[platal.git] / htdocs / paiement / cyberpaiement_retour.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2006 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

require_once("xorg.inc.php");
require_once("diogenes/diogenes.hermes.inc.php");

/* sort en affichant une erreur */
function erreur($text) {
    $mymail = new HermesMailer();
    $mymail->addTo("telepaiement@polytechnique.org");
    $mymail->setFrom("webmaster@polytechnique.org");
    $mymail->setSubject("erreur lors d'un t�l�paiement (CyberPaiement)");
    $mymail->setTxtBody("\n\n".var_export($_REQUEST,true));
    $mymail->send();
    exit;
}

/* http://fr.wikipedia.org/wiki/Formule_de_Luhn */
function luhn($nombre) {
    $s = strrev($nombre);
    $sum = 0;
    for ($i = 0; $i < strlen($s); $i++) {
	$dgt = $s{$i};
        $sum += ($i % 2) ? (2*$dgt) % 9 : $dgt;
    }
    return $sum % 10;
}

/* calcule la cl� d'acceptation a partir de 5 champs */
function cle_accept($d1,$d2,$d3,$d4,$d5)
{
    $m1 = luhn($d1.$d5);
    $m2 = luhn($d2.$d5);
    $m3 = luhn($d3.$d5);
    $m4 = luhn($d4.$d5);
    $n = $m1 + $m2 + $m3 + $m4;
    $alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
    return $alpha{$n-1}.$m1.$m2.$m3.$m4;
}

/* user id */
$uid = clean_request('uid');
/* reference banque (numero de transaction) */
$champ901 = clean_request('CHAMP901');
/* cle d'acceptation */
$champ905 = clean_request('CHAMP905');
/* code retour */
$champ906 = clean_request('CHAMP906');
/* email renvoye par la banque */
$champ104 = clean_request('CHAMP104');
/* reference complete de la commande */
$champ200 = clean_request('CHAMP200');
/* montant de la transaction */
$champ201 = clean_request('CHAMP201');
/* devise */
$champ202 = clean_request('CHAMP202');
$montant = "$champ201 $champ202";

/* on extrait les informations sur l'utilisateur */
$res = $globals->xdb->query("
    SELECT  a.prenom,a.nom,a.promo,l.alias,FIND_IN_SET(a.flags,'femme')
      FROM  auth_user_md5 AS a
INNER JOIN  aliases       AS l ON (a.user_id=l.id AND type!='homonyme')
     WHERE  a.user_id={?}", $uid);
if (!list($prenom,$nom,$promo,$forlife,$femme) = $res->fetchOneRow()) {
    erreur("uid invalide");
}


/* on extrait la reference de la commande */
if (!ereg('-xorg-([0-9]+)$',$champ200,$matches)) {
    erreur("r�f�rence de commande invalide");
}

echo ($ref = $matches[1]);
$res = $globals->xdb->query("SELECT mail,text,confirmation FROM paiement.paiements WHERE id={?}", $ref);
if (!list($conf_mail,$conf_title,$conf_text) = $res->fetchOneRow()) {
    erreur("r�f�rence de commande inconnue");
}

/* on extrait le code de retour */
if ($champ906 != "0000") {
    $res = $globals->xdb->query("SELECT  rcb.text,c.id,c.text
                                   FROM  paiement.codeRCB AS rcb
                              LEFT JOIN  paiement.codeC   AS c ON rcb.codeC=c.id
                                  WHERE  rcb.id='$champ906'");
    if (list($rcb_text, $c_id, $c_text) = $res->fetchOneRow()) {
        erreur("erreur lors du paiement : $c_text ($c_id)");
    } else{ 
        erreur("erreur inconnue lors du paiement");
    }
}

/* on fait l'insertion en base de donnees */
$globals->xdb->execute("INSERT INTO  paiement.transactions (id,uid,ref,fullref,montant,cle)
                             VALUES  ({?},{?},{?},{?},{?},{?})",
                        $champ901, $uid, $ref, $champ200, $montant, $champ905);

