PageRenderTime 57ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 1ms

/html/AppCode/expressionengine/modules/simple_commerce/mod.simple_commerce.php

https://github.com/w3bg/www.hsifin.com
PHP | 1080 lines | 1024 code | 27 blank | 29 comment | 17 complexity | 3552c17e74fda942f6a91549a13ce8a3 MD5 | raw file
Possible License(s): AGPL-3.0 
    

  1. <?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
    2. 

  2. /**
    3. 

  3.  * ExpressionEngine - by EllisLab
    4. 

  4.  *
    5. 

  5.  * @package		ExpressionEngine
    6. 

  6.  * @author		ExpressionEngine Dev Team
    7. 

  7.  * @copyright	Copyright (c) 2003 - 2010, EllisLab, Inc.
    8. 

  8.  * @license		http://expressionengine.com/user_guide/license.html
    9. 

  9.  * @link		http://expressionengine.com
    10. 

  10.  * @since		Version 2.0
    11. 

  11.  * @filesource
    12. 

  12.  */
    13. 

  13. 

  14. // ------------------------------------------------------------------------
    15. 

  15. 

  16. /**
    17. 

  17.  * ExpressionEngine Simple Commerce Module
    18. 

  18.  *
    19. 

  19.  * @package		ExpressionEngine
    20. 

  20.  * @subpackage	Modules
    21. 

  21.  * @category	Modules
    22. 

  22.  * @author		ExpressionEngine Dev Team
    23. 

  23.  * @link		http://expressionengine.com
    24. 

  24.  */
    25. 

  25. 

  26. if ( ! defined('EXT'))
    27. 

  27. {
    28. 

  28. 	exit('Invalid file request');
    29. 

  29. }
    30. 

  30. 

  31. 

  32. class Simple_commerce {
    33. 

  33. 

  34. 	var $return_data		= '';
    35. 

  35. 	var $debug				= FALSE;
    36. 

  36. 	var $debug_incoming_ipn = FALSE;  // Will send an email with the incoming ipn post data for debug purposes
    37. 

  37. 	var $debug_email_address = '';  // Address to send the incoming ipn debug data to- defaults to webmaster_email
    38. 

  38. 

  39. 	var $possible_post;
    40. 

  40. 	var $post				= array();
    41. 

  41. 	
    42. 

  42. 	var $encrypt			= FALSE;
    43. 

  43. 	var $certificate_id		= '';
    44. 

  44. 	var $public_certificate	= '';
    45. 

  45. 	var $private_key		= '';
    46. 

  46. 	var $paypal_certificate	= '';
    47. 

  47. 	var $temp_path			= '';
    48. 

  48. 

  49. 	/** ----------------------------------------
    50. 

  50. 	/**  Constructor
    51. 

  51. 	/** ----------------------------------------*/
    52. 

  52. 	function Simple_commerce()
    53. 

  53. 	{
    54. 

  54. 		// Make a local reference to the ExpressionEngine super object
    55. 

  55. 		$this->EE =& get_instance();
    56. 

  56. 

  57. 		$this->possible_post = array('business', 'receiver_email', 'receiver_id', 'item_name', 
    58. 

  58. 									 'item_number', 'quantity', 'invoice', 'custom', 'memo', 
    59. 

  59. 									 'tax', 'option_name1', 'option_selection1', 'option_name2', 
    60. 

  60. 									 'option_selection2', 'num_cart_items', 'mc_gross', 'mc_fee', 
    61. 

  61. 									 'mc_currency', 'payment_gross', 'payment_fee', 
    62. 

  62. 									 'payment_status', 'pending_reason', 'reason_code', 
    63. 

  63. 									 'payment_date', 'txn_id', 'txn_type', 'payment_type', 
    64. 

  64. 									 'first_name', 'last_name', 
    65. 

  65. 									 'payer_business_name', 'address_name', 'address_street', 
    66. 

  66. 									 'address_city', 'address_state', 'address_zip', 'address_country_code',
    67. 

  67. 									 'address_country', 'address_status', 'payer_email', 
    68. 

  68. 									 'payer_id', 'payer_status', 'member_id',
    69. 

  69. 									 'verify_sign', 'test_ipn');
    70. 

  70. 									 
    71. 

  71. 		if ($this->EE->config->item('sc_encrypt_buttons') === 'y' && function_exists('openssl_pkcs7_sign'))
    72. 

  72. 		{
    73. 

  73. 			$this->encrypt = TRUE;
    74. 

  74. 			
    75. 

  75. 			foreach(array('certificate_id', 'public_certificate', 'private_key', 'paypal_certificate') as $val)
    76. 

  76. 			{
    77. 

  77. 				if ($this->EE->config->item('sc_'.$val) === FALSE OR $this->EE->config->item('sc_'.$val) == '')
    78. 

  78. 				{
    79. 

  79. 					$this->encrypt = FALSE;
    80. 

  80. 					break;
    81. 

  81. 				}
    82. 

  82. 				else
    83. 

  83. 				{
    84. 

  84. 					$this->$val = $this->EE->config->item('sc_'.$val);
    85. 

  85. 				}
    86. 

  86. 			}
    87. 

  87. 			
    88. 

  88. 			// Not required
    89. 

  89. 			if ($this->encrypt === TRUE && $this->EE->config->item('sc_temp_path') !== FALSE)
    90. 

  90. 			{
    91. 

  91. 				$this->temp_path = $this->EE->config->item('sc_temp_path');
    92. 

  92. 			}
    93. 

  93. 			
    94. 

  94. 		}
    95. 

  95. 	}
    96. 

  96. 

  97. 

  98. 	
    99. 

  99. 	/** ----------------------------------------
    100. 

  100. 	/**  Output Item Info
    101. 

  101. 	/** ----------------------------------------*/
    102. 

  102. 	function purchase()
    103. 

  103. 	{
    104. 

  104. 		if (($entry_id = $this->EE->TMPL->fetch_param('entry_id')) === FALSE) return;
    105. 

  105. 		if (($success = $this->EE->TMPL->fetch_param('success')) === FALSE) return;
    106. 

  106. 		$cached = FALSE;
    107. 

  107. 

  108. 		$paypal_account = ( ! $this->EE->config->item('sc_paypal_account')) ? $this->EE->config->item('webmaster_email') : $this->EE->config->item('sc_paypal_account');
    109. 

  109. 		$cancel	 		= ( ! $this->EE->TMPL->fetch_param('cancel'))  ? $this->EE->functions->fetch_site_index() : $this->EE->TMPL->fetch_param('cancel');
    110. 

  110. 		$currency		= ( ! $this->EE->TMPL->fetch_param('currency'))  ? 'USD' : $this->EE->TMPL->fetch_param('currency');
    111. 

  111. 		$country_code	= ( ! $this->EE->TMPL->fetch_param('country_code')) ? 'US' : strtoupper($this->EE->TMPL->fetch_param('country_code'));
    112. 

  112. 		$show_disabled  = ( $this->EE->TMPL->fetch_param('show_disabled') == 'yes') ? TRUE : FALSE;
    113. 

  113. 		
    114. 

  114. 		if (substr($success, 0, 4) !== 'http')
    115. 

  115. 		{
    116. 

  116. 			$success = $this->EE->functions->create_url($success);
    117. 

  117. 		}
    118. 

  118. 		
    119. 

  119. 		if (substr($cancel, 0, 4) !== 'http')
    120. 

  120. 		{
    121. 

  121. 			$cancel = $this->EE->functions->create_url($cancel);
    122. 

  122. 		}
    123. 

  123. 		
    124. 

  124. 			
    125. 

  125. 		if ($show_disabled === TRUE)
    126. 

