/includes/classes/paypal_checkout.php

Large files files are truncated, but you can click here to view the full file

<?php
/**
 * Project: xt:Commerce - eCommerce Engine
 * @version $Id
 *
 * xt:Commerce - Shopsoftware
 * (c) 2003-2007 xt:Commerce (Winger/Zanier), http://www.xt-commerce.com
 *
 * xt:Commerce ist eine geschŸtzte Handelsmarke und wird vertreten durch die xt:Commerce GmbH (Austria)
 * xt:Commerce is a protected trademark and represented by the xt:Commerce GmbH (Austria)
 *
 * @copyright Copyright 2003-2007 xt:Commerce (Winger/Zanier), www.xt-commerce.com
 * @copyright based on Copyright 2002-2003 osCommerce; www.oscommerce.com
 * @copyright Porttions Copyright 2003-2007 Zen Cart Development Team
 * @copyright Porttions Copyright 2004 DevosC.com
 * @license http://www.xt-commerce.com.com/license/2_0.txt GNU Public License V2.0
 *
 * For questions, help, comments, discussion, etc., please join the
 * xt:Commerce Support Forums at www.xt-commerce.com
 *
 * ab 15.08.2008 Teile vom Hamburger-Internetdienst geändert
 * Hamburger-Internetdienst Support Forums at www.forum.hamburger-internetdienst.de
 * Stand: 16.05.2010
*/
require_once(DIR_FS_INC . 'xtc_write_user_info.inc.php');
define('PROXY_HOST', '127.0.0.1');
define('PROXY_PORT', '808');
define('VERSION', PAYPAL_API_VERSION);
class paypal_checkout {
	var $API_UserName,
			$API_Password,
			$API_Signature,
			$API_Endpoint,
			$version,
			$location_error,
			$NOTIFY_URL,
			$EXPRESS_CANCEL_URL,
			$EXPRESS_RETURN_URL,
			$CANCEL_URL,
			$RETURN_URL,
			$GIROPAY_SUCCESS_URL,
			$GIROPAY_CANCEL_URL,
			$BANKTXN_PENDING_URL,
			$EXPRESS_URL,
			$GIROPAY_URL,
			$IPN_URL,
			$ppAPIec,
			$payPalURL;
/*************************************************************/
	function paypal_checkout() {
		// Stand: 27.03.2010
		if(PAYPAL_MODE=='sandbox'){
			$this->API_UserName		= PAYPAL_API_SANDBOX_USER;
			$this->API_Password		= PAYPAL_API_SANDBOX_PWD;
			$this->API_Signature	= PAYPAL_API_SANDBOX_SIGNATURE;
			$this->API_Endpoint		= 'https://api-3t.sandbox.paypal.com/nvp';
			$this->EXPRESS_URL		= 'https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=';
			$this->GIROPAY_URL		= 'https://www.sandbox.paypal.com/webscr?cmd=_complete-express-checkout&token=';
			$this->IPN_URL				= 'https://www.sandbox.paypal.com/cgi-bin/webscr';
		}elseif(PAYPAL_MODE=='live'){
			$this->API_UserName		= PAYPAL_API_USER;
			$this->API_Password		= PAYPAL_API_PWD;
			$this->API_Signature	= PAYPAL_API_SIGNATURE;
			$this->API_Endpoint		= 'https://api-3t.paypal.com/nvp';
			$this->EXPRESS_URL		= 'https://www.paypal.com/webscr?cmd=_express-checkout&token=';
			$this->GIROPAY_URL		= 'https://www.paypal.com/webscr?cmd=_complete-express-checkout&token=';
			$this->IPN_URL				= 'https://www.paypal.com/cgi-bin/webscr';
		}
		if(ENABLE_SSL == true){
			$this->NOTIFY_URL = HTTPS_SERVER.DIR_WS_CATALOG.'callback/paypal/ipn.php';
			$this->EXPRESS_CANCEL_URL = HTTPS_SERVER.DIR_WS_CATALOG.FILENAME_SHOPPING_CART.'?XTCsid='.xtc_session_id();
			$this->EXPRESS_RETURN_URL = HTTPS_SERVER.DIR_WS_CATALOG.FILENAME_PAYPAL_CHECKOUT.'?XTCsid='.xtc_session_id();
			$this->PRE_CANCEL_URL = HTTPS_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_PAYMENT.'?XTCsid='.xtc_session_id();
			$this->CANCEL_URL = HTTPS_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_PAYMENT.'?XTCsid='.xtc_session_id().'&error=true&error_message='.PAYPAL_ERROR;
			$this->RETURN_URL = HTTPS_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_PROCESS.'?XTCsid='.xtc_session_id();
			$this->GIROPAY_SUCCESS_URL = HTTPS_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_SUCCESS.'?XTCsid='.xtc_session_id();
			$this->GIROPAY_CANCEL_URL = HTTPS_SERVER.DIR_WS_CATALOG.FILENAME_SHOPPING_CART.'?XTCsid='.xtc_session_id();
			$this->BANKTXN_PENDING_URL = HTTPS_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_SUCCESS.'?XTCsid='.xtc_session_id();
		}else{
			$this->NOTIFY_URL = HTTP_SERVER.DIR_WS_CATALOG.'callback/paypal/ipn.php';
			$this->EXPRESS_CANCEL_URL = HTTP_SERVER.DIR_WS_CATALOG.FILENAME_SHOPPING_CART.'?XTCsid='.xtc_session_id();
			$this->EXPRESS_RETURN_URL = HTTP_SERVER.DIR_WS_CATALOG.FILENAME_PAYPAL_CHECKOUT.'?XTCsid='.xtc_session_id();
			$this->PRE_CANCEL_URL = HTTP_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_PAYMENT.'?XTCsid='.xtc_session_id();
			$this->CANCEL_URL = HTTP_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_PAYMENT.'?XTCsid='.xtc_session_id().'&error=true&error_message='.PAYPAL_ERROR;
			$this->RETURN_URL = HTTP_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_PROCESS.'?XTCsid='.xtc_session_id();
			$this->GIROPAY_SUCCESS_URL = HTTP_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_SUCCESS.'?XTCsid='.xtc_session_id();
			$this->GIROPAY_CANCEL_URL = HTTP_SERVER.DIR_WS_CATALOG.FILENAME_SHOPPING_CART.'?XTCsid='.xtc_session_id();
			$this->BANKTXN_PENDING_URL = HTTP_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_SUCCESS.'?XTCsid='.xtc_session_id();
		}
		$this->version   = VERSION;
		$this->USE_PROXY = FALSE;
		$this->payPalURL = '';
		$this->ppAPIec = $this->buildAPIKey(PAYPAL_API_KEY, 'ec');
		if(ENABLE_SSL == true):
			$hdrImg='templates/'.CURRENT_TEMPLATE.'/img/'.PAYPAL_API_IMAGE;
			if(file_exists(DIR_FS_CATALOG.$hdrImg) AND PAYPAL_API_IMAGE!=''):
				$hdrSize = getimagesize(DIR_FS_CATALOG.$hdrImg);
				if($hdrSize[0]<=750 AND $hdrSize[1]<=90):
					$this->Image = urlencode(HTTPS_SERVER.DIR_WS_CATALOG.$hdrImg);
				endif;
			endif;
		endif;
		// BOF - Hetfield - 2009-11-19 - replaced deprecated function ereg with preg_match to be ready for PHP >= 5.3
