diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 1db71e01d52..b770f293f4a 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -129,6 +129,7 @@ class FormFile /** * Show the box with list of available documents for object + * * @param modulepart propal, facture, facture_fourn, ... * @param filename Sub dir to scan (Example: '0/1/10', 'FA/DD/MM/YY/9999'). Use '' if filedir already complete) * @param filedir Dir to scan @@ -157,7 +158,8 @@ class FormFile /** * Return a string to show the box with list of available documents for object. - * This also set the property $this->numoffiles. + * This also set the property $this->numoffiles + * * @param modulepart propal, facture, facture_fourn, ... * @param filename Sub dir to scan (Example: '0/1/10', 'FA/DD/MM/YY/9999'). Use '' if filedir already complete) * @param filedir Dir to scan diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 1856b452608..d917a240685 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -189,6 +189,7 @@ class FormMail /** * Show the form to input an email * this->withfile: 0=No attaches files, 1=Show attached files, 2=Can add new attached files + * * @param addfileaction Name of action when posting file attachments * @param removefileaction Name of action when removing file attachments */ @@ -200,6 +201,7 @@ class FormMail /** * Get the form to input an email * this->withfile: 0=No attaches files, 1=Show attached files, 2=Can add new attached files + * * @param addfileaction Name of action when posting file attachments * @param removefileaction Name of action when removing file attachments */ @@ -563,12 +565,12 @@ class FormMail if ($this->param["models"]=='order_send') { - $url=getPaypalPaymentUrl('order',$this->substit['__ORDERREF__']); + $url=getPaypalPaymentUrl(0,'order',$this->substit['__ORDERREF__']); $defaultmessage=$langs->transnoentities("PredefinedMailContentSendOrderWithPaypalLink",$url); } if ($this->param["models"]=='facture_send') { - $url=getPaypalPaymentUrl('invoice',$this->substit['__FACREF__']); + $url=getPaypalPaymentUrl(0,'invoice',$this->substit['__FACREF__']); $defaultmessage=$langs->transnoentities("PredefinedMailContentSendInvoiceWithPaypalLink",$url); } } diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index f72d5d6cab5..835136e7c5b 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -306,12 +306,16 @@ ConnectionTimeout=Connexion timeout ResponseTimeout=Response timeout SmsTestMessage=Test message from __PHONEFROM__ to __PHONETO__ ModuleMustBeEnabledFirst=Module %s must be enabled first before using this feature. -SecurityToken=Key to encrypt urls +SecurityToken=Key to secure URLs NoSmsEngine=No SMS sender manager available. SMS sender manager are not installed with default distribution (because they depends on an external supplier) but you can find some on http://www.dolistore.com PDF=PDF PDFDesc=You can set each global options related to the PDF generation PDFAddressForging=Rules to forge address boxes HideAnyVATInformationOnPDF=Hide all information related to VAT on generated PDF +UrlGenerationParameters=Parameters to secure URLs +SecurityTokenIsUnique=Use a unique securekey parameter for each URL +EnterRefToBuildUrl=Enter reference for object %s +GetSecuredUrl=Get calculated URL # Modules Module0Name=Users & groups diff --git a/htdocs/langs/en_US/paybox.lang b/htdocs/langs/en_US/paybox.lang index 211dce8df1e..c79db420656 100644 --- a/htdocs/langs/en_US/paybox.lang +++ b/htdocs/langs/en_US/paybox.lang @@ -15,8 +15,8 @@ PayBoxDoPayment=Go on payment YouWillBeRedirectedOnPayBox=You will be redirected on