Permalink
Browse files

REmove deprecated HTTP_XXX_VARS

  • Loading branch information...
1 parent dfcbed5 commit 385133750b872965b9ddd469d24b7a16e2f7cf52 unknown committed Jan 2, 2012
@@ -16,24 +16,24 @@
$ip_address = tep_get_ip_address();
if ( ($ip_address == '69.20.58.35') || ($ip_address == '207.97.201.192') ) {
- if (isset($HTTP_POST_VARS['cs1']) && is_numeric($HTTP_POST_VARS['cs1']) && isset($HTTP_POST_VARS['cs2']) && is_numeric($HTTP_POST_VARS['cs2']) && isset($HTTP_POST_VARS['cs3']) && !empty($HTTP_POST_VARS['cs3']) && isset($HTTP_POST_VARS['product_id']) && ($HTTP_POST_VARS['product_id'] == MODULE_PAYMENT_CHRONOPAY_PRODUCT_ID) && isset($HTTP_POST_VARS['total']) && !empty($HTTP_POST_VARS['total']) && isset($HTTP_POST_VARS['transaction_type']) && !empty($HTTP_POST_VARS['transaction_type'])) {
- if ($HTTP_POST_VARS['cs3'] == md5(MODULE_PAYMENT_CHRONOPAY_PRODUCT_ID . $HTTP_POST_VARS['cs2'] . $HTTP_POST_VARS['cs1'] . $HTTP_POST_VARS['total'] . MODULE_PAYMENT_CHRONOPAY_MD5_HASH)) {
- $order_query = tep_db_query("select order_status, currency, currency_value from " . TABLE_ORDERS . " where orders_id = '" . (int)$HTTP_POST_VARS['cs2'] . "' and customers_id = '" . (int)$HTTP_POST_VARS['cs1'] . "'");
+ if (isset($_POST['cs1']) && is_numeric($_POST['cs1']) && isset($_POST['cs2']) && is_numeric($_POST['cs2']) && isset($_POST['cs3']) && !empty($_POST['cs3']) && isset($_POST['product_id']) && ($_POST['product_id'] == MODULE_PAYMENT_CHRONOPAY_PRODUCT_ID) && isset($_POST['total']) && !empty($_POST['total']) && isset($_POST['transaction_type']) && !empty($_POST['transaction_type'])) {
+ if ($_POST['cs3'] == md5(MODULE_PAYMENT_CHRONOPAY_PRODUCT_ID . $_POST['cs2'] . $_POST['cs1'] . $_POST['total'] . MODULE_PAYMENT_CHRONOPAY_MD5_HASH)) {
+ $order_query = tep_db_query("select order_status, currency, currency_value from " . TABLE_ORDERS . " where orders_id = '" . (int)$_POST['cs2'] . "' and customers_id = '" . (int)$_POST['cs1'] . "'");
if (tep_db_num_rows($order_query) > 0) {
$order = tep_db_fetch_array($order_query);
if ($order['order_status'] == MODULE_PAYMENT_CHRONOPAY_PREPARE_ORDER_STATUS_ID) {
- $total_query = tep_db_query("select value from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int)$HTTP_POST_VARS['cs2'] . "' and class = 'ot_total' limit 1");
+ $total_query = tep_db_query("select value from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int)$_POST['cs2'] . "' and class = 'ot_total' limit 1");
$total = tep_db_fetch_array($total_query);
- $comment_status = $HTTP_POST_VARS['transaction_type'] . ' (' . $HTTP_POST_VARS['transaction_id'] . '; ' . $currencies->format($HTTP_POST_VARS['total'], false, $HTTP_POST_VARS['currency']) . ')';
+ $comment_status = $_POST['transaction_type'] . ' (' . $_POST['transaction_id'] . '; ' . $currencies->format($_POST['total'], false, $_POST['currency']) . ')';
$order_status_id = (MODULE_PAYMENT_CHRONOPAY_ORDER_STATUS_ID > 0 ? (int)MODULE_PAYMENT_CHRONOPAY_ORDER_STATUS_ID : (int)DEFAULT_ORDERS_STATUS_ID);
- tep_db_query("update " . TABLE_ORDERS . " set orders_status = '" . $order_status_id . "', last_modified = now() where orders_id = '" . (int)$HTTP_POST_VARS['cs2'] . "'");
+ tep_db_query("update " . TABLE_ORDERS . " set orders_status = '" . $order_status_id . "', last_modified = now() where orders_id = '" . (int)$_POST['cs2'] . "'");
