[platal.git] / modules / payment.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2006 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

/* sort en affichant une erreur */
function cb_erreur($text) {
    $mymail = new HermesMailer();
    $mymail->addTo("telepaiement@polytechnique.org");
    $mymail->setFrom("webmaster@polytechnique.org");
    $mymail->setSubject("erreur lors d'un t�l�paiement (CyberPaiement)");
    $mymail->setTxtBody("\n\n".var_export($_REQUEST,true));
    $mymail->send();
    exit;
}

/* sort en affichant une erreur */
function paypal_erreur($text, $send=true) {
    global $page, $erreur;
    if ($erreur) return;
    $erreur = $text;
    if (!$send) return;

    $mymail = new HermesMailer();
    $mymail->addTo("telepaiement@polytechnique.org");
    $mymail->setFrom("webmaster@polytechnique.org");
    $mymail->setSubject("erreur lors d'un t�l�paiement (PayPal)");
    $mymail->setTxtBody("\n\n".var_export($_REQUEST,true));
    $mymail->send();

    $page->trig($text);
}

/* http://fr.wikipedia.org/wiki/Formule_de_Luhn */
function luhn($nombre) {
    $s = strrev($nombre);
    $sum = 0;
    for ($i = 0; $i < strlen($s); $i++) {
	$dgt = $s{$i};
        $sum += ($i % 2) ? (2*$dgt) % 9 : $dgt;
    }
    return $sum % 10;
}

/* calcule la cl� d'acceptation a partir de 5 champs */
function cle_accept($d1,$d2,$d3,$d4,$d5)
{
    $m1 = luhn($d1.$d5);
    $m2 = luhn($d2.$d5);
    $m3 = luhn($d3.$d5);
    $m4 = luhn($d4.$d5);
    $n = $m1 + $m2 + $m3 + $m4;
    $alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
    return $alpha{$n-1}.$m1.$m2.$m3.$m4;
}


class PaymentModule extends PLModule
{
    function handlers()
    {
        return array(
            'payment'               => $this->make_hook('payment', AUTH_MDP),
            'payment/cyber_return'  => $this->make_hook('cyber_return',  AUTH_PUBLIC),
            'payment/paypal_return' => $this->make_hook('paypal_return',  AUTH_PUBLIC),
            'admin/payments'        => $this->make_hook('admin', AUTH_MDP, 'admin'),
        );
    }

    function handler_payment(&$page, $ref = -1)
    {
        global $globals;

        require_once 'profil.func.inc.php' ;
        require_once dirname(__FILE__).'/payment/money.inc.php' ;

        $page->changeTpl('payment/index.tpl');
        $page->assign('xorg_title','Polytechnique.org - T�l�paiements');

        // initialisation
        $op   = Env::v('op', 'select');
        $meth = new PayMethod(Env::i('methode', -1));
        $pay  = new Payment($ref);

        if($pay->flags->hasflag('old')){
            $page->trig("La transaction selectionn�e est p�rim�e.");
            $pay = new Payment();
        }
        $val = Env::v('montant') != 0 ? Env::v('montant') : $pay->montant_def;

        if (($e = $pay->check($val)) !== true) {
            $page->trig($e);
        }

        if ($op=='submit') {
            $pay->init($val, $meth);
            $pay->prepareform($pay);
        } else {
            $res = XDB::iterator("SELECT  timestamp, montant
                                    FROM  paiement.transactions
                                   WHERE  uid = {?} AND ref = {?}
                                ORDER BY  timestamp DESC",
                                 S::v('uid', -1), $ref);

            if ($res->total()) $page->assign('transactions', $res);
        }

        $val = floor($val).".".substr(floor(($val - floor($val))*100+100),1);
        $page->assign('montant',$val);
        $page->assign('comment',Env::v('comment'));

        $page->assign('meth', $meth);
        $page->assign('pay',  $pay);
        $page->assign('evtlink', $pay->event());

        $page->assign('prefix', $globals->money->mpay_tprefix);
    }

    function handler_cyber_return(&$page, $uid = null)
    {
        require_once 'diogenes/diogenes.hermes.inc.php';

