if (!empty($username) && !empty($password)) {
$query = "SELECT `admin_id`,`name`,`dept_id`,`status` FROM `{$dbtable_prefix}admin_accounts` WHERE `user`='{$username}' AND `pass`=md5('{$password}')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$admin = mysql_fetch_assoc($res);
if ($admin['status'] == ASTAT_ACTIVE) {
$_SESSION[_LICENSE_KEY_]['admin'] = array_merge(isset($_SESSION[_LICENSE_KEY_]['admin']) ? $_SESSION[_LICENSE_KEY_]['admin'] : array(), $admin);
$_SESSION[_LICENSE_KEY_]['admin']['def_skin'] = get_default_skin_dir();
if (isset($_SESSION[_LICENSE_KEY_]['admin']['timedout']['url'])) {
$next = $_SESSION[_LICENSE_KEY_]['admin']['timedout'];
unset($_SESSION[_LICENSE_KEY_]['admin']['timedout']);
if ($next['method'] == 'GET') {
if (!empty($next['qs'])) {
$next['url'] = $next['url'] . '?' . array2qs($next['qs']);
}
redirect2page($next['url'], array(), '', true);
} else {
post2page($next['url'], $next['qs'], true);
}
} else {
redirect2page('admin/cpanel.php', $topass);
}
} else {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = 'Your account has been suspended';
}
} else {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = 'Invalid username or pass. Please try again!';
function create_pager2($totalrows, $offset, $results, $lang_strings = array())
{
mt_srand(make_seed());
$radius = 4;
$phpself = explode('?', $_SERVER['REQUEST_URI']);
$phpself = $phpself[0];
global $accepted_results_per_page;
$params = array();
$params = array_merge($_GET, $_POST);
unset($params['o'], $params['r'], $params[session_name()]);
$qs = array2qs($params, array(session_name()), '&');
$myrand = mt_rand(1000, 2000);
if (empty($results)) {
$results = 10;
}
$total_pages = ceil($totalrows / $results);
$myreturn = "<form id=\"pagerform{$myrand}\" action=\"{$phpself}\" method=\"get\">\n";
$myreturn .= "<ul class=\"pager\">\n";
$myreturn .= '<li class="text">' . (isset($lang_strings['page']) ? $lang_strings['page'] : '') . '</li>';
if ($offset > 0) {
$myreturn .= '<li class="goto_first">';
$myreturn .= '<a href="' . $phpself . '?o=0&r=' . $results;
if (!empty($qs)) {
$myreturn .= '&' . $qs;
}
$myreturn .= '" title="' . (isset($lang_strings['goto_first']) ? $lang_strings['goto_first'] : 'Go to first page') . '"><<</a></li>';
$myreturn .= '<li class="goto_previous">';
$myreturn .= '<a href="' . $phpself . '?o=' . ($offset - $results > 0 ? $offset - $results : 0) . '&r=' . $results;
if (!empty($qs)) {
$myreturn .= '&' . $qs;
}
$myreturn .= '" title="' . (isset($lang_strings['goto_prev']) ? $lang_strings['goto_prev'] : 'Go to previous page') . '"><</a></li>';
}
$dotsbefore = false;
$dotsafter = false;
$page_select_options = '';
for ($i = 1; $i <= $total_pages; ++$i) {
if (($i - 1) * $results <= $offset && $offset < $i * $results) {
$myreturn .= '<li class="current_page';
if ($i == 1) {
$myreturn .= ' first';
}
$myreturn .= '">' . $i . '</li>';
} elseif (($i - 1 + $radius) * $results < $offset) {
if (!$dotsbefore) {
$myreturn .= '<li class="dots';
if ($i == 1) {
$myreturn .= ' first';
}
$myreturn .= "\">...</li>\n";
$dotsbefore = true;
}
} elseif (($i - 1 - $radius) * $results > $offset) {
if (!$dotsafter) {
$myreturn .= "<li class=\"dots\">...</li>\n";
$dotsafter = true;
}
} else {
$myreturn .= '<li';
if ($i == 1) {
$myreturn .= ' class="first"';
}
$myreturn .= '><a href="' . $phpself . '?o=' . ($i - 1) * $results . '&r=' . $results;
if (!empty($qs)) {
$myreturn .= '&' . $qs;
