<?php
include_once $GLOBALS['binn_include_path'].'prog/init.php';
include_once $GLOBALS['binn_include_path'].'prog/lib/binnDBPager.inc.php';
include_once $GLOBALS['binn_include_path'].'prog/lib/binnFunctions.inc.php';
include_once $GLOBALS['binn_include_path'].'prog/lib/binnImageLib.inc.php';

function binn_payment_preform($template, $sys_msg='')
{
    if(strpos($template, '{TEST_TURING_SRC}'))
    {
        ////////////////////test turing///////////////////////
        $turing = new binnImageLib();
        $code_turing = rand(10000, 99999);
        $image_turing= $turing->getTuring($code_turing);
        $hash_turing = md5(substr(md5($code_turing), 0, 5));
        $_SESSION[$hash_turing] = $image_turing;
        //////////////////////////////////////////////////////
    }
    else
    {
        $hash_turing = '';
    }

	$return = str_replace(array('{PMT_SYSTEM_MESSAGE}', '{PMT_PAGE_LINK}', '{PMT_SURNAME}', '{PMT_NAME}', '{PMT_SECNAME}', '{PMT_TEXT}', '{PMT_COMMENT}', '{PMT_SUMM}', '{PMT_SYSTEM_PROP1}', '{PMT_SYSTEM_PROP2}', '{PMT_PUBLIC}', '{TEST_TURING_VALUE_HIDDEN}', '{TEST_TURING_SRC}', '{PMT_EMAIL}', '{PMT_PHONE}', '{PMT_ADDRESS}'), array($sys_msg, $_SERVER['PHP_SELF'].'?pmt_action=1', isset($_POST['pmt_surname']) ? $_POST['pmt_surname'] : '', isset($_POST['pmt_name']) ? $_POST['pmt_name'] : '', isset($_POST['pmt_secname']) ? $_POST['pmt_secname'] : '', isset($_POST['pmt_text']) ? $_POST['pmt_text'] : '', isset($_POST['pmt_comment']) ? $_POST['pmt_comment'] : '', isset($_POST['pmt_summ']) ? $_POST['pmt_summ'] : '', isset($_POST['pmt_system_prop1']) ? $_POST['pmt_system_prop1'] : '', isset($_POST['pmt_system_prop2']) ? $_POST['pmt_system_prop2'] : '', isset($_POST['pmt_public']) ? 'checked' : '', $hash_turing, '/prog/utils/turing.php?turing_id='.$hash_turing, isset($_POST['pmt_email']) ? $_POST['pmt_email'] : '', isset($_POST['pmt_phone']) ? $_POST['pmt_phone'] : '', isset($_POST['pmt_address']) ? $_POST['pmt_address'] : ''), $template);

	eval (' ?>'.$return.'<?php ');
}

//     
//   
function binn_payment_form($temp_id, $p_success, $p_failed, $p_senduserdata, $p_system)
{
    if (isset($_GET['pmt_offline']) && intval($_GET['pmt_offline']) == 1)
        $p_system = 'pl_payment_offline';

	//   
	if(!is_numeric($temp_id)) return;

	if(!isset($_GET['pmt_action']) || !is_numeric($_GET['pmt_action']) || $_GET['pmt_action'] > 2 || $_GET['pmt_action'] < 0)
	    $pmt_action = 0;
	else
	    $pmt_action = $_GET['pmt_action'];

	$result = sql_query("SELECT bsm_template, bsm_system_code FROM binn_system_messages WHERE bsm_cat_ident='pl_payment' AND bsm_id_temp='$temp_id'");

	for($i = 0; $i < count($result); $i++)
	{
		list($msg, $code) = $result[$i];
		$sys_msgs[$code] = $msg;
	}

	//  
	$result = sql_query("SELECT pmtt_title, pmtt_payment_descr, pmtt_prerequest_main, pmtt_confirm FROM binn_payments_temps WHERE pmtt_id='$temp_id'");
	if (!$result)
	   return;

	list($pmtt_title, $pmtt_payment_descr, $pmtt_prerequest_main, $pmtt_confirm) = $result[0];

