[platal.git] / modules / payment.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2009 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

/* sort en affichant une erreur */
function cb_erreur($text) {
    global $globals;
    $mymail = new PlMailer();
    $mymail->addTo($globals->money->email);
    $mymail->setFrom("webmaster@" . $globals->mail->domain);
    $mymail->setSubject("erreur lors d'un télépaiement (CyberPaiement)");
    $mymail->setTxtBody("\n\n".var_export($_REQUEST,true));
    $mymail->send();
    exit;
}

/* sort en affichant une erreur */
function paypal_erreur($text, $send=true)
{
    global $erreur, $globals;
    if ($erreur) return;
    $erreur = $text;
    if (!$send) return;

    $mymail = new PlMailer();
    $mymail->addTo($globals->money->email);
    $mymail->setFrom("webmaster@" . $globals->mail->domain);
    $mymail->setSubject("erreur lors d'un télépaiement (PayPal)");
    $mymail->setTxtBody("\n\n".var_export($_REQUEST,true));
    $mymail->send();

    Platal::page()->trigError($text);
}

/* http://fr.wikipedia.org/wiki/Formule_de_Luhn */
function luhn($nombre) {
    $s = strrev($nombre);
    $sum = 0;
    for ($i = 0; $i < strlen($s); $i++) {
	$dgt = $s{$i};
        $sum += ($i % 2) ? (2*$dgt) % 9 : $dgt;
    }
    return $sum % 10;
}

/* calcule la clé d'acceptation a partir de 5 champs */
function cle_accept($d1,$d2,$d3,$d4,$d5)
{
    $m1 = luhn($d1.$d5);
    $m2 = luhn($d2.$d5);
    $m3 = luhn($d3.$d5);
    $m4 = luhn($d4.$d5);
    $n = $m1 + $m2 + $m3 + $m4;
    $alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
    return $alpha{$n-1}.$m1.$m2.$m3.$m4;
}

/* decode the comment */
function comment_decode($comment) {
    $comment = urldecode($comment);
    if (is_utf8($comment)) {
        return $comment;
    } else {
        return utf8_encode($comment);
    }
}


class PaymentModule extends PLModule
{
    function handlers()
    {
        return array(
            'payment'                    => $this->make_hook('payment',       AUTH_MDP),
            'payment/cyber_return'       => $this->make_hook('cyber_return',  AUTH_PUBLIC, 'user', NO_HTTPS),
            'payment/paypal_return'      => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS),
            '%grp/paiement'              => $this->make_hook('xnet_payment',  AUTH_MDP),
            '%grp/payment'               => $this->make_hook('xnet_payment',  AUTH_MDP),
            '%grp/payment/cyber_return'  => $this->make_hook('cyber_return',  AUTH_PUBLIC, 'user', NO_HTTPS),
            '%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS),
            'admin/payments'             => $this->make_hook('admin',         AUTH_MDP,    'admin'),

        );
    }

    function handler_payment(&$page, $ref = -1)
    {
        global $globals;

        require_once 'profil.func.inc.php' ;
        $this->load('money.inc.php');

        if (!empty($GLOBALS['IS_XNET_SITE'])) {
            if (!$globals->asso('id')) {
                return PL_NOT_FOUND;
            }
            $res = XDB::query("SELECT asso_id
                                 FROM #paiement#.paiements
                                WHERE asso_id = {?} AND id = {?}",
                              $globals->asso('id'), $ref);
            if (!$res->numRows()) {
                return PL_FORBIDDEN;
            }
        }
        $page->changeTpl('payment/index.tpl');
        $page->setTitle('Télépaiements');

        // initialisation
        $op   = Env::v('op', 'select');
        $meth = new PayMethod(Env::i('methode', -1));
        $pay  = new Payment($ref);

        if($pay->flags->hasflag('old')){
            $page->trigError("La transaction selectionnée est périmée.");
            $pay = new Payment();
        }
        $val = Env::v('montant') != 0 ? Env::v('montant') : $pay->montant_def;

        if (($e = $pay->check($val)) !== true) {
            $page->trigError($e);
        }

        if ($op=='submit') {
            $pay->init($val, $meth);
            $pay->prepareform($pay);
        } else {
            $res = XDB::iterator("SELECT  timestamp, montant
                                    FROM  #paiement#.transactions
                                   WHERE  uid = {?} AND ref = {?}
                                ORDER BY  timestamp DESC",
                                 S::v('uid', -1), $ref);

            if ($res->total()) $page->assign('transactions', $res);
        }

        $val = floor($val).".".substr(floor(($val - floor($val))*100+100),1);
        $page->assign('montant',$val);
        $page->assign('comment',Env::v('comment'));

        $page->assign('meth', $meth);
        $page->assign('pay',  $pay);
        $page->assign('evtlink', $pay->event());

