projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Restaures previous display of job phones (Closes #1157).
[platal.git] / modules / payment.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2010 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 /* sort en affichant une erreur */
23 function cb_erreur($text) {
24 global $globals;
25 $mymail = new PlMailer();
26 $mymail->addTo($globals->money->email);
27 $mymail->setFrom("webmaster@" . $globals->mail->domain);
28 $mymail->setSubject("erreur lors d'un télépaiement (CyberPaiement)");
29 $mymail->setTxtBody("\n\n".var_export($_REQUEST,true));
30 $mymail->send();
31 exit;
32 }
33
34 /* sort en affichant une erreur */
35 function paypal_erreur($text, $send=true)
36 {
37 global $erreur, $globals;
38 if ($erreur) return;
39 $erreur = $text;
40 if (!$send) return;
41
42 $mymail = new PlMailer();
43 $mymail->addTo($globals->money->email);
44 $mymail->setFrom("webmaster@" . $globals->mail->domain);
45 $mymail->setSubject("erreur lors d'un télépaiement (PayPal)");
46 $mymail->setTxtBody("\n\n".var_export($_REQUEST,true));
47 $mymail->send();
48
49 Platal::page()->trigError($text);
50 }
51
52 /* http://fr.wikipedia.org/wiki/Formule_de_Luhn */
53 function luhn($nombre) {
54 $s = strrev($nombre);
55 $sum = 0;
56 for ($i = 0; $i < strlen($s); $i++) {
57 $dgt = $s{$i};
58 $sum += ($i % 2) ? (2*$dgt) % 9 : $dgt;
59 }
60 return $sum % 10;
61 }
62
63 /* calcule la clé d'acceptation a partir de 5 champs */
64 function cle_accept($d1,$d2,$d3,$d4,$d5)
65 {
66 $m1 = luhn($d1.$d5);
67 $m2 = luhn($d2.$d5);
68 $m3 = luhn($d3.$d5);
69 $m4 = luhn($d4.$d5);
70 $n = $m1 + $m2 + $m3 + $m4;
71 $alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
72 return $alpha{$n-1}.$m1.$m2.$m3.$m4;
73 }
74
75 /* decode the comment */
76 function comment_decode($comment) {
77 $comment = urldecode($comment);
78 if (is_utf8($comment)) {
79 return $comment;
80 } else {
81 return utf8_encode($comment);
82 }
83 }
84
85
86 class PaymentModule extends PLModule
87 {
88 function handlers()
89 {
90 return array(
91 'payment' => $this->make_hook('payment', AUTH_MDP),
92 'payment/cyber_return' => $this->make_hook('cyber_return', AUTH_PUBLIC, 'user', NO_HTTPS),
93 'payment/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS),
94 'payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS),
95 '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_MDP),
96 '%grp/payment' => $this->make_hook('xnet_payment', AUTH_MDP),
97 '%grp/payment/cyber_return' => $this->make_hook('cyber_return', AUTH_PUBLIC, 'user', NO_HTTPS),
98 '%grp/payment/cyber2_return' => $this->make_hook('cyber2_return', AUTH_PUBLIC, 'user', NO_HTTPS),
99 '%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS),
100 'admin/payments' => $this->make_hook('admin', AUTH_MDP, 'admin'),
101
102 );
103 }
104
105 function handler_payment(&$page, $ref = -1)
106 {
107 global $globals;
108
109 require_once 'profil.func.inc.php' ;
110 $this->load('money.inc.php');
111
112 if (!empty($GLOBALS['IS_XNET_SITE'])) {
113 if (!$globals->asso('id')) {
114 return PL_NOT_FOUND;
115 }
116 $res = XDB::query("SELECT asso_id
117 FROM payments
118 WHERE asso_id = {?} AND id = {?}",
119 $globals->asso('id'), $ref);
120 if (!$res->numRows()) {
121 return PL_FORBIDDEN;
122 }
123 }
124 $page->changeTpl('payment/index.tpl');
125 $page->setTitle('Télépaiements');
126
127 // initialisation
128 $op = Env::v('op', 'select');
129 $meth = new PayMethod(Env::i('methode', -1));
130 $pay = new Payment($ref);
131
132 if($pay->flags->hasflag('old')){
133 $page->trigError("La transaction selectionnée est périmée.");
134 $pay = new Payment();
135 }
136 $val = Env::v('montant') != 0 ? Env::v('montant') : $pay->amount_def;
137
138 if (($e = $pay->check($val)) !== true) {
139 $page->trigError($e);
140 }
141
