PageRenderTime 52ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/wp-content/plugins/wp-e-commerce/wpsc-merchants/paypal-express.merchant.php

https://github.com/AaronFernandes/aquestionof
PHP | 742 lines | 512 code | 110 blank | 120 comment | 66 complexity | f000b0551cc70aec2ad4423d91a08dcf MD5 | raw file
Possible License(s): AGPL-1.0, GPL-2.0 
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * This is the PayPal Certified 2.0 Gateway. 
    4. 

  4.  * It uses the wpsc_merchant class as a base class which is handy for collating user details and cart contents.
    5. 

  5.  */
    6. 

  6. 

  7.  /*
    8. 

  8.   * This is the gateway variable $nzshpcrt_gateways, it is used for displaying gateway information on the wp-admin pages and also
    9. 

  9.   * for internal operations.
    10. 

  10.   */
    11. 

  11. $nzshpcrt_gateways[$num] = array(
    12. 

  12. 	'name' =>  __( 'PayPal Express Checkout 2.0', 'wpsc' ),
    13. 

  13. 	'api_version' => 2.0,
    14. 

  14. 	'image' => WPSC_URL . '/images/paypal.gif',
    15. 

  15. 	'class_name' => 'wpsc_merchant_paypal_express',
    16. 

  16. 	'has_recurring_billing' => false,
    17. 

  17. 	'wp_admin_cannot_cancel' => true,
    18. 

  18. 	'display_name' => __( 'PayPal Express', 'wpsc' ),
    19. 

  19. 	'requirements' => array(
    20. 

  20. 		/// so that you can restrict merchant modules to PHP 5, if you use PHP 5 features
    21. 

  21. 		'php_version' => 4.3,
    22. 

  22. 		 /// for modules that may not be present, like curl
    23. 

  23. 		'extra_modules' => array()
    24. 

  24. 	),
    25. 

  25. 	
    26. 

  26. 	// this may be legacy, not yet decided
    27. 

  27. 	'internalname' => 'wpsc_merchant_paypal_express',
    28. 

  28. 

  29. 	// All array members below here are legacy, and use the code in paypal_multiple.php
    30. 

  30. 	'form' => 'form_paypal_express',
    31. 

  31. 	'submit_function' => 'submit_paypal_express',
    32. 

  32. 	'payment_type' => 'paypal',
    33. 

  33. 	'supported_currencies' => array(
    34. 

  34. 		'currency_list' =>  array('AUD', 'BRL', 'CAD', 'CHF', 'CZK', 'DKK', 'EUR', 'GBP', 'HKD', 'HUF', 'ILS', 'JPY', 'MXN', 'MYR', 'NOK', 'NZD', 'PHP', 'PLN', 'SEK', 'SGD', 'THB', 'TWD', 'USD'),
    35. 

  35. 		'option_name' => 'paypal_curcode'
    36. 

  36. 	)
    37. 

  37. );
    38. 

  38. 

  39. 

  40. 

  41. /**
    42. 

  42. 	* WP eCommerce PayPal Express Checkout Merchant Class
    43. 

  43. 	*
    44. 

  44. 	* This is the paypal express checkout merchant class, it extends the base merchant class
    45. 

  45. 	*
    46. 

  46. 	* @package wp-e-commerce
    47. 

  47. 	* @since 3.8
    48. 

  48. 	* @subpackage wpsc-merchants
    49. 

  49. */
    50. 

  50. class wpsc_merchant_paypal_express extends wpsc_merchant {
    51. 

  51.   var $name = 'PayPal Express';
    52. 

  52.   var $paypal_ipn_values = array();
    53. 

  53. 

  54. 	/**
    55. 

  55. 	* construct value array method, converts the data gathered by the base class code to something acceptable to the gateway
    56. 

  56. 	* @access public
    57. 

  57. 	*/
    58. 

  58. 	function construct_value_array() {
    59. 

  59. 		global $PAYPAL_URL;
    60. 

  60. 		$PROXY_HOST = '127.0.0.1';
    61. 

  61. 		$PROXY_PORT = '808';
    62. 

  62. 		$USE_PROXY = false;
    63. 

  63. 		$version="56.0";
    64. 

  64. 	
    65. 

  65. 		// PayPal API Credentials 
    66. 

  66. 		$API_UserName=get_option('paypal_certified_apiuser');
    67. 

  67. 		$API_Password=get_option('paypal_certified_apipass');
    68. 

  68. 		$API_Signature=get_option('paypal_certified_apisign');
    69. 

  69. 	
    70. 

  70. 		// BN Code 	is only applicable for partners
    71. 

  71. 		$sBNCode = "PP-ECWizard";
    72. 

  72. 		
    73. 

  73. 		if ('sandbox'  == get_option('paypal_certified_server_type')) {
    74. 

  74. 			$API_Endpoint = "https://api-3t.sandbox.paypal.com/nvp";
    75. 

  75. 			$PAYPAL_URL = "https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=";
    76. 

  76. 		}else{
    77. 

  77. 			$API_Endpoint = "https://api-3t.paypal.com/nvp";
    78. 

  78. 			$PAYPAL_URL = "https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=";
    79. 

  79. 		}
    80. 

  80. 	
    81. 

  81. 		//$collected_gateway_data
    82. 

  82. 		$paypal_vars = array();		
    83. 

  83. 

  84. 		// User settings to be sent to paypal
    85. 

  85. 		$paypal_vars += array(
    86. 

  86. 			'email' => $this->cart_data['email_address'],
    87. 

  87. 			'first_name' => $this->cart_data['shipping_address']['first_name'],
    88. 

  88. 			'last_name' => $this->cart_data['shipping_address']['last_name'],
    89. 

  89. 			'address1' => $this->cart_data['shipping_address']['address'],
    90. 

  90. 			'city' => $this->cart_data['shipping_address']['city'],
    91. 

  91. 			'country' => $this->cart_data['shipping_address']['country'],
    92. 

  92. 			'zip' => $this->cart_data['shipping_address']['post_code']
    93. 

  93. 			);
    94. 

  94. 		if($this->cart_data['shipping_address']['state'] != '') {
    95. 

  95. 			$paypal_vars += array(
    96. 

  96. 				'state' => $this->cart_data['shipping_address']['state']
    97. 

  97. 			);
    98. 

  98. 		}
    99. 

  99. 

  100. 		$this->collected_gateway_data = $paypal_vars;
    101. 

  101. 	}
    102. 

  102. 	
    103. 

  103. 	/**
    104. 

  104. 	* submit method, sends the received data to the payment gateway
    105. 

  105. 	* @access public
    106. 

  106. 	*/
    107. 

  107. 	function submit() {
    108. 

  108. 		//$_SESSION['paypalExpressMessage']= '<h4>Transaction Canceled</h4>';
    109. 

  109. 

  110. 		// PayPal Express Checkout Module		
    111. 

  111. 		$paymentAmount = $this->cart_data['total_price'];
    112. 

  112. 		$_SESSION['paypalAmount'] = $paymentAmount;
    113. 

  113. 		$_SESSION['paypalexpresssessionid'] = $this->cart_data['session_id'];
    114. 

  114. 		paypal_express_currencyconverter();
    115. 

  115. 

  116. 		$currencyCodeType = get_option('paypal_curcode');
    117. 

  117. 		$paymentType = "Sale";
    118. 

  118. 		
    119. 

  119. 		if(get_option('permalink_structure') != '')
    120. 

  120. 			$separator ="?";
    121. 

  121. 		else
    122. 

  122. 			$separator ="&";
    123. 

  123. 

  124. 		$transact_url = get_option('transact_url');
    125. 

  125. 		$returnURL =  $transact_url.$separator."sessionid=".$this->cart_data['session_id']."&gateway=paypal";
    126. 

  126. 		$cancelURL = get_option('shopping_cart_url');
    127. 

  127. 		$resArray = $this->CallShortcutExpressCheckout ($paymentAmount, $currencyCodeType, $paymentType, $returnURL, $cancelURL);
    128. 

  128. 		$ack = strtoupper($resArray["ACK"]);
    129. 

  129. 		
    130. 

  130. 		if($ack=="SUCCESS")	{
    131. 

  131. 			$this->RedirectToPayPal ( $resArray["TOKEN"] );
    132. 

  132. 		} else  {
    133. 

  133. 			//Display a user friendly Error on the page using any of the following error information returned by PayPal
    134. 

  134. 			$ErrorCode = urldecode($resArray["L_ERRORCODE0"]);
    135. 

  135. 			$ErrorShortMsg = urldecode($resArray["L_SHORTMESSAGE0"]);
    136. 

  136. 			$ErrorLongMsg = urldecode($resArray["L_LONGMESSAGE0"]);
    137. 

  137. 			$ErrorSeverityCode = urldecode($resArray["L_SEVERITYCODE0"]);
    138. 

  138. 			
    139. 

  139. 			echo "SetExpressCheckout API call failed. ";
    140. 

  140. 			echo "<br />Detailed Error Message: " . $ErrorLongMsg;
    141. 

  141. 			echo "<br />Short Error Message: " . $ErrorShortMsg;
    142. 

  142. 			echo "<br />Error Code: " . $ErrorCode;
    143. 

  143. 			echo "<br />Error Severity Code: " . $ErrorSeverityCode;
    144. 

  144. 		}
    145. 

  145. 	    exit();
    146. 

  146. 

  147. 	}
    148. 

  148. 	
    149. 

  149. 	function CallShortcutExpressCheckout( $paymentAmount, $currencyCodeType, $paymentType, $returnURL, $cancelURL) {
    150. 

  150. 		global $wpdb;
    151. 

  151. 	
    152. 

  152. 		$nvpstr = "&Amt=". $paymentAmount;
    153. 

  153. 		$nvpstr = $nvpstr . "&PAYMENTACTION=" . $paymentType;
    154. 

  154. 		$nvpstr = $nvpstr . "&RETURNURL=" . $returnURL;
    155. 

  155. 		$nvpstr = $nvpstr . "&CANCELURL=" . $cancelURL;
    156. 

  156. 		$nvpstr = $nvpstr . "&CURRENCYCODE=" . $currencyCodeType;
    157. 

  157. 		$data = array();
    158. 

  158. 		if(!isset($this->cart_data['shipping_address']['first_name']) && !isset($this->cart_data['shipping_address']['last_name'])){
    159. 

  159. 			$this->cart_data['shipping_address']['first_name'] =$this->cart_data['billing_address']['first_name'];
    160. 

  160. 			$this->cart_data['shipping_address']['last_name'] = $this->cart_data['billing_address']['last_name'];
    161. 

  161. 			
    162. 

  162. 		}
    163. 

  163. 		$data += array(
    164. 

  164. 			'SHIPTONAME'		=> $this->cart_data['shipping_address']['first_name'].' '.$this->cart_data['shipping_address']['last_name'],
    165. 

  165. 			'SHIPTOSTREET' 		=> $this->cart_data['shipping_address']['address'],
    166. 

  166. 			'SHIPTOCITY'		=> $this->cart_data['shipping_address']['city'],
    167. 

  167. 			'SHIPTOCOUNTRYCODE' => $this->cart_data['shipping_address']['country'],
    168. 

  168. 			'SHIPTOZIP'			=> $this->cart_data['shipping_address']['post_code']
    169. 

  169. 		);
    170. 

  170. 		if( '' != $this->cart_data['shipping_address']['state']){
    171. 

  171. 			$data += array(
    172. 

  172. 				'SHIPTOSTATE' => $this->cart_data['shipping_address']['state']
    173. 

  173. 				);
    174. 

  174. 		}	
    175. 

  175. 

  176. 		if(count($data) >= 4) {
    177. 

  177. 			$temp_data = array();
    178. 

