_id = Session::getId();
$sess_name = Session::getName();
$card_holder = $processor_data['processor_params']['test'] == $mode_test_declined ? $card_holder_for_declined_test : $order_info['b_firstname'] . ' ' . $order_info['b_lastname'];
$test_mode_id = $processor_data['processor_params']['test'] == $mode_test_declined ? $mode_test : $processor_data['processor_params']['test'];
$signature = md5($processor_data['processor_params']['md5_secret'] . ':' . $processor_data['processor_params']['account_id'] . ':' . $order_info['total'] . ':' . $processor_data['processor_params']['currency'] . ':' . $_order_id);
$data = array('signatureFields' => 'instId:amount:currency:cartId', 'signature' => $signature, 'instId' => $processor_data['processor_params']['account_id'], 'cartId' => $_order_id, 'amount' => $order_info['total'], 'currency' => $processor_data['processor_params']['currency'], 'testMode' => $test_mode_id, 'authMode' => $processor_data['processor_params']['authmode'], 'name' => $card_holder, 'tel' => $order_info['phone'], 'email' => $order_info['email'], 'address' => $order_info['b_address'] . ' ' . $order_info['b_city'] . ' ' . $order_info['b_state'] . ' ' . $order_info['b_country'], 'postcode' => $order_info['b_zipcode'], 'country' => $order_info['b_country'], "MC_{$sess_name}" => $s_id);
$order_data = array('order_id' => $order_id, 'type' => 'E', 'data' => AREA);
db_query("REPLACE INTO ?:order_data ?e", $order_data);
$submit_url = $processor_data['processor_params']['test'] == $mode_test_declined || $processor_data['processor_params']['test'] == $mode_test ? 'https://secure-test.worldpay.com/wcc/purchase' : 'https://secure.worldpay.com/wcc/purchase';
fn_create_payment_form($submit_url, $data, 'World Pay server', false);
exit;
}
* "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. *
****************************************************************************/
use Tygh\Development;
use Tygh\Registry;
use Tygh\Session;
use Tygh\BlockManager\Location;
use Tygh\BlockManager\Layout;
if (!defined('BOOTSTRAP')) {
die('Access denied');
}
if (!empty($_REQUEST['skey'])) {
$session_data = fn_get_storage_data('session_' . $_REQUEST['skey'] . '_data');
fn_set_storage_data('session_' . $_REQUEST['skey'] . '_data', '');
if (!empty($session_data)) {
$_SESSION = unserialize($session_data);
Session::save(Session::getId(), $_SESSION);
fn_calculate_cart_content($_SESSION['cart'], $_SESSION['auth'], 'S', true, 'F', true);
fn_save_cart_content($_SESSION['cart'], $_SESSION['auth']['user_id']);
}
return array(CONTROLLER_STATUS_REDIRECT, fn_query_remove(REAL_URL, 'skey'));
}
// UK Cookies Law
if (Registry::get('settings.Security.uk_cookies_law') == 'Y') {
if (!empty($_REQUEST['cookies_accepted']) && $_REQUEST['cookies_accepted'] == 'Y') {
$_SESSION['cookies_accepted'] = true;
}
if (!defined('AJAX_REQUEST') && empty($_SESSION['cookies_accepted'])) {
$url = fn_link_attach(Registry::get('config.current_url'), 'cookies_accepted=Y');
$text = __('uk_cookies_law', array('[url]' => $url));
fn_delete_notification('uk_cookies_law');
fn_set_notification('W', __('warning'), $text, 'K', 'uk_cookies_law');
$pp_response['order_status'] = 'P';
$pp_response['reason_text'] = $_REQUEST['msg'];
$pp_response['transaction_id'] = $_REQUEST['TxnGUID'];
$pp_response['card_number'] = $_REQUEST['mPAN'];
$pp_response['card'] = $_REQUEST['type'];
$pp_response['cardholder_name'] = $_REQUEST['name'];
$pp_response['expiry_month'] = substr($_REQUEST['exp'], 0, 2);