  126. 		{
    127. 

  127. 			$addsql = '';
    128. 

  128. 		}
    129. 

  129. 		else
    130. 

  130. 		{
    131. 

  131. 			$addsql = "AND sci.item_enabled = 'y' ";
    132. 

  132. 		}
    133. 

  133. 		
    134. 

  134. 		$query = $this->EE->db->query("SELECT wt.title AS item_name, sci.* 
    135. 

  135. 							 FROM exp_simple_commerce_items sci, exp_channel_titles wt
    136. 

  136. 							 WHERE sci.entry_id = '".$this->EE->db->escape_str($entry_id)."'
    137. 

  137. 							 {$addsql}
    138. 

  138. 							 AND sci.entry_id = wt.entry_id
    139. 

  139. 							 LIMIT 1");
    140. 

  140. 							
    141. 

  141. 		if ($query->num_rows() == 0) return;
    142. 

  142. 		
    143. 

  143. 		$row = $query->row_array();
    144. 

  144. 		
    145. 

  145.  		$variable_row = $row;
    146. 

  146. 		
    147. 

  147. 		if ($this->encrypt !== TRUE)
    148. 

  148. 		{
    149. 

  149. 			$variable_row['item_name'] = str_replace(	array("&","<",">","\"", "'", "-"),
    150. 

  150. 														array("&amp;", "&lt;", "&gt;", "&quot;", "&apos;", "&#45;"),
    151. 

  151. 														$row['item_name'] );
    152. 

  152. 		}
    153. 

  153. 		
    154. 

  154. 		$variable_row['item_regular_price'] = $this->round_money($row['item_regular_price']);
    155. 

  155. 		$variable_row['item_sale_price'] = $this->round_money($row['item_sale_price']);
    156. 

  156. 		$variable_row['item_type'] = ($row['recurring'] == 'y') ? 'subscription' : 'purchase';
    157. 

  157. 

  158. 		$buy_now['action']			= ($this->debug === TRUE) ? 'https://www.sandbox.paypal.com/cgi-bin/webscr' : 'https://www.paypal.com/cgi-bin/webscr';
    159. 

  159. 		$buy_now['hidden_fields']	= array(
    160. 

  160. 										'cmd'  				=> '_xclick',
    161. 

  161. 										'upload'			=> "1",
    162. 

  162. 										'business'			=> $paypal_account,
    163. 

  163. 										'return'			=> $success,
    164. 

  164. 										'cancel_return'		=> $cancel,
    165. 

  165. 										'item_name'			=> $row['item_name'] ,
    166. 

  166. 										'item_number'		=> $row['item_id'] ,
    167. 

  167. 										'amount'			=> ($row['item_use_sale']  == 'y') ? $row['item_sale_price']  : $row['item_regular_price'] ,
    168. 

  168. 										'lc'				=> $country_code,
    169. 

  169. 										'currency_code'		=> $currency,
    170. 

  170. 										'custom'			=> $this->EE->session->userdata['member_id']
    171. 

  171. 										);
    172. 

  172. 		
    173. 

  173. 		if ($this->encrypt === TRUE)
    174. 

  174. 		{
    175. 

  175. 			$url = $buy_now['action'].'?cmd=_s-xclick&amp;encrypted='.urlencode($this->encrypt_data($buy_now['hidden_fields']));
    176. 

  176. 		}
    177. 

  177. 		else
    178. 

  178. 		{
    179. 

  179. 			$url = $buy_now['action'];
    180. 

  180. 			
    181. 

  181. 			foreach($buy_now['hidden_fields'] as $k => $v)
    182. 

  182. 			{
    183. 

  183. 				$url .= ($k == 'cmd') ? '?'.$k.'='.$v : '&amp;'.$k.'='.$this->prep_val($v);
    184. 

  184. 			}
    185. 

  185. 		}
    186. 

  186. 

  187. 		$variable_row['buy_now_url'] = $url;
    188. 

  188. 		
    189. 

  189. 

  190. 

  191. 		//  Subscription
    192. 

  192. 

  193. 		
    194. 

  194. 		$subscribe['action']			= ($this->debug === TRUE) ? 'https://www.sandbox.paypal.com/cgi-bin/webscr' : 'https://www.paypal.com/cgi-bin/webscr';
    195. 

  195. 		$subscribe['hidden_fields']	= array(
    196. 

  196. 										'cmd'  				=> '_xclick-subscriptions',
    197. 

  197. 										'upload'			=> "1",
    198. 

  198. 										'business'			=> $paypal_account,
    199. 

  199. 										'return'			=> $success,
    200. 

  200. 										'cancel_return'		=> $cancel,
    201. 

  201. 										'item_name'			=> $row['item_name'],
    202. 

  202. 										'item_number'		=> $row['item_id'],
    203. 

  203. 										'p3'				=> $row['subscription_frequency'],
    204. 

  204. 										't3'				=> strtoupper(substr($row['subscription_frequency_unit'], 0, 1)),
    205. 

  205. 										'a3'				=> ($row['item_use_sale'] == 'y') ? $row['item_sale_price'] : $row['item_regular_price'],
    206. 

  206. 										'src'				=> 1,
    207. 

  207. 										'lc'				=> $country_code,
    208. 

  208. 										'currency_code'		=> $currency,
    209. 

  209. 										'custom'			=> $this->EE->session->userdata['member_id']
    210. 

  210. 										);
    211. 

  211. 		
    212. 

  212. 		if ($this->encrypt === TRUE)
    213. 

  213. 		{
    214. 

  214. 			$url = $subscribe['action'].'?cmd=_s-xclick&amp;encrypted='.urlencode($this->encrypt_data($buy_now['hidden_fields']));
    215. 

  215. 		}
    216. 

  216. 		else
    217. 

  217. 		{
    218. 

  218. 			$url = $subscribe['action'];
    219. 

  219. 			
    220. 

  220. 			foreach($subscribe['hidden_fields'] as $k => $v)
    221. 

  221. 			{
    222. 

  222. 				$url .= ($k == 'cmd') ? '?'.$k.'='.$v : '&amp;'.$k.'='.$this->prep_val($v);
    223. 

  223. 			}
    224. 

  224. 		}
    225. 

  225. 

  226. 		$variable_row['subscribe_now_url'] = $url;
    227. 

  227. 

  228. 

  229. 		//  Add to Cart 
    230. 

  230. 		
    231. 

  231. 		$add_to_cart['action']				= ($this->debug === TRUE) ? 'https://www.sandbox.paypal.com/cgi-bin/webscr' : 'https://www.paypal.com/cgi-bin/webscr';
    232. 

  232. 		$add_to_cart['hidden_fields']	= array(
    233. 

  233. 												'cmd'				=> '_cart',
    234. 

  234. 												'add'				=> "1",
    235. 

  235. 												'business'			=> $paypal_account,
    236. 

  236. 												'return'			=> $success,
    237. 

  237. 												'cancel_return'		=> $cancel,
    238. 

  238. 												'item_name'			=> $row['item_name'],
    239. 

  239. 												'item_number'		=> $row['item_id'],
    240. 

  240. 												'quantity'			=> '1',
    241. 

  241. 												'amount'			=> ($row['item_use_sale'] == 'y') ? $row['item_sale_price'] : $row['item_regular_price'],
    242. 

  242. 												'lc'				=> $country_code,
    243. 

  243. 												'currency_code'		=> $currency,
    244. 

  244. 												'custom'			=> $this->EE->session->userdata['member_id']
    245. 

  245. 												);
    246. 

  246. 										
    247. 

  247. 		if ($this->encrypt === TRUE)
    248. 

  248. 		{
    249. 

