$status = $_POST['status']; $md5sig = $_POST['md5sig']; $status = $_POST['Status']; $working_sig = strtoupper(md5($merchant_id . $transaction_id . $secret . $mb_amount . $mb_currency . $status)); $sql = "SELECT * FROM orders where order_id='" . $_POST['transaction_id'] . "'"; $result = mysql_query($sql) or die(mysql_error() . $sql); $order_row = mysql_fetch_array($result); if ($working_sig == $md5sig) { switch ($status) { case "-2": // failed break; case "2": // processed debit_transaction($transaction_id, $mb_amount, MONEYBOOKERS_CURRENCY, "mb" . $transaction_id, $reason_code, 'moneybookers'); complete_order($order_row['user_id'], $_POST['transaction_id']); break; case "1": // scheduled (wait for 2 or -2) break; case "0": // pending break; case "-1": // cancelled break; } } else { echo "Invalid signiture"; } }
function process_payment_return() { global $label; if ($_POST['Merchant_Id'] != '') { $sql = "SELECT * FROM orders where order_id='" . $_POST['Order_Id'] . "'"; $result = mysql_query($sql) or die(mysql_error() . $sql); $order_row = mysql_fetch_array($result); //$WorkingKey = "" ; //put in the 32 bit working key in the quotes provided here $Checksum = cc_verifychecksum($_POST['Merchant_Id'], $_POST['Order_Id'], $_POST['Amount'], $_POST['AuthDesc'], $_POST['Checksum'], CCAVENUE_WORKING_KEY); if ($Checksum == "true" && $_POST['AuthDesc'] == "Y") { debit_transaction($_POST['Order_Id'], $_POST['Amount'], CCAVENUE_CURRENCY, "ccAve" . $_POST['Order_Id'], $reason_code, 'CCAvenue'); complete_order($order_row['user_id'], $_POST['Order_Id']); ?> <center> <?php echo $label['payment_ccave_note_y']; ?> ?> </center> <h3><?php echo $label['payment_ccave_go_back']; ?> </h3> <?php echo "<br>Thank you for shopping with us. Your credit card has been charged and your transaction is successful. You can continue and upload your pixels."; //Here you need to put in the routines for a successful //transaction such as sending an email to customer, //setting database status, informing logistics etc etc } else { if ($Checksum == "true" && $_POST['AuthDesc'] == "B") { pend_order($order_row['user_id'], $_POST['Order_Id']); ?> <center> <?php echo $label['payment_ccave_note_b']; ?> ?> </center> ?> <br> <?php //Here you need to put in the routines/e-mail for a "Batch Processing" order //This is only if payment for this transaction has been made by an American Express Card //since American Express authorisation status is available only after 5-6 hours by mail from ccavenue and at the "View Pending Orders" } else { if ($Checksum == "true" && $_POST['AuthDesc'] == "N") { echo "<br>Thank you for shopping with us. However, the transaction has been declined."; //Here you need to put in the routines for a failed //transaction such as sending an email to customer //setting database status etc etc ?> <h3><?php echo $label['payment_ccave_go_back']; ?> </h3> <?php } else { echo "<br>Security Error. Illegal access detected"; //Here you need to simply ignore this and dont need //to perform any operation in this condition } } } } }