  178. 			foreach($data as $key => $value)
    179. 

  179. 				$temp_data[] = $key."=".$value;
    180. 

  180. 	
    181. 

  181. 			$nvpstr = $nvpstr . "&".implode("&",$temp_data);
    182. 

  182. 		}
    183. 

  183. 		$_SESSION["currencyCodeType"] = $currencyCodeType;	  
    184. 

  184. 		$_SESSION["PaymentType"] = $paymentType;
    185. 

  185. 	    $resArray= paypal_hash_call("SetExpressCheckout", $nvpstr);
    186. 

  186. 		$ack = strtoupper($resArray["ACK"]);
    187. 

  187. 		if($ack=="SUCCESS")	{
    188. 

  188. 			$token = urldecode($resArray["TOKEN"]);
    189. 

  189. 			$_SESSION['token']=$token;
    190. 

  190. 		}
    191. 

  191. 		   
    192. 

  192. 	    return $resArray;
    193. 

  193. 	}
    194. 

  194. 

  195. 	function RedirectToPayPal ( $token ){
    196. 

  196. 		global $PAYPAL_URL;
    197. 

  197. 		// Redirect to paypal.com here
    198. 

  198. 		$payPalURL = $PAYPAL_URL . $token;
    199. 

  199. //		echo 'REDIRECT:'.$payPalURL;
    200. 

  200. 		wp_redirect($payPalURL);
    201. 

  201. //		exit();
    202. 

  202. 	}
    203. 

  203. 

  204. 	
    205. 

  205. 

  206. 	
    207. 

  207. } // end of class
    208. 

  208. 

  209. 

  210. /**
    211. 

  211.  * Saving of PayPal Express Settings
    212. 

  212.  * @access public
    213. 

  213.  *
    214. 

  214.  * @since 3.8
    215. 

  215.  */
    216. 

  216. function submit_paypal_express() {  
    217. 

  217. 	if(isset($_POST['paypal_certified_apiuser']))
    218. 

  218. 		update_option('paypal_certified_apiuser', $_POST['paypal_certified_apiuser']);
    219. 

  219. 	
    220. 

  220. 	if(isset($_POST['paypal_certified_apipass']))
    221. 

  221. 		update_option('paypal_certified_apipass', $_POST['paypal_certified_apipass']);
    222. 

  222. 	
    223. 

  223. 	if(isset($_POST['paypal_curcode']))
    224. 

  224. 		update_option('paypal_curcode', $_POST['paypal_curcode']);
    225. 

  225. 	
    226. 

  226. 	if(isset($_POST['paypal_certified_apisign']))
    227. 

  227. 		update_option('paypal_certified_apisign', $_POST['paypal_certified_apisign']);
    228. 

  228. 	
    229. 

  229. 	if(isset($_POST['paypal_certified_server_type']))
    230. 

  230. 		update_option('paypal_certified_server_type', $_POST['paypal_certified_server_type']);
    231. 

  231. 	
    232. 

  232. 	return true;
    233. 

  233. }
    234. 

  234. 

  235. /**
    236. 

  236.  * Form Express Returns the Settings Form Fields
    237. 

  237.  * @access public
    238. 

  238.  *
    239. 

  239.  * @since 3.8
    240. 

  240.  * @return $output string containing Form Fields
    241. 

  241.  */
    242. 

  242. function form_paypal_express() {
    243. 

  243. 	global $wpdb, $wpsc_gateways;
    244. 

  244. 	
    245. 

  245. 	$serverType1 = '';
    246. 

  246. 	$serverType2 = '';
    247. 

  247. 	$select_currency[get_option('paypal_curcode')] = "selected='selected'";
    248. 

  248. 	
    249. 

  249.   	if (get_option('paypal_certified_server_type') == 'sandbox')
    250. 

  250. 		$serverType1="checked='checked'";
    251. 

  251. 	elseif(get_option('paypal_certified_server_type') == 'production')
    252. 

  252. 		$serverType2 ="checked='checked'";
    253. 

  253. 	
    254. 

  254. 	$output = "
    255. 

  255. 		<tr>
    256. 

  256. 		  <td>" . __('API Username', 'wpsc' ) . "
    257. 

  257. 		  </td>
    258. 

  258. 		  <td>
    259. 

  259. 		  <input type='text' size='40' value='".get_option('paypal_certified_apiuser')."' name='paypal_certified_apiuser' />
    260. 

  260. 		  </td>
    261. 

  261. 		</tr>
    262. 

  262. 		<tr>
    263. 

  263. 		  <td>" . __('API Password', 'wpsc' ) . "
    264. 

  264. 		  </td>
    265. 

  265. 		  <td>
    266. 

  266. 		  <input type='text' size='40' value='".get_option('paypal_certified_apipass')."' name='paypal_certified_apipass' />
    267. 

  267. 		  </td>
    268. 

  268. 		</tr>
    269. 

  269. 		<tr>
    270. 

  270. 		 <td>" . __('API Signature', 'wpsc' ) . "
    271. 

  271. 		 </td>
    272. 

  272. 		 <td>
    273. 

  273. 		 <input type='text' size='70' value='".get_option('paypal_certified_apisign')."' name='paypal_certified_apisign' />
    274. 

  274. 		 </td>
    275. 

  275. 		</tr>
    276. 

  276. 		<tr>
    277. 

  277. 		 <td>" . __('Server Type', 'wpsc' ) . "
    278. 

  278. 		 </td>
    279. 

  279. 		 <td>
    280. 

  280. 			<input $serverType1 type='radio' name='paypal_certified_server_type' value='sandbox' /> " . __('Sandbox (For testing)', 'wpsc' ) . "
    281. 

  281. 			<input $serverType2 type='radio' name='paypal_certified_server_type' value='production' /> " . __('Production', 'wpsc' ) . "
    282. 

  282. 		 </td>
    283. 

  283. 		</tr>";
    284. 

  284. 		
    285. 

