| Server IP : 52.223.31.75 / Your IP : 172.31.32.98 [ Web Server : Apache/2.4.66 () OpenSSL/1.0.2k-fips PHP/7.4.33 System : Linux ip-172-31-14-81.eu-central-1.compute.internal 4.14.281-212.502.amzn2.x86_64 #1 SMP Thu May 26 09:52:17 UTC 2022 x86_64 User : apache ( 48) PHP Version : 7.4.33 Disable Function : NONE Domains : 4 Domains MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /var/www/ripara.co/lib/ |
Upload File : |
<?php
$maillink = getcwd()."/bat/rd-mailform-function.php";
include($maillink);
class AccessManager
{
protected $db;
private $idletime;
function __construct($db){
$this->db = $db;
$this->idletime = 60;
}
public function checkTxnid($txnid) {
try {
$query = $this->db->prepare("SELECT txn_id FROM cliente WHERE txn_id=:txn_id");
$query->bindParam("txn_id", $txnid, PDO::PARAM_STR);
$query->execute();
if ($query->rowCount() <= 0) {
return true;
} else {
return false;
}
} catch (PDOException $e) {
exit($e->getMessage());
}
}
public function RegistraPagamento($post){//,$txn_id, $payment_status, $payer_email, $first_name, $last_name, $address_street, $address_city, $address_state, $address_zip){
//Array ( [mc_gross] => 134.00 [protection_eligibility] => Ineligible [address_status] => confirmed [payer_id] => 488GFF9MU2E7J [address_street] => Via Unit? d'Italia, 5783296 [payment_date] => 09:58:52 Apr 06, 2019 PDT [payment_status] => Pending [charset] => windows-1252 [address_zip] => 80127 [first_name] => test [address_country_code] => IT [address_name] => test buyer [notify_version] => 3.9 [custom] => ordine:63 [payer_status] => verified [address_country] => Italy [address_city] => Napoli [quantity] => 1 [verify_sign] => A9J3rV4Yoys9FC3qB3nIqi7poEhpAah4Tzc860JicufiFA2GydWg8DvF [payer_email] => jam830-buyer@email.it [txn_id] => 8B658441T3803120V [payment_type] => instant [last_name] => buyer [address_state] => NAPOLI [receiver_email] => ebay@ripara.co [shipping_discount] => 0.00 [insurance_amount] => 0.00 [pending_reason] => unilateral [txn_type] => web_accept [item_name] => Ordine ripara.co [discount] => 0.00 [mc_currency] => EUR [item_number] => [residence_country] => IT [test_ipn] => 1 [shipping_method] => Default [transaction_subject] => [payment_gross] => [shipping] => 0.00 [ipn_track_id] => 7e0162241f270 )
// $query = $this->db->prepare("UPDATE transazioni SET payment_status=:payment_status, payer_email=:payer_email, first_name=:first_name, last_name=:last_name, address_street=:address_street, address_city=:address_city, address_state=:address_state, address_zip=:address_zip WHERE txn_id LIKE :txn_id AND idordine=:idordine");
$tmp_idord = explode(":", $post['custom']);
$idordine = intVal($tmp_idord[1]);
$query = $this->db->prepare("INSERT INTO transazioni (txn_id, idordine, payment_status, pending_reason, payment_amount, payer_email, first_name, last_name, address_street, address_city, address_state, address_zip) VALUES (:txn_id, :idordine, :payment_status, :pending_reason, :payment_amount, :payer_email, :first_name, :last_name, :address_street, :address_city, :address_state, :address_zip)");
// $query->bindParam("idordine", $idordine, PDO::PARAM_INT);
$query->bindParam("txn_id", $post['txn_id'], PDO::PARAM_STR);
$query->bindParam("idordine", $idordine, PDO::PARAM_INT);
$query->bindParam("payment_status", $post['payment_status'], PDO::PARAM_STR);
$query->bindParam("payment_amount", $post['mc_gross'], PDO::PARAM_STR);
$query->bindParam("payer_email", $post['payer_email'], PDO::PARAM_STR);
$query->bindParam("first_name", $post['first_name'], PDO::PARAM_STR);
$query->bindParam("last_name", $post['last_name'], PDO::PARAM_STR);
$query->bindParam("address_street", $post['address_street'], PDO::PARAM_STR);
$query->bindParam("address_city", $post['address_city'], PDO::PARAM_STR);
$query->bindParam("address_state", $post['address_state'], PDO::PARAM_STR);
$query->bindParam("address_zip", $post['address_zip'], PDO::PARAM_STR);
$query->bindParam("pending_reason", $post['pending_reason'], PDO::PARAM_STR);
$response = $query->execute();
// echo "\nPDOStatement::errorInfo():\n";
$arr = $query->errorInfo();
//print_r($arr);
if($arr[0]==00000 || $arr[0]="0" || $arr[0]=="00000"){
//$idTrans = $this->db->lastInsertId();
/*
Canceled_Reversal: A reversal has been canceled. For example, you won a dispute with the customer, and the funds for the transaction that was reversed have been returned to you.
