Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Let payment modules ensure no modification of cart contents directly …

…instead of using the $cartID.
  • Loading branch information...
commit aac8d8d0ae13ccf0681d1c3de7ef8b92511d17b0 1 parent ab1650e
@wrwrwr authored
View
8 catalog/admin/includes/classes/shopping_cart.php
@@ -367,8 +367,12 @@ function show_weight() {
return $this->weight;
}
- function generate_cart_id($length = 5) {
- return tep_create_random_value($length, 'digits');
+ function as_string() {
+ $s = array();
+ foreach ($this->contents as $products_id => $products_info) {
+ $s[] = $products_id . ':' . $products_info['qty'];
+ }
+ return implode(',', $s);
}
function get_content_type() {
View
7 catalog/ext/modules/payment/moneybookers/checkout.php
@@ -24,13 +24,6 @@
tep_redirect(tep_href_link(FILENAME_SHOPPING_CART));
}
-// avoid hack attempts during the checkout procedure by checking the internal cartID
- if (isset($cart->cartID) && tep_session_is_registered('cartID')) {
- if ($cart->cartID != $cartID) {
- tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
- }
- }
-
// if no shipping method has been selected, redirect the customer to the shipping method selection page
if (!tep_session_is_registered('shipping')) {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
View
5 catalog/ext/modules/payment/paypal/express.php
@@ -39,11 +39,6 @@
$billto = $customer_default_address_id;
}
-// register a random ID in the session to check throughout the checkout procedure
-// against alterations in the shopping cart contents
- if (!tep_session_is_registered('cartID')) tep_session_register('cartID');
- $cartID = $cart->cartID;
-
switch ($HTTP_GET_VARS['osC_Action']) {
case 'cancel':
tep_session_unregister('ppe_token');
View
9 catalog/ext/modules/payment/paypal/express_payflow.php
@@ -57,11 +57,6 @@
$billto = $customer_default_address_id;
}
-// register a random ID in the session to check throughout the checkout procedure
-// against alterations in the shopping cart contents
- if (!tep_session_is_registered('cartID')) tep_session_register('cartID');
- $cartID = $cart->cartID;
-
$params = array('USER' => (tep_not_null(MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_EC_USERNAME) ? MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_EC_USERNAME : MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_EC_VENDOR),
'VENDOR' => MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_EC_VENDOR,
'PARTNER' => MODULE_PAYMENT_PAYPAL_PRO_PAYFLOW_EC_PARTNER,
@@ -82,7 +77,7 @@
$post_string = substr($post_string, 0, -1);
- $response = $paypal_pro_payflow_ec->sendTransactionToGateway($api_url, $post_string, array('X-VPS-REQUEST-ID: ' . md5($cartID . tep_session_id() . rand())));
+ $response = $paypal_pro_payflow_ec->sendTransactionToGateway($api_url, $post_string, array('X-VPS-REQUEST-ID: ' . md5(tep_session_id() . rand())));
$response_array = array();
parse_str($response, $response_array);
@@ -283,7 +278,7 @@
$post_string = substr($post_string, 0, -1);
- $response = $paypal_pro_payflow_ec->sendTransactionToGateway($api_url, $post_string, array('X-VPS-REQUEST-ID: ' . md5($cartID . tep_session_id() . rand())));
+ $response = $paypal_pro_payflow_ec->sendTransactionToGateway($api_url, $post_string, array('X-VPS-REQUEST-ID: ' . md5(tep_session_id() . rand())));
$response_array = array();
parse_str($response, $response_array);
View
7 catalog/ext/modules/payment/sage_pay/checkout.php
@@ -24,13 +24,6 @@
tep_redirect(tep_href_link(FILENAME_SHOPPING_CART));
}
-// avoid hack attempts during the checkout procedure by checking the internal cartID
- if (isset($cart->cartID) && tep_session_is_registered('cartID')) {
- if ($cart->cartID != $cartID) {
- tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
- }
- }
-
// if no shipping method has been selected, redirect the customer to the shipping method selection page
if (!tep_session_is_registered('shipping')) {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
View
8 catalog/includes/classes/shopping_cart.php
@@ -367,8 +367,12 @@ function show_weight() {
return $this->weight;
}
- function generate_cart_id($length = 5) {
- return tep_create_random_value($length, 'digits');
+ function as_string() {
+ $s = array();
+ foreach ($this->contents as $products_id => $products_info) {
+ $s[] = $products_id . ':' . $products_info['qty'];
+ }
+ return implode(',', $s);
}
function get_content_type() {
View
292 catalog/includes/modules/payment/chronopay.php
@@ -87,183 +87,173 @@ function selection() {
}
function pre_confirmation_check() {
- global $cartID, $cart;
-
- if (empty($cart->cartID)) {
- $cartID = $cart->cartID = $cart->generate_cart_id();
- }
-
- if (!tep_session_is_registered('cartID')) {
- tep_session_register('cartID');
- }
+ return false;
}
function confirmation() {
- global $cartID, $cart_ChronoPay_ID, $customer_id, $languages_id, $order, $order_total_modules;
-
- if (tep_session_is_registered('cartID')) {
- $insert_order = false;
+ global $cart, $cart_ChronoPay_ID, $customer_id, $languages_id, $order, $order_total_modules;
- if (tep_session_is_registered('cart_ChronoPay_ID')) {
- $order_id = substr($cart_ChronoPay_ID, strpos($cart_ChronoPay_ID, '-')+1);
+ $insert_order = false;
- $curr_check = tep_db_query("select currency from " . TABLE_ORDERS . " where orders_id = '" . (int)$order_id . "'");
- $curr = tep_db_fetch_array($curr_check);
+ if (tep_session_is_registered('cart_ChronoPay_ID')) {
+ list($cart_string, $order_id) = explode($cart_ChronoPay_ID, '-', 2);
- if ( ($curr['currency'] != $order->info['currency']) || ($cartID != substr($cart_ChronoPay_ID, 0, strlen($cartID))) ) {
- $check_query = tep_db_query('select orders_id from ' . TABLE_ORDERS_STATUS_HISTORY . ' where orders_id = "' . (int)$order_id . '" limit 1');
+ $curr_check = tep_db_query("select currency from " . TABLE_ORDERS . " where orders_id = '" . (int)$order_id . "'");
+ $curr = tep_db_fetch_array($curr_check);
- if (tep_db_num_rows($check_query) < 1) {
- tep_db_query('delete from ' . TABLE_ORDERS . ' where orders_id = "' . (int)$order_id . '"');
- tep_db_query('delete from ' . TABLE_ORDERS_TOTAL . ' where orders_id = "' . (int)$order_id . '"');
- tep_db_query('delete from ' . TABLE_ORDERS_STATUS_HISTORY . ' where orders_id = "' . (int)$order_id . '"');
- tep_db_query('delete from ' . TABLE_ORDERS_PRODUCTS . ' where orders_id = "' . (int)$order_id . '"');
- tep_db_query('delete from ' . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . ' where orders_id = "' . (int)$order_id . '"');
- tep_db_query('delete from ' . TABLE_ORDERS_PRODUCTS_DOWNLOAD . ' where orders_id = "' . (int)$order_id . '"');
- }
+ if ( ($curr['currency'] != $order->info['currency']) || ($cart_string != $cart->as_string()) ) {
+ $check_query = tep_db_query('select orders_id from ' . TABLE_ORDERS_STATUS_HISTORY . ' where orders_id = "' . (int)$order_id . '" limit 1');
- $insert_order = true;
+ if (tep_db_num_rows($check_query) < 1) {
+ tep_db_query('delete from ' . TABLE_ORDERS . ' where orders_id = "' . (int)$order_id . '"');
+ tep_db_query('delete from ' . TABLE_ORDERS_TOTAL . ' where orders_id = "' . (int)$order_id . '"');
+ tep_db_query('delete from ' . TABLE_ORDERS_STATUS_HISTORY . ' where orders_id = "' . (int)$order_id . '"');