        $page->assign('prefix', $globals->money->mpay_tprefix);
    }

    function handler_cyber_return(&$page, $uid = null)
    {
        /* reference banque (numero de transaction) */
        $champ901 = Env::s('CHAMP901');
        /* cle d'acceptation */
        $champ905 = Env::s('CHAMP905');
        /* code retour */
        $champ906 = Env::s('CHAMP906');
        /* email renvoye par la banque */
        $champ104 = Env::s('CHAMP104');
        /* reference complete de la commande */
        $champ200 = Env::s('CHAMP200');
        /* montant de la transaction */
        $champ201 = Env::s('CHAMP201');
        /* devise */
        $champ202 = Env::s('CHAMP202');
        $montant = "$champ201 $champ202";

        /* on extrait les informations sur l'utilisateur */
        $user = User::get($uid);
        if (!$user) {
            cb_erreur("uid invalide");
        }


        /* on extrait la reference de la commande */
        if (!ereg('-xorg-([0-9]+)$', $champ200, $matches)) {
            cb_erreur("référence de commande invalide");
        }

        echo ($ref = $matches[1]);
        $res = XDB::query("SELECT  mail, text, confirmation
                             FROM  #paiement#.paiements
                            WHERE  id={?}", $ref);
        if (!list($conf_mail, $conf_title, $conf_text) = $res->fetchOneRow()) {
            cb_erreur("référence de commande inconnue");
        }

        /* on extrait le code de retour */
        if ($champ906 != "0000") {
            $res = XDB::query('SELECT  rcb.text, c.id, c.text
                                 FROM  #paiement#.codeRCB AS rcb
                            LEFT JOIN  #paiement#.codeC   AS c ON (rcb.codeC = c.id)
                                WHERE  rcb.id = {?}', $champ906);
            if (list($rcb_text, $c_id, $c_text) = $res->fetchOneRow()) {
                cb_erreur("erreur lors du paiement : $c_text ($c_id)");
            } else{
                cb_erreur("erreur inconnue lors du paiement");
            }
        }

        /* on fait l'insertion en base de donnees */
        XDB::execute("INSERT INTO  #paiement#.transactions (id, uid, ref, fullref, montant, cle, comment)
                           VALUES  ({?}, {?}, {?}, {?}, {?}, {?}, {?})",
                     $champ901, $user->id(), $ref, $champ200, $montant, $champ905, Env::v('comment'));

        // We check if it is an Xnet payment and then update the related ML.
        $res = XDB::query('SELECT  eid
                             FROM  #groupex#.evenements
                            WHERE  paiement_id = {?}', $ref);
        if ($eid = $res->fetchOneCell()) {
            $this->load('xnetevents.inc.php');
            $evt = get_event_detail($eid);
            subscribe_lists_event(0, $uid, $evt, $montant, true);
        }

        /* on genere le mail de confirmation */
        $conf_text = str_replace(
            array('<prenom>', '<nom>', '<promo>', '<montant>', '<salutation>', '<cher>', 'comment>'),
            array($user->firstName(), $user->lastName(), $user->promo(), $montant,
                  $user->isFemale() ? 'Chère' : 'Cher', $user->isFemale() ? 'Chère' : 'Cher',
                  Env::v('comment')), $conf_text);

        global $globals;
        $mymail = new PlMailer();
        $mymail->setFrom($conf_mail);
        $mymail->addCc($conf_mail);
        $mymail->setSubject($conf_title);
        $mymail->setWikiBody($conf_text);
        $mymail->sendTo($user);

        /* on envoie les details de la transaction à telepaiement@ */
        $mymail = new PlMailer();
        $mymail->setFrom("webmaster@" . $globals->mail->domain);
        $mymail->addTo($globals->money->email);
        $mymail->setSubject($conf_title);
        $msg = 'utilisateur : ' . $user->login() . ' (' . $user->id() . ')' . "\n" .
               'mail : ' . $user->forlifeEmail() . "\n\n" .
               "paiement : $conf_title ($conf_mail)\n".
               "reference : $champ200\n".
               "montant : $montant\n\n".
               "dump de REQUEST:\n".
               var_export($_REQUEST,true);
        $mymail->setTxtBody($msg);
        $mymail->send();
        exit;
    }

    function handler_paypal_return(&$page, $uid = null)
    {
        $page->changeTpl('payment/retour_paypal.tpl');

        /* reference banque (numero de transaction) */
        $no_transaction = Env::s('tx');
        /* token a renvoyer pour avoir plus d'information */
        $clef = Env::s('sig');
        /* code retour */
        $status = Env::s('st');
        /* raison */
        $reason = ($status == 'Pending')? Env::s('pending_reason'): Env::s('reason_code');
        /* reference complete de la commande */
        $fullref = Env::s('cm');
        /* montant de la transaction */
        $montant_nb = Env::s('amt');
        /* devise */
        $montant_dev = Env::s('cc');
        $montant = "$montant_nb $montant_dev";

        /* on extrait le code de retour */
        if ($status != "Completed") {
            if ($status)
                paypal_erreur("erreur lors du paiement : $status - $reason");
            else
                paypal_erreur("Paiement annulé", false);
        }

        /* on extrait les informations sur l'utilisateur */
        $user = User::get($uid);
        if (!$user) {
            paypal_erreur("uid invalide");
        }

        /* on extrait la reference de la commande */
        if (!ereg('-xorg-([0-9]+)$', $fullref, $matches)) {
            paypal_erreur("référence de commande invalide");
        }