- $sql_data_array = array('orders_id' => $HTTP_POST_VARS['cs2'],
+ $sql_data_array = array('orders_id' => $_POST['cs2'],
'orders_status_id' => $order_status_id,
'date_added' => 'now()',
'customer_notified' => '0',
@@ -9,38 +9,38 @@
chdir('../../../../');
require ('includes/application_top.php');
-reset($HTTP_POST_VARS);
+reset($_POST);
$result = "VERIFIED";
$ok = true;
$my_order = null;
$my_order_query = null;
//*************************************
// Validate request
//
-if (! isset ($HTTP_POST_VARS['order_id']) || !is_numeric($HTTP_POST_VARS['order_id']) || ($HTTP_POST_VARS['order_id'] <= 0))
+if (! isset ($_POST['order_id']) || !is_numeric($_POST['order_id']) || ($_POST['order_id'] <= 0))
{
$ok = false;
$result = "bad order id";
}
if ($ok)
{
- if (! isset ($HTTP_POST_VARS["invoice_amount"]))
+ if (! isset ($_POST["invoice_amount"]))
{
$ok = false;
$result = "bad amount";
}
}
if ($ok)
{
- if (! isset ($HTTP_POST_VARS["invoice_currency"]))
+ if (! isset ($_POST["invoice_currency"]))
{
$ok = false;
$result = "bad currency";
}
}
if ($ok)
{
- if (! isset ($HTTP_POST_VARS["checksum"]) || ! isset ($HTTP_POST_VARS["invoice_reference"]) || ! isset ($HTTP_POST_VARS["invoice_created_at"]) || ! isset ($HTTP_POST_VARS["invoice_status"]))
+ if (! isset ($_POST["checksum"]) || ! isset ($_POST["invoice_reference"]) || ! isset ($_POST["invoice_created_at"]) || ! isset ($_POST["invoice_status"]))
{
$ok = false;
$result = "missing vatiables";
@@ -53,23 +53,23 @@
//
$sk = MODULE_PAYMENT_INPAY_SECRET_KEY;
$q = http_build_query( array (
- "order_id"=>$HTTP_POST_VARS['order_id'],
- "invoice_reference"=>$HTTP_POST_VARS['invoice_reference'],
- "invoice_amount"=>$HTTP_POST_VARS['invoice_amount'],
- "invoice_currency"=>$HTTP_POST_VARS['invoice_currency'],
- "invoice_created_at"=>$HTTP_POST_VARS['invoice_created_at'],
- "invoice_status"=>$HTTP_POST_VARS['invoice_status'],
+ "order_id"=>$_POST['order_id'],
+ "invoice_reference"=>$_POST['invoice_reference'],
+ "invoice_amount"=>$_POST['invoice_amount'],
+ "invoice_currency"=>$_POST['invoice_currency'],
+ "invoice_created_at"=>$_POST['invoice_created_at'],
+ "invoice_status"=>$_POST['invoice_status'],
"secret_key"=>$sk), "", "&");
$md5v = md5($q);
- if ($md5v != $HTTP_POST_VARS["checksum"])
+ if ($md5v != $_POST["checksum"])
{
$ok = false;
$result = "bad checksum";
}
}
if ($ok)
{
- $my_order_query = tep_db_query("select orders_status, currency, currency_value from ".TABLE_ORDERS." where orders_id = '".$HTTP_POST_VARS['order_id']."'"); // TODO: fix PB to add all params"' and customers_id = '" . (int)$HTTP_POST_VARS['custom'] . "'");
+ $my_order_query = tep_db_query("select orders_status, currency, currency_value from ".TABLE_ORDERS." where orders_id = '".$_POST['order_id']."'"); // TODO: fix PB to add all params"' and customers_id = '" . (int)$_POST['custom'] . "'");
if (tep_db_num_rows($my_order_query) <= 0)
{
$ok = false;
@@ -80,12 +80,12 @@
{
$my_order = tep_db_fetch_array($my_order_query);
$order = $my_order;
- $total_query = tep_db_query("select value from ".TABLE_ORDERS_TOTAL." where orders_id = '".$HTTP_POST_VARS['order_id']."' and class = 'ot_total' limit 1");
