if ($ar["valid"] != "no" && $ar["valid"] != "pending") {
die(logPay("Paiement already validated or pending in file " . __FILE__ . " line " . __LINE__));
}
$q = "UPDATE {$pro_mysql_pay_table} SET paiement_type='{$paiement_type}',secpay_site='{$secpay_site}',valid='pending',pending_reason='{$reason}' WHERE id='" . mysql_real_escape_string($_POST['LMI_PAYMENT_NO']) . "'";
mysql_query($q) or die(logPay("Cannot query \"{$q}\" ! " . mysql_error() . " in file " . __FILE__ . " line " . __LINE__));
echo 'YES';
}
//setPaiemntAsPending(mysql_real_escape_string($_POST['LMI_PAYMENT_NO']),mysql_real_escape_string('Payer: '.$_POST['LMI_PAYER_PURSE'].', wmid'.$_POST['LMI_PAYER_WM']));
}
if (isset($_POST['LMI_HASH']) && $_POST['LMI_HASH']) {
$q = "SELECT * FROM {$pro_mysql_pay_table} WHERE id='" . mysql_real_escape_string($_POST['LMI_PAYMENT_NO']) . "'";
$r = mysql_query($q) or die(logPay("Cannot query \"{$q}\" ! " . mysql_error() . " in file " . __FILE__ . " line " . __LINE__));
$n = mysql_num_rows($r);
if ($n != 1) {
die(logPay("Pay id {$pay_id} not found in file " . __FILE__ . " line " . __LINE__));
}
$ar = mysql_fetch_array($r);
$chkstring = $secpayconf_webmoney_wmz . $ar['refund_amount'] . $ar['id'] . $_POST['LMI_MODE'] . $_POST['LMI_SYS_INVS_NO'] . $_POST['LMI_SYS_TRANS_NO'] . $_POST['LMI_SYS_TRANS_DATE'] . $secpayconf_webmoney_license_key . $_POST['LMI_PAYER_PURSE'] . $_POST['LMI_PAYER_WM'];
$md5sum = strtoupper(md5($chkstring));
$hash_check = $_POST['LMI_HASH'] == $md5sum;
if ($_POST['LMI_PAYMENT_NO'] == $ar['id'] && $_POST['LMI_PAYEE_PURSE'] == $secpayconf_webmoney_wmz && $_POST['LMI_PAYMENT_AMOUNT'] == $ar['refund_amount'] && $_POST['LMI_MODE'] == $LMI_MODE && $hash_check) {
$secpay_custom_id = "0";
$paiement_type = "online";
$secpay_site = "webmoney";
$reason = "wmz:" . $_POST['LMI_PAYER_PURSE'] . ", wmid:" . $_POST['LMI_PAYER_WM'];
$total = mysql_real_escape_string($_POST['LMI_PAYMENT_AMOUNT']);
$q = "UPDATE {$pro_mysql_pay_table} SET paiement_type='{$paiement_type}',\r\n\t\t\t\t\t\t\tsecpay_site='{$secpay_site}',paiement_cost='{$cost}',paiement_total='{$total}',\r\n\t\t\t\t\t\t\tvalid_date='" . date("Y-m-j") . "', valid_time='" . date("H:i:s") . "',\r\n\t\t\t\t\t\t\tsecpay_custom_id='{$secpay_custom_id}',valid='yes' WHERE id='" . mysql_real_escape_string($_POST['LMI_PAYMENT_NO']) . "'";
logPay($q);
mysql_query($q) or die(logPay("Cannot query \"{$q}\" ! " . mysql_error() . " in file " . __FILE__ . " line " . __LINE__));
}
}
// amount=20.84&
// TxnRef=13&
// TxnDate=20060504&
// TxnTime=20%3A34%3A26&
// PayMethod=credit&
// txnStatus=succ&errorCode=0000&
// no_shipping=1&
// mid=616&
// item_name=Test+product1&
// curCode=USD&
// submit_x=116&submit_y=17&
// currency_code=USD&
// NETS_signature=icbfv62esnlCGylZya91VL8xy+6unH0SuSqute3CaN0dr5KeBt7xVTC69Q1BSet2myyMoaJpr%2FrY%0D%0AGUhUFVIRnm34omisbiSRsdGiM2Yblv%2Fhlo%2Fjn3zN+3Vn0nNi9FxX3r2Q5fbPyzpJMdiF7syXrzxw%0D%0An%2FkoynkXagSoL2b6H7I%3D
