<?php
include_once "constants.php";
//echo $invoiceNo='F888k'.$_REQUEST['INVOICENUMBER'].'F888k';

/* -----------------------------------------------------------------------------

 Version 2.0

------------------ Disclaimer --------------------------------------------------

Copyright 2004 Dialect Holdings.  All rights reserved.

This document is provided by Dialect Holdings on the basis that you will treat
it as confidential.

No part of this document may be reproduced or copied in any form by any means
without the written permission of Dialect Holdings.  Unless otherwise expressly
agreed in writing, the information contained in this document is subject to
change without notice and Dialect Holdings assumes no responsibility for any
alteration to, or any error or other deficiency, in this document.

All intellectual property rights in the Document and in all extracts and things
derived from any part of the Document are owned by Dialect and will be assigned
to Dialect on their creation. You will protect all the intellectual property
rights relating to the Document in a manner that is equal to the protection
you provide your own intellectual property.  You will notify Dialect
immediately, and in writing where you become aware of a breach of Dialect's
intellectual property rights in relation to the Document.

The names "Dialect", "QSI Payments" and all similar words are trademarks of
Dialect Holdings and you must not use that name or any similar name.

Dialect may at its sole discretion terminate the rights granted in this
document with immediate effect by notifying you in writing and you will
thereupon return (or destroy and certify that destruction to Dialect) all
copies and extracts of the Document in its possession or control.

Dialect does not warrant the accuracy or completeness of the Document or its
content or its usefulness to you or your merchant customers.   To the extent
permitted by law, all conditions and warranties implied by law (whether as to
fitness for any particular purpose or otherwise) are excluded.  Where the
exclusion is not effective, Dialect limits its liability to $100 or the
resupply of the Document (at Dialect's option).

Data used in examples and sample data files are intended to be fictional and
any resemblance to real persons or companies is entirely coincidental.

Dialect does not indemnify you or any third party in relation to the content or
any use of the content as contemplated in these terms and conditions.

Mention of any product not owned by Dialect does not constitute an endorsement
of that product.

This document is governed by the laws of New South Wales, Australia and is
intended to be legally binding.

-------------------------------------------------------------------------------

Following is a copy of the disclaimer / license agreement provided by RSA:

Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.

License to copy and use this software is granted provided that it is identified
as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material 
mentioning or referencing this software or this function.

License is also granted to make and use derivative works provided that such 
works are identified as "derived from the RSA Data Security, Inc. MD5 
Message-Digest Algorithm" in all material mentioning or referencing the 
derived work.

RSA Data Security, Inc. makes no representations concerning either the 
merchantability of this software or the suitability of this software for any 
particular purpose. It is provided "as is" without express or implied warranty 
of any kind.

These notices must be retained in any copies of any part of this documentation 
and/or software.

-------------------------------------------------------------------------------- 
 
This example assumes that a form has been sent to this example with the
required fields. The example then processes the command and displays the
receipt or error to a HTML page in the users web browser.

NOTE:
=====
  You may have installed the libeay32.dll and ssleay32.dll libraries 
  into your x:\WINNT\system32 directory to run this example.

--------------------------------------------------------------------------------

 @author Dialect Payment Solutions Pty Ltd Group 

------------------------------------------------------------------------------*/

// *********************
// START OF MAIN PROGRAM
// *********************

// Define Constants
// ----------------
// This is secret for encoding the MD5 hash
// This secret will vary from merchant to merchant
// To not create a secure hash, let SECURE_SECRET be an empty string - ""
// $SECURE_SECRET = "secure-hash-secret";
if( $_POST['demo_radio'] == 'yes')
{
$SECURE_SECRET = $axis_SECRET;

// add the start of the vpcURL querystring parameters
$vpcURL = $_POST["virtualPaymentClientURL"];

// Remove the Virtual Payment Client URL from the parameter hash as we 
// do not want to send these fields to the Virtual Payment Client.
unset($_POST["virtualPaymentClientURL"]); 
unset($_POST["SubButL"]);

// The URL link for the receipt to do another transaction.
// Note: This is ONLY used for this example and is not required for 
// production code. You would hard code your own URL into your application.

