[platal.git] / modules / payment.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2007 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

/* sort en affichant une erreur */
function cb_erreur($text) {
    $mymail = new PlMailer();
    $mymail->addTo("telepaiement@polytechnique.org");
    $mymail->setFrom("webmaster@polytechnique.org");
    $mymail->setSubject("erreur lors d'un télépaiement (CyberPaiement)");
    $mymail->setTxtBody("\n\n".var_export($_REQUEST,true));
    $mymail->send();
    exit;
}

/* sort en affichant une erreur */
function paypal_erreur($text, $send=true)
{
    global $page, $erreur;
    if ($erreur) return;
    $erreur = $text;
    if (!$send) return;

    $mymail = new PlMailer();
    $mymail->addTo("telepaiement@polytechnique.org");
    $mymail->setFrom("webmaster@polytechnique.org");
    $mymail->setSubject("erreur lors d'un télépaiement (PayPal)");
    $mymail->setTxtBody("\n\n".var_export($_REQUEST,true));
    $mymail->send();

    $page->trig($text);
}

/* http://fr.wikipedia.org/wiki/Formule_de_Luhn */
function luhn($nombre) {
    $s = strrev($nombre);
    $sum = 0;
    for ($i = 0; $i < strlen($s); $i++) {
	$dgt = $s{$i};
        $sum += ($i % 2) ? (2*$dgt) % 9 : $dgt;
    }
    return $sum % 10;
}

/* calcule la clé d'acceptation a partir de 5 champs */
function cle_accept($d1,$d2,$d3,$d4,$d5)
{
    $m1 = luhn($d1.$d5);
    $m2 = luhn($d2.$d5);
    $m3 = luhn($d3.$d5);
    $m4 = luhn($d4.$d5);
    $n = $m1 + $m2 + $m3 + $m4;
    $alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
    return $alpha{$n-1}.$m1.$m2.$m3.$m4;
}


class PaymentModule extends PLModule
{
    function handlers()
    {
        return array(
            'payment'               => $this->make_hook('payment', AUTH_MDP),
            'payment/cyber_return'  => $this->make_hook('cyber_return',  AUTH_PUBLIC),
            'payment/paypal_return' => $this->make_hook('paypal_return',  AUTH_PUBLIC),
            '%grp/paiement'              => $this->make_hook('xnet_payment', AUTH_MDP, 'groupmember'),
            '%grp/payment'               => $this->make_hook('xnet_payment', AUTH_MDP, 'groupmember'),
            '%grp/payment/cyber_return'  => $this->make_hook('cyber_return', AUTH_PUBLIC),
            '%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC),
            'admin/payments'        => $this->make_hook('admin', AUTH_MDP, 'admin'),
        
        );
    }

    function handler_payment(&$page, $ref = -1)
    {
        global $globals;

        require_once 'profil.func.inc.php' ;
        require_once dirname(__FILE__).'/payment/money.inc.php' ;

        if (!empty($GLOBALS['IS_XNET_SITE'])) {
            if (!$globals->asso('id')) {
                return PL_NOT_FOUND;
            }
            $res = XDB::query("SELECT asso_id
                                 FROM paiement.paiements
                                WHERE asso_id = {?} AND id = {?}",
                              $globals->asso('id'), $ref);
            if (!$res->numRows()) {
                return PL_FORBIDDEN;
            }
        }
        $page->changeTpl('payment/index.tpl');
        $page->assign('xorg_title','Polytechnique.org - Télépaiements');

        // initialisation
        $op   = Env::v('op', 'select');
        $meth = new PayMethod(Env::i('methode', -1));
        $pay  = new Payment($ref);

        if($pay->flags->hasflag('old')){
            $page->trig("La transaction selectionnée est périmée.");
            $pay = new Payment();
        }
        $val = Env::v('montant') != 0 ? Env::v('montant') : $pay->montant_def;

        if (($e = $pay->check($val)) !== true) {
            $page->trig($e);
        }

        if ($op=='submit') {
            $pay->init($val, $meth);
            $pay->prepareform($pay);
        } else {
            $res = XDB::iterator("SELECT  timestamp, montant
                                    FROM  paiement.transactions
                                   WHERE  uid = {?} AND ref = {?}
                                ORDER BY  timestamp DESC",
                                 S::v('uid', -1), $ref);

            if ($res->total()) $page->assign('transactions', $res);
        }

        $val = floor($val).".".substr(floor(($val - floor($val))*100+100),1);
        $page->assign('montant',$val);
        $page->assign('comment',Env::v('comment'));

        $page->assign('meth', $meth);
        $page->assign('pay',  $pay);
        $page->assign('evtlink', $pay->event());

        $page->assign('prefix', $globals->money->mpay_tprefix);
    }

    function handler_cyber_return(&$page, $uid = null)
    {
        /* reference banque (numero de transaction) */
        $champ901 = Env::s('CHAMP901');
        /* cle d'acceptation */
        $champ905 = Env::s('CHAMP905');
        /* code retour */
        $champ906 = Env::s('CHAMP906');
        /* email renvoye par la banque */
        $champ104 = Env::s('CHAMP104');
        /* reference complete de la commande */
        $champ200 = Env::s('CHAMP200');
        /* montant de la transaction */
        $champ201 = Env::s('CHAMP201');
        /* devise */
        $champ202 = Env::s('CHAMP202');
        $montant = "$champ201 $champ202";