  249. 			$url = $add_to_cart['action'].'?cmd=_s-xclick&amp;encrypted='.urlencode($this->encrypt_data($add_to_cart['hidden_fields']));
    250. 

  250. 		}
    251. 

  251. 		else
    252. 

  252. 		{
    253. 

  253. 			$url = $add_to_cart['action'];
    254. 

  254. 			
    255. 

  255. 			foreach($add_to_cart['hidden_fields'] as $k => $v)
    256. 

  256. 			{	
    257. 

  257. 				$url .= ($k == 'cmd') ? '?'.$k.'='.$v : '&amp;'.$k.'='.$this->prep_val($v);
    258. 

  258. 			}
    259. 

  259. 		}
    260. 

  260. 		
    261. 

  261. 		$variable_row['add_to_cart_url'] = $url;
    262. 

  262. 

  263. 		//  View Cart
    264. 

  264. 

  265. 		if ($this->debug === TRUE)
    266. 

  266. 		{
    267. 

  267. 			$view_cart['action'] = 'https://www.sandbox.paypal.com/cart/display=1&amp;bn=tm_gl_2.0&amp;business='.$paypal_account;
    268. 

  268. 		}
    269. 

  269. 		else
    270. 

  270. 		{
    271. 

  271. 			$view_cart['action'] = 'https://www.paypal.com/cart/display=1&amp;bn=tm_gl_2.0&amp;business='.$paypal_account;
    272. 

  272. 		}
    273. 

  273. 		
    274. 

  274. 		$variable_row['view_cart_url'] = $view_cart['action'];
    275. 

  275. 		
    276. 

  276. 		/** ----------------------------------------
    277. 

  277. 		/**  Parse the Buttons
    278. 

  278. 		/** ----------------------------------------*/
    279. 

  279. 		
    280. 

  280. 		if ($this->encrypt === TRUE)
    281. 

  281. 		{
    282. 

  282. 			$buy_now['hidden_fields'] = array('cmd' => '_s-xclick',
    283. 

  283. 											  'encrypted' => $this->encrypt_data($buy_now['hidden_fields']));
    284. 

  284. 			
    285. 

  285. 			$add_to_cart['hidden_fields'] = array('cmd' => '_s-xclick',
    286. 

  286. 												  'encrypted' => $this->encrypt_data($add_to_cart['hidden_fields']));
    287. 

  287. 		}
    288. 

  288. 

  289. 		$variables[] = $variable_row;
    290. 

  290. 		
    291. 

  291. 		$output = $this->EE->TMPL->parse_variables($this->EE->TMPL->tagdata, $variables); 
    292. 

  292. 		
    293. 

  293. 		
    294. 

  294. 		foreach ($this->EE->TMPL->var_pair as $key => $val)
    295. 

  295. 		{	 
    296. 

  296. 			$data = array();
    297. 

  297. 			
    298. 

  298. 			if ($key == 'buy_now_button')
    299. 

  299. 			{
    300. 

  300. 				$data = $buy_now;
    301. 

  301. 			}
    302. 

  302. 			elseif ($key == 'add_to_cart_button' && $row['recurring'] != 'y')
    303. 

  303. 			{
    304. 

  304. 				$data = $add_to_cart;
    305. 

  305. 			}
    306. 

  306. 			elseif ($key == 'view_cart_button' && $row['recurring'] != 'y')
    307. 

  307. 			{
    308. 

  308. 				$data = $view_cart;
    309. 

  309. 			}
    310. 

  310. 			else
    311. 

  311. 			{
    312. 

  312. 				$output = $this->EE->TMPL->delete_var_pairs($key, $key, $output);
    313. 

  313. 				continue;
    314. 

  314. 			}
    315. 

  315. 			
    316. 

  316. 			$data['id']		= 'paypal_form_'.$row['item_id'].'_'.$key;
    317. 

  317. 			$data['secure'] = FALSE;
    318. 

  318. 			
    319. 

  319. 			$form	= $this->EE->functions->form_declaration($data).
    320. 

  320. 					  '<input type="submit" name="submit" value="\\1" class="paypal_button" />'."\n".
    321. 

  321. 					  '</form>'."\n\n";
    322. 

  322. 					  
    323. 

  323. 			$output = preg_replace("/".LD.preg_quote($key).RD."(.*?)".LD.'\/'.$key.RD."/s", $form, $output);
    324. 

  324. 		}
    325. 

  325. 		
    326. 

  326. 

  327. 		$this->return_data = $output;
    328. 

  328. 		
    329. 

  329. 		return $this->return_data;
    330. 

  330. 

  331. 	}
    332. 

  332. 	
    333. 

  333. 	function button_form($id, $type, $hidden='')
    334. 

  334. 	{
    335. 

  335. 			$data['id']		= 'paypal_form_'.$row['item_id'].'_'.$type;
    336. 

  336. 			$data['class']	= $this->EE->TMPL->form_class;
    337. 

  337. 			$data['secure'] = FALSE;
    338. 

  338. 			$data = $hidden;
    339. 

  339. 			
    340. 

  340. 			$form	= $this->EE->functions->form_declaration($data).
    341. 

  341. 					  '<input type="submit" name="submit" value="\\1" class="paypal_button" />'."\n".
    342. 

  342. 					  '</form>'."\n\n";
    343. 

  343. 			return 'dude';		
    344. 

  344. 	}
    345. 

  345. 

  346. 	/** -------------------------------------
    347. 

  347. 	/**  Round Money
    348. 

  348. 	/** -------------------------------------*/
    349. 

  349. 	
    350. 

  350. 	function round_money($value, $dec=2)
    351. 

  351. 	{
    352. 

  352. 		$decimal = ($this->EE->TMPL->fetch_param('decimal') == ',')  ? ',' : '.';
    353. 

  353. 		
    354. 

  354. 		$value += 0.0;
    355. 

  355. 		$unit	= floor($value * pow(10, $dec+1)) / 10;
    356. 

  356. 		$round	= round($unit);
    357. 

  357. 		return str_replace('.', $decimal, sprintf("%01.2f", ($round / pow(10, $dec))));
    358. 

  358. 	}
    359. 

  359. 	
    360. 

  360. 	/** ----------------------------------------
    361. 

  361. 	/**  Process an Incoming IPN From PayPal
    362. 

  362. 	/** ----------------------------------------*/
    363. 

  363. 	function incoming_ipn()
    364. 

  364. 	{
    365. 

  365. 		// Send incoming post data if debugging required
    366. 

  366. 		if ($this->debug_incoming_ipn)
    367. 

  367. 		{
    368. 

  368. 			ob_start();
    369. 

  369. 			print_r($_POST);
    370. 

  370. 			$msg = ob_get_contents();
    371. 

  371. 			ob_end_clean();
    372. 

  372. 			
    373. 

  373. 			$this->EE->load->library('email');
    374. 

  374. 			$debug_to = ($this->debug_email_address == '') ? $this->EE->config->item('webmaster_email') : $this->debug_email_address;
    375. 

  375. 			
    376. 

  376. 			$this->EE->email->from($this->EE->config->item('webmaster_email'), 
    377. 

  377. 										$this->EE->config->item('site_name'));
    378. 

  378. 			$this->EE->email->to($debug_to);
    379. 

  379. 			$this->EE->email->subject('EE Debug: Incoming IPN Response');
    380. 

  380. 			$this->EE->email->message($msg);
    381. 

  381. 			$this->EE->email->send();
    382. 

  382. 			$this->EE->email->EE_initialize();			
    383. 

  383. 		}
    384. 

  384. 

  385. 		if (empty($_POST))
    386. 

  386. 		{
    387. 