  285. 		$store_currency_code = $wpdb->get_var("SELECT `code` FROM `".WPSC_TABLE_CURRENCY_LIST."` WHERE `id` IN ('".absint(get_option('currency_type'))."')");
    286. 

  286. 		$current_currency = get_option('paypal_curcode');
    287. 

  287. 

  288. 		if(($current_currency == '') && in_array($store_currency_data['code'], $wpsc_gateways['wpsc_merchant_paypal_express']['supported_currencies']['currency_list'])) {
    289. 

  289. 			update_option('paypal_curcode', $store_currency_data['code']);
    290. 

  290. 			$current_currency = $store_currency_data['code'];
    291. 

  291. 		}
    292. 

  292. 		if($current_currency != $store_currency_code) {
    293. 

  293. 			$output .= "<tr> <td colspan='2'><strong class='form_group'>".__('Currency Converter')."</td> </tr>
    294. 

  294. 			<tr>
    295. 

  295. 				<td colspan='2'>".__('Your website is using a currency not accepted by PayPal, select an accepted currency using the drop down menu bellow. Buyers on your site will still pay in your local currency however we will convert the currency and send the order through to PayPal using the currency you choose below.', 'wpsc')."</td>
    296. 

  296. 			</tr>\n";
    297. 

  297. 		
    298. 

  298. 			$output .= "<tr>\n <td>" . __('Convert to', 'wpsc' ) . " </td>\n ";
    299. 

  299. 			$output .= "<td>\n <select name='paypal_curcode'>\n";
    300. 

  300. 	
    301. 

  301. 			if (!isset($wpsc_gateways['wpsc_merchant_paypal_express']['supported_currencies']['currency_list'])) 
    302. 

  302. 				$wpsc_gateways['wpsc_merchant_paypal_express']['supported_currencies']['currency_list'] = array();
    303. 

  303. 			
    304. 

  304. 			$paypal_currency_list = $wpsc_gateways['wpsc_merchant_paypal_express']['supported_currencies']['currency_list'];
    305. 

  305. 	
    306. 

  306. 			$currency_list = $wpdb->get_results("SELECT DISTINCT `code`, `currency` FROM `".WPSC_TABLE_CURRENCY_LIST."` WHERE `code` IN ('".implode("','",$paypal_currency_list)."')", ARRAY_A);
    307. 

  307. 			foreach($currency_list as $currency_item) {
    308. 

  308. 				$selected_currency = '';
    309. 

  309. 				if($current_currency == $currency_item['code']) {
    310. 

  310. 					$selected_currency = "selected='selected'";
    311. 

  311. 				}
    312. 

  312. 				$output .= "<option ".$selected_currency." value='{$currency_item['code']}'>{$currency_item['currency']}</option>";
    313. 

  313. 			}
    314. 

  314. 			$output .= "            </select> \n";
    315. 

  315. 			$output .= "          </td>\n";
    316. 

  316. 			$output .= "       </tr>\n";
    317. 

  317. 		}
    318. 

  318.  
    319. 

  319.   	return $output;
    320. 

  320. }
    321. 

  321. 

  322.   
    323. 

  323. function paypal_express_currencyconverter(){
    324. 

  324. 	global $wpdb;
    325. 

  325. 	$currency_code = $wpdb->get_var("SELECT `code` FROM `".WPSC_TABLE_CURRENCY_LIST."` WHERE `id`='".get_option('currency_type')."' LIMIT 1");
    326. 

  326. 	$local_currency_code = $currency_code;
    327. 

  327. 	$paypal_currency_code = get_option('paypal_curcode');
    328. 

  328. 	if($paypal_currency_code == '')
    329. 

  329. 		$paypal_currency_code = 'US';
    330. 

  330. 	
    331. 

  331. 	$curr=new CURRENCYCONVERTER();
    332. 

  332. 	if($paypal_currency_code != $local_currency_code) {
    333. 

  333. 		$paypal_currency_productprice = $curr->convert($_SESSION['paypalAmount'],$paypal_currency_code,$local_currency_code);
    334. 

  334. 		$paypal_currency_shipping = $curr->convert($local_currency_shipping,$paypal_currency_code,$local_currency_code);
    335. 

  335. 		$base_shipping = $curr->convert($purchase_log['base_shipping'],$paypal_currency_code, $local_currency_code);
    336. 

  336. 	} else {
    337. 

  337. 		$paypal_currency_productprice = $_SESSION['paypalAmount'];
    338. 

  338. 		$paypal_currency_shipping = $local_currency_shipping;
    339. 

  339. 		$base_shipping = $purchase_log['base_shipping'];
    340. 

  340. 	}
    341. 

  341. 	switch($paypal_currency_code) {
    342. 

  342. 	    case "JPY":
    343. 

  343. 	    $decimal_places = 0;
    344. 

  344. 	    break;
    345. 

  345. 	    
    346. 

  346. 	    case "HUF":
    347. 

  347. 	    $decimal_places = 0;
    348. 

  348. 	    break;
    349. 

  349. 	    
    350. 

  350. 	    default:
    351. 

  351. 	    $decimal_places = 2;
    352. 

  352. 	    break;
    353. 

  353. 	}
    354. 

  354. 	$_SESSION['paypalAmount'] = number_format(sprintf("%01.2f", $paypal_currency_productprice),$decimal_places,'.','');
    355. 

  355. 	
    356. 

  356. }
    357. 

  357. 

  358. 

  359. /**
    360. 

  360.  * prcessing functions, this is where the main logic of paypal express lives
    361. 

  361.  * @access public
    362. 

  362.  *
    363. 

  363.  * @since 3.8
    364. 

  364.  */
    365. 

  365. function paypal_processingfunctions(){
    366. 

  366. 	global $wpdb, $wpsc_cart;
    367. 

  367. 

  368. 	$sessionid = '';
    369. 

  369. 	if (isset($_SESSION['paypalexpresssessionid']))
    370. 