+ tep_db_query('delete from ' . TABLE_ORDERS_PRODUCTS . ' where orders_id = "' . (int)$order_id . '"');
+ tep_db_query('delete from ' . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . ' where orders_id = "' . (int)$order_id . '"');
+ tep_db_query('delete from ' . TABLE_ORDERS_PRODUCTS_DOWNLOAD . ' where orders_id = "' . (int)$order_id . '"');
}
- } else {
+
$insert_order = true;
}
+ } else {
+ $insert_order = true;
+ }
- if ($insert_order == true) {
- $order_totals = array();
- if (is_array($order_total_modules->modules)) {
- reset($order_total_modules->modules);
- while (list(, $value) = each($order_total_modules->modules)) {
- $class = substr($value, 0, strrpos($value, '.'));
- if ($GLOBALS[$class]->enabled) {
- for ($i=0, $n=sizeof($GLOBALS[$class]->output); $i<$n; $i++) {
- if (tep_not_null($GLOBALS[$class]->output[$i]['title']) && tep_not_null($GLOBALS[$class]->output[$i]['text'])) {
- $order_totals[] = array('code' => $GLOBALS[$class]->code,
- 'title' => $GLOBALS[$class]->output[$i]['title'],
- 'text' => $GLOBALS[$class]->output[$i]['text'],
- 'value' => $GLOBALS[$class]->output[$i]['value'],
- 'sort_order' => $GLOBALS[$class]->sort_order);
- }
+ if ($insert_order == true) {
+ $order_totals = array();
+ if (is_array($order_total_modules->modules)) {
+ reset($order_total_modules->modules);
+ while (list(, $value) = each($order_total_modules->modules)) {
+ $class = substr($value, 0, strrpos($value, '.'));
+ if ($GLOBALS[$class]->enabled) {
+ for ($i=0, $n=sizeof($GLOBALS[$class]->output); $i<$n; $i++) {
+ if (tep_not_null($GLOBALS[$class]->output[$i]['title']) && tep_not_null($GLOBALS[$class]->output[$i]['text'])) {
+ $order_totals[] = array('code' => $GLOBALS[$class]->code,
+ 'title' => $GLOBALS[$class]->output[$i]['title'],
+ 'text' => $GLOBALS[$class]->output[$i]['text'],
+ 'value' => $GLOBALS[$class]->output[$i]['value'],
+ 'sort_order' => $GLOBALS[$class]->sort_order);
}
}
}
}
+ }
- $sql_data_array = array('customers_id' => $customer_id,
- 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'],
- 'customers_company' => $order->customer['company'],
- 'customers_street_address' => $order->customer['street_address'],
- 'customers_suburb' => $order->customer['suburb'],
- 'customers_city' => $order->customer['city'],
- 'customers_postcode' => $order->customer['postcode'],
- 'customers_state' => $order->customer['state'],
- 'customers_country' => $order->customer['country']['title'],
- 'customers_telephone' => $order->customer['telephone'],
- 'customers_email_address' => $order->customer['email_address'],
- 'customers_address_format_id' => $order->customer['format_id'],
- 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'],
- 'delivery_company' => $order->delivery['company'],
- 'delivery_street_address' => $order->delivery['street_address'],
- 'delivery_suburb' => $order->delivery['suburb'],
- 'delivery_city' => $order->delivery['city'],
- 'delivery_postcode' => $order->delivery['postcode'],
- 'delivery_state' => $order->delivery['state'],
- 'delivery_country' => $order->delivery['country']['title'],
- 'delivery_address_format_id' => $order->delivery['format_id'],
- 'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'],
- 'billing_company' => $order->billing['company'],
- 'billing_street_address' => $order->billing['street_address'],
- 'billing_suburb' => $order->billing['suburb'],
- 'billing_city' => $order->billing['city'],
- 'billing_postcode' => $order->billing['postcode'],
- 'billing_state' => $order->billing['state'],
- 'billing_country' => $order->billing['country']['title'],
- 'billing_address_format_id' => $order->billing['format_id'],
- 'payment_method' => $order->info['payment_method'],
- 'cc_type' => $order->info['cc_type'],
- 'cc_owner' => $order->info['cc_owner'],
- 'cc_number' => $order->info['cc_number'],
- 'cc_expires' => $order->info['cc_expires'],
- 'date_purchased' => 'now()',
- 'orders_status' => $order->info['order_status'],
- 'currency' => $order->info['currency'],
- 'currency_value' => $order->info['currency_value']);
-
- tep_db_perform(TABLE_ORDERS, $sql_data_array);
-
- $insert_id = tep_db_insert_id();
-
- for ($i=0, $n=sizeof($order_totals); $i<$n; $i++) {
- $sql_data_array = array('orders_id' => $insert_id,
- 'title' => $order_totals[$i]['title'],
- 'text' => $order_totals[$i]['text'],
- 'value' => $order_totals[$i]['value'],
- 'class' => $order_totals[$i]['code'],
- 'sort_order' => $order_totals[$i]['sort_order']);
-
- tep_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
- }
+ $sql_data_array = array('customers_id' => $customer_id,
+ 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'],
+ 'customers_company' => $order->customer['company'],
+ 'customers_street_address' => $order->customer['street_address'],
+ 'customers_suburb' => $order->customer['suburb'],
+ 'customers_city' => $order->customer['city'],
+ 'customers_postcode' => $order->customer['postcode'],
+ 'customers_state' => $order->customer['state'],
+ 'customers_country' => $order->customer['country']['title'],
+ 'customers_telephone' => $order->customer['telephone'],
+ 'customers_email_address' => $order->customer['email_address'],
+ 'customers_address_format_id' => $order->customer['format_id'],
+ 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'],
+ 'delivery_company' => $order->delivery['company'],
+ 'delivery_street_address' => $order->delivery['street_address'],
+ 'delivery_suburb' => $order->delivery['suburb'],
+ 'delivery_city' => $order->delivery['city'],
+ 'delivery_postcode' => $order->delivery['postcode'],
+ 'delivery_state' => $order->delivery['state'],
+ 'delivery_country' => $order->delivery['country']['title'],
+ 'delivery_address_format_id' => $order->delivery['format_id'],
+ 'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'],
+ 'billing_company' => $order->billing['company'],
+ 'billing_street_address' => $order->billing['street_address'],
+ 'billing_suburb' => $order->billing['suburb'],
+ 'billing_city' => $order->billing['city'],
+ 'billing_postcode' => $order->billing['postcode'],
+ 'billing_state' => $order->billing['state'],
+ 'billing_country' => $order->billing['country']['title'],
+ 'billing_address_format_id' => $order->billing['format_id'],
+ 'payment_method' => $order->info['payment_method'],
+ 'cc_type' => $order->info['cc_type'],
+ 'cc_owner' => $order->info['cc_owner'],
+ 'cc_number' => $order->info['cc_number'],
+ 'cc_expires' => $order->info['cc_expires'],
+ 'date_purchased' => 'now()',
+ 'orders_status' => $order->info['order_status'],
+ 'currency' => $order->info['currency'],
+ 'currency_value' => $order->info['currency_value']);
+
+ tep_db_perform(TABLE_ORDERS, $sql_data_array);
+
+ $insert_id = tep_db_insert_id();
+
+ for ($i=0, $n=sizeof($order_totals); $i<$n; $i++) {
+ $sql_data_array = array('orders_id' => $insert_id,
+ 'title' => $order_totals[$i]['title'],
+ 'text' => $order_totals[$i]['text'],
+ 'value' => $order_totals[$i]['value'],
+ 'class' => $order_totals[$i]['code'],
+ 'sort_order' => $order_totals[$i]['sort_order']);
+
+ tep_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
+ }
- for ($i=0, $n=sizeof($order->products); $i<$n; $i++) {
- $sql_data_array = array('orders_id' => $insert_id,
- 'products_id' => tep_get_prid($order->products[$i]['id']),
- 'products_model' => $order->products[$i]['model'],
- 'products_name' => $order->products[$i]['name'],
- 'products_price' => $order->products[$i]['price'],
- 'final_price' => $order->products[$i]['final_price'],
- 'products_tax' => $order->products[$i]['tax'],
- 'products_quantity' => $order->products[$i]['qty']);
-
- tep_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array);
-
- $order_products_id = tep_db_insert_id();
-
- $attributes_exist = '0';
- if (isset($order->products[$i]['attributes'])) {
- $attributes_exist = '1';
- for ($j=0, $n2=sizeof($order->products[$i]['attributes']); $j<$n2; $j++) {
- if (DOWNLOAD_ENABLED == 'true') {
- $attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename
- from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa
- left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad
- on pa.products_attributes_id=pad.products_attributes_id
- where pa.products_id = '" . $order->products[$i]['id'] . "'
- and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'
- and pa.options_id = popt.products_options_id
- and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'
- and pa.options_values_id = poval.products_options_values_id
- and popt.language_id = '" . $languages_id . "'
- and poval.language_id = '" . $languages_id . "'";
- $attributes = tep_db_query($attributes_query);
- } else {
- $attributes = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $languages_id . "' and poval.language_id = '" . $languages_id . "'");
- }
- $attributes_values = tep_db_fetch_array($attributes);
+ for ($i=0, $n=sizeof($order->products); $i<$n; $i++) {
+ $sql_data_array = array('orders_id' => $insert_id,
+ 'products_id' => tep_get_prid($order->products[$i]['id']),
+ 'products_model' => $order->products[$i]['model'],
+ 'products_name' => $order->products[$i]['name'],
+ 'products_price' => $order->products[$i]['price'],
+ 'final_price' => $order->products[$i]['final_price'],
+ 'products_tax' => $order->products[$i]['tax'],
+ 'products_quantity' => $order->products[$i]['qty']);
+
+ tep_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array);
+
+ $order_products_id = tep_db_insert_id();
+
+ $attributes_exist = '0';
+ if (isset($order->products[$i]['attributes'])) {
+ $attributes_exist = '1';
+ for ($j=0, $n2=sizeof($order->products[$i]['attributes']); $j<$n2; $j++) {
+ if (DOWNLOAD_ENABLED == 'true') {
+ $attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename
+ from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa
+ left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad
+ on pa.products_attributes_id=pad.products_attributes_id
+ where pa.products_id = '" . $order->products[$i]['id'] . "'
+ and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'
+ and pa.options_id = popt.products_options_id
+ and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'
+ and pa.options_values_id = poval.products_options_values_id
+ and popt.language_id = '" . $languages_id . "'
+ and poval.language_id = '" . $languages_id . "'";
+ $attributes = tep_db_query($attributes_query);
+ } else {
+ $attributes = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $languages_id . "' and poval.language_id = '" . $languages_id . "'");
+ }
+ $attributes_values = tep_db_fetch_array($attributes);
- $sql_data_array = array('orders_id' => $insert_id,
- 'orders_products_id' => $order_products_id,
- 'products_options' => $attributes_values['products_options_name'],
- 'products_options_values' => $attributes_values['products_options_values_name'],
- 'options_values_price' => $attributes_values['options_values_price'],
- 'price_prefix' => $attributes_values['price_prefix']);
+ $sql_data_array = array('orders_id' => $insert_id,
+ 'orders_products_id' => $order_products_id,
+ 'products_options' => $attributes_values['products_options_name'],
+ 'products_options_values' => $attributes_values['products_options_values_name'],
+ 'options_values_price' => $attributes_values['options_values_price'],
+ 'price_prefix' => $attributes_values['price_prefix']);
- tep_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);
+ tep_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);
- if ((DOWNLOAD_ENABLED == 'true') && isset($attributes_values['products_attributes_filename']) && tep_not_null($attributes_values['products_attributes_filename'])) {
- $sql_data_array = array('orders_id' => $insert_id,
- 'orders_products_id' => $order_products_id,
- 'orders_products_filename' => $attributes_values['products_attributes_filename'],
- 'download_maxdays' => $attributes_values['products_attributes_maxdays'],
- 'download_count' => $attributes_values['products_attributes_maxcount']);
+ if ((DOWNLOAD_ENABLED == 'true') && isset($attributes_values['products_attributes_filename']) && tep_not_null($attributes_values['products_attributes_filename'])) {
+ $sql_data_array = array('orders_id' => $insert_id,
+ 'orders_products_id' => $order_products_id,
+ 'orders_products_filename' => $attributes_values['products_attributes_filename'],
+ 'download_maxdays' => $attributes_values['products_attributes_maxdays'],
+ 'download_count' => $attributes_values['products_attributes_maxcount']);
- tep_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);
- }
+ tep_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);
}
}
}
-
- $cart_ChronoPay_ID = $cartID . '-' . $insert_id;
- tep_session_register('cart_ChronoPay_ID');
}
+
+ $cart_ChronoPay_ID = $cart->as_string() . '-' . $insert_id;
+ tep_session_register('cart_ChronoPay_ID');
}
return false;
View
307 catalog/includes/modules/payment/inpay.php
@@ -104,204 +104,191 @@ function selection()
function pre_confirmation_check()
{
- global $cartID, $cart;
-
- if ( empty($cart->cartID))
- {
- $cartID = $cart->cartID = $cart->generate_cart_id();
- }
-
- if (!tep_session_is_registered('cartID'))
- {
- tep_session_register('cartID');
- }
+ return false;
}
function confirmation()
{
- global $cartID, $cart_inpay_Standard_ID, $customer_id, $languages_id, $order, $order_total_modules;
+ global $cart, $cart_inpay_Standard_ID, $customer_id, $languages_id, $order, $order_total_modules;
+
+ $insert_order = false;
- if (tep_session_is_registered('cartID'))
+ if (tep_session_is_registered('cart_inpay_Standard_ID'))
{
- $insert_order = false;
+ list($cart_string, $order_id) = explode($cart_inpay_Standard_ID, '-', 2);
- if (tep_session_is_registered('cart_inpay_Standard_ID'))
- {
- $order_id = substr($cart_inpay_Standard_ID, strpos($cart_inpay_Standard_ID, '-')+1);
+ $curr_check = tep_db_query("select currency from ".TABLE_ORDERS." where orders_id = '".(int)$order_id."'");
+ $curr = tep_db_fetch_array($curr_check);
- $curr_check = tep_db_query("select currency from ".TABLE_ORDERS." where orders_id = '".(int)$order_id."'");
- $curr = tep_db_fetch_array($curr_check);
+ if (($curr['currency'] != $order->info['currency']) || ($cart_string != $cart->as_string())) {
+ {
+ $check_query = tep_db_query('select orders_id from '.TABLE_ORDERS_STATUS_HISTORY.' where orders_id = "'.(int)$order_id.'" limit 1');
- if (($curr['currency'] != $order->info['currency']) || ($cartID != substr($cart_inpay_Standard_ID, 0, strlen($cartID))))
+ if (tep_db_num_rows($check_query) < 1)
{
- $check_query = tep_db_query('select orders_id from '.TABLE_ORDERS_STATUS_HISTORY.' where orders_id = "'.(int)$order_id.'" limit 1');