+ $total_query = tep_db_query("select value from ".TABLE_ORDERS_TOTAL." where orders_id = '".$_POST['order_id']."' and class = 'ot_total' limit 1");
$total = tep_db_fetch_array($total_query);
- if (number_format($HTTP_POST_VARS['invoice_amount'], $currencies->get_decimal_places($order['currency'])) != number_format($total['value']*$order['currency_value'], $currencies->get_decimal_places($order['currency'])))
+ if (number_format($_POST['invoice_amount'], $currencies->get_decimal_places($order['currency'])) != number_format($total['value']*$order['currency_value'], $currencies->get_decimal_places($order['currency'])))
{
$ok = false;
- $result = 'Inpay transaction value ('.tep_output_string_protected($HTTP_POST_VARS['invoice_amount']).') does not match order value ('.number_format($total['value']*$order['currency_value'], $currencies->get_decimal_places($order['currency'])).')';
+ $result = 'Inpay transaction value ('.tep_output_string_protected($_POST['invoice_amount']).') does not match order value ('.number_format($total['value']*$order['currency_value'], $currencies->get_decimal_places($order['currency'])).')';
}
}
if ($ok)
@@ -103,13 +103,13 @@
}
if ($ok) {
require_once ('inpay_functions.php');
- $invoice_status = get_invoice_status($HTTP_POST_VARS);
+ $invoice_status = get_invoice_status($_POST);
$ok = false;
- if ((($invoice_status == "pending")||($invoice_status == "created"))&&(($HTTP_POST_VARS["invoice_status"] == "pending")||($HTTP_POST_VARS["invoice_status"] == "created"))) {
+ if ((($invoice_status == "pending")||($invoice_status == "created"))&&(($_POST["invoice_status"] == "pending")||($_POST["invoice_status"] == "created"))) {
$ok = true;
- } else if (($invoice_status == "approved") && ($HTTP_POST_VARS["invoice_status"] == "approved")) {
+ } else if (($invoice_status == "approved") && ($_POST["invoice_status"] == "approved")) {
$ok = true;
- } else if (($invoice_status == "sum_too_low") && ($HTTP_POST_VARS["invoice_status"] == "sum_too_low")) {
+ } else if (($invoice_status == "sum_too_low") && ($_POST["invoice_status"] == "sum_too_low")) {
$ok = true;
}
if (!$ok)
@@ -126,20 +126,20 @@
$order = $my_order;
$order_status_id = DEFAULT_ORDERS_STATUS_ID;
$invoice_approved = false;
- switch($HTTP_POST_VARS["invoice_status"])
+ switch($_POST["invoice_status"])
{
case "created":
case "pending":
- $msg = "customer has been asked to pay ".$HTTP_POST_VARS['invoice_amount']." ".$HTTP_POST_VARS['invoice_currency']." with reference: ".$HTTP_POST_VARS["invoice_reference"]. " via his online bank";
+ $msg = "customer has been asked to pay ".$_POST['invoice_amount']." ".$_POST['invoice_currency']." with reference: ".$_POST["invoice_reference"]. " via his online bank";
$order_status_id = MODULE_PAYMENT_INPAY_CREATE_ORDER_STATUS_ID;
break;
case "approved":
- $msg = "Inpay has confimed that the payment of ".$HTTP_POST_VARS['invoice_amount']." ".$HTTP_POST_VARS['invoice_currency']." has been received";
+ $msg = "Inpay has confimed that the payment of ".$_POST['invoice_amount']." ".$_POST['invoice_currency']." has been received";
$order_status_id = MODULE_PAYMENT_INPAY_COMP_ORDER_STATUS_ID;
$invoice_approved = true;
break;
case "sum_too_low":
- $msg = "Partial payment received by inpay. Reference: ".$HTTP_POST_VARS["invoice_reference"];
