xml_set_element_handler($xml_parser, "startElement", "endElement"); xml_set_character_data_handler($xml_parser, "characterData"); if (!xml_parse($xml_parser, $HTTP_RAW_POST_DATA, TRUE)) { $msg = sprintf("XML error: %s at line %d", xml_error_string(xml_get_error_code($xml_parser)), xml_get_current_line_number($xml_parser)); xml_parser_free($xml_parser); ReportFatalError($msg); } xml_parser_free($xml_parser); // We have all the data in the $XmlData array // Check the secret text if ($XmlData["ORDERNOTICEDS"]["ORDERINFO"]["ORDER_NOTICE_SECRET"]["_data"] != $order_notice_secret) { ReportFatalError("Invalid order notice secret\n"); } // Ignore Preview orders if ($debug == 0 && $XmlData["ORDERNOTICEDS"]["ORDERINFO"]["STATUS"]["_data"] == "PREVIEW") { ReportFatalError("No processing of preview order except in debug mode.\n"); } // For Aquatic Prime we really need the date and time (in case someone orders more than one copy // the same day), so the date from eSellerate won't cut it. $sn_date = strftime("%Y-%m-%d %H:%m:%S"); // Process each order line for ($i = 0; $i < $nOrderLines; ++$i) { // Now do the AquaticPrime stuff if (in_array($XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["SKU_ID"]["_data"], $aquaticPrimeSKUs)) { $product = $XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["SKU_TITLE"]["_data"]; $name = $XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["REGISTRATION_NAME"]["_data"]; $email = $XmlData["ORDERNOTICEDS"]["ORDERINFO"]["EMAIL"]["_data"]; $unit_price = $XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["UNIT_PRICE"]["_data"]; $count = $XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["QUANTITY"]["_data"]; // eSellerate only gives you the date, not the time (so we don't do RFC 2822 formatting here). $transactionID = $orderNumber;
// Create our license dictionary to be signed $dict = array("Product" => $product, "Name" => $name, "Email" => $email, "Licenses" => $count, "Timestamp" => $sn_date, "TransactionID" => $transactionID); $license = licenseDataForDictionary($dict, $key, $privateKey); // Note that the database size for SERIAL_NUMBER was raised from 255 (eSellerate's size) to // a MySQL TEXT field to fit alternate registration schemes. $XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["SERIAL_NUMBER"]["_data"] = $license; $to = $email; $from = str_replace(array("##NAME##", "##EMAIL##"), array($name, $email), $from); $subject = str_replace(array("##NAME##", "##EMAIL##"), array($name, $email), $subject); $message = str_replace(array("##NAME##", "##EMAIL##", "##LICENSES##"), array($name, $email, $count), $message); $licenseName = str_replace(array("##NAME##", "##EMAIL##"), array($name, $email), $licenseName); $bcc = str_replace(array("##NAME##", "##EMAIL##"), array($name, $email), $bcc); sendMail($to, $from, $subject, $message, $license, $licenseName, $bcc); } // Build a query string $queryStringValues = array(); foreach ($orderLinesFields as $currentField) { $queryStringValues[] = "\"" . mysql_real_escape_string($XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i][$currentField]["_data"]) . "\""; } $queryString = "INSERT INTO OrderLines (" . join(", ", $orderLinesFields) . ", ORDER_NUMBER, SN_DATE)" . " VALUES (" . join(", ", $queryStringValues) . ", \"{$orderNumber}\", \"{$sn_date}\")"; if ($debug == 1) { echo "{$queryString}\n"; } // Do the insert $sqlResult = mysql_query($queryString); if (!$sqlResult) { ReportFatalError(mysql_error()); } } mysql_query("COMMIT"); CloseDb();