HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/xedaptot/360.naniguide.com/payments/2checkout_api.php
<?php
error_reporting(E_ALL & ~E_WARNING & ~E_NOTICE & ~E_DEPRECATED);
session_start();
ob_start();
if(($_SERVER['SERVER_ADDR']==$_SESSION['demo_server_ip']) && ($_SERVER['REMOTE_ADDR']!=$_SESSION['demo_developer_ip']) && ($_SESSION['id_user']==$_SESSION['demo_user_id'])) {
    //DEMO CHECK
    die();
}
if(file_exists("../config/demo.inc.php")) {
    require_once("../config/demo.inc.php");
    if(($_SERVER['SERVER_ADDR']==DEMO_SERVER_IP) && ($_SERVER['REMOTE_ADDR']!=DEMO_DEVELOPER_IP)) {
        $demo = true;
    } else {
        $demo = false;
    }
} else {
    $demo = false;
}
require_once(__DIR__."/../backend/functions.php");
require_once(__DIR__."/../db/connection.php");
require(__DIR__."/../backend/vendor/2checkout-php-sdk/autoloader.php");
use Tco\TwocheckoutFacade;
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

$settings = get_settings();
$merchant_code = $settings['2checkout_merchant'];
$secret_key = $settings['2checkout_secret'];
if(empty($secret_key) || empty($merchant_code)) {
    exit;
}

$config = array(
    'sellerId' => $merchant_code,
    'secretKey' => $secret_key,
    'jwtExpireTime' => 30,
    'curlVerifySsl' => 0,
    'buyLinkSecretWord' => '@sg?9KPrz-&Z7C6tv!C#-UM##M7N94?XEvm%-57SnrU!A9ZqS?GbZJNDSyJsYmnh'
);
$tco = new TwocheckoutFacade($config);

