PageRenderTime 41ms CodeModel.GetById 13ms RepoModel.GetById 0ms app.codeStats 0ms

/User/PHP/AquaticPrimeEsellerateMySQL.php

https://bitbucket.org/tgunr/aqpmanager
PHP | 250 lines | 179 code | 26 blank | 45 comment | 23 complexity | 8dd407796f987a5687a9379da13b82ec MD5 | raw file
Possible License(s): MIT 
    

  1. <?php
    2. 

  2. /** 
    3. 

  3.   * AquaticPrime eSellerate payment processor
    4. 

  4.   * Generates license files and emails them after handling eSellerate XML Order Notices
    5. 

  5.   * @author Tom Harrington, Atomic Bird (some portions adapted from examples by Lucas Newman)
    6. 

  6.   * @copyright Copyright &copy; 2006 Tom Harrington
    7. 

  7.   * @license http://www.opensource.org/licenses/bsd-license.php BSD License
    8. 

  8.   */
    9. 

  9. 

  10. require("Config.php");
    11. 

  11. require("AquaticPrime.php");
    12. 

  12. require("eSellerateXML.php");
    13. 

  13. 

  14. // Esellerate preview orders will not be processed unless $debug is 1.
    15. 

  15. $debug = 0;
    16. 

  16. 

  17. // Fields from OrderInfo you want in the database.  Customize as needed, only ORDER_NUMBER is required.
    18. 

  18. $orderInfoFields = array("CUSTOMER_IP",
    19. 

  19. 		"ORDER_NUMBER",
    20. 

  20. 		"STATUS",
    21. 

  21. 		"TRAN_DATE",
    22. 

  22. 		"FIRST_NAME",
    23. 

  23. 		"LAST_NAME",
    24. 

  24. 		"COMPANY",
    25. 

  25. 		"ADDRESS1",
    26. 

  26. 		"ADDRESS2",
    27. 

  27. 		"CITY",
    28. 

  28. 		"STATE",
    29. 

  29. 		"POSTAL",
    30. 

  30. 		"COUNTRY",
    31. 

  31. 		"PHONE",
    32. 

  32. 		"EMAIL",
    33. 

  33. 		"SHIP_FIRST_NAME",
    34. 

  34. 		"SHIP_LAST_NAME",
    35. 

  35. 		"SHIP_COMPANY",
    36. 

  36. 		"SHIP_ADDRESS1",
    37. 

  37. 		"SHIP_ADDRESS2",
    38. 

  38. 		"SHIP_CITY",
    39. 

  39. 		"SHIP_STATE",
    40. 

  40. 		"SHIP_POSTAL",
    41. 

  41. 		"SHIP_COUNTRY",
    42. 

  42. 		"CONTACT_ME",
    43. 

  43. 		"ORDER_DISCOUNT",
    44. 

  44. 		"SHIP_WEIGHT",
    45. 

  45. 		"SHIP_METHOD",
    46. 

  46. 		"SHIP_AMOUNT",
    47. 

  47. 		"ESELLER_ID",
    48. 

  48. 		"ESELLER_NAME",
    49. 

  49. 		"METHOD",
    50. 

  50. 		"SUB_METHOD",
    51. 

  51. 		"COUPON_ID",
    52. 

  52. 		"TRACKING_ID",
    53. 

  53. 		"VAT_COUNTRY",
    54. 

  54. 		"CURRENCY_CODE",
    55. 

  55. 		"AFFILIATE_ID",
    56. 

  56. 		"AFFILIATE_NAME",
    57. 

  57. 		"PORTAL_ID",
    58. 

  58. 		"PORTAL_NAME",
    59. 

  59. 		"CUSTOM_0",
    60. 

  60. 		"CUSTOM_1",
    61. 

  61. 		"CUSTOM_2",
    62. 

  62. 		"CUSTOM_3",
    63. 

  63. 		"CUSTOM_4",
    64. 

  64. 		"CUSTOM_5",
    65. 

  65. 		"CUSTOM_6",
    66. 

  66. 		"CUSTOM_7",
    67. 

  67. 		"CUSTOM_8",
    68. 

  68. 		"CUSTOM_9"
    69. 

  69. 		);
    70. 

  70. 

  71. $orderLinesFields = array("SKU_ID",
    72. 

  72. 		"SKU_TITLE",
    73. 

  73. 		"SHORT_DESCRIPTION",
    74. 

  74. 		"QUANTITY",
    75. 

  75. 		"UNIT_PRICE",
    76. 

  76. 		"PLATFORM",
    77. 

  77. 		"REGISTRATION_NAME",
    78. 

  78. 		"PROMPTED_VALUE",
    79. 

  79. 		"REGISTRATION_OTHER",
    80. 

  80. 		"EXPIRATION_DATE",
    81. 

  81. 		"SERIAL_NUMBER",
    82. 

  82. 		"PROCESSING_FEE",
    83. 

  83. 		"SALES_TAX_AMOUNT",
    84. 

  84. 		"AFFILIATE_COMMISION",
    85. 

  85. 		"VOLUME_DISCOUNT",
    86. 

  86. 		"CROSS_SELL_DISCOUNT",
    87. 

  87. 		"UP_SELL_GROUP_ID",
    88. 

  88. 		"UP_SELL_PARENT_SKU_ID"
    89. 

  89. 		);
    90. 

  90. 

  91. 	/***************************************************
    92. 

  92. 	The main body of the module. Note that the web server
    93. 

  93. 	must be configured to allow access to raw post data.
    94. 

  94. 	This can be done by adding the line:
    95. 

  95. 	php_flag always_populate_raw_post_data on
    96. 

  96. 	to .htaccess on Apache.
    97. 

  97. 	
    98. 

  98. 	Note: I have sometimes found that this is not necessary,
    99. 

  99. 	but I'm not sure why. Add it if you run into a problem.
    100. 

  100. 	It makes the $HTTP_RAW_POST_DATA variable valid.
    101. 

  101. 	***************************************************/
    102. 

  102. 

  103. 	// Work around a PHP 5.2.2 bug preventing POST data from reaching the script.
    104. 

  104. 	// See <http://bugs.php.net/bug.php?id=41293> for details.
    105. 

  105. 	if ($_SERVER["REQUEST_METHOD"] == "POST") {
    106. 

  106. 		if ( !isset( $HTTP_RAW_POST_DATA ) ) {
    107. 

  107. 			$HTTP_RAW_POST_DATA = file_get_contents("php://input");
    108. 

  108. 		}
    109. 

  109. 	}
    110. 

  110. 

  111. 	$xml_parser = xml_parser_create();
    112. 

  112. 	xml_set_element_handler($xml_parser, "startElement", "endElement");
    113. 

  113. 	xml_set_character_data_handler($xml_parser, "characterData");
    114. 

  114. 

  115. 	if (!xml_parse($xml_parser, $HTTP_RAW_POST_DATA, TRUE))
    116. 

  116. 	{
    117. 

  117. 		$msg = sprintf("XML error: %s at line %d",
    118. 

  118. 			xml_error_string(xml_get_error_code($xml_parser)),
    119. 

  119. 			xml_get_current_line_number($xml_parser));
    120. 

  120. 		xml_parser_free($xml_parser);
    121. 

  121. 		ReportFatalError($msg);
    122. 

  122. 	}
    123. 

  123. 

  124. 	xml_parser_free($xml_parser);
    125. 

  125. 

  126. 	// We have all the data in the $XmlData array
    127. 

  127. 

  128. 	// Check the secret text
    129. 

  129. 	if ($XmlData["ORDERNOTICEDS"]["ORDERINFO"]["ORDER_NOTICE_SECRET"]["_data"] != $order_notice_secret) {
    130. 

  130. 		ReportFatalError("Invalid order notice secret\n");
    131. 

  131. 	}
    132. 

  132. 

  133. 	// Ignore Preview orders
    134. 

  134. 	if (($debug == 0) && ($XmlData["ORDERNOTICEDS"]["ORDERINFO"]["STATUS"]["_data"] == "PREVIEW"))
    135. 

  135. 	{
    136. 