/* on genere le mail de confirmation */
$conf_text = str_replace("<prenom>",$prenom,$conf_text);
$conf_text = str_replace("<nom>",$nom,$conf_text);
$conf_text = str_replace("<promo>",$promo,$conf_text);
$conf_text = str_replace("<montant>",$montant,$conf_text);
$conf_text = str_replace("<salutation>",$femme ? "Ch�re" : "Cher",$conf_text);
$conf_text = str_replace("<cher>",$femme ? "Ch�re" : "Cher",$conf_text);

$mymail = new HermesMailer();
$mymail->setFrom($conf_mail);
$mymail->addTo("\"$prenom $nom\" <$forlife@polytechnique.org>");
$mymail->addCc($conf_mail);
$mymail->setSubject($conf_title);
$mymail->setTxtBody($conf_text);
$mymail->send();

/* on envoie les details de la transaction � telepaiement@ */
$mymail = new HermesMailer();
$mymail->setFrom("webmaster@polytechnique.org");
$mymail->addTo("telepaiement@polytechnique.org");
$mymail->setSubject($conf_title);
$msg = "utilisateur : $prenom $nom ($uid)\n".
       "mail : $forlife@polytechnique.org\n\n".
       "paiement : $conf_title ($conf_mail)\n".
       "reference : $champ200\n".
       "montant : $montant\n\n".
       "dump de REQUEST:\n".
       var_export($_REQUEST,true);
$mymail->setTxtBody($msg);
$mymail->send();