	//  success  failed 
	$res = sql_query("SELECT bp_id, bp_filename FROM binn_pages WHERE bp_id='$p_success' OR bp_id = '$p_failed';");

	$page = array();
	if ($res)
	{
		for ($i = 0; $i < count($res); $i++)
		{
			list($id, $file) = $res[$i];
			$page[$id] = $GLOBALS['binn_domain'].'/'.$file;
		}
	}

	//      
	$res = sql_query("SELECT pmts_name, pmts_value FROM binn_payments_settings WHERE pmts_ident='$p_system'");

	$settings = array();
	for($i = 0; $i < count($res); $i++)
	{
		list($pmts_name, $pmts_value) = $res[$i];
		$settings[$pmts_name] = $pmts_value;
	}

	//  ""  
	switch($pmt_action)
	{
		//    
		case 0:
			binn_payment_preform($pmtt_prerequest_main);
			break;

			//  ,      
		case 1:
		    $turing_access = true;
            if(strpos($pmtt_prerequest_main, '{TEST_TURING_SRC}'))
            {
                if (isset($_POST['pmt_turing_hid']) && isset($_POST['pmt_turing']))
                {
                    $hash_turing_get = md5(substr(md5($_POST['pmt_turing']), 0, 5));
                    if($_POST['pmt_turing_hid'] != $hash_turing_get || !isset($_SESSION[$hash_turing_get]))
                    {
                        $turing_access = false;
                    }

                    session_unregister($_POST['pmt_turing_hid']);
                }
                else
                {
                    $turing_access = false;
                }
            }

			if(!isset($_POST['pmt_summ']) || floatval($_POST['pmt_summ']) <= 0 || !isset($_POST['pmt_name']) || strlen($_POST['pmt_name']) < 1 || !isset($_POST['pmt_surname']) || strlen($_POST['pmt_surname']) < 1)
			{
				binn_payment_preform($pmtt_prerequest_main, $sys_msgs['SMC_PAYMENT_ERROR']);
				break;
			}
			if (!$turing_access)
			{
			    binn_payment_preform($pmtt_prerequest_main, $sys_msgs['SMC_PAYMENT_TURING']);
			    break;
			}

            $_POST['pmt_summ'] = floatval($_POST['pmt_summ']);
            $_POST['pmt_name'] = strip_tags($_POST['pmt_name']);
	        $_POST['pmt_secname'] = strip_tags($_POST['pmt_secname']);
	        $_POST['pmt_surname'] = strip_tags($_POST['pmt_surname']);
	        $_POST['pmt_text'] = isset($_POST['pmt_text']) ? strip_tags($_POST['pmt_text']) : '';
	        $_POST['pmt_comment'] = isset($_POST['pmt_comment']) ? nl2br(strip_tags($_POST['pmt_comment'])) : '';
	        $_POST['pmt_system_prop1'] = isset($_POST['pmt_system_prop1']) ? strip_tags($_POST['pmt_system_prop1']) : '';
	        $_POST['pmt_system_prop2'] = isset($_POST['pmt_system_prop2']) ? strip_tags($_POST['pmt_system_prop2']) : '';
	        $_POST['pmt_public'] = isset($_POST['pmt_public']) ? 1 : 0;
	        $_POST['pmt_email'] = isset($_POST['pmt_email']) ? strip_tags($_POST['pmt_email']) : '';
	        $_POST['pmt_phone'] = isset($_POST['pmt_phone']) ? strip_tags($_POST['pmt_phone']) : '';
	        $_POST['pmt_address'] = isset($_POST['pmt_address']) ? strip_tags($_POST['pmt_address']) : '';