header('Content-Type: application/json');
$endpoint = $_POST['endpoint'];
switch ($endpoint) {
    case 'create_customer':
        $id_user = $_SESSION['id_user'];
        $user_info = get_user_info($id_user);
        if(empty($user_info['id_customer_2checkout'])) {
            $_SESSION['id_user_2co']=$id_user;
            session_write_close();
            $CustomerReference = 0;
            $buyLinkParameters = array (
                'email' => $user_info['email'],
                'prod' => $_POST['id_product'],
                'qty' => 1,
                'return-url' => $_POST['url'],
                'return-type' => 'redirect',
                'test' => ($_POST['live']) ? 0 : 1,
                'lock' => 1,
                'empty-cart' => 1,
                'merchant' => $merchant_code,
                'origin-url' => $_POST['origin_url'],
                'src' => $_POST['origin_url']
            );
        } else {
            $CustomerReference = $user_info['id_customer_2checkout'];
            $buyLinkParameters = array (
                'email' => $user_info['email'],
                'prod' => $_POST['id_product'],
                'qty' => 1,
                'return-url' => $_POST['url'],
                'return-type' => 'redirect',
                'customer-ref' => $CustomerReference,
                'test' => ($_POST['live']) ? 0 : 1,
                'lock' => 1,
                'empty-cart' => 1,
                'merchant' => $merchant_code,
                'origin-url' => $_POST['origin_url'],
                'src' => $_POST['origin_url']
            );
        }
        $buyLinkSignature = $tco->getBuyLinkSignature($buyLinkParameters);
        $buyLinkParameters['signature'] = $buyLinkSignature;
        $redirectTo = 'https://secure.2checkout.com/checkout/buy/?' . ( http_build_query( $buyLinkParameters ) );
        ob_end_clean();
        echo json_encode(array("status"=>"ok","id" => $CustomerReference,"url"=>$redirectTo));
        exit;
        break;
    case 'subscription_end_date':
        $id_user = $_SESSION['id_user'];
        $user = get_user_info($id_user);
        $id_subscription_2checkout = $user['id_subscription_2checkout'];
        $end_date = get_subscription_expiration_date($id_subscription_2checkout);
        if($end_date!==false) {
            $end_date = date('d M Y',strtotime($end_date));
        } else {
            $end_date = '--';
        }
        $name_plan = '--';
        $query = "SELECT p.name as plan FROM svt_users as u LEFT JOIN svt_plans as p ON p.id=u.id_plan WHERE u.id=$id_user LIMIT 1;";
        $result = $mysqli->query($query);
        if($result) {
            if ($result->num_rows == 1) {
                $row = $result->fetch_array(MYSQLI_ASSOC);
                $name_plan = $row['plan'];
            }
        }
        ob_end_clean();
        echo json_encode(array("status"=>"ok","end_date"=>$end_date,"name"=>$name_plan));
        break;
    case 'cancel_subscription':
        $id_user = $_SESSION['id_user'];
        if(!$demo) {
            $user = get_user_info($id_user);
            $id_subscription_2checkout = $user['id_subscription_2checkout'];
            $end_date = get_subscription_expiration_date($id_subscription_2checkout);
            if($end_date!==false) {
                $end_date = date('Y-m-d H:i:s',strtotime($end_date));
                cancel_subscription($id_subscription_2checkout);
                $result = $mysqli->query("UPDATE svt_users SET expire_plan_date='$end_date',id_subscription_2checkout=NULL,status_subscription_2checkout=0 WHERE id=$id_user;");
                if($result) {
                    $query = "SELECT u.id,u.username,u.email,u.expire_plan_date,p.name as plan,p.id as id_plan FROM svt_users as u LEFT JOIN svt_plans as p ON p.id=u.id_plan WHERE u.id=$id_user;";
                    $result = $mysqli->query($query);
                    if($result) {
                        if($result->num_rows>0) {
                            while($row=$result->fetch_array(MYSQLI_ASSOC)) {
                                $id_user = $row['id'];
                                $username = $row['username'];
                                $email_u = $row['email'];
                                $plan = $row['plan'];
                                $id_plan = $row['id_plan'];
                                set_user_log($id_user,'unsubscribe_plan',json_encode(array("id"=>$id_plan,"name"=>$plan)),date('Y-m-d H:i:s', time()));
                                if($settings['notify_plan_cancels']) {
                                    $expire_plan_date = $row['expire_plan_date'];
                                    $subject = $settings['mail_plan_canceled_subject'];
                                    $body = $settings['mail_plan_canceled_body'];
                                    $body = str_replace("%USER_NAME%",$username,$body);
                                    $body = str_replace("%PLAN_NAME%",$plan,$body);
                                    $body = str_replace('<p><br></p>','<br>',$body);
                                    $body = str_replace('<p>','<p style="padding:0;margin:0;">',$body);
                                    $subject_q = str_replace("'","\'",$subject);
                                    $body_q = str_replace("'","\'",$body);
                                    $mysqli->query("INSERT INTO svt_notifications(id_user,subject,body,notify_user,notified) VALUES($id_user,'$subject_q','$body_q',1,0);");
                                }
                            }
                        }
                    }
                    ob_end_clean();
                    echo json_encode(array("status"=>"ok"));
                    exit;
                } else {
                    ob_end_clean();
                    echo json_encode(array("status"=>"error","msg"=>"Error, retry later."));
                    exit;
                }
            } else {
                ob_end_clean();
                echo json_encode(array("status" => "error", "msg" => "Error, retry later."));
                exit;
            }
        } else {
            ob_end_clean();
            echo json_encode(array("status"=>"error","msg"=>"Demo mode, insufficient permission."));
            exit;
        }
        break;
}

function get_subscription_expiration_date($id_subscription_2checkout) {
    global $tco;
    $ExpirationDate = false;
    try {
        $result = $tco->apiCore()->call( '/subscriptions/'.$id_subscription_2checkout.'/', array(), 'GET' );
        if($result) {
            $ExpirationDate = $result['ExpirationDate'];
        }
    } catch (Exception $e) {
        echo json_encode(array("status"=>"error","msg"=>"Error, retry later."));
        exit;
    }
    return $ExpirationDate;
}

function cancel_subscription($id_subscription_2checkout) {
    global $tco;
    try {
        $tco->apiCore()->call( '/subscriptions/'.$id_subscription_2checkout.'/', array("ChurnReasons"=>array('CHURN_REASON_DONT_NEED')), 'DELETE' );
    } catch (Exception $e) {
        echo json_encode(array("status"=>"error","msg"=>"Error, retry later."));
        exit;
    }
}