Koha/opac/opac-account-pay.pl
Jonathan Druart 6a0246e248 Bug 22542: Force back button to display personal data
This is a follow-up of bug 5371

The following command must not return anything:
grep ^output_html_with_http_headers `git grep -l -P "authnotrequired\s*=>\s*0" opac`|grep -v force_no_caching

This must be a test somehwere to prevent further regressions.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-05-02 13:43:48 +00:00

151 lines
4.9 KiB
Perl
Executable file

#!/usr/bin/perl
# Copyright ByWater Solutions 2015
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation; either version 3 of the License, or (at your option) any later
# version.
#
# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with Koha; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
use utf8;
use Modern::Perl;
use CGI;
use HTTP::Request::Common;
use LWP::UserAgent;
use URI;
use C4::Auth;
use C4::Output;
use C4::Context;
use Koha::Acquisition::Currencies;
use Koha::Database;
use Koha::Plugins::Handler;
my $cgi = new CGI;
my $payment_method = $cgi->param('payment_method');
my @accountlines = $cgi->multi_param('accountline');
my $use_plugin;
if ( $payment_method ne 'paypal' ) {
$use_plugin = Koha::Plugins::Handler->run(
{
class => $payment_method,
method => 'opac_online_payment',
cgi => $cgi,
}
);
}
unless ( C4::Context->preference('EnablePayPalOpacPayments') || $use_plugin ) {
print $cgi->redirect("/cgi-bin/koha/errors/404.pl");
exit;
}
my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
{
template_name => "opac-account-pay-error.tt",
query => $cgi,
type => "opac",
authnotrequired => 0,
debug => 1,
}
);
my $amount_to_pay =
Koha::Database->new()->schema()->resultset('Accountline')->search( { accountlines_id => { -in => \@accountlines } } )
->get_column('amountoutstanding')->sum();
$amount_to_pay = sprintf( "%.2f", $amount_to_pay );
my $active_currency = Koha::Acquisition::Currencies->get_active;
my $error = 0;
if ( $payment_method eq 'paypal' ) {
my $ua = LWP::UserAgent->new;
my $url =
C4::Context->preference('PayPalSandboxMode')
? 'https://api-3t.sandbox.paypal.com/nvp'
: 'https://api-3t.paypal.com/nvp';
my $opac_base_url = C4::Context->preference('OPACBaseURL');
my $return_url = URI->new( $opac_base_url . "/cgi-bin/koha/opac-account-pay-paypal-return.pl" );
$return_url->query_form( { amount => $amount_to_pay, accountlines => \@accountlines } );
my $cancel_url = URI->new( $opac_base_url . "/cgi-bin/koha/opac-account.pl" );
my $nvp_params = {
'USER' => C4::Context->preference('PayPalUser'),
'PWD' => C4::Context->preference('PayPalPwd'),
'SIGNATURE' => C4::Context->preference('PayPalSignature'),
# API Version and Operation
'METHOD' => 'SetExpressCheckout',
'VERSION' => '82.0',
# API specifics for SetExpressCheckout
'NOSHIPPING' => 1,
'REQCONFIRMSHIPPING' => 0,
'ALLOWNOTE' => 0,
'BRANDNAME' => C4::Context->preference('LibraryName'),
'CANCELURL' => $cancel_url->as_string(),
'RETURNURL' => $return_url->as_string(),
'PAYMENTREQUEST_0_CURRENCYCODE' => $active_currency->currency,
'PAYMENTREQUEST_0_AMT' => $amount_to_pay,
'PAYMENTREQUEST_0_PAYMENTACTION' => 'Sale',
'PAYMENTREQUEST_0_ALLOWEDPAYMENTMETHOD' => 'InstantPaymentOnly',
'PAYMENTREQUEST_0_DESC' => C4::Context->preference('PayPalChargeDescription'),
'SOLUTIONTYPE' => 'Sole',
};
my $response = $ua->request( POST $url, $nvp_params );
if ( $response->is_success ) {
my $urlencoded = $response->content;
my %params = URI->new( "?$urlencoded" )->query_form;
if ( $params{ACK} eq "Success" ) {
my $token = $params{TOKEN};
my $redirect_url =
C4::Context->preference('PayPalSandboxMode')
? "https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token="
: "https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=";
print $cgi->redirect( $redirect_url . $token );
}
else {
$template->param( error => "PAYPAL_ERROR_PROCESSING" );
$error = 1;
}
}
else {
$template->param( error => "PAYPAL_UNABLE_TO_CONNECT" );
$error = 1;
}
output_html_with_http_headers( $cgi, $cookie, $template->output, undef, { force_no_caching => 1 } ) if $error;
}
else {
Koha::Plugins::Handler->run(
{
class => $payment_method,
method => 'opac_online_payment_begin',
cgi => $cgi,
}
);
}