Commit 24cedaf7 authored by Malcolm Blaney's avatar Malcolm Blaney

Add order number in subject in Cart->SendEmail. Fix migs api, Bendigo

requires secure hash. Fix bug in Groupwizard that meant changing a
purchase date always moved existing purchases to the new date.
parent 61c6effe
Pipeline #4502595 failed with stage
in 1 minute and 32 seconds
......@@ -392,6 +392,9 @@ class Cart extends Base {
'"","#cart-checkout-form","padding","5px"',
'"","#cart-checkout-form","margin","5px"',
'"","#cart-checkout-form label","width","10em"',
'"","#cart-migs-format","font-size","0.8em"',
'"","#cart-migs-format","font-style","italic"',
'"","#cart-migs-format","margin-left","13em"',
'"","#eway-form label","width","7em"',
'"","#eway-form button","margin-left","7.3em"'];
$this->AddSiteStyle($site_style);
......@@ -646,7 +649,7 @@ class Cart extends Base {
'For your reference, the order number is: '.$order_id.'<br><br>'.
'<button>dismiss</button></div>';
$message .= 'Payment made using PayPal.';
$this->SendEmail($message);
$this->SendEmail('Order number '.$order_id.' received', $message);
}
else if ($_GET['payment'] === 'credit') {
$gateway = $this->Gateway('credit');
......@@ -655,7 +658,7 @@ class Cart extends Base {
'<button>dismiss</button></div>';
$message .= "Payment made using Credit Card. Transaction status:<br>\n".
$gateway;
$this->SendEmail($message);
$this->SendEmail('Order number '.$order_id.' received', $message);
}
$query = 'UPDATE cart_order SET completed = '.time().' WHERE user = '.
'"'.$this->owner.'" AND id = '.$_SESSION['cart-order-id'];
......@@ -902,25 +905,30 @@ class Cart extends Base {
}
else if ($gateway === 'migs') {
if ($data) {
// gateway_api_key is used to store the merchant_id and gateway_password
// to store the access code. (Neither need to be kept secret.)
list($merchant_id, $access_code) = explode(':', $gateway_api_key);
$amount = $data['Payment']['TotalAmount'];
$merch_txn_ref = time();
$order_id = $_SESSION['cart-order-id'];
$secure_hash = $gateway_password.$access_code.$amount.'payen'.
$merch_txn_ref.$merchant_id.$order_id.$data['RedirectURL'].'1';
return
'<form id="migs-form" action="https://migs.mastercard.com.au/vpcpay"'.
' method="post">'.
'<input type="hidden" name="vpc_Version" value="1">'.
'<input type="hidden" name="vpc_Command" value="pay">'.
'<input type="hidden" name="vpc_AccessCode" '.
'value="'.$gateway_password.'">'.
'<input type="hidden" name="vpc_MerchTxnRef" value="'.time().'">'.
'<input type="hidden" name="vpc_Merchant" '.
'value="'.$gateway_api_key.'">'.
'<input type="hidden" name="vpc_OrderInfo" '.
'value="'.$_SESSION['cart-order-id'].'">'.
'<input type="hidden" name="vpc_Amount" '.
'value="'.$data['Payment']['TotalAmount'].'">'.
'value="'.$access_code.'">'.
'<input type="hidden" name="vpc_Amount" value="'.$amount.'">'.
'<input type="hidden" name="vpc_Command" value="pay">'.
'<input type="hidden" name="vpc_Locale" value="en">'.
'<input type="hidden" name="vpc_MerchTxnRef" '.
'value="'.$merch_txn_ref.'">'.
'<input type="hidden" name="vpc_Merchant" '.
'value="'.$merchant_id.'">'.
'<input type="hidden" name="vpc_OrderInfo" value="'.$order_id.'">'.
'<input type="hidden" name="vpc_ReturnURL" '.
'value="'.$data['RedirectURL'].'">'.
'<input type="hidden" name="vpc_Version" value="1">'.
'<input type="hidden" name="vpc_SecureHash" '.
'value="'.strtoupper(md5($secure_hash)).'">'.
'<button id="cart-payment">Go to payment page</button>'.
'</form>';
}
......@@ -1007,7 +1015,10 @@ class Cart extends Base {
}
if ($method === 'pickup') {
return $_SESSION['cart-order-id'];
$order_id = $_SESSION['cart-order-id'];
$this->SendEmail('Order number '.$order_id.' received',
$email_text.'Note: Payment to be made on Pick up.');
return $order_id;
}
if ($method === 'paypal') {
// Maximum item_name string to paypal is 127 chars.
......@@ -1404,7 +1415,7 @@ class Cart extends Base {
return $shipping;
}
private function SendEmail($message) {
private function SendEmail($subject, $message) {
$business = '';
$mysqli = connect_db();
$query = 'SELECT email FROM cart_checkout WHERE user = "'.$this->owner.'"';
......@@ -1442,7 +1453,7 @@ class Cart extends Base {
if ($bcc !== '') {
$headers .= 'Bcc: '.$bcc."\r\n";
}
mail($business, 'Order Received', $message, $headers, '-f '.$sender);
mail($business, $subject, $message, $headers, '-f '.$sender);
}
private function VerifyItem($item, $price) {
......@@ -1656,6 +1667,9 @@ class Cart extends Base {
'<label for="cart-checkout-gateway-api-key">Gateway Api Key:'.
'</label>'.
'<input id="cart-checkout-gateway-api-key" size="20">'.
'<div id="cart-migs-format">'.
'(For migs store MerchantID:AccessCode in Api Key)'.
'</div>'.
'</div>'.
'<div class="form-spacing">'.
'<label for="cart-checkout-gateway-password">Gateway Password:'.
......
......@@ -834,7 +834,9 @@ class Groupwizard extends Base {
else {
$new_timestamp = strtotime($value);
}
if ($old_timestamp && $new_timestamp) {
// Only update timestamps for future orders, not existing purchases.
if ($old_timestamp && $new_timestamp &&
$old_timestamp > strtotime('23:59:59')) {
$purchase = new Purchase($this->user, $this->owner);
$purchase->UpdateTimestamp($old_timestamp, $new_timestamp);
}
......
......@@ -409,7 +409,7 @@ class Invoice extends Base {
if ($message !== '') {
$message = '<html><head><title>'.$date."</title></head>\n".
"<body>\n".$message."\n</body></html>";
$order = $path.'/order.html';
$order = $path.'/'.$group.'-order.html';
if (file_exists($order)) unlink($order);
if ($handle = fopen($order, 'w')) {
fwrite($handle, $message);
......@@ -432,7 +432,8 @@ class Invoice extends Base {
$this->Log('Invoice->ShowOrder: Error opening file: '.$path.'/'.$name);
}
}
return ['content' => $info, 'name' => 'order.html', 'files' => $filenames];
return ['content' => $info, 'name' => $group.'-order.html',
'files' => $filenames];
}
// Private functions below here ////////////////////////////////////////////
......@@ -1141,7 +1142,7 @@ class Invoice extends Base {
if ($this->Substitute('invoice-show-user-count') === 'true') {
// This allows for a mapping between a group and an account
// (in a different group) that is used to send the first group invoices.
$group = $this->Substitute('invoice-group-for-'.$user);
$group = $this->Substitute('invoice-group-for-user-'.$user);
// This gets set in Purchase->ActiveUsers().
$count = (int)$this->Substitute('purchase-user-count', '', '', $group);
if ($count > 1) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment