lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Debug online payment using unique form

Browse Source
This commit is contained in:
Laurent Destailleur 2017-09-20 19:34:14 +02:00
parent 577c64cc37
commit 2f317c5834
5 changed files with 37 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
htdocs/public/payment/newpayment.php
View File

@ -66,21 +66,21 @@ $suffix=GETPOST("suffix",'aZ09');
$amount=price2num(GETPOST("amount",'alpha'));
if (! GETPOST("currency",'alpha')) $currency=$conf->currency;
else $currency=GETPOST("currency",'alpha');
$source = GETPOST("source",'alpha');
$source = GETPOST("s",'alpha')?GETPOST("s",'alpha'):GETPOST("source",'alpha');
if (! $action)
{
if (! GETPOST("amount",'alpha') && ! GETPOST("source",'alpha'))
if (! GETPOST("amount",'alpha') && ! $source)
{
print $langs->trans('ErrorBadParameters')." - amount or source";
exit;
}
if (is_numeric($amount) && ! GETPOST("tag",'alpha') && ! GETPOST("source",'alpha'))
if (is_numeric($amount) && ! GETPOST("tag",'alpha') && ! $source)
{
print $langs->trans('ErrorBadParameters')." - tag or source";
exit;
}
if (GETPOST("source",'alpha') && ! GETPOST("ref",'alpha'))
if ($source && ! GETPOST("ref",'alpha'))
{
print $langs->trans('ErrorBadParameters')." - ref";
exit;
@ -111,7 +111,6 @@ $urlok=$urlwithroot.'/public/payment/paymentok.php?';
$urlko=$urlwithroot.'/public/payment/paymentko.php?';
// Complete urls for post treatment
$SOURCE=GETPOST("source",'alpha');
$ref=$REF=GETPOST('ref','alpha');
$TAG=GETPOST("tag",'alpha');
$FULLTAG=GETPOST("fulltag",'alpha'); // fulltag is tag with more informations
@ -123,10 +122,10 @@ if (! empty($suffix))
$urlok.='suffix='.urlencode($suffix).'&';
$urlko.='suffix='.urlencode($suffix).'&';
}
if (! empty($SOURCE))
if ($source)
{
$urlok.='source='.urlencode($SOURCE).'&';
$urlko.='source='.urlencode($SOURCE).'&';
$urlok.='s='.urlencode($source).'&';
$urlko.='s='.urlencode($source).'&';
}
if (! empty($REF))
{
@ -143,15 +142,16 @@ if (! empty($FULLTAG))
$urlok.='fulltag='.urlencode($FULLTAG).'&';
$urlko.='fulltag='.urlencode($FULLTAG).'&';
}
/* This make url too long. Seems not required into the back url
if (! empty($SECUREKEY))
{
$urlok.='securekey='.urlencode($SECUREKEY).'&';
$urlko.='securekey='.urlencode($SECUREKEY).'&';
}
}*/
if (! empty($entity))
{
$urlok.='entity='.urlencode($entity).'&';
$urlko.='entity='.urlencode($entity).'&';
$urlok.='e='.urlencode($entity).'&';
$urlko.='e='.urlencode($entity).'&';
}
$urlok=preg_replace('/&$/','',$urlok); // Remove last &
$urlko=preg_replace('/&$/','',$urlko); // Remove last &
@ -223,7 +223,7 @@ if (! empty($conf->global->PAYMENT_SECURITY_TOKEN))
{
if (! empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE))
{
if ($SOURCE && $REF) $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN . $SOURCE . $REF, 2); // Use the source in the hash to avoid duplicates if the references are identical
if ($source && $REF) $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN . $source . $REF, 2); // Use the source in the hash to avoid duplicates if the references are identical
else $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2);
}
else
@ -340,13 +340,14 @@ if ($action == 'dopayment')
elseif (empty($email)) $mesg=$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("YourEMail"));
elseif (! isValidEMail($email)) $mesg=$langs->trans("ErrorBadEMail",$email);
elseif (! $origfulltag) $mesg=$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("PaymentCode"));
elseif (dol_strlen($urlok) > 150) $mesg='Error urlok too long '.$urlok;
elseif (dol_strlen($urlko) > 150) $mesg='Error urlko too long '.$urlko;
elseif (dol_strlen($urlok) > 150) $mesg='Error urlok too long '.$urlok.'( Paybox requires 150, found '.strlen($urlok).')';
elseif (dol_strlen($urlko) > 150) $mesg='Error urlko too long '.$urlko.'( Paybox requires 150, found '.strlen($urlok).')';
if (empty($mesg))
{
dol_syslog("newpayment.php call paybox api and do redirect", LOG_DEBUG);
include_once DOL_DOCUMENT_ROOT.'/paybox/lib/paybox.lib.php';
print_paybox_redirect($PRICE, $conf->currency, $email, $urlok, $urlko, $FULLTAG);
session_destroy();
@ -499,10 +500,10 @@ $conf->dol_hide_leftmenu=1;
llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody');
// Check link validity
if (! empty($SOURCE) && in_array($ref, array('member_ref', 'contractline_ref', 'invoice_ref', 'order_ref', '')))
if ($source && in_array($ref, array('member_ref', 'contractline_ref', 'invoice_ref', 'order_ref', '')))
{
$langs->load("errors");
dol_print_error_email('BADREFINPAYMENTFORM', $langs->trans("ErrorBadLinkSourceSetButBadValueForRef", $SOURCE, $ref));
dol_print_error_email('BADREFINPAYMENTFORM', $langs->trans("ErrorBadLinkSourceSetButBadValueForRef", $source, $ref));