-
- if (tep_db_num_rows($check_query) < 1)
- {
- tep_db_query('delete from '.TABLE_ORDERS.' where orders_id = "'.(int)$order_id.'"');
- tep_db_query('delete from '.TABLE_ORDERS_TOTAL.' where orders_id = "'.(int)$order_id.'"');
- tep_db_query('delete from '.TABLE_ORDERS_STATUS_HISTORY.' where orders_id = "'.(int)$order_id.'"');
- tep_db_query('delete from '.TABLE_ORDERS_PRODUCTS.' where orders_id = "'.(int)$order_id.'"');
- tep_db_query('delete from '.TABLE_ORDERS_PRODUCTS_ATTRIBUTES.' where orders_id = "'.(int)$order_id.'"');
- tep_db_query('delete from '.TABLE_ORDERS_PRODUCTS_DOWNLOAD.' where orders_id = "'.(int)$order_id.'"');
- }
-
- $insert_order = true;
+ tep_db_query('delete from '.TABLE_ORDERS.' where orders_id = "'.(int)$order_id.'"');
+ tep_db_query('delete from '.TABLE_ORDERS_TOTAL.' where orders_id = "'.(int)$order_id.'"');
+ tep_db_query('delete from '.TABLE_ORDERS_STATUS_HISTORY.' where orders_id = "'.(int)$order_id.'"');
+ tep_db_query('delete from '.TABLE_ORDERS_PRODUCTS.' where orders_id = "'.(int)$order_id.'"');
+ tep_db_query('delete from '.TABLE_ORDERS_PRODUCTS_ATTRIBUTES.' where orders_id = "'.(int)$order_id.'"');
+ tep_db_query('delete from '.TABLE_ORDERS_PRODUCTS_DOWNLOAD.' where orders_id = "'.(int)$order_id.'"');
}
- } else
- {
+
$insert_order = true;
}
+ } else
+ {
+ $insert_order = true;
+ }
- if ($insert_order == true)
+ if ($insert_order == true)
+ {
+ $order_totals = array ();
+ if (is_array($order_total_modules->modules))
{
- $order_totals = array ();
- if (is_array($order_total_modules->modules))
+ reset($order_total_modules->modules);
+ while ( list (, $value) = each($order_total_modules->modules))
{
- reset($order_total_modules->modules);
- while ( list (, $value) = each($order_total_modules->modules))
+ $class = substr($value, 0, strrpos($value, '.'));
+ if ($GLOBALS[$class]->enabled)
{
- $class = substr($value, 0, strrpos($value, '.'));
- if ($GLOBALS[$class]->enabled)
+ for ($i = 0, $n = sizeof($GLOBALS[$class]->output); $i < $n; $i++)
{
- for ($i = 0, $n = sizeof($GLOBALS[$class]->output); $i < $n; $i++)
+ if (tep_not_null($GLOBALS[$class]->output[$i]['title']) && tep_not_null($GLOBALS[$class]->output[$i]['text']))
{
- if (tep_not_null($GLOBALS[$class]->output[$i]['title']) && tep_not_null($GLOBALS[$class]->output[$i]['text']))
- {
- $order_totals[] = array ('code'=>$GLOBALS[$class]->code,
- 'title'=>$GLOBALS[$class]->output[$i]['title'],
- 'text'=>$GLOBALS[$class]->output[$i]['text'],
- 'value'=>$GLOBALS[$class]->output[$i]['value'],
- 'sort_order'=>$GLOBALS[$class]->sort_order);
- }
+ $order_totals[] = array ('code'=>$GLOBALS[$class]->code,
+ 'title'=>$GLOBALS[$class]->output[$i]['title'],
+ 'text'=>$GLOBALS[$class]->output[$i]['text'],
+ 'value'=>$GLOBALS[$class]->output[$i]['value'],
+ 'sort_order'=>$GLOBALS[$class]->sort_order);
}
}
}
}
+ }
- $sql_data_array = array ('customers_id'=>$customer_id,
- 'customers_name'=>$order->customer['firstname'].' '.$order->customer['lastname'],
- 'customers_company'=>$order->customer['company'],
- 'customers_street_address'=>$order->customer['street_address'],
- 'customers_suburb'=>$order->customer['suburb'],
- 'customers_city'=>$order->customer['city'],
- 'customers_postcode'=>$order->customer['postcode'],
- 'customers_state'=>$order->customer['state'],
- 'customers_country'=>$order->customer['country']['title'],
- 'customers_telephone'=>$order->customer['telephone'],
- 'customers_email_address'=>$order->customer['email_address'],
- 'customers_address_format_id'=>$order->customer['format_id'],
- 'delivery_name'=>$order->delivery['firstname'].' '.$order->delivery['lastname'],
- 'delivery_company'=>$order->delivery['company'],
- 'delivery_street_address'=>$order->delivery['street_address'],
- 'delivery_suburb'=>$order->delivery['suburb'],
- 'delivery_city'=>$order->delivery['city'],
- 'delivery_postcode'=>$order->delivery['postcode'],
- 'delivery_state'=>$order->delivery['state'],
- 'delivery_country'=>$order->delivery['country']['title'],
- 'delivery_address_format_id'=>$order->delivery['format_id'],
- 'billing_name'=>$order->billing['firstname'].' '.$order->billing['lastname'],
- 'billing_company'=>$order->billing['company'],
- 'billing_street_address'=>$order->billing['street_address'],
- 'billing_suburb'=>$order->billing['suburb'],
- 'billing_city'=>$order->billing['city'],
- 'billing_postcode'=>$order->billing['postcode'],
- 'billing_state'=>$order->billing['state'],
- 'billing_country'=>$order->billing['country']['title'],
- 'billing_address_format_id'=>$order->billing['format_id'],
- 'payment_method'=>$order->info['payment_method'],
- 'cc_type'=>$order->info['cc_type'],
- 'cc_owner'=>$order->info['cc_owner'],
- 'cc_number'=>$order->info['cc_number'],
- 'cc_expires'=>$order->info['cc_expires'],
- 'date_purchased'=>'now()',
- 'orders_status'=>$order->info['order_status'],
- 'currency'=>$order->info['currency'],
- 'currency_value'=>$order->info['currency_value']);
-
- tep_db_perform(TABLE_ORDERS, $sql_data_array);
-
- $insert_id = tep_db_insert_id();
-
- for ($i = 0, $n = sizeof($order_totals); $i < $n; $i++)
- {
- $sql_data_array = array ('orders_id'=>$insert_id,
- 'title'=>$order_totals[$i]['title'],
- 'text'=>$order_totals[$i]['text'],
- 'value'=>$order_totals[$i]['value'],
- 'class'=>$order_totals[$i]['code'],
- 'sort_order'=>$order_totals[$i]['sort_order']);
-
- tep_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
- }
+ $sql_data_array = array ('customers_id'=>$customer_id,
+ 'customers_name'=>$order->customer['firstname'].' '.$order->customer['lastname'],
+ 'customers_company'=>$order->customer['company'],
+ 'customers_street_address'=>$order->customer['street_address'],
+ 'customers_suburb'=>$order->customer['suburb'],
+ 'customers_city'=>$order->customer['city'],
+ 'customers_postcode'=>$order->customer['postcode'],
+ 'customers_state'=>$order->customer['state'],
+ 'customers_country'=>$order->customer['country']['title'],
+ 'customers_telephone'=>$order->customer['telephone'],
+ 'customers_email_address'=>$order->customer['email_address'],
+ 'customers_address_format_id'=>$order->customer['format_id'],
+ 'delivery_name'=>$order->delivery['firstname'].' '.$order->delivery['lastname'],
+ 'delivery_company'=>$order->delivery['company'],
+ 'delivery_street_address'=>$order->delivery['street_address'],
+ 'delivery_suburb'=>$order->delivery['suburb'],
+ 'delivery_city'=>$order->delivery['city'],
+ 'delivery_postcode'=>$order->delivery['postcode'],
+ 'delivery_state'=>$order->delivery['state'],
+ 'delivery_country'=>$order->delivery['country']['title'],
+ 'delivery_address_format_id'=>$order->delivery['format_id'],
+ 'billing_name'=>$order->billing['firstname'].' '.$order->billing['lastname'],
+ 'billing_company'=>$order->billing['company'],
+ 'billing_street_address'=>$order->billing['street_address'],
+ 'billing_suburb'=>$order->billing['suburb'],
+ 'billing_city'=>$order->billing['city'],
+ 'billing_postcode'=>$order->billing['postcode'],
+ 'billing_state'=>$order->billing['state'],
+ 'billing_country'=>$order->billing['country']['title'],
+ 'billing_address_format_id'=>$order->billing['format_id'],
+ 'payment_method'=>$order->info['payment_method'],
+ 'cc_type'=>$order->info['cc_type'],
+ 'cc_owner'=>$order->info['cc_owner'],
