Devil Killer Is Here MiNi Shell
MiNi SheLL

Current Path : /hermes/bosweb01/b744/uniquehijabs.com/
Linux boscustweb5002.eigbox.net 5.4.91 #1 SMP Wed Jan 20 18:10:28 EST 2021 x86_64
Current File : //hermes/bosweb01/b744/uniquehijabs.com/checkoutpayment(12-1-2010).php
<?php
set_time_limit(0);
require_once 'CallerService.php';
include("file_include.php");
include("security_checkpayment.php"); 



/**
 * Get required parameters from the web form for the request
 */
//this section is for fres registration 
	$paymentType = urlencode($_POST['paymentType']);
	$firstName = urlencode($_POST['firstName']);
	$lastName = urlencode($_POST['lastName']);
	$creditCardType = urlencode($_POST['creditCardType']);
	$creditCardNumber = urlencode($_POST['creditCardNumber']);
	$expDateMonth = urlencode($_POST['expDateMonth']);
	$username = $firstName.' '.$lastName;

// Month must be padded with leading zero

	$padDateMonth = str_pad($expDateMonth, 2, '0', STR_PAD_LEFT);
	$expDateYear = urlencode( $_POST['expDateYear']);
	$month_name = date( 'F', mktime(0, 0, 0, $padDateMonth) );
	$expdate = $padDateMonth.'-'.$expDateYear;
	$date = $padDateMonth.'-'.$expDateYear;
//$myexpdate = mysqltonormal($date);
	$cvv2Number = urlencode($_POST['cvv2Number']);
	$address1 = urlencode($_POST['address1']);
	$city = urlencode($_POST['city']);
	$country = urlencode($_POST['country']);
	$state =urlencode( $_POST['country_pro']);
	$zip = urlencode($_POST['zip_code']);
//Shippment Address
	$shippment_address1 = urlencode($_POST['address_ship']);
	$shippment_city = urlencode($_POST['city_ship']);
	$shippment_country = urlencode($_POST['country_ship']);
	$shippment_state =urlencode( $_POST['state_prov']);
	$shippment_zip = urlencode($_POST['zip_code_ship']);

	$cur_id = $_POST['proid'];
	$amount = $_POST['grand_total'];


	if($_SESSION['currency']!='USD'){
		$amount = changeCurrency($amount,$_SESSION['currency'],'USD');
	}

	//$shipment_price = $_POST['shipment_price'];
	$stotal = $_POST['sub_total'];
	$quantity = $_POST['quantity_'];
	$sub_total =  $stotal;
	
	
	if($_POST['country_'] == 'US'){
		$shipment_price = $_POST['shipment_price_us'];
	}else{
		$shipment_price = $_POST['shipment_price_ot'];
	}
	
	$currencyCode="USD";
	$paymentType=urlencode($_POST['paymentType']);

/* Construct the request string that will be sent to PayPal.
   The variable $nvpstr contains all the variables and is a
   name value pair string with & as a delimiter 
*/

/*

echo $nvpstr="&PAYMENTACTION=$paymentType&AMT=$amount&CREDITCARDTYPE=$creditCardType&ACCT=$creditCardNumber&EXPDATE=".         $padDateMonth.$expDateYear."&CVV2=$cvv2Number&FIRSTNAME=$firstName&LASTNAME=$lastName&STREET=$address1&CITY=$city&STATE=$state".
"&ZIP=$zip&COUNTRYCODE=$country&CURRENCYCODE=$currencyCode"; exit;

*/

$nvpstr="&PAYMENTACTION=$paymentType&AMT=$amount&CREDITCARDTYPE=$creditCardType&ACCT=$creditCardNumber&EXPDATE=".         $padDateMonth.$expDateYear."&CVV2=$cvv2Number&FIRSTNAME=$firstName&LASTNAME=$lastName&STREET=$address1&CITY=$city&STATE=$state".
"&ZIP=$zip&COUNTRYCODE=$country&CURRENCYCODE=$currencyCode";