		//if(ereg('^(([a-f]|[A-F]|[0-9]){6})$',PAYPAL_API_CO_BACK))
		if(preg_match('/^(([a-f]|[A-F]|[0-9]){6})$/',PAYPAL_API_CO_BACK))
			$this->BackColor = PAYPAL_API_CO_BACK;
		//if(ereg('^(([a-f]|[A-F]|[0-9]){6})$',PAYPAL_API_CO_BORD))
		if(preg_match('/^(([a-f]|[A-F]|[0-9]){6})$/',PAYPAL_API_CO_BORD))
			$this->BorderColor = PAYPAL_API_CO_BORD;
		// EOF - Hetfield - 2009-11-19 - replaced deprecated function ereg with preg_match to be ready for PHP >= 5.3
	}
/*************************************************************/
	function build_express_checkout_button(){
		// Stand: 01.06.2009
		global $PHP_SELF;
		if($_SESSION['allow_checkout'] == 'true' AND $_SESSION['cart']->show_total()>0 AND MODULE_PAYMENT_PAYPALEXPRESS_STATUS=='True'):
			$unallowed_modules = explode(',', $_SESSION['customers_status']['customers_status_payment_unallowed']);
			if(!in_array('paypalexpress', $unallowed_modules)):
				include(DIR_WS_LANGUAGES . $_SESSION['language'] . '/modules/payment/paypalexpress.php');
				$alt=((defined('MODULE_PAYMENT_PAYPALEXPRESS_ALT_BUTTON'))? MODULE_PAYMENT_PAYPALEXPRESS_ALT_BUTTON :'PayPal');
				$source=((strtoupper($_SESSION['language_code'])=='DE')?'epaypal_de.gif':'epaypal_en.gif');
				$button .= '<a style="cursor:pointer;" onfocus="if(this.blur) this.blur();" onmouseover="window.status = '."''".'; return true;" href="'.xtc_href_link(basename($PHP_SELF), xtc_get_all_get_params(array('action')).'action=paypal_express_checkout').'"><img src="'.DIR_WS_ICONS.$source.'" alt="'.$alt.'" title="'.$alt.'" /></a>';
				return $button;
			endif;
		endif;
		return;
	}
/*************************************************************/
	function build_express_fehler_button(){
		// Stand: 01.06.2009
		if(MODULE_PAYMENT_PAYPALEXPRESS_STATUS=='True'){
			include(DIR_WS_LANGUAGES . $_SESSION['language'] . '/modules/payment/paypalexpress.php');
			$alt=((defined('MODULE_PAYMENT_PAYPALEXPRESS_ALT_BUTTON'))? MODULE_PAYMENT_PAYPALEXPRESS_ALT_BUTTON :'PayPal');
			$source=((strtoupper($_SESSION['language_code'])=='DE')?'epaypal_de.gif':'epaypal_en.gif');
			$button .= '<a style="cursor:pointer;" onfocus="if(this.blur) this.blur();" onmouseover="window.status = '."''".'; return true;" href="'.$this->EXPRESS_CANCEL_URL.'"><img src="'.DIR_WS_ICONS.$source.'" alt="'.$alt.'" title="'.$alt.'" /></a>';
			return $button;
		}
		return;
	}
/*************************************************************/
/******* fürs express als Zahlbedingung **********************/
/*************************************************************/
	function paypal_auth_call(){
		// aufruf aus paypal.php NICHT für PP Express aus Warenkorb
		// Daten aus der Cart - Order noch nicht gespeichert
		// 1. Call um die Token ID zu bekommen
		// Daten mitgeben, da direkt bestätigung ohne nochmaliges Confirm im Shop
		// Stand: 05.01.2010
		global $xtPrice,$order;
		// Session säubern
		unset($_SESSION['reshash']);
		unset($_SESSION['nvpReqArray']);
		require(DIR_WS_CLASSES.'order_total.php');
		$order_total_modules = new order_total();
		$order_totals = $order_total_modules->process();
		$order_tax=0;
		$order_discount=0;
		$order_fee=0;
		$order_gs=0;
		$order_shipping=0;
		for($i = 0, $n = sizeof($order_totals); $i < $n; $i ++):
			switch($order_totals[$i]['code']):
				case 'ot_total':
					$paymentAmount=$order_totals[$i]['value'];
					break;
				case 'ot_shipping':
					$order_shipping=$order_totals[$i]['value'];
					break;
				case 'ot_tax':
					$order_tax+=$order_totals[$i]['value'];
					break;
				case 'ot_discount':
					$order_discount+=$order_totals[$i]['value'];
					break;
          case 'ot_coupon':
            $order_gs+= ($order_totals[$i]['value'] < 0) ? $order_totals[$i]['value'] : $order_totals[$i]['value'] *(-1);
            break;
          case 'ot_gv':
            $order_gs+= ($order_totals[$i]['value'] < 0) ? $order_totals[$i]['value'] : $order_totals[$i]['value'] *(-1);
            break;
          ///  customers bonus
          case 'ot_bonus_fee':
            $order_gs+= ($order_totals[$i]['value'] < 0) ? $order_totals[$i]['value'] : $order_totals[$i]['value'] *(-1);
            break;
				case 'ot_payment':
					if($order_totals[$i]['value'] < 0): // Rabatt aus Fremd Modul
						$order_discount+=$order_totals[$i]['value'];
					else:
						$order_fee+=$order_totals[$i]['value'];
					endif;
					break;
				case 'ot_cod_fee':
					$order_fee+=$order_totals[$i]['value'];
					break;
				case 'ot_ps_fee':
					$order_fee+=$order_totals[$i]['value'];
					break;
				case 'ot_loworderfee':
					$order_fee+=$order_totals[$i]['value'];
			endswitch;
		endfor;
		// AMT
		$paymentAmount = round($paymentAmount, $xtPrice->get_decimal_places($order->info['currency']));
		// Summen der Order
		$order_tax=round($order_tax, $xtPrice->get_decimal_places($order->info['currency']));
		$order_discount=round($order_discount, $xtPrice->get_decimal_places($order->info['currency']));
		$order_gs=round($order_gs, $xtPrice->get_decimal_places($order->info['currency']));
		$order_fee=round($order_fee, $xtPrice->get_decimal_places($order->info['currency']));
		$order_shipping=round($order_shipping, $xtPrice->get_decimal_places($order->info['currency']));
		$nvp_products=$this->paypal_get_products($paymentAmount,$order_tax,$order_discount,$order_fee,$order_shipping,$order_gs);
		$paymentAmount = urlencode(number_format($paymentAmount, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
		$currencyCodeType = urlencode($order->info['currency']);
		// Payment Type
		$paymentType='Sale';
		// The returnURL is the location where buyers return when a
		// payment has been succesfully authorized.
