working on login

CSI-5510 · Apr 17, 2022 · 3962841 · 3962841
2 parents d523e5c + 0ee0ddb
commit 3962841
Show file tree

Hide file tree

Showing 11 changed files with 500 additions and 124 deletions.
diff --git a/backend/item.php b/backend/item.php
@@ -20,8 +20,8 @@
 
     try{
         switch($GLOBALS['url_loc'][3]){
-            case ADD_TO_CART:
-                $result = Order::addItemToCart($item_data['i_id'], $signed_in);
+            case "add_to_cart":
+                Order::addItemToCart($item_data['i_id'], $signed_in);
                 break;
             case REMOVE_FROM_CART:
                 Order::removeItemFromCart($item_data['i_id'], $signed_in);

diff --git a/backend/listener.php b/backend/listener.php
@@ -0,0 +1,87 @@
+<?php
+// STEP 1: read POST data
+// Reading POSTed data directly from $_POST causes serialization issues with array data in the POST.
+// Instead, read raw POST data from the input stream.
+$raw_post_data = file_get_contents('php://input');
+$raw_post_array = explode('&', $raw_post_data);
+$myPost = array();
+foreach ($raw_post_array as $keyval) {
+  $keyval = explode ('=', $keyval);
+  if (count($keyval) == 2)
+    $myPost[$keyval[0]] = urldecode($keyval[1]);
+}
+// read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
+$req = 'cmd=_notify-validate';
+if (function_exists('get_magic_quotes_gpc')) {
+  $get_magic_quotes_exists = true;
+}
+foreach ($myPost as $key => $value) {
+  if ($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
+    $value = urlencode(stripslashes($value));
+  } else {
+    $value = urlencode($value);
+  }
+  $req .= "&$key=$value";
+}
+
+// Step 2: POST IPN data back to PayPal to validate
+$ch = curl_init('https://ipnpb.paypal.com/cgi-bin/webscr');
+curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
+curl_setopt($ch, CURLOPT_POST, 1);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
+curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
+curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
+curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
+curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
+curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
+// In wamp-like environments that do not come bundled with root authority certificates,
+// please download 'cacert.pem' from "https://curl.haxx.se/docs/caextract.html" and set
+// the directory path of the certificate as shown below:
+// curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
+if ( !($res = curl_exec($ch)) ) {
+  // error_log("Got " . curl_error($ch) . " when processing IPN data");
+  curl_close($ch);
+  exit;
+}
+curl_close($ch);
+
+
+
+// inspect IPN validation result and act accordingly
+if (strcmp ($res, "VERIFIED") == 0) {
+  // The IPN is verified, process it:
+  // check whether the payment_status is Completed
+  // check that txn_id has not been previously processed
+  // check that receiver_email is your Primary PayPal email
+  // check that payment_amount/payment_currency are correct
+  // process the notification
+  // assign posted variables to local variables
+  $item_name = $_POST['item_name'];
+  $item_number = $_POST['item_number'];
+  $payment_status = $_POST['payment_status'];
+  $payment_amount = $_POST['mc_gross'];
+  $payment_currency = $_POST['mc_currency'];
+  $txn_id = $_POST['txn_id'];
+  $receiver_email = $_POST['receiver_email'];
+  $payer_email = $_POST['payer_email'];
+
+  order::completeSuccessfulOrder($item_number, $txn_id);
+
+
+
+
+} else if (strcmp ($res, "INVALID") == 0) {
+  // IPN invalid, log for manual investigation
+  echo "The response from IPN was: <b>" .$res ."</b>";
+
+
+
+
+
+}
+
+
+
+
+
+?> 
diff --git a/backend/orders.php b/backend/orders.php
@@ -0,0 +1,109 @@
+<?php 
+
+    /*
+        $GLOBALS['url_loc'][0] <-- 'public_html'
