<?php
require 'init.php';
//Paypal is notifying
if (isset($_GET["token"]) && isset($_GET["PayerID"]) && isset($_SESSION['pp_cart']) && isset($_SESSION['pp_amount'])) {
//Curl init
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, getConfigKey('paypal_testmode') ? 'https://api-3t.sandbox.paypal.com/nvp' : 'https://api-3t.paypal.com/nvp');
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
//Mixing voodoo magic soup and send it to paypal...
curl_setopt($ch, CURLOPT_POSTFIELDS, 'USER='******'paypal_user')) . '&PWD=' . urlencode(getConfigKey('paypal_password')) . '&SIGNATURE=' . urlencode(getConfigKey('paypal_signature')) . '&VERSION=76.0&METHOD=DoExpressCheckoutPayment&CURRENCYCODE=EUR&PAYMENTREQUEST_0_CURRENCYCODE=EUR&PAYMENTREQUEST_0_PAYMENTACTION=Sale&PAYERID=' . urlencode(getVar('PayerID')) . '&PAYMENTREQUEST_0_AMT=' . $_SESSION['pp_amount'] . '&TOKEN=' . urlencode(getVar('token')));
$httpResponse = curl_exec($ch);
if (!$httpResponse) {
render('error', array('error' => 'Request error'));
}
// Extract the response details.
$httpResponseAr = explode("&", $httpResponse);
$httpParsedResponseAr = array();
foreach ($httpResponseAr as $i => $value) {
$tmpAr = explode("=", $value);
if (sizeof($tmpAr) > 1) {
$httpParsedResponseAr[$tmpAr[0]] = $tmpAr[1];
}
}
if (!sizeof($httpParsedResponseAr) || !array_key_exists('ACK', $httpParsedResponseAr)) {
render('error', array('error' => 'Invalid response'));
}
case 'signup':
if (getVar('email')) {
$addUser = $dbh->prepare("INSERT INTO users (username, password, email, firstname, lastname, address, postalcode, city, phone) VALUES (:username, :password, :email, :firstname, :lastname, :address, :postalcode, :city, :phone)");
$addUser->execute(array(':username' => getVar('username'), ':password' => passwordHash(getVar('password')), ':email' => getVar('email'), ':firstname' => getVar('firstname'), ':lastname' => getVar('lastname'), ':address' => getVar('address'), ':postalcode' => getVar('postalcode'), ':city' => getVar('city'), ':phone' => getVar('phone')));
renderHome('accountCreated', true);
} else {
render('user-signup');
}
break;
case 'reset':
if (getVar('email')) {
$userQuery = $dbh->prepare("SELECT id FROM users WHERE email = :email");
$userQuery->execute(array(':email' => getVar('email')));
if ($userQuery->rowCount()) {
$newPass = genPassword();
mail(getVar('email'), 'Your new password on ' . getConfigKey('title'), 'Your new password is ' . $newPass);
$resetQuery = $dbh->prepare("UPDATE users SET password = :password WHERE email = :email LIMIT 1");
$resetQuery->execute(array(':password' => passwordHash($newPass), ':email' => getVar('email')));
render('user-reset', array());
} else {
render('error', array('error' => 'No account was found.'));
}
} else {
render('user-reset');
}
break;
case 'login':
$loginQuery = $dbh->prepare("SELECT id, firstname, lastname, username, email, address, city, postalcode, phone FROM users WHERE username = :username AND password = :password");
$loginQuery->execute(array(':username' => getVar('username'), ':password' => passwordHash(getVar('password'))));
$user = $loginQuery->fetchAll()[0];
if ($loginQuery->rowCount()) {
// Extract the response details.
$httpResponseAr = explode("&", $httpResponse);
$httpParsedResponseAr = array();
foreach ($httpResponseAr as $i => $value) {
$tmpAr = explode("=", $value);
if (sizeof($tmpAr) > 1) {
$httpParsedResponseAr[$tmpAr[0]] = $tmpAr[1];
}
}
if (!sizeof($httpParsedResponseAr) || !array_key_exists('ACK', $httpParsedResponseAr)) {
render('error', array('error' => 'Invalid response'));
}
//Goto paypal or print error message
if (strtoupper($httpParsedResponseAr["ACK"]) == 'SUCCESS' || strtoupper($httpParsedResponseAr["ACK"]) == 'SUCCESSWITHWARNING') {
$_SESSION['pp_amount'] = $amount;
$_SESSION['pp_cart'] = $cart_id;
if (getConfigKey('paypal_testmode')) {
header('Location: ' . 'https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=' . $httpParsedResponseAr["TOKEN"]);
} else {
header('Location: ' . 'https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=' . $httpParsedResponseAr["TOKEN"]);
}
} else {
if (TC_DEBUG) {
echo '<div style="color:red"><b>Error : </b>' . urldecode($httpParsedResponseAr["L_LONGMESSAGE0"]) . '</div>';
echo '<pre>';
print_r($httpParsedResponseAr);
echo '</pre>';
} else {
render('error', array('error' => 'Paypal error'));
}
}