		// The cancelURL is the location buyers are sent to when they hit the
		// cancel button during authorization of payment during the PayPal flow
		$returnURL =urlencode($this->RETURN_URL);
		$cancelURL =urlencode($this->CANCEL_URL);
		$gpsucssesURL =urlencode($this->GIROPAY_SUCCESS_URL);
		$gpcancelURL =urlencode($this->GIROPAY_CANCEL_URL);
		$bankpending =urlencode($this->BANKTXN_PENDING_URL);
		// Construct the parameter string that describes the PayPal payment
		// the varialbes were set in the web form, and the resulting string
		// is stored in $nvpstr
		$sh_name = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['firstname'].' '.$order->delivery['lastname']));
		$sh_street = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['street_address']));
		$sh_street_2 = '';
		$sh_city = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['city']));
		$sh_zip = urlencode($order->delivery['postcode']);
		$sh_state = urlencode($this->state_code($order->delivery['state']));
		$sh_countrycode = urlencode($order->delivery['country']['iso_code_2']);
		$sh_countryname = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",$order->delivery['country']['title']));
		$sh_phonenum = urlencode($order->customer['telephone']);
		// String zusammenbauen
		$nvpstr="&AMT=".$paymentAmount.
						"&CURRENCYCODE=".$currencyCodeType.
						"&PAYMENTACTION=".$paymentType.
						"&LOCALECODE=".$_SESSION['language_code'].
						"&RETURNURL=".$returnURL.
						"&CANCELURL=".$cancelURL.
						"&GIROPAYSUCCESSURL=".$gpsucssesURL.
						"&GIROPAYCANCELURL=".$gpcancelURL.
						"&BANKTXNPENDINGURL=".$bankpending.
						"&HDRIMG=".$this->Image.
						"&HDRBORDERCOLOR=".$this->BorderColor.
						"&HDRBACKCOLOR=".$this->BackColor.
						"&CUSTOM=".''.
						"&SHIPTONAME=".$sh_name.
						"&SHIPTOSTREET=".$sh_street.
						"&SHIPTOSTREET2=".$sh_street2.
						"&SHIPTOCITY=".$sh_city.
						"&SHIPTOZIP=".$sh_zip.
						"&SHIPTOSTATE=".$sh_state.
						"&SHIPTOCOUNTRYCODE=".$sh_countrycode.
						"&SHIPTOCOUNTRYNAME=".$sh_countryname.
						"&PHONENUM=".$sh_phonenum.
						"&ALLOWNOTE=0".
						"&ADDROVERRIDE=1";
		// Artikel Details mitgeben
		$nvpstr.=$nvp_products;
		// Senden
		$resArray=$this->hash_call("SetExpressCheckout",$nvpstr);
		$_SESSION['reshash']= $resArray;
		$ack = strtoupper($resArray["ACK"]);
		if($ack!="SUCCESS"):
			if(PAYPAL_ERROR_DEBUG=='true'):
				$this->build_error_message($_SESSION['reshash']);
			else:
				$_SESSION['reshash']['FORMATED_ERRORS'] = PAYPAL_NOT_AVIABLE;
			endif;
			xtc_redirect($this->PRE_CANCEL_URL);
		endif;
		if($ack=="SUCCESS"){
			$token = urldecode($resArray["TOKEN"]);
			$this->payPalURL = $this->EXPRESS_URL.''.$token;
			return $this->payPalURL;
		}
	}
/*************************************************************/
/******* fürs express aus dem warenkorb **********************/
/*************************************************************/
	function paypal_express_auth_call(){
		// aufruf aus cart_actions.php
		// 1. Call um die Token ID zu bekommen
		// Steuer, Artikel usw bei eingeloggt
		// Stand: 05.01.2010
		global $xtPrice,$order;
		// Session säubern
		unset($_SESSION['reshash']);
		unset($_SESSION['nvpReqArray']);
		// Shipping:
		if(!isset($_SESSION['sendto'])) {
			$_SESSION['sendto'] = $_SESSION['customer_default_address_id'];
		} else {
			// verify the selected shipping address
			$check_address_query = xtc_db_query("select count(*) as total from ".TABLE_ADDRESS_BOOK." where customers_id = '".(int) $_SESSION['customer_id']."' and address_book_id = '".(int) $_SESSION['sendto']."'");
			$check_address = xtc_db_fetch_array($check_address_query);
			if($check_address['total'] != '1') {
				$_SESSION['sendto'] = $_SESSION['customer_default_address_id'];
				if(isset($_SESSION['shipping']))
					unset($_SESSION['shipping']);
			}
		}
		// Shipping END
		require(DIR_WS_CLASSES.'order.php');
		$order = new order();
		require(DIR_WS_CLASSES.'order_total.php');
		$order_total_modules = new order_total();
		$order_totals = $order_total_modules->process();
		$order_tax=0;
		$order_discount=0;
		$order_gs=0;
		$order_fee=0;
		$order_shipping=0;
		for($i = 0, $n = sizeof($order_totals); $i < $n; $i ++):
			switch($order_totals[$i]['code']):
          case 'ot_discount':
            $order_discount+=$order_totals[$i]['value'];
            break;
          case 'ot_coupon':
            $order_gs+= ($order_totals[$i]['value'] < 0) ? $order_totals[$i]['value'] : $order_totals[$i]['value'] *(-1);
            break;
          case 'ot_gv':
            $order_gs+= ($order_totals[$i]['value'] < 0) ? $order_totals[$i]['value'] : $order_totals[$i]['value'] *(-1);
            break;
          ///  customers bonus
          case 'ot_bonus_fee':
            $order_gs+= ($order_totals[$i]['value'] < 0) ? $order_totals[$i]['value'] : $order_totals[$i]['value'] *(-1);
            break;
				case 'ot_payment':
					if($order_totals[$i]['value'] < 0): // Rabatt aus Fremd Modul
						$order_discount+=$order_totals[$i]['value'];
					else:
						$order_fee+=$order_totals[$i]['value'];
					endif;
				case 'ot_cod_fee':
					$order_fee+=$order_totals[$i]['value'];
					break;
				case 'ot_ps_fee':
					$order_fee+=$order_totals[$i]['value'];
					break;
				case 'ot_loworderfee':
					$order_fee+=$order_totals[$i]['value'];
			endswitch;
		endfor;
		// AMT
		$paymentAmount=$_SESSION['cart']->show_total()
									+$order_discount
									+$order_gs
									+$order_fee;
		if($_SESSION['customers_status']['customers_status_show_price_tax'] == 0 && $_SESSION['customers_status']['customers_status_add_tax_ot'] == 1):
			$order_tax=$_SESSION['cart']->show_tax(false);
		endif;
		// Vorläufige Versandkosten
		if(PAYPAL_EXP_VORL!='' AND PAYPAL_EXP_VERS!=0):
			$paymentAmount+=PAYPAL_EXP_VERS;
		endif;
		// AMT
		$paymentAmount = round($paymentAmount, $xtPrice->get_decimal_places($order->info['currency']));
		// Summen der Order
		$order_tax=round($order_tax, $xtPrice->get_decimal_places($order->info['currency']));
		$order_discount=round($order_discount, $xtPrice->get_decimal_places($order->info['currency']));
		$order_gs=round($order_gs, $xtPrice->get_decimal_places($order->info['currency']));
		$order_fee=round($order_fee, $xtPrice->get_decimal_places($order->info['currency']));
		$nvp_products=$this->paypal_get_products($paymentAmount,$order_tax,$order_discount,$order_fee,$order_shipping,$order_gs,True);
		$paymentAmount = urlencode(number_format($paymentAmount, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
		$currencyCodeType = urlencode($order->info['currency']);
		// Payment Type
		$paymentType='Sale';
		$returnURL =urlencode($this->EXPRESS_RETURN_URL);
		$cancelURL =urlencode($this->EXPRESS_CANCEL_URL);
		$gpsucssesURL =urlencode($this->GIROPAY_SUCCESS_URL);
		$gpcancelURL =urlencode($this->EXPRESS_CANCEL_URL);
		$bankpending =urlencode($this->BANKTXN_PENDING_URL);
		if(isset($_SESSION['sendto']) AND isset($_SESSION['customer_id'])):
			// User eingeloggt
			$sh_name = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['firstname'].' '.$order->delivery['lastname']));
			$sh_street = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['street_address']));
			$sh_street_2 = '';
			$sh_city = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['city']));
			$sh_zip = urlencode($order->delivery['postcode']);
			$sh_state = urlencode($this->state_code($order->delivery['state']));
			$sh_countrycode = urlencode($order->delivery['country']['iso_code_2']);
			$sh_countryname = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",$order->delivery['country']['title']));
			$sh_phonenum = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",$order->customer['telephone']));
			if($_SESSION['paypal_express_new_customer']!='true')
				$address = "&SHIPTONAME=".$sh_name."&SHIPTOSTREET=".$sh_street."&SHIPTOSTREET2=".$sh_street2."&SHIPTOCITY=".$sh_city."&SHIPTOZIP=".$sh_zip."&SHIPTOSTATE=".$sh_state."&SHIPTOCOUNTRYCODE=".$sh_countrycode."&SHIPTOCOUNTRYNAME=".$sh_countryname."&PHONENUM=".$sh_phonenum;
		endif;
		// String zusammenbauen
		$nvpstr="&AMT=".$paymentAmount.
