/includes/classes/paypal_checkout.php

<?php
/**
 * Project: xt:Commerce - eCommerce Engine
 * @version $Id
 *
 * xt:Commerce - Shopsoftware
 * (c) 2003-2007 xt:Commerce (Winger/Zanier), http://www.xt-commerce.com
 *
 * xt:Commerce ist eine gesch�tzte Handelsmarke und wird vertreten durch die xt:Commerce GmbH (Austria)
 * xt:Commerce is a protected trademark and represented by the xt:Commerce GmbH (Austria)
 *
 * @copyright Copyright 2003-2007 xt:Commerce (Winger/Zanier), www.xt-commerce.com
 * @copyright based on Copyright 2002-2003 osCommerce; www.oscommerce.com
 * @copyright Porttions Copyright 2003-2007 Zen Cart Development Team
 * @copyright Porttions Copyright 2004 DevosC.com
 * @license http://www.xt-commerce.com.com/license/2_0.txt GNU Public License V2.0
 *
 * For questions, help, comments, discussion, etc., please join the
 * xt:Commerce Support Forums at www.xt-commerce.com
 *
 * ab 15.08.2008 Teile vom Hamburger-Internetdienst ge�ndert
 * Hamburger-Internetdienst Support Forums at www.forum.hamburger-internetdienst.de
 * Stand: 16.05.2010
*/
require_once(DIR_FS_INC . 'xtc_write_user_info.inc.php');
define('PROXY_HOST', '127.0.0.1');
define('PROXY_PORT', '808');
define('VERSION', PAYPAL_API_VERSION);
class paypal_checkout {
	var $API_UserName,
			$API_Password,
			$API_Signature,
			$API_Endpoint,
			$version,
			$location_error,
			$NOTIFY_URL,
			$EXPRESS_CANCEL_URL,
			$EXPRESS_RETURN_URL,
			$CANCEL_URL,
			$RETURN_URL,
			$GIROPAY_SUCCESS_URL,
			$GIROPAY_CANCEL_URL,
			$BANKTXN_PENDING_URL,
			$EXPRESS_URL,
			$GIROPAY_URL,
			$IPN_URL,
			$ppAPIec,
			$payPalURL;
/*************************************************************/
	function paypal_checkout() {
		// Stand: 27.03.2010
		if(PAYPAL_MODE=='sandbox'){
			$this->API_UserName		= PAYPAL_API_SANDBOX_USER;
			$this->API_Password		= PAYPAL_API_SANDBOX_PWD;
			$this->API_Signature	= PAYPAL_API_SANDBOX_SIGNATURE;
			$this->API_Endpoint		= 'https://api-3t.sandbox.paypal.com/nvp';
			$this->EXPRESS_URL		= 'https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=';
			$this->GIROPAY_URL		= 'https://www.sandbox.paypal.com/webscr?cmd=_complete-express-checkout&token=';
			$this->IPN_URL				= 'https://www.sandbox.paypal.com/cgi-bin/webscr';
		}elseif(PAYPAL_MODE=='live'){
			$this->API_UserName		= PAYPAL_API_USER;
			$this->API_Password		= PAYPAL_API_PWD;
			$this->API_Signature	= PAYPAL_API_SIGNATURE;
			$this->API_Endpoint		= 'https://api-3t.paypal.com/nvp';
			$this->EXPRESS_URL		= 'https://www.paypal.com/webscr?cmd=_express-checkout&token=';
			$this->GIROPAY_URL		= 'https://www.paypal.com/webscr?cmd=_complete-express-checkout&token=';
			$this->IPN_URL				= 'https://www.paypal.com/cgi-bin/webscr';
		}
		if(ENABLE_SSL == true){
			$this->NOTIFY_URL = HTTPS_SERVER.DIR_WS_CATALOG.'callback/paypal/ipn.php';
			$this->EXPRESS_CANCEL_URL = HTTPS_SERVER.DIR_WS_CATALOG.FILENAME_SHOPPING_CART.'?XTCsid='.xtc_session_id();
			$this->EXPRESS_RETURN_URL = HTTPS_SERVER.DIR_WS_CATALOG.FILENAME_PAYPAL_CHECKOUT.'?XTCsid='.xtc_session_id();
			$this->PRE_CANCEL_URL = HTTPS_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_PAYMENT.'?XTCsid='.xtc_session_id();
			$this->CANCEL_URL = HTTPS_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_PAYMENT.'?XTCsid='.xtc_session_id().'&error=true&error_message='.PAYPAL_ERROR;
			$this->RETURN_URL = HTTPS_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_PROCESS.'?XTCsid='.xtc_session_id();
			$this->GIROPAY_SUCCESS_URL = HTTPS_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_SUCCESS.'?XTCsid='.xtc_session_id();
			$this->GIROPAY_CANCEL_URL = HTTPS_SERVER.DIR_WS_CATALOG.FILENAME_SHOPPING_CART.'?XTCsid='.xtc_session_id();
			$this->BANKTXN_PENDING_URL = HTTPS_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_SUCCESS.'?XTCsid='.xtc_session_id();
		}else{
			$this->NOTIFY_URL = HTTP_SERVER.DIR_WS_CATALOG.'callback/paypal/ipn.php';
			$this->EXPRESS_CANCEL_URL = HTTP_SERVER.DIR_WS_CATALOG.FILENAME_SHOPPING_CART.'?XTCsid='.xtc_session_id();
			$this->EXPRESS_RETURN_URL = HTTP_SERVER.DIR_WS_CATALOG.FILENAME_PAYPAL_CHECKOUT.'?XTCsid='.xtc_session_id();
			$this->PRE_CANCEL_URL = HTTP_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_PAYMENT.'?XTCsid='.xtc_session_id();
			$this->CANCEL_URL = HTTP_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_PAYMENT.'?XTCsid='.xtc_session_id().'&error=true&error_message='.PAYPAL_ERROR;
			$this->RETURN_URL = HTTP_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_PROCESS.'?XTCsid='.xtc_session_id();
			$this->GIROPAY_SUCCESS_URL = HTTP_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_SUCCESS.'?XTCsid='.xtc_session_id();
			$this->GIROPAY_CANCEL_URL = HTTP_SERVER.DIR_WS_CATALOG.FILENAME_SHOPPING_CART.'?XTCsid='.xtc_session_id();
			$this->BANKTXN_PENDING_URL = HTTP_SERVER.DIR_WS_CATALOG.FILENAME_CHECKOUT_SUCCESS.'?XTCsid='.xtc_session_id();
		}
		$this->version   = VERSION;
		$this->USE_PROXY = FALSE;
		$this->payPalURL = '';
		$this->ppAPIec = $this->buildAPIKey(PAYPAL_API_KEY, 'ec');
		if(ENABLE_SSL == true):
			$hdrImg='templates/'.CURRENT_TEMPLATE.'/img/'.PAYPAL_API_IMAGE;
			if(file_exists(DIR_FS_CATALOG.$hdrImg) AND PAYPAL_API_IMAGE!=''):
				$hdrSize = getimagesize(DIR_FS_CATALOG.$hdrImg);
				if($hdrSize[0]<=750 AND $hdrSize[1]<=90):
					$this->Image = urlencode(HTTPS_SERVER.DIR_WS_CATALOG.$hdrImg);
				endif;
			endif;
		endif;
		// BOF - Hetfield - 2009-11-19 - replaced deprecated function ereg with preg_match to be ready for PHP >= 5.3
		//if(ereg('^(([a-f]|[A-F]|[0-9]){6})$',PAYPAL_API_CO_BACK))
		if(preg_match('/^(([a-f]|[A-F]|[0-9]){6})$/',PAYPAL_API_CO_BACK))
			$this->BackColor = PAYPAL_API_CO_BACK;
		//if(ereg('^(([a-f]|[A-F]|[0-9]){6})$',PAYPAL_API_CO_BORD))
		if(preg_match('/^(([a-f]|[A-F]|[0-9]){6})$/',PAYPAL_API_CO_BORD))
			$this->BorderColor = PAYPAL_API_CO_BORD;
		// EOF - Hetfield - 2009-11-19 - replaced deprecated function ereg with preg_match to be ready for PHP >= 5.3
	}
/*************************************************************/
	function build_express_checkout_button(){
		// Stand: 01.06.2009
		global $PHP_SELF;
		if($_SESSION['allow_checkout'] == 'true' AND $_SESSION['cart']->show_total()>0 AND MODULE_PAYMENT_PAYPALEXPRESS_STATUS=='True'):
			$unallowed_modules = explode(',', $_SESSION['customers_status']['customers_status_payment_unallowed']);
			if(!in_array('paypalexpress', $unallowed_modules)):
				include(DIR_WS_LANGUAGES . $_SESSION['language'] . '/modules/payment/paypalexpress.php');
				$alt=((defined('MODULE_PAYMENT_PAYPALEXPRESS_ALT_BUTTON'))? MODULE_PAYMENT_PAYPALEXPRESS_ALT_BUTTON :'PayPal');
				$source=((strtoupper($_SESSION['language_code'])=='DE')?'epaypal_de.gif':'epaypal_en.gif');
				$button .= '<a style="cursor:pointer;" onfocus="if(this.blur) this.blur();" onmouseover="window.status = '."''".'; return true;" href="'.xtc_href_link(basename($PHP_SELF), xtc_get_all_get_params(array('action')).'action=paypal_express_checkout').'"><img src="'.DIR_WS_ICONS.$source.'" alt="'.$alt.'" title="'.$alt.'" /></a>';
				return $button;
			endif;
		endif;
		return;
	}
/*************************************************************/
	function build_express_fehler_button(){
		// Stand: 01.06.2009
		if(MODULE_PAYMENT_PAYPALEXPRESS_STATUS=='True'){
			include(DIR_WS_LANGUAGES . $_SESSION['language'] . '/modules/payment/paypalexpress.php');
			$alt=((defined('MODULE_PAYMENT_PAYPALEXPRESS_ALT_BUTTON'))? MODULE_PAYMENT_PAYPALEXPRESS_ALT_BUTTON :'PayPal');
			$source=((strtoupper($_SESSION['language_code'])=='DE')?'epaypal_de.gif':'epaypal_en.gif');
			$button .= '<a style="cursor:pointer;" onfocus="if(this.blur) this.blur();" onmouseover="window.status = '."''".'; return true;" href="'.$this->EXPRESS_CANCEL_URL.'"><img src="'.DIR_WS_ICONS.$source.'" alt="'.$alt.'" title="'.$alt.'" /></a>';
			return $button;
		}
		return;
	}
/*************************************************************/
/******* f�rs express als Zahlbedingung **********************/
/*************************************************************/
	function paypal_auth_call(){
		// aufruf aus paypal.php NICHT f�r PP Express aus Warenkorb
		// Daten aus der Cart - Order noch nicht gespeichert
		// 1. Call um die Token ID zu bekommen
		// Daten mitgeben, da direkt best�tigung ohne nochmaliges Confirm im Shop
		// Stand: 05.01.2010
		global $xtPrice,$order;
		// Session s�ubern
		unset($_SESSION['reshash']);
		unset($_SESSION['nvpReqArray']);
		require(DIR_WS_CLASSES.'order_total.php');
		$order_total_modules = new order_total();
		$order_totals = $order_total_modules->process();
		$order_tax=0;
		$order_discount=0;
		$order_fee=0;
		$order_gs=0;
		$order_shipping=0;
		for($i = 0, $n = sizeof($order_totals); $i < $n; $i ++):
			switch($order_totals[$i]['code']):
				case 'ot_total':
					$paymentAmount=$order_totals[$i]['value'];
					break;
				case 'ot_shipping':
					$order_shipping=$order_totals[$i]['value'];
					break;
				case 'ot_tax':
					$order_tax+=$order_totals[$i]['value'];
					break;
				case 'ot_discount':
					$order_discount+=$order_totals[$i]['value'];
					break;
          case 'ot_coupon':
            $order_gs+= ($order_totals[$i]['value'] < 0) ? $order_totals[$i]['value'] : $order_totals[$i]['value'] *(-1);
            break;
          case 'ot_gv':
            $order_gs+= ($order_totals[$i]['value'] < 0) ? $order_totals[$i]['value'] : $order_totals[$i]['value'] *(-1);
            break;
          ///  customers bonus
          case 'ot_bonus_fee':
            $order_gs+= ($order_totals[$i]['value'] < 0) ? $order_totals[$i]['value'] : $order_totals[$i]['value'] *(-1);
            break;