  387. 			@header("HTTP/1.0 404 Not Found");
    388. 

  388. 			@header("HTTP/1.1 404 Not Found");
    389. 

  389. 			exit('No Data Sent');
    390. 

  390. 		}
    391. 

  391. 		elseif($this->debug !== TRUE && isset($_POST['test_ipn']) && $_POST['test_ipn'] == 1)
    392. 

  392. 		{
    393. 

  393. 			@header("HTTP/1.0 404 Not Found");
    394. 

  394. 			@header("HTTP/1.1 404 Not Found");
    395. 

  395. 			exit('Not Debugging Right Now');
    396. 

  396. 		}
    397. 

  397. 		
    398. 

  398. 		
    399. 

  399. 		$paypal_account = ( ! $this->EE->config->item('sc_paypal_account')) ? $this->EE->config->item('webmaster_email') : $this->EE->config->item('sc_paypal_account');
    400. 

  400. 		
    401. 

  401. 		/** ----------------------------------------
    402. 

  402. 		/**  Prep, Prep, Prep
    403. 

  403. 		/** ----------------------------------------*/
    404. 

  404. 		
    405. 

  405. 		foreach($this->possible_post as $value)
    406. 

  406. 		{
    407. 

  407. 			$this->post[$value] = '';
    408. 

  408. 		}
    409. 

  409. 		
    410. 

  410. 		foreach($_POST as $key => $value)
    411. 

  411. 		{
    412. 

  412. 			$this->post[$key] = $this->EE->security->xss_clean($value);
    413. 

  413. 		}
    414. 

  414. 		
    415. 

  415. 		if ($this->debug === TRUE)
    416. 

  416. 		{
    417. 

  417. 			$url = ( ! function_exists('openssl_open')) ? 'http://www.sandbox.paypal.com/cgi-bin/webscr' :  'https://www.sandbox.paypal.com/cgi-bin/webscr';
    418. 

  418. 		}
    419. 

  419. 		else
    420. 

  420. 		{
    421. 

  421. 			$url = ( ! function_exists('openssl_open')) ? 'http://www.paypal.com/cgi-bin/webscr' : 'https://www.paypal.com/cgi-bin/webscr';
    422. 

  422. 		}
    423. 

  423. 		
    424. 

  424. 		/** ----------------------------------------
    425. 

  425. 		/**  Ping Them Back For Confirmation
    426. 

  426. 		/** ----------------------------------------*/
    427. 

  427. 		
    428. 

  428. 		if ( function_exists('curl_init'))
    429. 

  429. 		{
    430. 

  430. 			$result = $this->curl_process($url); 
    431. 

  431. 		}
    432. 

  432. 		else
    433. 

  433. 		{
    434. 

  434. 			$result = $this->fsockopen_process($url);
    435. 

  435. 		}
    436. 

  436. 		
    437. 

  437. 		/** ----------------------------------------
    438. 

  438. 		/**  Evaluate PayPal's Response
    439. 

  439. 		/** ----------------------------------------*/
    440. 

  440. 		
    441. 

  441. 		/* -------------------------------------
    442. 

  442. 		/*  'simple_commerce_evaluate_ipn_response' hook.
    443. 

  443. 		/*  - Take over processing of PayPal's response to an
    444. 

  444. 		/*  - IPN confirmation
    445. 

  445. 		/*  - Added EE 1.5.1
    446. 

  446. 		*/  
    447. 

  447. 			if ($this->EE->extensions->active_hook('simple_commerce_evaluate_ipn_response') === TRUE)
    448. 

  448. 			{
    449. 

  449. 				$result = $this->EE->extensions->universal_call('simple_commerce_evaluate_ipn_response', $this, $result);
    450. 

  450. 				if ($this->EE->extensions->end_script === TRUE) return;
    451. 

  451. 			}
    452. 

  452. 		/*
    453. 

  453. 		/* -------------------------------------*/
    454. 

  454. 		
    455. 

  455. 		if (stristr($result, 'VERIFIED'))
    456. 

  456. 		{
    457. 

  457. 

  458. 			// Subscription start and end pings have no payment status, so that check not included
    459. 

  459. 

  460. 			// Not our paypal account receiving money, so invalid - and we key off txn_type for our conditional handling
    461. 

  461. 			if (strtolower($paypal_account) != trim($this->post['receiver_email']) OR ! isset($this->post['txn_type']))
    462. 

  462. 			{
    463. 

  463. 				return FALSE;
    464. 

  464. 			}
    465. 

  465. 			
    466. 

  466. 			//  User Valid?
    467. 

  467. 			$this->EE->db->select('screen_name');
    468. 

  468. 			$this->EE->db->where('member_id', $this->post['custom']); 
    469. 

  469. 			$query = $this->EE->db->get('exp_members');
    470. 

  470. 			
    471. 

  471. 			if ($query->num_rows() == 0) return FALSE;
    472. 

  472. 			
    473. 

  473. 			$this->post['screen_name'] = $query->row('screen_name') ;
    474. 

  474. 

  475.     		/** --------------------------------------------
    476. 

  476. 			/**  The Subscription Types We Care About
    477. 

  477. 			/**  - According to numerous posts around the internet, these are the only two we should really care about
    478. 

  478. 			/** --------------------------------------------*/
    479. 

  479. 

  480. 			if (in_array($this->post['txn_type'], array('subscr_signup', 'subscr_eot', 'subscr_cancel'))) 
    481. 

  481. 			{
    482. 

  482. 				if ( ! isset($this->post['subscr_id']))
    483. 

  483. 				{
    484. 

  484. 					return FALSE;
    485. 

  485. 				}
    486. 

  486. 

  487. 	    		//  Successful Subscription Data- send it on!
    488. 

  488.     			if(isset($this->post['item_number']) && $this->post['item_number'] != '' && is_numeric($this->post['mc_amount3']) && $this->post['mc_amount3'] > 0)
    489. 

  489.     			{
    490. 

  490.     				$this->perform_actions($this->post['item_number'], '', '', '', $this->post['txn_type']);
    491. 

  491.     			}
    492. 

  492.     		}
    493. 

  493.     		elseif (in_array($this->post['txn_type'], array('cart', 'web_accept')))
    494. 

  494.     		{
    495. 

  495. 

  496. 				//  Is this a repeat, perhaps?
    497. 

  497. 				//  Note- subscription signups do not have a txn_id so we check only non-subscriptions
    498. 

  498. 			
    499. 

  499. 				$query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_simple_commerce_purchases
    500. 

  500. 								 WHERE txn_id = '".$this->EE->db->escape_str($this->post['txn_id'])."'");
    501. 

  501. 								 
    502. 

  502. 				$this->EE->db->where('txn_id', $this->post['txn_id']); 
    503. 

  503. 				$this->EE->db->from('exp_simple_commerce_purchases');
    504. 

  504. 

  505. 				if ($this->EE->db->count_all_results()  > 0) return FALSE;
    506. 

  506. 

  507. 				//A regular purchase should be completed at this point
    508. 

  508. 				if (trim($this->post['payment_status']) != 'Completed')
    509. 

  509. 				{
    510. 

  510. 					return FALSE;
    511. 

  511. 				}
    512. 

  512. 					
    513. 

  513. 				if ($this->post['num_cart_items'] != '' && $this->post['num_cart_items'] > 0 && isset($_POST['item_number1']))
    514. 

  514. 				{
    515. 

  515. 					for($i=1; $i <= $this->post['num_cart_items']; ++$i)
    516. 

  516. 					{
    517. 

  517. 						if (($item_id = $this->EE->input->get_post('item_number'.$i)) !== FALSE)
    518. 