        $ref = $matches[1];
        $res = XDB::query("SELECT  mail, text, confirmation
                             FROM  #paiement#.paiements
                            WHERE  id = {?}", $ref);
        if (!list($conf_mail,$conf_title,$conf_text) = $res->fetchOneRow()) {
            paypal_erreur("référence de commande inconnue");
        }

        /* on fait l'insertion en base de donnees */
        XDB::execute("INSERT INTO  #paiement#.transactions (id, uid, ref, fullref, montant, cle, comment)
                           VALUES  ({?}, {?}, {?}, {?}, {?}, {?}, {?})",
                    $no_transaction, $user->id(), $ref, $fullref, $montant, $clef, Env::v('comment'));

        // We check if it is an Xnet payment and then update the related ML.
        $res = XDB::query('SELECT  eid
                             FROM  #groupex#.evenements
                            WHERE  paiement_id = {?}', $ref);
        if ($eid = $res->fetchOneCell()) {
            $this->load('xnetevents.inc.php');
            $evt = get_event_detail($eid);
            subscribe_lists_event(0, $uid, $evt, $montant, true);
        }

        /* on genere le mail de confirmation */
        $conf_text = str_replace(array('<prenom>', '<nom>', '<promo>', '<montant>', '<salutation>', '<cher>'),
                                 array($user->firstName(), $user->lastName(), $user->promo(), $montant,
                                       $user->isFemale() ? 'Chère' : 'Cher',
                                       $user->isFemale() ? 'Chère' : 'Cher'), $conf_text);

        global $globals;
        $mymail = new PlMailer();
        $mymail->setFrom($conf_mail);
        $mymail->addCc($conf_mail);
        $mymail->setSubject($conf_title);
        $mymail->setWikiBody($conf_text);
        $mymail->sendTo($user);

        /* on envoie les details de la transaction à telepaiement@ */
        $mymail = new PlMailer();
        $mymail->setFrom("webmaster@" . $globals->mail->domain);
        $mymail->addTo($globals->money->email);
        $mymail->setSubject($conf_title);
        $msg = 'utilisateur : ' . $user->login() . ' (' . $user->id() . ')' . "\n" .
               'mail : ' . $user->forlifeEmail() . "\n\n" .
               "paiement : $conf_title ($conf_mail)\n".
               "reference : $champ200\n".
               "montant : $montant\n\n".
               "dump de REQUEST:\n".
               var_export($_REQUEST,true);
        $mymail->setTxtBody($msg);
        $mymail->send();

        $page->assign('texte', $conf_text);
        $page->assign('erreur', $erreur);
    }

    function handler_xnet_payment(&$page, $pid = null)
    {
        global $globals;

        $perms = S::v('perms');
        if (!$perms->hasFlag('groupmember')) {
            if (is_null($pid)) {
                return PL_FORBIDDEN;
            }
            $res = XDB::query("SELECT  1
                                 FROM  #groupex#.evenements AS e
                           INNER JOIN  #groupex#.evenements_participants AS ep ON (ep.eid = e.eid AND uid = {?})
                                WHERE  e.paiement_id = {?} AND e.asso_id = {?}",
                              S::i('uid'), $pid, $globals->asso('id'));
            if ($res->numRows() == 0) {
                return PL_FORBIDDEN;
            }
        }

        if (!is_null($pid)) {
            return  $this->handler_payment($page, $pid);
        }
        $page->changeTpl('payment/xnet.tpl');

        $res = XDB::query(
                "SELECT  id, text, url
                   FROM  {$globals->money->mpay_tprefix}paiements
                  WHERE  asso_id = {?} AND NOT FIND_IN_SET('old', flags)
               ORDER BY  id DESC", $globals->asso('id'));
        $tit = $res->fetchAllAssoc();
        $page->assign('titres', $tit);


        // TODO: replug sort.
        $trans = array();
        $event = array();
        foreach($tit as $foo) {
            $pid = $foo['id'];
            if (may_update()) {
                $res = XDB::query('SELECT  t.uid, timestamp AS `date`, t.comment, montant
                                     FROM  ' . $globals->money->mpay_tprefix . 'transactions AS t
                                    WHERE  t.ref = {?}', $pid);
                $trans[$pid] = User::getBulkUsersWithUIDs($res->fetchAllAssoc(), 'uid', 'user');
                $sum = 0;
                foreach ($trans[$pid] as $i => $t) {
                    $sum += strtr(substr($t['montant'], 0, strpos($t['montant'], 'EUR')), ',', '.');
                    $trans[$pid][$i]['montant'] = str_replace('EUR', '€', $t['montant']);
                }
                $trans[$pid][] = array('nom' => 'somme totale',
                                       'montant' => strtr($sum, '.', ',').' €');
            }
            $res = XDB::iterRow("SELECT e.eid, e.short_name, e.intitule, ep.nb, ei.montant, ep.paid
                                   FROM #groupex#.evenements AS e
                              LEFT JOIN #groupex#.evenements_participants AS ep ON (ep.eid = e.eid AND uid = {?})
                             INNER JOIN #groupex#.evenements_items AS ei ON (ep.eid = ei.eid AND ep.item_id = ei.item_id)
                                  WHERE e.paiement_id = {?}",
                                 S::v('uid'), $pid);
            $event[$pid] = array();
            $event[$pid]['paid'] = 0;
            if ($res->total()) {
                $event[$pid]['topay'] = 0;
                while(list($eid, $shortname, $title, $nb, $montant, $paid) = $res->next()) {
                    $event[$pid]['topay']     += ($nb * $montant);
                    $event[$pid]['eid']       = $eid;
                    $event[$pid]['shortname'] = $shortname;
                    $event[$pid]['title']     = $title;
                    $event[$pid]['ins']       = !is_null($nb);
                    $event[$pid]['paid']      = $paid;
                }
            }
            $res = XDB::query("SELECT montant
                                 FROM {$globals->money->mpay_tprefix}transactions AS t
                                WHERE ref = {?} AND uid = {?}", $pid, S::v('uid'));
            $montants = $res->fetchColumn();

