// All Rights Reserved. See copyright.txt for details and a complete list of authors. // Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. // $Id: tiki-payment.php 51201 2014-05-09 16:53:50Z lphuberdeau $ // Data sent by the IPN must be left unharmed if (isset($_GET['ipn'])) { $ipn_data = $_POST; } $inputConfiguration = array(array('staticKeyFilters' => array('amount' => 'text', 'manual_amount' => 'text', 'description' => 'text', 'request' => 'alpha', 'payable' => 'digits', 'offset_outstanding' => 'digits', 'offset_overdue' => 'digits', 'offset_past' => 'digits', 'offset_canceled' => 'digits', 'invoice' => 'digits', 'cancel' => 'digits', 'note' => 'striptags', 'detail' => 'wikicontent', 'cclite_payment_amount' => 'text', 'tiki_credit_amount' => 'text', 'tiki_credit_pay' => 'text', 'tiki_credit_type' => 'text', 'checkout' => 'text', 'update' => 'word', 'daconfirm' => 'word', 'ticket' => 'word', 'returnurl' => 'url'), 'staticKeyFiltersForArrays' => array('cart' => 'digits'), 'catchAllUnset' => null)); require_once 'tiki-setup.php'; require_once 'lib/categories/categlib.php'; require_once 'lib/payment/paymentlib.php'; $access->check_feature('payment_feature'); $auto_query_args = array('offset_outstanding', 'offset_overdue', 'offset_past', 'offset_canceled'); if (isset($_POST['tiki_credit_pay']) && isset($_POST['tiki_credit_amount']) && isset($_POST['tiki_credit_type']) && isset($_POST['invoice'])) { require_once 'lib/payment/creditspaylib.php'; $userpaycredits = new UserPayCredits(); $userpaycredits->payAmount($_POST['tiki_credit_type'], $_POST['tiki_credit_amount'], $_POST['invoice']); } if (isset($ipn_data)) { $access->check_feature('payment_paypal_ipn'); require_once 'lib/payment/paypallib.php'; $invoice = $paypallib->get_invoice($ipn_data); if (!is_numeric($invoice) || $invoice < 1) { echo 'Payment response was not correctly formatted'; // goes back to PayPal server - for debugging mainly exit; } $info = $paymentlib->get_payment($invoice); // Important to check with paypal first if (isset($info) && $paypallib->is_valid($ipn_data, $info)) { $amount = $paypallib->get_amount($ipn_data);
function smarty_function_payment($params, $smarty) { global $prefs, $user, $globalperms; $userlib = TikiLib::lib('user'); $tikilib = TikiLib::lib('tiki'); $paymentlib = TikiLib::lib('payment'); $invoice = (int) $params['id']; $objectperms = Perms::get('payment', $invoice); $info = $paymentlib->get_payment($invoice); if ($user && $info['userId'] == $userlib->get_user_id($user)) { $theguy = true; } else { $theguy = false; } $smarty->assign('ccresult_ok', false); // Unpaid payments can be seen by anyone as long as they know the number // Just like your bank account, anyone can drop money in it. if ($info && $objectperms->payment_view && (($info['state'] == 'outstanding' || $info['state'] == 'overdue') && $prefs['payment_user_only_his_own'] != 'y' || $info['state'] == 'past' && $prefs['payment_user_only_his_own_past'] != 'y' || $theguy)) { if ($prefs['payment_system'] == 'cclite' && isset($_POST['cclite_payment_amount']) && $_POST['cclite_payment_amount'] == $info['amount_remaining']) { global $cclitelib; require_once 'lib/payment/cclitelib.php'; $access = TikiLib::lib('access'); $cartlib = TikiLib::lib('cart'); //$access->check_authenticity( tr('Transfer currency? %0 %1?', $info['amount'], $info['currency'] )); // check currency matches if (empty($params['registry'])) { $params['registry'] = $cclitelib->get_registry(); } if (empty($info['currency'])) { $info['currency'] = $cclitelib->get_currency($params['registry']); } else { if ($info['currency'] != substr($cclitelib->get_currency($params['registry']), 0, 3)) { return tr('Currency in payment (%0) does not match the currency for that registry (%1).', $info['currency'], $cclitelib->get_currency($params['registry'])); } } // no notification callback in cclite yet, so have to assume true for now (pending checking in perform_trade) $result = $cclitelib->pay_invoice($invoice, $info['amount'], $info['currency'], $params['registry']); if ($result) { // ccresults are set in smarty by the perform_trade behaviour $smarty->assign('ccresult', $result); $smarty->assign('ccresult_ok', $result); } else { $smarty->assign('ccresult', tr('Payment was sent but verification is not currently available (this feature is a work in progress)')); } } else { if ($prefs['payment_system'] == 'tikicredits') { require_once 'lib/payment/creditspaylib.php'; $userpaycredits = new UserPayCredits(); $userpaycredits->setPrice($info['amount_remaining']); $smarty->assign('userpaycredits', $userpaycredits->credits); } } $info['fullview'] = $objectperms->payment_view || $theguy; if (!empty($smarty->tpl_vars['returnurl']->value)) { $returl = $smarty->tpl_vars['returnurl']; $info['returnurl'] = TikiLib::tikiUrl($returl); } if (!empty($params['returnurl']) && empty($result)) { $info['url'] = TikiLib::tikiUrl($params['returnurl']); $info['url'] .= (strstr($params['returnurl'], '.php?') || !strstr($params['returnurl'], '.php') ? '&' : '?') . "invoice={$invoice}"; } $smarty->assign('payment_info', $info); $smarty->assign('payment_detail', $tikilib->parse_data(htmlspecialchars($info['detail']))); $smarty_cache_id = $smarty_compile_id = $prefs['language'] . md5('tiki-payment-single.tpl'); return $smarty->fetch('tiki-payment-single.tpl', $smarty_cache_id, $smarty_compile_id); } else { return tra('This invoice does not exist or access to it is restricted.'); } }