        /* on extrait les informations sur l'utilisateur */
        $res = XDB::query("
            SELECT  a.prenom,a.nom,a.promo,l.alias,FIND_IN_SET('femme', a.flags)
              FROM  auth_user_md5 AS a
        INNER JOIN  aliases       AS l ON (a.user_id=l.id AND type!='homonyme')
             WHERE  a.user_id={?}", $uid);
        if (!list($prenom,$nom,$promo,$forlife,$femme) = $res->fetchOneRow()) {
            cb_erreur("uid invalide");
        }


        /* on extrait la reference de la commande */
        if (!ereg('-xorg-([0-9]+)$',$champ200,$matches)) {
            cb_erreur("référence de commande invalide");
        }

        echo ($ref = $matches[1]);
        $res = XDB::query("SELECT  mail,text,confirmation
                             FROM  paiement.paiements
                            WHERE  id={?}", $ref);
        if (!list($conf_mail,$conf_title,$conf_text) = $res->fetchOneRow()) {
            cb_erreur("référence de commande inconnue");
        }

        /* on extrait le code de retour */
        if ($champ906 != "0000") {
            $res = XDB::query("SELECT  rcb.text,c.id,c.text
                                 FROM  paiement.codeRCB AS rcb
                            LEFT JOIN  paiement.codeC   AS c ON rcb.codeC=c.id
                                WHERE  rcb.id='$champ906'");
            if (list($rcb_text, $c_id, $c_text) = $res->fetchOneRow()) {
                cb_erreur("erreur lors du paiement : $c_text ($c_id)");
            } else{ 
                cb_erreur("erreur inconnue lors du paiement");
            }
        }

        /* on fait l'insertion en base de donnees */
        XDB::execute("INSERT INTO  paiement.transactions (id,uid,ref,fullref,montant,cle,comment)
                           VALUES  ({?},{?},{?},{?},{?},{?},{?})",
                     $champ901, $uid, $ref, $champ200, $montant, $champ905,Env::v('comment'));

        /* on genere le mail de confirmation */
        $conf_text = str_replace("<prenom>",$prenom,$conf_text);
        $conf_text = str_replace("<nom>",$nom,$conf_text);
        $conf_text = str_replace("<promo>",$promo,$conf_text);
        $conf_text = str_replace("<montant>",$montant,$conf_text);
        $conf_text = str_replace("<salutation>",$femme ? "Chère" : "Cher",$conf_text);
        $conf_text = str_replace("<cher>",$femme ? "Chère" : "Cher",$conf_text);

        $mymail = new PlMailer();
        $mymail->setFrom($conf_mail);
        $mymail->addTo("\"$prenom $nom\" <$forlife@polytechnique.org>");
        $mymail->addCc($conf_mail);
        $mymail->setSubject($conf_title);
        $mymail->setWikiBody($conf_text);
        $mymail->send(S::v('mail_fmt') == 'html');

        /* on envoie les details de la transaction à telepaiement@ */
        $mymail = new PlMailer();
        $mymail->setFrom("webmaster@polytechnique.org");
        $mymail->addTo("telepaiement@staff.polytechnique.org");
        $mymail->setSubject($conf_title);
        $msg = "utilisateur : $prenom $nom ($uid)\n".
               "mail : $forlife@polytechnique.org\n\n".
               "paiement : $conf_title ($conf_mail)\n".
               "reference : $champ200\n".
               "montant : $montant\n\n".
               "dump de REQUEST:\n".
               var_export($_REQUEST,true);
        $mymail->setTxtBody($msg);
        $mymail->send();
        exit;
    }

    function handler_paypal_return(&$page, $uid = null)
    {
        $page->changeTpl('payment/retour_paypal.tpl');

        /* reference banque (numero de transaction) */
        $no_transaction = Env::s('tx');
        /* token a renvoyer pour avoir plus d'information */
        $clef = Env::s('sig');
        /* code retour */
        $status = Env::s('st');
        /* raison */
        $reason = ($status == 'Pending')? Env::s('pending_reason'): Env::s('reason_code');
        /* reference complete de la commande */
        $fullref = Env::s('cm');
        /* montant de la transaction */
        $montant_nb = Env::s('amt');
        /* devise */
        $montant_dev = Env::s('cc');
        $montant = "$montant_nb $montant_dev";

        /* on extrait le code de retour */
        if ($status != "Completed") {
            if ($status)
                paypal_erreur("erreur lors du paiement : $status - $reason");
            else
                paypal_erreur("Paiement annulé", false);
        }

        /* on extrait les informations sur l'utilisateur */
        $res = XDB::query("
            SELECT  a.prenom,a.nom,a.promo,l.alias,FIND_IN_SET('femme', a.flags)
              FROM  auth_user_md5 AS a
        INNER JOIN  aliases       AS l ON (a.user_id=l.id AND type!='homonyme')
             WHERE  a.user_id={?}", $uid);
        if (!list($prenom,$nom,$promo,$forlife,$femme) = $res->fetchOneRow()) {
            paypal_erreur("uid invalide");
        }