            foreach ($montants as $m) {
                $p = strtr(substr($m, 0, strpos($m, 'EUR')), ',', '.');
                $event[$pid]['paid'] += trim($p);
            }
        }
        $page->register_modifier('decode_comment', 'decode_comment');
        $page->assign('trans', $trans);
        $page->assign('event', $event);
    }

    function handler_admin(&$page, $action = 'list', $id = null) {
        $page->setTitle('Administration - Paiements');
        $page->assign('title', 'Gestion des télépaiements');
        $table_editor = new PLTableEditor('admin/payments','#paiement#.paiements','id');
        $table_editor->add_join_table('#paiement#.transactions','ref',true);
        $table_editor->add_sort_field('flags');
        $table_editor->add_sort_field('id', true, true);
        $table_editor->on_delete("UPDATE #paiement#.paiements SET flags = 'old' WHERE id = {?}", "Le paiement a été archivé");
        $table_editor->describe('text','intitulé',true);
        $table_editor->describe('url','site web',false);
        $table_editor->describe('montant_def','montant par défaut',false);
        $table_editor->describe('montant_min','montant minimum',false);
        $table_editor->describe('montant_max','montant maximum',false);
        $table_editor->describe('mail','email contact',true);
        $table_editor->describe('confirmation','message confirmation',false);
        $table_editor->apply($page, $action, $id);
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
a2558f2b	1	<?php
a2558f2b	2	/***************************************************************************
8d84c630	3	* Copyright (C) 2003-2009 Polytechnique.org *
a2558f2b	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	/* sort en affichant une erreur */
	23	function cb_erreur($text) {
115c90db	24	global $globals;
1e33266a	25	$mymail = new PlMailer();
d7dd70be	26	$mymail->addTo($globals->money->email);
1d55fe45	27	$mymail->setFrom("webmaster@" . $globals->mail->domain);
a7de4ef7	28	$mymail->setSubject("erreur lors d'un télépaiement (CyberPaiement)");
a2558f2b	29	$mymail->setTxtBody("\n\n".var_export($_REQUEST,true));
	30	$mymail->send();
	31	exit;
	32	}
	33
	34	/* sort en affichant une erreur */
88e3843c	35	function paypal_erreur($text, $send=true)
88e3843c	36	{
d7610c35	37	global $erreur, $globals;
a2558f2b	38	if ($erreur) return;
	39	$erreur = $text;
	40	if (!$send) return;
	41
1e33266a	42	$mymail = new PlMailer();
d7dd70be	43	$mymail->addTo($globals->money->email);
1d55fe45	44	$mymail->setFrom("webmaster@" . $globals->mail->domain);
a7de4ef7	45	$mymail->setSubject("erreur lors d'un télépaiement (PayPal)");
a2558f2b	46	$mymail->setTxtBody("\n\n".var_export($_REQUEST,true));
	47	$mymail->send();
	48
d7610c35	49	Platal::page()->trigError($text);
a2558f2b	50	}
	51
	52	/* http://fr.wikipedia.org/wiki/Formule_de_Luhn */
	53	function luhn($nombre) {
	54	$s = strrev($nombre);
	55	$sum = 0;
	56	for ($i = 0; $i < strlen($s); $i++) {
	57	$dgt = $s{$i};
	58	$sum += ($i % 2) ? (2*$dgt) % 9 : $dgt;
	59	}
	60	return $sum % 10;
	61	}
	62
a7de4ef7	63	/* calcule la clé d'acceptation a partir de 5 champs */
a2558f2b	64	function cle_accept($d1,$d2,$d3,$d4,$d5)
	65	{
	66	$m1 = luhn($d1.$d5);
	67	$m2 = luhn($d2.$d5);
	68	$m3 = luhn($d3.$d5);
	69	$m4 = luhn($d4.$d5);
	70	$n = $m1 + $m2 + $m3 + $m4;
	71	$alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
	72	return $alpha{$n-1}.$m1.$m2.$m3.$m4;
	73	}
	74
17793ccf FB	75	/* decode the comment */
	76	function comment_decode($comment) {
	77	$comment = urldecode($comment);
	78	if (is_utf8($comment)) {
	79	return $comment;
	80	} else {
	81	return utf8_encode($comment);
	82	}
	83	}
	84
a2558f2b	85
	86	class PaymentModule extends PLModule
	87	{
	88	function handlers()
	89	{
	90	return array(
eb5a266d SJ	91	'payment' => $this->make_hook('payment', AUTH_MDP),
