<?php /* ----------------------------------------------------------------------------------------- $Id: captcha.php 831 2007-10-29 19:20:03 VaM $ VaM Shop - open source ecommerce solution http://vamshop.ru http://vamshop.com Copyright (c) 2007 VaM Shop ----------------------------------------------------------------------------------------- based on: (c) 2007 KCAPTCHA - author Kruglov Sergei; captcha.ru Released under the GNU General Public License ---------------------------------------------------------------------------------------*/ require 'includes/application_top.php'; require_once DIR_FS_INC . 'vam_render_vvcode.inc.php'; require_once DIR_FS_INC . 'vam_random_charcode.inc.php'; $visual_verify_code = vam_random_charcode(6); $_SESSION['vvcode'] = $visual_verify_code; $vvimg = vvcode_render_code($visual_verify_code);
// create template elements $vamTemplate = new vamTemplate(); // include boxes require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php'; // include needed functions require_once DIR_FS_INC . 'vam_random_charcode.inc.php'; require_once DIR_FS_INC . 'vam_encrypt_password.inc.php'; require_once DIR_FS_INC . 'vam_validate_password.inc.php'; require_once DIR_FS_INC . 'vam_rand.inc.php'; require_once DIR_FS_INC . 'vam_render_vvcode.inc.php'; $case = double_opt; $info_message = TEXT_PASSWORD_FORGOTTEN; if (isset($_GET['action']) && $_GET['action'] == 'first_opt_in') { $check_customer_query = vam_db_query("select customers_email_address, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . vam_db_input($_POST['email']) . "'"); $check_customer = vam_db_fetch_array($check_customer_query); $vlcode = vam_random_charcode(32); $link = vam_href_link(FILENAME_PASSWORD_DOUBLE_OPT, 'action=verified&customers_id=' . $check_customer['customers_id'] . '&key=' . $vlcode, 'NONSSL'); // assign language to template for caching $vamTemplate->assign('language', $_SESSION['language']); $vamTemplate->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/'); $vamTemplate->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/'); // assign vars $vamTemplate->assign('EMAIL', $check_customer['customers_email_address']); $vamTemplate->assign('LINK', $link); // dont allow cache $vamTemplate->caching = false; // create mails $html_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/password_verification_mail.html'); $txt_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/password_verification_mail.txt'); if ($_POST['captcha'] == $_SESSION['vvcode']) { if (!vam_db_num_rows($check_customer_query)) {
function confirmation() { global $cartID, $customer_id, $languages_id, $order, $order_total_modules; if (isset($_SESSION['cartID'])) { $insert_order = false; if (isset($_SESSION['cart_aviso_id'])) { $order_id = substr($_SESSION['cart_aviso_id'], strpos($_SESSION['cart_aviso_id'], '-') + 1); $curr_check = vam_db_query("select currency from " . TABLE_ORDERS . " where orders_id = '" . (int) $order_id . "'"); $curr = vam_db_fetch_array($curr_check); if ($curr['currency'] != $order->info['currency'] || $cartID != substr($_SESSION['cart_aviso_id'], 0, strlen($cartID))) { $check_query = vam_db_query('select orders_id from ' . TABLE_ORDERS_STATUS_HISTORY . ' where orders_id = "' . (int) $order_id . '" limit 1'); if (vam_db_num_rows($check_query) < 1) { vam_db_query('delete from ' . TABLE_ORDERS . ' where orders_id = "' . (int) $order_id . '"'); vam_db_query('delete from ' . TABLE_ORDERS_TOTAL . ' where orders_id = "' . (int) $order_id . '"'); vam_db_query('delete from ' . TABLE_ORDERS_STATUS_HISTORY . ' where orders_id = "' . (int) $order_id . '"'); vam_db_query('delete from ' . TABLE_ORDERS_PRODUCTS . ' where orders_id = "' . (int) $order_id . '"'); vam_db_query('delete from ' . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . ' where orders_id = "' . (int) $order_id . '"'); vam_db_query('delete from ' . TABLE_ORDERS_PRODUCTS_DOWNLOAD . ' where orders_id = "' . (int) $order_id . '"'); } $insert_order = true; } } else { $insert_order = true; } if ($insert_order == true) { $order_totals = array(); if (is_array($order_total_modules->modules)) { reset($order_total_modules->modules); while (list(, $value) = each($order_total_modules->modules)) { $class = substr($value, 0, strrpos($value, '.')); if ($GLOBALS[$class]->enabled) { for ($i = 0, $n = sizeof($GLOBALS[$class]->output); $i < $n; $i++) { if (vam_not_null($GLOBALS[$class]->output[$i]['title']) && vam_not_null($GLOBALS[$class]->output[$i]['text'])) { $order_totals[] = array('code' => $GLOBALS[$class]->code, 'title' => $GLOBALS[$class]->output[$i]['title'], 'text' => $GLOBALS[$class]->output[$i]['text'], 'value' => $GLOBALS[$class]->output[$i]['value'], 'sort_order' => $GLOBALS[$class]->sort_order); } } } } } if ($_SESSION['customers_status']['customers_status_ot_discount_flag'] == 1) { $discount = $_SESSION['customers_status']['customers_status_ot_discount']; } else { $discount = '0.00'; } if ($_SERVER["HTTP_X_FORWARDED_FOR"]) { $customers_ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; } else { $customers_ip = $_SERVER["REMOTE_ADDR"]; } $sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], 'customers_cid' => $order->customer['csID'], 'customers_vat_id' => $_SESSION['customer_vat_id'], 'customers_company' => $order->customer['company'], 'customers_status' => $_SESSION['customers_status']['customers_status_id'], 'customers_status_name' => $_SESSION['customers_status']['customers_status_name'], 'customers_status_image' => $_SESSION['customers_status']['customers_status_image'], 'customers_status_discount' => $discount, 'customers_street_address' => $order->customer['street_address'], 'customers_suburb' => $order->customer['suburb'], 'customers_city' => $order->customer['city'], 'customers_postcode' => $order->customer['postcode'], 'customers_state' => $order->customer['state'], 'customers_country' => $order->customer['country']['title'], 'customers_telephone' => $order->customer['telephone'], 'customers_email_address' => $order->customer['email_address'], 'customers_address_format_id' => $order->customer['format_id'], 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'], 'delivery_company' => $order->delivery['company'], 'delivery_street_address' => $order->delivery['street_address'], 'delivery_suburb' => $order->delivery['suburb'], 'delivery_city' => $order->delivery['city'], 'delivery_postcode' => $order->delivery['postcode'], 'delivery_state' => $order->delivery['state'], 'delivery_country' => $order->delivery['country']['title'], 'delivery_address_format_id' => $order->delivery['format_id'], 'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'], 'billing_company' => $order->billing['company'], 'billing_street_address' => $order->billing['street_address'], 'billing_suburb' => $order->billing['suburb'], 'billing_city' => $order->billing['city'], 'billing_postcode' => $order->billing['postcode'], 'billing_state' => $order->billing['state'], 'billing_country' => $order->billing['country']['title'], 'billing_address_format_id' => $order->billing['format_id'], 'payment_method' => $order->info['payment_method'], 'payment_class' => $order->info['payment_class'], 'shipping_method' => $order->info['shipping_method'], 'shipping_class' => $order->info['shipping_class'], 'language' => $_SESSION['language'], 'comments' => $order->info['comments'], 'customers_ip' => $customers_ip, 'orig_reference' => $order->customer['orig_reference'], 'login_reference' => $order->customer['login_reference'], 'cc_type' => $order->info['cc_type'], 'cc_owner' => $order->info['cc_owner'], 'cc_number' => $order->info['cc_number'], 'cc_expires' => $order->info['cc_expires'], 'date_purchased' => 'now()', 'orders_status' => $order->info['order_status'], 'currency' => $order->info['currency'], 'currency_value' => $order->info['currency_value']); vam_db_perform(TABLE_ORDERS, $sql_data_array); $insert_id = vam_db_insert_id(); $customer_notification = SEND_EMAILS == 'true' ? '1' : '0'; $sql_data_array = array('orders_id' => $insert_id, 'orders_status_id' => $order->info['order_status'], 'date_added' => 'now()', 'customer_notified' => $customer_notification, 'comments' => $order->info['comments']); vam_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array); for ($i = 0, $n = sizeof($order_totals); $i < $n; $i++) { $sql_data_array = array('orders_id' => $insert_id, 'title' => $order_totals[$i]['title'], 'text' => $order_totals[$i]['text'], 'value' => $order_totals[$i]['value'], 'class' => $order_totals[$i]['code'], 'sort_order' => $order_totals[$i]['sort_order']); vam_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array); } for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) { $sql_data_array = array('orders_id' => $insert_id, 'products_id' => vam_get_prid($order->products[$i]['id']), 'products_model' => $order->products[$i]['model'], 'products_name' => $order->products[$i]['name'], 'products_price' => $order->products[$i]['price'], 'final_price' => $order->products[$i]['final_price'], 'products_tax' => $order->products[$i]['tax'], 'products_quantity' => $order->products[$i]['qty']); vam_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array); $order_products_id = vam_db_insert_id(); $attributes_exist = '0'; if (isset($order->products[$i]['attributes'])) { $attributes_exist = '1'; for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) { if (DOWNLOAD_ENABLED == 'true') { $attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename, pad.products_attributes_is_pin\n from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n on pa.products_attributes_id=pad.products_attributes_id\n where pa.products_id = '" . $order->products[$i]['id'] . "'\n