Completed: The payment has been completed, and the funds have been added successfully to your account balance.
Created: A German ELV payment is made using Express Checkout.
Denied: You denied the payment. This happens only if the payment was previously pending because of possible reasons described for the pending_reason variable or the Fraud_Management_Filters_x variable.
Expired: This authorization has expired and cannot be captured.
Failed: The payment has failed. This happens only if the payment was made from your customer’s bank account.
Pending: The payment is pending. See pending_reason for more information.
Refunded: You refunded the payment.
Reversed: A payment was reversed due to a chargeback or other type of reversal. The funds have been removed from your account balance and returned to the buyer. The reason for the reversal is specified in the ReasonCode element.
Processed: A payment has been accepted.
Voided: This authorization has been voided.
*/
switch ($post['payment_status']) {
/*case 'Canceled_Reversal':
# code...
break;
case 'Completed':
# code...
break;
case 'Created':
# code...
break;
case 'Expired':
# code...
break;
case 'Failed':
# code...
break;
case 'Pending':
# code...
break;
case 'Refunded':
# code...
break;
case 'Reversed':
# code...
break;
case 'Voided':
# code...
break;*/
case 'Completed':
$status = 10;
break;
case 'Processed':
$status = 10;
break;
default:
$status = 11;
break;
}
$aquery = $this->db->prepare("UPDATE ordine SET idstato=:status, txn_id=:atxn_id WHERE idordine=:aidordine");
$aquery->bindParam("status", $status, PDO::PARAM_INT);
$aquery->bindParam("aidordine", $idordine, PDO::PARAM_INT);
$aquery->bindParam("atxn_id", $post['txn_id'], PDO::PARAM_STR);
$aquery->execute();
$arr = $aquery->errorInfo();
if($status == 10){
//decremento gli ordini
$ordine=$this->GetOrdersById($idordine);
$prod = json_decode($ordine->prodotti,true);
foreach ($prod as $key => $value) {
$aquery = $this->db->prepare("UPDATE prodottoinvendita SET quantita=quantita-1 WHERE idprodotto=:aidprodotto");
$aquery->bindParam("aidprodotto", $value['idprodotto'], PDO::PARAM_STR);
$aquery->execute();
$arr = $query->errorInfo();
}
}
//INVIO E MAIL
try{
$cliente = [];
$query = $this->db->prepare("SELECT cliente.* FROM cliente JOIN ordine on cliente.idcliente = ordine.idcliente WHERE idordine=:idordine");
$query->bindParam("idordine", $idordine, PDO::PARAM_STR);
$query->execute();
if ($query->rowCount() > 0) {
$cliente= $query->fetch(PDO::FETCH_OBJ);
}
}catch(PDOException $e){
// inviaEmail("ordine", "angelo.pescatore@me.com", "DB DIo Gesù:".print_r($e,true));
// inviaEmail("ordine", "ordini@ripara.co", "DB DIo Gesù:".print_r($e,true));
}
$formType="pagamento";
$sendEmail=$cliente->email;
if($status == 10){
$sendMessage="Gentile utente ti ringraziamo di aver effettuato l'ordine, il nostro team gestirà l'ordine nel più breve tempo possibile, da ora puoi effettuare il login e verificare lo stato dell'ordine dal sito https://www.ripara.co <br><br>Grazie di averci preferito!";
$respEmail = inviaEmail("ordine", $sendEmail, $sendMessage);
$sendEmail="ordini@ripara.co";
$sendMessage="Gentile gestore, hai ricevuto il pagamento per l'ordine numero <b>".$idordine."</b>, il numero della transazione è ".$tnx_id.". <br>