  370. 	$sessionid = $_SESSION['paypalexpresssessionid'];
    371. 

  371. 	if(isset($_REQUEST['act']) && ($_REQUEST['act']=='error')){
    372. 

  372. 		session_start();
    373. 

  373. 		$resArray=$_SESSION['reshash']; 
    374. 

  374. 		$_SESSION['paypalExpressMessage']= '
    375. 

  375. 		<center>
    376. 

  376. 		<table width="700" align="left">
    377. 

  377. 		<tr>
    378. 

  378. 			<td colspan="2" class="header">' . __('The PayPal API has returned an error!', 'wpsc' ) . '</td>
    379. 

  379. 		</tr>
    380. 

  380. 		';
    381. 

  381. 	    //it will print if any URL errors 
    382. 

  382. 		if(isset($_SESSION['curl_error_msg'])) { 
    383. 

  383. 			$errorMessage=$_SESSION['curl_error_msg'] ;	
    384. 

  384. 			$response = $_SESSION['response'];
    385. 

  385. 			session_unset();	
    386. 

  386. 			
    387. 

  387. 			$_SESSION['paypalExpressMessage'].='
    388. 

  388. 			<tr>
    389. 

  389. 				<td>response:</td>
    390. 

  390. 				<td>'.$response.'</td>
    391. 

  391. 			</tr>
    392. 

  392. 			   
    393. 

  393. 			<tr>
    394. 

  394. 				<td>Error Message:</td>
    395. 

  395. 				<td>'.$errorMessage.'</td>
    396. 

  396. 			</tr>';
    397. 

  397. 		 } else {
    398. 

  398. 	
    399. 

  399. 			/* If there is no URL Errors, Construct the HTML page with 
    400. 

  400. 			   Response Error parameters.   */
    401. 

  401. 			$_SESSION['paypalExpressMessage'] .="
    402. 

  402. 				<tr>
    403. 

  403. 					<td>Ack:</td>
    404. 

  404. 					<td>".$resArray['ACK']."</td>
    405. 

  405. 				</tr>
    406. 

  406. 				<tr>
    407. 

  407. 					<td>Correlation ID:</td>
    408. 

  408. 					<td>".$resArray['CORRELATIONID']."</td>
    409. 

  409. 				</tr>
    410. 

  410. 				<tr>
    411. 

  411. 					<td>Version:</td>
    412. 

  412. 					<td>".$resArray['VERSION']."</td>
    413. 

  413. 				</tr>";
    414. 

  414. 			
    415. 

  415. 			$count=0;
    416. 

  416. 			while (isset($resArray["L_SHORTMESSAGE".$count])) {		
    417. 

  417. 				$errorCode    = $resArray["L_ERRORCODE".$count];
    418. 

  418. 				$shortMessage = $resArray["L_SHORTMESSAGE".$count];
    419. 

  419. 				$longMessage  = $resArray["L_LONGMESSAGE".$count]; 
    420. 

  420. 				$count=$count+1; 
    421. 

  421. 				$_SESSION['paypalExpressMessage'] .="
    422. 

  422. 					<tr>
    423. 

  423. 						<td>" . __('Error Number:', 'wpsc' ) . "</td>
    424. 

  424. 						<td> $errorCode </td>
    425. 

  425. 					</tr>
    426. 

  426. 					<tr>
    427. 

  427. 						<td>" . __('Short Message:', 'wpsc' ) . "</td>
    428. 

  428. 						<td> $shortMessage </td>
    429. 

  429. 					</tr>
    430. 

  430. 					<tr>
    431. 

  431. 						<td>" . __('Long Message:', 'wpsc' ) . "</td>
    432. 

  432. 						<td> $longMessage </td>
    433. 

  433. 					</tr>";
    434. 

  434. 			
    435. 

  435. 		 	}//end while
    436. 

  436. 		}// end else
    437. 

  437. 		$_SESSION['paypalExpressMessage'] .="
    438. 

  438. 			</center>
    439. 

  439. 				</table>";
    440. 

  440. 	
    441. 

  441. 	}else if(isset($_REQUEST['act']) && ($_REQUEST['act']=='do')){
    442. 

  442. 		session_start();		
    443. 

  443. 

  444. 		/* Gather the information to make the final call to
    445. 

  445. 		   finalize the PayPal payment.  The variable nvpstr
    446. 

  446. 		   holds the name value pairs   */
    447. 

  447. 		
    448. 

  448. 		$token =urlencode($_REQUEST['token']);
    449. 

  449. 		$paymentAmount =urlencode ($_SESSION['paypalAmount']);
    450. 

  450. 		$paymentType = urlencode($_SESSION['paymentType']);
    451. 

  451. 		$currCodeType = urlencode(get_option('paypal_curcode'));
    452. 

  452. 		$payerID = urlencode($_REQUEST['PayerID']);
    453. 

  453. 		$serverName = urlencode($_SERVER['SERVER_NAME']);
    454. 

  454. 		$BN='Instinct_e-commerce_wp-shopping-cart_NZ';	
    455. 

  455. 		$nvpstr='&TOKEN='.$token.'&PAYERID='.$payerID.'&PAYMENTACTION=Sale&AMT='.$paymentAmount.'&CURRENCYCODE='.$currCodeType.'&IPADDRESS='.$serverName."&BUTTONSOURCE=".$BN ;
    456. 

  456. 		$resArray=paypal_hash_call("DoExpressCheckoutPayment",$nvpstr);
    457. 

  457. 		
    458. 

  458. 		/* Display the API response back to the browser.
    459. 

  459. 		   If the response from PayPal was a success, display the response parameters'
    460. 

  460. 		   If the response was an error, display the errors received using APIError.php. */
    461. 

  461. 		$ack = strtoupper($resArray["ACK"]);
    462. 

  462. 		$_SESSION['reshash']=$resArray;
    463. 

  463. 		if($ack!="SUCCESS"){
    464. 

  464. 			$location = get_option('transact_url')."&act=error";
    465. 