+ $msg = "Partial payment received by inpay. Reference: ".$_POST["invoice_reference"];
$order_status_id = MODULE_PAYMENT_INPAY_SUM_TOO_LOW_ORDER_STATUS_ID;
break;
}
@@ -148,28 +148,29 @@
//
// update order status
//
- $sql_data_array = array ('orders_id'=>$HTTP_POST_VARS['order_id'],
+ $sql_data_array = array ('orders_id'=>$_POST['order_id'],
'orders_status_id'=>$order_status_id,
'date_added'=>'now()',
'customer_notified'=>$customer_notified,
- 'comments'=>'Inpay '.ucfirst($HTTP_POST_VARS['invoice_status']).'['.$comment_status.']');
+ 'comments'=>'Inpay '.ucfirst($_POST['invoice_status']).'['.$comment_status.']');
tep_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
- tep_db_query("update ".TABLE_ORDERS." set orders_status = '".$order_status_id."', last_modified = now() where orders_id = '".(int)$HTTP_POST_VARS['order_id']."'");
+ tep_db_query("update ".TABLE_ORDERS." set orders_status = '".$order_status_id."', last_modified = now() where orders_id = '".(int)$_POST['order_id']."'");
if ($invoice_approved)
{
// for email
include(DIR_WS_LANGUAGES . $language . '/modules/payment/inpay.php');
// let's re-create the required arrays
require (DIR_WS_CLASSES.'order.php');
- $order = new order($HTTP_POST_VARS['order_id']);
+ $order = new order($_POST['order_id']);
// START STATUS == COMPLETED LOOP
// initialized for the email confirmation
$products_ordered = '';
$total_tax = 0;
// let's update the stock
// #######################################################
- for ($i = 0, $n = sizeof($order->products); $i < $n; $i++)
+ $n = sizeof($order->products);
+ for ($i = 0; $i < $n; $i++)
{ // PRODUCT LOOP STARTS HERE
// Stock Update - Joao Correia
if ((MODULE_PAYMENT_INPAY_DECREASE_STOCK_ON_CREATION=='False') && (STOCK_LIMITED == 'true'))
@@ -226,7 +227,8 @@
$products_ordered_attributes = '';
if (( isset ($order->products[$i]['attributes'])) && (sizeof($order->products[$i]['attributes']) > 0))
{
- for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++)
+ $n2 = sizeof($order->products[$i]['attributes']);
+ for ($j = 0; $j < $n2; $j++)
{
$products_ordered_attributes .= "\n\t".$order->products[$i]['attributes'][$j]['option'].' '.$order->products[$i]['attributes'][$j]['value'];
}
@@ -249,14 +251,14 @@
$content_type = '';
$content_count = 0;
// BOF order comment fix
- $comment_query = tep_db_query("select comments from ".TABLE_ORDERS_STATUS_HISTORY." where orders_id = '".$HTTP_POST_VARS['order_id']."'");
+ $comment_query = tep_db_query("select comments from ".TABLE_ORDERS_STATUS_HISTORY." where orders_id = '".$_POST['order_id']."'");
$comment_array = tep_db_fetch_array($comment_query);
$comments = $comment_array['comments'];
// EOF order comment fix
if (DOWNLOAD_ENABLED == 'true')
{
- $content_query = tep_db_query("select * from ".TABLE_ORDERS_PRODUCTS_DOWNLOAD." where orders_id = '".(int)$HTTP_POST_VARS['order_id']."'");
+ $content_query = tep_db_query("select * from ".TABLE_ORDERS_PRODUCTS_DOWNLOAD." where orders_id = '".(int)$_POST['order_id']."'");
$content_count = tep_db_num_rows($content_query);
if ($content_count > 0)
{
@@ -276,8 +278,8 @@
// $order variables have been changed from checkout_process to work with the variables from the function query () instead of cart () in the order class
$email_order = STORE_NAME."\n".
