AnonSec Shell
Server IP : 162.214.74.102  /  Your IP : 216.73.216.36
Web Server : Apache
System : Linux dedi-4363141.lrsys.com.br 3.10.0-1160.119.1.el7.tuxcare.els25.x86_64 #1 SMP Wed Oct 1 17:37:27 UTC 2025 x86_64
User : lrsys ( 1015)
PHP Version : 5.6.40
Disable Function : exec,passthru,shell_exec,system
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /home/lrsys/public_html/lrsys_projetos/sopizzas/application/controllers/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ HOME ]     

Current File : /home/lrsys/public_html/lrsys_projetos/sopizzas/application/controllers/makePaypalDirectPayment.php
<?php
include_once("includes/main_init.php");
include_once "paypalDirectPaymentClass.php";
$myarray=array();
$cardType = $_POST['cardType'];
$cardNumber = $_POST['cardNumber'];
$cardExpMonth = $_POST['cardExpMonth'];
$cardExpYear = $_POST['cardExpYear'];
$totalAmount = $_POST["totalAmount"];
$cardExpDate = $cardExpMonth.$cardExpYear;
$cardCVV2= $_POST['cardCVV'];
$userId = $_POST['user_id'];
//`template_name`, `template`, `subject`
$orderEmailTemplate = find("first", EMAIL_TEMPLATE, "*", "where template_name=:template_name", array(":template_name"=>CUSTOMER_ORDER_TEMPLATE));

$isExsistingCard = $_POST["isExsistingCard"];
$findCardDetails = find("first", CREDIT_CARD_DETAILS, "*", "where customer_id=:customer_id", array(":customer_id"=>$userId));
$customer = find("first", CUSTOMER, "*", "where customer_id=:customer_id", array(":customer_id"=>$userId));
$isSameCard = false;
if(!empty($findCardDetails))
{
	$isSameCard = true;
}
if($isExsistingCard == "YES")
{
	//customer_id, cc_type, cc_number, cc_exp_month, cc_exp_year, cc_cvv, cc_time
	$cardType = $findCardDetails['cc_type'];
	$cardNumber = cp_decrypt($findCardDetails['cc_number'], $findCardDetails['cc_time']);
	$cardExpMonth = $findCardDetails['cc_exp_month'];
	$cardExpYear = $findCardDetails['cc_exp_year'];
	$cardExpDate = $cardExpMonth.$cardExpYear;
	$cardCVV2= cp_decrypt($findCardDetails['cc_cvv'], $findCardDetails['cc_time']);
}
$time = time();
$encrypt_card_no = cp_encrypt($cardNumber, $time);
$cardCVV = cp_encrypt($cardCVV2, $time);

$uid = $_POST["cart"];
$res_id = $_POST["res_id"];
$customer_name = $_POST["customer_name"];
$customer_lastname = $_POST["customer_lastname"];

$customer_phone = $_POST["customer_phone"];
//$customer_email = "earthtechnology10@gmail.com";
$customer_buildtype = $_POST["customer_buildtype"];
$customer_crossstreet = $_POST["customer_crossstreet"];
$customer_landmark = $_POST["customer_landmark"];
$ordertime = $_POST["order_time"];
$orderdate = $_POST["order_date"];
//$myarray["post"] = $_POST;
$customer_zipcode = $_POST["customer_zipcode"];
$instructionsVal =$_POST["instructionsVal"];
$tip = $_POST["tip"];
$offer = $_POST["offer"];
$DeliveryCharge = $_POST["DeliveryCharge"];