<br>Controlla l'ordine dalla piattaforma di gestione!";
$respEmail1 = inviaEmail("ordine", $sendEmail, $sendMessage);
}else{
$sendMessage="Gentile utente ti ringraziamo di aver effettuato l'ordine, il nostro team gestirà l'ordine nel più breve tempo possibile, da ora puoi effettuare il login e verificare lo stato dell'ordine dal sito https://www.ripara.co <br><br>Grazie di averci preferito!";
$respEmail = inviaEmail("ordine", $sendEmail, $sendMessage);
$sendEmail="ordini@ripara.co";
$sendMessage="Gentile gestore, hai ricevuto il pagamento in <b>pending</b> per l'ordine numero <b>".$idordine."</b>. <br>Siete pregati di verificare il tutto presso il sito di pay pal.
<br>Controlla l'ordine dalla piattaforma di gestione!";
$respEmail1 = inviaEmail("ordine", $sendEmail, $sendMessage);
}
return $status;
}
}
/*
public function RegistraPagamento($idordine, $txn_id, $payment_status, $payer_email, $first_name, $last_name, $address_street, $address_city, $address_state, $address_zip){
$query = $this->db->prepare("INSERT INTO notifiche (txn_id, payment_status, payer_email, first_name, last_name, address_street, address_city, address_state, address_zip) VALUES (:txn_id, :payment_status, :payer_email, :first_name, :last_name, :address_street, :address_city, :address_state, :address_zip)");
// $query->bindParam("idordine", $idordine, PDO::PARAM_INT);
$query->bindParam("txn_id", $txn_id, PDO::PARAM_STR);
$query->bindParam("payment_status", $payment_status, PDO::PARAM_STR);
$query->bindParam("payer_email", $payer_email, PDO::PARAM_STR);
$query->bindParam("first_name", $first_name, PDO::PARAM_STR);
$query->bindParam("last_name", $last_name, PDO::PARAM_STR);
$query->bindParam("address_street", $address_street, PDO::PARAM_STR);
$query->bindParam("address_city", $address_city, PDO::PARAM_STR);
$query->bindParam("address_state", $address_state, PDO::PARAM_STR);
$query->bindParam("address_zip", $address_zip, PDO::PARAM_STR);
$response = $query->execute();
// echo "\nPDOStatement::errorInfo():\n";
$arr = $query->errorInfo();
//print_r($arr);
if($arr[0]==00000 || $arr[0]="0" || $arr[0]=="00000"){
$idTrans = $this->db->lastInsertId();
$aquery = $this->db->prepare("UPDATE ordine SET status=10, txn_id=:atxn_id WHERE idordine=:aidordine");
$aquery->bindParam("aidordine", $idordine, PDO::PARAM_STR);
$aquery->bindParam("atxn_id", $txn_id, PDO::PARAM_STR);
$aquery->execute();
$arr = $query->errorInfo();
//decremento gli ordini
$ordine=$this->GetOrdersById($idordine);
$prod = json_decode($ordine['prodotti'],true);
foreach ($prod as $key => $value) {
$aquery = $this->db->prepare("UPDATE prodottoinvendita SET quantita=quantita-1 WHERE idprodotto=:aidprodotto");
$aquery->bindParam("aidprodotto", $prod['idprodotto'], PDO::PARAM_STR);
$aquery->execute();
$arr = $query->errorInfo();
}
}
}
*/
public function GetOrdersById($idordine)
{
try{
$query = $this->db->prepare("SELECT * from ordine WHERE idordine=:idordine");
$query->bindParam("idordine", $idordine, PDO::PARAM_INT);
$query->execute();
if ($query->rowCount() > 0) {
return $query->fetch(PDO::FETCH_OBJ);
}
}catch(PDOException $e){
exit($e->getMessage());
}
}
/*
* Register New User
*
* @param $ragionesociale, $indirizzo, $citta, $codicefiscale, $telefono, $cellulare, $email, $password