	        $pmt_user_id = isset($_SESSION['su_id']) ? $_SESSION['su_id'] : -1;

	        sql_query("INSERT INTO binn_payments (pmt_status, pmt_summ, pmt_attr1, pmt_attr2, pmt_attr3, pmt_name, pmt_secname, pmt_surname, pmt_text, pmt_comment, pmt_user_id, pmt_date, pmt_additional_1, pmt_additional_2, pmt_public, pmt_email, pmt_phone, pmt_address)
	                                      VALUES ('0', '{$_POST['pmt_summ']}', '', '', '', '{$_POST['pmt_name']}', '{$_POST['pmt_secname']}', '{$_POST['pmt_surname']}', '{$_POST['pmt_text']}', '{$_POST['pmt_comment']}', '$pmt_user_id', '".mktime()."', '{$_POST['pmt_system_prop1']}', '{$_POST['pmt_system_prop2']}', '{$_POST['pmt_public']}', '{$_POST['pmt_email']}', '{$_POST['pmt_phone']}', '{$_POST['pmt_address']}')");
		    $pmt_id = $GLOBALS['binnDbSql']->getInsertId();

		    $res = sql_query("SELECT cat_id FROM binn_categs, binn_catprops WHERE cp_id = cat_prop_id AND cp_attr1 = '$p_system' AND cat_ident='pl_payment'");
		    list($cat_id) = $res[0];
            sql_query("INSERT INTO binn_catlinks (cat_id, el_id, el_change_login, el_change_date, el_link) VALUES ('{$cat_id}', '{$pmt_id}', '{$_SERVER['REMOTE_ADDR']}', '".mktime()."', 0)");

            header('Location: '.$_SERVER['PHP_SELF'].'?pmt_id='.$pmt_id.'&pmt_hash='.md5('~'.$_POST['pmt_name'].$_POST['pmt_surname'].$_POST['pmt_summ'].'~').'&pmt_action=2'.(isset($_GET['pmt_offline']) ? '&pmt_offline='.$_GET['pmt_offline'] : ''));
            break;

		case 2:
		    $pmt_id = intval($_GET['pmt_id']);
		    $res = sql_query('SELECT pmt_summ, pmt_name, pmt_secname, pmt_surname, pmt_text, pmt_comment, pmt_additional_1, pmt_additional_2, pmt_email, pmt_phone, pmt_address, pmt_public FROM binn_payments WHERE pmt_id="'.$pmt_id.'"');
		    if (!$res)
		        return;

		    list($pmt_summ, $pmt_name, $pmt_secname, $pmt_surname, $pmt_text, $pmt_comment, $pmt_additional_1, $pmt_additional_2, $pmt_email, $pmt_phone, $pmt_address, $pmt_public) = $res[0];
		    if (md5('~'.$pmt_name.$pmt_surname.$pmt_summ.'~') != $_GET['pmt_hash'])
		        return;

            $pmt_subj = str_replace(array('{PMT_ID}', '{PMT_SURNAME}', '{PMT_NAME}', '{PMT_SECNAME}', '{PMT_TEXT}', '{PMT_COMMENT}', '{PMT_SUMM}', '{PMT_SYSTEM_PROP1}', '{PMT_SYSTEM_PROP2}', '{PMT_EMAIL}', '{PMT_PHONE}', '{PMT_ADDRESS}'),
                                    array($pmt_id, $pmt_surname, $pmt_name, $pmt_secname, $pmt_text, $pmt_comment, $pmt_summ, $pmt_additional_1, $pmt_additional_2, $pmt_email, $pmt_phone, $pmt_address), $pmtt_payment_descr);

            $pmt_name_lat = binn_str2lat($pmt_name);
            $pmt_secname_lat = binn_str2lat($pmt_secname);
            $pmt_surname_lat = binn_str2lat($pmt_surname);