				case 'ot_payment':
					if($order_totals[$i]['value'] < 0): // Rabatt aus Fremd Modul
						$order_discount+=$order_totals[$i]['value'];
					else:
						$order_fee+=$order_totals[$i]['value'];
					endif;
					break;
				case 'ot_cod_fee':
					$order_fee+=$order_totals[$i]['value'];
					break;
				case 'ot_ps_fee':
					$order_fee+=$order_totals[$i]['value'];
					break;
				case 'ot_loworderfee':
					$order_fee+=$order_totals[$i]['value'];
			endswitch;
		endfor;
		// AMT
		$paymentAmount = round($paymentAmount, $xtPrice->get_decimal_places($order->info['currency']));
		// Summen der Order
		$order_tax=round($order_tax, $xtPrice->get_decimal_places($order->info['currency']));
		$order_discount=round($order_discount, $xtPrice->get_decimal_places($order->info['currency']));
		$order_gs=round($order_gs, $xtPrice->get_decimal_places($order->info['currency']));
		$order_fee=round($order_fee, $xtPrice->get_decimal_places($order->info['currency']));
		$order_shipping=round($order_shipping, $xtPrice->get_decimal_places($order->info['currency']));
		$nvp_products=$this->paypal_get_products($paymentAmount,$order_tax,$order_discount,$order_fee,$order_shipping,$order_gs);
		$paymentAmount = urlencode(number_format($paymentAmount, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
		$currencyCodeType = urlencode($order->info['currency']);
		// Payment Type
		$paymentType='Sale';
		// The returnURL is the location where buyers return when a
		// payment has been succesfully authorized.
		// The cancelURL is the location buyers are sent to when they hit the
		// cancel button during authorization of payment during the PayPal flow
		$returnURL =urlencode($this->RETURN_URL);
		$cancelURL =urlencode($this->CANCEL_URL);
		$gpsucssesURL =urlencode($this->GIROPAY_SUCCESS_URL);
		$gpcancelURL =urlencode($this->GIROPAY_CANCEL_URL);
		$bankpending =urlencode($this->BANKTXN_PENDING_URL);
		// Construct the parameter string that describes the PayPal payment
		// the varialbes were set in the web form, and the resulting string
		// is stored in $nvpstr
		$sh_name = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['firstname'].' '.$order->delivery['lastname']));
		$sh_street = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['street_address']));
		$sh_street_2 = '';
		$sh_city = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['city']));
		$sh_zip = urlencode($order->delivery['postcode']);
		$sh_state = urlencode($this->state_code($order->delivery['state']));
		$sh_countrycode = urlencode($order->delivery['country']['iso_code_2']);
		$sh_countryname = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",$order->delivery['country']['title']));
		$sh_phonenum = urlencode($order->customer['telephone']);
		// String zusammenbauen
		$nvpstr="&AMT=".$paymentAmount.
						"&CURRENCYCODE=".$currencyCodeType.
						"&PAYMENTACTION=".$paymentType.
						"&LOCALECODE=".$_SESSION['language_code'].
						"&RETURNURL=".$returnURL.
						"&CANCELURL=".$cancelURL.
						"&GIROPAYSUCCESSURL=".$gpsucssesURL.
						"&GIROPAYCANCELURL=".$gpcancelURL.
						"&BANKTXNPENDINGURL=".$bankpending.
						"&HDRIMG=".$this->Image.
						"&HDRBORDERCOLOR=".$this->BorderColor.
						"&HDRBACKCOLOR=".$this->BackColor.
						"&CUSTOM=".''.
						"&SHIPTONAME=".$sh_name.
						"&SHIPTOSTREET=".$sh_street.
						"&SHIPTOSTREET2=".$sh_street2.
						"&SHIPTOCITY=".$sh_city.
						"&SHIPTOZIP=".$sh_zip.
						"&SHIPTOSTATE=".$sh_state.
						"&SHIPTOCOUNTRYCODE=".$sh_countrycode.
						"&SHIPTOCOUNTRYNAME=".$sh_countryname.
						"&PHONENUM=".$sh_phonenum.
						"&ALLOWNOTE=0".
						"&ADDROVERRIDE=1";
		// Artikel Details mitgeben
		$nvpstr.=$nvp_products;
		// Senden
		$resArray=$this->hash_call("SetExpressCheckout",$nvpstr);
		$_SESSION['reshash']= $resArray;
		$ack = strtoupper($resArray["ACK"]);
		if($ack!="SUCCESS"):
			if(PAYPAL_ERROR_DEBUG=='true'):
				$this->build_error_message($_SESSION['reshash']);
			else:
				$_SESSION['reshash']['FORMATED_ERRORS'] = PAYPAL_NOT_AVIABLE;
			endif;
			xtc_redirect($this->PRE_CANCEL_URL);
		endif;
		if($ack=="SUCCESS"){
			$token = urldecode($resArray["TOKEN"]);
			$this->payPalURL = $this->EXPRESS_URL.''.$token;
			return $this->payPalURL;
		}
	}
/*************************************************************/
/******* f�rs express aus dem warenkorb **********************/
/*************************************************************/
	function paypal_express_auth_call(){
		// aufruf aus cart_actions.php
		// 1. Call um die Token ID zu bekommen
		// Steuer, Artikel usw bei eingeloggt
		// Stand: 05.01.2010
		global $xtPrice,$order;
		// Session s�ubern
		unset($_SESSION['reshash']);
		unset($_SESSION['nvpReqArray']);
		// Shipping:
		if(!isset($_SESSION['sendto'])) {
			$_SESSION['sendto'] = $_SESSION['customer_default_address_id'];
		} else {
			// verify the selected shipping address
			$check_address_query = xtc_db_query("select count(*) as total from ".TABLE_ADDRESS_BOOK." where customers_id = '".(int) $_SESSION['customer_id']."' and address_book_id = '".(int) $_SESSION['sendto']."'");
			$check_address = xtc_db_fetch_array($check_address_query);
			if($check_address['total'] != '1') {
				$_SESSION['sendto'] = $_SESSION['customer_default_address_id'];
				if(isset($_SESSION['shipping']))
					unset($_SESSION['shipping']);
			}
		}
		// Shipping END
		require(DIR_WS_CLASSES.'order.php');
		$order = new order();
		require(DIR_WS_CLASSES.'order_total.php');
		$order_total_modules = new order_total();
		$order_totals = $order_total_modules->process();
		$order_tax=0;
		$order_discount=0;
		$order_gs=0;
		$order_fee=0;
		$order_shipping=0;
		for($i = 0, $n = sizeof($order_totals); $i < $n; $i ++):
			switch($order_totals[$i]['code']):
          case 'ot_discount':
            $order_discount+=$order_totals[$i]['value'];
            break;
          case 'ot_coupon':
            $order_gs+= ($order_totals[$i]['value'] < 0) ? $order_totals[$i]['value'] : $order_totals[$i]['value'] *(-1);
            break;
          case 'ot_gv':
            $order_gs+= ($order_totals[$i]['value'] < 0) ? $order_totals[$i]['value'] : $order_totals[$i]['value'] *(-1);
            break;
          ///  customers bonus
          case 'ot_bonus_fee':
            $order_gs+= ($order_totals[$i]['value'] < 0) ? $order_totals[$i]['value'] : $order_totals[$i]['value'] *(-1);
            break;
				case 'ot_payment':
					if($order_totals[$i]['value'] < 0): // Rabatt aus Fremd Modul
						$order_discount+=$order_totals[$i]['value'];
					else:
						$order_fee+=$order_totals[$i]['value'];
					endif;
				case 'ot_cod_fee':
					$order_fee+=$order_totals[$i]['value'];
					break;
				case 'ot_ps_fee':
					$order_fee+=$order_totals[$i]['value'];
					break;
				case 'ot_loworderfee':
					$order_fee+=$order_totals[$i]['value'];
			endswitch;
		endfor;
		// AMT
		$paymentAmount=$_SESSION['cart']->show_total()
									+$order_discount
									+$order_gs
									+$order_fee;
		if($_SESSION['customers_status']['customers_status_show_price_tax'] == 0 && $_SESSION['customers_status']['customers_status_add_tax_ot'] == 1):
			$order_tax=$_SESSION['cart']->show_tax(false);
		endif;
		// Vorl�ufige Versandkosten
		if(PAYPAL_EXP_VORL!='' AND PAYPAL_EXP_VERS!=0):
			$paymentAmount+=PAYPAL_EXP_VERS;
		endif;
		// AMT
		$paymentAmount = round($paymentAmount, $xtPrice->get_decimal_places($order->info['currency']));
		// Summen der Order
		$order_tax=round($order_tax, $xtPrice->get_decimal_places($order->info['currency']));
		$order_discount=round($order_discount, $xtPrice->get_decimal_places($order->info['currency']));
		$order_gs=round($order_gs, $xtPrice->get_decimal_places($order->info['currency']));
		$order_fee=round($order_fee, $xtPrice->get_decimal_places($order->info['currency']));
		$nvp_products=$this->paypal_get_products($paymentAmount,$order_tax,$order_discount,$order_fee,$order_shipping,$order_gs,True);
		$paymentAmount = urlencode(number_format($paymentAmount, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
		$currencyCodeType = urlencode($order->info['currency']);
		// Payment Type
		$paymentType='Sale';
		$returnURL =urlencode($this->EXPRESS_RETURN_URL);
		$cancelURL =urlencode($this->EXPRESS_CANCEL_URL);
		$gpsucssesURL =urlencode($this->GIROPAY_SUCCESS_URL);
		$gpcancelURL =urlencode($this->EXPRESS_CANCEL_URL);
		$bankpending =urlencode($this->BANKTXN_PENDING_URL);
		if(isset($_SESSION['sendto']) AND isset($_SESSION['customer_id'])):
			// User eingeloggt
			$sh_name = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['firstname'].' '.$order->delivery['lastname']));
			$sh_street = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['street_address']));
			$sh_street_2 = '';
			$sh_city = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['city']));
			$sh_zip = urlencode($order->delivery['postcode']);
			$sh_state = urlencode($this->state_code($order->delivery['state']));
			$sh_countrycode = urlencode($order->delivery['country']['iso_code_2']);
			$sh_countryname = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",$order->delivery['country']['title']));
			$sh_phonenum = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",$order->customer['telephone']));
			if($_SESSION['paypal_express_new_customer']!='true')
				$address = "&SHIPTONAME=".$sh_name."&SHIPTOSTREET=".$sh_street."&SHIPTOSTREET2=".$sh_street2."&SHIPTOCITY=".$sh_city."&SHIPTOZIP=".$sh_zip."&SHIPTOSTATE=".$sh_state."&SHIPTOCOUNTRYCODE=".$sh_countrycode."&SHIPTOCOUNTRYNAME=".$sh_countryname."&PHONENUM=".$sh_phonenum;
		endif;
		// String zusammenbauen
		$nvpstr="&AMT=".$paymentAmount.