}
$myreturn .= '">' . $i . "</a></li>\n";
}
$page_select_options .= '<option value="' . ($i - 1) * $results . '">' . $i . '</option>';
}
if ($offset + $results < $totalrows) {
$myreturn .= '<li class="goto_next"><a href="' . $phpself . '?o=' . ($offset + $results) . '&r=' . $results;
if (!empty($qs)) {
$myreturn .= '&' . $qs;
}
$myreturn .= '" title="' . (isset($lang_strings['goto_next']) ? $lang_strings['goto_next'] : 'Go to next page') . "\">></a></li>\n";
$myreturn .= '<li class="goto_last"><a href="' . $phpself . '?o=' . ($total_pages - 1) * $results . '&r=' . $results;
if (!empty($qs)) {
$myreturn .= '&' . $qs;
}
$myreturn .= '" title="' . (isset($lang_strings['goto_last']) ? $lang_strings['goto_last'] : 'Go to last page') . "\">>></a></li>\n";
}
$myreturn .= "<li class=\"goto_page\">\n";
$myreturn .= "<select>\n";
$myreturn .= $page_select_options;
$myreturn .= "</select>\n";
$myreturn .= "</li>\n";
$myreturn .= "<li class=\"rpp\">\n";
$myreturn .= "\t<input type=\"hidden\" name=\"o\" value=\"{$offset}\" />\n";
while (list($k, $v) = each($params)) {
if (is_array($v)) {
while (list($subk, $subv) = each($v)) {
$myreturn .= "\t<input type=\"hidden\" name=\"{$k}[{$subk}]\" value=\"{$subv}\" />\n";
}
} else {
$myreturn .= "\t<input type=\"hidden\" name=\"{$k}\" value=\"{$v}\" />\n";
}
}
$myreturn .= "\t" . (isset($lang_strings['rpp']) ? $lang_strings['rpp'] : '') . "<select name=\"r\" onchange=\"\$('#pagerform{$myrand}').submit()\">\n";
$myreturn .= vector2options($accepted_results_per_page, $results);
$myreturn .= "\t</select>\n";
$myreturn .= "</li>\n";
$myreturn .= "<li class=\"last\"></li>\n";
$myreturn .= "</ul>\n";
$myreturn .= "</form>\n";
return $myreturn;
}
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$ser_search = mysql_result($res, 0, 0);
$search = unserialize($ser_search);
foreach ($search as $k => $v) {
if (is_array($v)) {
foreach ($v as $key => $val) {
$search[$k . '_' . $key] = $val;
}
} else {
$search[$k] = $v;
}
}
unset($search['acclevel_code']);
$query = "INSERT INTO `{$dbtable_prefix}user_searches` (`fk_user_id`,`title`,`search_qs`,`search`,`alert`) VALUES ('" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "','" . $input['title'] . "','" . array2qs($search, array(), '&') . "','{$ser_search}',1)";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = $GLOBALS['_lang'][99];
}
} else {
// you must re-read all textareas from $_POST like this:
// $input['x']=addslashes_mq($_POST['x']);
$input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
$topass['input'] = $input;
}
}
if (!isset($_POST['silent'])) {
if (!$error) {
}
}
if (!empty($photo_ids)) {
if ($photos_remaining != -1) {
set_user_settings($_SESSION[_LICENSE_KEY_]['user']['user_id'], 'core_photo', 'max_user_photos', $photos_remaining);
}
if (empty($config['manual_photo_approval'])) {
if (isset($_on_after_approve)) {
$GLOBALS['photo_ids'] = $photo_ids;
$GLOBALS['do_stats'] = true;
for ($i = 0; isset($_on_after_approve[$i]); ++$i) {
call_user_func($_on_after_approve[$i]);
}
}
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = sprintf($GLOBALS['_lang'][96], count($photo_ids));
$qs = $qs_sep . array2qs(array('photo_ids' => $photo_ids));
$qs_sep = '&';
$nextpage = 'photo_settings.php';
} else {
if (empty($topass['message'])) {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $GLOBALS['_lang'][97];
}
}
} else {
$nextpage = 'photos_upload.php';
}
}