  465. 		}else{
    466. 

  466. 			$transaction_id = $wpdb->escape($resArray['TRANSACTIONID']);
    467. 

  467. 			switch($resArray['PAYMENTSTATUS']) {
    468. 

  468. 				case 'Processed': // I think this is mostly equivalent to Completed
    469. 

  469. 				case 'Completed':
    470. 

  470. 				$wpdb->query("UPDATE `".WPSC_TABLE_PURCHASE_LOGS."` SET `processed` = '3' WHERE `sessionid` = ".$sessionid." LIMIT 1");
    471. 

  471. 	
    472. 

  472. 				transaction_results($_SESSION['wpsc_sessionid'], false, $transaction_id);
    473. 

  473. 				break;
    474. 

  474. 		
    475. 

  475. 				case 'Pending': // need to wait for "Completed" before processing
    476. 

  476. 				$wpdb->query("UPDATE `".WPSC_TABLE_PURCHASE_LOGS."` SET `transactid` = '".$transaction_id."',`processed` = '2', `date` = '".time()."'  WHERE `sessionid` = ".$sessionid." LIMIT 1");
    477. 

  477. 				break;
    478. 

  478. 			}
    479. 

  479. 			$location = add_query_arg('sessionid', $sessionid, get_option('transact_url'));
    480. 

  480. 			
    481. 

  481. 			$_SESSION['paypalExpressMessage'] = null;
    482. 

  482. 			wp_redirect($location);
    483. 

  483. 			exit();
    484. 

  484. 		}
    485. 

  485. 	
    486. 

  486. 		@$_SESSION['nzshpcrt_serialized_cart'] = '';
    487. 

  487. 		$_SESSION['nzshpcrt_cart'] = '';
    488. 

  488. 		$_SESSION['nzshpcrt_cart'] = Array();	 
    489. 

  489. 		$wpsc_cart->empty_cart();
    490. 

  490. 				
    491. 

  491. 	} else if(isset($_REQUEST['paymentType']) || isset($_REQUEST['token'])){
    492. 

  492. 

  493. 		$token = $_REQUEST['token'];
    494. 

  494. 		if(!isset($token)) {
    495. 

  495. 		   $paymentAmount=$_SESSION['paypalAmount'];
    496. 

  496. 		   $currencyCodeType=get_option('paypal_curcode');
    497. 

  497. 		   $paymentType='Sale';
    498. 

  498. 			if(get_option('permalink_structure') != '')
    499. 

  499. 				$separator ="?";
    500. 

  500. 			else
    501. 

  501. 				$separator ="&";
    502. 

  502. 			
    503. 

  503. 			$returnURL =urlencode(get_option('transact_url').$separator.'currencyCodeType='.$currencyCodeType.'&paymentType='.$paymentType.'&paymentAmount='.$paymentAmount);
    504. 

  504. 			$cancelURL =urlencode(get_option('transact_url').$separator.'paymentType=$paymentType' );
    505. 

  505. 		
    506. 

  506. 			/* Construct the parameter string that describes the PayPal payment
    507. 

  507. 			the varialbes were set in the web form, and the resulting string
    508. 

  508. 			is stored in $nvpstr */
    509. 

  509. 		  
    510. 

  510. 			$nvpstr="&Amt=".$paymentAmount."&PAYMENTACTION=".$paymentType."&ReturnUrl=".$returnURL."&CANCELURL=".$cancelURL ."&CURRENCYCODE=".$currencyCodeType;
    511. 

  511. 		 
    512. 

  512. 			/* Make the call to PayPal to set the Express Checkout token
    513. 

  513. 			If the API call succeded, then redirect the buyer to PayPal
    514. 

  514. 			to begin to authorize payment.  If an error occured, show the
    515. 

  515. 			resulting errors
    516. 

  516. 			*/
    517. 

  517. 		   $resArray=paypal_hash_call("SetExpressCheckout",$nvpstr);
    518. 

  518. 		   $_SESSION['reshash']=$resArray;
    519. 

  519. 		   $ack = strtoupper($resArray["ACK"]);
    520. 

  520. 

  521. 		   if($ack=="SUCCESS"){
    522. 

  522. 				// Redirect to paypal.com here
    523. 

  523. 				$token = urldecode($resArray["TOKEN"]);
    524. 

  524. 				$payPalURL = $PAYPAL_URL.$token;
    525. 

  525. 				wp_redirect($payPalURL);
    526. 

  526. 		   } else  {
    527. 

  527. 				// Redirecting to APIError.php to display errors. 
    528. 

  528. 				$location = get_option('transact_url')."&act=error";
    529. 

  529. 				wp_redirect($location);
    530. 

  530. 		   }
    531. 

  531. 		   exit();
    532. 

  532. 		} else {
    533. 

  533. 		 /* At this point, the buyer has completed in authorizing payment
    534. 

  534. 			at PayPal.  The script will now call PayPal with the details
    535. 

  535. 			of the authorization, incuding any shipping information of the
    536. 

  536. 			buyer.  Remember, the authorization is not a completed transaction
    537. 

  537. 			at this state - the buyer still needs an additional step to finalize
    538. 

  538. 			the transaction
    539. 

  539. 			*/
    540. 

  540. 		
    541. 

  541. 		   $token =urlencode( $_REQUEST['token']);
    542. 

  542. 		
    543. 

  543. 		 /* Build a second API request to PayPal, using the token as the
    544. 

  544. 			ID to get the details on the payment authorization
    545. 

  545. 			*/
    546. 

  546. 		   $nvpstr="&TOKEN=".$token;
    547. 

  547. 	
    548. 

  548. 		 /* Make the API call and store the results in an array.  If the
    549. 

  549. 			call was a success, show the authorization details, and provide
    550. 

  550. 			an action to complete the payment.  If failed, show the error
    551. 

  551. 			*/
    552. 

  552. 		   $resArray=paypal_hash_call("GetExpressCheckoutDetails",$nvpstr);
    553. 