and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n and pa.options_id = popt.products_options_id\n and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n and pa.options_values_id = poval.products_options_values_id\n and popt.language_id = '" . $_SESSION['languages_id'] . "'\n and poval.language_id = '" . $_SESSION['languages_id'] . "'"; $attributes = vam_db_query($attributes_query); } else { $attributes = vam_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $_SESSION['languages_id'] . "' and poval.language_id = '" . $_SESSION['languages_id'] . "'"); } // update attribute stock vam_db_query("UPDATE " . TABLE_PRODUCTS_ATTRIBUTES . " set\n\t\t\t\t\t\t attributes_stock=attributes_stock - '" . $order->products[$i]['qty'] . "'\n\t\t\t\t\t\t where\n\t\t\t\t\t\t products_id='" . $order->products[$i]['id'] . "'\n\t\t\t\t\t\t and options_values_id='" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n\t\t\t\t\t\t and options_id='" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n\t\t\t\t\t\t "); $attributes_values = vam_db_fetch_array($attributes); $sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'products_options' => $attributes_values['products_options_name'], 'products_options_values' => $attributes_values['products_options_values_name'], 'options_values_price' => $attributes_values['options_values_price'], 'price_prefix' => $attributes_values['price_prefix']); vam_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array); if (DOWNLOAD_ENABLED == 'true' && (isset($attributes_values['products_attributes_filename']) && vam_not_null($attributes_values['products_attributes_filename']) or $attributes_values['products_attributes_is_pin'])) { //PIN add for ($pincycle = 0; $pincycle < $order->products[$i]['qty']; $pincycle++) { if ($attributes_values['products_attributes_is_pin']) { $pin_query = vam_db_query("SELECT products_pin_id, products_pin_code FROM " . TABLE_PRODUCTS_PINS . " WHERE products_id = '" . $order->products[$i]['id'] . "' AND products_pin_used='0' LIMIT 1"); if (vam_db_num_rows($pin_query) == '0') { // We have no PIN for this product // insert some error notifying here $pin = PIN_NOT_AVAILABLE; } else { $pin_res = vam_db_fetch_array($pin_query); $pin = $pin_res['products_pin_code']; vam_db_query("UPDATE " . TABLE_PRODUCTS_PINS . " SET products_pin_used='" . $insert_id . "' WHERE products_pin_id = '" . $pin_res['products_pin_id'] . "'"); } } //PIN $sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'orders_products_filename' => $attributes_values['products_attributes_filename'], 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 'download_count' => $attributes_values['products_attributes_maxcount'], 'download_is_pin' => $attributes_values['products_attributes_is_pin'], 'download_pin_code' => $pin); vam_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array); } } } } } $_SESSION['cart_aviso_id'] = $cartID . '-' . $insert_id; } // Выписываем aviso счёт для покупателя if ($insert_order == true) { include_once DIR_WS_INCLUDES . 'external/avisosms/avisosmsmc.class.php'; require_once DIR_FS_INC . 'vam_random_charcode.inc.php'; /* * Инициализация */ $username = MODULE_PAYMENT_AVISO_ID; $sign = md5(($_SESSION['aviso_telephone'] == '' ? $_POST['aviso_telephone'] : $_SESSION['aviso_telephone']) . MODULE_PAYMENT_AVISO_SERVICE_ID . MODULE_PAYMENT_AVISO_ID . MODULE_PAYMENT_AVISO_SECURE_HASH); $access_key = MODULE_PAYMENT_AVISO_ACCESS_KEY; $service_id = MODULE_PAYMENT_AVISO_SERVICE_ID; // Создаем новый объект для работы с avisosms m_commerce $m_commerce = new AvisosmsMCommerce($username, $sign, $access_key, $service_id); // Включаем тестовый режим $m_commerce->test = FALSE; //------------------------------------------------------------------------------ /* * Создание нового заказа */ $description = vam_random_charcode(20); $price = number_format($order->info['total'], 2, '.', ''); $success_message = 'ok!'; $phone = $_SESSION['aviso_telephone'] == '' ? $_POST['aviso_telephone'] : $_SESSION['aviso_telephone']; $merchant_order_id = substr($_SESSION['cart_aviso_id'], strpos($_SESSION['cart_aviso_id'], '-') + 1); if ($m_commerce->createOrder($description, $price, $success_message, $phone, $merchant_order_id)) { // Заказ создан успешно (status = 0) // Ответ ввиде массива //$response = $m_commerce->response(); //var_dump($response); } else { // Ошибка создания заказа (status > 0) echo 'Ошибка: ' . $m_commerce->error_message(); //var_dump($m_commerce->response()); } vam_db_query("INSERT INTO " . TABLE_PERSONS . " (orders_id, name, address) VALUES ('" . vam_db_prepare_input((int) substr($_SESSION['cart_aviso_id'], strpos($_SESSION['cart_aviso_id'], '-') + 1)) . "', '" . vam_db_prepare_input($_SESSION['kvit_name']) . "', '" . vam_db_prepare_input($_SESSION['aviso_telephone']) . "')"); } } return array('title' => MODULE_PAYMENT_AVISO_TEXT_DESCRIPTION); }