may/1KA_F2F
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge paypal

Browse Source
This commit is contained in:
Robert 2020-10-05 13:44:17 +02:00
commit 1439392448
12 changed files with 3474 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
.gitignore vendored
View File

@ -1,54 +0,0 @@
# Vendor folder
/vendor/
# DEV tools
.vscode/
.idea/
# SVN
.svn/
# Docker database
/utils/Docker/sql/database
docker
# Cache files
/admin/survey/SurveyData/*.html
# Log files
*.log
# dat 1ka files
*.dat
# CSV files
*.csv
# Map files (sass)
*.map
# Applications
*.app
*.exe
*.war
# Large media files
*.mp4
*.tiff
*.avi
*.flv
*.mov
*.wmv
# Settings, htaccess...
/settings.php
/settings_optional.php
/.htaccess
/composer.bat
/composer.phar
/composer.lock
/.favorites.json

3
composer.json
View File

@ -19,7 +19,8 @@
"phpmailer/phpmailer": "~6.0", "phpmailer/phpmailer": "~6.0",
"minishlink/web-push": "^5.2", "minishlink/web-push": "^5.2",
"stripe/stripe-php": "^7.40", "stripe/stripe-php": "^7.40",
"geoip2/geoip2": "~2.0" "geoip2/geoip2": "~2.0",
"paypal/paypal-checkout-sdk": "^1.0"
}, },
"require-dev": { "require-dev": {
"kint-php/kint": "^1.1", "kint-php/kint": "^1.1",

2407
composer.lock generated Normal file
View File

File diff suppressed because it is too large Load Diff

354
frontend/drupal/modules/simpletest/tests/request_sanitizer.test Normal file
View File

@ -0,0 +1,354 @@
<?php
/**
* @file
* Tests for the RequestSanitizer class.
*/
/**
* Tests DrupalRequestSanitizer class.
*/
class RequestSanitizerTest extends DrupalUnitTestCase {
/**
* Log of errors triggered during sanitization.
*
* @var array
*/
protected $errors;
/**
* {@inheritdoc}
*/
public static function getInfo() {
return array(
'name' => 'DrupalRequestSanitizer',
'description' => 'Test the DrupalRequestSanitizer class',
'group' => 'System',
);
}
/**
* {@inheritdoc}
*/
protected function setUp() {
require_once DRUPAL_ROOT . '/includes/request-sanitizer.inc';
parent::setUp();
set_error_handler(array($this, "sanitizerTestErrorHandler"));
}
/**
* Iterate through all the RequestSanitizerTests.
*/
public function testRequestSanitization() {
foreach ($this->requestSanitizerTests() as $label => $data) {
$this->errors = array();
// Normalize the test parameters.
$test = array(
'request' => $data[0],
'expected' => isset($data[1]) ? $data[1] : array(),
'expected_errors' => isset($data[2]) ? $data[2] : NULL,
'whitelist' => isset($data[3]) ? $data[3] : array(),
);
$this->requestSanitizationTest($test['request'], $test['expected'], $test['expected_errors'], $test['whitelist'], $label);
}
}
/**
* Tests RequestSanitizer class.
*
* @param \SanitizerTestRequest $request
* The request to sanitize.
* @param array $expected
* An array of expected request parameters after sanitization.
* @param array|null $expected_errors
* An array of expected errors. If set to NULL then error logging is
* disabled.
* @param array $whitelist
* An array of keys to whitelist and not sanitize.
* @param string $label
* A descriptive name for each test / group of assertions.
*
* @throws \ReflectionException
*/
public function requestSanitizationTest(SanitizerTestRequest $request, array $expected = array(), array $expected_errors = NULL, array $whitelist = array(), $label = NULL) {
// Set up globals.
$_GET = $request->getQuery();
$_POST = $request->getRequest();
$_COOKIE = $request->getCookies();
$_REQUEST = array_merge($request->getQuery(), $request->getRequest());
$GLOBALS['conf']['sanitize_input_whitelist'] = $whitelist;
$GLOBALS['conf']['sanitize_input_logging'] = is_null($expected_errors) ? FALSE : TRUE;
if ($label !== 'already sanitized request') {
$reflection = new \ReflectionProperty('DrupalRequestSanitizer', 'sanitized');
$reflection->setAccessible(TRUE);
$reflection->setValue(NULL, FALSE);
}
DrupalRequestSanitizer::sanitize();
if (isset($_GET['destination'])) {
DrupalRequestSanitizer::cleanDestination();
}
// Normalise the expected data.
$expected += array(
'cookies' => array(),
'query' => array(),
'request' => array(),
);
// Test PHP globals.
$this->assertEqualLabelled($expected['cookies'], $_COOKIE, NULL, 'Other', $label . ' (COOKIE)');
$this->assertEqualLabelled($expected['query'], $_GET, NULL, 'Other', $label . ' (GET)');
$this->assertEqualLabelled($expected['request'], $_POST, NULL, 'Other', $label . ' (POST)');
$expected_request = array_merge($expected['query'], $expected['request']);
$this->assertEqualLabelled($expected_request, $_REQUEST, NULL, 'Other', $label . ' (REQUEST)');
// Ensure any expected errors have been triggered.
if (!empty($expected_errors)) {
foreach ($expected_errors as $expected_error) {
$this->assertError($expected_error, E_USER_NOTICE, $label . ' (errors)');
}
}
else {
$this->assertEqualLabelled(array(), $this->errors, NULL, 'Other', $label . ' (errors)');
}
}
/**
* Data provider for testRequestSanitization.
*
* @return array
* A list of tests to carry out.
*/
public function requestSanitizerTests() {
$tests = array();
$request = new SanitizerTestRequest(array('q' => 'index.php'));
$tests['no sanitization GET'] = array($request, array('query' => array('q' => 'index.php')));
$request = new SanitizerTestRequest(array(), array('field' => 'value'));
$tests['no sanitization POST'] = array($request, array('request' => array('field' => 'value')));
$request = new SanitizerTestRequest(array(), array(), array(), array('key' => 'value'));
$tests['no sanitization COOKIE'] = array($request, array('cookies' => array('key' => 'value')));
$request = new SanitizerTestRequest(array('q' => 'index.php'), array('field' => 'value'), array(), array('key' => 'value'));
$tests['no sanitization GET, POST, COOKIE'] = array($request, array('query' => array('q' => 'index.php'), 'request' => array('field' => 'value'), 'cookies' => array('key' => 'value')));
$request = new SanitizerTestRequest(array('q' => 'index.php'));
$tests['no sanitization GET log'] = array($request, array('query' => array('q' => 'index.php')), array());
$request = new SanitizerTestRequest(array(), array('field' => 'value'));
$tests['no sanitization POST log'] = array($request, array('request' => array('field' => 'value')), array());
$request = new SanitizerTestRequest(array(), array(), array(), array('key' => 'value'));
$tests['no sanitization COOKIE log'] = array($request, array('cookies' => array('key' => 'value')), array());
$request = new SanitizerTestRequest(array('#q' => 'index.php'));
$tests['sanitization GET'] = array($request);
$request = new SanitizerTestRequest(array(), array('#field' => 'value'));
$tests['sanitization POST'] = array($request);
$request = new SanitizerTestRequest(array(), array(), array(), array('#key' => 'value'));
$tests['sanitization COOKIE'] = array($request);
$request = new SanitizerTestRequest(array('#q' => 'index.php'), array('#field' => 'value'), array(), array('#key' => 'value'));
$tests['sanitization GET, POST, COOKIE'] = array($request);
$request = new SanitizerTestRequest(array('#q' => 'index.php'));
$tests['sanitization GET log'] = array($request, array(), array('Potentially unsafe keys removed from query string parameters (GET): #q'));
$request = new SanitizerTestRequest(array(), array('#field' => 'value'));
$tests['sanitization POST log'] = array($request, array(), array('Potentially unsafe keys removed from request body parameters (POST): #field'));
$request = new SanitizerTestRequest(array(), array(), array(), array('#key' => 'value'));