$pp_response['expiry_year'] = substr($_REQUEST['exp'], -2);
} elseif (!empty($_REQUEST['error'])) {
$pp_response['order_status'] = 'F';
$pp_response['reason_text'] = !empty($_REQUEST['msg']) ? $_REQUEST['msg'] : __('error');
} else {
$pp_response['order_status'] = 'N';
$pp_response['reason_text'] = __('transaction_cancelled');
}
if (fn_check_payment_script('cresecure.php', $order_id)) {
fn_finish_payment($order_id, $pp_response);
fn_order_placement_routines('route', $order_id);
}
}
} else {
if ($processor_data['processor_params']['test'] == 'live') {
$post_address = "https://safe.cresecure.net/securepayments/a1/cc_collection.php";
} else {
$post_address = "https://sandbox-cresecure.net/securepayments/a1/cc_collection.php";
}
$post_data = array('CRESecureID' => $processor_data['processor_params']['cresecureid'], 'total_amt' => sprintf('%.2f', $order_info['total']), 'return_url' => fn_url("payment_notification.return?payment=cresecure&order_id={$order_id}", AREA, 'https'), 'content_template_url' => fn_payment_url('https', "cresecure.php?order_id={$order_id}&display_full_path=Y"), 'b_country' => db_get_field('SELECT a.code_A3 FROM ?:countries as a WHERE a.code = ?s', $order_info['b_country']), 's_country' => db_get_field('SELECT a.code_A3 FROM ?:countries as a WHERE a.code = ?s', $order_info['s_country']), 'customer_address' => $order_info['b_address'] . (!empty($order_info['b_address_2']) ? ' ' . $order_info['b_address_2'] : ''), 'delivery_address' => $order_info['s_address'] . (!empty($order_info['s_address_2']) ? ' ' . $order_info['s_address_2'] : ''), 'customer_phone' => !empty($order_info['b_phone']) ? $order_info['b_phone'] : '', 'delivery_phone' => !empty($order_info['s_phone']) ? $order_info['s_phone'] : '', 'allowed_types' => !empty($processor_data['processor_params']['allowed_types']) ? join('|', $processor_data['processor_params']['allowed_types']) : 'Visa|MasterCard', 'sess_id' => Session::getId(), 'sess_name' => Session::getName(), 'order_id' => $order_info['order_id'], 'currency' => $processor_data['processor_params']['currency'], 'CRESecureAPIToken' => $processor_data['processor_params']['cresecureapitoken'], 'customer_id' => $order_info['user_id'], 'customer_company' => $order_info['company'], 'customer_firstname' => $order_info['b_firstname'], 'customer_lastname' => $order_info['b_lastname'], 'customer_email' => $order_info['email'], 'customer_city' => $order_info['b_city'], 'customer_state' => $order_info['b_state'], 'customer_postal_code' => $order_info['b_zipcode'], 'customer_country' => $order_info['b_country'], 'delivery_firstname' => $order_info['s_firstname'], 'delivery_lastname' => $order_info['s_lastname'], 'delivery_city' => $order_info['s_city'], 'delivery_state' => $order_info['s_state'], 'delivery_postal_code' => $order_info['s_zipcode'], 'ip_address' => $_SERVER['REMOTE_ADDR']);
fn_create_payment_form($post_address, $post_data, 'CRE secure', false);
}
exit;
}
/**
* Processes payment form to make payment submit via non-embedded mode
* @param string $submit_url payment submit URL
* @param array $data payment data
* @param array $payment_name payment name
* @param boolean $exclude_empty_values flag to exclude empty values
* @param string $method submit method
* @return array data to submit form to host server
*/
public static function processPaymentForm($submit_url, $data, $payment_name, $exclude_empty_values, $method)
{