+        $GLOBALS['url_loc'][1] <-- 'orders'
+        $GLOBALS['url_loc'][2] <-- operation as string
+        $GLOBALS['url_loc'][3] <-- item id as string
+    */
+
+$signed_in = User::isLoggedin();
+$buyingorders = Order::getUsersOrdersAsBuyer();
+
+function imgConvert($blob){
+return 'data:image/jpeg;base64,'.base64_encode($blob);
+}
+
+$protocol = ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
+
+function getUrl($protocol){
+$url = $protocol . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
+return $url;
+}
+
+/*
+getUrl()
+http://localhost/nft/public_html/orders?checkout=id?action=boolean
+
+<?php echo "".getUrl()."?checkout=#?cancel=true"; ?>
+<?php echo "".getUrl()."?checkout=#?ipn_listener=paypal"; ?>
+<?php echo "".getUrl()."?checkout=#?success=true"; ?>
+*/
+
+
+//testmode enables sandbox
+$testmode = true;
+$paypalurl = $testmode ? 'https://ipnpb.sandbox.paypal.com/cgi-bin/webscr' : 'https://ipnpb.paypal.com/cgi-bin/webscr';
+$cancelurl = "".getUrl($protocol)."?checkout=#?cancel=true";
+$ipnurl = $protocol . $_SERVER['HTTP_HOST'] . "/nft/".$GLOBALS["url_loc"][0]."/listener";
+$successurl = "".getUrl($protocol)."?checkout=#?success=true";
+
+
+if(isset($_POST["placeorder"]) || isset($_POST["paypal"])){
+
+    $data = array(
+        'cmd'			=> '_cart',
+        'upload'        => '1',
+        'lc'			=> 'EN',
+        'business' 		=> 'payments@imperfectandcompany.com',
+        'cancel_return'	=> ''.$cancelurl.'',
+        'notify_url'	=> ''.$ipnurl.'',
+        'currency_code'	=> 'USD',
+        'return'        => ''.$successurl.'',
+    );
+
+	$cartOrders = Order::getOrderDetails($_POST["itemid"]);
+
+    for ($i = 0; $i < count($cartOrders); $i++) {
+		//order_id
+        $data['item_number_' . ($i+1)] = $cartOrders[$i]['o_id'];
+		//item name
+        $data['item_name_' . ($i+1)] = $cartOrders[$i]['i_name'];
+		//current price
+        $data['amount_' . ($i+1)] = $cartOrders[$i]['current_price'];
+    }
+
+	header('location:' . $paypalurl . '?' . http_build_query($data));
+    // End script
+    exit;
+	}
+
+if($_SERVER['REQUEST_METHOD'] == "GET"){
+	if (isset($_GET['ipn_listener']) && $_GET['ipn_listener'] == 'paypal') {
+    // Get all input variables and convert them all to URL string variables
+    $raw_data = file_get_contents('php://input');
+    $raw_array = explode('&', $raw_data);
+    $myPost = [];
+
+
+
+
+echo $myData;
+echo var_dump($myData);
+	}
+}
+
+
+
+
+//if id is specified after operation as string is given
+if($GLOBALS['url_loc'][2]){
+	    try{
+        switch($GLOBALS['url_loc'][2]){
+            case "remove_from_cart":
+                Order::removeItemFromCart($GLOBALS['url_loc'][3], $signed_in);
+                break;
+			default:
+			//returns them back to the default item page
+				header("location:./");
+				break;
+        }
+    } catch(Exception $e) {
+        $result = $e->getMessage();
+    }
+}
+
+
+
+
+?>
diff --git a/classes/class.order.php b/classes/class.order.php
@@ -17,12 +17,11 @@ public static function isItemOpen($itemid)
 	{
 		//check to see if the item has an open order
 		//also checks to see if a seller exists already
-		// if (DatabaseConnector::query('SELECT o_id FROM orders WHERE o_item_id=:itemid AND o_status="open" AND o_seller_id IS NULL', array(':itemid'=>$itemid))) {
-		// 	return true;
-		// 	} else {
-		// return false;			
-		// 	}
-		return DatabaseConnector::query('SELECT o_id FROM orders WHERE o_item_id=:itemid AND o_status="open" AND o_seller_id IS NULL', array(':itemid'=>$itemid));
+		if (DatabaseConnector::query('SELECT o_id FROM orders WHERE o_item_id=:itemid AND o_status="open" AND o_buyer_id IS NULL', array(':itemid'=>$itemid))) {
+			return true;
+			} else {
+		return false;			
+			}
 	}
 
