Devil Killer Is Here MiNi Shell
MiNi SheLL

Current Path : /hermes/bosnacweb04/bosnacweb04ac/b1072/ipg.liuyuan7592410/wb_ecom/square/
Linux boscustweb5004.eigbox.net 5.4.91 #1 SMP Wed Jan 20 18:10:28 EST 2021 x86_64
Current File : /hermes/bosnacweb04/bosnacweb04ac/b1072/ipg.liuyuan7592410/wb_ecom/square/process_payment.php
<?PHP 
	/*echo "{\"title\":\"Payment Successful\",\"result\":{\"payment\":{\"id\":\"PFfGbiOZ5ZYzZCxzl7ou43mORfEZY\",\"amount_money\":{\"amount\":100,\"currency\":\"CAD\"},\"created_at\":\"2020-09-25T12:53:03.580Z\",\"updated_at\":\"2020-09-25T12:53:03.861Z\",\"total_money\":{\"amount\":100,\"currency\":\"CAD\"},\"status\":\"COMPLETED\",\"source_type\":\"CARD\",\"card_details\":{\"status\":\"CAPTURED\",\"card\":{\"card_brand\":\"VISA\",\"last_4\":\"1111\",\"exp_month\":12,\"exp_year\":2021,\"fingerprint\":\"sq-1-vRkwwOW8JURE-74A0TZ9wAD8uMB2Ggjv7efnxZQRor4UxQ534Vzd6OuO_lS5Bi6V-g\"},\"entry_method\":\"KEYED\",\"cvv_status\":\"CVV_ACCEPTED\",\"avs_status\":\"AVS_ACCEPTED\"},\"location_id\":\"L7J6MWZ0G6QD2\",\"order_id\":\"s1KtiNhZDdRvuEPW3dlJ31MVB89YY\"}}}";*/

	header('Content-Type: application/json');

	$data=json_decode(file_get_contents("php://input"));
	//some code
	/*echo json_encode($data);
	die();

	$data1 = '{"nonce": "cnon:CBASEM0Jk_ANYNMuvHfkkclKJdQ","pay_gw": "square", "amount_payable": 11.3,"cardData":{"billing_postal_code": "L3R1P9","card_brand": "VISA","digital_wallet_type": "NONE","exp_month": 12,"exp_year": 2021,"last_4": "1111"},"ship_info":{"address1": "91 Emmeloord Cres","address2": "unit 9","city": "Markham","pc": "L3R1P9","phone": "4165086738","province": "ON","receiver": "Cheng Mu"},"coupon":{"id":"1","code":"2020THANKS","discount":"20"}}';
	$data = json_decode($data1);*/


	//var_dump($data);

    require "../connection.inc.php";
	require "../functions.inc.php";
	require 'autoload.php';

	use Square\SquareClient;
	use Square\LocationsApi;
	use Square\Exceptions\ApiException;
	use Square\Http\ApiResponse;
	use Square\Models\ListLocationsResponse;
	use Square\Environment;

	$user_id = $_SESSION['USER_ID'];
	$shipping_method= $data->ship_info->shipping_method;
	$inventory_retailer = $data->ship_info->inventory_retailer;
	$receiver = $data->ship_info->receiver;
	$address1 = $data->ship_info->address1;
	$address2 = $data->ship_info->address2;
	$city = $data->ship_info->city;
	$province = $data->ship_info->province;
	$pc = $data->ship_info->pc;
	$phone = $data->ship_info->phone;

	$coupon_id = $data->coupon->id;
	$coupon_code = $data->coupon->code;
	$coupon_discount = $data->coupon->discount;

	$pmnt_gw = $data->pay_gw;
	$payment_type = $data->cardData->card_brand;
	$last_4 = $data->cardData->last_4;
	$exp_month = $data->cardData->exp_month;
	$exp_year = $data->cardData->exp_year;
	$billing_pc = $data->cardData->billing_postal_code;

	$payment_status = 'pending'; 
	$order_status = ORDER_STATUS_PENDING;
	$added_on = date("Y-m-d h:i:s");

	$nonce = $data->nonce;
	$amount_payable = $data->amount_payable;
	$currency = "CAD";
	$idempotency_key = uniqid();  // max 45 characters
	$app_fee_rate = 0.01;
	$payment_note = ""; // max 500 characters
	$statementDescription = "xiaojiabiyu.com"; //max 20 characters