        /* on extrait la reference de la commande */
        if (!ereg('-xorg-([0-9]+)$',$fullref,$matches)) {
            paypal_erreur("référence de commande invalide");
        }

        $ref = $matches[1];
        $res = XDB::query("SELECT  mail,text,confirmation
                             FROM  paiement.paiements
                            WHERE  id={?}", $ref);
        if (!list($conf_mail,$conf_title,$conf_text) = $res->fetchOneRow()) {
            paypal_erreur("référence de commande inconnue");
        }

        /* on fait l'insertion en base de donnees */
        XDB::execute("INSERT INTO  paiement.transactions (id,uid,ref,fullref,montant,cle,comment)
                           VALUES  ({?},{?},{?},{?},{?},{?},{?})",
                    $no_transaction, $uid, $ref, $fullref, $montant, $clef, Env::v('comment'));

        /* on genere le mail de confirmation */
        $conf_text = str_replace("<prenom>",$prenom,$conf_text);
        $conf_text = str_replace("<nom>",$nom,$conf_text);
        $conf_text = str_replace("<promo>",$promo,$conf_text);
        $conf_text = str_replace("<montant>",$montant,$conf_text);
        $conf_text = str_replace("<salutation>",$femme ? "Chère" : "Cher",$conf_text);
        $conf_text = str_replace("<cher>",$femme ? "Chère" : "Cher",$conf_text);

        $mymail = new PlMailer();
        $mymail->setFrom($conf_mail);
        $mymail->addTo("\"$prenom $nom\" <$forlife@polytechnique.org>");
        $mymail->addCc($conf_mail);
        $mymail->setSubject($conf_title);
        $mymail->setWikiBody($conf_text);
        $mymail->send(S::v('mail_fmt') == 'html');

        /* on envoie les details de la transaction à telepaiement@ */
        $mymail = new PlMailer();
        $mymail->setFrom("webmaster@polytechnique.org");
        $mymail->addTo("telepaiement@polytechnique.org");
        $mymail->setSubject($conf_title);
        $msg = "utilisateur : $prenom $nom ($uid)\n".
               "mail : $forlife@polytechnique.org\n\n".
               "paiement : $conf_title ($conf_mail)\n".
               "reference : $no_transaction\n".
               "montant : $montant\n\n".
               "dump de REQUEST:\n".
               var_export($_REQUEST,true);
        $mymail->setTxtBody($msg);
        $mymail->send();

        $page->assign('texte', $conf_text);
        $page->assign('erreur', $erreur);
    }

    function handler_xnet_payment(&$page, $pid = null)
    {
        global $globals;
        
        if (!is_null($pid)) {
            return  $this->handler_payment($page, $pid);
        }
        $page->changeTpl('payment/xnet.tpl');
        
        $res = XDB::query(
                "SELECT  id, text, url
                   FROM  {$globals->money->mpay_tprefix}paiements
                  WHERE  asso_id = {?} AND NOT FIND_IN_SET('old', flags)
               ORDER BY  id DESC", $globals->asso('id'));
        $tit = $res->fetchAllAssoc();
        $page->assign('titres', $tit);

        $order = Env::v('order', 'timestamp');
        $orders = array('timestamp', 'nom', 'promo', 'montant', 'comment');
        if (!in_array($order, $orders)) {
            $order = 'timestamp';
        } elseif ($order == 'comment') {
            $order = 't.comment';
        }
        $inv_order = Env::v('order_inv', 0);
        $page->assign('order', $order);
        $page->assign('order_inv', !$inv_order);

        if ($order == 'timestamp') {
            $inv_order = !$inv_order;
        }

        if ($inv_order) {
            $inv_order = ' DESC';
        } else {
            $inv_order = '';
        }
        if ($order == 'montant') {
            $order = 'LENGTH(montant) '.$inv_order.', montant';
        }

        $orderby = 'ORDER BY '.$order.$inv_order;
        if ($order != 'nom') {
            $orderby .= ', nom'; $inv_order = '';
        }
        $orderby .= ', prenom'.$inv_order;
        if ($order != 'timestamp') {
            $orderby .= ', timestamp DESC';
        }