$execute = array(':restaurant_id' => $res_id);
//restaurant_id, restaurant_estimated_time, restaurant_name, restaurant_delivery_charge, restaurant_minorder_price, restaurant_salestax, restaurant_commission_fixed, restaurant_commission_percnt, restaurant_commissiontype
$detail = find("first", RESTAURANT, "restaurant_id, restaurant_estimated_time, restaurant_name, restaurant_delivery_charge, restaurant_minorder_price, restaurant_salestax, restaurant_commission_fixed, restaurant_commission_percnt, restaurant_commissiontype", "where restaurant_id=:restaurant_id", $execute);
$isFixedCommision = true;
$comissionValue = $detail["restaurant_commission_fixed"];
if($detail["restaurant_commission_fixed"] == "")
{
	$isFixedCommision = false;
	$comissionValue = $detail["restaurant_commission_percnt"];
}
//delivery_by_admin_fee, delivery_by_restaurant, delivery_by_admin, estimated_delivery_time, admin_minorder_price, driver_payout
$settings = find("first", GENERAL_SETTINGS, "*", "WHERE 1", array());
$driverCommission = $settings["driver_payout"];
//echo json_encode($myarray);
//exit;

if(isset($order_time) && $order_time!='') 
{
	$ctime=explode(":",$order_time);
}

 //$orderdate=$ctime[2]."-".$ctime[3]."-".$ctime[4];
 //$ordertime=$ctime[0]."-".$ctime[1];

 $orderType = $_POST["orderType"];
//exit;
if($orderType=='d')
{
	$orderType="delivery";
}
else
{
	$orderType="pickup";
}
//$userid='4995';
//$cart_existsval=unserialize(base64_decode($uid));
$cart_existsval = json_decode($uid, true);
$dataString='';
$myc_total_price = 0;
$myc_main_total =0;
$customer_email = $customer["customer_email"];
$address = $customer_crossstreet.', '.$customer_zipcode;
if($address!='') {
	$geo = file_get_contents('http://maps.googleapis.com/maps/api/geocode/json?address='.urlencode($address).'&sensor=false');
	// We convert the JSON to an array
	$geo = json_decode($geo, true);
	// If everything is cool
	if ($geo['status'] = 'OK') {
	// We set our values
	$latitude = isset($geo['results'][0]['geometry']['location']['lat'])? $geo['results'][0]['geometry']['location']['lat']: DEFAULT_LAT;
	$longitude = isset($geo['results'][0]['geometry']['location']['lng'])? $geo['results'][0]['geometry']['location']['lng'] : DEFAULT_LONG;
	}
	else {
	  $latitude = DEFAULT_LAT;
	  $longitude = DEFAULT_LONG;
	}
  }
  else {
	$latitude = DEFAULT_LAT;
	$longitude = DEFAULT_LONG;
  }

$requestParams = array(
    'IPADDRESS' => $_SERVER['REMOTE_ADDR'],          // Get our IP Address
    'PAYMENTACTION' => 'Sale'
);
$creditCardDetails = array(
    'CREDITCARDTYPE' => $cardType,
    'ACCT' => $cardNumber,
    'EXPDATE' => $cardExpDate,          // Make sure this is without slashes (NOT in the format 07/2017 or 07-2017)
    'CVV2' => $cardCVV2
);
$payerDetails = array(
    'FIRSTNAME' => $customer_name,//$customer["customer_name"], 
    'LASTNAME' => $customer_lastname,//$customer["customer_lastname"],
    'COUNTRYCODE' => 'US',
    'STATE' => $customer["customer_state"],
    'CITY' => $customer["customer_city"],
    'STREET' => $customer["customer_crossstreet"],//customer_street
    'ZIP' => $customer["customer_zip"]
);
$orderParams = array(
    'AMT' => $totalAmount,               // This should be equal to ITEMAMT + SHIPPINGAMT
    'ITEMAMT' => $totalAmount,
    'SHIPPINGAMT' => '0',
    'CURRENCYCODE' => 'USD'       // USD for US Dollars
);
$item = array(
    'L_NAME0' => 'Dine2You Order',
    'L_DESC0' => '',
    'L_AMT0' => $totalAmount,
    'L_QTY0' => '1'
);
$paypal = new Paypal();
$response = $paypal -> request('DoDirectPayment',
    $requestParams + $creditCardDetails + $payerDetails + $orderParams + $item
);
function numberFormat($value)
{
	return number_format($value, 2, ".", "");
}