	/**
	 * 把收费请求的数据存入DB。
	 * @var string
	 */
	$sql = "insert into t_payment(pmnt_gw,pmnt_type,last_4,exp_mon,exp_yr,bpc,pmnt_status,token,idempotency_key,added_on) values ('$pmnt_gw','$payment_type','$last_4','$exp_month','$exp_year','$billing_pc','$payment_status','$nonce','$idempotency_key','$added_on')";
	mysqli_query($con,$sql);
	$payment_id = mysqli_insert_id($con);

	if($inventory_retailer!=0){
		$res = mysqli_query($con,"select master_retailer from t_users where id='$user_id'");
		$row = mysqli_fetch_assoc($res);
		$master_retailer = $row['master_retailer'];
		if(($master_retailer==0)||(canChangeMasterRetailer($con,$user_id,$inventory_retailer))){
			mysqli_query($con,"update t_users set master_retailer=$inventory_retailer");
		}
	}

	/**
	 * 判断输入参数retailer_id是否可设置为某客户专属服务顾问
	 * 判断依据1，该客户注册1年以上，并且在过去的1年内所有取货服务都是指定的retailer_id提供的，
	 * 满足这个要求，则可以更换该客户的masterRetailer
	 * @return boolean [description]
	 */
	function canChangeMasterRetailer($con,$user_id,$retailer_id,$past_days="365"){
		$result = false;

		$sql = "select a.id,b.inventory_retailer from (select * from t_users where id='$user_id' and master_retailer<>'$retailer_id' and DATE_SUB(CURDATE(), INTERVAL $past_days DAY)>date(added_on)) a left join (select user_id,inventory_retailer from t_order where user_id=$user_id and DATE_SUB(CURDATE(), INTERVAL $past_days DAY)<=date(added_on) group by inventory_retailer) b on a.id=b.user_id";

		$res = mysqli_query($con,$sql);
		if(mysqli_num_rows($res)==1){
			$row = mysqli_fetch_assoc($res);
			if($row['inventory_retailer']==$retailer_id){
				$result = true;
			}
		};
		return $result;
	}

	/**
	 * 处理普通购物车，如果客户使用coupon，只能用于普通购物车，而不能用于预购购物车。
	 */
	$total_price = 0;
	$coupon_discount = 0;
	if((isset($_SESSION['cart']))&&(count($_SESSION['cart'])>0)){
		$sql_new_order = "insert into t_order(user_id,shipping_method,inventory_retailer,receiver,address1,address2,city,province,pc,phone,order_status,payment_id,added_on) values('$user_id','$shipping_method','$inventory_retailer','$receiver','$address1','$address2','$city','$province','$pc','$phone','$order_status','$payment_id','$added_on')";
		mysqli_query($con,$sql_new_order);
		$order_id = mysqli_insert_id($con);
		$cart_sub_total = 0;

		/* 提交订单时，付款前，验证coupon。*/
		if($coupon_id!=""){
			$rt = applyCoupon($con,$coupon_code);
			if($rt['is_err']=="yes"){
				echo getRtnStr("Payment failed","Coupon:".$rt["error"]);
				die();
			}else{
				$coupon_discount = $rt["discount"];
				$amount_payable = $rt["final_price"];
				$sql = "update t_order set coupon_id='$coupon_id',coupon_value='$coupon_discount' where id='$order_id'";
				mysqli_query($con,$sql);
			}
		}

		/* 提交订单时，付款前，最后查看提交购买额数量是否大于当前库存数量，如果大于，则rollback在数据库t_order_details插入的数据，
	    并返回一个库存量不足的错误信息。*/
		mysqli_query($con,"LOCK TABLES t_order_details,t_product,t_order WRITE");
		mysqli_autocommit($con, FALSE);
	//	mysqli_query($conn, "SET AUTOCOMMIT=0");