        $trans = array();
        $event = array();
        foreach($tit as $foo) {
            $pid = $foo['id'];
            if (may_update()) {
                $res = XDB::query("SELECT  IF(u.nom_usage<>'', u.nom_usage, u.nom) AS nom,
                                           u.prenom, u.promo, a.alias, timestamp AS `date`, t.comment, montant
                                     FROM  {$globals->money->mpay_tprefix}transactions AS t
                               INNER JOIN  auth_user_md5  AS u ON ( t.uid = u.user_id )
                               INNER JOIN  aliases        AS a ON ( t.uid = a.id AND a.type='a_vie' )
                                    WHERE  ref = {?} ".$orderby, $pid);
                    $trans[$pid] = $res->fetchAllAssoc();
                    $sum = 0;
                    foreach ($trans[$pid] as $i => $t) {
                        $sum += strtr(substr($t['montant'], 0, strpos($t['montant'], 'EUR')), ',', '.');
                        $trans[$pid][$i]['montant'] = str_replace('EUR', '€', $t['montant']);
                    }
                    $trans[$pid][] = array('nom' => 'somme totale',
                                           'montant' => strtr($sum, '.', ',').' €');
            }
            $res = XDB::iterRow("SELECT e.eid, e.short_name, e.intitule, ep.nb, ei.montant, ep.paid
                                   FROM groupex.evenements AS e
                              LEFT JOIN groupex.evenements_participants AS ep ON (ep.eid = e.eid AND uid = {?})
                             INNER JOIN groupex.evenements_items AS ei ON (ep.eid = ei.eid AND ep.item_id = ei.item_id)
                                  WHERE e.paiement_id = {?}",
                                 S::v('uid'), $pid);
            $event[$pid] = array();
            $event[$pid]['paid'] = 0;
            if ($res->total()) {
                $event[$pid]['topay'] = 0;
                while(list($eid, $shortname, $title, $nb, $montant, $paid) = $res->next()) {
                    $event[$pid]['topay']     += ($nb * $montant);
                    $event[$pid]['eid']       = $eid;
                    $event[$pid]['shortname'] = $shortname;
                    $event[$pid]['title']     = $title;
                    $event[$pid]['ins']       = !is_null($nb);
                    $event[$pid]['paid']      = $paid;
                }
            }
            $res = XDB::query("SELECT montant
                                 FROM {$globals->money->mpay_tprefix}transactions AS t
                                WHERE ref = {?} AND uid = {?}", $pid, S::v('uid'));
            $montants = $res->fetchColumn();

            foreach ($montants as $m) {
                $p = strtr(substr($m, 0, strpos($m, 'EUR')), ',', '.');
                $event[$pid]['paid'] += trim($p);
            }
        }
        $page->assign('trans', $trans);
        $page->assign('event', $event);
    }
    