secured Paybox page to input you credit card information PleaseBePatient=Please, be patient Continue=Next -ToOfferALinkForOnlinePaymentOnOrder=URL to offer a %s online payment user interface for an order -ToOfferALinkForOnlinePaymentOnInvoice=URL to offer a %s online payment user interface for an invoice +ToOfferALinkForOnlinePaymentOnOrder=URL to offer a %s online payment user interface for a customer order +ToOfferALinkForOnlinePaymentOnInvoice=URL to offer a %s online payment user interface for a customer invoice ToOfferALinkForOnlinePaymentOnContractLine=URL to offer a %s online payment user interface for a contract line ToOfferALinkForOnlinePaymentOnFreeAmount=URL to offer a %s online payment user interface for a free amount ToOfferALinkForOnlinePaymentOnMemberSubscription=URL to offer a %s online payment user interface for a member subscription diff --git a/htdocs/langs/fr_FR/admin.lang b/htdocs/langs/fr_FR/admin.lang index b8d4abb430a..8a7c02ad5cd 100644 --- a/htdocs/langs/fr_FR/admin.lang +++ b/htdocs/langs/fr_FR/admin.lang @@ -307,12 +307,16 @@ ConnectionTimeout=Timeout de connexion ResponseTimeout=Timeout de réponse SmsTestMessage=Message de test de __PHONEFROM__ vers __PHONETO__ ModuleMustBeEnabledFirst=Le module %s doit etre activé pour utiliser cette fonction. -SecurityToken=Clé de cryptage des url +SecurityToken=Clé de sécurisation des URLs NoSmsEngine=Aucun gestionnaire d'envoi de SMS n'est disponible. Les gestionnaires d'envois SMS ne sont pas installés en standard (car dépendent d'un fournisseur) mais vous pourrez en trouver depuis la plateforme http://www.dolistore.com PDF=PDF PDFDesc=Vous pouvez définir ici des options globales sur la génération des PDF PDFAddressForging=Règle de fabrication des zones adresses HideAnyVATInformationOnPDF=Cacher toutes les informations en rapport avec la TVA sur les PDF générés +UrlGenerationParameters=Sécurisation des URLs +SecurityTokenIsUnique=Utiliser un paramètre securekey unique pour chaque URL ? +EnterRefToBuildUrl=Entrez la référence pour l'objet %s +GetSecuredUrl=Obtenir l'URL calculée # Modules= undefined Module0Name= Utilisateurs & groupes diff --git a/htdocs/langs/fr_FR/paybox.lang b/htdocs/langs/fr_FR/paybox.lang index 04a55508dfd..5cc66e93b24 100644 --- a/htdocs/langs/fr_FR/paybox.lang +++ b/htdocs/langs/fr_FR/paybox.lang @@ -16,7 +16,7 @@ YouWillBeRedirectedOnPayBox=Vous serez redirigé vers la page sécurisée Paybox PleaseBePatient=Merci de patientez quelques secondes Continue=Continuer ToOfferALinkForOnlinePaymentOnOrder=URL offrant une interface de paiement en ligne %s sur la base du montant d'une commande client -ToOfferALinkForOnlinePaymentOnInvoice=URL offrant une interface de paiement en ligne %s sur la base du montant d'une facture +ToOfferALinkForOnlinePaymentOnInvoice=URL offrant une interface de paiement en ligne %s sur la base du montant d'une facture client ToOfferALinkForOnlinePaymentOnContractLine=URL offrant une interface de paiement en ligne %s sur la base du montant d'une ligne de contrat ToOfferALinkForOnlinePaymentOnFreeAmount=URL offrant une interface de paiement en ligne %s pour un montant libre ToOfferALinkForOnlinePaymentOnMemberSubscription=URL offrant une interface de paiement en ligne %s sur la base d'une cotisation d'adhérent diff --git a/htdocs/paypal/admin/paypal.php b/htdocs/paypal/admin/paypal.php index 3bae01cfd80..c4caecc4262 100644 --- a/htdocs/paypal/admin/paypal.php +++ b/htdocs/paypal/admin/paypal.php @@ -51,6 +51,8 @@ if ($_POST["action"] == 