if ($_REQUEST['mass_complete'] != '') { foreach ($_REQUEST[orders] as $oid) { $sql = "SELECT * from orders where order_id=" . $oid; $result = mysql_query($sql) or die(mysql_error()); $order_row = mysql_fetch_array($result); if ($order_row['status'] != 'completed') { complete_order($order_row['user_id'], $oid); debit_transaction($order_row['user_id'], $order_row[price], $order_row[currency], $order_row[order_id], $reason_code, 'Admin'); } } } if ($_REQUEST['action'] == 'complete') { $sql = "SELECT * from orders where order_id=" . $_REQUEST[order_id]; $result = mysql_query($sql) or die(mysql_error()); $order_row = mysql_fetch_array($result); complete_order($_REQUEST['user_id'], $_REQUEST[order_id]); debit_transaction($_REQUEST[order_id], $order_row[price], $order_row[currency], $order_row[order_id], $reason_code, 'Admin'); echo "Order completed."; } if ($_REQUEST['action'] == 'cancel') { /* $sql = "UPDATE orders set status='cancelled' WHERE order_id=".$_REQUEST[order_id]; mysql_query ($sql) or die (mysql_error()); */ cancel_order($_REQUEST[order_id]); echo "Order cancelled."; } if ($_REQUEST['mass_cancel'] != '') { echo "cancelling..."; foreach ($_REQUEST[orders] as $oid) { //echo "$order_id ";
$entry_line = "{$entry_line}\r\n "; $log_fp = @fopen("logs.txt", "a"); @fputs($log_fp, $entry_line); @fclose($log_fp); } } if ($_POST['PAYMENT_ID'] != '') { $alt_hash = strtoupper(md5(EGOLD_ALTERNATE_PASSPHRASE)); $hash = strtoupper(md5($_POST['PAYMENT_ID'] . ":" . $_POST['PAYEE_ACCOUNT'] . ":" . $_POST['PAYMENT_AMOUNT'] . ":" . $_POST['PAYMENT_UNITS'] . ":" . $_POST['PAYMENT_METAL_ID'] . ":" . $_POST['PAYMENT_BATCH_NUM'] . ":" . $_POST['PAYER_ACCOUNT'] . ":" . $alt_hash . ":" . $_POST['ACTUAL_PAYMENT_OUNCES'] . ":" . $_POST['USD_PER_OUNCE'] . ":" . $_POST['FEEWEIGHT'] . ":" . $_POST['TIMESTAMPGMT'])); $sql = "SELECT * FROM orders where order_id='" . $_POST['PAYMENT_ID'] . "'"; $result = mysql_query($sql) or die(mysql_error() . $sql); $order_row = mysql_fetch_array($result); if ($hash == $_POST['HANDSHAKE_HASH']) { $egold = new egold(); debit_transaction($_POST['PAYMENT_ID'], $_POST['PAYMENT_AMOUNT'], $egold->get_currency(), "eg" . $_POST['PAYMENT_ID'], $reason_code, 'egold'); complete_order($_POST['CUST_NUM'], $_POST['ORDER_NUM']); } else { echo "Invalid signiture"; } } ########################################################################### # Payment Object class egold { var $name = "E-Gold"; var $description = 'E-Gold'; var $className = "egold"; function egold() { global $label; $this->description = $label['payment_egold_description'];
if ($txn_type == 'subscr_eot') { } if ($txn_type == 'web_accept' || $txn_type == '') { // transaction came from a button or straight from paypal switch ($payment_status) { case "Canceled_Reversal": complete_order($row['user_id'], $invoice_id); debit_transaction($invoice_id, $mc_gross, $mc_currency, $txn_id, $reason_code, 'PayPal'); break; case "Completed": // Funds successfully transferred // complete_order ($user_id, $order_id); $sql = "select user_id FROM orders where order_id='" . $invoice_id . "'"; $result = mysql_query($sql) or pp_mail_error(mysql_error() . $sql); $row = mysql_fetch_array($result); complete_order($row['user_id'], $invoice_id); debit_transaction($invoice_id, $mc_gross, $mc_currency, $txn_id, $reason_code, 'PayPal'); break; case "Denied": // denied by merchant break; case "Failed": // only happens when payment is from customers' bank account //insert_transaction ($employer_id, $payment_status, $pending_reason, $reason_code, $payment_date, $txn_id, $parent_txn_id, $txn_type, $payment_type, $mc_gross, $mc_currency, $item_name, $item_number, $invoice_id); break; case "Pending": $sql = "select user_id FROM orders where order_id='" . $invoice_id . "'"; $result = mysql_query($sql) or pp_mail_error(mysql_error() . $sql); $row = mysql_fetch_array($result); pend_order($row['user_id'], $invoice_id); // pending_reason : 'address', 'echeck', 'intl', 'multi_currency', 'unilateral', 'upgrade', 'verify', 'other'