  518. 						{
    519. 

  519. 							$qnty	  = (isset($_POST['quantity'.$i]) && is_numeric($_POST['quantity'.$i])) ? $_POST['quantity'.$i] : 1;
    520. 

  520. 							$subtotal = (isset($_POST['mc_gross_'.$i]) && is_numeric(str_replace('.', '', $_POST['mc_gross_'.$i]))) ? $_POST['mc_gross_'.$i] : 0;
    521. 

  521. 						
    522. 

  522. 							if ($subtotal == 0)
    523. 

  523. 							{
    524. 

  524. 								continue;
    525. 

  525. 							}
    526. 

  526. 						
    527. 

  527. 							$this->perform_actions($item_id, $qnty, $subtotal, $i);
    528. 

  528. 						}
    529. 

  529. 					}
    530. 

  530. 				}
    531. 

  531. 				elseif(isset($this->post['item_number']) && $this->post['item_number'] != '' && is_numeric($this->post['mc_gross']) && $this->post['mc_gross'] > 0)
    532. 

  532. 				{
    533. 

  533. 					
    534. 

  534. 					$this->perform_actions($this->post['item_number'], $this->post['quantity'], $this->post['mc_gross']);
    535. 

  535. 				}
    536. 

  536.     		
    537. 

  537.     		}
    538. 

  538.     		else
    539. 

  539.     		{
    540. 

  540. 				return FALSE;    		
    541. 

  541.     		}
    542. 

  542. 

  543. 

  544. 			/** ------------------------------
    545. 

  545. 			/**  Paypal Suggests Sending a 200 OK Response Back
    546. 

  546. 			/** ------------------------------*/
    547. 

  547. 			
    548. 

  548. 			@header("HTTP/1.0 200 OK");
    549. 

  549. 			@header("HTTP/1.1 200 OK");
    550. 

  550. 			
    551. 

  551. 			exit('Success');
    552. 

  552. 		}
    553. 

  553. 		elseif (stristr($result, 'INVALID'))
    554. 

  554. 		{
    555. 

  555. 			// Error Checking?
    556. 

  556. 		
    557. 

  557. 			@header("HTTP/1.0 200 OK");
    558. 

  558. 			@header("HTTP/1.1 200 OK");
    559. 

  559. 			
    560. 

  560. 			exit('Invalid');
    561. 

  561. 		}
    562. 

  562. 	} 
    563. 

  563. 

  564. 	
    565. 

  565. 	/** ----------------------------------------
    566. 

  566. 	/**  Sing a Song, Have a Dance
    567. 

  567. 	/** ----------------------------------------*/
    568. 

  568. 	
    569. 

  569. 	function curl_process($url)
    570. 

  570. 	{
    571. 

  571. 		$postdata = 'cmd=_notify-validate';
    572. 

  572. 

  573. 		foreach ($_POST as $key => $value)
    574. 

  574. 		{
    575. 

  575. 			// str_replace("\n", "\r\n", $value)
    576. 

  576. 			// put line feeds back to CR+LF as that's how PayPal sends them out
    577. 

  577. 			// otherwise multi-line data will be rejected as INVALID
    578. 

  578. 			$postdata .= "&$key=".urlencode(stripslashes(str_replace("\n", "\r\n", $value)));
    579. 

  579. 		}
    580. 

  580. 

  581. 		$ch=curl_init(); 
    582. 

  582. 		curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,FALSE);
    583. 

  583. 		curl_setopt($ch,CURLOPT_URL,$url); 
    584. 

  584. 		curl_setopt($ch,CURLOPT_POST,1); 
    585. 

  585. 		curl_setopt($ch,CURLOPT_POSTFIELDS,$postdata); 
    586. 

  586. 

  587. 		// Start ob to prevent curl_exec from displaying stuff. 
    588. 

  588. 		ob_start(); 
    589. 

  589. 		curl_exec($ch);
    590. 

  590. 

  591. 		//Get contents of output buffer 
    592. 

  592. 		$info=ob_get_contents(); 
    593. 

  593. 		curl_close($ch);
    594. 

  594. 

  595. 		//End ob and erase contents.  
    596. 

  596. 		ob_end_clean(); 
    597. 

  597. 

  598. 		return $info; 
    599. 

  599. 	}
    600. 

  600. 

  601. 	
    602. 

  602. 	
    603. 

  603. 	/** ----------------------------------------
    604. 

  604. 	/**  Drinking with Friends is Fun!
    605. 

  605. 	/** ----------------------------------------*/
    606. 

  606. 	
    607. 

  607. 	function fsockopen_process($url)
    608. 

  608. 	{ 
    609. 

  609. 		$parts	= parse_url($url);
    610. 

  610. 		$host	= $parts['host'];
    611. 

  611. 		$path	= ( ! isset($parts['path'])) ? '/' : $parts['path'];
    612. 

  612. 		$port	= ($parts['scheme'] == "https") ? '443' : '80';
    613. 

  613. 		$ssl	= ($parts['scheme'] == "https") ? 'ssl://' : '';
    614. 

  614. 		
    615. 

  615. 		
    616. 

  616. 		if (isset($parts['query']) && $parts['query'] != '')
    617. 

  617. 		{
    618. 

  618. 			$path .= '?'.$parts['query'];
    619. 

  619. 		}
    620. 

  620. 		
    621. 

  621. 		$postdata = 'cmd=_notify-validate';
    622. 

  622. 

  623. 		foreach ($_POST as $key => $value)
    624. 

  624. 		{
    625. 

  625. 			// str_replace("\n", "\r\n", $value)
    626. 

  626. 			// put line feeds back to CR+LF as that's how PayPal sends them out
    627. 

  627. 			// otherwise multi-line data will be rejected as INVALID
    628. 

  628. 			$postdata .= "&$key=".urlencode(stripslashes(str_replace("\n", "\r\n", $value)));
    629. 

  629. 		}
    630. 

  630. 		
    631. 

  631. 		$info = '';
    632. 

  632. 

  633. 		$fp = @fsockopen($ssl.$host, $port, $error_num, $error_str, 8); 
    634. 

  634. 

  635. 		if (is_resource($fp))
    636. 

  636. 		{
    637. 

  637. 			fputs($fp, "POST {$path} HTTP/1.0\r\n"); 
    638. 

  638. 			fputs($fp, "Host: {$host}\r\n"); 
    639. 

  639. 			fputs($fp, "Content-Type: application/x-www-form-urlencoded\r\n"); 
    640. 

  640. 			fputs($fp, "Content-Length: ".strlen($postdata)."\r\n"); 
    641. 

  641. 			fputs($fp, "Connection: close\r\n\r\n"); 
    642. 

  642. 			fputs($fp, $postdata . "\r\n\r\n");
    643. 

  643. 			
    644. 

  644. 			while($datum = fread($fp, 4096))
    645. 

  645. 			{
    646. 

  646. 				$info .= $datum;
    647. 

  647. 			}
    648. 

  648. 

  649. 			@fclose($fp); 
    650. 

  650. 		}
    651. 

  651. 		
    652. 

  652. 		return $info; 
    653. 

  653. 	}
    654. 

  654. 

  655. 	
    656. 

  656. 	
    657. 

  657. 	/** ----------------------------------------
    658. 

  658. 	/**  Perform Store Item Actions
    659. 

  659. 	/** ----------------------------------------*/
    660. 

  660. 	function perform_actions($item_id, $qnty, $subtotal, $num_in_cart='', $type='')
    661. 

  661. 	{
    662. 

  662. 		$query = $this->EE->db->query("SELECT wt.title as item_name, sc.* 
    663. 