+ 'cc_number'=>$order->info['cc_number'],
+ 'cc_expires'=>$order->info['cc_expires'],
+ 'date_purchased'=>'now()',
+ 'orders_status'=>$order->info['order_status'],
+ 'currency'=>$order->info['currency'],
+ 'currency_value'=>$order->info['currency_value']);
+
+ tep_db_perform(TABLE_ORDERS, $sql_data_array);
+
+ $insert_id = tep_db_insert_id();
+
+ for ($i = 0, $n = sizeof($order_totals); $i < $n; $i++)
+ {
+ $sql_data_array = array ('orders_id'=>$insert_id,
+ 'title'=>$order_totals[$i]['title'],
+ 'text'=>$order_totals[$i]['text'],
+ 'value'=>$order_totals[$i]['value'],
+ 'class'=>$order_totals[$i]['code'],
+ 'sort_order'=>$order_totals[$i]['sort_order']);
+
+ tep_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
+ }
- for ($i = 0, $n = sizeof($order->products); $i < $n; $i++)
- {
- $sql_data_array = array ('orders_id'=>$insert_id,
- 'products_id'=>tep_get_prid($order->products[$i]['id']),
- 'products_model'=>$order->products[$i]['model'],
- 'products_name'=>$order->products[$i]['name'],
- 'products_price'=>$order->products[$i]['price'],
- 'final_price'=>$order->products[$i]['final_price'],
- 'products_tax'=>$order->products[$i]['tax'],
- 'products_quantity'=>$order->products[$i]['qty']);
+ for ($i = 0, $n = sizeof($order->products); $i < $n; $i++)
+ {
+ $sql_data_array = array ('orders_id'=>$insert_id,
+ 'products_id'=>tep_get_prid($order->products[$i]['id']),
+ 'products_model'=>$order->products[$i]['model'],
+ 'products_name'=>$order->products[$i]['name'],
+ 'products_price'=>$order->products[$i]['price'],
+ 'final_price'=>$order->products[$i]['final_price'],
+ 'products_tax'=>$order->products[$i]['tax'],
+ 'products_quantity'=>$order->products[$i]['qty']);
- tep_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array);
+ tep_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array);
- $order_products_id = tep_db_insert_id();
+ $order_products_id = tep_db_insert_id();
- $attributes_exist = '0';
- if ( isset ($order->products[$i]['attributes']))
+ $attributes_exist = '0';
+ if ( isset ($order->products[$i]['attributes']))
+ {
+ $attributes_exist = '1';
+ for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++)
{
- $attributes_exist = '1';
- for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++)
+ if (DOWNLOAD_ENABLED == 'true')
{
- if (DOWNLOAD_ENABLED == 'true')
- {
- $attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename
- from ".TABLE_PRODUCTS_OPTIONS." popt, ".TABLE_PRODUCTS_OPTIONS_VALUES." poval, ".TABLE_PRODUCTS_ATTRIBUTES." pa
- left join ".TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD." pad
- on pa.products_attributes_id=pad.products_attributes_id
- where pa.products_id = '".$order->products[$i]['id']."'
- and pa.options_id = '".$order->products[$i]['attributes'][$j]['option_id']."'
- and pa.options_id = popt.products_options_id
- and pa.options_values_id = '".$order->products[$i]['attributes'][$j]['value_id']."'
- and pa.options_values_id = poval.products_options_values_id
- and popt.language_id = '".$languages_id."'
- and poval.language_id = '".$languages_id."'";
- $attributes = tep_db_query($attributes_query);
- } else
- {
- $attributes = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from ".TABLE_PRODUCTS_OPTIONS." popt, ".TABLE_PRODUCTS_OPTIONS_VALUES." poval, ".TABLE_PRODUCTS_ATTRIBUTES." pa where pa.products_id = '".$order->products[$i]['id']."' and pa.options_id = '".$order->products[$i]['attributes'][$j]['option_id']."' and pa.options_id = popt.products_options_id and pa.options_values_id = '".$order->products[$i]['attributes'][$j]['value_id']."' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '".$languages_id."' and poval.language_id = '".$languages_id."'");
- }
- $attributes_values = tep_db_fetch_array($attributes);
+ $attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename
+ from ".TABLE_PRODUCTS_OPTIONS." popt, ".TABLE_PRODUCTS_OPTIONS_VALUES." poval, ".TABLE_PRODUCTS_ATTRIBUTES." pa
+ left join ".TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD." pad
+ on pa.products_attributes_id=pad.products_attributes_id
+ where pa.products_id = '".$order->products[$i]['id']."'
+ and pa.options_id = '".$order->products[$i]['attributes'][$j]['option_id']."'
+ and pa.options_id = popt.products_options_id
+ and pa.options_values_id = '".$order->products[$i]['attributes'][$j]['value_id']."'
+ and pa.options_values_id = poval.products_options_values_id
+ and popt.language_id = '".$languages_id."'
+ and poval.language_id = '".$languages_id."'";
+ $attributes = tep_db_query($attributes_query);
+ } else
+ {
+ $attributes = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from ".TABLE_PRODUCTS_OPTIONS." popt, ".TABLE_PRODUCTS_OPTIONS_VALUES." poval, ".TABLE_PRODUCTS_ATTRIBUTES." pa where pa.products_id = '".$order->products[$i]['id']."' and pa.options_id = '".$order->products[$i]['attributes'][$j]['option_id']."' and pa.options_id = popt.products_options_id and pa.options_values_id = '".$order->products[$i]['attributes'][$j]['value_id']."' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '".$languages_id."' and poval.language_id = '".$languages_id."'");
+ }
+ $attributes_values = tep_db_fetch_array($attributes);
- $sql_data_array = array ('orders_id'=>$insert_id,
- 'orders_products_id'=>$order_products_id,
- 'products_options'=>$attributes_values['products_options_name'],
- 'products_options_values'=>$attributes_values['products_options_values_name'],
- 'options_values_price'=>$attributes_values['options_values_price'],
- 'price_prefix'=>$attributes_values['price_prefix']);
+ $sql_data_array = array ('orders_id'=>$insert_id,
+ 'orders_products_id'=>$order_products_id,
+ 'products_options'=>$attributes_values['products_options_name'],
+ 'products_options_values'=>$attributes_values['products_options_values_name'],
+ 'options_values_price'=>$attributes_values['options_values_price'],
+ 'price_prefix'=>$attributes_values['price_prefix']);
- tep_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);
+ tep_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);
- if ((DOWNLOAD_ENABLED == 'true') && isset ($attributes_values['products_attributes_filename']) && tep_not_null($attributes_values['products_attributes_filename']))
- {
- $sql_data_array = array ('orders_id'=>$insert_id,
- 'orders_products_id'=>$order_products_id,
- 'orders_products_filename'=>$attributes_values['products_attributes_filename'],
- 'download_maxdays'=>$attributes_values['products_attributes_maxdays'],
- 'download_count'=>$attributes_values['products_attributes_maxcount']);
+ if ((DOWNLOAD_ENABLED == 'true') && isset ($attributes_values['products_attributes_filename']) && tep_not_null($attributes_values['products_attributes_filename']))
+ {
+ $sql_data_array = array ('orders_id'=>$insert_id,
+ 'orders_products_id'=>$order_products_id,
+ 'orders_products_filename'=>$attributes_values['products_attributes_filename'],
+ 'download_maxdays'=>$attributes_values['products_attributes_maxdays'],
+ 'download_count'=>$attributes_values['products_attributes_maxcount']);
- tep_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);
- }
+ tep_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);
}
}
}
-
- $cart_inpay_Standard_ID = $cartID.'-'.$insert_id;
- tep_session_register('cart_inpay_Standard_ID');
}
+
+ $cart_inpay_Standard_ID = $cart->as_string().'-'.$insert_id;