'setvalue' && $user->admin) $result=dolibarr_set_const($db, "PAYPAL_API_INTEGRAL_OR_PAYPALONLY",$_POST["PAYPAL_API_INTEGRAL_OR_PAYPALONLY"],'chaine',0,'',$conf->entity); $result=dolibarr_set_const($db, "PAYPAL_CSS_URL",$_POST["PAYPAL_CSS_URL"],'chaine',0,'',$conf->entity); $result=dolibarr_set_const($db, "PAYPAL_SECURITY_TOKEN",$_POST["PAYPAL_SECURITY_TOKEN"],'chaine',0,'',$conf->entity); + $result=dolibarr_set_const($db, "PAYPAL_SECURITY_TOKEN_UNIQUE",$_POST["PAYPAL_SECURITY_TOKEN_UNIQUE"],'chaine',0,'',$conf->entity); + $result=dolibarr_set_const($db, "PAYPAL_ADD_PAYMENT_URL",$_POST["PAYPAL_ADD_PAYMENT_URL"],'chaine',0,'',$conf->entity); $result=dolibarr_set_const($db, "PAYPAL_MESSAGE_OK",$_POST["PAYPAL_MESSAGE_OK"],'chaine',0,'',$conf->entity); $result=dolibarr_set_const($db, "PAYPAL_MESSAGE_KO",$_POST["PAYPAL_MESSAGE_KO"],'chaine',0,'',$conf->entity); @@ -183,13 +185,6 @@ print ''; -$var=!$var; -print ''; -print $langs->trans("SecurityToken").''; -print ''; -print ' '.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_token" class="linkobject"'); -print ''; - $var=!$var; print ''; print $langs->trans("PAYPAL_ADD_PAYMENT_URL").''; @@ -210,8 +205,30 @@ $doleditor=new DolEditor('PAYPAL_MESSAGE_KO',$conf->global->PAYPAL_MESSAGE_KO,'' $doleditor->Create(); print ''; +$var=true; +print ''; +print ''.$langs->trans("UrlGenerationParameters").''; +print ''.$langs->trans("Value").''; +print "\n"; + +$var=!$var; +print ''; +print $langs->trans("SecurityToken").''; +print ''; +print ' '.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_token" class="linkobject"'); +print ''; + +$var=!$var; +print ''; +print $langs->trans("SecurityTokenIsUnique").''; +print $form->selectyesno("PAYPAL_SECURITY_TOKEN_UNIQUE",(empty($conf->global->PAYPAL_SECURITY_TOKEN)?0:$conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE),1); +print ''; + print '
'; -print ''; + +print ''; + +print ''; dol_fiche_end(); @@ -240,32 +257,95 @@ print ''; print '

'; $token=''; -if (! empty($conf->global->PAYPAL_SECURITY_TOKEN)) $token='&securekey='.$conf->global->PAYPAL_SECURITY_TOKEN; + // Url list print ''.$langs->trans("FollowingUrlAreAvailableToMakePayments").':
'; print img_picto('','object_globe.png').' '.$langs->trans("ToOfferALinkForOnlinePaymentOnFreeAmount",$servicename).':
'; -print ''.DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?amount=9.99&tag=your_free_tag'.$token.''."
\n"; +print ''.getPaypalPaymentUrl(1,'free')."
\n"; if ($conf->commande->enabled) { print img_picto('','object_globe.png').' '.$langs->trans("ToOfferALinkForOnlinePaymentOnOrder",$servicename).':
'; - print ''.DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source=order&ref=order_ref'.$token.''."
\n"; + print ''.getPaypalPaymentUrl(1,'order')."
\n"; + if (! empty($conf->global->PAYPAL_SECURITY_TOKEN) && ! empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) + { + $langs->load("orders"); + print '
'; + print $langs->trans("EnterRefToBuildUrl",$langs->transnoentitiesnoconv("Order")).': '; + print ''; + print ''; + if (GETPOST('generate_order_ref')) + { + print ' -> '; + $url=getPaypalPaymentUrl(0,'order',GETPOST('generate_order_ref')); + print $url; + print "
\n"; + } + print '
'; + } } if ($conf->facture->enabled) { print img_picto('','object_globe.png').' '.$langs->trans("ToOfferALinkForOnlinePaymentOnInvoice",$servicename).':
'; - print ''.DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source=invoice&ref=invoice_ref'.$token.''."
\n"; -// print $langs->trans("SetupPaypalToHavePaymentCreatedAutomatically",$langs->transnoentitiesnoconv("FeatureNotYetAvailable"))."
\n"; + print ''.getPaypalPaymentUrl(1,'invoice')."