EMAIL_SEPARATOR."\n".
- EMAIL_TEXT_ORDER_NUMBER.' '.$HTTP_POST_VARS['order_id']."\n".
- EMAIL_TEXT_INVOICE_URL.' '.tep_href_link(FILENAME_ACCOUNT_HISTORY_INFO, 'order_id='.$HTTP_POST_VARS['order_id'], 'SSL', false)."\n".
+ EMAIL_TEXT_ORDER_NUMBER.' '.$_POST['order_id']."\n".
+ EMAIL_TEXT_INVOICE_URL.' '.tep_href_link(FILENAME_ACCOUNT_HISTORY_INFO, 'order_id='.$_POST['order_id'], 'SSL', false)."\n".
EMAIL_TEXT_DATE_ORDERED.' '.strftime(DATE_FORMAT_LONG)."\n\n";
// BOF order comment fix by AlexStudio
if ($comments)
@@ -291,8 +293,8 @@
EMAIL_SEPARATOR."\n".
$products_ordered.
EMAIL_SEPARATOR."\n";
-
- for ($i = 0, $n = sizeof($order->totals); $i < $n; $i++)
+ $n = sizeof($order->totals);
+ for ($i = 0; $i < $n; $i++)
{
$email_order .= strip_tags($order->totals[$i]['title']).' '.strip_tags($order->totals[$i]['text'])."\n";
}
@@ -340,18 +342,16 @@
//
if (tep_not_null(MODULE_PAYMENT_INPAY_DEBUG_EMAIL))
{
- $email_body = '$HTTP_POST_VARS:'."\n\n";
+ $email_body = '$_POST:'."\n\n";
- reset($HTTP_POST_VARS);
- while ( list ($key, $value) = each($HTTP_POST_VARS))
+ foreach ($_POST as $key => $value)
{
$email_body .= $key.'='.$value."\n";
}
- $email_body .= "\n".'$HTTP_GET_VARS:'."\n\n";
+ $email_body .= "\n".'$_GET:'."\n\n";
- reset($HTTP_GET_VARS);
- while ( list ($key, $value) = each($HTTP_GET_VARS))
+ foreach ($_GET as $key => $value)
{
$email_body .= $key.'='.$value."\n";
}
@@ -361,18 +361,18 @@
//
// add error message to history if order can be found
//
- if ( isset ($HTTP_POST_VARS['order_id']) && is_numeric($HTTP_POST_VARS['order_id']) && ($HTTP_POST_VARS['order_id'] > 0))
+ if ( isset ($_POST['order_id']) && is_numeric($_POST['order_id']) && ($_POST['order_id'] > 0))
{
- $check_query = tep_db_query("select orders_id from ".TABLE_ORDERS." where orders_id = '".$HTTP_POST_VARS['order_id']."'"); //TODO: fix custom "' and customers_id = '" . (int)$HTTP_POST_VARS['custom'] . "'");
+ $check_query = tep_db_query("select orders_id from ".TABLE_ORDERS." where orders_id = '".$_POST['order_id']."'"); //TODO: fix custom "' and customers_id = '" . (int)$_POST['custom'] . "'");
$order_status_id = $order['orders_status'];
if (($order_status_id==null)||($order['orders_status']=='')){
$order_status_id = DEFAULT_ORDERS_STATUS_ID;
}
if (tep_db_num_rows($check_query) > 0)
{
$comment_status = $result;
- //tep_db_query("update ".TABLE_ORDERS." set orders_status = '".((MODULE_PAYMENT_INPAY_ORDER_STATUS_ID > 0)?MODULE_PAYMENT_INPAY_ORDER_STATUS_ID:DEFAULT_ORDERS_STATUS_ID)."', last_modified = now() where orders_id = '".$HTTP_POST_VARS['order_id']."'");