  553. 

  554. 		   $_SESSION['reshash']=$resArray;
    555. 

  555. 		   $ack = strtoupper($resArray["ACK"]);
    556. 

  556. 		   if($ack=="SUCCESS"){			
    557. 

  557. 				
    558. 

  558. 				/********************************************************
    559. 

  559. 				GetExpressCheckoutDetails.php
    560. 

  560. 				
    561. 

  561. 				This functionality is called after the buyer returns from
    562. 

  562. 				PayPal and has authorized the payment.
    563. 

  563. 				
    564. 

  564. 				Displays the payer details returned by the
    565. 

  565. 				GetExpressCheckoutDetails response and calls
    566. 

  566. 				DoExpressCheckoutPayment.php to complete the payment
    567. 

  567. 				authorization.
    568. 

  568. 				
    569. 

  569. 				Called by ReviewOrder.php.
    570. 

  570. 				
    571. 

  571. 				Calls DoExpressCheckoutPayment.php and APIError.php.
    572. 

  572. 				
    573. 

  573. 				********************************************************/
    574. 

  574. 				
    575. 

  575. 				
    576. 

  576. 				session_start();
    577. 

  577. 				
    578. 

  578. 				/* Collect the necessary information to complete the
    579. 

  579. 				authorization for the PayPal payment
    580. 

  580. 				*/
    581. 

  581. 				
    582. 

  582. 				$_SESSION['token']=$_REQUEST['token'];
    583. 

  583. 				$_SESSION['payer_id'] = $_REQUEST['PayerID'];
    584. 

  584. 						
    585. 

  585. 				$resArray=$_SESSION['reshash'];
    586. 

  586. 				
    587. 

  587. 				if(get_option('permalink_structure') != '')
    588. 

  588. 					$separator ="?";
    589. 

  589. 				else
    590. 

  590. 					$separator ="&";
    591. 

  591. 			
    592. 

  592. 				
    593. 

  593. 				/* Display the  API response back to the browser .
    594. 

  594. 				If the response from PayPal was a success, display the response parameters
    595. 

  595. 				*/
    596. 

  596. 				if(isset($_REQUEST['TOKEN']) && !isset($_REQUEST['PAYERID'])){
    597. 

  597. 					$_SESSION['paypalExpressMessage']= '<h4>TRANSACTION CANCELED</h4>';
    598. 

  598. 				}else{
    599. 

  599. 					$output ="
    600. 

  600. 				       <table width='400' class='paypal_express_form'>
    601. 

  601. 				        <tr>
    602. 

  602. 				            <td align='left' class='firstcol'><b>" . __('Error Number:', 'wpsc' ) . "Order Total:</b></td>
    603. 

  603. 				            <td align='left'>" . wpsc_currency_display($_SESSION['paypalAmount']) . "</td>
    604. 

  604. 				        </tr>
    605. 

  605. 						<tr>
    606. 

  606. 						    <td align='left'><b>" . __('Shipping Address:', 'wpsc' ) . " </b></td>
    607. 

  607. 						</tr>
    608. 

  608. 				        <tr>
    609. 

  609. 				            <td align='left' class='firstcol'>
    610. 

  610. 				                " . __('Street 1:', 'wpsc' ) . "</td>
    611. 

  611. 				            <td align='left'>".$resArray['SHIPTOSTREET']."</td>
    612. 

  612. 				
    613. 

  613. 				        </tr>
    614. 

  614. 				        <tr>
    615. 

  615. 				            <td align='left' class='firstcol'>
    616. 

  616. 				                " . __('Street 2:', 'wpsc' ) . "</td>
    617. 

  617. 				            <td align='left'>".$resArray['SHIPTOSTREET2']."
    618. 

  618. 				            </td>
    619. 

  619. 				        </tr>
    620. 

  620. 				        <tr>
    621. 

  621. 				            <td align='left' class='firstcol'>
    622. 

  622. 				                " . __('City:', 'wpsc' ) . "</td>
    623. 

  623. 				
    624. 

  624. 				            <td align='left'>".$resArray['SHIPTOCITY']."</td>
    625. 

  625. 				        </tr>
    626. 

  626. 				        <tr>
    627. 

  627. 				            <td align='left' class='firstcol'>
    628. 

  628. 				                " . __('State:', 'wpsc' ) . "</td>
    629. 

  629. 				            <td align='left'>".$resArray['SHIPTOSTATE']."</td>
    630. 

  630. 				        </tr>
    631. 

  631. 				        <tr>
    632. 

  632. 				            <td align='left' class='firstcol'>
    633. 

  633. 				                " . __('Postal code:', 'wpsc' ) . "</td>
    634. 

  634. 				
    635. 

  635. 				            <td align='left'>".$resArray['SHIPTOZIP']."</td>
    636. 

  636. 				        </tr>
    637. 

  637. 				        <tr>
    638. 

  638. 				            <td align='left' class='firstcol'>
    639. 

  639. 				                " . __('Country:', 'wpsc' ) . "</td>
    640. 

  640. 				            <td align='left'>".$resArray['SHIPTOCOUNTRYNAME']."</td>
    641. 

  641. 				        </tr>
    642. 

  642. 				        <tr>
    643. 

  643. 				            <td>";
    644. 

  644. 					
    645. 

  645. 					$output .= "<form action=".get_option('transact_url')." method='post'>\n";
    646. 

  646. 					$output .= "	<input type='hidden' name='totalAmount' value='".wpsc_cart_total(false)."' />\n";
    647. 

  647. 					$output .= "	<input type='hidden' name='shippingStreet' value='".$resArray['SHIPTOSTREET']."' />\n";
    648. 

  648. 					$output .= "	<input type='hidden' name='shippingStreet2' value='".$resArray['SHIPTOSTREET2']."' />\n";
    649. 

  649. 					$output .= "	<input type='hidden' name='shippingCity' value='".$resArray['SHIPTOCITY']."' />\n";
    650. 