        /* reference banque (numero de transaction) */
        $champ901 = clean_request('CHAMP901');
        /* cle d'acceptation */
        $champ905 = clean_request('CHAMP905');
        /* code retour */
        $champ906 = clean_request('CHAMP906');
        /* email renvoye par la banque */
        $champ104 = clean_request('CHAMP104');
        /* reference complete de la commande */
        $champ200 = clean_request('CHAMP200');
        /* montant de la transaction */
        $champ201 = clean_request('CHAMP201');
        /* devise */
        $champ202 = clean_request('CHAMP202');
        $montant = "$champ201 $champ202";

        /* on extrait les informations sur l'utilisateur */
        $res = XDB::query("
            SELECT  a.prenom,a.nom,a.promo,l.alias,FIND_IN_SET(a.flags,'femme')
              FROM  auth_user_md5 AS a
        INNER JOIN  aliases       AS l ON (a.user_id=l.id AND type!='homonyme')
             WHERE  a.user_id={?}", $uid);
        if (!list($prenom,$nom,$promo,$forlife,$femme) = $res->fetchOneRow()) {
            cb_erreur("uid invalide");
        }


        /* on extrait la reference de la commande */
        if (!ereg('-xorg-([0-9]+)$',$champ200,$matches)) {
            cb_erreur("r�f�rence de commande invalide");
        }

        echo ($ref = $matches[1]);
        $res = XDB::query("SELECT mail,text,confirmation
                                       FROM paiement.paiements WHERE id={?}", $ref);
        if (!list($conf_mail,$conf_title,$conf_text) = $res->fetchOneRow()) {
            cb_erreur("r�f�rence de commande inconnue");
        }

        /* on extrait le code de retour */
        if ($champ906 != "0000") {
            $res = XDB::query("SELECT  rcb.text,c.id,c.text
                                           FROM  paiement.codeRCB AS rcb
                                      LEFT JOIN  paiement.codeC   AS c ON rcb.codeC=c.id
                                          WHERE  rcb.id='$champ906'");
            if (list($rcb_text, $c_id, $c_text) = $res->fetchOneRow()) {
                cb_erreur("erreur lors du paiement : $c_text ($c_id)");
            } else{ 
                cb_erreur("erreur inconnue lors du paiement");
            }
        }

        /* on fait l'insertion en base de donnees */
        XDB::execute("INSERT INTO  paiement.transactions (id,uid,ref,fullref,montant,cle,comment)
                                     VALUES  ({?},{?},{?},{?},{?},{?},{?})",
                                $champ901, $uid, $ref, $champ200, $montant, $champ905,Env::v('comment'));

        /* on genere le mail de confirmation */
        $conf_text = str_replace("<prenom>",$prenom,$conf_text);
        $conf_text = str_replace("<nom>",$nom,$conf_text);
        $conf_text = str_replace("<promo>",$promo,$conf_text);
        $conf_text = str_replace("<montant>",$montant,$conf_text);
        $conf_text = str_replace("<salutation>",$femme ? "Ch�re" : "Cher",$conf_text);
        $conf_text = str_replace("<cher>",$femme ? "Ch�re" : "Cher",$conf_text);

        $mymail = new HermesMailer();
        $mymail->setFrom($conf_mail);
        $mymail->addTo("\"$prenom $nom\" <$forlife@polytechnique.org>");
        $mymail->addCc($conf_mail);
        $mymail->setSubject($conf_title);
        $mymail->setTxtBody($conf_text);
        $mymail->send();

        /* on envoie les details de la transaction � telepaiement@ */
        $mymail = new HermesMailer();
        $mymail->setFrom("webmaster@polytechnique.org");
        $mymail->addTo("telepaiement@polytechnique.org");
        $mymail->setSubject($conf_title);
        $msg = "utilisateur : $prenom $nom ($uid)\n".
               "mail : $forlife@polytechnique.org\n\n".
               "paiement : $conf_title ($conf_mail)\n".
               "reference : $champ200\n".
               "montant : $montant\n\n".
               "dump de REQUEST:\n".
               var_export($_REQUEST,true);
        $mymail->setTxtBody($msg);
        $mymail->send();
        exit;
    }

    function handler_paypal_return(&$page, $uid = null)
    {
        $page->changeTpl('payment/retour_paypal.tpl');
        require_once 'diogenes/diogenes.hermes.inc.php';