142 if ($op=='submit') {
143 $pay->init($val, $meth);
144 $pay->prepareform($pay);
145 } else {
146 $res = XDB::iterator("SELECT timestamp, amount
147 FROM payment_transactions
148 WHERE uid = {?} AND ref = {?}
149 ORDER BY timestamp DESC",
150 S::v('uid', -1), $ref);
151
152 if ($res->total()) $page->assign('transactions', $res);
153 }
154
155 $val = floor($val).".".substr(floor(($val - floor($val))*100+100),1);
156 $page->assign('montant',$val);
157 $page->assign('comment',Env::v('comment'));
158
159 $page->assign('meth', $meth);
160 $page->assign('pay', $pay);
161 $page->assign('evtlink', $pay->event());
162 }
163
164 function handler_cyber_return(&$page, $uid = null)
165 {
166 /* reference banque (numero de transaction) */
167 $champ901 = Env::s('CHAMP901');
168 /* cle d'acceptation */
169 $champ905 = Env::s('CHAMP905');
170 /* code retour */
171 $champ906 = Env::s('CHAMP906');
172 /* email renvoye par la banque */
173 $champ104 = Env::s('CHAMP104');
174 /* reference complete de la commande */
175 $champ200 = Env::s('CHAMP200');
176 /* montant de la transaction */
177 $champ201 = Env::s('CHAMP201');
178 /* devise */
179 $champ202 = Env::s('CHAMP202');
180 $montant = "$champ201 $champ202";
181
182 /* on extrait les informations sur l'utilisateur */
183 $user = User::get($uid);
184 if (!$user) {
185 cb_erreur("uid invalide");
186 }
187
188
189 /* on extrait la reference de la commande */
190 if (!ereg('-xorg-([0-9]+)$', $champ200, $matches)) {
191 cb_erreur("référence de commande invalide");
192 }
193
194 echo ($ref = $matches[1]);
195 $res = XDB::query("SELECT mail, text, confirmation
196 FROM payments
197 WHERE id={?}", $ref);
198 if (!list($conf_mail, $conf_title, $conf_text) = $res->fetchOneRow()) {
199 cb_erreur("référence de commande inconnue");
200 }
201
202 /* on extrait le code de retour */
203 if ($champ906 != "0000") {
204 $res = XDB::query('SELECT rcb.text, c.id, c.text
205 FROM payment_codeRCB AS rcb
206 LEFT JOIN payment_codeC AS c ON (rcb.codeC = c.id)
207 WHERE rcb.id = {?}', $champ906);
208 if (list($rcb_text, $c_id, $c_text) = $res->fetchOneRow()) {
209 cb_erreur("erreur lors du paiement : $c_text ($c_id)");
210 } else{
211 cb_erreur("erreur inconnue lors du paiement");
212 }
213 }
214
215 /* on fait l'insertion en base de donnees */
216 XDB::execute("INSERT INTO payment_transactions (id, uid, ref, fullref, amount, pkey, comment)
217 VALUES ({?}, {?}, {?}, {?}, {?}, {?}, {?})",
218 $champ901, $user->id(), $ref, $champ200, $montant, $champ905, Env::v('comment'));
219
220 // We check if it is an Xnet payment and then update the related ML.
221 $res = XDB::query('SELECT eid
222 FROM group_events
223 WHERE paiement_id = {?}', $ref);
224 if ($eid = $res->fetchOneCell()) {
225 require_once dirname(__FILE__) . '/xnetevents/xnetevents.inc.php';
226 $evt = get_event_detail($eid);
227 subscribe_lists_event(0, $uid, $evt, $montant, true);
228 }
229
230 /* on genere le mail de confirmation */
231 $conf_text = str_replace(
232 array('<prenom>', '<nom>', '<promo>', '<montant>', '<salutation>', '<cher>', 'comment>'),
233 array($user->firstName(), $user->lastName(), $user->promo(), $montant,
234 $user->isFemale() ? 'Chère' : 'Cher', $user->isFemale() ? 'Chère' : 'Cher',
235 Env::v('comment')), $conf_text);
236
237 global $globals;
238 $mymail = new PlMailer();
239 $mymail->setFrom($conf_mail);
240 $mymail->addCc($conf_mail);
241 $mymail->setSubject($conf_title);
242 $mymail->setWikiBody($conf_text);
243 $mymail->sendTo($user);
244
245 /* on envoie les details de la transaction à telepaiement@ */
246 $mymail = new PlMailer();
247 $mymail->setFrom("webmaster@" . $globals->mail->domain);
248 $mymail->addTo($globals->money->email);
249 $mymail->setSubject($conf_title);
250 $msg = 'utilisateur : ' . $user->login() . ' (' . $user->id() . ')' . "\n" .