if( is_array($response) && $response['ACK'] == 'Success') { // Payment successful
    // We'll fetch the transaction ID for internal bookkeeping
    $transactionId = $response['TRANSACTIONID'];
	if(!$isSameCard)
	{
		save(CREDIT_CARD_DETAILS, "customer_id, cc_type, cc_number, cc_exp_month, cc_exp_year, cc_cvv, cc_time", ":customer_id, :cc_type, :cc_number, :cc_exp_month, :cc_exp_year, :cc_cvv, :cc_time", array(":customer_id"=>$userId, ":cc_type"=>$cardType, ":cc_number"=>$encrypt_card_no, ":cc_exp_month"=>$cardExpMonth, ":cc_exp_year"=>$cardExpYear, ":cc_cvv"=>$cardCVV, ":cc_time"=>$time));
	}
	else{
			update(CREDIT_CARD_DETAILS, "cc_type=:cc_type, cc_number=:cc_number, cc_exp_month=:cc_exp_month, cc_exp_year=:cc_exp_year, cc_cvv=:cc_cvv, cc_time=:cc_time", "where customer_id=:customer_id", array(":customer_id"=>$userId, ":cc_type"=>$cardType, ":cc_number"=>$encrypt_card_no, ":cc_exp_month"=>$cardExpMonth, ":cc_exp_year"=>$cardExpYear, ":cc_cvv"=>$cardCVV, ":cc_time"=>$time));
	}
    $txn_id = $transactionId;
	if($cart_existsval!='')
	{
		//deliverylatitude, deliverylongitude, orderdate
		$execute1 = array(':restaurant_id' => $res_id);
		$res = find("first", RESTAURANT, "*", "where restaurant_id =:restaurant_id", $execute1);
		$settings = find("first", GENERAL_SETTINGS, "*", "WHERE 1", array());
		if($res['restaurant_estimated_time'] == "")
		{
			$res["restaurant_estimated_time"] = $settings['estimated_delivery_time'];
		}
		$orderdate = $res["restaurant_estimated_time"]." mins";
		$fields_member="restaurant_id,restaurant_name,customer_id,usertype,customername,customerlastname,customeremail,customercellphone,deliverydoornumber,deliverystreet,deliverylandmark,deliverytype,deliverydate, deliverytime, payment_type,transaction_id, deliveryzip, instructions, status, deliverylatitude, deliverylongitude, orderdate";
		$values_member=":restaurant_id,:restaurant_name,:customer_id,:usertype,:customername,:customerlastname,:customeremail,:customercellphone,:deliverydoornumber,:deliverystreet,:deliverylandmark,:deliverytype,:deliverydate, :deliverytime, :payment_type,:transaction_id, :deliveryzip, :instructions, :status, :deliverylatitude, :deliverylongitude, :orderdate";
		$execute_member=array(':restaurant_id'=> trim($res_id),':restaurant_name'=> trim(htmlentities($res['restaurant_name'])),':customer_id'=> trim($userId),':usertype'=> 'C',':customername'=> trim(htmlentities($customer_name)),':customerlastname'=> trim(htmlentities($customer_lastname)),':customeremail'=> $customer["customer_email"],':customercellphone'=> $customer_phone,':deliverydoornumber'=> trim(htmlentities($customer_buildtype)),':deliverystreet'=> trim(htmlentities($customer_crossstreet)),':deliverylandmark'=> trim(htmlentities($customer_landmark)),':deliverytype'=> trim(htmlentities($orderType)),':deliverydate'=>$orderdate, ':deliverytime'=>$ordertime, ':payment_type'=> 'CC',':transaction_id'=> trim(htmlentities($txn_id)), ":deliveryzip"=>$customer_zipcode, ":instructions"=>$instructionsVal, ":status"=>"In Preparation", ":deliverylatitude"=>$latitude, ":deliverylongitude"=>$longitude, ":orderdate"=>date("Y-m-d H:i:s"));
		$mainorder=save(ORDER, $fields_member, $values_member, $execute_member);
		$myc_addon_total_price = 0;
		$myc_calories = 0;
		$show_calories = 0;
		$menu_quantity = 0;
		$addonname='';
		$cart_items = "";
		