  136. 		ReportFatalError("No processing of preview order except in debug mode.\n");
    137. 

  137. 	}
    138. 

  138. 	
    139. 

  139. 	// We will open a MySql database and store the serial numbers
    140. 

  140. 	if (!TryOpenDb())
    141. 

  141. 	{
    142. 

  142. 		ReportFatalError($DbError);
    143. 

  143. 	}
    144. 

  144. 

  145. 	// The tables in eSellerate.sql are type InnoDB, so we can have the safety of transactions.
    146. 

  146. 	// The corresponding COMMIT is at the end of this file.  The ROLLBACK, if necessary, is over in ReportFatalError().
    147. 

  147. 	mysql_query("BEGIN");
    148. 

  148. 

  149. 	//$date = date("Y/m/d");
    150. 

  150. 	// Fix up the transaction date to give MySQL something it likes.
    151. 

  151. 	$tran_date_str = $XmlData["ORDERNOTICEDS"]["ORDERINFO"]["TRAN_DATE"]["_data"];
    152. 

  152. 	$tran_date_stamp = strtotime($tran_date_str);
    153. 

  153. 	$tran_date_for_sql = strftime("%Y-%m-%d", $tran_date_stamp);
    154. 

  154. 	$XmlData["ORDERNOTICEDS"]["ORDERINFO"]["TRAN_DATE"]["_data"] = $tran_date_for_sql;
    155. 

  155. 

  156. 	// Write the OrderInfo stuff to the database
    157. 

  157. 	$orderNumber = 	$XmlData["ORDERNOTICEDS"]["ORDERINFO"]["ORDER_NUMBER"]["_data"];
    158. 

  158. 	// First check and see whether the order's already in the database.
    159. 

  159. 	$sqlResult = mysql_query("SELECT ORDER_NUMBER from OrderInfo WHERE ORDER_NUMBER=\"$orderNumber\"");
    160. 

  160. 	if (!$sqlResult) {
    161. 

  161. 		ReportFatalError(mysql_error());
    162. 

  162. 	}
    163. 

  163. 	$numRows = mysql_num_rows($sqlResult);
    164. 

  164. 	mysql_free_result($sqlResult);
    165. 

  165. 	if ($numRows > 0) {
    166. 

  166. 		ReportFatalError("Order $orderNumber is already in the database\n");
    167. 

  167. 	}
    168. 

  168. 	// It wasn't there?  OK, put it there.
    169. 

  169. 	// Build a query string
    170. 

  170. 	$queryStringValues = array();
    171. 

  171. 	foreach ($orderInfoFields as $currentField) {
    172. 

  172. 		$queryStringValues[] = "\"" . mysql_real_escape_string($XmlData["ORDERNOTICEDS"]["ORDERINFO"][$currentField]["_data"]) . "\"";
    173. 

  173. 	}
    174. 

  174. 	$queryString = "INSERT INTO OrderInfo (" . join(", ", $orderInfoFields) . ")" .
    175. 

  175. 				" VALUES (" . join(", ", $queryStringValues) . ")";
    176. 

  176. 	if ($debug == 1) {
    177. 

  177. 		echo "$queryString\n";
    178. 

  178. 	}
    179. 

  179. 	// Do the insert
    180. 

  180. 	$sqlResult = mysql_query($queryString);
    181. 

  181. 	if (!$sqlResult) {
    182. 

  182. 		ReportFatalError(mysql_error());
    183. 

  183. 	}
    184. 

  184. 

  185. 	// For Aquatic Prime we really need the date and time (in case someone orders more than one copy
    186. 

  186. 	// the same day), so the date from eSellerate won't cut it.
    187. 

  187. 	$sn_date = strftime("%Y-%m-%d %H:%m:%S");
    188. 

  188. 	// Process each order line
    189. 

  189. 	for ($i = 0; $i < $nOrderLines; ++$i)
    190. 

  190. 	{
    191. 

  191. 		// Now do the AquaticPrime stuff
    192. 

  192. 		if (in_array($XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["SKU_ID"]["_data"], $aquaticPrimeSKUs)) {
    193. 