251 'mail : ' . $user->forlifeEmail() . "\n\n" .
252 "paiement : $conf_title ($conf_mail)\n".
253 "reference : $champ200\n".
254 "montant : $montant\n\n".
255 "dump de REQUEST:\n".
256 var_export($_REQUEST,true);
257 $mymail->setTxtBody($msg);
258 $mymail->send();
259 exit;
260 }
261
262 function handler_cyber2_return(&$page, $uid = null)
263 {
264 global $globals, $platal;
265
266 /* on vérifie la signature */
267 $vads_params = array();
268 foreach($_REQUEST as $key => $value)
269 if(substr($key,0,5) == "vads_")
270 $vads_params[$key] = $value;
271 ksort($vads_params);
272 $signature = sha1(join('+',$vads_params).'+'.$globals->money->cyperplus_key);
273 //if($signature != Env::v('signature')) {
274 // cb_erreur("signature invalide");
275 //}
276
277 /* on extrait les informations sur l'utilisateur */
278 $user = User::get(Env::v('vads_cust_id'));
279 if (!$user) {
280 cb_erreur("uid invalide");
281 }
282
283 /* on extrait la reference de la commande */
284 if (!ereg('-([0-9]+)$', Env::v('vads_order_id'), $matches)) {
285 cb_erreur("référence de commande invalide");
286 }
287
288 echo ($ref = $matches[1]);
289 $res = XDB::query("SELECT mail, text, confirmation
290 FROM payments
291 WHERE id={?}", $ref);
292 if (!list($conf_mail, $conf_title, $conf_text) = $res->fetchOneRow()) {
293 cb_erreur("référence de commande inconnue");
294 }
295
296 /* on extrait le montant */
297 if (Env::v('vads_currency') != "978") {
298 cb_erreur("monnaie autre que l'euro");
299 }
300 $montant = sprintf("%.02f", ((float)Env::v('vads_amount'))/100) . " EUR";
301
302 /* on extrait le code de retour */
303 if (Env::v('vads_result') != "00") {
304 cb_erreur("erreur lors du paiement : ?? (".Env::v('vads_result').")");
305 }
306
307 /* on fait l'insertion en base de donnees */
308 XDB::execute("INSERT INTO payment_transactions (id, uid, ref, fullref, amount, pkey, comment)
309 VALUES ({?}, {?}, {?}, {?}, {?}, {?}, {?})",
310 Env::v('vads_trans_date'), $user->id(), $ref, Env::v('vads_order_id'), $montant, "", Env::v('vads_order_info'));
311
312 // We check if it is an Xnet payment and then update the related ML.
313 $res = XDB::query('SELECT eid
314 FROM group_events
315 WHERE paiement_id = {?}', $ref);
316 if ($eid = $res->fetchOneCell()) {
317 require_once dirname(__FILE__) . '/xnetevents/xnetevents.inc.php';
318 $evt = get_event_detail($eid);
319 subscribe_lists_event(0, $uid, $evt, $montant, true);
320 }
321
322 /* on genere le mail de confirmation */
323 $conf_text = str_replace(
324 array('<prenom>', '<nom>', '<promo>', '<montant>', '<salutation>', '<cher>', 'comment>'),
325 array($user->firstName(), $user->lastName(), $user->promo(), $montant,
326 $user->isFemale() ? 'Chère' : 'Cher', $user->isFemale() ? 'Chère' : 'Cher',
327 Env::v('comment')), $conf_text);
328
329 global $globals;
330 $mymail = new PlMailer();
331 $mymail->setFrom($conf_mail);
332 $mymail->addCc($conf_mail);
333 $mymail->setSubject($conf_title);
334 $mymail->setWikiBody($conf_text);
335 $mymail->sendTo($user);
336
337 /* on envoie les details de la transaction à telepaiement@ */
338 $mymail = new PlMailer();
339 $mymail->setFrom("webmaster@" . $globals->mail->domain);
340 $mymail->addTo($globals->money->email);
341 $mymail->setSubject($conf_title);
342 $msg = 'utilisateur : ' . $user->login() . ' (' . $user->id() . ')' . "\n" .
343 'mail : ' . $user->forlifeEmail() . "\n\n" .
344 "paiement : $conf_title ($conf_mail)\n".
345 "reference : $champ200\n".
346 "montant : $montant\n\n".
347 "dump de REQUEST:\n".
