} else {
- print_header($strloginto, $course->fullname,
+ print_header($strloginto, $course->fullname,
"<a href=\"$CFG->wwwroot/course/\">$strcourses</a> -> $strloginto");
print_course($course, "80%");
echo '</div>';
} else {
//Sanitise some fields before building the PayPal form
- $coursefullname = $this->sanitise_for_paypal($course->fullname);
- $courseshortname = $this->sanitise_for_paypal($course->shortname);
- $userfullname = $this->sanitise_for_paypal(fullname($USER));
- $userfirstname = $this->sanitise_for_paypal($USER->firstname);
- $userlastname = $this->sanitise_for_paypal($USER->lastname);
- $useraddress = $this->sanitise_for_paypal($USER->address);
- $usercity = $this->sanitise_for_paypal($USER->city);
+ $coursefullname = $course->fullname;
+ $courseshortname = $course->shortname;
+ $userfullname = fullname($USER);
+ $userfirstname = $USER->firstname;
+ $userlastname = $USER->lastname;
+ $useraddress = $USER->address;
+ $usercity = $USER->city;
include($CFG->dirroot.'/enrol/paypal/enrol.html');
}
$str = $manual->get_access_icons($course);
} else {
-
+
$strrequirespayment = get_string("requirespayment");
$strcost = get_string("cost");
case 'AUD': $currency = '$'; break;
default: $currency = '$'; break;
}
-
+
$str .= '<div class="cost" title="'.$strrequirespayment.'">'.$strcost.': ';
$str .= $currency.format_float($cost,2).'</div>';
-
+
}
return $str;
'AUD' => 'Australian Dollars'
);
- $vars = array('enrol_cost', 'enrol_currency', 'enrol_paypalbusiness',
+ $vars = array('enrol_cost', 'enrol_currency', 'enrol_paypalbusiness',
'enrol_mailstudents', 'enrol_mailteachers', 'enrol_mailadmins');
foreach ($vars as $var) {
if (!isset($frm->$var)) {
$frm->$var = '';
- }
+ }
}
include("$CFG->dirroot/enrol/paypal/config.html");
$config->enrol_mailadmins = '';
}
set_config('enrol_mailadmins', $config->enrol_mailadmins);
-
- return true;
-}
+ return true;
-//To avoid wrong (for PayPal) characters in sent data
-function sanitise_for_paypal($text) {
- $textlib = textlib_get_instance();
- $text = $textlib->specialtoascii($text);
- // TODO: characters that have no ascii equivalents are not sanitized properly :-(
- return $text;
}
/**
* This script waits for Payment notification from PayPal,
* then double checks that data by sending it back to PayPal.
* If PayPal verifies this then it sets up the enrolment for that
-*
+*
* Set the $user->timeaccess course array
*
* @param user referenced object, must contain $user->id already set
error("Sorry, you can not use the script that way.");
}
-/// Read all the data from PayPal and get it ready for later
+/// Read all the data from PayPal and get it ready for later;
+/// we expect only valid UTF-8 encoding, it is the responsibility
+/// of user to set it up properly in PayPal business acount,
+/// it is documented in docs wiki.
$req = 'cmd=_notify-validate';
+ $data = new object();
+
foreach ($_POST as $key => $value) {
- $value = urlencode(stripslashes($value));
- $req .= "&$key=$value";
- $data->$key = urldecode($value);
+ $value = stripslashes($value);
+ $req .= "&$key=".urlencode($value);
+ $data->$key = $value;
}
$custom = explode('-', $data->custom);
// If our status is not completed or not pending on an echeck clearance then ignore and die
// This check is redundant at present but may be useful if paypal extend the return codes in the future
- if (! ( $data->payment_status == "Completed" or
+ if (! ( $data->payment_status == "Completed" or
($data->payment_status == "Pending" and $data->pending_reason == "echeck") ) ) {
die;
}
email_paypal_error_to_admin("Transaction $data->txn_id is being repeated!", $data);
die;
- }
-
+ }
+
if ($data->business != $CFG->enrol_paypalbusiness) { // Check that the email is the one we want it to be
email_paypal_error_to_admin("Business email is $data->business (not $CFG->enrol_paypalbusiness)", $data);
die;
- }
-
+ }
+
if (!$user = get_record('user', 'id', $data->userid)) { // Check that user exists
email_paypal_error_to_admin("User $data->userid doesn't exist", $data);
die;
}
$cost = format_float($cost, 2);
- if ($data->payment_gross < $cost) {
+ if ($data->payment_gross < $cost) {
email_paypal_error_to_admin("Amount paid is not enough ($data->payment_gross < $cost))", $data);
die;
if (!empty($CFG->enrol_mailstudents)) {
$a->coursename = "$course->fullname";
$a->profileurl = "$CFG->wwwroot/user/view.php?id=$user->id";
- email_to_user($user, $teacher, get_string("enrolmentnew", '', $course->shortname),
+ email_to_user($user, $teacher, get_string("enrolmentnew", '', $course->shortname),
get_string('welcometocoursetext', '', $a));
}
if (!empty($CFG->enrol_mailteachers)) {
$a->course = "$course->fullname";
$a->user = fullname($user);
- email_to_user($teacher, $user, get_string("enrolmentnew", '', $course->shortname),
+ email_to_user($teacher, $user, get_string("enrolmentnew", '', $course->shortname),
get_string('enrolmentnewuser', '', $a));
}
$a->user = fullname($user);
$admins = get_admins();
foreach ($admins as $admin) {
- email_to_user($admin, $user, get_string("enrolmentnew", '', $course->shortname),
+ email_to_user($admin, $user, get_string("enrolmentnew", '', $course->shortname),
get_string('enrolmentnewuser', '', $a));
}
}
projects / moodle.git / commitdiff