        /* reference banque (numero de transaction) */
        $no_transaction = clean_request('tx');
        /* token a renvoyer pour avoir plus d'information */
        $clef = clean_request('sig');
        /* code retour */
        $status = clean_request('st');
        /* raison */
        $reason = ($status == 'Pending')?clean_request('pending_reason'):clean_request('reason_code');
        /* reference complete de la commande */
        $fullref = clean_request('cm');
        /* montant de la transaction */
        $montant_nb = clean_request('amt');
        /* devise */
        $montant_dev = clean_request('cc');
        $montant = "$montant_nb $montant_dev";

        /* on extrait le code de retour */
        if ($status != "Completed") {
            if ($status)
                paypal_erreur("erreur lors du paiement : $status - $reason");
            else
                paypal_erreur("Paiement annul�", false);
        }

        /* on extrait les informations sur l'utilisateur */
        $res = XDB::query("
            SELECT  a.prenom,a.nom,a.promo,l.alias,FIND_IN_SET(a.flags,'femme')
              FROM  auth_user_md5 AS a
        INNER JOIN  aliases       AS l ON (a.user_id=l.id AND type!='homonyme')
             WHERE  a.user_id={?}", $uid);
        if (!list($prenom,$nom,$promo,$forlife,$femme) = $res->fetchOneRow()) {
            paypal_erreur("uid invalide");
        }

        /* on extrait la reference de la commande */
        if (!ereg('-xorg-([0-9]+)$',$fullref,$matches)) {
            paypal_erreur("r�f�rence de commande invalide");
        }

        $ref = $matches[1];
        $res = XDB::query("SELECT  mail,text,confirmation
                                       FROM  paiement.paiements WHERE id={?}", $ref);
        if (!list($conf_mail,$conf_title,$conf_text) = $res->fetchOneRow()) {
            paypal_erreur("r�f�rence de commande inconnue");
        }

        /* on fait l'insertion en base de donnees */
        XDB::execute("INSERT INTO  paiement.transactions (id,uid,ref,fullref,montant,cle,comment)
                                     VALUES  ({?},{?},{?},{?},{?},{?},{?})",
                                $no_transaction, $uid, $ref, $fullref, $montant, $clef, Env::v('comment'));

        /* on genere le mail de confirmation */
        $conf_text = str_replace("<prenom>",$prenom,$conf_text);
        $conf_text = str_replace("<nom>",$nom,$conf_text);
        $conf_text = str_replace("<promo>",$promo,$conf_text);
        $conf_text = str_replace("<montant>",$montant,$conf_text);
        $conf_text = str_replace("<salutation>",$femme ? "Ch�re" : "Cher",$conf_text);
        $conf_text = str_replace("<cher>",$femme ? "Ch�re" : "Cher",$conf_text);

        $mymail = new HermesMailer();
        $mymail->setFrom($conf_mail);
        $mymail->addTo("\"$prenom $nom\" <$forlife@polytechnique.org>");
        $mymail->addCc($conf_mail);
        $mymail->setSubject($conf_title);
        $mymail->setTxtBody($conf_text);
        $mymail->send();

        /* on envoie les details de la transaction � telepaiement@ */
        $mymail = new HermesMailer();
        $mymail->setFrom("webmaster@polytechnique.org");
        $mymail->addTo("telepaiement@polytechnique.org");
        $mymail->setSubject($conf_title);
        $msg = "utilisateur : $prenom $nom ($uid)\n".
               "mail : $forlife@polytechnique.org\n\n".
               "paiement : $conf_title ($conf_mail)\n".
               "reference : $no_transaction\n".
               "montant : $montant\n\n".
               "dump de REQUEST:\n".
               var_export($_REQUEST,true);
        $mymail->setTxtBody($msg);
        $mymail->send();