	92	'payment/cyber_return' => $this->make_hook('cyber_return', AUTH_PUBLIC, 'user', NO_HTTPS),
	93	'payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS),
	94	'%grp/paiement' => $this->make_hook('xnet_payment', AUTH_MDP),
	95	'%grp/payment' => $this->make_hook('xnet_payment', AUTH_MDP),
	96	'%grp/payment/cyber_return' => $this->make_hook('cyber_return', AUTH_PUBLIC, 'user', NO_HTTPS),
41cce805	97	'%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS),
eb5a266d	98	'admin/payments' => $this->make_hook('admin', AUTH_MDP, 'admin'),
eaf30d86	99
a2558f2b	100	);
	101	}
	102
	103	function handler_payment(&$page, $ref = -1)
	104	{
	105	global $globals;
	106
	107	require_once 'profil.func.inc.php' ;
460d8f55	108	$this->load('money.inc.php');
a2558f2b	109
98a7e9dc	110	if (!empty($GLOBALS['IS_XNET_SITE'])) {
	111	if (!$globals->asso('id')) {
	112	return PL_NOT_FOUND;
	113	}
	114	$res = XDB::query("SELECT asso_id
00112b2e	115	FROM #paiement#.paiements
98a7e9dc	116	WHERE asso_id = {?} AND id = {?}",
	117	$globals->asso('id'), $ref);
	118	if (!$res->numRows()) {
	119	return PL_FORBIDDEN;
	120	}
98a7e9dc	121	}
1490093c	122	$page->changeTpl('payment/index.tpl');
46f272fe	123	$page->setTitle('Télépaiements');
a2558f2b	124
a2558f2b	125	// initialisation
5e2307dc	126	$op = Env::v('op', 'select');
5e2307dc	127	$meth = new PayMethod(Env::i('methode', -1));
a2558f2b	128	$pay = new Payment($ref);
	129
	130	if($pay->flags->hasflag('old')){
a7d35093	131	$page->trigError("La transaction selectionnée est périmée.");
a2558f2b	132	$pay = new Payment();
a2558f2b	133	}
5e2307dc	134	$val = Env::v('montant') != 0 ? Env::v('montant') : $pay->montant_def;
a2558f2b	135
a2558f2b	136	if (($e = $pay->check($val)) !== true) {
a7d35093	137	$page->trigError($e);
a2558f2b	138	}
	139
	140	if ($op=='submit') {
	141	$pay->init($val, $meth);
	142	$pay->prepareform($pay);
	143	} else {
08cce2ff	144	$res = XDB::iterator("SELECT timestamp, montant
00112b2e	145	FROM #paiement#.transactions
8a7fab54	146	WHERE uid = {?} AND ref = {?}
	147	ORDER BY timestamp DESC",
	148	S::v('uid', -1), $ref);
a2558f2b	149
	150	if ($res->total()) $page->assign('transactions', $res);
	151	}
	152
	153	$val = floor($val).".".substr(floor(($val - floor($val))*100+100),1);
	154	$page->assign('montant',$val);
bff6d838	155	$page->assign('comment',Env::v('comment'));
a2558f2b	156
	157	$page->assign('meth', $meth);
	158	$page->assign('pay', $pay);
	159	$page->assign('evtlink', $pay->event());
	160
a3a049fc	161	$page->assign('prefix', $globals->money->mpay_tprefix);
a2558f2b	162	}
	163
	164	function handler_cyber_return(&$page, $uid = null)
	165	{
a2558f2b	166	/* reference banque (numero de transaction) */
7280eb45	167	$champ901 = Env::s('CHAMP901');
a2558f2b	168	/* cle d'acceptation */
7280eb45	169	$champ905 = Env::s('CHAMP905');
a2558f2b	170	/* code retour */
7280eb45	171	$champ906 = Env::s('CHAMP906');
a2558f2b	172	/* email renvoye par la banque */
7280eb45	173	$champ104 = Env::s('CHAMP104');
a2558f2b	174	/* reference complete de la commande */
7280eb45	175	$champ200 = Env::s('CHAMP200');
a2558f2b	176	/* montant de la transaction */
7280eb45	177	$champ201 = Env::s('CHAMP201');
a2558f2b	178	/* devise */
7280eb45	179	$champ202 = Env::s('CHAMP202');
a2558f2b	180	$montant = "$champ201 $champ202";
	181
	182	/* on extrait les informations sur l'utilisateur */
1eaaa62d FB	183	$user = User::get($uid);
1eaaa62d FB	184	if (!$user) {
a2558f2b	185	cb_erreur("uid invalide");
	186	}
	187
	188
	189	/* on extrait la reference de la commande */
1eaaa62d	190	if (!ereg('-xorg-([0-9]+)$', $champ200, $matches)) {
a7de4ef7	191	cb_erreur("référence de commande invalide");
a2558f2b	192	}
	193
	194	echo ($ref = $matches[1]);
1eaaa62d	195	$res = XDB::query("SELECT mail, text, confirmation