redirect2page($nextpage, $topass, $qs);
function thankyou(&$tpl)
{
$myreturn = false;
global $dbtable_prefix;
$input = array();
$output = array();
foreach ($this->from_tco['types'] as $k => $v) {
$input[$k] = sanitize_and_format_gpc($_POST, $k, $GLOBALS['__field2type'][$v], $GLOBALS['__field2format'][$v], $this->from_tco['defaults'][$k]);
}
$input['x_amount'] = number_format($input['x_amount'], 2, '.', '');
$input['x_Email'] = strtolower($input['x_Email']);
$input['card_holder_name'] = ucwords(strtolower($input['card_holder_name']));
if (strcasecmp($input['x_2checked'], 'Y') == 0) {
if ($this->config['demo_mode'] == 1 && strcasecmp($input['demo'], 'Y') == 0) {
$input['x_trans_id'] = 1;
}
if ($input['x_response_code'] == 1) {
// processed ok
if (strcasecmp($input['x_MD5_Hash'], strtoupper(md5($this->config['secret'] . $this->config['sid'] . $input['x_trans_id'] . $input['x_amount']))) == 0) {
if ($input['dm_item_type'] == 'subscr') {
$query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id`,`" . USER_ACCOUNT_USER . "` as `user` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`=" . $input['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$real_user = mysql_fetch_assoc($res);
$query = "SELECT `subscr_id`,`price`,`m_value_to`,`duration` FROM `{$dbtable_prefix}subscriptions` WHERE `subscr_id`=" . $input['internal_id'] . " AND `is_visible`=1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$real_subscr = mysql_fetch_assoc($res);
if (number_format($real_subscr['price'], 2) == number_format($input['x_amount'], 2)) {
if (strcasecmp($input['demo'], 'Y') != 0 || $this->config['demo_mode'] == 1 && strcasecmp($input['demo'], 'Y') == 0) {
require_once _BASEPATH_ . '/includes/iso31661a3.inc.php';
if (isset($GLOBALS['iso31661a3'][$input['x_Country']])) {
$input['country'] = $GLOBALS['iso31661a3'][$input['x_Country']];
// needed for the fraud check
$input['email'] = $input['x_Email'];
$this->check_fraud($input);
} else {
$this->is_fraud = true;
$this->fraud_reason = 'Invalid country code received from 2CheckOut. Please contact administrator.';
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'country code received from 2co not found in iso31661a3.inc.php file' . array2qs($_POST)));
}
if (!empty($real_subscr['duration'])) {
// if the old subscription is not over yet, we need to extend the new one with some days
$query = "SELECT a.`payment_id`,UNIX_TIMESTAMP(a.`paid_until`) as `paid_until`,b.`price`,b.`duration` FROM `{$dbtable_prefix}payments` a LEFT JOIN `{$dbtable_prefix}subscriptions` b ON a.`fk_subscr_id`=b.`subscr_id` WHERE a.`fk_user_id`=" . $real_user['user_id'] . " AND a.`refunded`=0 AND a.`is_active`=1 AND a.`is_subscr`=1 AND a.`m_value_to`>2 ORDER BY a.`paid_until` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$rsrow = mysql_fetch_assoc($res);
$time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
if ((int) $rsrow['paid_until'] > (int) $time) {
$remaining_days = ((int) $rsrow['paid_until'] - (int) $time) / 86400;
//86400 seconds in a day
if ($remaining_days > 0) {
$remaining_value = (int) $rsrow['price'] / (int) $rsrow['duration'] * $remaining_days;
$day_value_new = (int) $real_subscr['price'] / (int) $real_subscr['duration'];
$days_append = round($remaining_value / $day_value_new);
$real_subscr['duration'] = (int) $real_subscr['duration'];
$real_subscr['duration'] += $days_append;
}
}
}
}
$now = gmdate('Ymd');
// all old active subscriptions end now!