		$has_error = "";
		$sql = "insert into t_order_details(order_id,pid,qty,price) values ";
		$values = "";
		foreach($_SESSION['cart'] as $pid=>$value){
			$productArr = get_product($con,'','',$pid);
			$sold_qty = getSoldQtybyProductId($con,$pid);
			$total_qty = getProductQty($con,$pid);
			$available_qty = $total_qty-$sold_qty;
			if($value['qty']>$available_qty){
				$has_error = "yes";
				break;
			}
//			$pname = $productArr[0]['name'];
//			$mrp = $productArr[0]['mrp'];
			$price = $productArr[0]['price'];
//			$image = $productArr[0]['image'];
			$qty = $value['qty'];
			$cart_sub_total += $price*$qty;

			$values .= ",('$order_id','$pid','$qty','$price')";
		}
		$sql .=substr($values,1);
		if($has_error=="yes"){
			mysqli_rollback($con);
			mysqli_query($con,"UNLOCK TABLES");
			$result = ($available_qty<=0)?"out of stock.":"only have ".$available_qty." left in stock.";
			echo getRtnStr("Payment failed",$productArr[0]['name']." : ".$result);
			die();
		}else{
			mysqli_query($con,$sql);
			mysqli_commit($con);
		}
		mysqli_query($con,"UNLOCK TABLES");

		$tax = $cart_sub_total*TAX_RATE;
		$cart_total = $cart_sub_total + $tax;
		$total_price = $cart_total;
		$sql = "update t_order set sub_total='$cart_sub_total', tax='$tax', total_price='$total_price',final_price='".($total_price-$coupon_discount)."' where id='$order_id'";
		mysqli_query($con,$sql);
	}

	/**
	 * 处理预购购物车，在t_pre_order和t_pre_order_details中创建预购订单记录。
	 * 预购订单，每个产品单独生成一个pre_order, 预付款按照第一销量目标对应的价格计算。
	 */
	$presale_cart_sub_total =0;
	if((isset($_SESSION['pre_cart']))&&(count($_SESSION['pre_cart'])>0)){
		foreach($_SESSION['pre_cart'] as $pid=>$value){
			$productArr = get_presale_product($con,$pid,$value['ppid']);
			$price = $productArr[0]['price1'];
			$qty = $value['qty'];
			$ppid = $value['ppid'];
			$sub_total =  $price*$qty;
			$sub_tax = $sub_total*TAX_RATE;
			$order_total =  $sub_total+$sub_tax;
			$presale_cart_sub_total += $order_total;

			$sql_new_pre_order = "insert into t_pre_order(user_id,shipping_method,inventory_retailer,receiver,address1,address2,city,province,pc,phone,sub_total,tax,total_price,order_status,payment_id,added_on) values('$user_id','$shipping_method','$inventory_retailer','$receiver','$address1','$address2','$city','$province','$pc','$phone','$sub_total','$sub_tax','$order_total','$order_status','$payment_id','$added_on')";
			mysqli_query($con,$sql_new_pre_order);
			$poid = mysqli_insert_id($con);

			$sql_new_pre_order_details = "insert into t_pre_order_details (order_id,ppid,pid,price,qty,deposit) values ('$poid','$ppid','$pid','$price','$qty','$order_total')";
			mysqli_query($con,$sql_new_pre_order_details);
		}
	}

	/** 更新t_payment中付款金额 */
	$total_price += $presale_cart_sub_total;
	$ref_id = $user_id."-".date("YmdHis")."-".rand(111111111,999999999); // max 40 characters
	$sql = "update t_payment set amount='".($total_price-$coupon_discount)."',ref_id='$ref_id' where id='$payment_id'";
	mysqli_query($con,$sql);


	$client = new SquareClient([
		'accessToken' => 'EAAAECJ5XxUOVUhvgadKU0g5F6znrSU1iiHWRBfgPseGYsDd11EUV87Qzue9kvjV',
		'environment' => Environment::PRODUCTION,
//		'accessToken' => 'EAAAEJXdYtVzWaxfvJz9G2vGFWQ9Wc__sdwWYbw3BiGABdchqOxXEgXKIARraR5y',
//		'environment' => Environment::SANDBOX,	]);

	try {
		$amount_money = new \Square\Models\Money();
		$amount_money->setAmount($amount_payable);
		$amount_money->setCurrency($currency);

		$app_fee_money = new \Square\Models\Money();
		$app_fee_money->setAmount($amount_payable*$app_fee_rate);
		$app_fee_money->setCurrency($currency);