</p> <h3><?php echo $label['advertiser_pay_sel_method']; ?> </h3> <?php if ($_REQUEST['action'] == 'confirm' || $_REQUEST['action'] == 'complete') { // move temp order to confirmed order if ($order_id = reserve_pixels_for_temp_order($order_row)) { //echo "the order id is: $order_id<br>"; // check the user's rank $sql = "select * from users where ID='" . $_SESSION['MDS_ID'] . "'"; $u_result = mysql_query($sql) or die(mysql_error() . $sql); $u_row = mysql_fetch_array($u_result); if ($order_row['price'] == 0 || $u_row['Rank'] == 2) { complete_order($_SESSION['MDS_ID'], $order_id); } else { confirm_order($_SESSION['MDS_ID'], $order_id); } } else { // we have a problem... ?> <h1><?php echo $label['sorry_head']; ?> </h1> <p><?php if (USE_AJAX == 'SIMPLE') { $order_page = 'order_pixels.php'; } else { $order_page = 'select.php';
function process_payment_return() { global $label; if ($_POST['x_response_code'] != '') { //$_POST['x_md5_hash']; $working_sig = strtoupper(md5($merchant_id . $transaction_id . $secret . $mb_amount . $mb_currency . $status)); $sql = "SELECT * FROM orders where order_id='" . $_POST['x_invoice_num'] . "'"; $result = mysql_query($sql) or die(mysql_error() . $sql); $order_row = mysql_fetch_array($result); $myhash = strtoupper(md5(AUTHNET_X_TRAN_KEY . AUTHNET_LOGIN_ID . $_POST['x_trans_id'] . $_POST['x_amount'])); if ($_POST['x_md5_hash'] == $myhash) { switch ($_POST['x_response_code']) { case "1": // approved debit_transaction($_POST['x_invoice_num'], $_POST['x_amount'], AUTHNET_CURRENCY, $_POST['x_trans_id'], $_POST['x_response_reason_text'], 'authorize.net'); complete_order($order_row['user_id'], $_POST['x_invoice_num']); break; case "2": // declined break; case "3": // Error break; } } else { authnet_log_entry("Authorize.net: Invalid signiture"); } } }
$order_page = 'select.php'; } $label['sorry_head2'] = str_replace('%ORDER_PAGE%', $order_page, $label['sorry_head2']); echo $label['sorry_head2']; ?> </p> <?php require "footer.php"; die; } } $sql = "select * from orders where order_id='" . $_REQUEST['order_id'] . "' AND user_id='" . $_SESSION['MDS_ID'] . "' "; $result = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_array($result); if ($row['price'] == 0 || $user_row['Rank'] == 2) { complete_order($row['user_id'], $row['order_id']); // no transaction for this order echo "<h3>" . $label['advertiser_publish_free_order'] . "</h3>"; } // publish if (AUTO_PUBLISH == 'Y') { process_image($BID); publish_image($BID); process_map($BID); } } ############################################################### # Banner Selection form # Load this form only if more than 1 grid exists with pixels purchased. $sql = "select * FROM orders, banners where orders.banner_id=banners.banner_id AND user_id=" . $_SESSION['MDS_ID'] . " and (orders.status='completed' or status='expired') group by orders.banner_id order by `name`"; $res = mysql_query($sql) or die(mysql_error() . $sql);