$query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}',`is_active`=0 WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `is_active`=1 AND `is_subscr`=1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
// insert the new subscription
$query = "INSERT INTO `{$dbtable_prefix}payments` SET `is_active`=1,`fk_user_id`=" . $real_user['user_id'] . ",`_user`='" . $real_user['user'] . "',`gateway`='" . $this->module_code . "',`is_subscr`=1,`fk_subscr_id`='" . $real_subscr['subscr_id'] . "',`gw_txn`='" . $input['x_trans_id'] . "',`name`='" . $input['card_holder_name'] . "',`country`='" . $input['x_Country'] . "',`state`='" . $input['x_State'] . "',`city`='" . $input['x_City'] . "',`zip`='" . $input['x_Zip'] . "',`street_address`='" . $input['x_Address'] . "',`email`='" . $input['x_Email'] . "',`phone`='" . $input['x_Phone'] . "',`m_value_to`=" . $real_subscr['m_value_to'] . ",`amount_paid`='" . $input['x_amount'] . "',`is_suspect`=" . (int) $this->is_fraud . ",`suspect_reason`='" . addslashes($this->fraud_reason) . "',`date`=now(),`paid_from`='{$now}'";
if (!empty($real_subscr['duration'])) {
$query .= ",`paid_until`='{$now}'+INTERVAL " . $real_subscr['duration'] . ' DAY';
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!$this->is_fraud) {
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `membership`=" . $real_subscr['m_value_to'] . " WHERE `" . USER_ACCOUNT_ID . "`=" . $real_user['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$myreturn = true;
add_member_score($real_user['user_id'], 'payment');
$tpl->set_file('gateway_text', 'thankyou_subscr_ok.html');
} else {
$output['name'] = $input['card_holder_name'];
$tpl->set_file('gateway_text', 'thankyou_subscr_nok.html');
$tpl->set_var('output', $output);
$tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL);
// DEPT_ADMIN from includes/admin_functions.inc.php is hardcoded below as 4
$query = "SELECT `email` FROM `{$dbtable_prefix}admin_accounts` WHERE `dept_id`=4 ORDER BY `admin_id` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
send_template_email(mysql_result($res, 0, 0), 'Possible fraud detected on ' . _SITENAME_ . ', please investigate', '', '', array(), $this->module_code . ' TXN: ' . $input['x_trans_id'] . ': ' . $this->fraud_reason);
}
}
} else {
// a demo transaction when we're not in demo mode
$tpl->set_var('gateway_text', $GLOBALS['_lang'][187]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Demo transaction when demo is not enabled: ' . array2qs($input)));
}
} else {
// paid price doesn't match the subscription price
$tpl->set_var('gateway_text', $GLOBALS['_lang'][188]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid amount paid: ' . array2qs($input)));
}
} else {
// if the subscr_id was not found
$tpl->set_var('gateway_text', $GLOBALS['_lang'][189]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid subscr_id received after payment: ' . array2qs($input)));
}
} else {
// if the user_id was not found
$tpl->set_var('gateway_text', $GLOBALS['_lang'][192]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid user_id received after payment: ' . array2qs($input)));
}
} elseif ($input['dm_item_type'] == 'prod') {
// no product support for now in Etano
} else {
// dm_item_type is neither 'prod' nor 'subscr'
$tpl->set_var('gateway_text', $GLOBALS['_lang'][193]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid dm_item_type: ' . array2qs($input)));
}
} else {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][199]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid hash code received after payment: ' . array2qs($input) . '. My hash:' . strtoupper(md5($this->config['secret'] . $this->config['sid'] . $input['x_trans_id'] . $input['x_amount']))));
}
} else {
$tpl->set_var('gateway_text', sprintf($GLOBALS['_lang'][200], $input['x_response_reason_text'], $input['x_response_reason_code']));
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Gateway error: ' . $input['x_response_reason_text'] . '(' . $input['x_response_reason_code'] . ")\n" . array2qs($input)));
}
} else {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][201]);
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Gateway error. Card not processed. ' . array2qs($input)));
}
return $myreturn;
}
trigger_error(mysql_error(), E_USER_ERROR);
}
}
unset($user['last_activity']);
$_SESSION[_LICENSE_KEY_]['user'] = array_merge(isset($_SESSION[_LICENSE_KEY_]['user']) ? $_SESSION[_LICENSE_KEY_]['user'] : array(), $user);
$_SESSION[_LICENSE_KEY_]['user']['loginout'] = $time;
if (isset($_on_after_login)) {
for ($i = 0; isset($_on_after_login[$i]); ++$i) {
call_user_func($_on_after_login[$i]);
}
}
if (isset($_SESSION[_LICENSE_KEY_]['user']['timedout']['url'])) {
$next = $_SESSION[_LICENSE_KEY_]['user']['timedout'];
unset($_SESSION[_LICENSE_KEY_]['user']['timedout']);
if ($next['method'] == 'GET') {
redirect2page($next['url'] . '?' . array2qs($next['qs']), array(), '', true);
} else {
post2page($next['url'], $next['qs'], true);
}
} else {
$nextpage = 'home.php';
}
} elseif ($user['status'] == ASTAT_UNVERIFIED) {