            $pmt_form = '';
            switch($p_system)
			{
				//   ASSIST.   .
				case 'pl_payment_assist':
					$pmt_form_action = 'http://secure.assist.ru/shops/purchase.cfm';
					$pmt_form .= "
                        <INPUT TYPE='HIDDEN' NAME='Shop_IDP' VALUE='{$settings['pmts_option_id']}'>
                        <INPUT TYPE='HIDDEN' NAME='Order_IDP' VALUE='$pmt_id'>
                        <INPUT TYPE='HIDDEN' NAME='Subtotal_P' VALUE='$pmt_summ'>
                        <INPUT TYPE='HIDDEN' NAME='Currency' VALUE='".$settings['pmts_option_currency']."'>
                        <INPUT TYPE='HIDDEN' NAME='Language' VALUE='{$settings['pmts_option_lang']}'>
                        <INPUT TYPE='HIDDEN' NAME='URL_RETURN_OK' VALUE='".(isset($page[$p_success]) ? $page[$p_success] : '')."'>
                        <INPUT TYPE='HIDDEN' NAME='URL_RETURN_NO' VALUE='".(isset($page[$p_failed]) ? $page[$p_failed] : '')."'>
                        ".($settings['pmts_option_payment_card'] ? "<INPUT TYPE='HIDDEN' NAME='CardPayment' VALUE='1'>" : "")."
                        ".($settings['pmts_option_payment_yandex'] ? "<INPUT TYPE='HIDDEN' NAME='WalletPayment' VALUE='1'>" : "")."
                        ".($settings['pmts_option_payment_webmoney'] ? "<INPUT TYPE='HIDDEN' NAME='WebMoneyPayment' VALUE='1'>" : "")."
                        ".($settings['pmts_option_payment_rapida'] ? "<INPUT TYPE='HIDDEN' NAME='RapidaPayment' VALUE='1'>" : "")."
                        ".($settings['pmts_option_payment_paycash'] ? "<INPUT TYPE='HIDDEN' NAME='PayCashPayment' VALUE='1'>" : "")."
                        ".($settings['pmts_option_payment_eport'] ? "<INPUT TYPE='HIDDEN' NAME='EPortPayment' VALUE='1'>" : "")."
                        ".($settings['pmts_option_payment_kreditpilot'] ? "<INPUT TYPE='HIDDEN' NAME='KreditPilotPayment' VALUE='1'>" : "")."
                        <INPUT TYPE='HIDDEN' NAME='Comment' VALUE='$pmt_subj'>";

					//$pmt_form .= "<INPUT TYPE='HIDDEN' NAME='DemoResult' VALUE='AS000'>";
					break;

				case 'pl_payment_chronopay':
					$pmt_form_action = 'https://secure.chronopay.com/index_shop.cgi';
					$pmt_form .= "
        				<input type='hidden' name='product_id' value='{$settings['pmts_option_id']}'>
        				<input type='hidden' name='product_name' value='$pmt_subj'>
        				<input type='hidden' name='product_price' value='$pmt_summ'>
        				<input type='hidden' name='cs1' value='$pmt_id'>
        				<input type='hidden' name='cs2' value='".md5('~'.$pmt_id.$pmt_summ.$pmt_name.$pmt_surname.$pmt_secname.'~')."'>
        				<input type='hidden' name='language' value='{$settings['pmts_option_lang']}'>
        				<input type='hidden' name='cb_url' value='{$GLOBALS['binn_domain']}/prog/pl_payment/pmt_processing.php'>
        				<input type='hidden' name='cb_type' value='P'>
        				<input type='hidden' name='decline_url' value='".(isset($page[$p_failed]) ? $page[$p_failed] : '')."'> ";

					if($p_senduserdata)
					   $pmt_form .= "
					    <input type='hidden' name='f_name' value='$pmt_name_lat'>
						<input type='hidden' name='s_name' value='$pmt_surname_lat'>
						<input type='hidden' name='email' value='$pmt_email'>
						<input type='hidden' name='phone' value='$pmt_phone'>
						";

					break;