						"&CURRENCYCODE=".$currencyCodeType.
						"&PAYMENTACTION=".$paymentType.
						"&LOCALECODE=".$_SESSION['language_code'].
						"&RETURNURL=".$returnURL.
						"&CANCELURL=".$cancelURL.
						"&GIROPAYSUCCESSURL=".$gpsucssesURL.
						"&GIROPAYCANCELURL=".$gpcancelURL.
						"&BANKTXNPENDINGURL=".$bankpending.
						"&HDRIMG=".$this->Image.
						"&HDRBORDERCOLOR=".$this->BorderColor.
						"&HDRBACKCOLOR=".$this->BackColor.
						"&CUSTOM=".''.
						$address.
						"&ALLOWNOTE=0".
						"&ADDROVERRIDE=0";
		// Artikel Details mitgeben
		$nvpstr.=$nvp_products;
		// Make the call to PayPal to set the Express Checkout token
		// If the API call succeded, then redirect the buyer to PayPal
		// to begin to authorize payment.  If an error occured, show the
		// resulting errors
		$resArray=$this->hash_call("SetExpressCheckout",$nvpstr);
		$_SESSION['reshash']= $resArray;
		$ack = strtoupper($resArray["ACK"]);
		if($ack=="SUCCESS"){
			$token = urldecode($resArray["TOKEN"]);
			$this->payPalURL = $this->EXPRESS_URL.''.$token;
			return $this->payPalURL;
		} else  {
			if(PAYPAL_ERROR_DEBUG=='true'):
				$this->build_error_message($_SESSION['reshash']);
			else:
				$_SESSION['reshash']['FORMATED_ERRORS'] = PAYPAL_NOT_AVIABLE;
			endif;
			$this->payPalURL = $this->EXPRESS_CANCEL_URL;
			return $this->payPalURL;
		}
	}
/*************************************************************/
/******* für abgelehnte Zahlungen **********************/
/*************************************************************/
	function paypal_second_auth_call($insert_id){
		// aufruf aus shopping_cart.php
		// 1. Call um die Token ID zu bekommen
		// Daten aus der Order !
		// Stand: 29.04.2009
		global $xtPrice,$order;
		// Session säubern
		unset($_SESSION['reshash']);
		unset($_SESSION['nvpReqArray']);
		require(DIR_WS_CLASSES.'order.php');
		$order = new order($insert_id);
		// Amt
		$paymentAmount = round($order->info['pp_total'], $xtPrice->get_decimal_places($order->info['currency']));
		// Summen der Order
		$order_tax = round($order->info['pp_tax'], $xtPrice->get_decimal_places($order->info['currency']));
		$order_discount = round($order->info['pp_disc'], $xtPrice->get_decimal_places($order->info['currency']));
		$order_gs = round($order->info['pp_gs'], $xtPrice->get_decimal_places($order->info['currency']));
		$order_fee = round($order->info['pp_fee'], $xtPrice->get_decimal_places($order->info['currency']));
		$order_shipping = round($order->info['pp_shipping'], $xtPrice->get_decimal_places($order->info['currency']));
		$nvp_products=$this->paypal_get_products($paymentAmount,$order_tax,$order_discount,$order_fee,$order_shipping,$order_gs);
		$paymentAmount = urlencode(number_format($paymentAmount, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
		$currencyCodeType = urlencode($order->info['currency']);
		// Payment Type
		$paymentType='Sale';
		$returnURL =urlencode($this->EXPRESS_CANCEL_URL);
		$cancelURL =urlencode($this->EXPRESS_CANCEL_URL);
		$gpsucssesURL =urlencode($this->GIROPAY_SUCCESS_URL);
		$gpcancelURL =urlencode($this->EXPRESS_CANCEL_URL);
		$bankpending =urlencode($this->BANKTXN_PENDING_URL);
		$notify_url  = urlencode($this->NOTIFY_URL);
		$inv_num = urlencode($insert_id);
		// Versandadresse
		$sh_name = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['firstname'].' '.$order->delivery['lastname']));
		$sh_street = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['street_address']));
		$sh_street_2 = '';
		$sh_city = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['city']));
		$sh_state = urlencode($this->state_code($order->delivery['state']));
		if(is_array($order->delivery['country'])):
			$sh_countrycode = urlencode($order->delivery['country']['iso_code_2']);
			$sh_countryname = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",$order->delivery['country']['title']));
		else:
			$sh_countrycode = urlencode($order->delivery['country_iso_2']);
			$sh_countryname = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",$order->delivery['country']));
		endif;
		$sh_phonenum = urlencode($order->customer['telephone']);
		$sh_zip = urlencode($order->delivery['postcode']);
		$address = "&SHIPTONAME=".$sh_name."&SHIPTOSTREET=".$sh_street."&SHIPTOSTREET2=".$sh_street2."&SHIPTOCITY=".$sh_city."&SHIPTOZIP=".$sh_zip."&SHIPTOSTATE=".$sh_state."&SHIPTOCOUNTRYCODE=".$sh_countrycode."&SHIPTOCOUNTRYNAME=".$sh_countryname."&PHONENUM=".$sh_phonenum;
		// String zusammenbauen
		$nvpstr="&AMT=".$paymentAmount.