$pay_id = $_REQUEST["TxnRef"];
$status = $_REQUEST["txnStatus"];
$error_code = $_REQUEST["errorCode"];
$amount = $_REQUEST["amount"];
if ($status != "succ") {
logPay("Status not success line " . __LINE__ . " file " . __FILE__ . "\n");
die;
}
if ($_SERVER["REMOTE_ADDR"] != "203.116.94.3" && $_SERVER["REMOTE_ADDR"] != "203.116.61.131" && $_SERVER["REMOTE_ADDR"] != "203.116.94.76" && $_SERVER["REMOTE_ADDR"] != "203.116.94.74" && $_SERVER["REMOTE_ADDR"] != "203.116.94.6") {
logPay("Recieved notify from an unkonwn IP addr " . __LINE__ . " file " . __FILE__ . "\n");
$content = "Recieved notify from an unkonwn IP addr " . $_SERVER["REMOTE_ADDR"];
Mail($conf_webmaster_email_addr, "[DTC Robot]: Recieved notify from an unkonwn IP", $content);
}
$pay_fee = $amount * $secpayconf_enets_rate / 100;
$amount_paid = $amount - $pay_fee;
logPay("Payment success from enets: calling validate()\n");
// Todo: add more checkings to verify that the payment notify is originated by eNETS
validatePaiement($pay_id, $amount_paid, "online", "enets", 0, $amount);
if ($_REQUEST["mc_currency"] != $secpayconf_currency_letters) {
logPay("Currency is not {$secpayconf_currency_letters} !");
die("Incorrect currency!");
}
if ($_REQUEST["payment_status"] != "Completed") {
if ($_REQUEST["payment_status"] == "Pending") {
setPaiemntAsPending(mysql_real_escape_string($item_number), mysql_real_escape_string($_REQUEST["pending_reason"]));
} else {
logPay("Status is not completed or pending !");
die("Status not completed or pending...");
}
} else {
logPay("Calling validate()");
// validatePaiement($item_number,$refund_amount,"online","paypal",$txn_id,$_POST["payment_gross"]);
// This should work better:
if ($secpayconf_paypal_validate_with == "total") {
$refund_amount = $_REQUEST["mc_gross"] - $_REQUEST["mc_fee"];
} else {
// Ensure amount tally according to cost before adding the paypal fees
$refund_amount = $_REQUEST["mc_gross"];
}
validatePaiement(mysql_real_escape_string($item_number), $refund_amount, "online", "paypal", mysql_real_escape_string($_REQUEST["txn_id"]), mysql_real_escape_string($_REQUEST["mc_gross"]));
}
} elseif (strcmp($res, "INVALID") == 0) {
// log for manual investigation
logPay("Recieved INVALID: sending mail to webmaster !!");
die("Invalid!");
}
}
fclose($fp);
}
function validatePaiement($pay_id, $amount_paid, $paiement_type, $secpay_site = "none", $secpay_custom_id = "0", $total_payed = -1)
{
global $pro_mysql_pay_table;
global $conf_webmaster_email_addr;
global $pro_mysql_new_admin_table;
global $secpayconf_maxmind_threshold;
global $secpayconf_currency_letters;
global $conf_message_subject_header;
if (!isset($secpayconf_currency_letters)) {
get_secpay_conf();
}
$q = "SELECT * FROM {$pro_mysql_pay_table} WHERE id='{$pay_id}';";
logPay("Querying: {$q}");
$r = mysql_query($q) or die(logPay("Cannot query \"{$q}\" ! " . mysql_error() . " in file " . __FILE__ . " line " . __LINE__));
$n = mysql_num_rows($r);
if ($n != 1) {