		//print_r($cart_existsval);
		foreach($cart_existsval['cart'] as $k=>$list)
		{
			//$unitPrice = numberFormat(($list['menu_price']-($list["addons_price"]))/$list["quantity"]);
			$unitPrice = numberFormat($list["item_price"]);
			//if($_POST["size_name"] == "")
			//{
			//	$find_menu = find("first", RESTAURANT_MENU, "menu_price", "where id=:id and restaurant_id=:restaurant_id", array(":id"=>$list['menu_id'], ":restaurant_id"=>$res_id));
			//	$unitPrice = $find_menu["menu_price"];
			//}else{
			//	$find_menu_size = find("first", RESTAURANT_MENU_SIZE, "menu_slice_price", "where menu_slice_menuid=:menu_slice_menuid and menu_slice_name=:menu_slice_name", array(":menu_slice_menuid"=>$list['menu_id'], ":menu_slice_name"=>trim($_POST["size_name"])));
			//	$unitPrice = $find_menu_size["menu_slice_price"];
			//}
			//$unitPrice = numberFormat($unitPrice);
			
		//tax_per=:tax_per, ordersubtotal=:ordersubtotal, res_comm_perchantage=:res_comm_perchantage, res_comm_price=:res_comm_price, 
			$fields_member="menuid,restaurantid,orderid,menuname,menuprice,quantity,tot_menuprice,addonsname,addonsprice, specialinstruction";
			$values_member=":menuid,:restaurantid,:orderid,:menuname,:menuprice,:quantity,:tot_menuprice,:addonsname,:addonsprice, :specialinstruction";
			$execute_member=array(':menuid'=> $list['menu_id'],':restaurantid'=> $res_id,':orderid'=> $mainorder,':menuname'=> trim(htmlentities($list['menu_name'])),':menuprice'=> $unitPrice,':quantity'=> $list["quantity"],':tot_menuprice'=> numberFormat($list['menu_price']),':addonsname'=> trim(htmlentities($list["addons"])),':addonsprice'=> numberFormat($list["addons_price"]), ":specialinstruction"=>$list["specialinstruction"]);
			$ladtcus=save(RESTAURANT_CART, $fields_member, $values_member, $execute_member);
			$cart_items .= '<tr class="even" style="">';
            $cart_items .=     '<td style="text-align: center;">'.($k+1).'</td>';
			if($list["addons"] != "")
			{
			$cart_items .=     '<td style="text-align: center;">'.trim(htmlentities($list['menu_name'])).'<br />'.trim(htmlentities($list["addons"])).'</td>';
			}else{
            $cart_items .=     '<td style="text-align: center;">'.trim(htmlentities($list['menu_name'])).'</td>';
			}
            $cart_items .=     '<td style="text-align: center;">'.$list["quantity"].'</td>';
            $cart_items .=     '<td style="text-align: center;">$'.$unitPrice.'</td>';
            $cart_items .=     '<td style="text-align: center;">$'.numberFormat($list['menu_price']).'</td>';
            $cart_items .=   '</tr>';
		}
		if($orderType=="delivery")
		{
			$dcharged=$res['restaurant_delivery_charge'];
		}
		else
		{
			$dcharged=0;
		}
		
		
		$txxprice=$_POST["tax"];
		$myc_total_price_sub = $_POST["sub_total"];
		$item_total = ($myc_total_price_sub - $txxprice - $tip);
		if($isFixedCommision)
		{
			$restaurantCommission = $comissionValue;
		}else{
			$restaurantCommission = ($item_total * $comissionValue)/100;
		}
		$myc_total_price = $_POST["total"];
		