    function handler_admin(&$page, $action = 'list', $id = null) {
        $page->assign('xorg_title','Polytechnique.org - Administration - Paiements');
        $page->assign('title', 'Gestion des télépaiements');
        $table_editor = new PLTableEditor('admin/payments','paiement.paiements','id');
        $table_editor->add_join_table('paiement.transactions','ref',true);
        $table_editor->add_sort_field('flags');
        $table_editor->add_sort_field('id', true, true);
        $table_editor->on_delete("UPDATE paiement.paiements SET flags = 'old' WHERE id = {?}", "Le paiement a été archivé");
        $table_editor->describe('text','intitulé',true);
        $table_editor->describe('url','site web',false);
        $table_editor->describe('montant_def','montant par défaut',false);
        $table_editor->describe('montant_min','montant minimum',false);
        $table_editor->describe('montant_max','montant maximum',false);
        $table_editor->describe('mail','email contact',true);
        $table_editor->describe('confirmation','message confirmation',false);
        $table_editor->apply($page, $action, $id);
    }  
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
a2558f2b	1	<?php
a2558f2b	2	/***************************************************************************
5ddeb07c	3	* Copyright (C) 2003-2007 Polytechnique.org *
a2558f2b	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	/* sort en affichant une erreur */
	23	function cb_erreur($text) {
1e33266a	24	$mymail = new PlMailer();
a2558f2b	25	$mymail->addTo("telepaiement@polytechnique.org");
a2558f2b	26	$mymail->setFrom("webmaster@polytechnique.org");
a7de4ef7	27	$mymail->setSubject("erreur lors d'un télépaiement (CyberPaiement)");
a2558f2b	28	$mymail->setTxtBody("\n\n".var_export($_REQUEST,true));
	29	$mymail->send();
	30	exit;
	31	}
	32
	33	/* sort en affichant une erreur */
88e3843c	34	function paypal_erreur($text, $send=true)
88e3843c	35	{
a2558f2b	36	global $page, $erreur;
	37	if ($erreur) return;
	38	$erreur = $text;
	39	if (!$send) return;
	40
1e33266a	41	$mymail = new PlMailer();
a2558f2b	42	$mymail->addTo("telepaiement@polytechnique.org");
a2558f2b	43	$mymail->setFrom("webmaster@polytechnique.org");
a7de4ef7	44	$mymail->setSubject("erreur lors d'un télépaiement (PayPal)");
a2558f2b	45	$mymail->setTxtBody("\n\n".var_export($_REQUEST,true));
	46	$mymail->send();
	47
	48	$page->trig($text);
	49	}
	50
	51	/* http://fr.wikipedia.org/wiki/Formule_de_Luhn */
	52	function luhn($nombre) {
	53	$s = strrev($nombre);
	54	$sum = 0;
	55	for ($i = 0; $i < strlen($s); $i++) {
	56	$dgt = $s{$i};
	57	$sum += ($i % 2) ? (2*$dgt) % 9 : $dgt;
	58	}
	59	return $sum % 10;
	60	}
	61
a7de4ef7	62	/* calcule la clé d'acceptation a partir de 5 champs */
a2558f2b	63	function cle_accept($d1,$d2,$d3,$d4,$d5)
	64	{
	65	$m1 = luhn($d1.$d5);
	66	$m2 = luhn($d2.$d5);
	67	$m3 = luhn($d3.$d5);
	68	$m4 = luhn($d4.$d5);
	69	$n = $m1 + $m2 + $m3 + $m4;
	70	$alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
	71	return $alpha{$n-1}.$m1.$m2.$m3.$m4;
	72	}
	73
	74
	75	class PaymentModule extends PLModule
	76	{
	77	function handlers()
	78	{
	79	return array(
	80	'payment' => $this->make_hook('payment', AUTH_MDP),
6995a9b9	81	'payment/cyber_return' => $this->make_hook('cyber_return', AUTH_PUBLIC),
6995a9b9	82	'payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC),
1490093c	83	'%grp/paiement' => $this->make_hook('xnet_payment', AUTH_MDP, 'groupmember'),
1490093c	84	'%grp/payment' => $this->make_hook('xnet_payment', AUTH_MDP, 'groupmember'),
98a7e9dc	85	'%grp/payment/cyber_return' => $this->make_hook('cyber_return', AUTH_PUBLIC),
98a7e9dc	86	'%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC),
92423144	87	'admin/payments' => $this->make_hook('admin', AUTH_MDP, 'admin'),
98a7e9dc	88
a2558f2b	89	);
	90	}
	91
	92	function handler_payment(&$page, $ref = -1)
	93	{
	94	global $globals;
	95
	96	require_once 'profil.func.inc.php' ;
2c784d41	97	require_once dirname(__FILE__).'/payment/money.inc.php' ;
a2558f2b	98
98a7e9dc	99	if (!empty($GLOBALS['IS_XNET_SITE'])) {
	100	if (!$globals->asso('id')) {
	101	return PL_NOT_FOUND;
	102	}
	103	$res = XDB::query("SELECT asso_id
	104	FROM paiement.paiements
	105	WHERE asso_id = {?} AND id = {?}",
	106	$globals->asso('id'), $ref);
	107	if (!$res->numRows()) {
	108	return PL_FORBIDDEN;
	109	}
98a7e9dc	110	}
1490093c	111	$page->changeTpl('payment/index.tpl');
1490093c	112	$page->assign('xorg_title','Polytechnique.org - Télépaiements');
a2558f2b	113
a2558f2b	114	// initialisation
5e2307dc	115	$op = Env::v('op', 'select');
5e2307dc	116	$meth = new PayMethod(Env::i('methode', -1));