llxFooter();
$db->close();
exit;
@ -528,7 +529,7 @@ print '<input type="hidden" name="action" value="dopayment">'."\n";
print '<input type="hidden" name="tag" value="'.GETPOST("tag",'alpha').'">'."\n";
print '<input type="hidden" name="suffix" value="'.GETPOST("suffix",'alpha').'">'."\n";
print '<input type="hidden" name="securekey" value="'.$SECUREKEY.'">'."\n";
print '<input type="hidden" name="entity" value="'.$entity.'" />';
print '<input type="hidden" name="e" value="'.$entity.'" />';
print "\n";
print '<!-- Form to send a payment -->'."\n";
print '<!-- creditor = '.$creditor.' -->'."\n";
@ -709,8 +710,8 @@ if ($source == 'order')
$text='<b>'.$langs->trans("PaymentOrderRef",$order->ref).'</b>';
print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Designation");
print '</td><td class="CTableRow'.($var?'1':'2').'">'.$text;
print '<input type="hidden" name="source" value="'.GETPOST("source",'alpha').'">';
print '<input type="hidden" name="ref" value="'.$order->ref.'">';
print '<input type="hidden" name="s" value="'.dol_escape_htmltag($source).'">';
print '<input type="hidden" name="ref" value="'.dol_escape_htmltag($order->ref).'">';
print '</td></tr>'."\n";
// Amount
@ -821,7 +822,7 @@ if ($source == 'invoice')
$text='<b>'.$langs->trans("PaymentInvoiceRef",$invoice->ref).'</b>';
print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Designation");
print '</td><td class="CTableRow'.($var?'1':'2').'">'.$text;
print '<input type="hidden" name="source" value="'.dol_escape_htmltag(GETPOST("source",'alpha')).'">';
print '<input type="hidden" name="s" value="'.dol_escape_htmltag($source).'">';
print '<input type="hidden" name="ref" value="'.dol_escape_htmltag($invoice->ref).'">';
print '</td></tr>'."\n";
@ -1004,8 +1005,8 @@ if ($source == 'contractline')
print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Designation");
print '</td><td class="CTableRow'.($var?'1':'2').'">'.$text;
print '<input type="hidden" name="source" value="'.GETPOST("source",'alpha').'">';
print '<input type="hidden" name="ref" value="'.$contractline->ref.'">';
print '<input type="hidden" name="source" value="'.dol_escape_htmltag($source).'">';
print '<input type="hidden" name="ref" value="'.dol_escape_htmltag($contractline->ref).'">';
print '</td></tr>'."\n";
// Quantity
@ -1146,8 +1147,8 @@ if ($source == 'membersubscription')
$text='<b>'.$langs->trans("PaymentSubscription").'</b>';
print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Designation");
print '</td><td class="CTableRow'.($var?'1':'2').'">'.$text;
print '<input type="hidden" name="source" value="'.GETPOST("source",'alpha').'">';
print '<input type="hidden" name="ref" value="'.$member->ref.'">';
print '<input type="hidden" name="source" value="'.dol_escape_htmltag($source).'">';
print '<input type="hidden" name="ref" value="'.dol_escape_htmltag($member->ref).'">';
print '</td></tr>'."\n";
if ($member->last_subscription_date || $member->last_subscription_amount)
@ -1272,7 +1273,7 @@ if ($action != 'dopayment')
if (! empty($conf->stripe->enabled))
{
// If STRIPE_PICTO_FOR_PAYMENT is 'cb' we show a picto of a crdit card instead of stripe
print '<br><input class="button buttonpayment buttonpayment'.(empty($conf->global->STRIPE_PICTO_FOR_PAYMENT)?'stripe':$conf->global->STRIPE_PICTO_FOR_PAYMENT).'" type="submit" name="dopayment__stripe" value="'.$langs->trans("StripeDoPayment").'">';
print '<br><input class="button buttonpayment buttonpayment'.(empty($conf->global->STRIPE_PICTO_FOR_PAYMENT)?'stripe':$conf->global->STRIPE_PICTO_FOR_PAYMENT).'" type="submit" name="dopayment_stripe" value="'.$langs->trans("StripeDoPayment").'">';
}
if (! empty($conf->paypal->enabled))
@ -1365,12 +1366,12 @@ if (preg_match('/^dopayment/',$action))
print '<input type="hidden" name="dopayment_stripe" value="1">'."\n";
print '<input type="hidden" name="action" value="charge">'."\n";
print '<input type="hidden" name="tag" value="'.$TAG.'">'."\n";
print '<input type="hidden" name="source" value="'.$SOURCE.'">'."\n";
print '<input type="hidden" name="s" value="'.$source.'">'."\n";
print '<input type="hidden" name="ref" value="'.$REF.'">'."\n";
print '<input type="hidden" name="fulltag" value="'.$FULLTAG.'">'."\n";
print '<input type="hidden" name="suffix" value="'.$suffix.'">'."\n";
print '<input type="hidden" name="securekey" value="'.$SECUREKEY.'">'."\n";
print '<input type="hidden" name="entity" value="'.$entity.'" />';
print '<input type="hidden" name="e" value="'.$entity.'" />';
print '<input type="hidden" name="amount" value="'.$amount.'">'."\n";
print '<input type="hidden" name="currency" value="'.$currency.'">'."\n";