// Get and URL Encode the AgainLink. Add the AgainLink to the array
// Shows how a user field (such as application SessionIDs) could be added
//$_POST['AgainLink']=urlencode($HTTP_REFERER);

// Create the request to the Virtual Payment Client which is a URL encoded GET
// request. Since we are looping through all the data we may as well sort it in
// case we want to create a secure hash and add it to the VPC data if the
// merchant secret has been provided.
$md5HashData = $SECURE_SECRET;
ksort ($_POST);

// set a parameter to show the first pair in the URL
$appendAmp = 0;

foreach($_POST as $key => $value) {

    // create the md5 input and URL leaving out any fields that have no value
    if (strlen($value) > 0) {
        $md5HashData .= $value;
    }
}

// Create the secure hash and append it to the Virtual Payment Client Data if
// the merchant secret has been provided.
if (strlen($SECURE_SECRET) > 0) {
    $hashedvalue .= strtoupper(md5($md5HashData));
}

}else if( $_POST['demo_radio'] == 'no')
{
//Transaction Through Paypal

/********************************************
ReviewOrder.php

This file is called after the user clicks on a button during
the checkout process to use PayPal's Express Checkout. The
user logs in to their PayPal account.

This file is called twice.

On the first pass, the code executes the if statement:

if (! isset ($token))

The code collects transaction parameters from the form
displayed by SetExpressCheckout.html then constructs and
sends a SetExpressCheckout request string to the PayPal
server. The paymentType variable becomes the PAYMENTACTION
parameter of the request string. The RETURNURL parameter
is set to this file; this is how ReviewOrder.php is called
twice.

On the second pass, the code executes the else statement.

On the first pass, the buyer completed the authorization in
their PayPal account; now the code gets the payer details
by sending a GetExpressCheckoutDetails request to the PayPal
server. Then the code calls GetExpressCheckoutDetails.php.

Note: Be sure to check the value of PAYPAL_URL. The buyer is
sent to this URL to authorize payment with their PayPal
account. For testing purposes, this should be set to the
PayPal sandbox.

Called by SetExpressCheckout.html.

Calls GetExpressCheckoutDetails.php, CallerService.php,
and APIError.php.

********************************************/

require_once 'CallerService.php';


session_start();



/* An express checkout transaction starts with a token, that
   identifies to PayPal your transaction
   In this example, when the script sees a token, the script
   knows that the buyer has already authorized payment through
   paypal.  If no token was found, the action is to send the buyer
   to PayPal to first authorize payment
   */



if(! isset($_REQUEST['token'])) {

    /* The servername and serverport tells PayPal where the buyer
       should be directed back to after authorizing payment.
       In this case, its the local webserver that is running this script
       Using the servername and serverport, the return URL is the first
       portion of the URL that buyers will return to after authorizing payment
       */
       $serverName = $_SERVER['SERVER_NAME'];
       $serverPort = $_SERVER['SERVER_PORT'];
       $url=dirname('https://'.$serverName.':'.$serverPort.$_SERVER['REQUEST_URI']);


       $currencyCodeType=$_REQUEST['currencyCodeType'];
       $paymentType=$_REQUEST['paymentType'];
   

       $personName        = $_REQUEST['PERSONNAME'];
       $SHIPTOSTREET      = $_REQUEST['SHIPTOSTREET'];
       $SHIPTOCITY        = $_REQUEST['SHIPTOCITY'];
       $SHIPTOSTATE        = $_REQUEST['SHIPTOSTATE'];
       $SHIPTOCOUNTRYCODE = $_REQUEST['SHIPTOCOUNTRYCODE'];
       $SHIPTOZIP         = $_REQUEST['SHIPTOZIP'];
       $INVOICENUMBER       =  $_REQUEST['INVOICENUMBER'];
       $TOTALCOST            = $_REQUEST['ITEMAMT'];
       $NVPSTRING            =  $_REQUEST['NVPSTRING'];       
       $_SESSION['invoicenumber']=$_REQUEST['INVOICENUMBER'];