$data = array(Session::getName() => Session::getId(), 'data' => json_encode(array('submit_url' => $submit_url, 'data' => $data, 'payment_name' => $payment_name, 'method' => $method, 'exclude_empty_values' => $exclude_empty_values)));
$submit_url = fn_url('payment_notification.process_embedded');
$method = 'post';
$payment_name = '';
return array($submit_url, $data, $method, $payment_name);
}
fn_set_hook('amazon_products', $amazon_products, $cart);
// Get cart items
$amazon_order = array();
foreach ($amazon_products as $key => $product) {
// Get product options
$item_options = ' ';
if (!empty($product['product_options'])) {
$_options = fn_get_selected_product_options_info($cart['products'][$key]['product_options']);
foreach ($_options as $opt) {
$item_options .= $opt['option_name'] . ': ' . $opt['variant_name'] . '; ';
}
$item_options = ' [' . trim($item_options, '; ') . ']';
}
$amazon_order['Cart']['Items']['Item'][] = array('SKU' => empty($product['product_code']) ? 'pid_' . $product['product_id'] : substr(strip_tags($product['product_code']), 0, 250), 'MerchantId' => $processor_data['processor_params']['merchant_id'], 'Title' => substr(strip_tags($product['product']), 0, 250) . $item_options, 'Price' => array('Amount' => fn_format_price($product['price']), 'CurrencyCode' => $_currency), 'Quantity' => $product['amount'], 'ItemCustomData' => array('CartID' => $key));
}
$amazon_order['Cart']['CartCustomData'] = array('ClientRequestId' => base64_encode(Session::getId() . ';' . $_payment_id));
// Activate the Amazon callbacks functionality
$amazon_order['ReturnUrl'] = Registry::get('config.http_location') . '/' . Registry::get('config.customer_index') . '?dispatch=payment_notification.placement&payment=amazon_checkout';
$amazon_order['CancelUrl'] = fn_url('checkout.cart');
$amazon_order['OrderCalculationCallbacks'] = array('CalculateTaxRates' => 'true', 'CalculatePromotions' => 'true', 'CalculateShippingRates' => 'true', 'OrderCallbackEndpoint' => Registry::get('config.origin_http_location') . '/app/payments/amazon_checkout.php', 'ProcessOrderOnCallbackFailure' => $processor_data['processor_params']['process_on_failure'] == 'Y' ? 'true' : 'false');
$amazon_order['DisablePromotionCode'] = 'true';
$amazon_cart = '<?xml version="1.0" encoding="UTF-8"?>' . '<Order xmlns="http://payments.amazon.com/checkout/2009-05-15/">' . fn_array_to_xml($amazon_order) . '</Order>';
// Calculate cart signature
if (!empty($processor_data['processor_params']['aws_access_public_key'])) {
$sign = fn_amazon_calculate_signature($amazon_cart, $processor_data['processor_params']['aws_secret_access_key']);
$sign = ';signature:' . $sign . ';aws-access-key-id:' . $processor_data['processor_params']['aws_access_public_key'];
$order_type = 'merchant-signed-order/aws-accesskey/1';
} else {
$sign = '';
$order_type = 'unsigned-order';
}
public static function orderPlacementRoutines($order_id, $force_notification = array(), $clear_cart = true, $action = '')
{
// don't show notifications
// only clear cart
$order_info = fn_get_order_info($order_id, true);
$display_notification = true;
fn_set_hook('placement_routines', $order_id, $order_info, $force_notification, $clear_cart, $action, $display_notification);
if (!empty($_SESSION['cart']['placement_action'])) {
if (empty($action)) {
$action = $_SESSION['cart']['placement_action'];
}
unset($_SESSION['cart']['placement_action']);
}
if (AREA == 'C' && !empty($order_info['user_id'])) {
$__fake = '';
fn_save_cart_content($__fake, $order_info['user_id']);
}