 	public static function isItemPending($itemid)
@@ -42,12 +41,11 @@ public static function isItemPending($itemid)
 	public static function isItemInUserCart($itemid, $userid)
 	{
 		//check to see if the item is already added to the users cart
-		// if (DatabaseConnector::query('SELECT o_id FROM orders WHERE o_item_id=:itemid AND o_seller_id=:userid AND o_status="pending"', array(':itemid'=>$itemid, ':userid'=>$userid))) {
-		// 	return true;
-		// 	} else {
-		// return false;			
-		// 	}
-		return DatabaseConnector::query('SELECT o_id FROM orders WHERE o_item_id=:itemid AND o_seller_id=:userid AND o_status="pending"', array(':itemid'=>$itemid, ':userid'=>$userid));
+		if (DatabaseConnector::query('SELECT o_id FROM orders WHERE o_item_id=:itemid AND o_buyer_id=:userid AND o_status="pending"', array(':itemid'=>$itemid, ':userid'=>$userid))) {
+			return true;
+			} else {
+		return false;			
+			}
 	}
 
 
@@ -60,57 +58,42 @@ public static function isItemInUserCart($itemid, $userid)
 	*/
 
 	public static function addItemToCart($itemid, $userid)
-	{
-		// //make sure item is open and available
-		// if(self::isItemOpen($itemid)){
-		// 	//good! the item is open and without a seller id.
-		// 	//lets make sure the user isn't adding an item that he already owns
-		// 	if(self::isUsersListing($itemid, $userid) == false){
-
-		// 		//since the user doesn't own the item we can proceed!
-		// 		if(self::isItemInUserCart($itemid, $userid)== false){
-
-		// 			//since item isn't in the user cart we can proceed
-		// 			//looks like the item is ready to add into the cart...
-		// 			//lets add a seller id to the order!
-		// 			DatabaseConnector::query('UPDATE orders SET o_seller_id=:sellerid, o_status="pending" WHERE o_item_id=:itemid AND o_status="open" AND o_seller_id IS NULL', array(':sellerid'=>$userid, ':itemid'=>$itemid));
-		// 		}
-		// 		else {
-		// 		return false;
-		// 		}
-		// 	} else {
-		// 	return false;
-		// 	}
-		// } else {
-		// return false;
-		// }
-		if(!self::isItemOpen($itemid)){
-			return false;
-		}
-		if(self::isUsersListing($itemid, $userid)){
-			return false;
-		}
-		if(self::isItemInUserCart($itemid, $userid)){
-			return false;
-		}
-		DatabaseConnector::query('UPDATE orders SET o_seller_id=:sellerid, o_status="pending" WHERE o_item_id=:itemid AND o_status="open" AND o_seller_id IS NULL', array(':sellerid'=>$userid, ':itemid'=>$itemid));
-	}
+   {
+        //make sure item is open and available
+        if(self::isItemOpen($itemid)){
+            //good! the item is open and without a seller id.
+            //lets make sure the user isn't adding an item that he already owns
+            if(self::isUsersListing($itemid, $userid) == false){
+                //since the user doesn't own the item we can proceed!
+                if(self::isItemInUserCart($itemid, $userid)== false){
+                    //since item isn't in the user cart we can proceed
+                    //looks like the item is ready to add into the cart...
+                    //lets add a seller id to the order!
+					DatabaseConnector::query('UPDATE orders SET o_buyer_id=:buyerid, o_status="pending" WHERE o_item_id=:itemid AND o_status="open" AND o_buyer_id IS NULL AND o_seller_id IS NOT NULL', array(':itemid'=>$itemid, ':buyerid'=>$userid));
+                }
+                else {
+                return false;
+                }
+            } else {
+            return false;
+            }
+        } else {
+        return false;
+        }
+    }
 