a2558f2b	117	$pay = new Payment($ref);
	118
	119	if($pay->flags->hasflag('old')){
a7de4ef7	120	$page->trig("La transaction selectionnée est périmée.");
a2558f2b	121	$pay = new Payment();
a2558f2b	122	}
5e2307dc	123	$val = Env::v('montant') != 0 ? Env::v('montant') : $pay->montant_def;
a2558f2b	124
	125	if (($e = $pay->check($val)) !== true) {
	126	$page->trig($e);
	127	}
	128
	129	if ($op=='submit') {
	130	$pay->init($val, $meth);
	131	$pay->prepareform($pay);
	132	} else {
08cce2ff	133	$res = XDB::iterator("SELECT timestamp, montant
8a7fab54	134	FROM paiement.transactions
	135	WHERE uid = {?} AND ref = {?}
	136	ORDER BY timestamp DESC",
	137	S::v('uid', -1), $ref);
a2558f2b	138
	139	if ($res->total()) $page->assign('transactions', $res);
	140	}
	141
	142	$val = floor($val).".".substr(floor(($val - floor($val))*100+100),1);
	143	$page->assign('montant',$val);
bff6d838	144	$page->assign('comment',Env::v('comment'));
a2558f2b	145
	146	$page->assign('meth', $meth);
	147	$page->assign('pay', $pay);
	148	$page->assign('evtlink', $pay->event());
	149
a3a049fc	150	$page->assign('prefix', $globals->money->mpay_tprefix);
a2558f2b	151	}
	152
	153	function handler_cyber_return(&$page, $uid = null)
	154	{
a2558f2b	155	/* reference banque (numero de transaction) */
7280eb45	156	$champ901 = Env::s('CHAMP901');
a2558f2b	157	/* cle d'acceptation */
7280eb45	158	$champ905 = Env::s('CHAMP905');
a2558f2b	159	/* code retour */
7280eb45	160	$champ906 = Env::s('CHAMP906');
a2558f2b	161	/* email renvoye par la banque */
7280eb45	162	$champ104 = Env::s('CHAMP104');
a2558f2b	163	/* reference complete de la commande */
7280eb45	164	$champ200 = Env::s('CHAMP200');
a2558f2b	165	/* montant de la transaction */
7280eb45	166	$champ201 = Env::s('CHAMP201');
a2558f2b	167	/* devise */
7280eb45	168	$champ202 = Env::s('CHAMP202');
a2558f2b	169	$montant = "$champ201 $champ202";
	170
	171	/* on extrait les informations sur l'utilisateur */
08cce2ff	172	$res = XDB::query("
010268b2	173	SELECT a.prenom,a.nom,a.promo,l.alias,FIND_IN_SET('femme', a.flags)
a2558f2b	174	FROM auth_user_md5 AS a
	175	INNER JOIN aliases AS l ON (a.user_id=l.id AND type!='homonyme')
	176	WHERE a.user_id={?}", $uid);
	177	if (!list($prenom,$nom,$promo,$forlife,$femme) = $res->fetchOneRow()) {
	178	cb_erreur("uid invalide");
	179	}
	180
	181
	182	/* on extrait la reference de la commande */
	183	if (!ereg('-xorg-([0-9]+)$',$champ200,$matches)) {
a7de4ef7	184	cb_erreur("référence de commande invalide");
a2558f2b	185	}
	186
	187	echo ($ref = $matches[1]);
98a7e9dc	188	$res = XDB::query("SELECT mail,text,confirmation
	189	FROM paiement.paiements
	190	WHERE id={?}", $ref);
a2558f2b	191	if (!list($conf_mail,$conf_title,$conf_text) = $res->fetchOneRow()) {
a7de4ef7	192	cb_erreur("référence de commande inconnue");
a2558f2b	193	}
	194
	195	/* on extrait le code de retour */
	196	if ($champ906 != "0000") {
08cce2ff	197	$res = XDB::query("SELECT rcb.text,c.id,c.text
98a7e9dc	198	FROM paiement.codeRCB AS rcb
	199	LEFT JOIN paiement.codeC AS c ON rcb.codeC=c.id
	200	WHERE rcb.id='$champ906'");
a2558f2b	201	if (list($rcb_text, $c_id, $c_text) = $res->fetchOneRow()) {
	202	cb_erreur("erreur lors du paiement : $c_text ($c_id)");
	203	} else{
	204	cb_erreur("erreur inconnue lors du paiement");
	205	}
	206	}
	207
	208	/* on fait l'insertion en base de donnees */
bff6d838	209	XDB::execute("INSERT INTO paiement.transactions (id,uid,ref,fullref,montant,cle,comment)
98a7e9dc	210	VALUES ({?},{?},{?},{?},{?},{?},{?})",
98a7e9dc	211	$champ901, $uid, $ref, $champ200, $montant, $champ905,Env::v('comment'));
a2558f2b	212
	213	/* on genere le mail de confirmation */
	214	$conf_text = str_replace("<prenom>",$prenom,$conf_text);
	215	$conf_text = str_replace("<nom>",$nom,$conf_text);
	216	$conf_text = str_replace("<promo>",$promo,$conf_text);
	217	$conf_text = str_replace("<montant>",$montant,$conf_text);
a7de4ef7	218	$conf_text = str_replace("<salutation>",$femme ? "Chère" : "Cher",$conf_text);
a7de4ef7	219	$conf_text = str_replace("<cher>",$femme ? "Chère" : "Cher",$conf_text);
a2558f2b	220
1e33266a	221	$mymail = new PlMailer();
a2558f2b	222	$mymail->setFrom($conf_mail);
	223	$mymail->addTo("\"$prenom $nom\" <$forlife@polytechnique.org>");
	224	$mymail->addCc($conf_mail);
	225	$mymail->setSubject($conf_title);
88e3843c	226	$mymail->setWikiBody($conf_text);
88e3843c	227	$mymail->send(S::v('mail_fmt') == 'html');
a2558f2b	228
a7de4ef7	229	/* on envoie les details de la transaction à telepaiement@ */
1e33266a	230	$mymail = new PlMailer();
a2558f2b	231	$mymail->setFrom("webmaster@polytechnique.org");
98a7e9dc	232	$mymail->addTo("telepaiement@staff.polytechnique.org");