		$body = new \Square\Models\CreatePaymentRequest(
			$nonce,
		    $idempotency_key,
		    $amount_money
		);
		$body->setAppFeeMoney($app_fee_money);
		$body->setAutocomplete(true);
		// $body->setCustomerId('VDKXEEKPJN48QDG3BGGFAK05P8');
		// $body->setLocationId('XK3DBG77NJBFX');
		$body->setReferenceId($ref_id);
		$body->setNote($payment_note);
		$body->setStatementDescriptionIdentifier($statementDescription);

		$api_response = $client->getPaymentsApi()->createPayment($body);

		if ($api_response->isSuccess()) {
			$result = json_decode(json_encode($api_response->getResult()));
			if($result->payment->status=="COMPLETED"){
				successPayment($con,$payment_id,$result);  // 需要修改代码
				$res = getRtnStr("Payment Successful",$result);
				sendInvoiceMail($con,$payment_id);		// 需要修改代码
			}else{
				switch($result->payment->status){
					case "APPROVED":
						$res = getRtnStr("Payment uncompleted","Insufficient funds on your card. please change another card to try!");
					break;
					case "FAILED":
						$res = getRtnStr("Payment failed","Failed to pay!");
					break;
					case "CANCELED":
						$res = getRtnStr("Payment canceled","Payment has been canceled!");
				}
			}
		} else {
			$errors = $api_response->getErrors();
			failedPayment($con,$payment_id,json_decode(json_encode($errors[0])));  // 需要修改代码
			$res = getRtnStr("Payment failed",$errors[0]);
		}
		echo $res;
		die();
		header("location:../thank_you.php");

		// $locationsApi = $client->getLocationsApi();
		// $apiResponse = $locationsApi->listLocations();

		// if ($apiResponse->isSuccess()) {
		// 	$listLocationsResponse = $apiResponse->getRtnStr();
		// 	$locationsList = $listLocationsResponse->getLocations();
		// 	foreach ($locationsList as $location) {
		// 		print_r($location);
		// 	}
		// } else {
		// 	print_r($apiResponse->getErrors());
		// }
	} catch (ApiException $e) {
		print_r("Recieved error while calling Square: " . $e->getMessage());
	}

	function getRtnStr($title,$result){
		$res = new stdClass();
		$res->title = $title;
		$res->result = $result;

		return json_encode($res);
	}

	function successPayment($con,$payment_id,$payment_res){
		$pay_res_id = saveSuccessPaymentDB($con,$payment_res);
		updateOrderStatusDB($con,$payment_id, $payment_res->payment->status,ORDER_STATUS_PROCESSING,$pay_res_id);  
		unset($_SESSION['cart']);
		unset($_SESSION['pre_cart']);
		unset($_SESSION['COUPON']);
	}

	function updateOrderStatusDB($con,$payment_id,$payment_status,$order_status,$pay_res_id){
		$sql = "update t_payment a, t_order b set a.pmnt_status='$payment_status', a.pay_res_id='$pay_res_id',b.order_status='$order_status' where a.id='$payment_id' and a.id=b.payment_id";
		mysqli_query($con,$sql);
		$sql = "update t_payment a, t_pre_order b set a.pmnt_status='$payment_status', a.pay_res_id='$pay_res_id',b.order_status='$order_status' where a.id='$payment_id' and a.id=b.payment_id";
		mysqli_query($con,$sql);

		if($payment_status=="FAILED"){
			$sql = "update t_order_details a,t_order c set a.qty=0 where a.order_id=c.id and c.payment_id='$payment_id'";
			mysqli_query($con,$sql);	
			$sql = "update t_pre_order_details b,t_pre_order d set b.qty=0 where b.order_id=d.id and d.payment_id='$payment_id'";
			mysqli_query($con,$sql);
		}
	}