				case 'pl_payment_rupay':
					$pmt_form_action = "http://www.rupay.ru/rupay/pay/index.php";
					$pmt_form .= "
					    <input type='hidden' name='pay_id' value='{$settings['pmts_option_rupay_id']}'>
    					<input type='hidden' name='sum_pol' value='$pmt_summ'>
    					<input type='hidden' name='sum_val' value='USD'>
    					<input type='hidden' name='name_service' value='$pmt_subj'>
    					<input type='hidden' name='order_id' value='$pmt_id'>
    					<input type='hidden' name='success_url' value='".(isset($page[$p_success]) ? $page[$p_success] : '')."'>
    					<input type='hidden' name='fail_url' value='".(isset($page[$p_fail]) ? $page[$p_fail] : '')."'>";

					break;
			}

			eval(' ?> '.str_replace(
			array('{PMT_ID}', '{PMT_ACTION}', '{PMT_METHOD}', '{PMT_FORM}', '{PMT_NAME}', '{PMT_SURNAME}', '{PMT_SECNAME}', '{PMT_TEXT}', '{PMT_SUMM}', '{PMT_COMMENT}', '{PMT_EMAIL}', '{PMT_PHONE}', '{PMT_ADDRESS}', '{PMT_SYSTEM_PROP1}', '{PMT_SYSTEM_PROP2}', '{PMT_PUBLIC}'),
			array($pmt_id, $pmt_form_action, 'POST', $pmt_form, $pmt_name, $pmt_surname, $pmt_secname, $pmt_text, $pmt_summ, $pmt_comment, $pmt_email, $pmt_phone, $pmt_address, $pmt_additional_1, $pmt_additional_2, ($pmt_public == 1 ? $sys_msgs['SMC_PAYMENT_ANONYM'] : '')),
			$pmtt_confirm).' <?php ');

		break;
	}
}

function binn_payment_list($cat_id, $p_subcategs, $p_listf, $temp_id)
{
	$result = sql_query("SELECT pmtt_list_header, pmtt_list_main, pmtt_list_footer, pmtt_date, pmtt_begin, pmtt_prev, pmtt_next, pmtt_end, pmtt_number, pmtt_sel_number, pmtt_page_list, pmtt_count, pmtt_perstage FROM binn_payments_temps WHERE pmtt_id='$temp_id'");
	if (!$result)
	   return;

	list($pmtt_list_header, $pmtt_list_main, $pmtt_list_footer, $pmtt_date, $pmtt_begin, $pmtt_prev, $pmtt_next, $pmtt_end, $pmtt_number, $pmtt_sel_number, $pmtt_page_list, $pmtt_count, $pmtt_perstage) = $result[0];

	$result = sql_query("SELECT bsm_template, bsm_system_code FROM binn_system_messages WHERE bsm_cat_ident='pl_payment' AND bsm_id_temp='$temp_id'");

	for($i = 0; $i < count($result); $i++)
	{
		list($msg, $code) = $result[$i];
		$sys_msgs[$code] = $msg;
	}

	if (!isset($_GET["page_pl_payment$cat_id"]) || empty($_GET["page_pl_payment$cat_id"]))
        $page = 1;
    else
        $page = intval($_GET["page_pl_payment$cat_id"]);

    $from = ($page - 1) * $pmtt_count;

	if ($p_subcategs)
	{
    	$result = sql_query("SELECT cat_left, cat_right FROM binn_categs WHERE cat_id = '$cat_id'");
    	list($cat_left, $cat_right) = $result[0];

    	$result = sql_query("SELECT COUNT(*)
        	FROM binn_payments, binn_catlinks elems, binn_categs categs
        	WHERE pmt_id = el_id AND categs.cat_id = elems.cat_id ".($p_listf == 0 ? " AND (pmt_status = 2 OR pmt_status = 7) " : "")."
        	AND cat_left >= $cat_left AND cat_right <= $cat_right AND cat_ident='pl_payment' ORDER BY pmt_date DESC");
    	list($num) = $result[0];