} else { if (strcmp($res, "DECLINED") == 0) { log_entry($entry_line); // log for manual investigation $VERIFIED = false; $payment_status = 'Denied'; } } } fclose($fp); // if VERIFIED=1 process payment if ($VERIFIED) { switch ($payment_status) { case "Completed": // Funds successfully transferred complete_order($user_id, $order_id); debit_transaction($order_id, $amount, 'GBP', $txn_id, $reason, 'NOCHEX'); break; default: break; } } } } ########################################################################### # Payment Object class NOCHEX { var $name = "NOCHEX"; var $description = "NOCHEX - Credit Card Payments. Accepts British Pounds."; var $className = "NOCHEX";
function process_payment_return() { global $label; if ($_REQUEST['key'] != '') { $order_number = $_REQUEST['order_number']; //$order_number = _2CO_SID."-".$order_number; if (_2CO_DEMO == 'Y') { $order_number = 1; } $card_holder_name = $_REQUEST['card_holder_name']; $street_address = $_REQUEST['street_address']; $city = $_REQUEST['city']; $state = $_REQUEST['state']; $zip = $_REQUEST['zip']; $country = $_REQUEST['country']; $email = $_REQUEST['email']; $phone = $_REQUEST['phone']; $credit_card_processed = $_REQUEST['credit_card_processed']; // Y = successfull. K = pending $total = $_REQUEST['total']; $product_id = $_REQUEST['product_id']; // c2o product id $quantity = $_REQUEST['quantity']; // quantity $merchant_product_id = $_REQUEST['merchant_product_id']; // $cart_order_id = $_REQUEST['cart_order_id']; $product_description = $_REQUEST['product_description']; $x_MD5_Hash = strtolower($_REQUEST['key']); // md5 (secret word + vendor number + order number + total) //.Demo mode:The order number used to create the Hash is forced to equal 1. This designates that the order is a demo order. //$x_MD5_Hash = $_REQUEST['x_MD5_Hash']; // md5 (secret word + vendor number + order number + total) //.Demo mode:The order number used to create the Hash is forced to equal 1. This designates that the order is a demo order. //include ("header.php"); //print_r ($_REQUEST); foreach ($_REQUEST as $key => $val) { $req .= "&" . $key . "=" . $val; } _2co_log_entry($req); // process order $_2CO = new _2CO(); // load in the constants.. // get customer's order $sql = "SELECT * FROM orders where order_id='" . $cart_order_id . "'"; $result = mysql_query($sql) or die(mysql_error() . $sql); $order_row = mysql_fetch_array($result); // md5 (secret word + vendor number + order number + total) $md5_str = _2CO_SECRET_WORD . _2CO_SID . $order_number . format_number($order_row['price']); $hash = md5($md5_str); if (strcmp($hash, $x_MD5_Hash) == 0) { if ($credit_card_processed == 'Y') { # Credit card processed OK complete_order($order_row['user_id'], $cart_order_id); debit_transaction($cart_order_id, $total, 'USD', $order_number, $reason, '_2CO'); ?> <center> <img src="<?php echo SITE_LOGO_URL; ?> "> <h3>Thank you. Your order was sucessfully completed. You may <a href="<?php echo BASE_HTTP_PATH; ?> users/publish.php">manage your pixels</a> now.</h3> </center> <?php } elseif ($credit_card_processed == 'K') { # credit card pending pend_order($order_row['user_id'], $cart_order_id); ?> <center> <img src="<?php echo SITE_LOGO_URL; ?> "> <h3>Thank you. Your order is pending while the funds are cleared by 2Checkout. Go to the <a href="<?php echo BASE_HTTP_PATH; ?> users/index.php">Main Menu.</a></h3> </center> <?php } } else { echo "Invalid."; echo "Invalid. Was this a demo transaction?" . "Has does not match...: [{$hash}] != [{$x_MD5_Hash}] (original string: " . $md5_str . ") "; _2co_mail_error("Has does not match...: [{$hash}] != [{$x_MD5_Hash}] (original string: " . $md5_str . ") "); } } }