Merge pull request #236 from gpedro/feat/pagseguro

resolves #161
2025-04-29 18:59:21 +02:00 · 2016-05-06 14:30:44 +02:00 · 2016-05-06 14:30:44 +02:00 · db47690e7f
commit db47690e7f
parent fb32e03ead 816801880f
5 changed files with 274 additions and 2 deletions
--- a/buypoints.php
+++ b/buypoints.php
@ -3,6 +3,7 @@ protect_page();
 include 'layout/overall/header.php'; 

 // Import from config:
+$pagseguro = $config['pagseguro'];
 $paypal = $config['paypal'];
 $prices = $config['paypal_prices'];

@ -54,6 +55,25 @@ if ($paypal['enabled']) {
 </table>
 <?php } ?>

+<?php
+if ($config['pagseguro']['enabled'] == true) {
+?>
+	<h2>Buy points using Pagseguro:</h2>
+	<form target="pagseguro" action="https://<?=$pagseguro['urls']['www']?>/checkout/checkout.jhtml" method="post">
+		<input type="hidden" name="email_cobranca" value="<?=$pagseguro['email']?>">
+		<input type="hidden" name="tipo" value="CP">
+		<input type="hidden" name="moeda" value="<?=$pagseguro['currency']?>">
+		<input type="hidden" name="ref_transacao" value="<?php echo (int)$session_user_id; ?>">
+		<input type="hidden" name="item_id_1" value="1">
+		<input type="hidden" name="item_descr_1" value="<?=$pagseguro['product_name']?>">
+		<input type="number" name="item_quant_1" min="1" step="4" value="1">
+		<input type="hidden" name="item_peso_1" value="0">
+		<input type="hidden" name="item_valor_1" value="<?=$pagseguro['price']?>">
+		<input type="submit" value="  PURCHASE  ">
+	</form>
+	<br>
+<?php } ?>
+
 <?php
 if ($config['paygol']['enabled'] == true) {
 ?>
@ -73,5 +93,5 @@ if ($config['paygol']['enabled'] == true) {
 </form>
 <?php }

-if (!$config['paypal']['enabled'] && !$config['paygol']['enabled']) echo '<h1>Buy Points system disabled.</h1><p>Sorry, this functionality is disabled.</p>';
-include 'layout/overall/footer.php'; ?>
+if (!$config['paypal']['enabled'] && !$config['paygol']['enabled'] && !$config['pagseguro']['enabled']) echo '<h1>Buy Points system disabled.</h1><p>Sorry, this functionality is disabled.</p>';
+include 'layout/overall/footer.php'; ?>
--- a/config.php
+++ b/config.php
@ -711,6 +711,32 @@
 		30 => 420, // +40% bonus
 	);