?>
Commit	Line	Data
0337d704	1	<?php
0337d704	2	/***************************************************************************
50a40a33	3	* Copyright (C) 2003-2006 Polytechnique.org *
0337d704	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	require_once("xorg.inc.php");
	23	require_once("diogenes/diogenes.hermes.inc.php");
	24
	25	/* sort en affichant une erreur */
	26	function erreur($text) {
	27	$mymail = new HermesMailer();
	28	$mymail->addTo("telepaiement@polytechnique.org");
	29	$mymail->setFrom("webmaster@polytechnique.org");
	30	$mymail->setSubject("erreur lors d'un t�l�paiement (CyberPaiement)");
	31	$mymail->setTxtBody("\n\n".var_export($_REQUEST,true));
	32	$mymail->send();
	33	exit;
	34	}
	35
	36	/* http://fr.wikipedia.org/wiki/Formule_de_Luhn */
	37	function luhn($nombre) {
	38	$s = strrev($nombre);
	39	$sum = 0;
	40	for ($i = 0; $i < strlen($s); $i++) {
	41	$dgt = $s{$i};
	42	$sum += ($i % 2) ? (2*$dgt) % 9 : $dgt;
	43	}
	44	return $sum % 10;
	45	}
	46
	47	/* calcule la cl� d'acceptation a partir de 5 champs */
	48	function cle_accept($d1,$d2,$d3,$d4,$d5)
	49	{
	50	$m1 = luhn($d1.$d5);
	51	$m2 = luhn($d2.$d5);
	52	$m3 = luhn($d3.$d5);
	53	$m4 = luhn($d4.$d5);
	54	$n = $m1 + $m2 + $m3 + $m4;
	55	$alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
	56	return $alpha{$n-1}.$m1.$m2.$m3.$m4;
	57	}
	58
	59	/* user id */
	60	$uid = clean_request('uid');
	61	/* reference banque (numero de transaction) */
	62	$champ901 = clean_request('CHAMP901');
	63	/* cle d'acceptation */
	64	$champ905 = clean_request('CHAMP905');
	65	/* code retour */
	66	$champ906 = clean_request('CHAMP906');
	67	/* email renvoye par la banque */
68	$champ104 = clean_request('CHAMP104');
69	/* reference complete de la commande */
70	$champ200 = clean_request('CHAMP200');
71	/* montant de la transaction */
72	$champ201 = clean_request('CHAMP201');
73	/* devise */
74	$champ202 = clean_request('CHAMP202');
75	$montant = "$champ201 $champ202";
76
77	/* on extrait les informations sur l'utilisateur */
78	$res = $globals->xdb->query("
79	SELECT a.prenom,a.nom,a.promo,l.alias,FIND_IN_SET(a.flags,'femme')
80	FROM auth_user_md5 AS a
81	INNER JOIN aliases AS l ON (a.user_id=l.id AND type!='homonyme')
82	WHERE a.user_id={?}", $uid);
83	if (!list($prenom,$nom,$promo,$forlife,$femme) = $res->fetchOneRow()) {
84	erreur("uid invalide");
85	}
86
87
88	/* on extrait la reference de la commande */
89	if (!ereg('-xorg-([0-9]+)$',$champ200,$matches)) {
90	erreur("r�f�rence de commande invalide");
91	}
92
93	echo ($ref = $matches[1]);
94	$res = $globals->xdb->query("SELECT mail,text,confirmation FROM paiement.paiements WHERE id={?}", $ref);
95	if (!list($conf_mail,$conf_title,$conf_text) = $res->fetchOneRow()) {
96	erreur("r�f�rence de commande inconnue");
97	}
98
99	/* on extrait le code de retour */
100	if ($champ906 != "0000") {
101	$res = $globals->xdb->query("SELECT rcb.text,c.id,c.text
102	FROM paiement.codeRCB AS rcb
103	LEFT JOIN paiement.codeC AS c ON rcb.codeC=c.id
104	WHERE rcb.id='$champ906'");
105	if (list($rcb_text, $c_id, $c_text) = $res->fetchOneRow()) {
106	erreur("erreur lors du paiement : $c_text ($c_id)");
107	} else{
108	erreur("erreur inconnue lors du paiement");
109	}
110	}
111
112	/* on fait l'insertion en base de donnees */
113	$globals->xdb->execute("INSERT INTO paiement.transactions (id,uid,ref,fullref,montant,cle)
114	VALUES ({?},{?},{?},{?},{?},{?})",
115	$champ901, $uid, $ref, $champ200, $montant, $champ905);
116
117	/* on genere le mail de confirmation */
118	$conf_text = str_replace("<prenom>",$prenom,$conf_text);
119	$conf_text = str_replace("<nom>",$nom,$conf_text);
120	$conf_text = str_replace("<promo>",$promo,$conf_text);
121	$conf_text = str_replace("<montant>",$montant,$conf_text);
122	$conf_text = str_replace("<salutation>",$femme ? "Ch�re" : "Cher",$conf_text);
123	$conf_text = str_replace("<cher>",$femme ? "Ch�re" : "Cher",$conf_text);
124
125	$mymail = new HermesMailer();
126	$mymail->setFrom($conf_mail);
127	$mymail->addTo("\"$prenom $nom\" <$forlife@polytechnique.org>");
128	$mymail->addCc($conf_mail);
129	$mymail->setSubject($conf_title);
130	$mymail->setTxtBody($conf_text);
131	$mymail->send();
132
133	/* on envoie les details de la transaction � telepaiement@ */
134	$mymail = new HermesMailer();
135	$mymail->setFrom("webmaster@polytechnique.org");
136	$mymail->addTo("telepaiement@polytechnique.org");
137	$mymail->setSubject($conf_title);
138	$msg = "utilisateur : $prenom $nom ($uid)\n".
139	"mail : $forlife@polytechnique.org\n\n".
140	"paiement : $conf_title ($conf_mail)\n".
141	"reference : $champ200\n".
142	"montant : $montant\n\n".
143	"dump de REQUEST:\n".
144	var_export($_REQUEST,true);
145	$mymail->setTxtBody($msg);
146	$mymail->send();
147
148	?>