\n"; + if (! empty($conf->global->PAYPAL_SECURITY_TOKEN) && ! empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) + { + $langs->load("bills"); + print '
'; + print $langs->trans("EnterRefToBuildUrl",$langs->transnoentitiesnoconv("Invoice")).': '; + print ''; + print ''; + if (GETPOST('generate_invoice_ref')) + { + print ' -> '; + $url=getPaypalPaymentUrl(0,'invoice',GETPOST('generate_invoice_ref')); + print $url; + print "
\n"; + } + print '
'; + } } if ($conf->contrat->enabled) { print img_picto('','object_globe.png').' '.$langs->trans("ToOfferALinkForOnlinePaymentOnContractLine",$servicename).':
'; - print ''.DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source=contractline&ref=contractline_ref'.$token.''."
\n"; + print ''.getPaypalPaymentUrl(1,'contractline')."
\n"; + if (! empty($conf->global->PAYPAL_SECURITY_TOKEN) && ! empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) + { + $langs->load("contract"); + print '
'; + print $langs->trans("EnterRefToBuildUrl",$langs->transnoentitiesnoconv("Contract")).': '; + print ''; + print ''; + if (GETPOST('generate_contract_ref')) + { + print ' -> '; + $url=getPaypalPaymentUrl(0,'contractline',GETPOST('generate_contract_ref')); + print $url; + print "
\n"; + } + print '
'; + } } if ($conf->adherent->enabled) { print img_picto('','object_globe.png').' '.$langs->trans("ToOfferALinkForOnlinePaymentOnMemberSubscription",$servicename).':
'; - print ''.DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source=membersubscription&ref=member_ref'.$token.''."
\n"; + print ''.getPaypalPaymentUrl(1,'membersubscription')."
\n"; + if (! empty($conf->global->PAYPAL_SECURITY_TOKEN) && ! empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) + { + $langs->load("members"); + print '
'; + print $langs->trans("EnterRefToBuildUrl",$langs->transnoentitiesnoconv("Member")).': '; + print ''; + print ''; + if (GETPOST('generate_member_ref')) + { + print ' -> '; + $url=getPaypalPaymentUrl(0,'membersubscription',GETPOST('generate_member_ref')); + print $url; + print "
\n"; + } + print '
'; + } } print "
"; diff --git a/htdocs/paypal/lib/paypal.lib.php b/htdocs/paypal/lib/paypal.lib.php index d2245670fc3..f64133e18ff 100755 --- a/htdocs/paypal/lib/paypal.lib.php +++ b/htdocs/paypal/lib/paypal.lib.php @@ -21,6 +21,10 @@ * \ingroup paypal * \brief Library for common paypal functions */ + + + + function llxHeaderPaypal($title, $head = "") { global $user, $conf, $langs; @@ -56,6 +60,7 @@ function llxFooterPaypal() print "\n"; } + /** * Show footer of company in HTML pages * @@ -147,29 +152,103 @@ function paypaladmin_prepare_head() return $head; } + /** + * Return string with full Url * + * @param int $mode 0=True url, 1=Url formated with colors + * @param string $type Type of URL ('free', 'order', 'invoice', 'contractline', 'membersubscription' ...) + * @param string $ref Ref of object + * @param int $amount Amount + * @param string $freetag Free tag + * @return string Url string */ -function getPaypalPaymentUrl($source='',$ref='',$amount=0,$freetag='') +function getPaypalPaymentUrl($mode,$type,$ref='',$amount='9.99',$freetag='your_free_tag') { global $conf; - require_once(DOL_DOCUMENT_ROOT."/lib/security.lib.php"); - if (! empty($source) && ! empty($ref)) - { - $token=''; - if (! empty($conf->global->PAYPAL_SECURITY_TOKEN)) $token='&securekey='.dol_hash($conf->global->PAYPAL_SECURITY_TOKEN.$source.$ref, 2); - - if ($source == 'commande') $source = 'order'; - if ($source == 'facture') $source = 'invoice'; - - $url = DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source='.$source.'&ref='.$ref.$token; - - return $url; - } + if ($type == 'free') + { + $out=DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?amount='.