        $page->assign('texte', $conf_text);
        $page->assign('erreur', $erreur);
    }
    function handler_admin(&$page, $action = 'list', $id = null) {
        $page->assign('xorg_title','Polytechnique.org - Administration - Paiements');
        $page->assign('title', 'Gestion des t�l�paiements');
        $table_editor = new PLTableEditor('admin/payments','paiement.paiements','id');
        $table_editor->add_join_table('paiement.transactions','ref',true);
        $table_editor->add_sort_field('flags');
        $table_editor->add_sort_field('id', true, true);
        $table_editor->on_delete("UPDATE paiement.paiements SET flags = 'old' WHERE id = {?}", "Le paiement a �t� archiv�");
        $table_editor->describe('text','intitul�',true);
        $table_editor->describe('url','site web',false);
        $table_editor->describe('montant_def','montant par d�faut',false);
        $table_editor->describe('montant_min','montant minimum',false);
        $table_editor->describe('montant_max','montant maximum',false);
        $table_editor->describe('mail','email contact',true);
        $table_editor->describe('confirmation','message confirmation',false);
        $table_editor->apply($page, $action, $id);
    }  
}

?>
Commit	Line	Data
a2558f2b	1	<?php
	2	/***************************************************************************
	3	* Copyright (C) 2003-2006 Polytechnique.org *
	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	/* sort en affichant une erreur */
	23	function cb_erreur($text) {
	24	$mymail = new HermesMailer();
	25	$mymail->addTo("telepaiement@polytechnique.org");
	26	$mymail->setFrom("webmaster@polytechnique.org");
	27	$mymail->setSubject("erreur lors d'un t�l�paiement (CyberPaiement)");
	28	$mymail->setTxtBody("\n\n".var_export($_REQUEST,true));
	29	$mymail->send();
	30	exit;
	31	}
	32
	33	/* sort en affichant une erreur */
	34	function paypal_erreur($text, $send=true) {
	35	global $page, $erreur;
	36	if ($erreur) return;
	37	$erreur = $text;
	38	if (!$send) return;
	39
	40	$mymail = new HermesMailer();
	41	$mymail->addTo("telepaiement@polytechnique.org");
	42	$mymail->setFrom("webmaster@polytechnique.org");
	43	$mymail->setSubject("erreur lors d'un t�l�paiement (PayPal)");
	44	$mymail->setTxtBody("\n\n".var_export($_REQUEST,true));
	45	$mymail->send();
	46
	47	$page->trig($text);
	48	}
	49
	50	/* http://fr.wikipedia.org/wiki/Formule_de_Luhn */
	51	function luhn($nombre) {
	52	$s = strrev($nombre);
	53	$sum = 0;
	54	for ($i = 0; $i < strlen($s); $i++) {
	55	$dgt = $s{$i};
	56	$sum += ($i % 2) ? (2*$dgt) % 9 : $dgt;
	57	}
	58	return $sum % 10;
	59	}
	60
	61	/* calcule la cl� d'acceptation a partir de 5 champs */
	62	function cle_accept($d1,$d2,$d3,$d4,$d5)
	63	{
	64	$m1 = luhn($d1.$d5);
65	$m2 = luhn($d2.$d5);
66	$m3 = luhn($d3.$d5);
67	$m4 = luhn($d4.$d5);
68	$n = $m1 + $m2 + $m3 + $m4;
69	$alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
70	return $alpha{$n-1}.$m1.$m2.$m3.$m4;
71	}
72
73
74	class PaymentModule extends PLModule
75	{
76	function handlers()
77	{
78	return array(
79	'payment' => $this->make_hook('payment', AUTH_MDP),
6995a9b9	80	'payment/cyber_return' => $this->make_hook('cyber_return', AUTH_PUBLIC),
6995a9b9	81	'payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC),
92423144	82	'admin/payments' => $this->make_hook('admin', AUTH_MDP, 'admin'),