		
		$fields1="ordergenerateid=:ordergenerateid,ordertotalprice=:ordertotalprice,taxvalue=:taxvalue,orderdate=:orderdate, driver_commission=:driver_commission, commission=:commission, delivery_charged=:delivery_charged, tip=:tip, offervalue=:offer, tax_per=:tax_per, ordersubtotal=:ordersubtotal, res_comm_perchantage=:res_comm_perchantage, res_comm_price=:res_comm_price, menuprice_total=:menuprice_total, foodassoonas=:foodassoonas";
		$values1="WHERE orderid=:orderid";
		$execute1=array(':ordergenerateid'=> 'ORD'.$mainorder,
						':ordertotalprice'=> numberFormat($myc_total_price),
						":menuprice_total"=>numberFormat($item_total),
						':taxvalue'=> numberFormat($txxprice),
						':orderdate'=> date('Y-m-d H:i:s'),
						':orderid'=>$mainorder,
						":driver_commission"=>numberFormat($driverCommission),
						":commission"=>numberFormat($restaurantCommission),
						":delivery_charged"=>numberFormat($DeliveryCharge),
						":tip"=>numberFormat($tip),
						":offer"=>numberFormat($offer),
						":foodassoonas"=>$_POST["checkout_asap"],
						":tax_per"=>$detail["restaurant_salestax"],
						":ordersubtotal"=>numberFormat($myc_total_price_sub),
						":res_comm_perchantage"=>$detail["restaurant_commission_percnt"] != "" ? $detail["restaurant_commission_percnt"] : "",
						":res_comm_price"=>$detail["restaurant_commission_fixed"] !="" ? $detail["restaurant_commission_fixed"] : "",
						);
		
		$sv_mchne1=update(ORDER, $fields1, $values1,$execute1);
		//print_r($execute1);
		//exit;
	}
	
	/*EMAIL TEMPLATES*/
	$variables['image_path'] = BASE_URL.'assets/';
	$variables['customer_email'] = $customer_email;

	$variables['order_id'] = 'ORD'.$mainorder;
	$variables['customer_name'] = $customer["customer_name"]." ".$customer["customer_lastname"];
	$variables['cart_items'] = $cart_items;
	$variables['total_item_price_label'] = "Total Item Price";
	$variables['total_item_price'] = numberFormat($item_total);
	$variables['tax_label'] = "Tax(".$detail["restaurant_salestax"]."%)";
	$variables['tax_amount'] = numberFormat($txxprice);
	$variables['sub_total_label'] = "Sub Total";
	$variables['sub_total_amount'] = numberFormat($myc_total_price_sub);
	$variables['delivery_charge_label'] = "Delivery Charge";
	$variables['delivery_charge_amount'] = numberFormat($DeliveryCharge);
	$variables['tips_label'] = "Tips";
	$variables['tips_amount'] = numberFormat($tip);
	$variables['offer_label'] = "Coupon Discount";
	$variables['offer_amount'] = numberFormat($offer);
	$variables['grand_total_label'] = "Grand Total";
	$variables['grand_total'] = numberFormat($totalAmount);
	
	$variables['site_address'] = SITE_ADDRESS;
	$variables['sender_name'] = SITENAME;
	$variables['site_name'] = SITENAME;
	$mail_Body=htmlspecialchars_decode($orderEmailTemplate["template"]);
	$subject = $orderEmailTemplate["subject"];
	foreach($variables as $key => $value) {
	  $mail_Body = str_replace('{{'.$key.'}}', $value, $mail_Body);
	}

	@Send_HTML_Mail($customer_email, '', '', $subject, $mail_Body);
	array_push($myarray,array('message' => 'Thank you. You have successfully placed your order.', "success"=>1, "inserted_id"=>$mainorder));
}
else
{
	   array_push($myarray,array('message' => 'Payment process failed', "success"=>0, "error_message_long"=>$response['L_LONGMESSAGE0'], "error_message_short"=>$response['L_SHORTMESSAGE0'], "paypal_error"=>$paypal->_errors, "ack"=>$response['ACK']));
}
echo json_encode($myarray);
exit;
?>

Anon7 - 2022
AnonSec Team