* @return ID
* */
public function Register($ragioneSociale, $indirizzo, $citta, $cap, $telefono, $cellulare, $email, $password, $marketing)
{
try {
if(!$this->isEmail($email)){
$sql = "INSERT INTO cliente(ragioneSociale, indirizzo, citta, telefono, cellulare, email, password, marketing) VALUES (:ragioneSociale,:indirizzo,:citta,:telefono,:cellulare,:email,:password, :marketing)";
//$sql = "INSERT INTO cliente(ragioneSociale, indirizzo, citta, cap, telefono, cellulare, email, password, iduser, marketing) VALUES ($ragioneSociale,$indirizzo,$citta,$cap,$telefono,$cellulare,$email,$password,-1, $marketing)";
$query = $this->db->prepare($sql);
$citta = ($citta." - ".$cap);
$query->bindParam("ragioneSociale", $ragioneSociale, PDO::PARAM_STR);
$query->bindParam("indirizzo", $indirizzo, PDO::PARAM_STR);
$query->bindParam("citta", $citta, PDO::PARAM_STR);
$query->bindParam("telefono", $telefono, PDO::PARAM_STR);
$query->bindParam("cellulare", $cellulare, PDO::PARAM_STR);
$query->bindParam("email", $email, PDO::PARAM_STR);
if($marketing)
$marketing=1;
else
$marketing=0;
$query->bindParam("marketing", $marketing, PDO::PARAM_INT);
$enc_password = md5($password);
$query->bindParam("password", $enc_password, PDO::PARAM_STR);
$query->execute();
// echo "\nPDOStatement::errorInfo():\n";
$arr = $query->errorInfo();
if($arr[0]==00000 || $arr[0]==0 || $arr[0]=="0000"){
//INVIO E MAIL
$formType="iscrizione";
$sendEmail=$email;
$sendMessage="Gentile utente ti ringraziamo di aver effettuato la registrazione, da ora puoi effettuare il login ed acquistare i nostri prodotti direttamente dal sito https://www.ripara.co <br><br>Grazie di averci preferito!";
// echo "uno";
$respEmail = inviaEmail($formType, $sendEmail, $sendMessage);
// echo "due";
if('MF000' == $respEmail){
// echo "tre";
return 1;//$this->db->lastInsertId();
}else{
// echo "quattro";
return -2;
}
}else{
print_r($arr);
return -1;
}
}else{
//utente già presente
return -3;
}
} catch (PDOException $e) {
// echo 'dios'.$e;die;
echo $e;
exit($e->getMessage());
}
}
public function contatto($email, $messaggio, $telefono, $nome, $cognome)
{
//INVIO E MAIL
$date = now();
$formType="contatto";
$sendEmail="info@ripara.co";
$sendMessage="Gentile Amministratore, hai ricevuto questo messaggio dal sito:<br>Nome: $nome<br>Cognome: $cognome<br>Telefono:$telefono<br>Email:$email<br>Data:$dat<br>Messaggio:$messaggio!";
$respEmail = inviaEmail($formType, $sendEmail, $sendMessage);
if('MF000' == $respEmail){
return $this->db->lastInsertId();
}else{
return false;
}
}
/*
* Check Username
*
* @param $username
* @return boolean
* */
public function isUsername($username)
{
try {
$query = $this->db->prepare("SELECT idcliente FROM cliente WHERE username=:username");
$query->bindParam("username", $username, PDO::PARAM_STR);
$query->execute();
if ($query->rowCount() > 0) {
return true;
} else {
return false;
}
} catch (PDOException $e) {
exit($e->getMessage());
}
}
/*
* Check Email
*
* @param $email
* @return boolean
* */
public function isEmail($email)
{
try {
$query = $this->db->prepare("SELECT idcliente FROM cliente WHERE email=:email");
$query->bindParam("email", $email, PDO::PARAM_STR);
$query->execute();
if ($query->rowCount() > 0) {