$tests['sanitization COOKIE log'] = array($request, array(), array('Potentially unsafe keys removed from cookie parameters (COOKIE): #key'));
$request = new SanitizerTestRequest(array('#q' => 'index.php'), array('#field' => 'value'), array(), array('#key' => 'value'));
$tests['sanitization GET, POST, COOKIE log'] = array($request, array(), array('Potentially unsafe keys removed from query string parameters (GET): #q', 'Potentially unsafe keys removed from request body parameters (POST): #field', 'Potentially unsafe keys removed from cookie parameters (COOKIE): #key'));
$request = new SanitizerTestRequest(array('q' => 'index.php', 'foo' => array('#bar' => 'foo')));
$tests['recursive sanitization log'] = array($request, array('query' => array('q' => 'index.php', 'foo' => array())), array('Potentially unsafe keys removed from query string parameters (GET): #bar'));
$request = new SanitizerTestRequest(array('q' => 'index.php', 'foo' => array('#bar' => 'foo')));
$tests['recursive no sanitization whitelist'] = array($request, array('query' => array('q' => 'index.php', 'foo' => array('#bar' => 'foo'))), array(), array('#bar'));
$request = new SanitizerTestRequest(array(), array('#field' => 'value'));
$tests['no sanitization POST whitelist'] = array($request, array('request' => array('#field' => 'value')), array(), array('#field'));
$request = new SanitizerTestRequest(array('q' => 'index.php', 'foo' => array('#bar' => 'foo', '#foo' => 'bar')));
$tests['recursive multiple sanitization log'] = array($request, array('query' => array('q' => 'index.php', 'foo' => array())), array('Potentially unsafe keys removed from query string parameters (GET): #bar, #foo'));
$request = new SanitizerTestRequest(array('#q' => 'index.php'));
$tests['already sanitized request'] = array($request, array('query' => array('#q' => 'index.php')));
$request = new SanitizerTestRequest(array('destination' => 'whatever?%23test=value'));
$tests['destination removal GET'] = array($request);
$request = new SanitizerTestRequest(array('destination' => 'whatever?%23test=value'));
$tests['destination removal GET log'] = array($request, array(), array('Potentially unsafe destination removed from query string parameters (GET) because it contained the following keys: #test'));
$request = new SanitizerTestRequest(array('destination' => 'whatever?q[%23test]=value'));
$tests['destination removal subkey'] = array($request);
$request = new SanitizerTestRequest(array('destination' => 'whatever?q[%23test]=value'));
$tests['destination whitelist'] = array($request, array('query' => array('destination' => 'whatever?q[%23test]=value')), array(), array('#test'));
$request = new SanitizerTestRequest(array('destination' => "whatever?\x00bar=base&%23test=value"));
$tests['destination removal zero byte'] = array($request);
$request = new SanitizerTestRequest(array('destination' => 'whatever?q=value'));
$tests['destination kept'] = array($request, array('query' => array('destination' => 'whatever?q=value')));
$request = new SanitizerTestRequest(array('destination' => 'whatever'));
$tests['destination no query'] = array($request, array('query' => array('destination' => 'whatever')));
return $tests;
}
/**
* Catches and logs errors to $this->errors.
*
* @param int $errno
* The severity level of the error.
* @param string $errstr
* The error message.
*/
public function sanitizerTestErrorHandler($errno, $errstr) {
$this->errors[] = compact('errno', 'errstr');
}
/**
* Asserts that the expected error has been logged.
*
* @param string $errstr
* The error message.
* @param int $errno
* The severity level of the error.
* @param string $label
* The label to include with the message.
*
* @return bool
* TRUE if the assertion succeeded, FALSE otherwise.
*/
protected function assertError($errstr, $errno, $label) {
$label = (empty($label)) ? '' : $label . ': ';
foreach ($this->errors as $error) {
if ($error['errstr'] === $errstr && $error['errno'] === $errno) {
return $this->pass($label . "Error with level $errno and message '$errstr' found");
}
}
return $this->fail($label . "Error with level $errno and message '$errstr' not found in " . var_export($this->errors, TRUE));
}
/**
* Asserts two values are equal, includes a label.
*
* @param mixed $first
* The first value to check.
* @param mixed $second
* The second value to check.
* @param string $message
* The message to display along with the assertion.
* @param string $group
* The type of assertion - examples are "Browser", "PHP".
* @param string $label
* The label to include with the message.
*
* @return bool
* TRUE if the assertion succeeded, FALSE otherwise.
*/
protected function assertEqualLabelled($first, $second, $message = '', $group = 'Other', $label = '') {
$label = (empty($label)) ? '' : $label . ': ';
$message = $message ? $message : t('Value @first is equal to value @second.', array(
'@first' => var_export($first, TRUE),
'@second' => var_export($second, TRUE),
));
return $this->assert($first == $second, $label . $message, $group);
}
}
/**
* Basic HTTP Request class.
*/
class SanitizerTestRequest {
/**
* The query (GET).
*
* @var array
*/
protected $query;
/**
* The request (POST).
*
* @var array
*/
protected $request;
/**
* The request attributes.
*
* @var array
*/
protected $attributes;
/**
* The request cookies.
*
* @var array
*/
protected $cookies;
/**
* Constructor.
*
* @param array $query
* The GET parameters.
* @param array $request
* The POST parameters.
* @param array $attributes
* The request attributes.
* @param array $cookies
* The COOKIE parameters.
*/
public function __construct(array $query = array(), array $request = array(), array $attributes = array(), array $cookies = array()) {
$this->query = $query;
$this->request = $request;
$this->attributes = $attributes;
$this->cookies = $cookies;
}
/**
* Getter for $query.
*/
public function getQuery() {
return $this->query;
}
/**
* Getter for $request.
*/
public function getRequest() {
return $this->request;
}
/**
* Getter for $attributes.
*/
public function getAttributes() {
return $this->attributes;
}
/**
* Getter for $cookies.
*/
public function getCookies() {
return $this->cookies;
}
}