2
htdocs/public/payment/paymentko.php
View File

@ -31,7 +31,7 @@ define("NOCSRFCHECK",1); // We accept to go on this page from external web site.
// For MultiCompany module.
// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
// TODO This should be useless. Because entity must be retreive from object ref and not from url.
$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
$entity=(! empty($_GET['e']) ? (int) $_GET['e'] : (! empty($_POST['e']) ? (int) $_POST['e'] : 1));
if (is_numeric($entity)) define("DOLENTITY", $entity);
require '../../main.inc.php';

5
htdocs/public/payment/paymentok.php
View File

@ -31,7 +31,7 @@ define("NOCSRFCHECK",1); // We accept to go on this page from external web site.
// For MultiCompany module.
// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
// TODO This should be useless. Because entity must be retreive from object ref and not from url.
$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
$entity=(! empty($_GET['e']) ? (int) $_GET['e'] : (! empty($_POST['e']) ? (int) $_POST['e'] : 1));
if (is_numeric($entity)) define("DOLENTITY", $entity);
require '../../main.inc.php';
@ -76,7 +76,7 @@ if (! empty($conf->paypal->enabled))
$FULLTAG=GETPOST('FULLTAG');
if (empty($FULLTAG)) $FULLTAG=GETPOST('fulltag');
$source=GETPOST('source');
$source=GETPOST('s','alpha')?GETPOST('s','alpha'):GETPOST('source','alpha');
$ref=GETPOST('ref');
$suffix=GETPOST("suffix",'aZ09');
@ -145,7 +145,6 @@ $conf->dol_hide_leftmenu=1;
llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody');
// Show message
print '<span id="dolpaymentspan"></span>'."\n";
print '<div id="dolpaymentdiv" align="center">'."\n";

4
htdocs/theme/eldy/style.css.php
View File

@ -1084,7 +1084,7 @@ div.fiche {
<?php if (! empty($conf->dol_hide_leftmenu)) print 'margin-bottom: 12px;'."\n"; ?>
}
body.onlinepaymentbody div.fiche { /* For online payment page */
margin: 40px !important;
margin: 20px !important;
}
div.fiche>table:first-child {
margin-bottom: 15px !important;
@ -3139,7 +3139,7 @@ div.titre {
/* text-shadow: 1px 1px 2px #FFFFFF; */
}
#dolpaymenttable { max-width: 600px; font-size: 16px; }
#dolpaymenttable { min-width: 310px; font-size: 16px; } /* Width must have min to make stripe input area visible */
#tablepublicpayment { border: 1px solid #CCCCCC !important; width: 100%; padding: 20px; }
#tablepublicpayment .CTableRow1 { background-color: #F0F0F0 !important; }
#tablepublicpayment tr.liste_total { border-bottom: 1px solid #CCCCCC !important; }

5
htdocs/theme/md/style.css.php
View File

@ -1120,6 +1120,9 @@ div.fiche {
<?php if (! empty($conf->dol_hide_leftmenu) && ! empty($conf->dol_hide_topmenu)) print 'margin-top: 4px;'; ?>
margin-bottom: 15px;
}
body.onlinepaymentbody div.fiche { /* For online payment page */
margin: 20px !important;
}
div.fichecenter {
width: 100%;
clear: both; /* This is to have div fichecenter that are true rectangles */
@ -3239,7 +3242,7 @@ div.titre {
<?php print (empty($conf->dol_optimize_smallscreen)?'':'margin-top: 4px;'); ?>
}
#dolpaymenttable { max-width: 600px; font-size: 16px; }
#dolpaymenttable { min-width: 320px; font-size: 16px; } /* Width must have min to make stripe input area visible */
#tablepublicpayment { border: 1px solid #CCCCCC !important; width: 100%; padding: 20px; }
#tablepublicpayment .CTableRow1 { background-color: #F0F0F0 !important; }
#tablepublicpayment tr.liste_total { border-bottom: 1px solid #CCCCCC !important; }