  663. 							 FROM exp_simple_commerce_items sc, exp_channel_titles wt
    664. 

  664. 							 WHERE sc.entry_id = wt.entry_id 
    665. 

  665. 							 AND sc.item_id = '".$this->EE->db->escape_str($item_id)."'");
    666. 

  666. 							
    667. 

  667. 		if ($query->num_rows() != 1)
    668. 

  668.     	{
    669. 

  669.     		return;
    670. 

  670.     	}
    671. 

  671. 		
    672. 

  672. 		$row = $query->row();
    673. 

  673. 

  674. 		$this->post['item_name']	= $row->item_name;
    675. 

  675. 		$this->post['item_number']	= $item_id;
    676. 

  676. 		$this->post['quantity']		= $qnty;
    677. 

  677. 		$this->post['mc_gross']		= $subtotal;
    678. 

  678. 		$this->post['member_id']	= $this->post['custom'];
    679. 

  679. 			
    680. 

  680. 		$customer_email_template	= $row->customer_email_template;	
    681. 

  681. 		$admin_email_template		= $row->admin_email_template;
    682. 

  682. 		$new_member_group			= $row->new_member_group;
    683. 

  683. 			
    684. 

  684.         //  Type Specific Actions
    685. 

  685. 		
    686. 

  686. 		// we ignore subscr_cancel actions since they do not affect the current subscription
    687. 

  687. 		if ($type == 'subscr_eot')
    688. 

  688. 		{
    689. 

  689. 			$new_member_group			= $row->member_group_unsubscribe;
    690. 

  690. 			$admin_email_template		= $row->admin_email_template_unsubscribe;
    691. 

  691. 			$customer_email_template	= $row->customer_email_template_unsubscribe;
    692. 

  692. 			
    693. 

  693. 			if ($this->end_subscription() === FALSE)
    694. 

  694. 			{
    695. 

  695. 				return FALSE;
    696. 

  696. 			}
    697. 

  697. 		}
    698. 

  698. 		elseif ($type == 'subscr_signup')
    699. 

  699. 		{
    700. 

  700. 			if ($this->start_subscription($row) === FALSE)
    701. 

  701. 			{
    702. 

  702. 				return FALSE;
    703. 

  703. 			}
    704. 

  704. 		}
    705. 

  705. 		
    706. 

  706. 			
    707. 

  707. 		/* -------------------------------------
    708. 

  708. 		/*  'simple_commerce_perform_actions_start' hook.
    709. 

  709. 		/*  - After a purchase is recorded, do more processing before EE's processing
    710. 

  710. 		/*  - Added EE 1.5.1
    711. 

  711. 		*/  
    712. 

  712. 			if ($this->EE->extensions->active_hook('simple_commerce_perform_actions_start') === TRUE)
    713. 

  713. 			{
    714. 

  714. 				$edata = $this->EE->extensions->universal_call('simple_commerce_perform_actions_start', $this, $query->row());
    715. 

  715. 				if ($this->EE->extensions->end_script === TRUE) return;
    716. 

  716. 			}
    717. 

  717. 		/*
    718. 

  718. 		/* -------------------------------------*/	
    719. 

  719. 			
    720. 

  720. 		if ($type == '')
    721. 

  721. 		{
    722. 

  722. 			/* --------------------------------
    723. 

  723. 			/*  Check Price
    724. 

  724. 			/*	- There is a small chance the Admin changed the price between
    725. 

  725. 			/*	purchase and the receipt of the IP, so we give a small bit of
    726. 

  726. 			/* 	wiggle room.  About 10%...
    727. 

  727. 			/* --------------------------------*/
    728. 

  728. 			
    729. 

  729. 			$price = ($row->item_use_sale  == 'y') ? $row->item_sale_price : $row->item_regular_price;
    730. 

  730. 			$cost  = $subtotal/$qnty;
    731. 

  731. 			
    732. 

  732. 			if ($cost < ($price * 0.9))
    733. 

  733. 			{	
    734. 

  734. 				return;
    735. 

  735. 			}
    736. 

  736. 		
    737. 

  737. 			$data = array('txn_id' 			=> $this->post['txn_id'],
    738. 

  738. 					  'member_id' 		=> $this->post['custom'],
    739. 

  739. 					  'item_id'			=> $row->item_id,
    740. 

  740. 					  'purchase_date'	=> $this->EE->localize->now,
    741. 

  741. 					  'item_cost'		=> $cost,
    742. 

  742. 					  'paypal_details'	=> serialize($this->post));
    743. 

  743. 			
    744. 

  744. 			if ( ! is_numeric($qnty) OR $qnty == 1)
    745. 

  745. 			{
    746. 

  746. 				$this->EE->db->insert('exp_simple_commerce_purchases', $data);
    747. 

  747. 

  748. 				$this->EE->db->where('item_id', $item_id);
    749. 

  749. 				$this->EE->db->set('item_purchases', "item_purchases + 1", FALSE);
    750. 

  750. 				$this->EE->db->update('exp_simple_commerce_items'); 				
    751. 

  751. 			}
    752. 

  752. 			else
    753. 

  753. 			{
    754. 

  754. 				for($i=0;  $i < $qnty; ++$i)
    755. 

  755. 				{
    756. 

  756. 					$this->EE->db->insert('exp_simple_commerce_purchases', $data); 	
    757. 

  757. 				}
    758. 

  758. 				
    759. 

  759. 				$this->EE->db->where('item_id', $item_id);
    760. 

  760. 				$this->EE->db->set('item_purchases', "item_purchases + {$qnty}", FALSE);
    761. 

  761. 				$this->EE->db->update('exp_simple_commerce_items'); 				
    762. 

  762. 			}
    763. 

  763. 		}  // end non-sub entry
    764. 

  764. 		
    765. 

  765. 		
    766. 

  766. 		//  New Member Group
    767. 

  767. 		if ($new_member_group != '' && $new_member_group != 0)
    768. 

  768. 		{
    769. 

  769. 			$this->EE->db->where('member_id', $this->post['custom']);
    770. 

  770. 			$this->EE->db->where('group_id !=', 1);
    771. 

  771. 			$this->EE->db->update('exp_members', array('group_id' => $new_member_group)); 
    772. 

  772. 		}
    773. 

  773. 			
    774. 

  774. 

  775. 		//  Send Emails!
    776. 

  776. 

  777. 		$this->EE->load->library('email');
    778. 

  778. 			
    779. 

  779. 		if ($customer_email_template != '' && $customer_email_template != 0)
    780. 

  780. 		{
    781. 

  781. 			$this->EE->db->select('email');
    782. 

  782. 			$result = $this->EE->db->get_where('exp_members', array('member_id' => $this->post['custom']));
    783. 

  783. 

  784. 			$cust_row = $result->row();
    785. 

  785. 			$to = $cust_row->email;
    786. 

  786. 								
    787. 

  787. 			$this->EE->db->select('email_subject, email_body');
    788. 

  788. 			$result = $this->EE->db->get_where('exp_simple_commerce_emails', array('email_id' => $customer_email_template));
    789. 

  789. 						
    790. 

  790. 			if ($result->num_rows() > 0)
    791. 

  791. 			{
    792. 

  792. 				$email = $result->row();
    793. 

  793. 				$subject = $email->email_subject;
    794. 

  794. 				$message = $email->email_body;
    795. 

  795. 				
    796. 

  796. 				foreach($this->post as $key => $value)
    797. 

  797. 				{
    798. 

  798. 					$subject = str_replace(LD.$key.RD, $value, $subject);
    799. 

  799. 					$message = str_replace(LD.$key.RD, $value, $message);
    800. 

  800. 				}
    801. 

  801. 