die(logPay("Pay id {$pay_id} not found in file " . __FILE__ . " line " . __LINE__));
}
$ar = mysql_fetch_array($r);
if ($ar["valid"] != "no" && $ar["valid"] != "pending") {
die(logPay("Paiement already validated in file " . __FILE__ . " line " . __LINE__));
}
logPay("Ammount paid: {$amount_paid}");
// Ensure the amt paid is inclusive of tax
$payable_amt = $ar["refund_amount"] + $ar["refund_amount"] * ($ar["vat_rate"] / 100);
// Round the amount to the nearest 2 decimals
$payable_amt = round($payable_amt, 2);
if ($amount_paid < $payable_amt) {
die(logPay("Amount paid on gateway lower than refund ammount file " . __FILE__ . " line " . __LINE__));
}
if ($total_payed != -1) {
$cost = $total_payed - $amount_paid;
$total = $total_payed;
} else {
$cost = $amount_paid - $ar["refund_amount"];
$total = $amount_paid;
}
$new_account_array;
if ($ar["new_account"] == "yes") {
$q = "SELECT * FROM {$pro_mysql_new_admin_table} WHERE paiement_id='" . $ar["id"] . "';";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
$new_account_array = mysql_fetch_array($r);
}
$maxmind_hash = unserialize($new_account_array["maxmind_output"]);
$maxmind_score = $maxmind_hash["riskScore"];
if ($maxmind_score >= $secpayconf_maxmind_threshold) {
$q = "UPDATE {$pro_mysql_pay_table} SET paiement_type='{$paiement_type}',\n\t\t\tsecpay_site='{$secpay_site}',paiement_cost='{$cost}',paiement_total='{$total}',\n\t\t\tvalid_date='" . date("Y-m-j") . "', valid_time='" . date("H:i:s") . "',\n\t\t\tsecpay_custom_id='{$secpay_custom_id}',valid='pending',pending_reason='MaxMind' WHERE id='{$pay_id}';";
} else {
$q = "UPDATE {$pro_mysql_pay_table} SET paiement_type='{$paiement_type}',\n\t\tsecpay_site='{$secpay_site}',paiement_cost='{$cost}',paiement_total='{$total}',\n\t\tvalid_date='" . date("Y-m-j") . "', valid_time='" . date("H:i:s") . "',\n\t\tsecpay_custom_id='{$secpay_custom_id}',valid='yes' WHERE id='{$pay_id}';";
}
logPay($q);
mysql_query($q) or die(logPay("Cannot query \"{$q}\" ! " . mysql_error() . " in file " . __FILE__ . " line " . __LINE__));
$txt_userwaiting_account_activated_subject = "{$conf_message_subject_header} " . $amount_paid . " {$secpayconf_currency_letters} payment occured";
if ($ar["new_account"] == "yes") {
$a = $new_account_array;
$added_comments = "Login: "******"reqadm_login"] . "\nEmail: " . $a["email"] . "\nCompany: " . $a["comp_name"] . "\nCustomer: " . $a["first_name"] . ", " . $a["family_name"] . "\nCity: " . $a["city"] . "\nCountry: " . $a["country"] . "";
} else {
$added_comments = "";
}
$txt_mail = "Hello,\n\nThis is Domain Technologie Control panel robot.\nA " . $amount_paid . " {$secpayconf_currency_letters} payment has just occured.\n\nPayid: " . $pay_id . "\n{$added_comments}\n\nGPLHost:>_ Open-source hosting worldwide.\nhttp://www.gplhost.com\n";
$headers = "From: " . $conf_webmaster_email_addr;
mail($conf_webmaster_email_addr, $txt_userwaiting_account_activated_subject, $txt_mail, $headers);
}