8
frontend/payments/cebelica/InvoiceFox/cebelcaApi.php
View File

@ -47,12 +47,14 @@ function racunIzPredracuna($api,$podatki,$proformaId,$lang='si') {
// nastavi, da je plačano // nastavi, da je plačano
$api->markPayed($header); $api->markPayed($header);
// kartica in gotovina se potrjujeta // kartica in paypal se potrjujeta
if($tip_placila == 3){ if($tip_placila == 3 || $tip_placila == 5){
$id_location = ($tip_placila == 5) ? 4 : 2;
$glava = array ( $glava = array (
'id' => $invId, 'id' => $invId,
"id_location" => 2, "id_location" => $id_location,
"id_register" => 1, "id_register" => 1,
"fiscalize" => 1, "fiscalize" => 1,
'op-tax-id' => IZDAJATELJ_DAVCNA, 'op-tax-id' => IZDAJATELJ_DAVCNA,

28
frontend/payments/classes/class.ApiNarocilaController.php
View File

@ -252,6 +252,34 @@ class ApiNarocilaController{
$this->response = $price; $this->response = $price;
break; break;
// Dokoncaj narocilo ce je placano preko paypala (ko je stranka potrdila placilo v paypalu)
case 'capture_narocilo_paypal':
if(isset($this->data['narocilo_id'])){
$paypal = new UserNarocilaPaypal($this->data['narocilo_id']);
$this->response = $narocilo->paypalCaptureOrder();
}
else{
$this->response['error'] = 'Napaka! Manjka ID narocila!';
$this->response['success'] = false;
}
break;
// Preklici narocilo za paypal (ko je stranka preklicala placilo v paypalu)
case 'cancel_narocilo_paypal':
if(isset($this->data['narocilo_id'])){
$paypal = new UserNarocilaPaypal($this->data['narocilo_id']);
$this->response = $narocilo->paypalCaptureOrder();
}
else{
$this->response['error'] = 'Napaka! Manjka ID narocila!';
$this->response['success'] = false;
}
break;
} }
} }
} }