  193. 			$product = $XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["SKU_TITLE"]["_data"];
    194. 

  194. 			$name = $XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["REGISTRATION_NAME"]["_data"];
    195. 

  195. 			if ($name == "") {
    196. 

  196. 				$name = $XmlData["ORDERNOTICEDS"]["ORDERINFO"]["FIRST_NAME"]["_data"] . " " .
    197. 

  197. 					$XmlData["ORDERNOTICEDS"]["ORDERINFO"]["LAST_NAME"]["_data"];
    198. 

  198. 			}
    199. 

  199. 			$email = $XmlData["ORDERNOTICEDS"]["ORDERINFO"]["EMAIL"]["_data"];
    200. 

  200. 			$unit_price = $XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["UNIT_PRICE"]["_data"];
    201. 

  201. 			$count = $XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["QUANTITY"]["_data"];
    202. 

  202. 			// eSellerate only gives you the date, not the time (so we don't do RFC 2822 formatting here).
    203. 

  203. 			$transactionID = $orderNumber;
    204. 

  204. 			// Create our license dictionary to be signed
    205. 

  205. 			$dict = array("Product" => $product,
    206. 

  206. 					  "Name" => $name,
    207. 

  207. 					  "Email" => $email,
    208. 

  208. 					  "Licenses" => $count,
    209. 

  209. 					  "Timestamp" => $sn_date,
    210. 

  210. 					  "TransactionID" => $transactionID);
    211. 

  211. 			$license = licenseDataForDictionary($dict, $key, $privateKey);
    212. 

  212. 

  213. 			// Note that the database size for SERIAL_NUMBER was raised from 255 (eSellerate's size) to
    214. 

  214. 			// a MySQL TEXT field to fit alternate registration schemes.
    215. 

  215. 			$XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i]["SERIAL_NUMBER"]["_data"] = $license;
    216. 

  216. 

  217. 			$to = $email;
    218. 

  218. 

  219. 			$from = str_replace(array("##NAME##", "##EMAIL##"), array($name, $email), $from);
    220. 

  220. 			$subject = str_replace(array("##NAME##", "##EMAIL##"), array($name, $email), $subject);
    221. 

  221. 			$message = str_replace(array("##NAME##", "##EMAIL##", "##LICENSES##"), array($name, $email, $count), $message);
    222. 

  222. 			$licenseName = str_replace(array("##NAME##", "##EMAIL##"), array($name, $email), $licenseName);
    223. 

  223. 			$bcc = str_replace(array("##NAME##", "##EMAIL##"), array($name, $email), $bcc);
    224. 

  224. 

  225. 			sendMail($to, $from, $subject, $message, $license, $licenseName, $bcc);
    226. 

  226. 		}
    227. 

  227. 

  228. 		// Build a query string
    229. 

  229. 		$queryStringValues = array();
    230. 

  230. 		foreach ($orderLinesFields as $currentField) {
    231. 

  231. 			$queryStringValues[] = "\"" . mysql_real_escape_string($XmlData["ORDERNOTICEDS"]["ORDERLINES"][$i][$currentField]["_data"]) . "\"";
    232. 

  232. 		}
    233. 

  233. 		$queryString = "INSERT INTO OrderLines (" . join(", ", $orderLinesFields) . ", ORDER_NUMBER, SN_DATE)" .
    234. 

  234. 					" VALUES (" . join(", ", $queryStringValues) . ", \"$orderNumber\", \"$sn_date\")";
    235. 

  235. 		if ($debug == 1) {
    236. 

  236. 			echo "$queryString\n";
    237. 

  237. 		}
    238. 

  238. 		// Do the insert
    239. 

  239. 

  240. 		$sqlResult = mysql_query($queryString);
    241. 

  241. 		if (!$sqlResult) {
    242. 

  242. 			ReportFatalError(mysql_error());
    243. 

  243. 		}
    244. 

  244. 

  245. 	}
    246. 

  246. 

  247. 	mysql_query("COMMIT");
    248. 

  248. 	CloseDb();
    249. 

  249. 

  250. ?>
    251. 

  251.