  650. 					$output .= "	<input type='hidden' name='shippingState' value='".$resArray['SHIPTOSTATE']."' />\n";
    651. 

  651. 					$output .= "	<input type='hidden' name='postalCode' value='".$resArray['SHIPTOZIP']."' />\n";
    652. 

  652. 					$output .= "	<input type='hidden' name='country' value='".$resArray['SHIPTOCOUNTRYNAME']."' />\n";
    653. 

  653. 					$output .= "	<input type='hidden' name='token' value='".$_SESSION['token']."' />\n";
    654. 

  654. 					$output .= "	<input type='hidden' name='PayerID' value='".$_SESSION['payer_id']."' />\n";
    655. 

  655. 					$output .= "	<input type='hidden' name='act' value='do' />\n";
    656. 

  656. 					$output .= "	<p>  <input name='usePayPal' type='submit' value='".__('Confirm Payment','wpsc')."' /></p>\n";
    657. 

  657. 					$output .= "</form>";
    658. 

  658. 					$output .=" </td>
    659. 

  659. 					        </tr>
    660. 

  660. 					    </table>
    661. 

  661. 					</center>
    662. 

  662. 					";
    663. 

  663. 					$_SESSION['paypalExpressMessage'] = $output;
    664. 

  664. 				}
    665. 

  665. 			}
    666. 

  666. 		}
    667. 

  667. 

  668. 	}
    669. 

  669. 	
    670. 

  670. } 
    671. 

  671. 

  672. 

  673. 

  674. function paypal_hash_call($methodName,$nvpStr)	{
    675. 

  675. 	//declaring of variables
    676. 

  676. 	$version = 56;			
    677. 

  677. 	if ( 'sandbox' == get_option('paypal_certified_server_type') ) {
    678. 

  678. 		$API_Endpoint = "https://api-3t.sandbox.paypal.com/nvp";
    679. 

  679. 		$paypal_certified_url  = "https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=";
    680. 

  680. 	} else {
    681. 

  681. 		$API_Endpoint = "https://api-3t.paypal.com/nvp";
    682. 

  682. 		$paypal_certified_url  = "https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=";
    683. 

  683. 	}
    684. 

  684. 

  685. 	$USE_PROXY = false;
    686. 

  686. 	$API_UserName=get_option('paypal_certified_apiuser');
    687. 

  687. 	$API_Password=get_option('paypal_certified_apipass');
    688. 

  688. 	$API_Signature=get_option('paypal_certified_apisign');
    689. 

  689. 	$sBNCode = "PP-ECWizard";
    690. 

  690. 	//NVPRequest for submitting to server
    691. 

  691. 	$nvpreq="METHOD=" . urlencode($methodName) . "&VERSION=" . urlencode($version) . "&PWD=" . urlencode($API_Password) . "&USER=" . urlencode($API_UserName) . "&SIGNATURE=" . urlencode($API_Signature) . $nvpStr . "&BUTTONSOURCE=" . urlencode($sBNCode);
    692. 

  692. 

  693. 	// Configure WP_HTTP
    694. 

  694. 	if($USE_PROXY) {
    695. 

  695. 		if (!defined('WP_PROXY_HOST') && !defined('WP_PROXY_PORT')) {
    696. 

  696. 			define('WP_PROXY_HOST', $PROXY_HOST);
    697. 

  697. 			define('WP_PROXY_PORT', $PROXY_PORT);
    698. 

  698. 		}
    699. 

  699. 	}
    700. 

  700. 	add_filter('http_api_curl', 'wpsc_curl_ssl');
    701. 

  701. 	
    702. 

  702. 	$options = array(
    703. 

  703. 		'timeout' => 5,
    704. 

  704. 		'body' => $nvpreq,
    705. 

  705. 	);
    706. 

  706. 	
    707. 

  707. 	$_SESSION['nvpReqArray']=$nvpReqArray;
    708. 

  708. 	$nvpReqArray=paypal_deformatNVP($nvpreq);
    709. 

  709. 	
    710. 

  710. 	$res = wp_remote_post($API_Endpoint, $options);
    711. 

  711. 	
    712. 

  712. 	if ( is_wp_error($res) ) {
    713. 

  713. 		$_SESSION['curl_error_msg'] = 'WP HTTP Error: ' . $res->get_error_message();
    714. 

  714. 		$nvpResArray=paypal_deformatNVP('');
    715. 

  715. 	} else {
    716. 

  716. 		$nvpResArray=paypal_deformatNVP($res['body']);
    717. 

  717. 	}
    718. 

  718. 

  719. 	return $nvpResArray;
    720. 

  720. }
    721. 

  721. 

  722. function paypal_deformatNVP($nvpstr) {
    723. 

  723. 	$intial=0;
    724. 

  724. 	$nvpArray = array();
    725. 

  725. 

  726. 	while(strlen($nvpstr)) {
    727. 

  727. 		//postion of Key
    728. 

  728. 		$keypos= strpos($nvpstr,'=');
    729. 

  729. 		//position of value
    730. 

  730. 		$valuepos = strpos($nvpstr,'&') ? strpos($nvpstr,'&'): strlen($nvpstr);
    731. 

  731. 

  732. 		/*getting the Key and Value values and storing in a Associative Array*/
    733. 

  733. 		$keyval=substr($nvpstr,$intial,$keypos);
    734. 

  734. 		$valval=substr($nvpstr,$keypos+1,$valuepos-$keypos-1);
    735. 

  735. 		//decoding the respose
    736. 

  736. 		$nvpArray[urldecode($keyval)] =urldecode( $valval);
    737. 

  737. 		$nvpstr=substr($nvpstr,$valuepos+1,strlen($nvpstr));
    738. 

  738. 	}
    739. 

  739. 	return $nvpArray;
    740. 

  740. }
    741. 

  741. add_action('init', 'paypal_processingfunctions');
    742. 

  742. ?>
    743. 

  743.