00112b2e	196	FROM #paiement#.paiements
98a7e9dc	197	WHERE id={?}", $ref);
1eaaa62d	198	if (!list($conf_mail, $conf_title, $conf_text) = $res->fetchOneRow()) {
a7de4ef7	199	cb_erreur("référence de commande inconnue");
a2558f2b	200	}
	201
	202	/* on extrait le code de retour */
	203	if ($champ906 != "0000") {
1eaaa62d	204	$res = XDB::query('SELECT rcb.text, c.id, c.text
00112b2e	205	FROM #paiement#.codeRCB AS rcb
5660032a	206	LEFT JOIN #paiement#.codeC AS c ON (rcb.codeC = c.id)
1eaaa62d	207	WHERE rcb.id = {?}', $champ906);
a2558f2b	208	if (list($rcb_text, $c_id, $c_text) = $res->fetchOneRow()) {
a2558f2b	209	cb_erreur("erreur lors du paiement : $c_text ($c_id)");
eaf30d86	210	} else{
a2558f2b	211	cb_erreur("erreur inconnue lors du paiement");
	212	}
	213	}
	214
	215	/* on fait l'insertion en base de donnees */
5660032a	216	XDB::execute("INSERT INTO #paiement#.transactions (id, uid, ref, fullref, montant, cle, comment)
1eaaa62d FB	217	VALUES ({?}, {?}, {?}, {?}, {?}, {?}, {?})",
1eaaa62d FB	218	$champ901, $user->id(), $ref, $champ200, $montant, $champ905, Env::v('comment'));
a2558f2b	219
9ff5b337 SJ	220	// We check if it is an Xnet payment and then update the related ML.
9ff5b337 SJ	221	$res = XDB::query('SELECT eid
00112b2e	222	FROM #groupex#.evenements
9ff5b337 SJ	223	WHERE paiement_id = {?}', $ref);
	224	if ($eid = $res->fetchOneCell()) {
	225	$this->load('xnetevents.inc.php');
	226	$evt = get_event_detail($eid);
	227	subscribe_lists_event(0, $uid, $evt, $montant, true);
	228	}
	229
a2558f2b	230	/* on genere le mail de confirmation */
d1e61677 SJ	231	$conf_text = str_replace(
	232	array('<prenom>', '<nom>', '<promo>', '<montant>', '<salutation>', '<cher>', 'comment>'),
	233	array($user->firstName(), $user->lastName(), $user->promo(), $montant,
	234	$user->isFemale() ? 'Chère' : 'Cher', $user->isFemale() ? 'Chère' : 'Cher',
	235	Env::v('comment')), $conf_text);
a2558f2b	236
7895f3c1	237	global $globals;
1e33266a	238	$mymail = new PlMailer();
a2558f2b	239	$mymail->setFrom($conf_mail);
a2558f2b	240	$mymail->addCc($conf_mail);
a2558f2b	241	$mymail->setSubject($conf_title);
88e3843c	242	$mymail->setWikiBody($conf_text);
1eaaa62d	243	$mymail->sendTo($user);
a2558f2b	244
a7de4ef7	245	/* on envoie les details de la transaction à telepaiement@ */
1e33266a	246	$mymail = new PlMailer();
1d55fe45	247	$mymail->setFrom("webmaster@" . $globals->mail->domain);
d7dd70be	248	$mymail->addTo($globals->money->email);
a2558f2b	249	$mymail->setSubject($conf_title);
1eaaa62d FB	250	$msg = 'utilisateur : ' . $user->login() . ' (' . $user->id() . ')' . "\n" .
1eaaa62d FB	251	'mail : ' . $user->forlifeEmail() . "\n\n" .
a2558f2b	252	"paiement : $conf_title ($conf_mail)\n".
	253	"reference : $champ200\n".
	254	"montant : $montant\n\n".
	255	"dump de REQUEST:\n".
	256	var_export($_REQUEST,true);
	257	$mymail->setTxtBody($msg);
	258	$mymail->send();
	259	exit;
	260	}
	261
	262	function handler_paypal_return(&$page, $uid = null)
	263	{
da157660	264	$page->changeTpl('payment/retour_paypal.tpl');
a2558f2b	265
a2558f2b	266	/* reference banque (numero de transaction) */
7280eb45	267	$no_transaction = Env::s('tx');
a2558f2b	268	/* token a renvoyer pour avoir plus d'information */
7280eb45	269	$clef = Env::s('sig');
a2558f2b	270	/* code retour */
7280eb45	271	$status = Env::s('st');
a2558f2b	272	/* raison */
7280eb45	273	$reason = ($status == 'Pending')? Env::s('pending_reason'): Env::s('reason_code');
a2558f2b	274	/* reference complete de la commande */
7280eb45	275	$fullref = Env::s('cm');
a2558f2b	276	/* montant de la transaction */
7280eb45	277	$montant_nb = Env::s('amt');
a2558f2b	278	/* devise */
7280eb45	279	$montant_dev = Env::s('cc');
a2558f2b	280	$montant = "$montant_nb $montant_dev";
	281
	282	/* on extrait le code de retour */
	283	if ($status != "Completed") {