						"&CURRENCYCODE=".$currencyCodeType.
						"&PAYMENTACTION=".$paymentType.
						"&LOCALECODE=".$_SESSION['language_code'].
						"&RETURNURL=".$returnURL.
						"&CANCELURL=".$cancelURL.
						"&GIROPAYSUCCESSURL=".$gpsucssesURL.
						"&GIROPAYCANCELURL=".$gpcancelURL.
						"&BANKTXNPENDINGURL=".$bankpending.
						"&HDRIMG=".$this->Image.
						"&HDRBORDERCOLOR=".$this->BorderColor.
						"&HDRBACKCOLOR=".$this->BackColor.
						"&CUSTOM=".''.
						$address.
						"&ALLOWNOTE=0".
						"&ADDROVERRIDE=0";
		// Artikel Details mitgeben
		$nvpstr.=$nvp_products;
		// Make the call to PayPal to set the Express Checkout token
		// If the API call succeded, then redirect the buyer to PayPal
		// to begin to authorize payment.  If an error occured, show the
		// resulting errors
		$resArray=$this->hash_call("SetExpressCheckout",$nvpstr);
		$_SESSION['reshash']= $resArray;
		$ack = strtoupper($resArray["ACK"]);
		if($ack=="SUCCESS"){
			$token = urldecode($resArray["TOKEN"]);
			$this->payPalURL = $this->EXPRESS_URL.''.$token;
			return $this->payPalURL;
		} else  {
			if(PAYPAL_ERROR_DEBUG=='true'):
				$this->build_error_message($_SESSION['reshash']);
			else:
				$_SESSION['reshash']['FORMATED_ERRORS'] = PAYPAL_NOT_AVIABLE;
			endif;
			$this->payPalURL = $this->EXPRESS_CANCEL_URL;
			return $this->payPalURL;
		}
	}
/*************************************************************/
/******* f�r abgelehnte Zahlungen **********************/
/*************************************************************/
	function paypal_second_auth_call($insert_id){
		// aufruf aus shopping_cart.php
		// 1. Call um die Token ID zu bekommen
		// Daten aus der Order !
		// Stand: 29.04.2009
		global $xtPrice,$order;
		// Session s�ubern
		unset($_SESSION['reshash']);
		unset($_SESSION['nvpReqArray']);
		require(DIR_WS_CLASSES.'order.php');
		$order = new order($insert_id);
		// Amt
		$paymentAmount = round($order->info['pp_total'], $xtPrice->get_decimal_places($order->info['currency']));
		// Summen der Order
		$order_tax = round($order->info['pp_tax'], $xtPrice->get_decimal_places($order->info['currency']));
		$order_discount = round($order->info['pp_disc'], $xtPrice->get_decimal_places($order->info['currency']));
		$order_gs = round($order->info['pp_gs'], $xtPrice->get_decimal_places($order->info['currency']));
		$order_fee = round($order->info['pp_fee'], $xtPrice->get_decimal_places($order->info['currency']));
		$order_shipping = round($order->info['pp_shipping'], $xtPrice->get_decimal_places($order->info['currency']));
		$nvp_products=$this->paypal_get_products($paymentAmount,$order_tax,$order_discount,$order_fee,$order_shipping,$order_gs);
		$paymentAmount = urlencode(number_format($paymentAmount, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
		$currencyCodeType = urlencode($order->info['currency']);
		// Payment Type
		$paymentType='Sale';
		$returnURL =urlencode($this->EXPRESS_CANCEL_URL);
		$cancelURL =urlencode($this->EXPRESS_CANCEL_URL);
		$gpsucssesURL =urlencode($this->GIROPAY_SUCCESS_URL);
		$gpcancelURL =urlencode($this->EXPRESS_CANCEL_URL);
		$bankpending =urlencode($this->BANKTXN_PENDING_URL);
		$notify_url  = urlencode($this->NOTIFY_URL);
		$inv_num = urlencode($insert_id);
		// Versandadresse
		$sh_name = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['firstname'].' '.$order->delivery['lastname']));
		$sh_street = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['street_address']));
		$sh_street_2 = '';
		$sh_city = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['city']));
		$sh_state = urlencode($this->state_code($order->delivery['state']));
		if(is_array($order->delivery['country'])):
			$sh_countrycode = urlencode($order->delivery['country']['iso_code_2']);
			$sh_countryname = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",$order->delivery['country']['title']));
		else:
			$sh_countrycode = urlencode($order->delivery['country_iso_2']);
			$sh_countryname = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",$order->delivery['country']));
		endif;
		$sh_phonenum = urlencode($order->customer['telephone']);
		$sh_zip = urlencode($order->delivery['postcode']);
		$address = "&SHIPTONAME=".$sh_name."&SHIPTOSTREET=".$sh_street."&SHIPTOSTREET2=".$sh_street2."&SHIPTOCITY=".$sh_city."&SHIPTOZIP=".$sh_zip."&SHIPTOSTATE=".$sh_state."&SHIPTOCOUNTRYCODE=".$sh_countrycode."&SHIPTOCOUNTRYNAME=".$sh_countryname."&PHONENUM=".$sh_phonenum;
		// String zusammenbauen
		$nvpstr="&AMT=".$paymentAmount.
						"&CURRENCYCODE=".$currencyCodeType.
						"&PAYMENTACTION=".$paymentType.
						"&NOTIFYURL=".$notify_url.
						"&INVNUM=".$inv_num.$adress.
						"&LOCALECODE=".$_SESSION['language_code'].
						"&RETURNURL=".$returnURL.
						"&CANCELURL=".$cancelURL.
						"&GIROPAYSUCCESSURL=".$gpsucssesURL.
						"&GIROPAYCANCELURL=".$gpcancelURL.
						"&BANKTXNPENDINGURL=".$bankpending.
						"&HDRIMG=".$this->Image.
						"&HDRBORDERCOLOR=".$this->BorderColor.
						"&HDRBACKCOLOR=".$this->BackColor.
						"&CUSTOM=".''.
						$address.
						"&ALLOWNOTE=0".
						"&ADDROVERRIDE=1";
		// Artikel Details mitgeben
		$nvpstr.=$nvp_products;
		// Make the call to PayPal to set the Express Checkout token
		// If the API call succeded, then redirect the buyer to PayPal
		// to begin to authorize payment.  If an error occured, show the
		// resulting errors
		$resArray=$this->hash_call("SetExpressCheckout",$nvpstr);
		$_SESSION['reshash']= $resArray;
		$ack = strtoupper($resArray["ACK"]);
		if($ack=="SUCCESS"){
			$token = urldecode($resArray["TOKEN"]);
			$this->payPalURL = $this->EXPRESS_URL.''.$token;
			return $this->payPalURL;
		} else  {
			$this->build_error_message($_SESSION['reshash']);
			if(PAYPAL_ERROR_DEBUG=='true'):
				$_SESSION['reshash']['FORMATED_ERRORS'] = PAYPAL_NOT_AVIABLE;
			else:
				$this->payPalURL = $this->EXPRESS_CANCEL_URL;
			endif;
			return $this->payPalURL;
		}
	}
/*************************************************************/
/******* f�r beide Versionen *********************************/
/*************************************************************/
	function complete_ceckout($insert_id, $data=''){
		// aufruf aus paypal.php oder paypalexpress.php aus Warenkorb
		// 2. Call um die PayPal Aktion abzuschliessen
		// Daten aus der Order
		// Stand: 29.04.2009
		global $xtPrice,$order;
		$order = new order($insert_id);
		// IP Adresse
		if($_SERVER["HTTP_X_FORWARDED_FOR"]) {
			$customers_ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
		} else {
			$customers_ip = $_SERVER["REMOTE_ADDR"];
		}
		// Amt
		$paymentAmount = round($order->info['pp_total'], $xtPrice->get_decimal_places($order->info['currency']));
		// Summen der Order
		$order_tax = round($order->info['pp_tax'], $xtPrice->get_decimal_places($order->info['currency']));
		$order_discount = round($order->info['pp_disc'], $xtPrice->get_decimal_places($order->info['currency']));
		$order_gs = round($order->info['pp_gs'], $xtPrice->get_decimal_places($order->info['currency']));
		$order_fee = round($order->info['pp_fee'], $xtPrice->get_decimal_places($order->info['currency']));
		$order_shipping = round($order->info['pp_shipping'], $xtPrice->get_decimal_places($order->info['currency']));
		$nvp_products=$this->paypal_get_products($paymentAmount,$order_tax,$order_discount,$order_fee,$order_shipping,$order_gs);
		$paymentAmount = urlencode(number_format($paymentAmount, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
		$currencyCodeType = urlencode($order->info['currency']);
		$tkn=(($data['token']!='')?$data['token']:$_SESSION['nvpReqArray']['TOKEN']);
		$payer=(($data['PayerID']!='')?$data['PayerID']:$payer = $_SESSION['reshash']['PAYERID']);
		$token =urlencode($tkn);
		$payerID = urlencode($payer);
		$paymentType='Sale';
		$notify_url  = urlencode($this->NOTIFY_URL);
		$inv_num = urlencode($insert_id);
		$button_source = urlencode($this->ppAPIec);
		// Versandadresse
		$sh_name = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['firstname'].' '.$order->delivery['lastname']));
		$sh_street = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['street_address']));
		$sh_street_2 = '';
		$sh_city = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8", $order->delivery['city']));
		$sh_state = urlencode($this->state_code($order->delivery['state']));
		if(is_array($order->delivery['country'])):
			$sh_countrycode = urlencode($order->delivery['country']['iso_code_2']);
			$sh_countryname = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",$order->delivery['country']['title']));
		else:
			$sh_countrycode = urlencode($order->delivery['country_iso_2']);
			$sh_countryname = urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",$order->delivery['country']));
		endif;
		$sh_phonenum = urlencode($order->customer['telephone']);
		$sh_zip = urlencode($order->delivery['postcode']);
		$address = "&SHIPTONAME=".$sh_name."&SHIPTOSTREET=".$sh_street."&SHIPTOSTREET2=".$sh_street2."&SHIPTOCITY=".$sh_city."&SHIPTOZIP=".$sh_zip."&SHIPTOSTATE=".$sh_state."&SHIPTOCOUNTRYCODE=".$sh_countrycode."&SHIPTOCOUNTRYNAME=".$sh_countryname."&PHONENUM=".$sh_phonenum;
		// Versand Ende
		$nvpstr='&TOKEN='.$token.
						'&PAYERID='.$payerID.
						'&PAYMENTACTION='.$paymentType.
						'&AMT='.$paymentAmount.
						'&CURRENCYCODE='.$currencyCodeType.
						'&IPADDRESS='.$customers_ip.
						'&NOTIFYURL='.$notify_url.
						'&INVNUM='.$inv_num.$adress.
						'&BUTTONSOURCE='.$button_source.
						$address;
		// Artikel Details mitgeben
		$nvpstr.=$nvp_products;
		// Make the call to PayPal to finalize payment
		// If an error occured, show the resulting errors
		$resArray=$this->hash_call("DoExpressCheckoutPayment",$nvpstr);
		$_SESSION['reshash'] = array_merge($_SESSION['reshash'], $resArray) ;
		$ack = strtoupper($resArray["ACK"]);
		if($ack!="SUCCESS" AND $ack!="SUCCESSWITHWARNING"){
			$this->build_error_message($_SESSION['reshash'],'DoEx');
		}
	}
/*************************************************************/
/******* funktionen nur f�r Warenkorb ************************/
/*************************************************************/
	function paypal_get_customer_data(){
		// Stand: 29.04.2009
		$nvpstr="&TOKEN=".$_SESSION['reshash']['TOKEN'];
		// Make the API call and store the results in an array.  If the
		// call was a success, show the authorization details, and provide
		// an action to complete the payment.  If failed, show the error
		$resArray=$this->hash_call("GetExpressCheckoutDetails",$nvpstr);
		$_SESSION['reshash'] = array_merge($_SESSION['reshash'], $resArray) ;
		$ack = strtoupper($resArray["ACK"]);
		if($ack=="SUCCESS"){
			$_SESSION['paypal_express_checkout'] = true;
			$_SESSION['paypal_express_payment_modules'] = 'paypalexpress.php';
			$this->check_customer();
		} else  {
			$this->build_error_message($_SESSION['reshash']);
			$this->payPalURL = $this->EXPRESS_CANCEL_URL;
			return $this->payPalURL;
		}
	}
/*************************************************************/
	function check_customer(){
		// Stand: 29.04.2009
		if(!isset($_SESSION['customer_id'])) {
			$check_customer_query = xtc_db_query("select * from ".TABLE_CUSTOMERS." where customers_email_address = '".xtc_db_input($_SESSION['reshash']['EMAIL'])."' and account_type = '0'");
			if(!xtc_db_num_rows($check_customer_query)) {
				$this->create_account();
			}else{
				$check_customer = xtc_db_fetch_array($check_customer_query);
				$this->login_customer($check_customer);
				if(PAYPAL_EXPRESS_ADDRESS_OVERRIDE == 'true' && $_SESSION['pp_allow_address_change']!='true')
					$this->create_shipping_address();
			}
		}else{
			if(PAYPAL_EXPRESS_ADDRESS_OVERRIDE == 'true' && $_SESSION['pp_allow_address_change']!='true'){
				$check_customer_query = xtc_db_query("select * from ".TABLE_CUSTOMERS." where customers_id = '".xtc_db_input($_SESSION['customer_id'])."' and account_type = '0'");
				$check_customer = xtc_db_fetch_array($check_customer_query);
				$this->create_shipping_address();
			}
		}
	}
/*************************************************************/
	function create_account(){
		// Stand: 29.04.2009
		$firstname = xtc_db_prepare_input($this->UTF8decode($_SESSION['reshash']['FIRSTNAME']));
		$lastname = xtc_db_prepare_input($this->UTF8decode($_SESSION['reshash']['LASTNAME']));
		$email_address = xtc_db_prepare_input($_SESSION['reshash']['EMAIL']);
		$company = xtc_db_prepare_input($this->UTF8decode($_SESSION['reshash']['BUSINESS']));
		$street_address = xtc_db_prepare_input($this->UTF8decode($_SESSION['reshash']['SHIPTOSTREET'] . $_SESSION['reshash']['SHIPTOSTREET_2']));
		$postcode = xtc_db_prepare_input($_SESSION['reshash']['SHIPTOZIP']);
		$city = xtc_db_prepare_input($this->UTF8decode($_SESSION['reshash']['SHIPTOCITY']));
		$state = xtc_db_prepare_input($_SESSION['reshash']['SHIPTOSTATE']);
		$telephone = xtc_db_prepare_input($_SESSION['reshash']['PHONENUM']);
		$country_query = xtc_db_query("select * from ".TABLE_COUNTRIES." where countries_iso_code_2 = '".xtc_db_input($_SESSION['reshash']['SHIPTOCOUNTRYCODE'])."' ");
		$tmp_country = xtc_db_fetch_array($country_query);
		$country = xtc_db_prepare_input($tmp_country['countries_id']);
		$customers_status = DEFAULT_CUSTOMERS_STATUS_ID;
		$sql_data_array = array(
											'customers_status' => $customers_status,
											'customers_firstname' => $firstname,
											'customers_lastname' => $lastname,
											'customers_email_address' => $email_address,
											'customers_telephone' => $telephone,
											'customers_date_added' => 'now()',
											'customers_last_modified' => 'now()');
		xtc_db_perform(TABLE_CUSTOMERS, $sql_data_array);
		$_SESSION['paypal_express_new_customer'] = 'true';
		$_SESSION['customer_id'] = xtc_db_insert_id();
		$user_id = xtc_db_insert_id();
		xtc_write_user_info($user_id);
		$sql_data_array = array(
											'customers_id' => $_SESSION['customer_id'],
											'entry_firstname' => $firstname,
											'entry_lastname' => $lastname,
											'entry_street_address' => $street_address,
											'entry_postcode' => $postcode,
											'entry_city' => $city,
											'entry_country_id' => $country,
											'entry_company' => $company,
											'entry_zone_id' => '0',
											'entry_state' => $state,
											'address_date_added' => 'now()',
											'address_last_modified' => 'now()');
		xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
		$address_id = xtc_db_insert_id();
		$_SESSION['sendto'] = $address_id;
		xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . $address_id . "' where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
		xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $_SESSION['customer_id'] . "', '0', now())");
		if(isset($_SESSION['tracking']['refID'])) {
			$campaign_check_query_raw = "SELECT *
																	FROM " . TABLE_CAMPAIGNS . "
																	WHERE campaigns_refID = '" . $_SESSION[tracking][refID] . "'";
			$campaign_check_query = xtc_db_query($campaign_check_query_raw);
			if(xtc_db_num_rows($campaign_check_query) > 0) {
				$campaign = xtc_db_fetch_array($campaign_check_query);
				$refID = $campaign['campaigns_id'];
			} else {
				$refID = 0;
			}
			xtc_db_query("update " . TABLE_CUSTOMERS . " set
										refferers_id = '" . $refID . "'
										where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
			$leads = $campaign['campaigns_leads'] + 1;
			xtc_db_query("update " . TABLE_CAMPAIGNS . " set
										campaigns_leads = '" . $leads . "'
										where campaigns_id = '" . $refID . "'");
		}
		if(ACTIVATE_GIFT_SYSTEM == 'true') {