+	/////////////////
+	/// PAGSEGURO ///
+	/////////////////
+	// Write your pagseguro address here, and what currency you want to recieve money in.
+	$config['pagseguro'] = array(
+		'enabled' => true,
+		'sandbox' => false,
+		'email' => '', // Example: pagseguro@mail.com
+		'token' => '',
+		'currency' => 'BRL',
+		'product_name' => '',
+		'price' => 100, // 1 real
+		'ipn' => "http://".$_SERVER['HTTP_HOST']."/pagseguro_ipn.php",
+		'urls' => array(
+			'www' => 'pagseguro.uol.com.br',
+			'ws'  => 'ws.pagseguro.uol.com.br',
+			'stc' => 'stc.pagseguro.uol.com.br'
+		)
+	);
+
+	if ($config['pagseguro']['sandbox']) {
+		$config['pagseguro']['urls'] = array_map(function ($item) {
+			return str_replace('pagseguro', 'sandbox.pagseguro', $item);
+		}, $config['pagseguro']['urls']);
+	}
+
 	//////////////////
 	/// PAYGOL SMS ///
 	//////////////////
--- a/pagseguro_ipn.php
+++ b/pagseguro_ipn.php
@ -0,0 +1,114 @@
+<?php
+	// Require the functions to fetch config values
+	require 'config.php';
+
+	$pagseguro = $config['pagseguro'];
+	$notificationCode = $_POST['notificationCode'];
+	$notificationType = $_POST['notificationType'];
+
+	// Require the functions to connect to database
+	require 'engine/database/connect.php';
+
+	// Fetch and sanitize POST and GET values
+	function getValue($value) {
+		return (!empty($value)) ? sanitize($value) : false;
+	}
+	function sanitize($data) {
+		return htmlentities(strip_tags(mysql_znote_escape_string($data)));
+	}
+
+	// Util function to insert log
+	function report($code, $details = '') {
+		$connectedIp = $_SERVER['REMOTE_ADDR'];
+		$details = getValue($details);
+		$details .= '\nConnection from IP: '. $connectedIp;
+		mysql_insert('INSERT INTO `znote_pagseguro_notifications` VALUES (null, \'' . getValue($code) . '\', \'' . $details . '\', CURRENT_TIMESTAMP)');
+	}
+
+	function VerifyPagseguroIPN($code) {
+		global $pagseguro;
+		$url = $pagseguro['urls']['ws'];
+
+		$cURL = curl_init();
+		curl_setopt($cURL, CURLOPT_SSL_VERIFYPEER, false);
+		curl_setopt($cURL, CURLOPT_SSL_VERIFYHOST, false);
+		curl_setopt($cURL, CURLOPT_URL, 'https://' . $url . '/v3/transactions/notifications/' . $code . '?email=' . $pagseguro['email'] . '&token=' . $pagseguro['token']);
+		curl_setopt($cURL, CURLOPT_HEADER, false);
+		curl_setopt($cURL, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($cURL, CURLOPT_FORBID_REUSE, true);
+		curl_setopt($cURL, CURLOPT_FRESH_CONNECT, true);
+		curl_setopt($cURL, CURLOPT_CONNECTTIMEOUT, 30);
+		curl_setopt($cURL, CURLOPT_TIMEOUT, 60);
+		curl_setopt($cURL, CURLINFO_HEADER_OUT, true);
+		curl_setopt($cURL, CURLOPT_HTTPHEADER, array(
+			'Connection: close',
+			'Expect: ',
+		));
+		$Response = curl_exec($cURL);
+		$Status = (int)curl_getinfo($cURL, CURLINFO_HTTP_CODE);
+		curl_close($cURL);
+
+		$output = print_r($Response, true);
+		if(empty($Response) OR !$Status){
+			return null;
+		}
+		if(intval($Status / 100) != 2){
+			return false;
+		}
+		return trim($Response);
+	}
+
+	// Send an empty HTTP 200 OK response to acknowledge receipt of the notification
+	header('HTTP/1.1 200 OK');
+
+	if(empty($notificationCode) || empty($notificationType)){
+		report($notificationCode, 'notificationCode or notificationType is empty. Type: ' . $notificationType . ', Code: ' . $notificationCode);
+		exit();
+	}
+
+	if ($notificationType !== 'transaction') {
+		report($notificationCode, 'Unknown ' . $notificationType . ' notificationType');
+		exit();
+	}
+
+	$rawPayment = VerifyPagseguroIPN($notificationCode);
+	$payment = simplexml_load_string($rawPayment);
+	$paymentStatus = (int) $paymentStatus;
+	$paymentCode = sanitize($paymentCode);
+
+	report($notificationCode, $rawPayment);
+
+	// Updating Payment Status
+	mysql_update('UPDATE `znote_pagseguro` SET `payment_status` = ' . $paymentStatus . ' WHERE `transaction` = \'' . $paymentCode . '\' ');
+
+	// Check that the payment_status is Completed
+	if ($paymentStatus == 3) {
+
+		// Check that transaction has not been previously processed
+		$transaction = mysql_select_single('SELECT `transaction`, `completed` FROM `znote_pagseguro` WHERE `transaction`= \'' . $paymentCode .'\'');
+		$status = true;
+		$custom = (int) $payment->reference;
+
+		if ($transaction['completed'] == '1') {
+			$status = false;
+		}
+
+		if ($payment->grossAmount == 0.0) $status = false; // Wrong ammount of money
+		$item = $payment->items->item[0];
+		if ($item->amount != ($pagseguro['price'] / 100)) $status = false;
+
+		if ($status) {
+			// transaction log
+			mysql_update('UPDATE `znote_pagseguro` SET `completed` = 1 WHERE `transaction` = \'' . $paymentCode . '\'');
+
+			// Process payment
+			$data = mysql_select_single("SELECT `points` AS `old_points` FROM `znote_accounts` WHERE `account_id`='$custom';");
+
+			// Give points to user
+			$new_points = $data['old_points'] + $item->quantity;