a2558f2b	83	);
	84	}
	85
	86	function handler_payment(&$page, $ref = -1)
	87	{
	88	global $globals;
	89
	90	require_once 'profil.func.inc.php' ;
2c784d41	91	require_once dirname(__FILE__).'/payment/money.inc.php' ;
a2558f2b	92
	93	$page->changeTpl('payment/index.tpl');
	94	$page->assign('xorg_title','Polytechnique.org - T�l�paiements');
	95
	96	// initialisation
5e2307dc	97	$op = Env::v('op', 'select');
5e2307dc	98	$meth = new PayMethod(Env::i('methode', -1));
a2558f2b	99	$pay = new Payment($ref);
	100
	101	if($pay->flags->hasflag('old')){
	102	$page->trig("La transaction selectionn�e est p�rim�e.");
	103	$pay = new Payment();
	104	}
5e2307dc	105	$val = Env::v('montant') != 0 ? Env::v('montant') : $pay->montant_def;
a2558f2b	106
	107	if (($e = $pay->check($val)) !== true) {
	108	$page->trig($e);
	109	}
	110
	111	if ($op=='submit') {
	112	$pay->init($val, $meth);
	113	$pay->prepareform($pay);
	114	} else {
08cce2ff	115	$res = XDB::iterator("SELECT timestamp, montant
8a7fab54	116	FROM paiement.transactions
	117	WHERE uid = {?} AND ref = {?}
	118	ORDER BY timestamp DESC",
	119	S::v('uid', -1), $ref);
a2558f2b	120
	121	if ($res->total()) $page->assign('transactions', $res);
	122	}
	123
	124	$val = floor($val).".".substr(floor(($val - floor($val))*100+100),1);
	125	$page->assign('montant',$val);
bff6d838	126	$page->assign('comment',Env::v('comment'));
a2558f2b	127
	128	$page->assign('meth', $meth);
	129	$page->assign('pay', $pay);
	130	$page->assign('evtlink', $pay->event());
	131
a3a049fc	132	$page->assign('prefix', $globals->money->mpay_tprefix);
a2558f2b	133	}
	134
	135	function handler_cyber_return(&$page, $uid = null)
	136	{
	137	require_once 'diogenes/diogenes.hermes.inc.php';
	138
	139	/* reference banque (numero de transaction) */
	140	$champ901 = clean_request('CHAMP901');
	141	/* cle d'acceptation */
	142	$champ905 = clean_request('CHAMP905');
	143	/* code retour */
	144	$champ906 = clean_request('CHAMP906');
	145	/* email renvoye par la banque */
	146	$champ104 = clean_request('CHAMP104');
	147	/* reference complete de la commande */
	148	$champ200 = clean_request('CHAMP200');
	149	/* montant de la transaction */
	150	$champ201 = clean_request('CHAMP201');
	151	/* devise */
	152	$champ202 = clean_request('CHAMP202');
	153	$montant = "$champ201 $champ202";
	154
	155	/* on extrait les informations sur l'utilisateur */
08cce2ff	156	$res = XDB::query("
a2558f2b	157	SELECT a.prenom,a.nom,a.promo,l.alias,FIND_IN_SET(a.flags,'femme')
	158	FROM auth_user_md5 AS a
	159	INNER JOIN aliases AS l ON (a.user_id=l.id AND type!='homonyme')
	160	WHERE a.user_id={?}", $uid);
	161	if (!list($prenom,$nom,$promo,$forlife,$femme) = $res->fetchOneRow()) {
	162	cb_erreur("uid invalide");
	163	}
	164
	165
	166	/* on extrait la reference de la commande */
	167	if (!ereg('-xorg-([0-9]+)$',$champ200,$matches)) {
	168	cb_erreur("r�f�rence de commande invalide");
	169	}
	170
	171	echo ($ref = $matches[1]);
08cce2ff	172	$res = XDB::query("SELECT mail,text,confirmation
a2558f2b	173	FROM paiement.paiements WHERE id={?}", $ref);
	174	if (!list($conf_mail,$conf_title,$conf_text) = $res->fetchOneRow()) {
	175	cb_erreur("r�f�rence de commande inconnue");
	176	}
	177
	178	/* on extrait le code de retour */
	179	if ($champ906 != "0000") {
08cce2ff	180	$res = XDB::query("SELECT rcb.text,c.id,c.text
a2558f2b	181	FROM paiement.codeRCB AS rcb