    	$result = sql_query("SELECT pmt_id, pmt_public, pmt_name, pmt_surname, pmt_secname, pmt_text, pmt_comment, pmt_summ, pmt_additional_1, pmt_additional_2, pmt_date, pmt_email, pmt_phone, pmt_address
        	FROM binn_payments, binn_catlinks elems, binn_categs categs
        	WHERE pmt_id = el_id AND categs.cat_id = elems.cat_id ".($p_listf == 0 ? " AND (pmt_status = 2 OR pmt_status = 7) " : "")."
        	AND cat_left >= $cat_left AND cat_right <= $cat_right AND cat_ident='pl_payment' ORDER BY pmt_date DESC LIMIT $from, $pmtt_count");
	}
	else
	{
	    $result = sql_query("SELECT COUNT(*)
        	FROM binn_payments, binn_catlinks
        	WHERE pmt_id = el_id AND cat_id = '$cat_id' ".($p_listf == 0 ? " AND (pmt_status = 2 OR pmt_status = 7) " : "")." ORDER BY pmt_date DESC");
	    list($num) = $result[0];

	    $result = sql_query("SELECT pmt_id, pmt_public, pmt_name, pmt_surname, pmt_secname, pmt_text, pmt_comment, pmt_summ, pmt_additional_1, pmt_additional_2, pmt_date, pmt_email, pmt_phone, pmt_address
        	FROM binn_payments, binn_catlinks
        	WHERE pmt_id = el_id AND cat_id = '$cat_id' ".($p_listf == 0 ? " AND (pmt_status = 2 OR pmt_status = 7) " : "")." ORDER BY pmt_date DESC LIMIT $from, $pmtt_count");
	}

	if ($num != 0)
	{
	    $binnPager = new binnDBPager($num, $pmtt_count, $pmtt_perstage, "pl_payment$cat_id");
        $num_list = $binnPager->show($pmtt_begin, $pmtt_prev, $pmtt_page_list, $pmtt_next, $pmtt_end, $pmtt_number, $pmtt_sel_number, false);

    	$list = str_replace('{NUM_LIST}', $num_list, $pmtt_list_header);

    	for($i = 0; $i < count($result); $i++)
    	{
    		list ($pmt_id, $pmt_public, $pmt_name, $pmt_surname, $pmt_secname, $pmt_text, $pmt_comment, $pmt_summ, $pmt_additional_1, $pmt_additional_2, $pmt_date, $pmt_email, $pmt_phone, $pmt_address) = $result[$i];
    		$date = binn_date($pmt_date, $pmtt_date, 'ru', $GLOBALS['binn_day_arr'], $GLOBALS['binn_month_arr']);

    		if ($pmt_public)
    		{
    		    $pmt_surname = '';
    		    $pmt_secname = '';
    		    $pmt_name = $sys_msgs['SMC_PAYMENT_ANONYM'];
    		}

    		$list .= str_replace(
    		array('{PMT_ID}', '{PMT_SURNAME}', '{PMT_NAME}', '{PMT_SECNAME}', '{PMT_TEXT}', '{PMT_COMMENT}', '{PMT_SUMM}', '{PMT_SYSTEM_PROP1}', '{PMT_SYSTEM_PROP2}', '{PMT_DATE}', '{PMT_EMAIL}', '{PMT_PHONE}', '{PMT_ADDRESS}'),
    		array($pmt_id, $pmt_surname, $pmt_name, $pmt_secname, $pmt_text, $pmt_comment, $pmt_summ, $pmt_additional_1, $pmt_additional_2, $date, $pmt_email, $pmt_phone, $pmt_address),
    		$pmtt_list_main);
    	}

    	$list .= str_replace('{NUM_LIST}', $num_list, $pmtt_list_footer);

    	eval(' ?>'.$list.' <?php ');
	}
}
?>