/* Make the API call to PayPal, using API signature.
   The API response is stored in an associative array called $resArray 
*/
	$resArray=hash_call("doDirectPayment",$nvpstr);

/* Display the API response back to the browser.
   If the response from PayPal was a success, display the response parameters'
   If the response was an error, display the errors received using APIError.php.
*/

$ack = strtoupper($resArray["ACK"]);

	if($ack!="SUCCESS")  {
	
		$_SESSION['okmsg'] = base64_encode("Payment gateway has encountered an error. Please check your account information and try again. Possible reasons for the failure might be:<br><br>
- Credit card number is incorrect.<br>
- Invalid Credit Card Pin code .<br>
- Credit Card has been expired.<br>
- PayPal server is not responded at the moment.<br>
- Some other reasons.<br>
- ".$resArray['L_LONGMESSAGE0']."<br>

If you persist the same problem please try again after some time.<br><br>

Thank you for your patience.");

		header("location:message.php");
		exit;
		
	}else{
		/*START: Insert member into DB  */
			
	$sql_memberpayment="INSERT INTO ".$tblprefix."transactionlog SET transaction_id = '".$resArray['TRANSACTIONID']."' ,  user_id = '".$_SESSION['userid']."' , cc_holder_first_name = '".$firstName."' , cc_holder_last_name = '".$lastName."' , cc_type = '".$creditCardType."' , cc_expirydate = '".$expdate."' ,address1 = '".$address1."' ,  city = '".$city."' , country = '".$country."' , state = '".$state."' , zip_code = '".$zip."',shippment_address1 = '".$shippment_address1."' ,  shippment_city = '".$shippment_city."' , shippment_country = '".$shippment_country."' , shippment_state = '".$shippment_state."' , shippment_zip_code = '".$shippment_zip."',sub_total = '".$sub_total."' , shippment_price = '".$shipment_price."',currency = '".$_SESSION['currency']."', amount = '".$amount."' , transaction_date = '".date('Y-m-d')."', cc_number = '".$creditCardNumber."',payment_type = 'dodirectpayment'";
			
		$rs_memberpayment=$db->Execute($sql_memberpayment);
		
			$lastid = mysql_insert_id(); 
			$sessionid = session_id();
		if($rs_memberpayment){
			
			$qry_usercart="SELECT * FROM ".$tblprefix."cart WHERE  userid='".$_SESSION['userid']."' And transaction_id = '".session_id()."'";
			$rs_cart=$db->Execute($qry_usercart);
			
			while(!$rs_cart->EOF){
			
			$curid = $rs_cart->fields['prod_id'];
			
			$sql_purchaseproducts="INSERT INTO ".$tblprefix."purchaseproducts SET 
																				userid = '".$_SESSION['userid']."',
																				prologid = '".$lastid."', 
																				proid = '".$rs_cart->fields['prod_id']."',
																				catid = '".$rs_cart->fields['catid']."',
																				product_name = '".$rs_cart->fields['prod_name']."',
																				cost = '".$amount."',
																				quantity = '".$rs_cart->fields['prod_quantity']."',
																				purchase_date = '".date('Y-m-d')."',
																				status='0',
																				payment_type = 'dodirectpayment'";
			$rs_purchaseproducts=$db->Execute($sql_purchaseproducts);
			
			$recentid = mysql_insert_id(); 
			
			$qry_purchased_qty="SELECT * FROM ".$tblprefix."purchaseproducts WHERE  id=".$recentid;
			$rs_purchased_qty=$db->Execute($qry_purchased_qty);
			
			$purchase_qty = $rs_purchased_qty->fields['quantity'];
			
			$qry_prod="SELECT * FROM ".$tblprefix."product where id = '".$rs_purchased_qty->fields['proid']."'";
			$rs_prod=$db->Execute($qry_prod); 
			