	284	if ($status)
	285	paypal_erreur("erreur lors du paiement : $status - $reason");
	286	else
a7de4ef7	287	paypal_erreur("Paiement annulé", false);
a2558f2b	288	}
	289
	290	/* on extrait les informations sur l'utilisateur */
1eaaa62d FB	291	$user = User::get($uid);
1eaaa62d FB	292	if (!$user) {
a2558f2b	293	paypal_erreur("uid invalide");
	294	}
	295
	296	/* on extrait la reference de la commande */
1eaaa62d	297	if (!ereg('-xorg-([0-9]+)$', $fullref, $matches)) {
a7de4ef7	298	paypal_erreur("référence de commande invalide");
a2558f2b	299	}
	300
	301	$ref = $matches[1];
1eaaa62d	302	$res = XDB::query("SELECT mail, text, confirmation
00112b2e	303	FROM #paiement#.paiements
1eaaa62d	304	WHERE id = {?}", $ref);
a2558f2b	305	if (!list($conf_mail,$conf_title,$conf_text) = $res->fetchOneRow()) {
a7de4ef7	306	paypal_erreur("référence de commande inconnue");
a2558f2b	307	}
	308
	309	/* on fait l'insertion en base de donnees */
5660032a	310	XDB::execute("INSERT INTO #paiement#.transactions (id, uid, ref, fullref, montant, cle, comment)
1eaaa62d FB	311	VALUES ({?}, {?}, {?}, {?}, {?}, {?}, {?})",
1eaaa62d FB	312	$no_transaction, $user->id(), $ref, $fullref, $montant, $clef, Env::v('comment'));
a2558f2b	313
9ff5b337 SJ	314	// We check if it is an Xnet payment and then update the related ML.
9ff5b337 SJ	315	$res = XDB::query('SELECT eid
00112b2e	316	FROM #groupex#.evenements
9ff5b337 SJ	317	WHERE paiement_id = {?}', $ref);
	318	if ($eid = $res->fetchOneCell()) {
	319	$this->load('xnetevents.inc.php');
	320	$evt = get_event_detail($eid);
	321	subscribe_lists_event(0, $uid, $evt, $montant, true);
	322	}
	323
a2558f2b	324	/* on genere le mail de confirmation */
1eaaa62d FB	325	$conf_text = str_replace(array('<prenom>', '<nom>', '<promo>', '<montant>', '<salutation>', '<cher>'),
	326	array($user->firstName(), $user->lastName(), $user->promo(), $montant,
	327	$user->isFemale() ? 'Chère' : 'Cher',
	328	$user->isFemale() ? 'Chère' : 'Cher'), $conf_text);
a2558f2b	329
7895f3c1	330	global $globals;
1e33266a	331	$mymail = new PlMailer();
a2558f2b	332	$mymail->setFrom($conf_mail);
a2558f2b	333	$mymail->addCc($conf_mail);
a2558f2b	334	$mymail->setSubject($conf_title);
88e3843c	335	$mymail->setWikiBody($conf_text);
1eaaa62d	336	$mymail->sendTo($user);
a2558f2b	337
a7de4ef7	338	/* on envoie les details de la transaction à telepaiement@ */
1e33266a	339	$mymail = new PlMailer();
1d55fe45	340	$mymail->setFrom("webmaster@" . $globals->mail->domain);
d7dd70be	341	$mymail->addTo($globals->money->email);
a2558f2b	342	$mymail->setSubject($conf_title);
1eaaa62d FB	343	$msg = 'utilisateur : ' . $user->login() . ' (' . $user->id() . ')' . "\n" .
1eaaa62d FB	344	'mail : ' . $user->forlifeEmail() . "\n\n" .
a2558f2b	345	"paiement : $conf_title ($conf_mail)\n".
1eaaa62d	346	"reference : $champ200\n".
a2558f2b	347	"montant : $montant\n\n".
	348	"dump de REQUEST:\n".
	349	var_export($_REQUEST,true);
	350	$mymail->setTxtBody($msg);
	351	$mymail->send();
	352
	353	$page->assign('texte', $conf_text);
	354	$page->assign('erreur', $erreur);
a2558f2b	355	}
98a7e9dc	356
	357	function handler_xnet_payment(&$page, $pid = null)
	358	{
	359	global $globals;
eaf30d86	360
45a5307b FB	361	$perms = S::v('perms');
	362	if (!$perms->hasFlag('groupmember')) {
	363	if (is_null($pid)) {
	364	return PL_FORBIDDEN;
	365	}
	366	$res = XDB::query("SELECT 1
00112b2e VZ	367	FROM #groupex#.evenements AS e
00112b2e VZ	368	INNER JOIN #groupex#.evenements_participants AS ep ON (ep.eid = e.eid AND uid = {?})
45a5307b FB	369	WHERE e.paiement_id = {?} AND e.asso_id = {?}",
	370	S::i('uid'), $pid, $globals->asso('id'));
	371	if ($res->numRows() == 0) {
	372	return PL_FORBIDDEN;
	373	}
	374	}
	375
98a7e9dc	376	if (!is_null($pid)) {
	377	return $this->handler_payment($page, $pid);
	378	}
1490093c	379	$page->changeTpl('payment/xnet.tpl');