+ tep_session_register('cart_inpay_Standard_ID');
}
return false;
View
16 catalog/includes/modules/payment/moneybookers.php
@@ -98,15 +98,7 @@ function selection() {
}
function pre_confirmation_check() {
- global $cartID, $cart;
-
- if (empty($cart->cartID)) {
- $cartID = $cart->cartID = $cart->generate_cart_id();
- }
-
- if (!tep_session_is_registered('cartID')) {
- tep_session_register('cartID');
- }
+ return false;
}
function _prepareOrder() {
@@ -115,12 +107,12 @@ function _prepareOrder() {
$insert_order = false;
if (tep_session_is_registered($this->_mbcartID)) {
- $order_id = substr($GLOBALS[$this->_mbcartID], strpos($GLOBALS[$this->_mbcartID], '-')+1);
+ list($cart_string, $order_id) = explode($GLOBALS[$this->_mbcartID], '-', 2);
$curr_check = tep_db_query("select currency from " . TABLE_ORDERS . " where orders_id = '" . (int)$order_id . "'");
$curr = tep_db_fetch_array($curr_check);
- if ( ($curr['currency'] != $order->info['currency']) || ($cartID != substr($GLOBALS[$this->_mbcartID], 0, strlen($cartID))) ) {
+ if ( ($curr['currency'] != $order->info['currency']) || ($cart_string != $cart->as_string()) ) {
$check_query = tep_db_query('select orders_id from ' . TABLE_ORDERS_STATUS_HISTORY . ' where orders_id = "' . (int)$order_id . '" limit 1');
if (tep_db_num_rows($check_query) < 1) {
@@ -271,7 +263,7 @@ function _prepareOrder() {
}
}
- $GLOBALS[$this->_mbcartID] = $cartID . '-' . $insert_id;
+ $GLOBALS[$this->_mbcartID] = $cart->as_string() . '-' . $insert_id;
tep_session_register($this->_mbcartID);
}
}
View
292 catalog/includes/modules/payment/paypal_standard.php
@@ -91,183 +91,173 @@ function selection() {
}
function pre_confirmation_check() {
- global $cartID, $cart;
-
- if (empty($cart->cartID)) {
- $cartID = $cart->cartID = $cart->generate_cart_id();
- }
-
- if (!tep_session_is_registered('cartID')) {
- tep_session_register('cartID');
- }
+ return false;
}
function confirmation() {
- global $cartID, $cart_PayPal_Standard_ID, $customer_id, $languages_id, $order, $order_total_modules;
-
- if (tep_session_is_registered('cartID')) {
- $insert_order = false;
+ global $cart, $cart_PayPal_Standard_ID, $customer_id, $languages_id, $order, $order_total_modules;
- if (tep_session_is_registered('cart_PayPal_Standard_ID')) {
- $order_id = substr($cart_PayPal_Standard_ID, strpos($cart_PayPal_Standard_ID, '-')+1);
+ $insert_order = false;
- $curr_check = tep_db_query("select currency from " . TABLE_ORDERS . " where orders_id = '" . (int)$order_id . "'");
- $curr = tep_db_fetch_array($curr_check);
+ if (tep_session_is_registered('cart_PayPal_Standard_ID')) {
+ list($cart_string, $order_id) = explode($cart_PayPal_Standard_ID, '-', 2);
- if ( ($curr['currency'] != $order->info['currency']) || ($cartID != substr($cart_PayPal_Standard_ID, 0, strlen($cartID))) ) {
- $check_query = tep_db_query('select orders_id from ' . TABLE_ORDERS_STATUS_HISTORY . ' where orders_id = "' . (int)$order_id . '" limit 1');
+ $curr_check = tep_db_query("select currency from " . TABLE_ORDERS . " where orders_id = '" . (int)$order_id . "'");
+ $curr = tep_db_fetch_array($curr_check);
- if (tep_db_num_rows($check_query) < 1) {
- tep_db_query('delete from ' . TABLE_ORDERS . ' where orders_id = "' . (int)$order_id . '"');
- tep_db_query('delete from ' . TABLE_ORDERS_TOTAL . ' where orders_id = "' . (int)$order_id . '"');
- tep_db_query('delete from ' . TABLE_ORDERS_STATUS_HISTORY . ' where orders_id = "' . (int)$order_id . '"');
- tep_db_query('delete from ' . TABLE_ORDERS_PRODUCTS . ' where orders_id = "' . (int)$order_id . '"');
- tep_db_query('delete from ' . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . ' where orders_id = "' . (int)$order_id . '"');
- tep_db_query('delete from ' . TABLE_ORDERS_PRODUCTS_DOWNLOAD . ' where orders_id = "' . (int)$order_id . '"');
- }
+ if ( ($curr['currency'] != $order->info['currency']) || ($cart_string != $cart->as_string()) ) {
+ $check_query = tep_db_query('select orders_id from ' . TABLE_ORDERS_STATUS_HISTORY . ' where orders_id = "' . (int)$order_id . '" limit 1');
- $insert_order = true;
+ if (tep_db_num_rows($check_query) < 1) {
+ tep_db_query('delete from ' . TABLE_ORDERS . ' where orders_id = "' . (int)$order_id . '"');
+ tep_db_query('delete from ' . TABLE_ORDERS_TOTAL . ' where orders_id = "' . (int)$order_id . '"');
+ tep_db_query('delete from ' . TABLE_ORDERS_STATUS_HISTORY . ' where orders_id = "' . (int)$order_id . '"');
+ tep_db_query('delete from ' . TABLE_ORDERS_PRODUCTS . ' where orders_id = "' . (int)$order_id . '"');
+ tep_db_query('delete from ' . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . ' where orders_id = "' . (int)$order_id . '"');
+ tep_db_query('delete from ' . TABLE_ORDERS_PRODUCTS_DOWNLOAD . ' where orders_id = "' . (int)$order_id . '"');
}
- } else {
+
$insert_order = true;
}
+ } else {
+ $insert_order = true;
+ }
- if ($insert_order == true) {
- $order_totals = array();
- if (is_array($order_total_modules->modules)) {
- reset($order_total_modules->modules);
- while (list(, $value) = each($order_total_modules->modules)) {
- $class = substr($value, 0, strrpos($value, '.'));
- if ($GLOBALS[$class]->enabled) {
- for ($i=0, $n=sizeof($GLOBALS[$class]->output); $i<$n; $i++) {
- if (tep_not_null($GLOBALS[$class]->output[$i]['title']) && tep_not_null($GLOBALS[$class]->output[$i]['text'])) {
- $order_totals[] = array('code' => $GLOBALS[$class]->code,
- 'title' => $GLOBALS[$class]->output[$i]['title'],
- 'text' => $GLOBALS[$class]->output[$i]['text'],
- 'value' => $GLOBALS[$class]->output[$i]['value'],
- 'sort_order' => $GLOBALS[$class]->sort_order);
- }
+ if ($insert_order == true) {
+ $order_totals = array();
+ if (is_array($order_total_modules->modules)) {
+ reset($order_total_modules->modules);
+ while (list(, $value) = each($order_total_modules->modules)) {
+ $class = substr($value, 0, strrpos($value, '.'));
+ if ($GLOBALS[$class]->enabled) {
+ for ($i=0, $n=sizeof($GLOBALS[$class]->output); $i<$n; $i++) {
+ if (tep_not_null($GLOBALS[$class]->output[$i]['title']) && tep_not_null($GLOBALS[$class]->output[$i]['text'])) {
+ $order_totals[] = array('code' => $GLOBALS[$class]->code,
+ 'title' => $GLOBALS[$class]->output[$i]['title'],
+ 'text' => $GLOBALS[$class]->output[$i]['text'],
+ 'value' => $GLOBALS[$class]->output[$i]['value'],
+ 'sort_order' => $GLOBALS[$class]->sort_order);
}
}
}
}
+ }
- $sql_data_array = array('customers_id' => $customer_id,
- 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'],
- 'customers_company' => $order->customer['company'],
- 'customers_street_address' => $order->customer['street_address'],
- 'customers_suburb' => $order->customer['suburb'],
- 'customers_city' => $order->customer['city'],
- 'customers_postcode' => $order->customer['postcode'],
- 'customers_state' => $order->customer['state'],
- 'customers_country' => $order->customer['country']['title'],
- 'customers_telephone' => $order->customer['telephone'],
- 'customers_email_address' => $order->customer['email_address'],
- 'customers_address_format_id' => $order->customer['format_id'],
- 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'],
- 'delivery_company' => $order->delivery['company'],
- 'delivery_street_address' => $order->delivery['street_address'],