+			mysql_update("UPDATE `znote_accounts` SET `points`='$new_points' WHERE `account_id`='$custom'");
+		}
+	} else if ($paymentStatus == 7) {
+		mysql_update('UPDATE `znote_pagseguro` SET `completed` = 1 WHERE `transaction` = \'' . $paymentCode . '\' ');
+	}
+?>
--- a/pagseguro_retorno.php
+++ b/pagseguro_retorno.php
@ -0,0 +1,108 @@
+<?php
+	/*
+		Instalação
+			- Configurando Pagseguro (Acessar https://pagseguro.uol.com.br/preferencias/integracoes.jhtml)
+				- Notificação de Transação:
+					- http://you-site/pagseguro_ipn.php
+				- Página de redirecionamento:
+					- A. Página fixa de redirecionamento
+						- http://you-site/znote/pagseguro_retorno.php
+					- B. Redirecionamento com o código da transação
+						- transaction
+				- Gerar o Token e copiar para a próxima etapa
+
+			- Configurando ZnoteACC
+				- config.php
+					- $config['pagseguro']['email']
+						- Seu email da conta do pagseguro que irá receber o pagamento
+					- $config['pagseguro']['token']
+						- Preencher com o Token que pedi pra copiar na primeira etapa
+					- $config['pagseguro']['product_name']
+						- Nome do Produto
+
+			- Instalando Tabelas
+				CREATE TABLE IF NOT EXISTS `znote_pagseguro` (
+				  `id` int(11) NOT NULL AUTO_INCREMENT,
+				  `transaction` varchar(36) NOT NULL,
+				  `account` int(11) NOT NULL,
+				  `price` decimal(11,2) NOT NULL,
+				  `points` int(11) NOT NULL,
+				  `payment_status` tinyint(1) NOT NULL,
+				  `completed` tinyint(4) NOT NULL,
+				  PRIMARY KEY (`id`),
+				  FOREIGN KEY (account) REFERENCES accounts(id)
+				) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+				CREATE TABLE IF NOT EXISTS `znote_pagseguro_notifications` (
+				  `id` int(11) NOT NULL AUTO_INCREMENT,
+				  `notification_code` varchar(40) NOT NULL,
+				  `details` text NOT NULL,
+				  `receive_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
+				  PRIMARY KEY (`id`)
+				) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+	*/
+
+	// Require the functions to fetch config values
+	require 'config.php';
+
+	// Require the functions to connect to database
+	require 'engine/database/connect.php';
+
+	$pagseguro = $config['pagseguro'];
+
+	// Fetch and sanitize POST and GET values
+	function getValue($value) {
+		return (!empty($value)) ? sanitize($value) : false;
+	}
+	function sanitize($data) {
+		return htmlentities(strip_tags(mysql_znote_escape_string($data)));
+	}
+
+	// Util function to insert log
+	function report($code, $details = '') {
+		$connectedIp = $_SERVER['REMOTE_ADDR'];
+		$details = getValue($details);
+		$details .= '\nConnection from IP: '. $connectedIp;
+		mysql_insert('INSERT INTO `znote_pagseguro_notifications` VALUES (null, \'' . getValue($code) . '\', \'' . $details . '\', CURRENT_TIMESTAMP)');
+	}
+
+	function VerifyPagseguroIPN($code) {
+		global $pagseguro;
+		$url = $pagseguro['urls']['ws'];
+
+		$cURL = curl_init();
+		curl_setopt($cURL, CURLOPT_SSL_VERIFYPEER, false);
+		curl_setopt($cURL, CURLOPT_SSL_VERIFYHOST, false);
+		curl_setopt($cURL, CURLOPT_URL, 'https://' . $url . '/v3/transactions/' . $code . '?email=' . $pagseguro['email'] . '&token=' . $pagseguro['token']);
+		curl_setopt($cURL, CURLOPT_HEADER, false);
+		curl_setopt($cURL, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($cURL, CURLOPT_FORBID_REUSE, true);
+		curl_setopt($cURL, CURLOPT_FRESH_CONNECT, true);
+		curl_setopt($cURL, CURLOPT_CONNECTTIMEOUT, 30);
+		curl_setopt($cURL, CURLOPT_TIMEOUT, 60);
+		curl_setopt($cURL, CURLINFO_HEADER_OUT, true);
+		curl_setopt($cURL, CURLOPT_HTTPHEADER, array(
+			'Connection: close',
+			'Expect: ',
+		));
+		$Response = curl_exec($cURL);
+		$Status = (int)curl_getinfo($cURL, CURLINFO_HTTP_CODE);
+		curl_close($cURL);
+
+		return trim($Response);
+	}
+
+	$transactionCode = getValue($_GET['transaction']);
+	$rawTransaction = VerifyPagseguroIPN($transactionCode);
+	$transaction = simplexml_load_string($rawTransaction);
+
+	$transactionStatus = (int) $transaction->status;
+	$completed = ($transactionStatus != 7) ? 0 : 1;
+
+	$custom = (int) $transaction->reference;
+	$item = $transaction->items->item[0];
+	$points = $item->quantity;
+	$price = $points * ($pagseguro['price'] / 100);
+	mysql_insert('INSERT INTO `znote_pagseguro` VALUES (null, \'' . sanitize($transaction->code) . '\', ' . $custom . ', \'' . $price . '\', \'' . $points . '\', ' . $transactionStatus . ', ' . $completed . ')');
+
+	header('Location: shop.php?callback=processing');
--- a/shop.php
+++ b/shop.php
@ -2,6 +2,10 @@
 protect_page();
 include 'layout/overall/header.php'; 

+if (isset($_GET['callback']) && $_GET['callback'] === 'processing') {
+	echo '<script>alert("Seu pagamento está sendo processado pelo PagSeguro...");</script>';
+}
+
 // Import from config:
 $shop = $config['shop'];
 $shop_list = $config['shop_offers'];