eaf30d86	380
98a7e9dc	381	$res = XDB::query(
	382	"SELECT id, text, url
	383	FROM {$globals->money->mpay_tprefix}paiements
010268b2	384	WHERE asso_id = {?} AND NOT FIND_IN_SET('old', flags)
98a7e9dc	385	ORDER BY id DESC", $globals->asso('id'));
	386	$tit = $res->fetchAllAssoc();
	387	$page->assign('titres', $tit);
	388
98a7e9dc	389
1eaaa62d	390	// TODO: replug sort.
98a7e9dc	391	$trans = array();
	392	$event = array();
	393	foreach($tit as $foo) {
	394	$pid = $foo['id'];
	395	if (may_update()) {
1eaaa62d FB	396	$res = XDB::query('SELECT t.uid, timestamp AS `date`, t.comment, montant
	397	FROM ' . $globals->money->mpay_tprefix . 'transactions AS t
	398	WHERE t.ref = {?}', $pid);
	399	$trans[$pid] = User::getBulkUsersWithUIDs($res->fetchAllAssoc(), 'uid', 'user');
	400	$sum = 0;
	401	foreach ($trans[$pid] as $i => $t) {
	402	$sum += strtr(substr($t['montant'], 0, strpos($t['montant'], 'EUR')), ',', '.');
	403	$trans[$pid][$i]['montant'] = str_replace('EUR', '€', $t['montant']);
	404	}
	405	$trans[$pid][] = array('nom' => 'somme totale',
	406	'montant' => strtr($sum, '.', ',').' €');
98a7e9dc	407	}
98a7e9dc	408	$res = XDB::iterRow("SELECT e.eid, e.short_name, e.intitule, ep.nb, ei.montant, ep.paid
00112b2e VZ	409	FROM #groupex#.evenements AS e
	410	LEFT JOIN #groupex#.evenements_participants AS ep ON (ep.eid = e.eid AND uid = {?})
	411	INNER JOIN #groupex#.evenements_items AS ei ON (ep.eid = ei.eid AND ep.item_id = ei.item_id)
98a7e9dc	412	WHERE e.paiement_id = {?}",
	413	S::v('uid'), $pid);
	414	$event[$pid] = array();
	415	$event[$pid]['paid'] = 0;
	416	if ($res->total()) {
	417	$event[$pid]['topay'] = 0;
	418	while(list($eid, $shortname, $title, $nb, $montant, $paid) = $res->next()) {
	419	$event[$pid]['topay'] += ($nb * $montant);
	420	$event[$pid]['eid'] = $eid;
	421	$event[$pid]['shortname'] = $shortname;
	422	$event[$pid]['title'] = $title;
	423	$event[$pid]['ins'] = !is_null($nb);
	424	$event[$pid]['paid'] = $paid;
	425	}
	426	}
	427	$res = XDB::query("SELECT montant
	428	FROM {$globals->money->mpay_tprefix}transactions AS t
	429	WHERE ref = {?} AND uid = {?}", $pid, S::v('uid'));
	430	$montants = $res->fetchColumn();
	431
	432	foreach ($montants as $m) {
	433	$p = strtr(substr($m, 0, strpos($m, 'EUR')), ',', '.');
	434	$event[$pid]['paid'] += trim($p);
	435	}
	436	}
17793ccf	437	$page->register_modifier('decode_comment', 'decode_comment');
98a7e9dc	438	$page->assign('trans', $trans);
	439	$page->assign('event', $event);
	440	}
eaf30d86	441
92423144	442	function handler_admin(&$page, $action = 'list', $id = null) {
46f272fe	443	$page->setTitle('Administration - Paiements');
a7de4ef7	444	$page->assign('title', 'Gestion des télépaiements');
00112b2e VZ	445	$table_editor = new PLTableEditor('admin/payments','#paiement#.paiements','id');
00112b2e VZ	446	$table_editor->add_join_table('#paiement#.transactions','ref',true);
2e7b5921	447	$table_editor->add_sort_field('flags');
de61dbcf	448	$table_editor->add_sort_field('id', true, true);
00112b2e	449	$table_editor->on_delete("UPDATE #paiement#.paiements SET flags = 'old' WHERE id = {?}", "Le paiement a été archivé");
a7de4ef7	450	$table_editor->describe('text','intitulé',true);
92423144	451	$table_editor->describe('url','site web',false);
a7de4ef7	452	$table_editor->describe('montant_def','montant par défaut',false);
92423144	453	$table_editor->describe('montant_min','montant minimum',false);
	454	$table_editor->describe('montant_max','montant maximum',false);
	455	$table_editor->describe('mail','email contact',true);
	456	$table_editor->describe('confirmation','message confirmation',false);
	457	$table_editor->apply($page, $action, $id);
eaf30d86	458	}
a2558f2b	459	}
a2558f2b	460
a7de4ef7	461	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
a2558f2b	462	?>