($mode?'':'').$amount.($mode?'':'').'&tag='.($mode?'':'').$freetag.($mode?'':''); + if (! empty($conf->global->PAYPAL_SECURITY_TOKEN)) $out.='&securekey='.$conf->global->PAYPAL_SECURITY_TOKEN; + } + if ($type == 'order') + { + $out=DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source=order&ref='.($mode?'':''); + if ($mode == 1) $out.='order_ref'; + if ($mode == 0) $out.=urlencode($ref); + $out.=($mode?'':''); + if (! empty($conf->global->PAYPAL_SECURITY_TOKEN)) + { + if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) $out.='&securekey='.$conf->global->PAYPAL_SECURITY_TOKEN; + else + { + $out.='&securekey='.($mode?'':''); + if ($mode == 1) $out.="md5('".$conf->global->PAYPAL_SECURITY_TOKEN."'+order_ref)"; + if ($mode == 0) $out.= md5($conf->global->PAYPAL_SECURITY_TOKEN.$ref); + $out.=($mode?'':''); + } + } + } + if ($type == 'invoice') + { + $out=DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source=invoice&ref='.($mode?'':''); + if ($mode == 1) $out.='invoice_ref'; + if ($mode == 0) $out.=urlencode($ref); + $out.=($mode?'':''); + if (! empty($conf->global->PAYPAL_SECURITY_TOKEN)) + { + if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) $out.='&securekey='.$conf->global->PAYPAL_SECURITY_TOKEN; + else + { + $out.='&securekey='.($mode?'':''); + if ($mode == 1) $out.="md5('".$conf->global->PAYPAL_SECURITY_TOKEN."'+invoice_ref)"; + if ($mode == 0) $out.= md5($conf->global->PAYPAL_SECURITY_TOKEN.$ref); + $out.=($mode?'':''); + } + } + } + if ($type == 'contractline') + { + $out=DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source=contractline&ref='.($mode?'':''); + if ($mode == 1) $out.='contractline_ref'; + if ($mode == 0) $out.=urlencode($ref); + $out.=($mode?'':''); + if (! empty($conf->global->PAYPAL_SECURITY_TOKEN)) + { + if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) $out.='&securekey='.$conf->global->PAYPAL_SECURITY_TOKEN; + else + { + $out.='&securekey='.($mode?'':''); + if ($mode == 1) $out.="md5('".$conf->global->PAYPAL_SECURITY_TOKEN."'+contractline_ref)"; + if ($mode == 0) $out.= md5($conf->global->PAYPAL_SECURITY_TOKEN.$ref); + $out.=($mode?'':''); + } + } + } + if ($type == 'membersubscription') + { + $out=DOL_MAIN_URL_ROOT.'/public/paypal/newpayment.php?source=membersubscription&ref='.($mode?'':''); + if ($mode == 1) $out.='member_ref'; + if ($mode == 0) $out.=urlencode($ref); + $out.=($mode?'':''); + if (! empty($conf->global->PAYPAL_SECURITY_TOKEN)) + { + if (empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE)) $out.='&securekey='.$conf->global->PAYPAL_SECURITY_TOKEN; + else + { + $out.='&securekey='.($mode?'':''); + if ($mode == 1) $out.="md5('".$conf->global->PAYPAL_SECURITY_TOKEN."'+member_ref)"; + if ($mode == 0) $out.= md5($conf->global->PAYPAL_SECURITY_TOKEN.$ref); + $out.=($mode?'':''); + } + } + } + return $out; } + /** * Send redirect to paypal to browser * @@ -244,11 +323,11 @@ function print_paypal_redirect($paymentAmount,$currencyCodeType,$paymentType,$re $ErrorLongMsg = urldecode($resArray["L_LONGMESSAGE0"]); $ErrorSeverityCode = urldecode($resArray["L_SEVERITYCODE0"]); - echo "SetExpressCheckout API call failed. \n"; - echo "Detailed Error Message: " . $ErrorLongMsg." \n"; - echo "Short Error Message: " . $ErrorShortMsg." \n"; - echo "Error Code: " . $ErrorCode." \n"; - echo "Error Severity Code: " . $ErrorSeverityCode." \n"; + echo "SetExpressCheckout API call failed.
\n"; + echo "Detailed Error Message: " . $ErrorLongMsg."
\n"; + echo "Short Error Message: " . $ErrorShortMsg."
\n"; + echo "Error Code: " . $ErrorCode."
\n"; + echo "Error Severity Code: " . $ErrorSeverityCode."
\n"; } }