43
frontend/payments/classes/class.UserNarocila.php
View File

@ -658,6 +658,8 @@ class UserNarocila{
if($usr_id <= 0){ if($usr_id <= 0){
$response['error'] = 'ERROR! Missing user ID.'; $response['error'] = 'ERROR! Missing user ID.';
$response['success'] = false;
return $response; return $response;
} }
@ -695,6 +697,8 @@ class UserNarocila{
"); ");
if (!$sqlNarocilo){ if (!$sqlNarocilo){
$response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']); $response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']);
$response['success'] = false;
return $response; return $response;
} }
@ -724,7 +728,6 @@ class UserNarocila{
} }
return $response; return $response;
} }
@ -764,6 +767,8 @@ class UserNarocila{
} }
catch (Exception $e){ catch (Exception $e){
$response['error'] = 'ERROR! Sending email with invoice failed.'; $response['error'] = 'ERROR! Sending email with invoice failed.';
$response['success'] = false;
return $response; return $response;
} }
@ -779,6 +784,8 @@ class UserNarocila{
$token = isset($narocilo_data['stripe_id']) ? $narocilo_data['stripe_id'] : ''; $token = isset($narocilo_data['stripe_id']) ? $narocilo_data['stripe_id'] : '';
if($token == ''){ if($token == ''){
$response['error'] = 'ERROR! Missing token.'; $response['error'] = 'ERROR! Missing token.';
$response['success'] = false;
return $response; return $response;
} }
@ -800,10 +807,12 @@ class UserNarocila{
} }
else{ else{
$response['error'] = $payment_response['error']; $response['error'] = $payment_response['error'];
$response['success'] = false;
} }
} }
else{ else{
$response['error'] = $stripe_response['error']; $response['error'] = $stripe_response['error'];
$response['success'] = false;
} }
$response['narocilo_id'] = $narocilo_id; $response['narocilo_id'] = $narocilo_id;
@ -816,14 +825,29 @@ class UserNarocila{
global $lang; global $lang;
$response = array(); $response = array();
$response['narocilo_id'] = $narocilo_id;
// Inicializiramo paypal
$paypal = new UserNarocilaPaypal($narocilo_id);
// Ustvarimo paypal placilo in vrnemo url, da se uporabnik prijavi v paypal in potrdi placilo
$paypal_response = $paypal->paypalCreatePayment();
// Ce je bilo placilo preko stripa uspesno zgeneriramo racun in uporabniku aktiviramo paket
if($paypal_response['success'] == true){
$response['paypal_link'] = $paypal_response['paypal_link'];
$response['success'] = true;
}
else{
$response['error'] = $paypal_response['error'];
$response['success'] = false;
}
return $response; return $response;
} }
// Posodobi obstojece narocilo za uporabnika - ZA TESTIRATI // Posodobi obstojece narocilo za uporabnika
public function updateNarocilo($narocilo_data){ public function updateNarocilo($narocilo_data){
global $global_user_id; global $global_user_id;
@ -832,6 +856,7 @@ class UserNarocila{
// ce nimamo id-ja narocila vrnemo error // ce nimamo id-ja narocila vrnemo error
if(!isset($narocilo_data['narocilo_id']) || $narocilo_data['narocilo_id'] == '0'){ if(!isset($narocilo_data['narocilo_id']) || $narocilo_data['narocilo_id'] == '0'){
$response['error'] = 'Napaka! Manjka ID narocila!'; $response['error'] = 'Napaka! Manjka ID narocila!';
$response['success'] = false;
return $response; return $response;
} }
@ -862,6 +887,8 @@ class UserNarocila{
$sqlNarocilo = sisplet_query("UPDATE user_access_narocilo SET ".$update.", cebelica_id_racun='0', cebelica_id_predracun='0' WHERE id='".$narocilo_data['narocilo_id']."'"); $sqlNarocilo = sisplet_query("UPDATE user_access_narocilo SET ".$update.", cebelica_id_racun='0', cebelica_id_predracun='0' WHERE id='".$narocilo_data['narocilo_id']."'");
if (!$sqlNarocilo){ if (!$sqlNarocilo){
$response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']); $response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']);
$response['success'] = false;
return $response; return $response;
} }
@ -880,6 +907,7 @@ class UserNarocila{
// Ce nimamo id-ja narocila vrnemo error // Ce nimamo id-ja narocila vrnemo error
if($narocilo_id == 0){ if($narocilo_id == 0){
$response['error'] = 'Napaka! Manjka ID narocila!'; $response['error'] = 'Napaka! Manjka ID narocila!';
$response['success'] = false;
return $response; return $response;
} }
@ -892,6 +920,7 @@ class UserNarocila{
// Ce je bil racun ze placan ne naredimo nicesar // Ce je bil racun ze placan ne naredimo nicesar
if($rowNarocilo['status'] == 1){ if($rowNarocilo['status'] == 1){
$response['error'] = 'Napaka! Račun je že plačan!'; $response['error'] = 'Napaka! Račun je že plačan!';
$response['success'] = false;
return $response; return $response;
} }
@ -922,6 +951,8 @@ class UserNarocila{
"); ");
if (!$sqlAccess){ if (!$sqlAccess){
$response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']); $response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']);
$response['success'] = false;
return $response; return $response;
} }
} }
@ -930,6 +961,8 @@ class UserNarocila{
$sqlAccess = sisplet_query("UPDATE user_access SET time_expire = time_expire + INTERVAL '".$rowNarocilo['trajanje']."' MONTH WHERE usr_id='".$rowNarocilo['usr_id']."'"); $sqlAccess = sisplet_query("UPDATE user_access SET time_expire = time_expire + INTERVAL '".$rowNarocilo['trajanje']."' MONTH WHERE usr_id='".$rowNarocilo['usr_id']."'");
if (!$sqlAccess){ if (!$sqlAccess){
$response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']); $response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']);
$response['success'] = false;
return $response; return $response;
} }
} }
@ -946,6 +979,8 @@ class UserNarocila{
"); ");
if (!$sqlAccess){ if (!$sqlAccess){
$response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']); $response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']);
$response['success'] = false;
return $response; return $response;
} }
} }
@ -955,6 +990,8 @@ class UserNarocila{
$sqlNarociloStatus = sisplet_query("UPDATE user_access_narocilo SET status='1' WHERE id='".$narocilo_id."'"); $sqlNarociloStatus = sisplet_query("UPDATE user_access_narocilo SET status='1' WHERE id='".$narocilo_id."'");
if (!$sqlNarociloStatus){ if (!$sqlNarociloStatus){
$response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']); $response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']);
$response['success'] = false;
return $response; return $response;
} }