$nextpage = 'info.php';
$qs .= $qssep . 'type=acctactiv&uid=' . $user['user_id'] . '&email=' . $user['email'];
$qssep = '&';
} elseif ($user['status'] == ASTAT_SUSPENDED) {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $GLOBALS['_lang'][71];
}
} else {
function process(&$input, $type)
{
global $dbtable_prefix, $tpl;
if (!isset($tpl)) {
$tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs');
}
// require_once _BASEPATH_.'/includes/classes/log_error.class.php';
// new log_error(array('module_name'=>get_class($this),'text'=>$type.': new notif from paypal: $_POST:'.var_export($_POST,true).' $_GET:'.var_export($_GET,true).' $input:'.var_export($input,true)));
if (strcasecmp($input['business'], $this->config['paypal_email']) == 0 || strcasecmp($input['receiver_email'], $this->config['paypal_email']) == 0) {
// some transformations
parse_str($input['custom'], $temp);
if (!empty($temp['uid'])) {
$input['user_id'] = $temp['uid'];
}
$input['dm_item_type'] = $temp['dit'];
$input['business'] = strtolower($input['business']);
$input['receiver_email'] = strtolower($input['receiver_email']);
$input['first_name'] = ucwords(strtolower($input['first_name']));
$input['last_name'] = ucwords(strtolower($input['last_name']));
$query = "SELECT get_lock('" . $input['txn_id'] . "',10)";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_result($res, 0, 0) == 1) {
$query = "SELECT `payment_id`,`is_subscr`,`name`,`is_suspect` FROM `{$dbtable_prefix}payments` WHERE `gw_txn`='" . $input['txn_id'] . "' AND `date`>=now()-INTERVAL 1 DAY";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
// the other process already did the job. Let's release the lock
if ($type == 'pdt') {
$output = mysql_fetch_assoc($res);
// tell member that he will receive everything by email
if ($output['is_subscr']) {
if ($output['is_suspect']) {
$tpl->set_file('gateway_text', 'thankyou_subscr_nok.html');
} else {
$tpl->set_file('gateway_text', 'thankyou_subscr_ok.html');
}
} else {
$tpl->set_file('gateway_text', 'thankyou_prod_nok.html');
}
$tpl->set_var('output', $output);
$tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL);
}
$query = "SELECT release_lock('" . $input['txn_id'] . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
} else {
// we arrived before the other process, let's do the dirty work...
if ($input['dm_item_type'] == 'subscr') {
$query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id`,`" . USER_ACCOUNT_USER . "` as `user` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`=" . $input['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$real_user = mysql_fetch_assoc($res);
if (strcasecmp($input['txn_type'], 'web_accept') == 0 || strcasecmp($input['txn_type'], 'send_money') == 0 || strcasecmp($input['txn_type'], 'subscr_payment') == 0) {
if (strcasecmp($input['payment_status'], 'Completed') == 0) {
$query = "SELECT `subscr_id`,`price`,`m_value_to`,`duration` FROM `{$dbtable_prefix}subscriptions` WHERE `subscr_id`=" . $input['item_number'] . " AND `is_visible`=1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$real_subscr = mysql_fetch_assoc($res);
if (number_format($real_subscr['price'], 2) == number_format($input['mc_gross'], 2)) {
if ($input['test_ipn'] != 1 || $this->config['demo_mode'] == 1 && $input['test_ipn'] == 1) {
require_once _BASEPATH_ . '/includes/iso31661a2.inc.php';
if (isset($GLOBALS['iso31661a2'][$input['residence_country']])) {
$input['country'] = $GLOBALS['iso31661a2'][$input['residence_country']];
$input['email'] = $input['payer_email'];
$this->check_fraud($input);
} else {
$this->is_fraud = true;
$this->fraud_reason = 'Invalid country code received from paypal. Please contact administrator.';
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'country code received from paypal not found in iso31661a2.inc.php file' . array2qs($_POST)));
}
if (!empty($real_subscr['duration'])) {
// if the old subscription is not over yet, we need to extend the new one with some days
$query = "SELECT a.`payment_id`,UNIX_TIMESTAMP(a.`paid_until`) as `paid_until`,b.`price`,b.`duration` FROM `{$dbtable_prefix}payments` a LEFT JOIN `{$dbtable_prefix}subscriptions` b ON a.`fk_subscr_id`=b.`subscr_id` WHERE a.`fk_user_id`=" . $real_user['user_id'] . " AND a.`refunded`=0 AND a.`is_active`=1 AND a.`is_subscr`=1 AND a.`m_value_to`>2 ORDER BY a.`paid_until` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$rsrow = mysql_fetch_assoc($res);
$time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
if ((int) $rsrow['paid_until'] > (int) $time) {
$remaining_days = ((int) $rsrow['paid_until'] - (int) $time) / 86400;
//86400 seconds in a day
if ($remaining_days > 0) {
$remaining_value = (int) $rsrow['price'] / (int) $rsrow['duration'] * $remaining_days;
$day_value_new = (int) $real_subscr['price'] / (int) $real_subscr['duration'];
$days_append = round($remaining_value / $day_value_new);
$real_subscr['duration'] = (int) $real_subscr['duration'];
$real_subscr['duration'] += $days_append;
}
}
}
}
$now = gmdate('Ymd');
// all old active subscriptions end now!
