Viên ngọc phương Đông

ruạṛ

<?php
//these calls will get repeated in template.php so use require_once
$data_dir = $_SERVER['DOCUMENT_ROOT'].'/admin/scripts-includes/';
$template_dir = $_SERVER['DOCUMENT_ROOT'].'/resources/template/';
require_once $data_dir.'universal.php';
require_once $template_dir.'functions.php';

session_start();
/* debugging
echo '<pre>';
print_r($_SESSION); 
print_r($_POST); 
echo '</pre>';
exit;
// */

$connID = connect_to_db(); //using clean_plain_data function requires db connection
/**
 * get pxpay info
 * @var string $PxPay_URL
 * @var string $PxPay_Userid
 * @var string $PxPay_Key
 * @var object $pxpay
 * @var string $enc_hex
 * @var object $rsp
 */
include DOC_ROOT.'/resources/pxpay/PxPay.inc.php';

$PxPay_Url    = PXPAY_URL;
$PxPay_Userid = DPS_ID; 
$PxPay_Key    = DPS_ENCRYPT;

$pxpay = new PxPay_Curl( $PxPay_Url, $PxPay_Userid, $PxPay_Key );

$enc_hex = $_REQUEST["result"];
#getResponse method in PxPay object returns PxPayResponse object
#which encapsulates all the response data
$rsp = $pxpay->getResponse($enc_hex);

/*
# the following are the fields available in the PxPayResponse object
$Success           = $rsp->getSuccess();   # =1 when request succeeds
$AmountSettlement  = $rsp->getAmountSettlement();
$AuthCode          = $rsp->getAuthCode();  # from bank
$CardName          = $rsp->getCardName();  # e.g. "Visa"
$CardNumber        = $rsp->getCardNumber(); # Truncated card number
$DateExpiry        = $rsp->getDateExpiry(); # in mmyy format
$DpsBillingId      = $rsp->getDpsBillingId();
$BillingId    	 = $rsp->getBillingId();
$CardHolderName    = $rsp->getCardHolderName();
$DpsTxnRef	     = $rsp->getDpsTxnRef();
$TxnType           = $rsp->getTxnType();
$TxnData1          = $rsp->getTxnData1();
$TxnData2          = $rsp->getTxnData2();
$TxnData3          = $rsp->getTxnData3();
$CurrencySettlement= $rsp->getCurrencySettlement();
$ClientInfo        = $rsp->getClientInfo(); # The IP address of the user who submitted the transaction
$TxnId             = $rsp->getTxnId();
$CurrencyInput     = $rsp->getCurrencyInput();
$EmailAddress      = $rsp->getEmailAddress();
$MerchantReference = $rsp->getMerchantReference();
$ResponseText		 = $rsp->getResponseText();
$TxnMac            = $rsp->getTxnMac(); # An indication as to the uniqueness of a card used in relation to others
*/
/**
 * extract data relevant to our processing
 * @var string $reference
 * @var int $order_id
 * @var string $payment_ref
 * @var $session_id
 */
$reference = $rsp->getMerchantReference();
$order_id = $rsp->getTxnData2();
$payment_ref = $rsp->getDpsTxnRef();

$session_id = $rsp->getTxnData3();

/**
 * Check if we are returning from DPS as a Cancel or other fail
 * @var object $cart copy of ordered cart stored in session
 * @var string $message pass a message back to the cart page
 * @var string $title page content to be output
 * @var string $content page content to be output
 * @var string $json stored contact form details to be passed back to the cart page
 * @var object $_SESSION['cart'] recovered cart
 */
$message = $title = $content = '';

if ($rsp->getSuccess() == "1")
{
	/**
	 * check for stored cart in session as means of determining if this is DPS ping or actual customer return
	 */
	