348 var_export($_REQUEST,true);
349 $mymail->setTxtBody($msg);
350 $mymail->send();
351 exit;
352 }
353
354 function handler_paypal_return(&$page, $uid = null)
355 {
356 $page->changeTpl('payment/retour_paypal.tpl');
357
358 /* reference banque (numero de transaction) */
359 $no_transaction = Env::s('tx');
360 /* token a renvoyer pour avoir plus d'information */
361 $clef = Env::s('sig');
362 /* code retour */
363 $status = Env::s('st');
364 /* raison */
365 $reason = ($status == 'Pending')? Env::s('pending_reason'): Env::s('reason_code');
366 /* reference complete de la commande */
367 $fullref = Env::s('cm');
368 /* montant de la transaction */
369 $montant_nb = Env::s('amt');
370 /* devise */
371 $montant_dev = Env::s('cc');
372 $montant = "$montant_nb $montant_dev";
373
374 /* on extrait le code de retour */
375 if ($status != "Completed") {
376 if ($status)
377 paypal_erreur("erreur lors du paiement : $status - $reason");
378 else
379 paypal_erreur("Paiement annulé", false);
380 }
381
382 /* on extrait les informations sur l'utilisateur */
383 $user = User::get($uid);
384 if (!$user) {
385 paypal_erreur("uid invalide");
386 }
387
388 /* on extrait la reference de la commande */
389 if (!ereg('-xorg-([0-9]+)$', $fullref, $matches)) {
390 paypal_erreur("référence de commande invalide");
391 }
392
393 $ref = $matches[1];
394 $res = XDB::query("SELECT mail, text, confirmation
395 FROM payments
396 WHERE id = {?}", $ref);
397 if (!list($conf_mail,$conf_title,$conf_text) = $res->fetchOneRow()) {
398 paypal_erreur("référence de commande inconnue");
399 }
400
401 /* on fait l'insertion en base de donnees */
402 XDB::execute("INSERT INTO payment_transactions (id, uid, ref, fullref, amount, pkey, comment)
403 VALUES ({?}, {?}, {?}, {?}, {?}, {?}, {?})",
404 $no_transaction, $user->id(), $ref, $fullref, $montant, $clef, Env::v('comment'));
405
406 // We check if it is an Xnet payment and then update the related ML.
407 $res = XDB::query('SELECT eid
408 FROM group_events
409 WHERE paiement_id = {?}', $ref);
410 if ($eid = $res->fetchOneCell()) {
411 require_once dirname(__FILE__) . '/xnetevents/xnetevents.inc.php';
412 $evt = get_event_detail($eid);
413 subscribe_lists_event(0, $uid, $evt, $montant, true);
414 }
415
416 /* on genere le mail de confirmation */
417 $conf_text = str_replace(array('<prenom>', '<nom>', '<promo>', '<montant>', '<salutation>', '<cher>'),
418 array($user->firstName(), $user->lastName(), $user->promo(), $montant,
419 $user->isFemale() ? 'Chère' : 'Cher',
420 $user->isFemale() ? 'Chère' : 'Cher'), $conf_text);
421
422 global $globals;
423 $mymail = new PlMailer();
424 $mymail->setFrom($conf_mail);
425 $mymail->addCc($conf_mail);
426 $mymail->setSubject($conf_title);
427 $mymail->setWikiBody($conf_text);
428 $mymail->sendTo($user);
429
430 /* on envoie les details de la transaction à telepaiement@ */
431 $mymail = new PlMailer();
432 $mymail->setFrom("webmaster@" . $globals->mail->domain);
433 $mymail->addTo($globals->money->email);
434 $mymail->setSubject($conf_title);
435 $msg = 'utilisateur : ' . $user->login() . ' (' . $user->id() . ')' . "\n" .
436 'mail : ' . $user->forlifeEmail() . "\n\n" .
437 "paiement : $conf_title ($conf_mail)\n".
438 "reference : $champ200\n".
439 "montant : $montant\n\n".
440 "dump de REQUEST:\n".
441 var_export($_REQUEST,true);
442 $mymail->setTxtBody($msg);
443 $mymail->send();
444
445 $page->assign('texte', $conf_text);
446 $page->assign('erreur', $erreur);
447 }
448
449 function handler_xnet_payment(&$page, $pid = null)
450 {
451 global $globals;
452
453 $perms = S::v('perms');
454 if (!$perms->hasFlag('groupmember')) {
455 if (is_null($pid)) {
456 return PL_FORBIDDEN;
457 }
458 $res = XDB::query("SELECT 1
459 FROM group_events AS e
460 INNER JOIN group_event_participants AS ep ON (ep.eid = e.eid AND uid = {?})
461 WHERE e.paiement_id = {?} AND e.asso_id = {?}",
462 S::i('uid'), $pid, $globals->asso('id'));
463 if ($res->numRows() == 0) {
464 return PL_FORBIDDEN;
465 }
466 }
467
468 if (!is_null($pid)) {
469 return $this->handler_payment($page, $pid);
470 }
471 $page->changeTpl('payment/xnet.tpl');
472
473 $res = XDB::query(
474 "SELECT id, text, url
475 FROM payments
476 WHERE asso_id = {?} AND NOT FIND_IN_SET('old', flags)
477 ORDER BY id DESC", $globals->asso('id'));
478 $tit = $res->fetchAllAssoc();
479 $page->assign('titres', $tit);
480
481
482 // TODO: replug sort.