274
frontend/payments/classes/class.UserNarocilaPaypal.php Normal file
View File

@ -0,0 +1,274 @@
<?php
/**
*
* Class ki skrbi za placila s paypalom
*
*/
use PayPalCheckoutSdk\Core\PayPalHttpClient;
use PayPalCheckoutSdk\Core\SandboxEnvironment;
use PayPalCheckoutSdk\Orders\OrdersCreateRequest;
use PayPalCheckoutSdk\Orders\OrdersCaptureRequest;
class UserNarocilaPaypal{
private $narocilo;
private $paypal_client;
public function __construct($narocilo_id){
global $app_settings;
global $paypal_client_id;
global $paypal_secret;
global $mysql_database_name;
if($narocilo_id > 0){
// Dobimo podatke narocila
$sqlNarocilo = sisplet_query("SELECT un.*, u.name, u.surname, u.email, up.name AS package_name, up.description AS package_description, up.price AS package_price
FROM user_access_narocilo un, users u, user_access_paket up
WHERE un.id='".$narocilo_id."' AND un.usr_id=u.id AND un.package_id=up.id");
if(mysqli_num_rows($sqlNarocilo) > 0){
$this->narocilo = mysqli_fetch_array($sqlNarocilo);
}
else{
die("Napaka pri komunikaciji s paypal! Narocilo ne obstaja.");
}
// Ustvarimo okolje za paypal
if($mysql_database_name == 'real1kasi')
$environment = new ProductionEnvironment($paypal_client_id, $paypal_secret);
else
$environment = new SandboxEnvironment($paypal_client_id, $paypal_secret);
$this->paypal_client = new PayPalHttpClient($environment);
}
else {
die("Napaka pri komunikaciji s paypal! Manjka ID naročila.");
}
}
// Placamo narocilo s paypal
public function paypalCreatePayment(){
global $site_url;
$response = array();
$UA = new UserNarocila();
$cena = $UA->getPrice($this->narocilo['package_name'], $this->narocilo['trajanje'], $this->narocilo['discount']);
if($this->narocilo['trajanje'] == 1)
$months_string = 'mesec';
elseif($this->narocilo['trajanje'] == 2)
$months_string = 'meseca';
elseif($this->narocilo['trajanje'] == 3 || $this->narocilo['trajanje'] == 4)
$months_string = 'mesece';
else
$months_string = 'mesecev';
// Zavezanec iz tujine ima racun/predracun brez ddv
if($UA->isWithoutDDV($this->narocilo['id'])){
$ddv = 0;
$cena_za_placilo = $cena['final_without_tax'];
}
else{
$ddv = 1;
$cena_za_placilo = $cena['final'];
}
// Podatki narocila
$orderDetails = array(
'ime' => '1KA naročnina (paket '.strtoupper($this->narocilo['package_name']). ' - '.$this->narocilo['trajanje'].' '.$months_string.')',
'narocilo_id' => $this->narocilo['id'],
'cena' => $cena_za_placilo,
);
// Ustvarimo order na paypal, da se lahko potem user prijavi in ga placa
$paypal_response = $this->paypalCreateOrder($orderDetails);
if(!isset($paypal_response['success']) || $paypal_response['success'] == false){
return $paypal_response;
}
// Vstavimo plačilo v bazo
$sqlNarocilo = sisplet_query("INSERT INTO user_access_paypal_transaction
(transaction_id, narocilo_id, price, currency_type, time)
VALUES
('".$paypal_response['transaction_id']."', '".$this->narocilo['id']."', '".$cena_za_placilo."', 'EUR', NOW())
");
if (!$sqlNarocilo){
$response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']);
$response['success'] = false;
return $response;
}
$response['paypal_link'] = $paypal_response['paypal_link'];
$response['success'] = true;
return $response;
}
// Posljemo podatke za placilo paypalu
private function paypalCreateOrder($orderDetails){
global $site_url;
$response = array();
$request = new OrdersCreateRequest();
$request->prefer('return=representation');
//$request->headers["prefer"] = "return=representation";
$request->body = [
"intent" => "CAPTURE",
"purchase_units" => [[
"reference_id" => $orderDetails['narocilo_id'],
'description' => $orderDetails['ime'],
"amount" => [
"value" => $orderDetails['cena'],
"currency_code" => "EUR"
]
]],
"application_context" => [
"cancel_url" => $site_url . '/d/narocilo/paypal-cancel?narocilo_id='.$orderDetails['narocilo_id'],
"return_url" => $site_url . '/d/narocilo/paypal?narocilo_id='.$orderDetails['narocilo_id'],
'brand_name' => '1KA'
]
];
try {
// Poklicemo paypal api za ustvarjanje narocila
$paypal_response = $this->paypal_client->execute($request);
if($paypal_response->result->status != 'CREATED'){
$response['error'] = 'ERROR! Order was not created.';
$response['success'] = false;
return $response;
}
// Dobimo id paypal narocila
$response['transaction_id'] = $paypal_response->result->id;
// Dobimo link za preusmeritev stranke, da potrdi narocilo in potem lahko izvedemo "capture"
foreach($paypal_response->result->links as $link){
if($link->rel == 'capture')
$response['paypal_link'] = $link->href;
}
}
catch (HttpException $e) {
$response['error'] = $e->getMessage();
$response['success'] = false;
return $response;
}
$response['success'] = true;
return $response;
}
// Zakljucimo placilo, ce je bilo placilo ok odobreno preko paypala s strani stranke
public function paypalCaptureOrder(){
$response = array();
// Preverimo plačilo v bazo
$sqlNarociloPaypal = sisplet_query("SELECT transaction_id
FROM user_access_paypal_transaction
WHERE narocilo_id='".$this->narocilo['id']."'
");
if (!$sqlNarociloPaypal){
$response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']);
$response['success'] = false;
return $response;
}
// Narocilo ne obstaja (ni v bazi paypal narocil)
if (mysqli_num_rows($sqlNarociloPaypal) == 0){
$response['error'] = 'ERROR! Paypal order does not exist.';
$response['success'] = false;
return $response;
}
$rowNarociloPaypal = mysqli_fetch_array($sqlNarociloPaypal);
// Preverimo, ce je bilo vse ok placano - POST request to /v2/checkout/orders
$request = new OrdersCaptureRequest($rowNarociloPaypal['transaction_id']);
//$request->prefer('return=representation');
try {
// Poklicemo paypal api kjer preverimo placilo narocila
$paypal_response = $this->paypal_client->execute($request);
}
catch (HttpException $e) {
$response['error'] = $e->getMessage();
$response['success'] = false;
return $response;
}
// Posodobimo status narocila
$sqlNarocilo = sisplet_query("UPDATE user_access_paypal_transaction
SET status='".$paypal_response->result->status."'
WHERE transaction_id='".$paypal_response->result->id."'
");
if (!$sqlNarocilo){
$response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']);
$response['success'] = false;
return $response;
}
$response['status'] = $paypal_response->result->status;
$response['success'] = true;
return $response;
}
// Preklicemo placilo, ce je bilo placilo preklicano preko paypala s strani stranke
public function paypalCancelOrder(){
$response = array();
// Posodobimo status narocila
$sqlNarocilo = sisplet_query("UPDATE user_access_paypal_transaction
SET status='CANCELED'
WHERE narocilo_id='".$this->narocilo['id']."'
");
if (!$sqlNarocilo){
$response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']);
$response['success'] = false;
return $response;
}
$response['success'] = true;
return $response;
}
}

3
frontend/payments/classes/class.UserNarocilaStripe.php
View File

@ -106,6 +106,8 @@ class UserNarocilaStripe{
"); ");
if (!$sqlNarocilo){ if (!$sqlNarocilo){
$response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']); $response['error'] = 'ERROR! '.mysqli_error($GLOBALS['connect_db']);
$response['success'] = false;
return $response; return $response;
} }
$response = array(); $response = array();
@ -124,6 +126,7 @@ class UserNarocilaStripe{
// Placilo ni uspelo // Placilo ni uspelo
else{ else{
$response['error'] = 'ERROR! Stripe payment failed. Failure code '.$stripeResponse['failure_code']; $response['error'] = 'ERROR! Stripe payment failed. Failure code '.$stripeResponse['failure_code'];
$response['success'] = false;
} }
return $response; return $response;