$edp_data = fn_generate_ekeys_for_edp(array(), $order_info);
fn_order_notification($order_info, $edp_data, $force_notification);
// Empty cart
if ($clear_cart == true && substr_count('OPT', $order_info['status']) > 0) {
$_SESSION['cart'] = array('user_data' => !empty($_SESSION['cart']['user_data']) ? $_SESSION['cart']['user_data'] : array(), 'profile_id' => !empty($_SESSION['cart']['profile_id']) ? $_SESSION['cart']['profile_id'] : 0, 'user_id' => !empty($_SESSION['cart']['user_id']) ? $_SESSION['cart']['user_id'] : 0);
db_query('DELETE FROM ?:user_session_products WHERE session_id = ?s AND type = ?s', Session::getId(), 'C');
}
$is_twg_hook = true;
$_error = false;
fn_set_hook('order_placement_routines', $order_id, $force_notification, $order_info, $_error, $is_twg_hook);
}
function fn_register_ebay_shippings($site_id = 0)
{
$data = array('timestamp' => TIME, 'user_id' => $_SESSION['auth']['user_id'], 'session_id' => Session::getId(), 'status' => 'A', 'type' => 'shippings', 'result' => '', 'site_id' => $site_id);
$transaction_id = db_query('INSERT INTO ?:ebay_cached_transactions ?e', $data);
list(, $shippings) = Ebay::instance()->GetEbayDetails('ShippingServiceDetails');
if (!empty($shippings)) {
db_query('DELETE FROM ?:ebay_shippings WHERE site_id = ?i', $site_id);
$data = array();
foreach ($shippings as $shipping) {
if (isset($shipping['ValidForSellingFlow']) && $shipping['ValidForSellingFlow'] == 'true') {
$data[] = array('service_id' => isset($shipping['ShippingServiceID']) ? $shipping['ShippingServiceID'] : '', 'name' => isset($shipping['ShippingService']) ? $shipping['ShippingService'] : '', 'description' => isset($shipping['Description']) ? $shipping['Description'] : '', 'service_type' => isset($shipping['ServiceType']) ? is_array($shipping['ServiceType']) ? implode(',', $shipping['ServiceType']) : $shipping['ServiceType'] : '', 'is_international' => isset($shipping['InternationalService']) && $shipping['InternationalService'] == 'true' ? 'Y' : 'N', 'category' => isset($shipping['ShippingCategory']) ? $shipping['ShippingCategory'] : '', 'ship_days_max' => isset($shipping['ShippingTimeMax']) ? $shipping['ShippingTimeMax'] : '', 'ship_days_min' => isset($shipping['ShippingTimeMin']) ? $shipping['ShippingTimeMin'] : '', 'package' => isset($shipping['ShippingPackage']) ? is_array($shipping['ShippingPackage']) ? implode(',', $shipping['ShippingPackage']) : $shipping['ShippingPackage'] : '', 'carrier' => isset($shipping['ShippingCarrier']) ? $shipping['ShippingCarrier'] : '', 'weight_required' => isset($shipping['WeightRequired']) && $shipping['WeightRequired'] == 'true' ? 'Y' : 'N', 'selling_flow' => 'Y', 'dimensions_required' => isset($shipping['DimensionsRequired']) && $shipping['DimensionsRequired'] == 'true' ? 'Y' : 'N', 'surcharge_applicable' => isset($shipping['SurchargeApplicable']) && $shipping['SurchargeApplicable'] == 'true' ? 'Y' : 'N', 'expedited_service' => isset($shipping['ExpeditedService']) && $shipping['ExpeditedService'] == 'true' ? 'Y' : 'N', 'detail_version' => isset($shipping['DetailVersion']) ? $shipping['DetailVersion'] : '', 'update_timestamp' => isset($shipping['UpdateTime']) ? strtotime($shipping['UpdateTime']) : '', 'site_id' => $site_id);
}
}
if (!empty($data)) {
db_query('INSERT INTO ?:ebay_shippings ?m', $data);
}
$_data = array('status' => 'C', 'result' => count($data));
db_query('UPDATE ?:ebay_cached_transactions SET ?u WHERE transaction_id = ?i', $_data, $transaction_id);
}
return true;
}