						"&CURRENCYCODE=".$currencyCodeType.
						"&PAYMENTACTION=".$paymentType.
						"&NOTIFYURL=".$notify_url.
						"&INVNUM=".$inv_num.$adress.
						"&LOCALECODE=".$_SESSION['language_code'].
						"&RETURNURL=".$returnURL.
						"&CANCELURL=".$cancelURL.
						"&GIROPAYSUCCESSURL=".$gpsucssesURL.
						"&GIROPAYCANCELURL=".$gpcancelURL.
						"&BANKTXNPENDINGURL=".$bankpending.
						"&HDRIMG=".$this->Image.
						"&HDRBORDERCOLOR=".$this->BorderColor.
						"&HDRBACKCOLOR=".$this->BackColor.
						"&CUSTOM=".''.
						$address.
						"&ALLOWNOTE=0".
						"&ADDROVERRIDE=1";
		// Artikel Details mitgeben
		$nvpstr.=$nvp_products;
		// Make the call to PayPal to set the Express Checkout token
		// If the API call succeded, then redirect the buyer to PayPal
		// to begin to authorize payment.  If an error occured, show the
		// resulting errors
		$resArray=$this->hash_call("SetExpressCheckout",$nvpstr);
		$_SESSION['reshash']= $resArray;
		$ack = strtoupper($resArray["ACK"]);
		if($ack=="SUCCESS"){
			$token = urldecode($resArray["TOKEN"]);
			$this->payPalURL = $this->EXPRESS_URL.''.$token;
			return $this->payPalURL;
		} else  {
			$this->build_error_message($_SESSION['reshash']);
			if(PAYPAL_ERROR_DEBUG=='true'):
				$_SESSION['reshash']['FORMATED_ERRORS'] = PAYPAL_NOT_AVIABLE;
			else:
				$this->payPalURL = $this->EXPRESS_CANCEL_URL;
			endif;
			return $this->payPalURL;
		}
	}
/*************************************************************/
/******* für beide Versionen *********************************/
/*************************************************************/
	function complete_ceckout($insert_id, $data=''){
		// aufruf aus paypal.php oder paypalexpress.php aus Warenkorb
		// 2. Call um die PayPal Aktion abzuschliessen
		// Daten aus der Order
		// Stand: 29.04.2009
		global $xtPrice,$order;
		$order = new order($insert_id);
		// IP Adresse
		if($_SERVER["HTTP_X_FORWARDED_FOR"]) {
			$customers_ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
		} else {
			$customers_ip = $_SERVER["REMOTE_ADDR"];
		}
		// Amt
		$paymentAmount = round($order->info['pp_total'], $xtPrice->get_decimal_places($order->info['currency']));
		// Summen der Order
		$order_tax = round($order->info['pp_tax'], $xtPrice->get_decimal_places($order->info['currency']));
		$order_discount = round($order->info['pp_disc'], $xtPrice->get_decimal_places($order->info['currency']));
		$order_gs = round($order->info['pp_gs'], $xtPrice->get_decimal_places($order->info['currency']));
		$order_fee = round($order->info['pp_fee'], $xtPrice->get_decimal_places($order->info['currency']));
		$order_shipping = round($order->info['pp_shipping'], $xtPrice->get_decimal_places($order->info['currency']));
		$nvp_products=$this->paypal_get_products($paymentAmount,$order_tax,$order_discount,$order_fee,$order_shipping,$order_gs);
		$paymentAmount = urlencode(number_format($paymentAmount, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
		$currencyCodeType = urlencode($order->info['currency']);
		$tkn=(($data['token']!='')?$data['token']:$_SESSION['nvpReqArray']['TOKEN']);
		$payer=(($data['PayerID']!='')?$data['PayerID']:$payer = $_SESSION['reshash']['PAYERID']);
		$token =urlencode($tkn);
		$payerID = urlencode($payer);
		$paymentType='Sale';
		$notify_url  = urlencode($this->NOTIFY_URL);
		$inv_num = urlencode($insert_id);
		$button_source = urlencode($this->ppAPIec);
		// Versandadresse
		$sh_name = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['firstname'].' '.$order->delivery['lastname']));
		$sh_street = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['street_address']));
		$sh_street_2 = '';
		$sh_city = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['city']));
		$sh_state = urlencode($this->state_code($order->delivery['state']));
		if(is_array($order->delivery['country'])):
			$sh_countrycode = urlencode($order->delivery['country']['iso_code_2']);
			$sh_countryname = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",$order->delivery['country']['title']));
		else:
			$sh_countrycode = urlencode($order->delivery['country_iso_2']);
			$sh_countryname = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",$order->delivery['country']));
		endif;
		$sh_phonenum = urlencode($order->customer['telephone']);
		$sh_zip = urlencode($order->delivery['postcode']);
		$address = "&SHIPTONAME=".$sh_name."&SHIPTOSTREET=".$sh_street."&SHIPTOSTREET2=".$sh_street2."&SHIPTOCITY=".$sh_city."&SHIPTOZIP=".$sh_zip."&SHIPTOSTATE=".$sh_state."&SHIPTOCOUNTRYCODE=".$sh_countrycode."&SHIPTOCOUNTRYNAME=".$sh_countryname."&PHONENUM=".$sh_phonenum;
		// Versand Ende
		$nvpstr='&TOKEN='.$token.
						'&PAYERID='.$payerID.
						'&PAYMENTACTION='.$paymentType.
						'&AMT='.$paymentAmount.
						'&CURRENCYCODE='.$currencyCodeType.
						'&IPADDRESS='.$customers_ip.
						'&NOTIFYURL='.$notify_url.
						'&INVNUM='.$inv_num.$adress.
						'&BUTTONSOURCE='.$button_source.