  802. 				// Load the text helper
    803. 

  803. 				$this->EE->load->helper('text');
    804. 

  804. 				
    805. 

  805. 				$this->EE->email->from($this->EE->config->item('webmaster_email'), 
    806. 

  806. 										$this->EE->config->item('site_name'));
    807. 

  807. 				$this->EE->email->to($to);
    808. 

  808. 				$this->EE->email->subject($subject);
    809. 

  809. 				$this->EE->email->message(entities_to_ascii($message));
    810. 

  810. 				$this->EE->email->send();
    811. 

  811. 				$this->EE->email->EE_initialize();
    812. 

  812. 			}
    813. 

  813. 		}
    814. 

  814. 			
    815. 

  815. 		if ($row->admin_email_address != '' && $admin_email_template != '' && $admin_email_template != 0)
    816. 

  816. 		{	
    817. 

  817. 			$this->EE->db->select('email_subject, email_body');
    818. 

  818. 			$result = $this->EE->db->get_where('exp_simple_commerce_emails', array('email_id' => $admin_email_template));									
    819. 

  819. 									
    820. 

  820. 				
    821. 

  821. 			if ($result->num_rows() > 0)
    822. 

  822. 			{
    823. 

  823. 				$email = $result->row();
    824. 

  824. 				$subject = $email->email_subject;
    825. 

  825. 				$message = $email->email_body;
    826. 

  826. 					
    827. 

  827. 				foreach($this->post as $key => $value)
    828. 

  828. 				{
    829. 

  829. 					$subject = str_replace(LD.$key.RD, $value, $subject);
    830. 

  830. 					$message = str_replace(LD.$key.RD, $value, $message);
    831. 

  831. 				}
    832. 

  832. 

  833. 				// Load the text helper
    834. 

  834. 				$this->EE->load->helper('text');
    835. 

  835. 					
    836. 

  836. 				$this->EE->email->from($this->EE->config->item('webmaster_email'), 
    837. 

  837. 										$this->EE->config->item('site_name'));
    838. 

  838. 				$this->EE->email->to($row->admin_email_address);
    839. 

  839. 				$this->EE->email->subject($subject);
    840. 

  840. 				$this->EE->email->message(entities_to_ascii($message));
    841. 

  841. 				$this->EE->email->send();
    842. 

  842. 				$this->EE->email->EE_initialize();
    843. 

  843. 			}
    844. 

  844. 		}
    845. 

  845. 			
    846. 

  846. 

  847. 

  848. 		/* -------------------------------------
    849. 

  849. 		/*  'simple_commerce_perform_actions_end' hook.
    850. 

  850. 		/*  - After a purchase is recorded, do more processing
    851. 

  851. 		/*  - Added EE 1.5.1
    852. 

  852. 		*/  
    853. 

  853. 			if ($this->EE->extensions->active_hook('simple_commerce_perform_actions_end') === TRUE)
    854. 

  854. 			{
    855. 

  855. 				$edata = $this->EE->extensions->universal_call('simple_commerce_perform_actions_end', $this, $query->row());
    856. 

  856. 				if ($this->EE->extensions->end_script === TRUE) return;
    857. 

  857. 			}
    858. 

  858. 		/*
    859. 

  859. 		/* -------------------------------------*/			
    860. 

  860. 		
    861. 

  861. 	} 
    862. 

  862. 

  863. 	
    864. 

  864. 

  865. 	/** ----------------------------------------
    866. 

  866.     /**  End Subscription for Item and USer
    867. 

  867.     /** ----------------------------------------*/
    868. 

  868. 

  869.     function end_subscription()
    870. 

  870.     {
    871. 

  871.         //  Check for Subscription
    872. 

  872. 		$this->EE->db->select('purchase_id, item_id');
    873. 

  873. 		$this->EE->db->where('member_id', $this->post['custom']);
    874. 

  874. 		$this->EE->db->where('paypal_subscriber_id', $this->post['subscr_id']);
    875. 

  875. 		$query = $this->EE->db->get('exp_simple_commerce_purchases');
    876. 

  876. 

  877. // what if multiple subscriptions?  item_number viable??? -rob1
    878. 

  878. // http://articles.techrepublic.com.com/5100-10878_11-5331883.html
    879. 

  879. // k- 0 is still subscribed.  If it has a date?  They were unsubscribed then.  So- null if not subscription type.
    880. 

  880.         					 
    881. 

  881.         if ($query->num_rows() == 0)
    882. 

  882.         {
    883. 

  883.         	return FALSE;
    884. 

  884.         }
    885. 

  885.  	
    886. 

  886. 		$data = array('subscription_end_date' => $this->EE->localize->now);
    887. 

  887. 		
    888. 

  888. 		$this->EE->db->where('purchase_id', $query->row('purchase_id'));
    889. 

  889. 		$this->EE->db->update('exp_simple_commerce_purchases', $data); 		
    890. 

  890. 		
    891. 

  891. 		$this->EE->db->where('item_id', $query->row('item_id'));
    892. 

  892. 		$this->EE->db->set('current_subscriptions', "current_subscriptions - 1 ", FALSE);
    893. 

  893. 		$this->EE->db->update('exp_simple_commerce_items'); 
    894. 

  894. 

  895. 		return TRUE;
    896. 

  896.     }
    897. 

  897.     /* END end_subscription() */
    898. 

  898.     
    899. 

  899. 

  900.     /** ----------------------------------------
    901. 

  901.     /**  Start Subscription for Item
    902. 

  902.     /** ----------------------------------------*/
    903. 

  903. 

  904.     function start_subscription($row)
    905. 

  905.     {
    906. 

  906.     	/* --------------------------------
    907. 

  907. 		/*  Check Price
    908. 

  908. 		/*	- There is a small chance the Admin changed the price between purchase and the receipt
    909. 

  909. 		/* 	of the IP, so we give a small bit of wiggle room.  About 10%...
    910. 

  910. 		/* --------------------------------*/
    911. 

  911. 		
    912. 

  912. 		$price = ($row->item_use_sale == 'y') ? $row->item_sale_price : $row->item_regular_price;
    913. 

  913. 		
    914. 

  914. 		if ($this->post['mc_amount3'] < ($price * 0.9))
    915. 

  915. 		{	
    916. 

  916. 			return FALSE;
    917. 

  917. 		}
    918. 

  918. 		
    919. 

  919. 		/** --------------------------------------------
    920. 

  920.         /**  Check Subscription!
    921. 

  921.         /** --------------------------------------------*/
    922. 

  922.         
    923. 

  923.         // period3: Regular subscription interval in days, weeks, months, or years (ex: a 4 day interval is "period3: 4 D")
    924. 

  924.         
    925. 

  925.         $period = $row->subscription_frequency.' '.strtoupper(substr($row->subscription_frequency_unit, 0, 1));
    926. 

  926.         
    927. 

  927.         if ( ! isset($this->post['period3']) OR trim($this->post['period3']) != $period)
    928. 

  928.         {
    929. 

  929.         	return FALSE;
    930. 

  930.         }
    931. 

  931. 

  932.         if ( ! isset($this->post['recurring']) OR $this->post['recurring'] != 1)
    933. 

  933.         {
    934. 

  934.         	return FALSE;
    935. 

  935.         }
    936. 

  936. 

  937.         //  Insert Subscription
    938. 

  938. 

  939. 		$data = array('txn_id' 					=> $this->post['txn_id'],
    940. 

  940. 					  'member_id' 				=> $this->post['custom'],
    941. 

  941. 					  'item_id'					=> $row->item_id,
    942. 

  942. 					  'purchase_date'			=> $this->EE->localize->now,
    943. 