a2558f2b	233	$mymail->setSubject($conf_title);
	234	$msg = "utilisateur : $prenom $nom ($uid)\n".
	235	"mail : $forlife@polytechnique.org\n\n".
	236	"paiement : $conf_title ($conf_mail)\n".
	237	"reference : $champ200\n".
	238	"montant : $montant\n\n".
	239	"dump de REQUEST:\n".
	240	var_export($_REQUEST,true);
	241	$mymail->setTxtBody($msg);
	242	$mymail->send();
	243	exit;
	244	}
	245
	246	function handler_paypal_return(&$page, $uid = null)
	247	{
da157660	248	$page->changeTpl('payment/retour_paypal.tpl');
a2558f2b	249
a2558f2b	250	/* reference banque (numero de transaction) */
7280eb45	251	$no_transaction = Env::s('tx');
a2558f2b	252	/* token a renvoyer pour avoir plus d'information */
7280eb45	253	$clef = Env::s('sig');
a2558f2b	254	/* code retour */
7280eb45	255	$status = Env::s('st');
a2558f2b	256	/* raison */
7280eb45	257	$reason = ($status == 'Pending')? Env::s('pending_reason'): Env::s('reason_code');
a2558f2b	258	/* reference complete de la commande */
7280eb45	259	$fullref = Env::s('cm');
a2558f2b	260	/* montant de la transaction */
7280eb45	261	$montant_nb = Env::s('amt');
a2558f2b	262	/* devise */
7280eb45	263	$montant_dev = Env::s('cc');
a2558f2b	264	$montant = "$montant_nb $montant_dev";
	265
	266	/* on extrait le code de retour */
	267	if ($status != "Completed") {
	268	if ($status)
	269	paypal_erreur("erreur lors du paiement : $status - $reason");
	270	else
a7de4ef7	271	paypal_erreur("Paiement annulé", false);
a2558f2b	272	}
	273
	274	/* on extrait les informations sur l'utilisateur */
08cce2ff	275	$res = XDB::query("
010268b2	276	SELECT a.prenom,a.nom,a.promo,l.alias,FIND_IN_SET('femme', a.flags)
a2558f2b	277	FROM auth_user_md5 AS a
	278	INNER JOIN aliases AS l ON (a.user_id=l.id AND type!='homonyme')
	279	WHERE a.user_id={?}", $uid);
	280	if (!list($prenom,$nom,$promo,$forlife,$femme) = $res->fetchOneRow()) {
	281	paypal_erreur("uid invalide");
	282	}
	283
	284	/* on extrait la reference de la commande */
	285	if (!ereg('-xorg-([0-9]+)$',$fullref,$matches)) {
a7de4ef7	286	paypal_erreur("référence de commande invalide");
a2558f2b	287	}
	288
	289	$ref = $matches[1];
08cce2ff	290	$res = XDB::query("SELECT mail,text,confirmation
98a7e9dc	291	FROM paiement.paiements
98a7e9dc	292	WHERE id={?}", $ref);
a2558f2b	293	if (!list($conf_mail,$conf_title,$conf_text) = $res->fetchOneRow()) {
a7de4ef7	294	paypal_erreur("référence de commande inconnue");
a2558f2b	295	}
	296
	297	/* on fait l'insertion en base de donnees */
bff6d838	298	XDB::execute("INSERT INTO paiement.transactions (id,uid,ref,fullref,montant,cle,comment)
98a7e9dc	299	VALUES ({?},{?},{?},{?},{?},{?},{?})",
98a7e9dc	300	$no_transaction, $uid, $ref, $fullref, $montant, $clef, Env::v('comment'));
a2558f2b	301
	302	/* on genere le mail de confirmation */
	303	$conf_text = str_replace("<prenom>",$prenom,$conf_text);
	304	$conf_text = str_replace("<nom>",$nom,$conf_text);
	305	$conf_text = str_replace("<promo>",$promo,$conf_text);
	306	$conf_text = str_replace("<montant>",$montant,$conf_text);
a7de4ef7	307	$conf_text = str_replace("<salutation>",$femme ? "Chère" : "Cher",$conf_text);
a7de4ef7	308	$conf_text = str_replace("<cher>",$femme ? "Chère" : "Cher",$conf_text);
a2558f2b	309
1e33266a	310	$mymail = new PlMailer();
a2558f2b	311	$mymail->setFrom($conf_mail);
	312	$mymail->addTo("\"$prenom $nom\" <$forlife@polytechnique.org>");
	313	$mymail->addCc($conf_mail);
	314	$mymail->setSubject($conf_title);
88e3843c	315	$mymail->setWikiBody($conf_text);
88e3843c	316	$mymail->send(S::v('mail_fmt') == 'html');
a2558f2b	317
a7de4ef7	318	/* on envoie les details de la transaction à telepaiement@ */
1e33266a	319	$mymail = new PlMailer();
a2558f2b	320	$mymail->setFrom("webmaster@polytechnique.org");
	321	$mymail->addTo("telepaiement@polytechnique.org");
	322	$mymail->setSubject($conf_title);
	323	$msg = "utilisateur : $prenom $nom ($uid)\n".
	324	"mail : $forlife@polytechnique.org\n\n".
	325	"paiement : $conf_title ($conf_mail)\n".
	326	"reference : $no_transaction\n".
	327	"montant : $montant\n\n".
	328	"dump de REQUEST:\n".
	329	var_export($_REQUEST,true);
	330	$mymail->setTxtBody($msg);
	331	$mymail->send();
	332
	333	$page->assign('texte', $conf_text);
	334	$page->assign('erreur', $erreur);
a2558f2b	335	}
98a7e9dc	336
	337	function handler_xnet_payment(&$page, $pid = null)
	338	{
	339	global $globals;
	340
	341	if (!is_null($pid)) {
	342	return $this->handler_payment($page, $pid);
	343	}
1490093c	344	$page->changeTpl('payment/xnet.tpl');
98a7e9dc	345
	346	$res = XDB::query(
	347	"SELECT id, text, url
	348	FROM {$globals->money->mpay_tprefix}paiements