	182	LEFT JOIN paiement.codeC AS c ON rcb.codeC=c.id
	183	WHERE rcb.id='$champ906'");
	184	if (list($rcb_text, $c_id, $c_text) = $res->fetchOneRow()) {
	185	cb_erreur("erreur lors du paiement : $c_text ($c_id)");
	186	} else{
	187	cb_erreur("erreur inconnue lors du paiement");
	188	}
	189	}
	190
	191	/* on fait l'insertion en base de donnees */
bff6d838	192	XDB::execute("INSERT INTO paiement.transactions (id,uid,ref,fullref,montant,cle,comment)
	193	VALUES ({?},{?},{?},{?},{?},{?},{?})",
	194	$champ901, $uid, $ref, $champ200, $montant, $champ905,Env::v('comment'));
a2558f2b	195
	196	/* on genere le mail de confirmation */
	197	$conf_text = str_replace("<prenom>",$prenom,$conf_text);
	198	$conf_text = str_replace("<nom>",$nom,$conf_text);
	199	$conf_text = str_replace("<promo>",$promo,$conf_text);
	200	$conf_text = str_replace("<montant>",$montant,$conf_text);
	201	$conf_text = str_replace("<salutation>",$femme ? "Ch�re" : "Cher",$conf_text);
	202	$conf_text = str_replace("<cher>",$femme ? "Ch�re" : "Cher",$conf_text);
	203
	204	$mymail = new HermesMailer();
	205	$mymail->setFrom($conf_mail);
	206	$mymail->addTo("\"$prenom $nom\" <$forlife@polytechnique.org>");
	207	$mymail->addCc($conf_mail);
	208	$mymail->setSubject($conf_title);
	209	$mymail->setTxtBody($conf_text);
	210	$mymail->send();
	211
	212	/* on envoie les details de la transaction � telepaiement@ */
	213	$mymail = new HermesMailer();
	214	$mymail->setFrom("webmaster@polytechnique.org");
	215	$mymail->addTo("telepaiement@polytechnique.org");
	216	$mymail->setSubject($conf_title);
	217	$msg = "utilisateur : $prenom $nom ($uid)\n".
	218	"mail : $forlife@polytechnique.org\n\n".
	219	"paiement : $conf_title ($conf_mail)\n".
	220	"reference : $champ200\n".
	221	"montant : $montant\n\n".
	222	"dump de REQUEST:\n".
	223	var_export($_REQUEST,true);
	224	$mymail->setTxtBody($msg);
	225	$mymail->send();
	226	exit;
	227	}
	228
	229	function handler_paypal_return(&$page, $uid = null)
	230	{
a2558f2b	231	$page->changeTpl('payment/retour_paypal.tpl');
	232	require_once 'diogenes/diogenes.hermes.inc.php';
	233
	234	/* reference banque (numero de transaction) */
	235	$no_transaction = clean_request('tx');
	236	/* token a renvoyer pour avoir plus d'information */
	237	$clef = clean_request('sig');
	238	/* code retour */
	239	$status = clean_request('st');
	240	/* raison */
	241	$reason = ($status == 'Pending')?clean_request('pending_reason'):clean_request('reason_code');
	242	/* reference complete de la commande */
	243	$fullref = clean_request('cm');
	244	/* montant de la transaction */
	245	$montant_nb = clean_request('amt');
	246	/* devise */
	247	$montant_dev = clean_request('cc');
	248	$montant = "$montant_nb $montant_dev";
	249
	250	/* on extrait le code de retour */
	251	if ($status != "Completed") {
	252	if ($status)
	253	paypal_erreur("erreur lors du paiement : $status - $reason");
	254	else
	255	paypal_erreur("Paiement annul�", false);
	256	}
	257
	258	/* on extrait les informations sur l'utilisateur */
08cce2ff	259	$res = XDB::query("
a2558f2b	260	SELECT a.prenom,a.nom,a.promo,l.alias,FIND_IN_SET(a.flags,'femme')
	261	FROM auth_user_md5 AS a
	262	INNER JOIN aliases AS l ON (a.user_id=l.id AND type!='homonyme')
	263	WHERE a.user_id={?}", $uid);
	264	if (!list($prenom,$nom,$promo,$forlife,$femme) = $res->fetchOneRow()) {