						$address;
		// Artikel Details mitgeben
		$nvpstr.=$nvp_products;
		// Make the call to PayPal to finalize payment
		// If an error occured, show the resulting errors
		$resArray=$this->hash_call("DoExpressCheckoutPayment",$nvpstr);
		$_SESSION['reshash'] = array_merge($_SESSION['reshash'], $resArray) ;
		$ack = strtoupper($resArray["ACK"]);
		if($ack!="SUCCESS" AND $ack!="SUCCESSWITHWARNING"){
			$this->build_error_message($_SESSION['reshash'],'DoEx');
		}
	}
/*************************************************************/
/******* funktionen nur für Warenkorb ************************/
/*************************************************************/
	function paypal_get_customer_data(){
		// Stand: 29.04.2009
		$nvpstr="&TOKEN=".$_SESSION['reshash']['TOKEN'];
		// Make the API call and store the results in an array.  If the
		// call was a success, show the authorization details, and provide
		// an action to complete the payment.  If failed, show the error
		$resArray=$this->hash_call("GetExpressCheckoutDetails",$nvpstr);
		$_SESSION['reshash'] = array_merge($_SESSION['reshash'], $resArray) ;
		$ack = strtoupper($resArray["ACK"]);
		if($ack=="SUCCESS"){
			$_SESSION['paypal_express_checkout'] = true;
			$_SESSION['paypal_express_payment_modules'] = 'paypalexpress.php';
			$this->check_customer();
		} else  {
			$this->build_error_message($_SESSION['reshash']);
			$this->payPalURL = $this->EXPRESS_CANCEL_URL;
			return $this->payPalURL;
		}
	}
/*************************************************************/
	function check_customer(){
		// Stand: 29.04.2009
		if(!isset($_SESSION['customer_id'])) {
			$check_customer_query = xtc_db_query("select * from ".TABLE_CUSTOMERS." where customers_email_address = '".xtc_db_input($_SESSION['reshash']['EMAIL'])."' and account_type = '0'");
			if(!xtc_db_num_rows($check_customer_query)) {
				$this->create_account();
			}else{
				$check_customer = xtc_db_fetch_array($check_customer_query);
				$this->login_customer($check_customer);
				if(PAYPAL_EXPRESS_ADDRESS_OVERRIDE == 'true' && $_SESSION['pp_allow_address_change']!='true')
					$this->create_shipping_address();
			}
		}else{
			if(PAYPAL_EXPRESS_ADDRESS_OVERRIDE == 'true' && $_SESSION['pp_allow_address_change']!='true'){
				$check_customer_query = xtc_db_query("select * from ".TABLE_CUSTOMERS." where customers_id = '".xtc_db_input($_SESSION['customer_id'])."' and account_type = '0'");
				$check_customer = xtc_db_fetch_array($check_customer_query);
				$this->create_shipping_address();
			}
		}
	}
/*************************************************************/
	function create_account(){
		// Stand: 29.04.2009
		$firstname = xtc_db_prepare_input($this->UTF8decode($_SESSION['reshash']['FIRSTNAME']));
		$lastname = xtc_db_prepare_input($this->UTF8decode($_SESSION['reshash']['LASTNAME']));
		$email_address = xtc_db_prepare_input($_SESSION['reshash']['EMAIL']);
		$company = xtc_db_prepare_input($this->UTF8decode($_SESSION['reshash']['BUSINESS']));
		$street_address = xtc_db_prepare_input($this->UTF8decode($_SESSION['reshash']['SHIPTOSTREET'] . $_SESSION['reshash']['SHIPTOSTREET_2']));
		$postcode = xtc_db_prepare_input($_SESSION['reshash']['SHIPTOZIP']);
		$city = xtc_db_prepare_input($this->UTF8decode($_SESSION['reshash']['SHIPTOCITY']));
		$state = xtc_db_prepare_input($_SESSION['reshash']['SHIPTOSTATE']);
		$telephone = xtc_db_prepare_input($_SESSION['reshash']['PHONENUM']);
		$country_query = xtc_db_query("select * from ".TABLE_COUNTRIES." where countries_iso_code_2 = '".xtc_db_input($_SESSION['reshash']['SHIPTOCOUNTRYCODE'])."' ");
		$tmp_country = xtc_db_fetch_array($country_query);
		$country = xtc_db_prepare_input($tmp_country['countries_id']);
		$customers_status = DEFAULT_CUSTOMERS_STATUS_ID;
		$sql_data_array = array(
											'customers_status' => $customers_status,
											'customers_firstname' => $firstname,
											'customers_lastname' => $lastname,
											'customers_email_address' => $email_address,
											'customers_telephone' => $telephone,
											'customers_date_added' => 'now()',
											'customers_last_modified' => 'now()');
		xtc_db_perform(TABLE_CUSTOMERS, $sql_data_array);
		$_SESSION['paypal_express_new_customer'] = 'true';
		$_SESSION['customer_id'] = xtc_db_insert_id();
		$user_id = xtc_db_insert_id();
		xtc_write_user_info($user_id);
		$sql_data_array = array(
											'customers_id' => $_SESSION['customer_id'],
											'entry_firstname' => $firstname,
											'entry_lastname' => $lastname,
											'entry_street_address' => $street_address,
											'entry_postcode' => $postcode,
											'entry_city' => $city,
											'entry_country_id' => $country,
											'entry_company' => $company,
											'entry_zone_id' => '0',
											'entry_state' => $state,
											'address_date_added' => 'now()',
											'address_last_modified' => 'now()');
		xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
		$address_id = xtc_db_insert_id();
		$_SESSION['sendto'] = $address_id;
		xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . $address_id . "' where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
		xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $_SESSION['customer_id'] . "', '0', now())");
		if(isset($_SESSION['tracking']['refID'])) {
			$campaign_check_query_raw = "SELECT *
																	FROM " . TABLE_CAMPAIGNS . "
																	WHERE campaigns_refID = '" . $_SESSION[tracking][refID] . "'";
			$campaign_check_query = xtc_db_query($campaign_check_query_raw);
			if(xtc_db_num_rows($campaign_check_query) > 0) {
				$campaign = xtc_db_fetch_array($campaign_check_query);
				$refID = $campaign['campaigns_id'];
			} else {
				$refID = 0;
			}
			xtc_db_query("update " . TABLE_CUSTOMERS . " set
										refferers_id = '" . $refID . "'
										where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
			$leads = $campaign['campaigns_leads'] + 1;
			xtc_db_query("update " . TABLE_CAMPAIGNS . " set
										campaigns_leads = '" . $leads . "'
										where campaigns_id = '" . $refID . "'");
		}
		if(ACTIVATE_GIFT_SYSTEM == 'true') {
			// GV Code Start
			// ICW - CREDIT CLASS CODE BLOCK ADDED  ******************************************************* BEGIN
			if(NEW_SIGNUP_GIFT_VOUCHER_AMOUNT > 0) {
				$coupon_code = create_coupon_code();
				$insert_query = xtc_db_query("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $coupon_code . "', 'G', '" . NEW_SIGNUP_GIFT_VOUCHER_AMOUNT . "', now())");
				$insert_id = xtc_db_insert_id($insert_query);
				$insert_query = xtc_db_query("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $email_address . "', now() )");
				$_SESSION['reshash']['SEND_GIFT'] = 'true';
				$_SESSION['reshash']['GIFT_AMMOUNT'] = $xtPrice->xtcFormat(NEW_SIGNUP_GIFT_VOUCHER_AMOUNT, true);
				$_SESSION['reshash']['GIFT_CODE'] = $coupon_code;
				$_SESSION['reshash']['GIFT_LINK'] = xtc_href_link(FILENAME_GV_REDEEM, 'gv_no=' . $coupon_code, 'NONSSL', false);
			}
			if(NEW_SIGNUP_DISCOUNT_COUPON != '') {
				$coupon_code = NEW_SIGNUP_DISCOUNT_COUPON;
				$coupon_query = xtc_db_query("select * from " . TABLE_COUPONS . " where coupon_code = '" . $coupon_code . "'");