$query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}',`is_active`=0 WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `is_active`=1 AND `is_subscr`=1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
// insert the new subscription
$query = "INSERT INTO `{$dbtable_prefix}payments` SET `is_active`=1,`fk_user_id`=" . $real_user['user_id'] . ",`_user`='" . $real_user['user'] . "',`gateway`='" . $this->module_code . "',`is_subscr`=1,`fk_subscr_id`=" . $real_subscr['subscr_id'] . ",`gw_txn`='" . $input['txn_id'] . "',`name`='" . $input['first_name'] . ' ' . $input['last_name'] . "',`country`='" . $input['country'] . "',`email`='" . $input['payer_email'] . "',`m_value_to`=" . $real_subscr['m_value_to'] . ",`amount_paid`='" . $input['mc_gross'] . "',`is_suspect`=" . (int) $this->is_fraud . ",`suspect_reason`='" . $this->fraud_reason . "',`paid_from`='{$now}',`date`=now()";
if (!empty($real_subscr['duration'])) {
$query .= ",`paid_until`='{$now}'+INTERVAL " . $real_subscr['duration'] . ' DAY';
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!$this->is_fraud) {
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `membership`=" . $real_subscr['m_value_to'] . " WHERE `" . USER_ACCOUNT_ID . "`=" . $real_user['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$myreturn = true;
add_member_score($real_user['user_id'], 'payment');
if ($type == 'pdt') {
$tpl->set_file('gateway_text', 'thankyou_subscr_ok.html');
}
} else {
if ($type == 'pdt') {
$output['name'] = $input['card_holder_name'];
$tpl->set_file('gateway_text', 'thankyou_subscr_nok.html');
$tpl->set_var('output', $output);
$tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL);
}
// DEPT_ADMIN from includes/admin_functions.inc.php is hardcoded below as 4
$query = "SELECT `email` FROM `{$dbtable_prefix}admin_accounts` WHERE `dept_id`=4 ORDER BY `admin_id` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
send_template_email(mysql_result($res, 0, 0), 'Possible fraud detected on ' . _SITENAME_ . ', please investigate', '', '', array(), $this->module_code . ' TXN: ' . $input['txn_id'] . ': ' . $this->fraud_reason);
}
}
} else {
// a demo transaction when we're not in demo mode
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][187]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Demo transaction when demo is not enabled: ' . array2qs($_POST)));
}
} else {
// paid price doesn't match the subscription price
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][188]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid amount paid: ' . array2qs($_POST)));
}
} else {
// if the subscr_id was not found
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][189]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid subscr_id received after payment: ' . array2qs($_POST)));
}
} else {
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][190]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Payment status not Completed: ' . $input['payment_status'] . "\n" . array2qs($_POST)));
}
} elseif (strcasecmp($input['txn_type'], 'subscr_eot') == 0) {
$query = "SELECT `payment_id` FROM `{$dbtable_prefix}payments` WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `fk_subscr_id`=" . $input['item_number'] . " AND `is_active`=1 ORDER BY `payment_id` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$payment_id = mysql_result($res, 0, 0);
$now = gmdate('Ymd');
$query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}' WHERE `payment_id`={$payment_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
} else {
// invalid eot.
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Received End of Term notification for a subscription but subscription doesn\'t exist or not active. Maybe this member has 2 running subscriptions? ' . array2qs($_POST)));
}
} else {
// unhandled txn_type
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][191]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Unhandled txn_type (probably not an error): ' . $input['txn_type'] . "\n" . array2qs($_POST)));
}
} else {
// if the user_id was not found
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][192]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid user_id received after payment: ' . array2qs($_POST)));
}
} elseif ($input['dm_item_type'] == 'prod') {
// no product support for now in Etano
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Received dm_item_type=prod but we are not selling products: ' . array2qs($_POST)));
} else {
// dm_item_type is neither 'prod' nor 'subscr'
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][193]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid dm_item_type: ' . array2qs($_POST)));
}
// job done, release the lock
$query = "SELECT release_lock('" . $input['txn_id'] . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
} else {
// we could not obtain the lock.
// The other process is taking too long but at least this should mean that it is handling this
}
} else {
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Payment was not made into our account: ' . array2qs($_POST)));
}
}