- $sql_data_array = array ('orders_id'=>$HTTP_POST_VARS['order_id'],
+ //tep_db_query("update ".TABLE_ORDERS." set orders_status = '".((MODULE_PAYMENT_INPAY_ORDER_STATUS_ID > 0)?MODULE_PAYMENT_INPAY_ORDER_STATUS_ID:DEFAULT_ORDERS_STATUS_ID)."', last_modified = now() where orders_id = '".$_POST['order_id']."'");
+ $sql_data_array = array ('orders_id'=>$_POST['order_id'],
'orders_status_id'=>$order_status_id,
'date_added'=>'now()',
'customer_notified'=>'0',
@@ -26,7 +26,7 @@
if (tep_not_null(MODULE_PAYMENT_IPAYMENT_CC_SECRET_HASH_PASSWORD)) {
// verify ret_param_checksum
- if ($HTTP_POST_VARS['ret_param_checksum'] == md5(MODULE_PAYMENT_IPAYMENT_CC_USER_ID . $HTTP_POST_VARS['trx_amount'] . $HTTP_POST_VARS['trx_currency'] . $HTTP_POST_VARS['ret_authcode'] . $HTTP_POST_VARS['ret_booknr'] . MODULE_PAYMENT_IPAYMENT_CC_SECRET_HASH_PASSWORD)) {
+ if ($_POST['ret_param_checksum'] == md5(MODULE_PAYMENT_IPAYMENT_CC_USER_ID . $_POST['trx_amount'] . $_POST['trx_currency'] . $_POST['ret_authcode'] . $_POST['ret_booknr'] . MODULE_PAYMENT_IPAYMENT_CC_SECRET_HASH_PASSWORD)) {
$checksum_pass = 1; // true
} else {
$checksum_pass = -1; // false
@@ -26,7 +26,7 @@
if (tep_not_null(MODULE_PAYMENT_IPAYMENT_ELV_SECRET_HASH_PASSWORD)) {
// verify ret_param_checksum
- if ($HTTP_POST_VARS['ret_param_checksum'] == md5(MODULE_PAYMENT_IPAYMENT_ELV_USER_ID . $HTTP_POST_VARS['trx_amount'] . $HTTP_POST_VARS['trx_currency'] . $HTTP_POST_VARS['ret_authcode'] . $HTTP_POST_VARS['ret_booknr'] . MODULE_PAYMENT_IPAYMENT_ELV_SECRET_HASH_PASSWORD)) {
+ if ($_POST['ret_param_checksum'] == md5(MODULE_PAYMENT_IPAYMENT_ELV_USER_ID . $_POST['trx_amount'] . $_POST['trx_currency'] . $_POST['ret_authcode'] . $_POST['ret_booknr'] . MODULE_PAYMENT_IPAYMENT_ELV_SECRET_HASH_PASSWORD)) {
$checksum_pass = 1; // true
} else {
$checksum_pass = -1; // false
@@ -26,7 +26,7 @@
if (tep_not_null(MODULE_PAYMENT_IPAYMENT_PP_SECRET_HASH_PASSWORD)) {
// verify ret_param_checksum
- if ($HTTP_POST_VARS['ret_param_checksum'] == md5(MODULE_PAYMENT_IPAYMENT_PP_USER_ID . $HTTP_POST_VARS['trx_amount'] . $HTTP_POST_VARS['trx_currency'] . $HTTP_POST_VARS['ret_authcode'] . $HTTP_POST_VARS['ret_booknr'] . MODULE_PAYMENT_IPAYMENT_PP_SECRET_HASH_PASSWORD)) {
+ if ($_POST['ret_param_checksum'] == md5(MODULE_PAYMENT_IPAYMENT_PP_USER_ID . $_POST['trx_amount'] . $_POST['trx_currency'] . $_POST['ret_authcode'] . $_POST['ret_booknr'] . MODULE_PAYMENT_IPAYMENT_PP_SECRET_HASH_PASSWORD)) {
$checksum_pass = 1; // true
} else {
$checksum_pass = -1; // false
Oops, something went wrong.

0 comments on commit 3851337

Please sign in to comment.