				$coupon = xtc_db_fetch_array($coupon_query);
				$coupon_id = $coupon['coupon_id'];
				$coupon_desc_query = xtc_db_query("select * from " . TABLE_COUPONS_DESCRIPTION . " where coupon_id = '" . $coupon_id . "' and language_id = '" . (int) $_SESSION['language_id'] . "'");
				$coupon_desc = xtc_db_fetch_array($coupon_desc_query);
				$insert_query = xtc_db_query("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $coupon_id . "', '0', 'Admin', '" . $email_address . "', now() )");
				$_SESSION['reshash']['SEND_COUPON'] = 'true';
				$_SESSION['reshash']['COUPON_DESC'] = $coupon_desc['coupon_description'];
				$_SESSION['reshash']['COUPON_CODE'] = $coupon['coupon_code'];
			}
			// ICW - CREDIT CLASS CODE BLOCK ADDED  ******************************************************* END
			// GV Code End       // create templates
		}
		$_SESSION['ACCOUNT_PASSWORD'] = 'true';
		// Login Customer
		$check_customer_query = xtc_db_query("select * from ".TABLE_CUSTOMERS." where customers_email_address = '".xtc_db_input($email_address)."' and account_type = '0'");
		$check_customer = xtc_db_fetch_array($check_customer_query);
		$this->login_customer($check_customer);
		if(PAYPAL_EXPRESS_ADDRESS_OVERRIDE == 'true'):
			if($firstname.' '.$lastname != $this->UTF8decode($_SESSION['reshash']['SHIPTONAME']))
				$this->create_shipping_address();
		endif;
	}
/*************************************************************/
	function login_customer($check_customer){
		// Stand: 29.04.2009
		global $main,$xtPrice,$econda;
		if(SESSION_RECREATE == 'True')
			xtc_session_recreate();
		$check_country_query = xtc_db_query("select entry_country_id, entry_zone_id from ".TABLE_ADDRESS_BOOK." where customers_id = '".(int) $check_customer['customers_id']."' and address_book_id = '".$check_customer['customers_default_address_id']."'");
		$check_country = xtc_db_fetch_array($check_country_query);
		$_SESSION['customer_gender'] = $check_customer['customers_gender'];
		$_SESSION['customer_first_name'] = $check_customer['customers_firstname'];
		$_SESSION['customer_last_name'] = $check_customer['customers_lastname'];
		$_SESSION['customer_id'] = $check_customer['customers_id'];
		$_SESSION['customer_vat_id'] = $check_customer['customers_vat_id'];
		$_SESSION['customer_default_address_id'] = $check_customer['customers_default_address_id'];
		$_SESSION['customer_country_id'] = $check_country['entry_country_id'];
		$_SESSION['customer_zone_id'] = $check_country['entry_zone_id'];
		$_SESSION['customer_email_address'] = $check_customer['customers_email_address'];
		$date_now = date('Ymd');
		xtc_db_query("update ".TABLE_CUSTOMERS_INFO." SET customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 WHERE customers_info_id = '".(int) $_SESSION['customer_id']."'");
		xtc_write_user_info((int) $_SESSION['customer_id']);
		// Falls vorher schon mal eingeloggt und was in der Cart war
		xtc_db_query("delete from ".TABLE_CUSTOMERS_BASKET." where customers_id = '".(int)$_SESSION['customer_id']."'");
		xtc_db_query("delete from ".TABLE_CUSTOMERS_BASKET_ATTRIBUTES." where customers_id = '".(int)$_SESSION['customer_id']."'");
		// Warenkorb restoren
		$_SESSION['cart']->restore_contents();
		if(is_object($econda)) $econda->_loginUser();
		// write customers status in session
		require(DIR_WS_INCLUDES.'write_customers_status.php');
		$xtPrice = new xtcPrice($_SESSION['currency'], $_SESSION['customers_status']['customers_status_id']);
	}
/*************************************************************/
	function create_shipping_address(){
		// Stand: 29.04.2009
		$pos = strrpos($_SESSION['reshash']['SHIPTONAME'], ' ');
		$lenght = strlen($_SESSION['reshash']['SHIPTONAME']);
		$firstname = $this->UTF8decode(substr($_SESSION['reshash']['SHIPTONAME'], 0, $pos));
		$lastname = $this->UTF8decode(substr($_SESSION['reshash']['SHIPTONAME'], ($pos+1), $lenght));
		$email_address = xtc_db_prepare_input($_SESSION['reshash']['EMAIL']);
		$company = xtc_db_prepare_input($_SESSION['reshash']['BUSINESS']);
		$street_address = xtc_db_prepare_input($this->UTF8decode($_SESSION['reshash']['SHIPTOSTREET'] . $_SESSION['reshash']['SHIPTOSTREET_2']));
		$postcode = xtc_db_prepare_input($_SESSION['reshash']['SHIPTOZIP']);
		$city = xtc_db_prepare_input($this->UTF8decode($_SESSION['reshash']['SHIPTOCITY']));
		$state = xtc_db_prepare_input($_SESSION['reshash']['SHIPTOSTATE']);
		$telephone = xtc_db_prepare_input($_SESSION['reshash']['PHONENUM']);
		$country_query = xtc_db_query("select * from ".TABLE_COUNTRIES." where countries_iso_code_2 = '".xtc_db_input($_SESSION['reshash']['SHIPTOCOUNTRYCODE'])."' ");
		$tmp_country = xtc_db_fetch_array($country_query);
		$country = xtc_db_prepare_input($tmp_country['countries_id']);
		$sql_data_array = array(
											'customers_id' => $_SESSION['customer_id'],
											'entry_firstname' => $firstname,
											'entry_lastname' => $lastname,
											'entry_street_address' => $street_address,
											'entry_postcode' => $postcode,
											'entry_city' => $city,
											'entry_country_id' => $country,
											'entry_company' => $company,
											'entry_zone_id' => '0',
											'entry_state' => $state,
											'address_date_added' => 'now()',
											'address_last_modified' => 'now()',
											'address_class' => 'paypal');
		$check_address_query = xtc_db_query("select address_book_id from ".TABLE_ADDRESS_BOOK." where customers_id = '".(int) $_SESSION['customer_id']."' and address_class = 'paypal'");
		$check_address = xtc_db_fetch_array($check_address_query);
		if($check_address['address_book_id']!='') {
			xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "address_book_id = '".(int) $check_address['address_book_id']."' and customers_id ='".(int) $_SESSION['customer_id']."'");
			$send_to = $check_address['address_book_id'];
		}else{
			xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
			$send_to = xtc_db_insert_id();
		}
		$_SESSION['sendto'] = $send_to;
	}
/*************************************************************/
/******* funktionen für beide versionen **********************/
/*************************************************************/
	//  hash_call: Function to perform the API call to PayPal using API signature
	//  @methodName is name of API  method.
	//  @nvpStr is nvp string.
	//  returns an associtive array containing the response from the server.
	//  08.01.2009.ergänzt für PHP ohne cURL von Stefan Kl.
	//  05.01.2010 Verbose auf 0 da bei einigen Hostern sonst zuviel angezeigt wird
	function hash_call($methodName,$nvpStr,$pp_token=''){
		// Stand: 05.01.2010
		if(function_exists('curl_init')):
			$ch = curl_init();
			curl_setopt($ch, CURLOPT_URL,$this->API_Endpoint.$pp_token);
			curl_setopt($ch, CURLOPT_VERBOSE, 0);
			//turning off the server and peer verification(TrustManager Concept).
			curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
			curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
			curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
			curl_setopt($ch, CURLOPT_POST, 1);
			//if USE_PROXY constant set to TRUE am Anfang dieser Datei, then only proxy will be enabled.