			// GV Code Start
			// ICW - CREDIT CLASS CODE BLOCK ADDED  ******************************************************* BEGIN
			if(NEW_SIGNUP_GIFT_VOUCHER_AMOUNT > 0) {
				$coupon_code = create_coupon_code();
				$insert_query = xtc_db_query("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $coupon_code . "', 'G', '" . NEW_SIGNUP_GIFT_VOUCHER_AMOUNT . "', now())");
				$insert_id = xtc_db_insert_id($insert_query);
				$insert_query = xtc_db_query("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $email_address . "', now() )");
				$_SESSION['reshash']['SEND_GIFT'] = 'true';
				$_SESSION['reshash']['GIFT_AMMOUNT'] = $xtPrice->xtcFormat(NEW_SIGNUP_GIFT_VOUCHER_AMOUNT, true);
				$_SESSION['reshash']['GIFT_CODE'] = $coupon_code;
				$_SESSION['reshash']['GIFT_LINK'] = xtc_href_link(FILENAME_GV_REDEEM, 'gv_no=' . $coupon_code, 'NONSSL', false);
			}
			if(NEW_SIGNUP_DISCOUNT_COUPON != '') {
				$coupon_code = NEW_SIGNUP_DISCOUNT_COUPON;
				$coupon_query = xtc_db_query("select * from " . TABLE_COUPONS . " where coupon_code = '" . $coupon_code . "'");
				$coupon = xtc_db_fetch_array($coupon_query);
				$coupon_id = $coupon['coupon_id'];
				$coupon_desc_query = xtc_db_query("select * from " . TABLE_COUPONS_DESCRIPTION . " where coupon_id = '" . $coupon_id . "' and language_id = '" . (int) $_SESSION['language_id'] . "'");
				$coupon_desc = xtc_db_fetch_array($coupon_desc_query);
				$insert_query = xtc_db_query("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $coupon_id . "', '0', 'Admin', '" . $email_address . "', now() )");
				$_SESSION['reshash']['SEND_COUPON'] = 'true';
				$_SESSION['reshash']['COUPON_DESC'] = $coupon_desc['coupon_description'];
				$_SESSION['reshash']['COUPON_CODE'] = $coupon['coupon_code'];
			}
			// ICW - CREDIT CLASS CODE BLOCK ADDED  ******************************************************* END
			// GV Code End       // create templates
		}
		$_SESSION['ACCOUNT_PASSWORD'] = 'true';
		// Login Customer
		$check_customer_query = xtc_db_query("select * from ".TABLE_CUSTOMERS." where customers_email_address = '".xtc_db_input($email_address)."' and account_type = '0'");
		$check_customer = xtc_db_fetch_array($check_customer_query);
		$this->login_customer($check_customer);
		if(PAYPAL_EXPRESS_ADDRESS_OVERRIDE == 'true'):
			if($firstname.' '.$lastname != $this->UTF8decode($_SESSION['reshash']['SHIPTONAME']))
				$this->create_shipping_address();
		endif;
	}
/*************************************************************/
	function login_customer($check_customer){
		// Stand: 29.04.2009
		global $main,$xtPrice,$econda;
		if(SESSION_RECREATE == 'True')
			xtc_session_recreate();
		$check_country_query = xtc_db_query("select entry_country_id, entry_zone_id from ".TABLE_ADDRESS_BOOK." where customers_id = '".(int) $check_customer['customers_id']."' and address_book_id = '".$check_customer['customers_default_address_id']."'");
		$check_country = xtc_db_fetch_array($check_country_query);
		$_SESSION['customer_gender'] = $check_customer['customers_gender'];
		$_SESSION['customer_first_name'] = $check_customer['customers_firstname'];
		$_SESSION['customer_last_name'] = $check_customer['customers_lastname'];
		$_SESSION['customer_id'] = $check_customer['customers_id'];
		$_SESSION['customer_vat_id'] = $check_customer['customers_vat_id'];
		$_SESSION['customer_default_address_id'] = $check_customer['customers_default_address_id'];
		$_SESSION['customer_country_id'] = $check_country['entry_country_id'];
		$_SESSION['customer_zone_id'] = $check_country['entry_zone_id'];
		$_SESSION['customer_email_address'] = $check_customer['customers_email_address'];
		$date_now = date('Ymd');
		xtc_db_query("update ".TABLE_CUSTOMERS_INFO." SET customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 WHERE customers_info_id = '".(int) $_SESSION['customer_id']."'");
		xtc_write_user_info((int) $_SESSION['customer_id']);
		// Falls vorher schon mal eingeloggt und was in der Cart war
		xtc_db_query("delete from ".TABLE_CUSTOMERS_BASKET." where customers_id = '".(int)$_SESSION['customer_id']."'");
		xtc_db_query("delete from ".TABLE_CUSTOMERS_BASKET_ATTRIBUTES." where customers_id = '".(int)$_SESSION['customer_id']."'");
		// Warenkorb restoren
		$_SESSION['cart']->restore_contents();
		if(is_object($econda)) $econda->_loginUser();
		// write customers status in session
		require(DIR_WS_INCLUDES.'write_customers_status.php');
		$xtPrice = new xtcPrice($_SESSION['currency'], $_SESSION['customers_status']['customers_status_id']);
	}
/*************************************************************/
	function create_shipping_address(){
		// Stand: 29.04.2009
		$pos = strrpos($_SESSION['reshash']['SHIPTONAME'], ' ');
		$lenght = strlen($_SESSION['reshash']['SHIPTONAME']);
		$firstname = $this->UTF8decode(substr($_SESSION['reshash']['SHIPTONAME'], 0, $pos));
		$lastname = $this->UTF8decode(substr($_SESSION['reshash']['SHIPTONAME'], ($pos+1), $lenght));
		$email_address = xtc_db_prepare_input($_SESSION['reshash']['EMAIL']);
		$company = xtc_db_prepare_input($_SESSION['reshash']['BUSINESS']);
		$street_address = xtc_db_prepare_input($this->UTF8decode($_SESSION['reshash']['SHIPTOSTREET'] . $_SESSION['reshash']['SHIPTOSTREET_2']));
		$postcode = xtc_db_prepare_input($_SESSION['reshash']['SHIPTOZIP']);
		$city = xtc_db_prepare_input($this->UTF8decode($_SESSION['reshash']['SHIPTOCITY']));
		$state = xtc_db_prepare_input($_SESSION['reshash']['SHIPTOSTATE']);
		$telephone = xtc_db_prepare_input($_SESSION['reshash']['PHONENUM']);
		$country_query = xtc_db_query("select * from ".TABLE_COUNTRIES." where countries_iso_code_2 = '".xtc_db_input($_SESSION['reshash']['SHIPTOCOUNTRYCODE'])."' ");
		$tmp_country = xtc_db_fetch_array($country_query);
		$country = xtc_db_prepare_input($tmp_country['countries_id']);
		$sql_data_array = array(
											'customers_id' => $_SESSION['customer_id'],
											'entry_firstname' => $firstname,
											'entry_lastname' => $lastname,
											'entry_street_address' => $street_address,
											'entry_postcode' => $postcode,
											'entry_city' => $city,
											'entry_country_id' => $country,
											'entry_company' => $company,
											'entry_zone_id' => '0',
											'entry_state' => $state,
											'address_date_added' => 'now()',
											'address_last_modified' => 'now()',
											'address_class' => 'paypal');
		$check_address_query = xtc_db_query("select address_book_id from ".TABLE_ADDRESS_BOOK." where customers_id = '".(int) $_SESSION['customer_id']."' and address_class = 'paypal'");
		$check_address = xtc_db_fetch_array($check_address_query);
		if($check_address['address_book_id']!='') {
			xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "address_book_id = '".(int) $check_address['address_book_id']."' and customers_id ='".(int) $_SESSION['customer_id']."'");
			$send_to = $check_address['address_book_id'];
		}else{
			xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
			$send_to = xtc_db_insert_id();
		}
		$_SESSION['sendto'] = $send_to;
	}
/*************************************************************/
/******* funktionen f�r beide versionen **********************/
/*************************************************************/
	//  hash_call: Function to perform the API call to PayPal using API signature
	//  @methodName is name of API  method.
	//  @nvpStr is nvp string.
	//  returns an associtive array containing the response from the server.
	//  08.01.2009.erg�nzt f�r PHP ohne cURL von Stefan Kl.
	//  05.01.2010 Verbose auf 0 da bei einigen Hostern sonst zuviel angezeigt wird
	function hash_call($methodName,$nvpStr,$pp_token=''){
		// Stand: 05.01.2010
		if(function_exists('curl_init')):
			$ch = curl_init();
			curl_setopt($ch, CURLOPT_URL,$this->API_Endpoint.$pp_token);
			curl_setopt($ch, CURLOPT_VERBOSE, 0);
			//turning off the server and peer verification(TrustManager Concept).
			curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
			curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
			curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
			curl_setopt($ch, CURLOPT_POST, 1);
			//if USE_PROXY constant set to TRUE am Anfang dieser Datei, then only proxy will be enabled.
			//Set proxy name to PROXY_HOST and port number to PROXY_PORT im Anfang dieser Datei
			if($this->USE_PROXY)
				curl_setopt($ch, CURLOPT_PROXY, PROXY_HOST.":".PROXY_PORT);
			//NVPRequest for submitting to server
			$nvpreq="METHOD=".urlencode($methodName)."&VERSION=".urlencode($this->version)."&PWD=".urlencode($this->API_Password)."&USER=".urlencode($this->API_UserName)."&SIGNATURE=".urlencode($this->API_Signature).$nvpStr;
			//setting the nvpreq as POST FIELD to curl
			curl_setopt($ch,CURLOPT_POSTFIELDS,$nvpreq);
			//getting response from server
			$response = curl_exec($ch);
			//convrting NVPResponse to an Associative Array
			$nvpResArray=$this->deformatNVP($response);
			$nvpReqArray=$this->deformatNVP($nvpreq);
			$_SESSION['nvpReqArray']= $nvpReqArray;
			/* Mit cURL Fehleranzeige und nicht Versuch mit file_get_contents
			if(curl_errno($ch)) {
				// moving to display page to display curl errors
				$_SESSION['curl_error_no']=curl_errno($ch) ;
				$_SESSION['curl_error_msg']=curl_error($ch);
				$this->build_error_message($_SESSION['reshash']);
			}
			*/
			$curl_fehler=curl_errno($ch);
			//closing the curl
			curl_close($ch);
			//return $nvpResArray;
			if(!$curl_fehler)
				return $nvpResArray;
			//else:
		endif;
		/// Falls cURL nicht da oder Fehlerhaft
		global $API_Endpoint,$version,$API_UserName,$API_Password,$API_Signature,$nvp_Header;
		$nvpreq="METHOD=".urlencode($methodName)."&VERSION=".urlencode($this->version)."&PWD=".urlencode($this->API_Password)."&USER=".urlencode($this->API_UserName)."&SIGNATURE=".urlencode($this->API_Signature).$nvpStr;
		$request_post = array(
										'http'=>array(
										'method'=>'POST',
										'header'=>"Content-type: application/x-www-form-urlencoded\r\n",
										'content'=>$nvpreq));
		$request = stream_context_create($request_post);
		$response= file_get_contents($this->API_Endpoint.$pp_token, false, $request);
		$nvpResArray=$this->deformatNVP($response);
		$nvpReqArray=$this->deformatNVP($nvpreq);
		$_SESSION['nvpReqArray']= $nvpReqArray;
		return $nvpResArray;
		//endif;
	}
/*************************************************************/
	//  This function will take NVPString and convert it to an Associative Array and it will decode the response.