171
frontend/payments/paypal-cancel.php Normal file
View File

@ -0,0 +1,171 @@
<?php
/**
*
* Paypal Instant Payment Notification listener
* Sprejemamo obvestila s strani paypala - placano narocilo
*
*/
include_once '../../function.php';
global $site_path;
// CONFIG: Enable debug mode. This means we'll log requests into 'ipn.log' in the same directory.
// Especially useful if you encounter network errors or other intermittent problems with IPN (validation).
// Set this to 0 once you go live or don't require logging.
define("DEBUG", 1);
// Set to 0 once you're ready to go live
define("USE_SANDBOX", 1);
define("LOG_FILE", "ipn.log");
// Read POST data
// reading posted data directly from $_POST causes serialization
// issues with array data in POST. Reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// Post IPN data back to PayPal to validate the IPN data is genuine
// Without this step anyone can fake IPN data
if(USE_SANDBOX == true) {
$paypal_url = "https://www.sandbox.paypal.com/cgi-bin/webscr";
}
else {
$paypal_url = "https://www.paypal.com/cgi-bin/webscr";
}
$ch = curl_init($paypal_url);
if ($ch == FALSE) {
return FALSE;
}
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
if(DEBUG == true) {
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
}
// CONFIG: Optional proxy configuration
//curl_setopt($ch, CURLOPT_PROXY, $proxy);
//curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
// Set TCP timeout to 30 seconds
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// CONFIG: Please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below. Ensure the file is readable by the webserver.
// This is mandatory for some environments.
//$cert = __DIR__ . "./cacert.pem";
//curl_setopt($ch, CURLOPT_CAINFO, $cert);
$res = curl_exec($ch);
if (curl_errno($ch) != 0) // cURL error
{
if(DEBUG == true) {
error_log(date('[Y-m-d H:i e] '). "Can't connect to PayPal to validate IPN message: " . curl_error($ch) . PHP_EOL, 3, LOG_FILE);
}
curl_close($ch);
exit;
}
else {
// Log the entire HTTP response if debug is switched on.
if(DEBUG == true) {
error_log(date('[Y-m-d H:i e] '). "HTTP request of validation request:". curl_getinfo($ch, CURLINFO_HEADER_OUT) ." for IPN payload: $req" . PHP_EOL, 3, LOG_FILE);
error_log(date('[Y-m-d H:i e] '). "HTTP response of validation request: $res" . PHP_EOL, 3, LOG_FILE);
}
curl_close($ch);
}
// Inspect IPN validation result and act accordingly
// Split response headers and payload, a better way for strcmp
$tokens = explode("\r\n\r\n", trim($res));
$res = trim(end($tokens));
if (strcmp ($res, "VERIFIED") == 0) {
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
include("DBController.php");
$db = new DBController();
// check whether the payment_status is Completed
$isPaymentCompleted = false;
if($payment_status == "Completed") {
$isPaymentCompleted = true;
}
// check that txn_id has not been previously processed
$isUniqueTxnId = false;
$param_type="s";
$param_value_array = array($txn_id);
$result = $db->runQuery("SELECT * FROM payment WHERE txn_id = ?",$param_type,$param_value_array);
if(empty($result)) {
$isUniqueTxnId = true;
}
// check that receiver_email is your PayPal email
// check that payment_amount/payment_currency are correct
if($isPaymentCompleted) {
$param_type = "sssdss";
$param_value_array = array($item_number, $item_name, $payment_status, $payment_amount, $payment_currency, $txn_id);
$payment_id = $db->insert("INSERT INTO payment(item_number, item_name, payment_status, payment_amount, payment_currency, txn_id) VALUES(?, ?, ?, ?, ?, ?)", $param_type, $param_value_array);
}
// process payment and mark item as paid.
if(DEBUG == true) {
error_log(date('[Y-m-d H:i e] '). "Verified IPN: $req ". PHP_EOL, 3, LOG_FILE);
}
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
// Add business logic here which deals with invalid IPN messages
if(DEBUG == true) {
error_log(date('[Y-m-d H:i e] '). "Invalid IPN: $req" . PHP_EOL, 3, LOG_FILE);
}
}
?>