010268b2	349	WHERE asso_id = {?} AND NOT FIND_IN_SET('old', flags)
98a7e9dc	350	ORDER BY id DESC", $globals->asso('id'));
	351	$tit = $res->fetchAllAssoc();
	352	$page->assign('titres', $tit);
	353
	354	$order = Env::v('order', 'timestamp');
de4b22cc	355	$orders = array('timestamp', 'nom', 'promo', 'montant', 'comment');
98a7e9dc	356	if (!in_array($order, $orders)) {
98a7e9dc	357	$order = 'timestamp';
de4b22cc	358	} elseif ($order == 'comment') {
de4b22cc	359	$order = 't.comment';
98a7e9dc	360	}
	361	$inv_order = Env::v('order_inv', 0);
	362	$page->assign('order', $order);
	363	$page->assign('order_inv', !$inv_order);
	364
	365	if ($order == 'timestamp') {
	366	$inv_order = !$inv_order;
	367	}
	368
	369	if ($inv_order) {
	370	$inv_order = ' DESC';
	371	} else {
	372	$inv_order = '';
	373	}
	374	if ($order == 'montant') {
	375	$order = 'LENGTH(montant) '.$inv_order.', montant';
	376	}
	377
	378	$orderby = 'ORDER BY '.$order.$inv_order;
	379	if ($order != 'nom') {
	380	$orderby .= ', nom'; $inv_order = '';
	381	}
	382	$orderby .= ', prenom'.$inv_order;
	383	if ($order != 'timestamp') {
	384	$orderby .= ', timestamp DESC';
	385	}
	386
	387	$trans = array();
	388	$event = array();
	389	foreach($tit as $foo) {
	390	$pid = $foo['id'];
	391	if (may_update()) {
	392	$res = XDB::query("SELECT IF(u.nom_usage<>'', u.nom_usage, u.nom) AS nom,
de4b22cc	393	u.prenom, u.promo, a.alias, timestamp AS `date`, t.comment, montant
98a7e9dc	394	FROM {$globals->money->mpay_tprefix}transactions AS t
	395	INNER JOIN auth_user_md5 AS u ON ( t.uid = u.user_id )
	396	INNER JOIN aliases AS a ON ( t.uid = a.id AND a.type='a_vie' )
	397	WHERE ref = {?} ".$orderby, $pid);
	398	$trans[$pid] = $res->fetchAllAssoc();
	399	$sum = 0;
	400	foreach ($trans[$pid] as $i => $t) {
	401	$sum += strtr(substr($t['montant'], 0, strpos($t['montant'], 'EUR')), ',', '.');
a7de4ef7	402	$trans[$pid][$i]['montant'] = str_replace('EUR', '€', $t['montant']);
98a7e9dc	403	}
98a7e9dc	404	$trans[$pid][] = array('nom' => 'somme totale',
a7de4ef7	405	'montant' => strtr($sum, '.', ',').' €');
98a7e9dc	406	}
	407	$res = XDB::iterRow("SELECT e.eid, e.short_name, e.intitule, ep.nb, ei.montant, ep.paid
	408	FROM groupex.evenements AS e
	409	LEFT JOIN groupex.evenements_participants AS ep ON (ep.eid = e.eid AND uid = {?})
	410	INNER JOIN groupex.evenements_items AS ei ON (ep.eid = ei.eid AND ep.item_id = ei.item_id)
	411	WHERE e.paiement_id = {?}",
	412	S::v('uid'), $pid);
	413	$event[$pid] = array();
	414	$event[$pid]['paid'] = 0;
	415	if ($res->total()) {
	416	$event[$pid]['topay'] = 0;
	417	while(list($eid, $shortname, $title, $nb, $montant, $paid) = $res->next()) {
	418	$event[$pid]['topay'] += ($nb * $montant);
	419	$event[$pid]['eid'] = $eid;
	420	$event[$pid]['shortname'] = $shortname;
	421	$event[$pid]['title'] = $title;
	422	$event[$pid]['ins'] = !is_null($nb);
	423	$event[$pid]['paid'] = $paid;
	424	}
	425	}
	426	$res = XDB::query("SELECT montant
	427	FROM {$globals->money->mpay_tprefix}transactions AS t
	428	WHERE ref = {?} AND uid = {?}", $pid, S::v('uid'));
	429	$montants = $res->fetchColumn();
	430
	431	foreach ($montants as $m) {
	432	$p = strtr(substr($m, 0, strpos($m, 'EUR')), ',', '.');
	433	$event[$pid]['paid'] += trim($p);
	434	}
	435	}
	436	$page->assign('trans', $trans);
	437	$page->assign('event', $event);
	438	}
	439
92423144	440	function handler_admin(&$page, $action = 'list', $id = null) {
92423144	441	$page->assign('xorg_title','Polytechnique.org - Administration - Paiements');
a7de4ef7	442	$page->assign('title', 'Gestion des télépaiements');
92423144	443	$table_editor = new PLTableEditor('admin/payments','paiement.paiements','id');
92423144	444	$table_editor->add_join_table('paiement.transactions','ref',true);
2e7b5921	445	$table_editor->add_sort_field('flags');
de61dbcf	446	$table_editor->add_sort_field('id', true, true);
a7de4ef7	447	$table_editor->on_delete("UPDATE paiement.paiements SET flags = 'old' WHERE id = {?}", "Le paiement a été archivé");
a7de4ef7	448	$table_editor->describe('text','intitulé',true);
92423144	449	$table_editor->describe('url','site web',false);
a7de4ef7	450	$table_editor->describe('montant_def','montant par défaut',false);
92423144	451	$table_editor->describe('montant_min','montant minimum',false);
	452	$table_editor->describe('montant_max','montant maximum',false);
	453	$table_editor->describe('mail','email contact',true);
	454	$table_editor->describe('confirmation','message confirmation',false);
	455	$table_editor->apply($page, $action, $id);
	456	}
a2558f2b	457	}
a2558f2b	458
a7de4ef7	459	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
a2558f2b	460	?>