- 'delivery_suburb' => $order->delivery['suburb'],
- 'delivery_city' => $order->delivery['city'],
- 'delivery_postcode' => $order->delivery['postcode'],
- 'delivery_state' => $order->delivery['state'],
- 'delivery_country' => $order->delivery['country']['title'],
- 'delivery_address_format_id' => $order->delivery['format_id'],
- 'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'],
- 'billing_company' => $order->billing['company'],
- 'billing_street_address' => $order->billing['street_address'],
- 'billing_suburb' => $order->billing['suburb'],
- 'billing_city' => $order->billing['city'],
- 'billing_postcode' => $order->billing['postcode'],
- 'billing_state' => $order->billing['state'],
- 'billing_country' => $order->billing['country']['title'],
- 'billing_address_format_id' => $order->billing['format_id'],
- 'payment_method' => $order->info['payment_method'],
- 'cc_type' => $order->info['cc_type'],
- 'cc_owner' => $order->info['cc_owner'],
- 'cc_number' => $order->info['cc_number'],
- 'cc_expires' => $order->info['cc_expires'],
- 'date_purchased' => 'now()',
- 'orders_status' => $order->info['order_status'],
- 'currency' => $order->info['currency'],
- 'currency_value' => $order->info['currency_value']);
-
- tep_db_perform(TABLE_ORDERS, $sql_data_array);
-
- $insert_id = tep_db_insert_id();
-
- for ($i=0, $n=sizeof($order_totals); $i<$n; $i++) {
- $sql_data_array = array('orders_id' => $insert_id,
- 'title' => $order_totals[$i]['title'],
- 'text' => $order_totals[$i]['text'],
- 'value' => $order_totals[$i]['value'],
- 'class' => $order_totals[$i]['code'],
- 'sort_order' => $order_totals[$i]['sort_order']);
-
- tep_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
- }
+ $sql_data_array = array('customers_id' => $customer_id,
+ 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'],
+ 'customers_company' => $order->customer['company'],
+ 'customers_street_address' => $order->customer['street_address'],
+ 'customers_suburb' => $order->customer['suburb'],
+ 'customers_city' => $order->customer['city'],
+ 'customers_postcode' => $order->customer['postcode'],
+ 'customers_state' => $order->customer['state'],
+ 'customers_country' => $order->customer['country']['title'],
+ 'customers_telephone' => $order->customer['telephone'],
+ 'customers_email_address' => $order->customer['email_address'],
+ 'customers_address_format_id' => $order->customer['format_id'],
+ 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'],
+ 'delivery_company' => $order->delivery['company'],
+ 'delivery_street_address' => $order->delivery['street_address'],
+ 'delivery_suburb' => $order->delivery['suburb'],
+ 'delivery_city' => $order->delivery['city'],
+ 'delivery_postcode' => $order->delivery['postcode'],
+ 'delivery_state' => $order->delivery['state'],
+ 'delivery_country' => $order->delivery['country']['title'],
+ 'delivery_address_format_id' => $order->delivery['format_id'],
+ 'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'],
+ 'billing_company' => $order->billing['company'],
+ 'billing_street_address' => $order->billing['street_address'],
+ 'billing_suburb' => $order->billing['suburb'],
+ 'billing_city' => $order->billing['city'],
+ 'billing_postcode' => $order->billing['postcode'],
+ 'billing_state' => $order->billing['state'],
+ 'billing_country' => $order->billing['country']['title'],
+ 'billing_address_format_id' => $order->billing['format_id'],
+ 'payment_method' => $order->info['payment_method'],
+ 'cc_type' => $order->info['cc_type'],
+ 'cc_owner' => $order->info['cc_owner'],
+ 'cc_number' => $order->info['cc_number'],
+ 'cc_expires' => $order->info['cc_expires'],
+ 'date_purchased' => 'now()',
+ 'orders_status' => $order->info['order_status'],
+ 'currency' => $order->info['currency'],
+ 'currency_value' => $order->info['currency_value']);
+
+ tep_db_perform(TABLE_ORDERS, $sql_data_array);
+
+ $insert_id = tep_db_insert_id();
+
+ for ($i=0, $n=sizeof($order_totals); $i<$n; $i++) {
+ $sql_data_array = array('orders_id' => $insert_id,
+ 'title' => $order_totals[$i]['title'],
+ 'text' => $order_totals[$i]['text'],
+ 'value' => $order_totals[$i]['value'],
+ 'class' => $order_totals[$i]['code'],
+ 'sort_order' => $order_totals[$i]['sort_order']);
+
+ tep_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
+ }
- for ($i=0, $n=sizeof($order->products); $i<$n; $i++) {
- $sql_data_array = array('orders_id' => $insert_id,
- 'products_id' => tep_get_prid($order->products[$i]['id']),
- 'products_model' => $order->products[$i]['model'],
- 'products_name' => $order->products[$i]['name'],
- 'products_price' => $order->products[$i]['price'],
- 'final_price' => $order->products[$i]['final_price'],
- 'products_tax' => $order->products[$i]['tax'],
- 'products_quantity' => $order->products[$i]['qty']);
-
- tep_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array);
-
- $order_products_id = tep_db_insert_id();
-
- $attributes_exist = '0';
- if (isset($order->products[$i]['attributes'])) {
- $attributes_exist = '1';
- for ($j=0, $n2=sizeof($order->products[$i]['attributes']); $j<$n2; $j++) {
- if (DOWNLOAD_ENABLED == 'true') {
- $attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename
- from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa
- left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad
- on pa.products_attributes_id=pad.products_attributes_id
- where pa.products_id = '" . $order->products[$i]['id'] . "'
- and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'
- and pa.options_id = popt.products_options_id
- and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'
- and pa.options_values_id = poval.products_options_values_id
- and popt.language_id = '" . $languages_id . "'
- and poval.language_id = '" . $languages_id . "'";
- $attributes = tep_db_query($attributes_query);
- } else {
- $attributes = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $languages_id . "' and poval.language_id = '" . $languages_id . "'");
- }
- $attributes_values = tep_db_fetch_array($attributes);
+ for ($i=0, $n=sizeof($order->products); $i<$n; $i++) {
+ $sql_data_array = array('orders_id' => $insert_id,
+ 'products_id' => tep_get_prid($order->products[$i]['id']),
+ 'products_model' => $order->products[$i]['model'],
+ 'products_name' => $order->products[$i]['name'],
+ 'products_price' => $order->products[$i]['price'],
+ 'final_price' => $order->products[$i]['final_price'],
+ 'products_tax' => $order->products[$i]['tax'],
+ 'products_quantity' => $order->products[$i]['qty']);
+
+ tep_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array);
+
+ $order_products_id = tep_db_insert_id();
+
+ $attributes_exist = '0';
+ if (isset($order->products[$i]['attributes'])) {
+ $attributes_exist = '1';
+ for ($j=0, $n2=sizeof($order->products[$i]['attributes']); $j<$n2; $j++) {
+ if (DOWNLOAD_ENABLED == 'true') {
+ $attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename
+ from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa
+ left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad
+ on pa.products_attributes_id=pad.products_attributes_id
+ where pa.products_id = '" . $order->products[$i]['id'] . "'
+ and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'
+ and pa.options_id = popt.products_options_id
+ and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'