	265	paypal_erreur("uid invalide");
	266	}
	267
	268	/* on extrait la reference de la commande */
	269	if (!ereg('-xorg-([0-9]+)$',$fullref,$matches)) {
	270	paypal_erreur("r�f�rence de commande invalide");
	271	}
	272
	273	$ref = $matches[1];
08cce2ff	274	$res = XDB::query("SELECT mail,text,confirmation
a2558f2b	275	FROM paiement.paiements WHERE id={?}", $ref);
	276	if (!list($conf_mail,$conf_title,$conf_text) = $res->fetchOneRow()) {
	277	paypal_erreur("r�f�rence de commande inconnue");
	278	}
	279
	280	/* on fait l'insertion en base de donnees */
bff6d838	281	XDB::execute("INSERT INTO paiement.transactions (id,uid,ref,fullref,montant,cle,comment)
	282	VALUES ({?},{?},{?},{?},{?},{?},{?})",
	283	$no_transaction, $uid, $ref, $fullref, $montant, $clef, Env::v('comment'));
a2558f2b	284
	285	/* on genere le mail de confirmation */
	286	$conf_text = str_replace("<prenom>",$prenom,$conf_text);
	287	$conf_text = str_replace("<nom>",$nom,$conf_text);
	288	$conf_text = str_replace("<promo>",$promo,$conf_text);
	289	$conf_text = str_replace("<montant>",$montant,$conf_text);
	290	$conf_text = str_replace("<salutation>",$femme ? "Ch�re" : "Cher",$conf_text);
	291	$conf_text = str_replace("<cher>",$femme ? "Ch�re" : "Cher",$conf_text);
	292
	293	$mymail = new HermesMailer();
	294	$mymail->setFrom($conf_mail);
	295	$mymail->addTo("\"$prenom $nom\" <$forlife@polytechnique.org>");
	296	$mymail->addCc($conf_mail);
	297	$mymail->setSubject($conf_title);
	298	$mymail->setTxtBody($conf_text);
	299	$mymail->send();
	300
	301	/* on envoie les details de la transaction � telepaiement@ */
	302	$mymail = new HermesMailer();
	303	$mymail->setFrom("webmaster@polytechnique.org");
	304	$mymail->addTo("telepaiement@polytechnique.org");
	305	$mymail->setSubject($conf_title);
	306	$msg = "utilisateur : $prenom $nom ($uid)\n".
	307	"mail : $forlife@polytechnique.org\n\n".
	308	"paiement : $conf_title ($conf_mail)\n".
	309	"reference : $no_transaction\n".
	310	"montant : $montant\n\n".
	311	"dump de REQUEST:\n".
	312	var_export($_REQUEST,true);
	313	$mymail->setTxtBody($msg);
	314	$mymail->send();
	315
	316	$page->assign('texte', $conf_text);
	317	$page->assign('erreur', $erreur);
a2558f2b	318	}
92423144	319	function handler_admin(&$page, $action = 'list', $id = null) {
92423144	320	$page->assign('xorg_title','Polytechnique.org - Administration - Paiements');
	321	$page->assign('title', 'Gestion des t�l�paiements');
	322	$table_editor = new PLTableEditor('admin/payments','paiement.paiements','id');
	323	$table_editor->add_join_table('paiement.transactions','ref',true);
2e7b5921	324	$table_editor->add_sort_field('flags');
de61dbcf	325	$table_editor->add_sort_field('id', true, true);
de61dbcf	326	$table_editor->on_delete("UPDATE paiement.paiements SET flags = 'old' WHERE id = {?}", "Le paiement a �t� archiv�");
92423144	327	$table_editor->describe('text','intitul�',true);
	328	$table_editor->describe('url','site web',false);
	329	$table_editor->describe('montant_def','montant par d�faut',false);
	330	$table_editor->describe('montant_min','montant minimum',false);
	331	$table_editor->describe('montant_max','montant maximum',false);
	332	$table_editor->describe('mail','email contact',true);
	333	$table_editor->describe('confirmation','message confirmation',false);
	334	$table_editor->apply($page, $action, $id);
	335	}
a2558f2b	336	}
	337
	338	?>