171
frontend/payments/paypal-pay.php Normal file
View File

@ -0,0 +1,171 @@
<?php
/**
*
* Paypal Instant Payment Notification listener
* Sprejemamo obvestila s strani paypala - placano narocilo
*
*/
include_once '../../function.php';
global $site_path;
// CONFIG: Enable debug mode. This means we'll log requests into 'ipn.log' in the same directory.
// Especially useful if you encounter network errors or other intermittent problems with IPN (validation).
// Set this to 0 once you go live or don't require logging.
define("DEBUG", 1);
// Set to 0 once you're ready to go live
define("USE_SANDBOX", 1);
define("LOG_FILE", "ipn.log");
// Read POST data
// reading posted data directly from $_POST causes serialization
// issues with array data in POST. Reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
// Post IPN data back to PayPal to validate the IPN data is genuine
// Without this step anyone can fake IPN data
if(USE_SANDBOX == true) {
$paypal_url = "https://www.sandbox.paypal.com/cgi-bin/webscr";
}
else {
$paypal_url = "https://www.paypal.com/cgi-bin/webscr";
}
$ch = curl_init($paypal_url);
if ($ch == FALSE) {
return FALSE;
}
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
if(DEBUG == true) {
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
}
// CONFIG: Optional proxy configuration
//curl_setopt($ch, CURLOPT_PROXY, $proxy);
//curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
// Set TCP timeout to 30 seconds
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// CONFIG: Please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below. Ensure the file is readable by the webserver.
// This is mandatory for some environments.
//$cert = __DIR__ . "./cacert.pem";
//curl_setopt($ch, CURLOPT_CAINFO, $cert);
$res = curl_exec($ch);
if (curl_errno($ch) != 0) // cURL error
{
if(DEBUG == true) {
error_log(date('[Y-m-d H:i e] '). "Can't connect to PayPal to validate IPN message: " . curl_error($ch) . PHP_EOL, 3, LOG_FILE);
}
curl_close($ch);
exit;
}
else {
// Log the entire HTTP response if debug is switched on.
if(DEBUG == true) {
error_log(date('[Y-m-d H:i e] '). "HTTP request of validation request:". curl_getinfo($ch, CURLINFO_HEADER_OUT) ." for IPN payload: $req" . PHP_EOL, 3, LOG_FILE);
error_log(date('[Y-m-d H:i e] '). "HTTP response of validation request: $res" . PHP_EOL, 3, LOG_FILE);
}
curl_close($ch);
}
// Inspect IPN validation result and act accordingly
// Split response headers and payload, a better way for strcmp
$tokens = explode("\r\n\r\n", trim($res));
$res = trim(end($tokens));
if (strcmp ($res, "VERIFIED") == 0) {
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
include("DBController.php");
$db = new DBController();
// check whether the payment_status is Completed
$isPaymentCompleted = false;
if($payment_status == "Completed") {
$isPaymentCompleted = true;
}
// check that txn_id has not been previously processed
$isUniqueTxnId = false;
$param_type="s";
$param_value_array = array($txn_id);
$result = $db->runQuery("SELECT * FROM payment WHERE txn_id = ?",$param_type,$param_value_array);
if(empty($result)) {
$isUniqueTxnId = true;
}
// check that receiver_email is your PayPal email
// check that payment_amount/payment_currency are correct
if($isPaymentCompleted) {
$param_type = "sssdss";
$param_value_array = array($item_number, $item_name, $payment_status, $payment_amount, $payment_currency, $txn_id);
$payment_id = $db->insert("INSERT INTO payment(item_number, item_name, payment_status, payment_amount, payment_currency, txn_id) VALUES(?, ?, ?, ?, ?, ?)", $param_type, $param_value_array);
}
// process payment and mark item as paid.
if(DEBUG == true) {
error_log(date('[Y-m-d H:i e] '). "Verified IPN: $req ". PHP_EOL, 3, LOG_FILE);
}
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
// Add business logic here which deals with invalid IPN messages
if(DEBUG == true) {
error_log(date('[Y-m-d H:i e] '). "Invalid IPN: $req" . PHP_EOL, 3, LOG_FILE);
}
}
?>

19
sql/update2.sql
View File

@ -9277,12 +9277,30 @@ INSERT INTO srv_module (module_name, active) VALUES ('evoli_organizational_emplo
#UPDATE srv_module SET active='1' WHERE module_name = 'evoli_teamship_meter'; #UPDATE srv_module SET active='1' WHERE module_name = 'evoli_teamship_meter';
#UPDATE srv_module SET active='1' WHERE module_name = 'evoli_organizational_employeeship_meter'; #UPDATE srv_module SET active='1' WHERE module_name = 'evoli_organizational_employeeship_meter';
UPDATE misc SET value='20.07.29' WHERE what="version"; UPDATE misc SET value='20.07.29' WHERE what="version";
UPDATE srv_user_setting_for_survey SET value = '1ka' WHERE what = 'default_chart_profile_skin' AND value = '1ka'; UPDATE srv_user_setting_for_survey SET value = '1ka' WHERE what = 'default_chart_profile_skin' AND value = '1ka';
UPDATE misc SET value='20.08.10' WHERE what="version"; UPDATE misc SET value='20.08.10' WHERE what="version";
## Tabela placil preko paypala
CREATE TABLE user_access_paypal_transaction(
id int(11) NOT NULL auto_increment,
transaction_id int(11) NOT NULL DEFAULT 0,
narocilo_id int(11) NOT NULL DEFAULT 0,
price DECIMAL(7,2) NOT NULL DEFAULT '0',
currency_type VARCHAR(100) NOT NULL DEFAULT '',
time DATETIME(3) NOT NULL,
status VARCHAR(30) NOT NULL DEFAULT '',
PRIMARY KEY (id),
UNIQUE KEY (transaction_id),
UNIQUE KEY (narocilo_id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
UPDATE misc SET value='20.09.07' WHERE what="version";
ALTER TABLE user_access_placilo ADD COLUMN canceled ENUM('0', '1') NOT NULL DEFAULT '0'; ALTER TABLE user_access_placilo ADD COLUMN canceled ENUM('0', '1') NOT NULL DEFAULT '0';
UPDATE misc SET value='20.09.11' WHERE what="version"; UPDATE misc SET value='20.09.11' WHERE what="version";
@ -9308,3 +9326,4 @@ CREATE TABLE srv_clicks (
) ENGINE=InnoDB DEFAULT CHARSET=utf8; ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
UPDATE misc SET value='20.09.21' WHERE what="version"; UPDATE misc SET value='20.09.21' WHERE what="version";