			//Set proxy name to PROXY_HOST and port number to PROXY_PORT im Anfang dieser Datei
			if($this->USE_PROXY)
				curl_setopt($ch, CURLOPT_PROXY, PROXY_HOST.":".PROXY_PORT);
			//NVPRequest for submitting to server
			$nvpreq="METHOD=".urlencode($methodName)."&VERSION=".urlencode($this->version)."&PWD=".urlencode($this->API_Password)."&USER=".urlencode($this->API_UserName)."&SIGNATURE=".urlencode($this->API_Signature).$nvpStr;
			//setting the nvpreq as POST FIELD to curl
			curl_setopt($ch,CURLOPT_POSTFIELDS,$nvpreq);
			//getting response from server
			$response = curl_exec($ch);
			//convrting NVPResponse to an Associative Array
			$nvpResArray=$this->deformatNVP($response);
			$nvpReqArray=$this->deformatNVP($nvpreq);
			$_SESSION['nvpReqArray']= $nvpReqArray;
			/* Mit cURL Fehleranzeige und nicht Versuch mit file_get_contents
			if(curl_errno($ch)) {
				// moving to display page to display curl errors
				$_SESSION['curl_error_no']=curl_errno($ch) ;
				$_SESSION['curl_error_msg']=curl_error($ch);
				$this->build_error_message($_SESSION['reshash']);
			}
			*/
			$curl_fehler=curl_errno($ch);
			//closing the curl
			curl_close($ch);
			//return $nvpResArray;
			if(!$curl_fehler)
				return $nvpResArray;
			//else:
		endif;
		/// Falls cURL nicht da oder Fehlerhaft
		global $API_Endpoint,$version,$API_UserName,$API_Password,$API_Signature,$nvp_Header;
		$nvpreq="METHOD=".urlencode($methodName)."&VERSION=".urlencode($this->version)."&PWD=".urlencode($this->API_Password)."&USER=".urlencode($this->API_UserName)."&SIGNATURE=".urlencode($this->API_Signature).$nvpStr;
		$request_post = array(
										'http'=>array(
										'method'=>'POST',
										'header'=>"Content-type: application/x-www-form-urlencoded\r\n",
										'content'=>$nvpreq));
		$request = stream_context_create($request_post);
		$response= file_get_contents($this->API_Endpoint.$pp_token, false, $request);
		$nvpResArray=$this->deformatNVP($response);
		$nvpReqArray=$this->deformatNVP($nvpreq);
		$_SESSION['nvpReqArray']= $nvpReqArray;
		return $nvpResArray;
		//endif;
	}
/*************************************************************/
	//  This function will take NVPString and convert it to an Associative Array and it will decode the response.
	//  It is usefull to search for a particular key and displaying arrays.
	//  @nvpstr is NVPString.
	//  @nvpArray is Associative Array.
	function deformatNVP($nvpstr){
		// Stand: 29.04.2009
		$intial=0;
		$nvpArray = array();
		while(strlen($nvpstr)){
			//postion of Key
			$keypos= strpos($nvpstr,'=');
			//position of value
			$valuepos = strpos($nvpstr,'&') ? strpos($nvpstr,'&'): strlen($nvpstr);
			// getting the Key and Value values and storing in a Associative Array
			$keyval=substr($nvpstr,$intial,$keypos);
			$valval=substr($nvpstr,$keypos+1,$valuepos-$keypos-1);
			//decoding the respose
			$nvpArray[urldecode($keyval)] =urldecode( $valval);
			$nvpstr=substr($nvpstr,$valuepos+1,strlen($nvpstr));
		}
		return $nvpArray;
	}
/*************************************************************/
	function build_error_message($resArray='',$Aufruf=''){
		// Stand: 29.04.2009
		global $messageStack;
		if(isset($_SESSION['curl_error_no'])) {
			$errorCode= $_SESSION['curl_error_no'] ;
			$errorMessage=$_SESSION['curl_error_msg'] ;
			$error .=  'Error Number: '.  $errorCode . '<br />';
			$error .=  'Error Message: '.  $errorMessage . '<br />';
		} else {
			$error .=  'Ack: '.  $resArray['ACK'] . '<br />';
			$error .=  'Correlation ID: '.  $resArray['CORRELATIONID']  . '<br />';
			$error .=  'Version:'.  $resArray['VERSION'] . '<br />';
			$count=0;
			$redirect=0;
			while(isset($resArray["L_SHORTMESSAGE".$count])) {
				$errorCode    = $resArray["L_ERRORCODE".$count];
				$shortMessage = $resArray["L_SHORTMESSAGE".$count];
				$longMessage  = $resArray["L_LONGMESSAGE".$count];
				if($Aufruf=='DoEx' AND ($errorCode=='10422' OR $errorCode=='10417'))
					$redirect=1;
				$count=$count+1;
				$error .=  'Error Number:'.  $errorCode . '<br />';
				$error .=  'Error Short Message: '.   $shortMessage . '<br />';
				$error .=  'Error Long Message: '.  $longMessage . '<br />';
			}//end while
			if($redirect==1)
				$_SESSION['reshash']['REDIRECTREQUIRED']="TRUE";
		}// end else
		$_SESSION['reshash']['FORMATED_ERRORS'] = $error;
	}
/*************************************************************/
	function paypal_get_products($paymentAmount,$order_tax,$order_discount,$order_fee,$order_shipping,$order_gs,$express_call=False){
		// für beide PayPal Versionen
		// Artikel Details mitgeben
		// Für den Express Call Vermerk für den Versand + Vorläufige Kosten mitgeben
		// Stand: 05.01.2010
		global $xtPrice,$order;
		$products_sum_amt = 0;
		$tmp_products='';
		for($i = 0, $n = sizeof($order->products); $i < $n; $i ++) {
			$products_price = round($order->products[$i]['price'],$xtPrice->get_decimal_places($order->info['currency']));
			$products_sum_amt+=$products_price*$order->products[$i]['qty'];
			$tmp_products .='&L_NAME'.$i.'='.urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",substr($order->products[$i]['name'],0,127))).
											'&L_NUMBER'.$i.'='.urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",substr($order->products[$i]['model'],0,127))).
											'&L_QTY'.$i.'='.urlencode($order->products[$i]['qty']).
											'&L_AMT'.$i.'='.urlencode(number_format($products_price, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
		}
		if($order_discount!=0):  // ist ein - Betrag !
			$products_sum_amt+=$order_discount;
			$tmp_products .='&L_NAME'.$i.'='.urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",substr(SUB_TITLE_OT_DISCOUNT,0,127))).
											'&L_NUMBER'.$i.'='.
											'&L_QTY'.$i.'=1'.
											'&L_AMT'.$i.'='.urlencode(number_format($order_discount, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
			$i++;
		endif;
		if($order_gs!=0):  // ist ein - Betrag !
			$products_sum_amt+=$order_gs;
			$tmp_products .='&L_NAME'.$i.'='.urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",substr(PAYPAL_GS,0,127))).
											'&L_NUMBER'.$i.'='.
											'&L_QTY'.$i.'=1'.
											…