+ and pa.options_values_id = poval.products_options_values_id
+ and popt.language_id = '" . $languages_id . "'
+ and poval.language_id = '" . $languages_id . "'";
+ $attributes = tep_db_query($attributes_query);
+ } else {
+ $attributes = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $languages_id . "' and poval.language_id = '" . $languages_id . "'");
+ }
+ $attributes_values = tep_db_fetch_array($attributes);
- $sql_data_array = array('orders_id' => $insert_id,
- 'orders_products_id' => $order_products_id,
- 'products_options' => $attributes_values['products_options_name'],
- 'products_options_values' => $attributes_values['products_options_values_name'],
- 'options_values_price' => $attributes_values['options_values_price'],
- 'price_prefix' => $attributes_values['price_prefix']);
+ $sql_data_array = array('orders_id' => $insert_id,
+ 'orders_products_id' => $order_products_id,
+ 'products_options' => $attributes_values['products_options_name'],
+ 'products_options_values' => $attributes_values['products_options_values_name'],
+ 'options_values_price' => $attributes_values['options_values_price'],
+ 'price_prefix' => $attributes_values['price_prefix']);
- tep_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);
+ tep_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);
- if ((DOWNLOAD_ENABLED == 'true') && isset($attributes_values['products_attributes_filename']) && tep_not_null($attributes_values['products_attributes_filename'])) {
- $sql_data_array = array('orders_id' => $insert_id,
- 'orders_products_id' => $order_products_id,
- 'orders_products_filename' => $attributes_values['products_attributes_filename'],
- 'download_maxdays' => $attributes_values['products_attributes_maxdays'],
- 'download_count' => $attributes_values['products_attributes_maxcount']);
+ if ((DOWNLOAD_ENABLED == 'true') && isset($attributes_values['products_attributes_filename']) && tep_not_null($attributes_values['products_attributes_filename'])) {
+ $sql_data_array = array('orders_id' => $insert_id,
+ 'orders_products_id' => $order_products_id,
+ 'orders_products_filename' => $attributes_values['products_attributes_filename'],
+ 'download_maxdays' => $attributes_values['products_attributes_maxdays'],
+ 'download_count' => $attributes_values['products_attributes_maxcount']);
- tep_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);
- }
+ tep_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);
}
}
}
-
- $cart_PayPal_Standard_ID = $cartID . '-' . $insert_id;
- tep_session_register('cart_PayPal_Standard_ID');
}
+
+ $cart_PayPal_Standard_ID = $cart->as_string() . '-' . $insert_id;
+ tep_session_register('cart_PayPal_Standard_ID');
}
return false;
View
18 catalog/includes/modules/payment/rbsworldpay_hosted.php
@@ -91,29 +91,21 @@ function selection() {
}
function pre_confirmation_check() {
- global $cartID, $cart;
-
- if (empty($cart->cartID)) {
- $cartID = $cart->cartID = $cart->generate_cart_id();
- }
-
- if (!tep_session_is_registered('cartID')) {
- tep_session_register('cartID');
- }
+ return false;
}
function confirmation() {
- global $cartID, $cart_RBS_Worldpay_Hosted_ID, $customer_id, $languages_id, $order, $order_total_modules;
+ global $cart, $cart_RBS_Worldpay_Hosted_ID, $customer_id, $languages_id, $order, $order_total_modules;
$insert_order = false;
if (tep_session_is_registered('cart_RBS_Worldpay_Hosted_ID')) {
- $order_id = substr($cart_RBS_Worldpay_Hosted_ID, strpos($cart_RBS_Worldpay_Hosted_ID, '-')+1);
+ list($cart_string, $order_id) = explode($cart_RBS_Worldpay_Hosted_ID, '-', 2);
$curr_check = tep_db_query("select currency from " . TABLE_ORDERS . " where orders_id = '" . (int)$order_id . "'");
$curr = tep_db_fetch_array($curr_check);
- if ( ($curr['currency'] != $order->info['currency']) || ($cartID != substr($cart_RBS_Worldpay_Hosted_ID, 0, strlen($cartID))) ) {
+ if ( ($curr['currency'] != $order->info['currency']) || ($cart_string != $cart->as_string()) ) {
$check_query = tep_db_query('select orders_id from ' . TABLE_ORDERS_STATUS_HISTORY . ' where orders_id = "' . (int)$order_id . '" limit 1');
if (tep_db_num_rows($check_query) < 1) {
@@ -264,7 +256,7 @@ function confirmation() {
}
}
- $cart_RBS_Worldpay_Hosted_ID = $cartID . '-' . $insert_id;
+ $cart_RBS_Worldpay_Hosted_ID = $cart->as_string() . '-' . $insert_id;
tep_session_register('cart_RBS_Worldpay_Hosted_ID');
}
View
23 catalog/includes/modules/payment/sofortueberweisung_direct.php
@@ -89,30 +89,21 @@ function selection() {
}
function pre_confirmation_check() {
- global $cartID, $cart;
-
- // We need the cartID
- if (empty($cart->cartID)) {
- $cartID = $cart->cartID = $cart->generate_cart_id();
- }
-
- if (!tep_session_is_registered('cartID')) {
- tep_session_register('cartID');
- }
+ return false;
}
function confirmation() {
- global $cartID, $cart_Sofortueberweisung_Direct_ID, $customer_id, $languages_id, $order, $order_total_modules;
+ global $cart, $cart_Sofortueberweisung_Direct_ID, $customer_id, $languages_id, $order, $order_total_modules;
$insert_order = false;
if (tep_session_is_registered('cart_Sofortueberweisung_Direct_ID')) {
- $order_id = substr($cart_Sofortueberweisung_Direct_ID, strpos($cart_Sofortueberweisung_Direct_ID, '-')+1);
+ list($cart_string, $order_id) = explode($cart_Sofortueberweisung_Direct_ID, '-', 2);
$curr_check = tep_db_query("select currency from " . TABLE_ORDERS . " where orders_id = '" . (int)$order_id . "'");
$curr = tep_db_fetch_array($curr_check);
- if ( ($curr['currency'] != $order->info['currency']) || ($cartID != substr($cart_Sofortueberweisung_Direct_ID, 0, strlen($cartID))) ) {
+ if ( ($curr['currency'] != $order->info['currency']) || ($cart_string != $cart->as_string()) ) {
$check_query = tep_db_query('select orders_id from ' . TABLE_ORDERS_STATUS_HISTORY . ' where orders_id = "' . (int)$order_id . '" limit 1');
if (tep_db_num_rows($check_query) < 1) {
@@ -263,7 +254,7 @@ function confirmation() {
}
}
- $cart_Sofortueberweisung_Direct_ID = $cartID . '-' . $insert_id;
+ $cart_Sofortueberweisung_Direct_ID = $cart->as_string() . '-' . $insert_id;
tep_session_register('cart_Sofortueberweisung_Direct_ID');
}
@@ -273,7 +264,7 @@ function confirmation() {
function process_button() {
global $order, $cart, $customer_id, $currencies, $cart_Sofortueberweisung_Direct_ID;
- $order_id = substr($cart_Sofortueberweisung_Direct_ID, strpos($cart_Sofortueberweisung_Direct_ID, '-')+1);
+ list($cart_string, $order_id) = explode($cart_Sofortueberweisung_Direct_ID, '-', 2);
$parameter= array();
$parameter['kdnr'] = MODULE_PAYMENT_SOFORTUEBERWEISUNG_DIRECT_KDNR; // Repräsentiert Ihre Kundennummer bei der Sofortüberweisung
@@ -307,7 +298,7 @@ function process_button() {
$parameter['kunden_var_0'] = tep_output_string($order_id); // Eindeutige Identifikation der Zahlung, z.B. Session ID oder Auftragsnummer.
$parameter['kunden_var_1'] = tep_output_string($customer_id);
$parameter['kunden_var_2'] = tep_output_string(tep_session_id());
- $parameter['kunden_var_3'] = tep_output_string($cart->cartID);
+ $parameter['kunden_var_3'] = tep_output_string($cart_string);
$parameter['kunden_var_4'] = '';
$parameter['kunden_var_5'] = '';
// $parameter['Partner'] = '';
Please sign in to comment.
Something went wrong with that request. Please try again.