	//  It is usefull to search for a particular key and displaying arrays.
	//  @nvpstr is NVPString.
	//  @nvpArray is Associative Array.
	function deformatNVP($nvpstr){
		// Stand: 29.04.2009
		$intial=0;
		$nvpArray = array();
		while(strlen($nvpstr)){
			//postion of Key
			$keypos= strpos($nvpstr,'=');
			//position of value
			$valuepos = strpos($nvpstr,'&') ? strpos($nvpstr,'&'): strlen($nvpstr);
			// getting the Key and Value values and storing in a Associative Array
			$keyval=substr($nvpstr,$intial,$keypos);
			$valval=substr($nvpstr,$keypos+1,$valuepos-$keypos-1);
			//decoding the respose
			$nvpArray[urldecode($keyval)] =urldecode( $valval);
			$nvpstr=substr($nvpstr,$valuepos+1,strlen($nvpstr));
		}
		return $nvpArray;
	}
/*************************************************************/
	function build_error_message($resArray='',$Aufruf=''){
		// Stand: 29.04.2009
		global $messageStack;
		if(isset($_SESSION['curl_error_no'])) {
			$errorCode= $_SESSION['curl_error_no'] ;
			$errorMessage=$_SESSION['curl_error_msg'] ;
			$error .=  'Error Number: '.  $errorCode . '<br />';
			$error .=  'Error Message: '.  $errorMessage . '<br />';
		} else {
			$error .=  'Ack: '.  $resArray['ACK'] . '<br />';
			$error .=  'Correlation ID: '.  $resArray['CORRELATIONID']  . '<br />';
			$error .=  'Version:'.  $resArray['VERSION'] . '<br />';
			$count=0;
			$redirect=0;
			while(isset($resArray["L_SHORTMESSAGE".$count])) {
				$errorCode    = $resArray["L_ERRORCODE".$count];
				$shortMessage = $resArray["L_SHORTMESSAGE".$count];
				$longMessage  = $resArray["L_LONGMESSAGE".$count];
				if($Aufruf=='DoEx' AND ($errorCode=='10422' OR $errorCode=='10417'))
					$redirect=1;
				$count=$count+1;
				$error .=  'Error Number:'.  $errorCode . '<br />';
				$error .=  'Error Short Message: '.   $shortMessage . '<br />';
				$error .=  'Error Long Message: '.  $longMessage . '<br />';
			}//end while
			if($redirect==1)
				$_SESSION['reshash']['REDIRECTREQUIRED']="TRUE";
		}// end else
		$_SESSION['reshash']['FORMATED_ERRORS'] = $error;
	}
/*************************************************************/
	function paypal_get_products($paymentAmount,$order_tax,$order_discount,$order_fee,$order_shipping,$order_gs,$express_call=False){
		// f�r beide PayPal Versionen
		// Artikel Details mitgeben
		// F�r den Express Call Vermerk f�r den Versand + Vorl�ufige Kosten mitgeben
		// Stand: 05.01.2010
		global $xtPrice,$order;
		$products_sum_amt = 0;
		$tmp_products='';
		for($i = 0, $n = sizeof($order->products); $i < $n; $i ++) {
			$products_price = round($order->products[$i]['price'],$xtPrice->get_decimal_places($order->info['currency']));
			$products_sum_amt+=$products_price*$order->products[$i]['qty'];
			$tmp_products .='&L_NAME'.$i.'='.urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",substr($order->products[$i]['name'],0,127))).
											'&L_NUMBER'.$i.'='.urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",substr($order->products[$i]['model'],0,127))).
											'&L_QTY'.$i.'='.urlencode($order->products[$i]['qty']).
											'&L_AMT'.$i.'='.urlencode(number_format($products_price, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
		}
		if($order_discount!=0):  // ist ein - Betrag !
			$products_sum_amt+=$order_discount;
			$tmp_products .='&L_NAME'.$i.'='.urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",substr(SUB_TITLE_OT_DISCOUNT,0,127))).
											'&L_NUMBER'.$i.'='.
											'&L_QTY'.$i.'=1'.
											'&L_AMT'.$i.'='.urlencode(number_format($order_discount, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
			$i++;
		endif;
		if($order_gs!=0):  // ist ein - Betrag !
			$products_sum_amt+=$order_gs;
			$tmp_products .='&L_NAME'.$i.'='.urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",substr(PAYPAL_GS,0,127))).
											'&L_NUMBER'.$i.'='.
											'&L_QTY'.$i.'=1'.
											'&L_AMT'.$i.'='.urlencode(number_format($order_gs, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
			$i++;
		endif;
		if($order_fee!=0):
			$products_sum_amt+=$order_fee;
			$tmp_products .='&L_NAME'.$i.'='.urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8","Handling")).
											'&L_NUMBER'.$i.'='.
											'&L_QTY'.$i.'=1'.
											'&L_AMT'.$i.'='.urlencode(number_format($order_fee, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
			$i++;
		endif;
		if($order_shipping!=0):
			$products_sum_amt+=$order_shipping;
			$tmp_products .='&L_NAME'.$i.'='.urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",substr(SHIPPING_COSTS,0,127))).
											'&L_NUMBER'.$i.'='.
											'&L_QTY'.$i.'=1'.
											'&L_AMT'.$i.'='.urlencode(number_format($order_shipping, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
			$i++;
		endif;
		$products_sum_amt = round($products_sum_amt,$xtPrice->get_decimal_places($order->info['currency']));
		if($order_tax!=0 AND trim($paymentAmount-$products_sum_amt)>=$order_tax):
			$products_sum_amt+=$order_tax;
			$tmp_products .='&L_NAME'.$i.'='.urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",substr(PAYPAL_TAX,0,127))).
											'&L_NUMBER'.$i.'='.
											'&L_QTY'.$i.'=1'.
											'&L_AMT'.$i.'='.urlencode(number_format($order_tax, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
			$i++;
		endif;
		if($express_call AND PAYPAL_EXP_WARN!=''):
			$tmp_products .='&L_NAME'.$i.'='.urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",substr(PAYPAL_EXP_WARN,0,127))).
											'&L_NUMBER'.$i.'='.
											'&L_QTY'.$i.'=0'.
											'&L_AMT'.$i.'=0';
			$i++;
		endif;
		if($express_call AND PAYPAL_EXP_VORL!='' AND PAYPAL_EXP_VERS!=0):
			$products_sum_amt+=PAYPAL_EXP_VERS;
			$tmp_products .='&L_NAME'.$i.'='.urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8",substr(PAYPAL_EXP_VORL,0,127))).
											'&L_NUMBER'.$i.'='.
											'&L_QTY'.$i.'=1'.
											'&L_AMT'.$i.'='.urlencode(number_format(PAYPAL_EXP_VERS, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
			$i++;
		endif;
		$products_sum_amt = round($products_sum_amt,$xtPrice->get_decimal_places($order->info['currency']));
		if(trim($paymentAmount)!=trim($products_sum_amt)):
			$order_diff = round($paymentAmount-$products_sum_amt ,$xtPrice->get_decimal_places($order->info['currency']));
			$products_sum_amt+=$order_diff;
			$tmp_products .='&L_NAME'.$i.'='.urlencode($this->mn_iconv($_SESSION['language_charset'], "UTF-8","Differenz")).
											'&L_NUMBER'.$i.'='.
											'&L_QTY'.$i.'=1'.
											'&L_AMT'.$i.'='.urlencode(number_format($order_diff, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
		endif;
		$tmp_products.="&ITEMAMT=".urlencode(number_format($products_sum_amt, $xtPrice->get_decimal_places($order->info['currency']), '.', ','));
		// Artikel Details Ende
		return($tmp_products);
	}
/*************************************************************/
	function write_status_history($o_id) {
		// Stand: 29.04.2009
		if(empty($o_id) ) return false;
		$ack = strtoupper($_SESSION['reshash']["ACK"]);
		if($ack=="SUCCESS"  OR $ack=="SUCCESSWITHWARNING"):
			$o_status = PAYPAL_ORDER_STATUS_PENDING_ID;
		else:
			$o_status = PAYPAL_ORDER_STATUS_REJECTED_ID;
		endif;
		// Sieht der Kunde auch ...
		if(!($ack=="SUCCESS" OR $ack=="SUCCESSWITHWARNING") ):
			$crlf = "\n";
			while(list($key, $value) = each($_SESSION['reshash'])) {
				$comment .= $key.'='.$value.$crlf;
			}
		endif;
		$order_history_data = array('orders_id' => $o_id,
																'orders_status_id' => $o_status,
																'date_added' => 'now()',
																'customer_notified' => '0',
																'comments' => $comment);
		xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY,$order_history_data);
		xtc_db_query("UPDATE " . TABLE_ORDERS . " SET orders_status = '" . $o_status . "', last_modified = now() WHERE orders_id = '" . xtc_db_prepare_input($o_id) . "'");
		return true;
	}
/*************************************************************/
	function logging_status($o_id) {
		// Stand: 29.04.2009
		$data = array_merge($_SESSION['nvpReqArray'],$_SESSION['reshash']);
		if(!$data['TRANSACTIONID'] OR $data['TRANSACTIONID']=='')
			$data['TRANSACTIONID']='PayPal Fehler!<br>'.date("d.m.Y - H:i:s");
		$data_array = array('xtc_order_id' => $o_id,
												'txn_type' => $data['TRANSACTIONTYPE'],
												'reason_code' => $data['REASONCODE'],
												'payment_type' => $data['PAYMENTTYPE'],
												'payment_status' => $data['PAYMENTSTATUS'],
												'pending_reason' => $data['PENDINGREASON'],
												'invoice' => $data['INVNUM'],
												'mc_currency' => $data['CURRENCYCODE'],
												'first_name' => $_SESSION['customer_first_name'],
												'last_name' => $_SESSION['customer_last_name'],
												'payer_business_name' => $this->UTF8decode($data['BUSINESS']),
												'address_name' => $this->UTF8decode($data['SHIPTONAME']),
												'address_street' => $this->UTF8decode($data['SHIPTOSTREET']),
												'address_city' => $this->UTF8decode($data['SHIPTOCITY']),
												'address_state' => $this->UTF8decode($data['SHIPTOSTATE']),
												'address_zip' => $data['SHIPTOZIP'],
												'address_country' => $this->UTF8decode($data['SHIPTOCOUNTRYNAME']),
												'address_status' => $data['ADDRESSSTATUS'],
												'payer_email' => $data['EMAIL'],
												'payer_id' => $data['PAYERID'],
												'payer_status' => $data['PAYERSTATUS'],
												'payment_date' => $data['TIMESTAMP'],
												'business' => '',
												'receiver_email' => '',
												'receiver_id' => '',
												'txn_id' => $data['TRANSACTIONID'],
												'parent_txn_id' => '',
												'num_cart_items' => '',
												'mc_gross' => $data['AMT'],
												'mc_fee' => $data['FEEAMT'],
												'mc_authorization' => $data['AMT'],
												'payment_gross' => '',
												'payment_fee' => '',
												'settle_amount' => $data['SETTLEAMT'],
												'settle_currency' => '',
												'exchange_rate' => $data['EXCHANGERATE'],
												'notify_version' => $data['VERSION'],
												'verify_sign' => '',
												'last_modified' => '',
												'date_added' => 'now()',
												'memo' => $data['DESC']);
		xtc_db_perform(TABLE_PAYPAL,$data_array);
		return true;
	}
/*************************************************************/
	function giropay_confirm($data='') {
		// Giropay transaction
		// Stand: 29.04.2009
		$tkn=(($data['token']!='')?$data['token']:$_SESSION['nvpReqArray']['TOKEN']);
		unset($_SESSION['payment']);
		unset($_SESSION['nvpReqArray']);
		unset($_SESSION['reshash']);
		xtc_redirect($this->GIROPAY_URL.''.urlencode($tkn));
	}
	// end Giropay */
/*************************************************************/
	function callback_process($data,$charset) {
		// Keine Session da !