  943. 					  'item_cost'				=> $this->post['mc_amount3'],
    944. 

  944. 					  'paypal_details'			=> serialize($this->post),
    945. 

  945. 					  'paypal_subscriber_id'	=> $this->post['subscr_id']);
    946. 

  946. 		
    947. 

  947. 		$this->EE->db->insert('exp_simple_commerce_purchases', $data);
    948. 

  948. 		
    949. 

  949. 		$this->EE->db->where('item_id', $row->item_id);
    950. 

  950. 		$this->EE->db->set('item_purchases', "item_purchases + 1", FALSE);
    951. 

  951. 		$this->EE->db->set('current_subscriptions', "current_subscriptions + 1", FALSE);		
    952. 

  952. 		$this->EE->db->update('exp_simple_commerce_items');		
    953. 

  953.     
    954. 

  954.     	return TRUE;
    955. 

  955.     } 
    956. 

  956. 	/* END start_subscription() */
    957. 

  957. 

  958. 

  959. 

  960. 	/** ----------------------------------------
    961. 

  961. 	/**  Encrypt Button
    962. 

  962. 	/** ----------------------------------------*/
    963. 

  963. 	
    964. 

  964. 	function encrypt_data($params = array(), $type='button')
    965. 

  965. 	{	
    966. 

  966. 		/** -----------------------------
    967. 

  967. 		/**  Certificates, Keys, and TMP Files
    968. 

  968. 		/** -----------------------------*/
    969. 

  969. 	
    970. 

  970. 		$public_certificate	= file_get_contents($this->public_certificate);
    971. 

  971. 		$private_key		= file_get_contents($this->private_key);
    972. 

  972. 		$paypal_certificate	= file_get_contents($this->paypal_certificate);
    973. 

  973. 		
    974. 

  974. 		$tmpin_file  = tempnam($this->temp_path, 'paypal_');
    975. 

  975. 		$tmpout_file = tempnam($this->temp_path, 'paypal_');
    976. 

  976. 		$tmpfinal_file = tempnam($this->temp_path, 'paypal_');
    977. 

  977. 		
    978. 

  978. 		/** -----------------------------
    979. 

  979. 		/**  Prepare Our Data
    980. 

  980. 		/** -----------------------------*/
    981. 

  981. 		
    982. 

  982. 		$rawdata = '';
    983. 

  983. 		$params['cert_id'] = $this->certificate_id;
    984. 

  984. 		
    985. 

  985. 		foreach ($params as $name => $value)
    986. 

  986. 		{
    987. 

  987. 			$rawdata .= "$name=$value\n";
    988. 

  988. 		}
    989. 

  989. 		
    990. 

  990. 		if ( ! $fp = fopen($tmpin_file, 'w'))
    991. 

  991. 		{
    992. 

  992. 			exit('failure');
    993. 

  993. 		}
    994. 

  994. 		
    995. 

  995. 		fwrite($fp, rtrim($rawdata));
    996. 

  996. 		fclose($fp);
    997. 

  997. 		
    998. 

  998. 		/** -----------------------------
    999. 

  999. 		/**  Sign Our File
    1000. 

  1000. 		/** -----------------------------*/
    1001. 

  1001. 		
    1002. 

  1002. 		if ( ! openssl_pkcs7_sign($tmpin_file, $tmpout_file, $public_certificate, $private_key, array(), PKCS7_BINARY))
    1003. 

  1003. 		{
    1004. 

  1004. 			exit("Could not sign encrypted data: " . openssl_error_string());
    1005. 

  1005. 		}
    1006. 

  1006. 		
    1007. 

  1007. 		$data = explode("\n\n", file_get_contents($tmpout_file));
    1008. 

  1008. 		
    1009. 

  1009. 		$data = base64_decode($data['1']);
    1010. 

  1010. 		
    1011. 

  1011. 		if ( ! $fp = fopen($tmpout_file, 'w'))
    1012. 

  1012. 		{
    1013. 

  1013. 			exit("Could not open temporary file '$tmpin_file')");
    1014. 

  1014. 		}
    1015. 

  1015. 		
    1016. 

  1016. 		fwrite($fp, $data);
    1017. 

  1017. 		fclose($fp);
    1018. 

  1018. 		
    1019. 

  1019. 		/** -----------------------------
    1020. 

  1020. 		/**  Encrypt Our Data
    1021. 

  1021. 		/** -----------------------------*/
    1022. 

  1022. 		
    1023. 

  1023. 		if ( ! openssl_pkcs7_encrypt($tmpout_file, $tmpfinal_file, $paypal_certificate, array(), PKCS7_BINARY))
    1024. 

  1024. 		{
    1025. 

  1025. 			exit("Could not encrypt data:" . openssl_error_string());
    1026. 

  1026. 		}
    1027. 

  1027. 		
    1028. 

  1028. 		$encdata = file_get_contents($tmpfinal_file, FALSE);
    1029. 

  1029. 		
    1030. 

  1030. 		if (empty($encdata))
    1031. 

  1031. 		{
    1032. 

  1032. 			exit("Encryption and signature of data failed.");
    1033. 

  1033. 		}
    1034. 

  1034. 		
    1035. 

  1035. 		$encdata = explode("\n\n", $encdata);
    1036. 

  1036. 		$encdata = trim(str_replace("\n", '', $encdata['1']));
    1037. 

  1037. 		$encdata = "-----BEGIN PKCS7-----".$encdata."-----END PKCS7-----";
    1038. 

  1038. 		
    1039. 

  1039. 		@unlink($tmpfinal_file);
    1040. 

  1040. 		@unlink($tmpin_file);
    1041. 

  1041. 		@unlink($tmpout_file);
    1042. 

  1042. 		
    1043. 

  1043. 		/** -----------------------------
    1044. 

  1044. 		/**  Return The Encrypted Data String
    1045. 

  1045. 		/** -----------------------------*/
    1046. 

  1046. 		
    1047. 

  1047. 		return $encdata;
    1048. 

  1048. 

  1049. 	}
    1050. 

  1050. 

  1051.  
    1052. 

  1052. 

  1053. 	/** -------------------------------------
    1054. 

  1054. 	/**  Clean the values for use in URLs
    1055. 

  1055. 	/** -------------------------------------*/
    1056. 

  1056. 	function prep_val($str)
    1057. 

  1057. 	{
    1058. 

  1058. 		// Oh, PayPal, the hoops I must jump through to woo thee...
    1059. 

  1059. 		// PayPal is displaying its cart as UTF-8, sending UTF-8 headers, but when
    1060. 

  1060. 		// processing the form data, is obviously wonking with it.  This will force
    1061. 

  1061. 		// accented characters in item names to display properly on the shopping cart
    1062. 

  1062. 		// but alas only for unencrypted data.  PayPal won't accept this same
    1063. 

  1063. 		// workaround for encrypted form data.
    1064. 

  1064. 

  1065. 		// Load the typography helper so we can do entity_decode()
    1066. 

  1066. 		$this->EE->load->helper('typography');
    1067. 

  1067. 

  1068. 		$str = str_replace('&amp;', '&', $str);
    1069. 

  1069. 		$str = urlencode(utf8_decode(entity_decode($str, 'utf-8')));
    1070. 

  1070. 		
    1071. 

  1071. 		return $str;
    1072. 

  1072. 	}
    1073. 

  1073. 

  1074. 	
    1075. 

  1075. }
    1076. 

  1076. 

  1077. 

  1078. 

  1079. /* End of file mod.simple_commerce.php */
    1080. 

  1080. /* Location: ./system/expressionengine/modules/simple_commerce/mod.simple_commerce.php */
    1081.