public static function buildApiLink($type, $data = null, array $extraParams = array(), $skipPrepend = false) { // the type MUST BE full:type // NOTE: this is the opposite with public links if (strpos($type, 'canonical:') === 0) { // replace canonical: with full: $type = str_replace('canonical:', 'full:', $type); } elseif (strpos($type, 'full:') === false) { // enforce full: $type = 'full:' . $type; } // auto appends oauth_token param from the session if (!isset($extraParams['oauth_token'])) { $session = bdApi_Data_Helper_Core::safeGetSession(); if (!empty($session)) { $oauthToken = $session->getOAuthTokenText(); if (!empty($oauthToken) && !empty($_REQUEST['oauth_token']) && $_REQUEST['oauth_token'] === $oauthToken) { // only append token to built link if the current request has token in query too // this will prevent token in links if it's requested with OTT, token in Auth header // or token in body (PUT/POST requests) $extraParams['oauth_token'] = $oauthToken; } } } $type = XenForo_Link::_checkForFullLink($type, $fullLink, $fullLinkPrefix); $link = XenForo_Link::_buildLink(self::API_LINK_GROUP, $type, $data, $extraParams); $queryString = XenForo_Link::buildQueryString($extraParams); if ($link instanceof XenForo_Link) { $canPrependFull = $link->canPrependFull(); } else { $canPrependFull = true; if (strpos($link, '#') !== false) { list($link, $hash) = explode('#', $link); } } if ($queryString !== '' && $link !== '') { $append = "?{$link}&{$queryString}"; } else { // 1 or neither of these has content $append = $link . $queryString; if ($append !== '') { $append = "?{$append}"; } } if ($skipPrepend) { $outputLink = $append; } else { $outputLink = 'index.php' . $append; } if ($fullLink && $canPrependFull) { $outputLink = $fullLinkPrefix . $outputLink; } // deal with a hash in the $type {xen:link prefix#hash..} if (($hashPos = strpos($type, '#')) !== false) { $hash = substr($type, $hashPos + 1); } if ($outputLink === '') { $outputLink = '.'; } return $outputLink . (empty($hash) ? '' : '#' . $hash); }
public function actionPurchase() { $visitor = XenForo_Visitor::getInstance(); $xenOptions = XenForo_Application::get('options'); $paidContentId = $this->_input->filterSingle('paid_content_id', XenForo_Input::UINT); $paidContentModel = $this->_getPaidContentModel(); $paidContentItem = $paidContentModel->preparePaidContent($this->_getPaidContentItemOrError($paidContentId)); $paidContentHandler = $paidContentModel->getPaidContentHandler($paidContentItem['content_type']); if (!$paidContentHandler) { return $this->responseNoPermission(); } $content = $paidContentHandler->getContentById($paidContentItem['content_id']); if (!$content) { return $this->responseNoPermission(); } if (!$visitor['user_id'] && ($paidContentItem['user_group_ids'] == -1 || in_array(XenForo_Model_User::$defaultRegisteredGroupId, explode(',', $paidContentItem['user_group_ids'])))) { return $this->responseReroute('XenForo_ControllerPublic_Register', 'index'); } if (!$paidContentModel->canPurchasePaidContentItem($paidContentItem)) { return $this->responseNoPermission(); } if ($this->_checkCsrfFromToken(null, false)) { $paths = XenForo_Application::getRequestPaths(new Zend_Controller_Request_Http()); $baseUrl = $paths['fullBasePath']; $params = array('cmd' => '_xclick', 'amount' => $paidContentItem['cost_amount'], 'business' => $paidContentItem['paypal_email'] ? $paidContentItem['paypal_email'] : $xenOptions->payPalPrimaryAccount, 'currency_code' => $paidContentItem['currency'], 'item_name' => $paidContentHandler->getTitleForContent($content), 'quantity' => 1, 'no_note' => 1, 'custom' => implode(',', array($visitor->user_id, $paidContentItem['paid_content_id'], 'token', $visitor->csrf_token_page)), 'charset' => 'utf-8', 'email' => $visitor->email, 'return' => XenForo_Link::buildPublicLink('full:paid-content/purchase-success'), 'cancel_return' => XenForo_Link::buildPublicLink('full:index'), 'notify_url' => $baseUrl . 'paid_content_callback.php'); $payPalUrl = $this->_input->filterSingle('payPalUrl', XenForo_Input::STRING); if (!$payPalUrl) { $payPalUrl = 'https://www.paypal.com/cgi-bin/websrc'; } // Redirect to paypal $url = $payPalUrl . '?' . XenForo_Link::buildQueryString($params); header('Location: ' . $url); exit; } $viewParams = array('title' => $paidContentHandler->getTitleForContent($content), 'breadCrumbs' => $paidContentHandler->getBreadcrumbsForContent($content), 'paidContentItem' => $paidContentItem); return $this->responseView('ThemeHouse_PayForContent_ViewPublic_PaidContent_PurchaseConfirm', 'th_purchase_confirm_payforcontent', $viewParams); }