 	public static function removeItemFromCart($itemid, $userid)
 	{
-			// //lets make sure the user isn't removing an item that he already owns
-			// if(self::isUsersListing($itemid, $userid) == false){
-			// 	//since the user doesn't own the item we can proceed!
-			// 	//check to see if item is currently in cart.
-			// 	if(self::isItemInUserCart($itemid, $userid)== true){
-			// 		//since item isn't in the user cart we can proceed
-			// 		//looks like the item is ready to add into the cart...
-			// 		//lets remove the seller_id from theo rder!
-			// 		DatabaseConnector::query('UPDATE orders SET o_seller_id=NULL, o_status=NULL WHERE o_item_id=:itemid AND o_status="pending" AND o_seller_id=:sellerid', array(':itemid'=>$itemid, ':sellerid'=>$userid));
-			// 	}
-			// }
-			if(self::isUsersListing($itemid, $userid)){
-				return;
+			//lets make sure the user isn't removing an item that he already owns
+			if(self::isUsersListing($itemid, $userid) == false){
+				//since the user doesn't own the item we can proceed!
+				//check to see if item is currently in cart.
+				if(self::isItemInUserCart($itemid, $userid)== true){
+					//since item isn't in the user cart we can proceed
+					//looks like the item is ready to add into the cart...
+					//lets remove the seller_id from the order!
+					DatabaseConnector::query('UPDATE orders SET o_buyer_id=NULL, o_status="open" WHERE o_item_id=:itemid AND o_status="pending" AND o_buyer_id=:buyerid', array(':itemid'=>$itemid, ':buyerid'=>$userid));
+				}
 			}
 			if(!self::isItemInUserCart($itemid, $userid)){
 				return;
@@ -124,7 +107,31 @@ public static function getUsersOrdersCount()
 	{
 		$userid = User::isLoggedIn();
 		return DatabaseConnector::query('SELECT COUNT(*) FROM orders WHERE o_seller_id=:userid OR o_buyer_id=:userid', array(':userid'=>$userid))[0]['COUNT(*)'];
+	}
+
+	public static function getUsersOrdersAsSeller()
+	{
+		$userid = User::isLoggedIn();
+		return DatabaseConnector::query('SELECT * FROM orders WHERE o_seller_id=:userid', array(':userid'=>$userid))[0]['COUNT(*)'];
+	}
+
+	public static function getUsersOrdersAsBuyer()
+	{
+		$userid = User::isLoggedIn();
+		return DatabaseConnector::query('SELECT o_id, o_item_id, o_seller_id, o_status, i_name, i_image FROM orders o JOIN item as i on o_item_id=i_id WHERE o_buyer_id=:userid', array(':userid'=>$userid));
 	}	
+
+	public static function completeSuccessfulOrder($item_number, $txn_id)
+   {
+		DatabaseConnector::query('UPDATE orders SET o_transaction_id=:taxid, o_status="fulfilled" WHERE o_id=:orderid AND o_status="pending" AND o_buyer_id IS NOT NULL AND o_seller_id IS NOT NULL', array(':orderid'=>$item_number, ':taxid'=>$txn_id));
+    }
+
+	//gets order id, price, and name of an item that the user is intending to buy
+	public static function getOrderDetails($itemid)
+		{
+			$userid = User::isLoggedIn();
+			return DatabaseConnector::query('SELECT o_id, current_price, i_name FROM orders o JOIN item as i on o_item_id=i_id WHERE o_buyer_id=:userid and o_item_id=:itemid', array(':itemid'=>$itemid, ':userid'=>$userid));
+		}			
 }
 
 ?>