			$product_qty_in_hand = $rs_prod->fields['product_in_hand']; 
			
			if($product_qty_in_hand == '0'){
				$remaining_qty = '0';
			}else{
				$remaining_qty = $product_qty_in_hand - $purchase_qty;
			}
			$sql_update = "UPDATE ".$tblprefix."product SET 
													product_in_hand = '".$remaining_qty."'
													WHERE id = '".$rs_purchased_qty->fields['proid']."'";
			$rs = $db->Execute($sql_update);
			
			$rs_cart->MoveNext();
			}
		}
		
	include("purchasemailbody.php");
		
		$productDetails = getPurchaseLog($lastid,$_SESSION['userid'],$arr_currsymbol[$_SESSION['currency'].'_SYM']);
		$totalSum = getSumLog($lastid,$_SESSION['userid'],$arr_currsymbol[$_SESSION['currency'].'_SYM']);
		$c_card_info = getccLog($lastid,$_SESSION['userid']);
		$shippment_address_info = getShippmentLog($lastid,$_SESSION['userid']);
		
		// Firt empty the shopping cart against the current user
		
			$newuseremail_qry = "SELECT * FROM ".$tblprefix."emailmanage WHERE email_type = 'purchasingemail'";
			$newuseremail_rs = $db->Execute($newuseremail_qry);
			
			$body = $newuseremail_rs->fields['email_body'];
			$from = $newuseremail_rs->fields['from_name'];
			
			$adminprof_qry = "SELECT noreplyemail,notifyemail FROM ".$tblprefix."admin";
			$adminprof_rs = $db->Execute($adminprof_qry);
			$noreply_email = $adminprof_rs->fields['noreplyemail'];
			$notify_email = $adminprof_rs->fields['notifyemail'];
			
			$siteurl = '<a href="'.MYSURL.'" >Unique Hijab</a>';
			$clickhere = '<a href="'.CLICKURL.'" >Click Here</a>';
					
			$qry_noreply = "SELECT email FROM ".$tblprefix."user WHERE id = '".$_SESSION['userid']."'";
			$rs_newuseremail = $db->Execute($qry_noreply);
			$usermail = $rs_newuseremail->fields['email'];
			
			$subject_admin = $newuseremail_rs->fields['from_subject'];
			
			$search = array('{USERNAME}','{C_CARD_INFO}','{SHIP_ADD_INFO}','{PRODUCT_DETAIL}','{TOTAL_SUM}','{SITE_URL}','{CLICK_HERE}');
			$replace = array($username,$c_card_info,$shippment_address_info,$productDetails,$totalSum,$siteurl,$clickhere);
			
			$body = str_replace($search,$replace,$body);
			$body = '<font face="Arial, Helvetica, sans-serif" style="font-size:12px">'.$body.'</font>';
			
			$mContact = new Mail;
			$mContact->From("$from <$noreply_email>");
			$mContact->To($usermail);
			$mContact->Subject($subject_admin);
			$mContact->Body(stripslashes($body));
			$mContact->Priority(4) ; 
			$mContact->Send();	
			
			$mContact_admin = new Mail;
			$mContact_admin->From("$from <$noreply_email>");
			$mContact_admin->To($notify_email);
			$mContact_admin->Subject("CC: Purchase Invoice for {$username}");
			$mContact_admin->Body(stripslashes($body));
			$mContact_admin->Priority(4) ; 
			$mContact_admin->Send();		
			
			$qry_update = "UPDATE ".$tblprefix."transactionlog SET email_body=".base64_encode($body)." WHERE id='".$lastid."'";
			$rs_update = $db->Execute($qry_update);
			
		$okmsg = "Thank you for shoppig with Unique Hijab store. Your transaction is successfully completed. We have sent you an email with the transaction and other details regarding the shopping you have done. Also you can see more details from <a href='transactiondetail.php'>'Transaction Detail'</a> page that you can see in your <a href='myaccount.php'>'My Account'</a> Section.<br><br>

Thank you and please come back again.";
		$_SESSION['okmsg'] = base64_encode($okmsg);
		header("location:message.php");
		exit;
	}
?>
Creat By MiNi SheLL
Email: devilkiller@gmail.com