	function saveSuccessPaymentDB($con,$payment_res){
		$str_fields = "pay_amount,pay_currency,app_fee_amount,app_fee_currency,total_amount,total_currency,avs_status,vcc_status,entry_method,card_state_desc,card_status,card_bin,card_brand,card_type,card_ex_mon,card_ex_yr,card_last_4,card_fingerprint,created_at,update_at,delay_action,delay_duration,delayed_until,payment_id,location_id,note,order_id,receipt_num,receipt_url,ref_id,source_type,payment_state_desc,payment_status";
		$str_values = "'".$payment_res->payment->amount_money->amount."',
				'".$payment_res->payment->amount_money->currency."',
				'".$payment_res->payment->app_fee_money->amount."',
				'".$payment_res->payment->app_fee_money->currency."',
				'".$payment_res->payment->total_money->amount."',
				'".$payment_res->payment->total_money->currency."',
				'".$payment_res->payment->card_details->avs_status."',
				'".$payment_res->payment->card_details->cvv_status."',
				'".$payment_res->payment->card_details->entry_method."',
				'".$payment_res->payment->card_details->statement_description."',
				'".$payment_res->payment->card_details->status."',
				'".$payment_res->payment->card_details->card->bin."',
				'".$payment_res->payment->card_details->card->card_brand."',
				'".$payment_res->payment->card_details->card->card_type."',
				'".$payment_res->payment->card_details->card->exp_month."',
				'".$payment_res->payment->card_details->card->exp_year."',
				'".$payment_res->payment->card_details->card->last_4."',
				'".$payment_res->payment->card_details->card->fingerprint."',
				'".$payment_res->payment->created_at."',
				'".$payment_res->payment->updated_at."',
				'".$payment_res->payment->delay_action."',
				'".$payment_res->payment->delay_duration."',
				'".$payment_res->payment->delayed_until."',
				'".$payment_res->payment->id."',
				'".$payment_res->payment->location_id."',
				'".$payment_res->payment->note."',
				'".$payment_res->payment->order_id."',
				'".$payment_res->payment->receipt_number."',
				'".$payment_res->payment->receipt_url."',
				'".$payment_res->payment->reference_id."',
				'".$payment_res->payment->source_type."',
				'".$payment_res->payment->statement_description_identifier."',
				'".$payment_res->payment->status."'";
		$sql = "insert into t_payment_success ($str_fields) values($str_values)";
		mysqli_query($con,$sql);
		$payment_id = mysqli_insert_id($con);
		return $payment_id;
	}

	function failedPayment($con,$payment_id,$err){
		$pay_res_id = saveFailedPaymentDB($con,$payment_id,$err);   //需要修改代码

		updateOrderStatusDB($con,$payment_id, "FAILED",ORDER_STATUS_PENDING, $pay_res_id);
	}

	function saveFailedPaymentDB($con,$payment_id,$err){
		$str_fields = "payment_id,category,err_code,detail,added_on";
		$str_values = "'".$payment_id."','".$err->category."','".$err->code."','".$err->detail."','".date("Y-m-d H:i:s")."'";
		$sql = "insert into t_payment_failed ($str_fields) values($str_values)";
		mysqli_query($con,$sql);

		return mysqli_insert_id($con);
	}

	function sendInvoiceMail($con,$payment_id){
		$user_email = "";
		$html = setInvoice($con,$payment_id,$user_email);
		if(!isValidEmailAddress($user_email)){
			return ;
		}

		include('../smtp/PHPMailerAutoload.php');
		$mail=new PHPMailer(true);
		$mail->CharSet = 'UTF-8';
		$mail->isSMTP();
		/*$mail->Host="smtp.gmail.com";
		$mail->Port=587;
		$mail->SMTPSecure="tls";
		$mail->SMTPAuth=true;
		$mail->Username="nailclub3@gmail.com";
		$mail->Password="mucheng123";
		$mail->SetFrom("nailclub3@gmail.com");*/
		$mail->Host="smtp.biyuxiaojia.com";
		$mail->Port=587;
		$mail->SMTPSecure="tls";
		$mail->SMTPAuth=true;
		$mail->Username="info@biyuxiaojia.com";
		$mail->Password="Mucheng$123";
		$mail->SetFrom("info@biyuxiaojia.com");		$mail->addAddress($user_email);
		$mail->IsHTML(true);
		$mail->Subject="biyuxiaojia.com Invoice.";
		$mail->Body=$html;
		$mail->SMTPOptions=array('ssl'=>array(
			'verify_peer'=>false,
			'verify_peer_name'=>false,
			'allow_self_signed'=>false
		));
		if($mail->send()){
			//echo "Please check Your email for password.";
		}else{
			//echo "Error occur. Please try later!";
		}
	}
?>
Creat By MiNi SheLL
Email: devilkiller@gmail.com