	$paid = select_one('orders','paid',"concat_ws(':',order_id,order_ref)",$order_id.':'.$reference);
	if($paid === false) //no matching record
	{
		$title ='We\'re sorry there was a error';
		$content .= $order_id.'No matching order was found!'.$reference;
	}
	else
	{
		$cart = recreate_cart();
		
		if($paid) //==1 , already processed
		{
			// do nothing
		}
		else //$paid == 0, process
		{
			//update database
			mysql_query("update orders set paid = '1', payment_ref = '$payment_ref' where order_id = '$order_id'");
			mysql_query("delete from order_temp where order_id = '$order_id'");
			
			if($reference != $cart->reference)
			{
				/**
				 * probably a hack
				 * display a message in case it's just an expired session
				 * @todo notify admin?
				 */
				$title ='We\'re sorry there was a error';
				$content .= 'Thank you for your payment. Unfortunately we were unable to retrieve the contents of your order to display on your return but please be assured it has been received.';//.print_r($_POST,true);
			}
			else
			{
				//send email/s
				$email_address = SITE_FROM_ADDRESS;
				//$email_address = 'sales@activatedesign.co.nz'; //testing
				//$email_address = 'programmer@activatedesign.co.nz'; //development
				
				//clean potential html entities
				foreach($cart->customer as $k => $v)
				{
					$cart->customer[$k] = html_entity_decode($v,ENT_QUOTES);
				}
				
				//to admin
				$subject = 'Payment confirmed for order '.$reference.' from '.SITE_FROM_NAME;
				$headers = "From: $email_address" . "\n" . "Reply-To: $email_address" . "\n" . "Return-Path: $email_address" . "\n" . 'X-Mailer: PHP/' . phpversion();
				mail($email_address, $subject, $cart->customer['email_text'], $headers);
				
				//to customer
				$subject = 'Thank you for your payment to '.SITE_FROM_NAME;
				$mailbody = 'Dear '.$cart->customer['first_name'].',
Thank you for your payment. We are now processing your order.

'.$cart->customer['email_text'].'

- The '.SITE_FROM_NAME.' team';

mail($cart->customer['email'], $subject, $mailbody, $headers);
			}
		}
		
		if($content == '') //not an error message
		{
			$title='Please print for your records';
			$script_text = 'Thank you for your payment. We are now processing your order.
						Your cart has now been emptied. You may wish to print this page for your reference.
						';
			$content = include 'resources/template/section_order_print.php';
		}

$cart->empty_cart();
	}
	
	/**
	 * @todo figure out a way of feeding this into template.php directly
	 */
	$pages = build_menu_tree();
	$page_id = select_one('page_data','page_id','page_type','products');
	$breadcrumbs = build_parent_chain($page_id);
	$nav = build_nav($pages,1,1,1);
	$categories = build_category_tree(); // recursive function
	$n = 0; //global for build_cat_nav()
	$pnav = build_cat_nav($categories);
	ob_start();
	include $template_dir.'header.php';
	echo $content;
	include $template_dir.'footer.php';
	ob_end_flush();
	exit;
}
else
{
	if(isset($_SESSION['cart']) && $_SESSION['cart']->num_products)
	{
		$message .= 'Notice: current cart contents have been overwritten by ordered cart. ';
	}
	
	$cart = recreate_cart();
	
	if($cart->reference != $reference)
	{
		$message .= 'Notice: order reference returned by DPS '.$reference.' does not match stored cart '.$cart->reference.', stored cart contents have been preserved.'.print_r($cart,true);
		/**
		 * @todo notify admin, could be a hack attempt
		 */
	}
	
	//delete temporary order info - leaving order for reference
	mysql_query("delete from order_temp where order_id = '$order_id'"); 
	
	if($message)
	{
		$message = ''.$message.'';
		setcookie('formMessage', $message, time()+30, '/');
	}
	
	/**
	 * recover address form contents, return to cart
	 */
	setcookie('orderformJson', $cart->customer['json'], time()+30, '/');
	$cart->customer['json'] = '';
	$cart->customer['email_text'] = '';
	$_SESSION['cart'] = $cart;
	getout('',select_one('page_data','path','page_type','cart'));
	exit;
}

/**
 * retrieve cart either from session or if necessary from order
 * @global object $_SESSION['stored']
 * @global string $session_id
 * @global int $order_id;
 */
function recreate_cart()
{
	if(!isset($_SESSION['ordered']) || !$_SESSION['ordered']->reference) //probably DPS ping
	{
		//possible to recreate exact session if we need to using
		global $session_id;
		session_unset();
		session_destroy();
		session_id($session_id);
		session_start();
		if(!isset($_SESSION['ordered'])) //still?
		{
			global $order_id;
			$cart = new cart;
			$cart->recreate_from_order($order_id);		
		}
		else
		{
			$cart = $_SESSION['ordered'];
		}
	}
	else
	{
		$cart = $_SESSION['ordered'];
	}
	return $cart;
}
?>