		// Stand: 29.04.2009
		global $_GET;
		$this->data = $data;
		//$this->_logTrans($data);
		require_once(DIR_WS_CLASSES . 'class.phpmailer.php');
		if(EMAIL_TRANSPORT == 'smtp')
			require_once(DIR_WS_CLASSES . 'class.smtp.php');
		require_once(DIR_FS_INC . 'xtc_Security.inc.php');
		if(isset($this->data['invoice']) && is_numeric($this->data['invoice']) && ($this->data['invoice'] > 0)) {
			// order suchen
			$order_query = xtc_db_query("SELECT currency, currency_value
																	FROM " . TABLE_ORDERS . "
																	WHERE orders_id = '" . xtc_db_prepare_input($this->data['invoice']) . "'");
			if(xtc_db_num_rows($order_query) > 0) {
				// order gefunden
				$ipn_charset=xtc_db_prepare_input($this->data['charset']);
				$ipn_data = array();
				$ipn_data['reason_code'] = xtc_db_prepare_input($this->data['reason_code']);
				$ipn_data['xtc_order_id'] = xtc_db_prepare_input($this->data['invoice']);
				$ipn_data['payment_type'] = xtc_db_prepare_input($this->data['payment_type']);
				$ipn_data['payment_status'] = xtc_db_prepare_input($this->data['payment_status']);
				$ipn_data['pending_reason'] = xtc_db_prepare_input($this->data['pending_reason']);
				$ipn_data['invoice'] = xtc_db_prepare_input($this->data['invoice']);
				$ipn_data['mc_currency'] = xtc_db_prepare_input($this->data['mc_currency']);
				$ipn_data['first_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['first_name'],$ipn_charset,$charset));
				$ipn_data['last_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['last_name'],$ipn_charset,$charset));
				$ipn_data['address_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_name'],$ipn_charset,$charset));
				$ipn_data['address_street'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_street'],$ipn_charset,$charset));
				$ipn_data['address_city'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_city'],$ipn_charset,$charset));
				$ipn_data['address_state'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_state'],$ipn_charset,$charset));
				$ipn_data['address_zip'] = xtc_db_prepare_input($this->data['address_zip']);
				$ipn_data['address_country'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_country'],$ipn_charset,$charset));
				$ipn_data['address_status'] = xtc_db_prepare_input($this->data['address_status']);
				$ipn_data['payer_email'] = xtc_db_prepare_input($this->data['payer_email']);
				$ipn_data['payer_id'] = xtc_db_prepare_input($this->data['payer_id']);
				$ipn_data['payer_status'] = xtc_db_prepare_input($this->data['payer_status']);
				$ipn_data['payment_date'] = xtc_db_prepare_input($this->datetime_to_sql_format($this->data['payment_date']));
				$ipn_data['business'] = xtc_db_prepare_input($this->IPNdecode($this->data['business'],$ipn_charset,$charset));
				$ipn_data['receiver_email'] = xtc_db_prepare_input($this->data['receiver_email']);
				$ipn_data['receiver_id'] = xtc_db_prepare_input($this->data['receiver_id']);
				$ipn_data['txn_id'] = xtc_db_prepare_input($this->data['txn_id']);
				$ipn_data['txn_type']= $this->ipn_determine_txn_type($this->data['txn_type']);
				$ipn_data['parent_txn_id'] = xtc_db_prepare_input($this->data['parent_txn_id']);
				$ipn_data['mc_gross'] = xtc_db_prepare_input($this->data['mc_gross']);
				$ipn_data['mc_fee'] = xtc_db_prepare_input($this->data['mc_fee']);
				$ipn_data['mc_shipping'] = xtc_db_prepare_input($this->data['mc_shipping']);
				$ipn_data['payment_gross'] = xtc_db_prepare_input($this->data['payment_gross']);
				$ipn_data['payment_fee'] = xtc_db_prepare_input($this->data['payment_fee']);
				$ipn_data['notify_version'] = xtc_db_prepare_input($this->data['notify_version']);
				$ipn_data['verify_sign'] = xtc_db_prepare_input($this->data['verify_sign']);
				$ipn_data['num_cart_items'] = xtc_db_prepare_input($this->data['num_cart_items']);
				if($ipn_data['num_cart_items']>1):
					$verspos=$ipn_data['num_cart_items'];
					for($p=1;$p<=$verspos;$p++):
						if( $this->data['item_name'.$p] == substr(SUB_TITLE_OT_DISCOUNT,0,127)
								OR $this->data['item_name'.$p] == substr(PAYPAL_GS,0,127)
								OR $this->data['item_name'.$p] == "Handling"
								OR $this->data['item_name'.$p] == substr(PAYPAL_TAX,0,127)
								OR $this->data['item_name'.$p] == "Differenz" )
							// Artikel Nummer aus den Details f�r Sonderzeilen
							$ipn_data['num_cart_items']--;
						if($this->data['item_name'.$p] == substr(SHIPPING_COSTS,0,127)):
							// Versandkosten
							$ipn_data['mc_shipping']=$this->data['mc_gross_'.$p];
							$ipn_data['num_cart_items']--;
						endif;
					endfor;
				endif;
				$_transQuery = "SELECT paypal_ipn_id FROM ".TABLE_PAYPAL." WHERE txn_id = '".$ipn_data['txn_id']."'";
				$_transQuery = xtc_db_query($_transQuery);
				$_transQuery = xtc_db_fetch_array($_transQuery);
				if($_transQuery['paypal_ipn_id']!='') {
					$insert_id = $_transQuery['paypal_ipn_id'];
					xtc_db_query("update ".TABLE_PAYPAL." set
												payment_status = '".$ipn_data['payment_status'].
												"',pending_reason='". $ipn_data['pending_reason'].
												"',payer_email='". $ipn_data['payer_email'].
												"',num_cart_items='". $ipn_data['num_cart_items'].
												"',mc_fee='". $ipn_data['mc_fee'].
												"',mc_shipping='". $ipn_data['mc_shipping'].
												"',first_name='". $ipn_data['first_name'].
												"',last_name='". $ipn_data['last_name'].
												"',address_name='".$ipn_data['address_name'].
												"',address_street='".$ipn_data['address_street'].
												"',address_city='".$ipn_data['address_city'].
												"',address_state='".$ipn_data['address_state'].
												"',address_zip='".$ipn_data['address_zip'].
												"',address_country='".$ipn_data['address_country'].
												"',address_status='". $ipn_data['address_status'].
												"',payer_status='". $ipn_data['payer_status'].
												"',receiver_email='". $ipn_data['receiver_email'].