return true;
} else {
return false;
}
} catch (PDOException $e) {
exit($e->getMessage());
}
}
/*
* Login
*
* @param $username, $password
* @return $mixed
* */
public function Login($email, $password)
{
try {
error_log("----------------------------------------------------------------");
error_log("entrato in login");
$query = $this->db->prepare("SELECT idcliente, password FROM cliente WHERE (email=:email)");
$query->bindParam("email", $email, PDO::PARAM_STR);
$query->execute();
error_log("Righe trovate:".$query->rowCount() . " User:".$email ." Pass:". $password);
if ($query->rowCount() > 0) {
error_log("entrato in login2");
$enc_password = md5($password);
$result = $query->fetch(PDO::FETCH_OBJ);
if($result->password == $enc_password){
error_log("LOGIN CORRETTO---------------------------------------------");
return $result->idcliente;
}else{
error_log("LOGIN NON CORRETTO----------------------------------------------------------------");
return false;
}
} else {
return false;
error_log("LOGIN NON CORRETTO----------------------------------------------------------------");
}
} catch (PDOException $e) {
error_log("ERRORE IN LOGIN----------------------------------------------------------------");
exit($e->getMessage());
}
}
private function generateRandomString($length = 10) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
public function checkEmailSended($message){
switch ($message) {
case 'MF001':
return "Indirizzo email non valido!";
break;
case 'MF002':
return "Problema connessione in locale!";
break;
case 'MF004':
return "Non è stato impostato il subject della mail!";
break;
case 'MF000':
return "Email inviata correttamente!";
break;
default:
return "Indirizzo email non valido!";
break;
}
}
public function RecuperaPassword($email)
{
try {
error_log("entrato in recupera pass");
$query = $this->db->prepare("SELECT * FROM cliente WHERE (email=:email)");
$query->bindParam("email", $email, PDO::PARAM_STR);
$query->execute();
if ($query->rowCount() > 0) {
$password = $this->generateRandomString(8);
$enc_password = md5($password);
//INVIO E MAIL
$formType="passwordrecovery";
$sendEmail=$email;
$sendMessage="Gentile utente la tua password è stata modificata come richiesto.<br><br>La nuova password è: ".$password;
$respEmail = inviaEmail($formType, $sendEmail, $sendMessage);
if('MF000' == $respEmail){
//aggiorno db
$query = $this->db->prepare("UPDATE cliente SET password=:password WHERE email=:email");
$query->bindParam("email", $email, PDO::PARAM_STR);
$query->bindParam("password", $enc_password, PDO::PARAM_STR);
$query->execute();
if ($query->rowCount() > 0) {
return 1;
} else {
return -3;
}
}else{
return -1;
}
} else {
return -2;
}
} catch (PDOException $e) {
exit($e->getMessage());
}
}
/*
* get User Details
*
* @param $id_user
* @return $mixed
* */
public function UserDetails($id_user)
{
try {
$query = $this->db->prepare("SELECT id_user, name, username, email FROM user WHERE id_user=:id_user");
$query->bindParam("id_user", $id_user, PDO::PARAM_STR);
$query->execute();
if ($query->rowCount() > 0) {
return $query->fetch(PDO::FETCH_OBJ);
}
} catch (PDOException $e) {
exit($e->getMessage());
}
}
/*
* get Idle Time
*
* @return $int
* */
public function getIdleTime(){
return $this->idletime;
}
}