     /* The returnURL is the location where buyers return when a
      payment has been succesfully authorized.
      The cancelURL is the location buyers are sent to when they hit the
      cancel button during authorization of payment during the PayPal flow
      */

       $returnURL =urlencode($url.'/ReviewOrder.php?currencyCodeType='.$currencyCodeType.'&paymentType='.$paymentType);
       $cancelURL =urlencode("$url/SetExpressCheckout.php?paymentType=$paymentType" );

     /* Construct the parameter string that describes the PayPal payment
      the varialbes were set in the web form, and the resulting string
      is stored in $nvpstr
      */
  
  
          $itemamt = 0.00;
           $itemamt = $TOTALCOST ;
           $amt = $itemamt;
           $maxamt= $amt+25.00;
           $nvpstr="";
       
           
           
           $nvpstr=$NVPSTRING."&MAXAMT=".(string)$maxamt."&AMT=".(string)$amt."&ITEMAMT=".(string)$itemamt."&L_NUMBER0=".$INVOICENUMBER."&ReturnUrl=".$returnURL."&CANCELURL=".$cancelURL ."&CURRENCYCODE=".$currencyCodeType."&PAYMENTACTION=".$paymentType;
 
  
  
   
  /* Make the call to PayPal to set the Express Checkout token
      If the API call succeded, then redirect the buyer to PayPal
      to begin to authorize payment.  If an error occured, show the
      resulting errors
      */
       $resArray=hash_call("SetExpressCheckout",$nvpstr);
       $_SESSION['reshash']=$resArray;

       $ack = strtoupper($resArray["ACK"]);

       if($ack=="SUCCESS"){
          // Redirect to paypal.com here
          $token = urldecode($resArray["TOKEN"]);
          $payPalURL = PAYPAL_URL.$token;
          header("Location: ".$payPalURL);
          } else  {
           //Redirecting to APIError.php to display errors.
            $location = "APIError.php";
            header("Location: $location");
          }
} else {
     /* At this point, the buyer has completed in authorizing payment
      at PayPal.  The script will now call PayPal with the details
      of the authorization, incuding any shipping information of the
      buyer.  Remember, the authorization is not a completed transaction
      at this state - the buyer still needs an additional step to finalize
      the transaction
      */

       $token =urlencode( $_REQUEST['token']);

     /* Build a second API request to PayPal, using the token as the
      ID to get the details on the payment authorization
      */
       $nvpstr="&TOKEN=".$token;

       
     /* Make the API call and store the results in an array.  If the
      call was a success, show the authorization details, and provide
      an action to complete the payment.  If failed, show the error
      */
       $resArray=hash_call("GetExpressCheckoutDetails",$nvpstr);
       $_SESSION['reshash']=$resArray;
       $ack = strtoupper($resArray["ACK"]);

       if($ack == 'SUCCESS' || $ack == 'SUCCESSWITHWARNING'){
          require_once "GetExpressCheckoutDetails.php";
        } else  {
        //Redirecting to APIError.php to display errors.
        $location = "APIError.php";
        header("Location: $location");
        }
}

} else if( $_POST['demo_radio'] == 'off' && $_POST['sNdMaIl'] == 'Send Mail!')
	{
//		include_once "sendMailForOfflinePayment.php";
		
		//$invoiceNo=$_POST['vpc_OrderInfo'];
		include_once "connection.php";
include_once "Payment_Instruction.php";
ini_set("include_path", '../printTracker/PEAR/');
require_once "Mail.php";
require_once 'Mail/mime.php';



function sendOfflineInvoiceAndPaymentInstruction( $invoiceNumber ){
$invoice=$invoiceNumber;
$sql = "SELECT * FROM email_queue WHERE success = 0 AND max_attempts != attempts AND InvoiceNumber='$invoice' " ; 
$result = mysql_query($sql);
$host = "smtp.gmail.com";
        $port = "587";
 $username = $GmailUsername;
 $password = $GmailPassword;

if (mysql_num_rows( $result )) {



while ($queued_mail = mysql_fetch_array($result)) { 

$to = $queued_mail['to_email'];
$cc = $MailIdForCc ;
$recipients = $to.", ".$cc;
$subject = $queued_mail['subject']; 
$bodyDB = $queued_mail['message']; 
$from = $queued_mail['from_email'] ;
$country_name=$queued_mail['Country_Name'] ;
$string_invoice=$queued_mail['InvoicePDF'] ;
//$string_invoice=stripslashes($queued_mail['InvoicePDF']);
//$to='govindgsingh@gmail.com';
//$from='knowgovind@gmail.com';