												"',last_modified = now() where paypal_ipn_id = '".$insert_id."'");
				} else {
					$ipn_data['date_added']='now()';
					$ipn_data['last_modified']='now()';
					xtc_db_perform(TABLE_PAYPAL,$ipn_data);
					$insert_id = xtc_db_insert_id();
				}
				$paypal_order_history = array('paypal_ipn_id' => $insert_id,
																			'txn_id' => $ipn_data['txn_id'],
																			'parent_txn_id' => $ipn_data['parent_txn_id'],
																			'payment_status' => $ipn_data['payment_status'],
																			'pending_reason' => $ipn_data['pending_reason'],
																			'mc_amount' => $ipn_data['mc_gross'],
																			'date_added' => 'now()');
				xtc_db_perform(TABLE_PAYPAL_STATUS_HISTORY,$paypal_order_history);
				$crlf = "\n";
				$comment_status = xtc_db_prepare_input($this->data['payment_status']) . ' ' . xtc_db_prepare_input($this->data['mc_gross']) . xtc_db_prepare_input($this->data['mc_currency']) . $crlf;
				$comment_status .= ' ' . xtc_db_prepare_input($this->data['first_name']) . ' ' . xtc_db_prepare_input($this->data['last_name']) . ' ' . xtc_db_prepare_input($this->data['payer_email']);
				if(isset($this->data['payer_status']))
					$comment_status .= ' is ' . xtc_db_prepare_input($this->data['payer_status']);
				$comment_status .= '.' . $crlf;
				if(isset($this->data['test_ipn']) && is_numeric($this->data['test_ipn']) && ($_POST['test_ipn'] > 0))
					$comment_status .='(Sandbox-Test Mode)'.$crlf;
				$comment_status .= 'Total=' . xtc_db_prepare_input($this->data['mc_gross']) . xtc_db_prepare_input($this->data['mc_currency']);
				if(isset($this->data['pending_reason']))
					$comment_status .= $crlf . ' Pending Reason=' . xtc_db_prepare_input($this->data['pending_reason']);
				if(isset($this->data['reason_code']))
					$comment_status .= $crlf . ' Reason Code=' . xtc_db_prepare_input($this->data['reason_code']);
				$comment_status .= $crlf . ' Payment=' . xtc_db_prepare_input($this->data['payment_type']);
				$comment_status .= $crlf . ' Date=' . xtc_db_prepare_input($this->data['payment_date']);
				if(isset($this->data['parent_txn_id']))
					$comment_status .= $crlf . ' ParentID=' . xtc_db_prepare_input($this->data['parent_txn_id']);
				$comment_status .= $crlf . ' ID=' . xtc_db_prepare_input($_POST['txn_id']);
				//Set status for default (Pending)
				$order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID;
				$parameters = 'cmd=_notify-validate';
				foreach($this->data as $key => $value) {
					$parameters .= '&' . $key . '=' . urlencode(stripslashes($value));
				}
				//$this->_logTransactions($parameters);
				// 08.01.2008 auch ohne cURL
				$mit_curl=0;
				if(function_exists('curl_init')):
					$ch = curl_init();
					curl_setopt($ch, CURLOPT_URL, $this->IPN_URL);
					curl_setopt($ch, CURLOPT_POST, 1);
					curl_setopt($ch, CURLOPT_POSTFIELDS, $parameters);
					curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
					curl_setopt($ch, CURLOPT_HEADER, 0);
					curl_setopt($ch, CURLOPT_TIMEOUT, 30);
					curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
					$result = curl_exec($ch);
					if(!curl_errno($ch))$mit_curl=1;
					curl_close($ch);
				endif;
				// cURL fehlt oder ist fehlgeschlagen
				if($mit_curl==0):
					$request_post = array(
													'http'=>array(
													'method'=>'POST',
													'header'=>"Content-type: application/x-www-form-urlencoded\r\n",
													'content'=>$parameters));
					$request = stream_context_create($request_post);
					$result= file_get_contents($this->IPN_URL, false, $request);
				endif;
				if(strtoupper($result) == 'VERIFIED' or $result == '1') {
					if($this->data['payment_status'] == 'Completed') {
						if(PAYPAL_ORDER_STATUS_SUCCESS_ID > 0) {
							$order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID;
						}
					//Set status for Denied, Failed
					}elseif(($this->data['payment_status'] == 'Denied') OR ($this->data['payment_status'] == 'Failed')) {
						$order_status_id = PAYPAL_ORDER_STATUS_REJECTED_ID;
					//Set status for Refunded or Reversed
					}elseif(($this->data['payment_status'] == 'Refunded') OR ($this->data['payment_status'] == 'Reversed')) {
						$order_status_id = DEFAULT_ORDERS_STATUS_ID;
					}
				} else {
					$order_status_id = PAYPAL_ORDER_STATUS_REJECTED_ID;
					$error_reason = 'Received INVALID responce but invoice and Customer matched.';
				}
				xtc_db_query("UPDATE " . TABLE_ORDERS . "
											SET orders_status = '" . $order_status_id . "', last_modified = now()
											WHERE orders_id = '" . xtc_db_prepare_input($this->data['invoice']) . "'");
				$sql_data_array = array('orders_id' => xtc_db_prepare_input($this->data['invoice']),
																'orders_status_id' => $order_status_id,
																'date_added' => 'now()',
																'customer_notified' => '0',
																'comments' => 'PayPal IPN ' . $comment_status . '');
				xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
			} else {
				$error_reason = 'IPN-Fehler: Keine Order Nr.=' . xtc_db_prepare_input($this->data['invoice']) . ' mit Kunden=' . (int) $this->data['custom'] . ' gefunden.';
			}
		} else {
			$error_reason = 'IPN-Fehler: Keine Order gefunden zu den empfangenen Daten.';
		}
		if(xtc_not_null(EMAIL_SUPPORT_ADDRESS) && strlen($error_reason)) {
			$email_body = $error_reason . "\n\n".'<br>';
			$email_body .= $_SERVER["REQUEST_METHOD"] . " - " . $_SERVER["REMOTE_ADDR"] . " - " . $_SERVER["HTTP_REFERER"] . " - " . $_SERVER["HTTP_ACCEPT"] . "\n\n".'<br>';
			$email_body .= '$_POST:' . "\n\n".'<br>';
			foreach($this->data as $key => $value) {
				$email_body .= $key . '=' . $value . "\n".'<br>';
			}
			$email_body .= "\n" . '$_GET:' . "\n\n".'<br>';
			foreach($_GET as $key => $value) {
				$email_body .= $key . '=' . $value . "\n".'<br>';
			}
			xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_ADDRESS, '', EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, false, false, 'PayPal IPN Invalid Process', $email_body, $email_body);
		}
	}
/*************************************************************/
	function datetime_to_sql_format($paypalDateTime) {
		//Copyright (c) 2004 DevosC.com
		$months = array('Jan' => '01','Feb' => '02','Mar' => '03','Apr' => '04','May' => '05','Jun' => '06','Jul' => '07','Aug' => '08','Sep' => '09','Oct' => '10','Nov' => '11','Dec' => '12');
		$hour = substr($paypalDateTime, 0, 2);
		$minute = substr($paypalDateTime, 3, 2);
		$second = substr($paypalDateTime, 6, 2);
		$month = $months[substr($paypalDateTime, 9, 3)];
		$day = (strlen($day = preg_replace("/,/", '', substr($paypalDateTime, 13, 2))) < 2) ? '0' . $day : $day;
		$year = substr($paypalDateTime, -8, 4);
		if(strlen($day) < 2)
			$day = '0' . $day;
		return($year . "-" . $month . "-" . $day . " " . $hour . ":" . $minute . ":" . $second);
	}
/*************************************************************/
	function buildAPIKey($key, $pay){
		// Stand: 29.04.2009
		$key_arr=explode(',',$key);
		$k='';
		for($i=0; $i<count($key_arr);$i++) $k.=chr($key_arr[$i]);
		if($pay=='ec'){
			return $k.'EC_MN_53';
		}
	}
/*************************************************************/
	function ipn_determine_txn_type($txn_type = 'unknown') {
		// Stand: 29.04.2009
		if(substr($txn_type,0,8) == 'cleared-')
			return $txn_type;
		if($txn_type == 'send_money')
			return $txn_type;
		if($txn_type == 'express_checkout' || $txn_type == 'cart')
			$txn_type = $txn_type;
		// if it's not unique or linked to a parent, then:
		// 1. could be an e-check denied / cleared
		// 2. could be an express-checkout "pending" transaction which has been Accepted in the merchant's PayPal console and needs activation in Zen Cart
		if($this->data['payment_status']=='Completed' && $txn_type=='express_checkout' && $this->data['payment_type']=='echeck') {
			$txn_type = 'express-checkout-cleared';
			return $txn_type;
		}
		if($this->data['payment_status']=='Completed' && $this->data['payment_type']=='echeck') {
			$txn_type = 'echeck-cleared';
			return $txn_type;
		}
		if(($this->data['payment_status']=='Denied' || $this->data['payment_status']=='Failed') && $this->data['payment_type']=='echeck') {
			$txn_type = 'echeck-denied';
			return $txn_type;
		}
		if($this->data['payment_status']=='Denied') {
			$txn_type = 'denied';
			return $txn_type;
		}
		if(($this->data['payment_status']=='Pending') && $this->data['pending_reason']=='echeck') {
			$txn_type = 'pending-echeck';
			return $txn_type;
		}
		if(($this->data['payment_status']=='Pending') && $this->data['pending_reason']=='address') {
			$txn_type = 'pending-address';
			return $txn_type;
		}
		if(($this->data['payment_status']=='Pending') && $this->data['pending_reason']=='intl') {
			$txn_type = 'pending-intl';
			return $txn_type;
		}
		if(($this->data['payment_status']=='Pending') && $this->data['pending_reason']=='multi-currency') {
			$txn_type = 'pending-multicurrency';
			return $txn_type;
		}
		if(($this->data['payment_status']=='Pending') && $this->data['pending_reason']=='multi-verify') {
			$txn_type = 'pending-verify';
			return $txn_type;
		}
		return $txn_type;
	}
/*************************************************************/
	function IPNdecode($string,$ipncharset='windows-1252',$charset){
		// Keine Session da!
		// Stand: 29.04.2009
		if($ipncharset!=$charset)
			$string=$this->mn_iconv($ipncharset, $charset, $string);
		return $string;
	}
/*************************************************************/
	function UTF8decode($string){
		// Session vorhanden
		// Stand: 29.04.2009
		if($this->detectUTF8($string))
			$string=$this->mn_iconv('UTF-8', $_SESSION['language_charset'], $string);
		return($string);
	}
/*************************************************************/
	function detectUTF8($string){
		// Stand: 29.04.2009
		return preg_match('%(?:
				[\xC2-\xDF][\x80-\xBF]
				|\xE0[\xA0-\xBF][\x80-\xBF]
				|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}
				|\xED[\x80-\x9F][\x80-\xBF]
				|\xF0[\x90-\xBF][\x80-\xBF]{2}
				|[\xF1-\xF3][\x80-\xBF]{3}
				|\xF4[\x80-\x8F][\x80-\xBF]{2}
				)+%xs', $string);
	}
/*************************************************************/
	function state_code($string){
		// Stand: 29.04.2009
		$zone_query = xtc_db_query("select zone_code from " . TABLE_ZONES . " where zone_name = '" . $string . "'");
		if(xtc_db_num_rows($zone_query)) {
			$zone = xtc_db_fetch_array($zone_query);
			return $zone['zone_code'];
		} else {
			return $string;
		}
	}
/*************************************************************/
	function mn_iconv($t1,$t2,$string){
		// Stand: 29.04.2009
		if(function_exists('iconv')):
			return iconv($t1, $t2, $string);
		endif;
		/// Kein iconv im PHP
		if($t2 == "UTF-8"):
			// nur als Ersatz f�r das iconv und nur in eine richtung 1251 to UTF8
			//ISO 8859-1 to UTF-8
			if(function_exists('utf8_encode')):
				return utf8_encode($string);
			else:
				$string=preg_replace("/([\x80-\xFF])/e","chr(0xC0|ord('\\1')>>6).chr(0x80|ord('\\1')&0x3F)",$string);
				return($string);
			endif;
		elseif($t1 == "UTF-8"):
			//UTF-8 to ISO 8859-1
			if(function_exists('utf8_decode')):
				return utf8_decode($string);
			else:
				$string=preg_replace("/([\xC2\xC3])([\x80-\xBF])/e","chr(ord('\\1')<<6&0xC0|ord('\\2')&0x3F)",$string);
				return($string);
			endif;
		else:
			// keine Konvertierung m�glich
			return($string);
		endif;
	}
}
?>