483 $trans = array();
484 $event = array();
485 foreach($tit as $foo) {
486 $pid = $foo['id'];
487 if (may_update()) {
488 $res = XDB::query('SELECT t.uid, timestamp AS `date`, t.comment, amount
489 FROM payment_transactions AS t
490 WHERE t.ref = {?}', $pid);
491 $trans[$pid] = User::getBulkUsersWithUIDs($res->fetchAllAssoc(), 'uid', 'user');
492 $sum = 0;
493 foreach ($trans[$pid] as $i => $t) {
494 $sum += strtr(substr($t['amount'], 0, strpos($t['amount'], 'EUR')), ',', '.');
495 $trans[$pid][$i]['amount'] = str_replace('EUR', '€', $t['amount']);
496 }
497 $trans[$pid][] = array('nom' => 'somme totale',
498 'amount' => strtr($sum, '.', ',').' €');
499 }
500 $res = XDB::iterRow("SELECT e.eid, e.short_name, e.intitule, ep.nb, ei.montant, ep.paid
501 FROM group_events AS e
502 LEFT JOIN group_event_participants AS ep ON (ep.eid = e.eid AND uid = {?})
503 INNER JOIN group_event_items AS ei ON (ep.eid = ei.eid AND ep.item_id = ei.item_id)
504 WHERE e.paiement_id = {?}",
505 S::v('uid'), $pid);
506 $event[$pid] = array();
507 $event[$pid]['paid'] = 0;
508 if ($res->total()) {
509 $event[$pid]['topay'] = 0;
510 while(list($eid, $shortname, $title, $nb, $montant, $paid) = $res->next()) {
511 $event[$pid]['topay'] += ($nb * $montant);
512 $event[$pid]['eid'] = $eid;
513 $event[$pid]['shortname'] = $shortname;
514 $event[$pid]['title'] = $title;
515 $event[$pid]['ins'] = !is_null($nb);
516 $event[$pid]['paid'] = $paid;
517 }
518 }
519 $res = XDB::query("SELECT amount
520 FROM payment_transactions AS t
521 WHERE ref = {?} AND uid = {?}", $pid, S::v('uid'));
522 $montants = $res->fetchColumn();
523
524 foreach ($montants as $m) {
525 $p = strtr(substr($m, 0, strpos($m, 'EUR')), ',', '.');
526 $event[$pid]['paid'] += trim($p);
527 }
528 }
529 $page->register_modifier('decode_comment', 'decode_comment');
530 $page->assign('trans', $trans);
531 $page->assign('event', $event);
532 }
533
534 function handler_admin(&$page, $action = 'list', $id = null) {
535 $page->setTitle('Administration - Paiements');
536 $page->assign('title', 'Gestion des télépaiements');
537 $table_editor = new PLTableEditor('admin/payments','payments','id');
538 $table_editor->add_join_table('payment_transactions','ref',true);
539 $table_editor->add_sort_field('flags');
540 $table_editor->add_sort_field('id', true, true);
541 $table_editor->on_delete("UPDATE payments SET flags = 'old' WHERE id = {?}", "Le paiement a été archivé");
542 $table_editor->describe('text','intitulé',true);
543 $table_editor->describe('url','site web',false);
544 $table_editor->describe('amount_def','montant par défaut',false);
545 $table_editor->describe('amount_min','montant minimum',false);
546 $table_editor->describe('amount_max','montant maximum',false);
547 $table_editor->describe('mail','email contact',true);
548 $table_editor->describe('confirmation','message confirmation',false);
549
550 // adds a column with the start date of the linked event if there is one
551 $table_editor->add_option_table('group_events','group_events.paiement_id = t.id');
552 $table_editor->add_option_field('group_events.debut', 'related_event', 'évènement', 'timestamp');
553
554 $table_editor->apply($page, $action, $id);
555 }
556 }
557
558 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
559 ?>
plat/al