$mime = new Mail_Mime();
$body=$mime->setHtmlBody($bodyDB);
$govind='Invoice';
$govind_1="Payment Instruction.pdf";
$string_payment=pdf_invoice($country_name);
$mime->addAttachment($string_payment, 'application/pdf', $govind_1, false, 'base64');
$mime->addAttachment($string_invoice, 'application/pdf', $govind, false, 'base64');


//$body = $mime->get();
$headers = array ('From' => $from, 
'To' => $to, 
'Subject' => $subject,
'Cc'=> $cc,
'Reply-To' => $MailReplyTO
);
$hdrs = $mime->headers($headers);
$body = $mime->get();
$mail= &Mail::factory('smtp',
   array ('host' => $host,
    'port' => $port,
    'auth' => true,
    'username' => $username,
    'password' => $password));

$mail->send($recipients, $hdrs, $body);

if (PEAR::isError($mail)) { 

$sql = "UPDATE email_queue SET " . 
"attempts = attempts+1, " . 
"last_attempt = now()" . 
"WHERE id = '" . $queued_mail['id'] . "'"; 
mysql_query($sql);

echo( $mail->getMessage() ); 
} else { 

$sql = "UPDATE email_queue SET " . 
"attempts = attempts+1, " . 
"success = '1', " . 
"last_attempt = now(), " . 
"date_sent = now() " . 
"WHERE id = '" . $queued_mail['id'] . "'"; 
mysql_query($sql);

echo("Message successfully sent!"); 
} 
} 
} 
}

sendOfflineInvoiceAndPaymentInstruction( $invoiceNo ) ;


		//sendOfflineInvoiceAndPaymentInstruction( 'G15V92' ) ;
		echo 'your details are being send';
		//header("Location: cnfrm.php");

 }
 else{
	echo 'Error during payment';
 }
// FINISH TRANSACTION - Redirect the customers using the Digital Order
// ===================================================================
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="no-store, no-cache, must-revalidate">
<META HTTP-EQUIV="PRAGMA" CONTENT="no-store, no-cache, must-revalidate">
<!-- -----------------------------------------------------------------------------------------
# Currently the body tag was set so that form will be sent automatically.
# 
# Merchants are welcome to NOT have this page being sent automatically. They may use this page
# to display a confirmation message, with a submit/confirm button for the cardholders to press.
# Beware that you will need to include the submit button to your hash also.
------------------------------------------------------------------------------------------- -->
<body onload="document.order.submit()">
<body>
<?php if( $_POST['demo_radio'] == 'yes')
{
?>
  <form name="order" action="<?=$vpcURL?>" method="post">
  <p>Please wait while your payment is being processed...Through Axis Bank</p>
<?  
  // Add all the fields from the input form, except for the Submit Button and the VPCURL.
  //For Each item In Request.Form
  foreach($_POST as $key => $value) {
    if (strlen($value) > 0) {
?>
          <input type="hidden" name="<?=$key?>" value="<?=$value?>"/><br>
<?             
      }
  }
?>    
  <!-- attach SecureHash -->
    <input type="hidden" name="vpc_SecureHash" value="<?=$hashedvalue?>"/>
  </form>
<?php }
else if( $_POST['demo_radio'] == 'no')
{?>
<p>Please wait while your payment is being processed...Through Paypal</p>
<?php } else  if( $_POST['demo_radio'] == 'off'){?>
<p>Please wait while your details is send to your mail id...</p>
<?php }else { ?>
<p>Transaction failed !!!</p>
<?php } ?>
</body>
</html>