RT# 39340 - created access to payment only via ip address, fixes security by creating a seperate session

5 files changed, 312 insertions, 0 deletions

diff --git a/ng_selfservice/elements/payment_only_menu.php b/ng_selfservice/elements/payment_only_menu.php
new file mode 100644
index 000000000..8fb9331e3
--- /dev/null
+++ b/ng_selfservice/elements/payment_only_menu.php
@@ -0,0 +1,101 @@
+<?
+
+require_once('session.php');
+
+$skin_info = $freeside->payment_only_skin_info( array(
+  'session_id' => $_COOKIE['session_id'],
+) );
+
+
+if ( isset($skin_info['error']) && $skin_info['error'] ) {
+  $error = $skin_info['error'];
+  header('Location:payment_only_error.php?error='. urlencode($error));
+  die();
+}
+
+extract($skin_info);
+
+?>
+<style type="text/css">
+#menu_ul ul li {
+	display: inline;
+	width: 100%;
+} 
+</style>
+
+<ul id="menu_ul">
+
+<?
+
+  $menu_array = explode("\n", $menu);
+  $submenu = array();
+
+  foreach ($menu_array AS $menu_item) {
+    if ( preg_match('/^\s*$/', $menu_item) ) {
+      print_menu($submenu, $current_menu, $menu_disable);
+      $submenu = array();
+    } else {
+      $submenu[] = $menu_item;
+    }
+  }
+  print_menu($submenu, $current_menu, $menu_disable);
+
+  function print_menu($submenu_array, $current_menu, $menu_disable) {
+    if ( count($submenu_array) == 0 ) { return; }
+
+    $links = array();
+    $labels = array();
+    foreach ($submenu_array AS $submenu_item) {
+      $pieces = preg_split('/\s+/', $submenu_item, 2, PREG_SPLIT_NO_EMPTY);
+      $links[] = $pieces[0];
+      $labels[] = $pieces[1];
+    }
+
+    print_link($links[0], $labels[0], $current_menu, $links);
+
+    if ( count($links) > 1 ) {
+      if ( in_array( $current_menu, $links ) ) {
+        echo '<img src="images/dropdown_arrow_white.gif">';
+      } else {
+        echo '<img src="images/dropdown_arrow_white.gif" style="display:none;">';
+        echo '<img src="images/dropdown_arrow_grey.gif">';
+      }
+    }
+
+    array_shift($links);
+    array_shift($labels);
+
+    echo '</a>';
+
+    if ( count($links) > 0 ) {
+      echo '<ul>';
+      foreach ($links AS $link) {
+        $label = array_shift($labels);
+        if ( in_array($label, $menu_disable) == 0) {
+          print_link($link, $label, $current_menu, array($link) );
+          echo '</a></li>';
+        }
+      }
+      echo '</ul>';
+    }
+
+    echo '</li>';
+
+  }
+
+  function print_link($link, $label, $current_menu, $search_array) {
+      echo '<li><a href="'. $link. '"';
+      if ( in_array( $current_menu, $search_array ) ) {
+        echo ' class="current_menu"';
+      }
+      echo '>'. _($label);
+  }
+
+?>
+
+</ul>
+
+<div style="clear:both;"></div>
+<table cellpadding="0" cellspacing="0" border="0" style="min-width:666px">
+<tr>
+<td class="page">
\ No newline at end of file
diff --git a/ng_selfservice/payment_only.php b/ng_selfservice/payment_only.php
new file mode 100644
index 000000000..d348b9cbc
--- /dev/null
+++ b/ng_selfservice/payment_only.php
@@ -0,0 +1,52 @@
+<?
+
+require('freeside.class.php');
+$freeside = new FreesideSelfService();
+
+$ip = $_SERVER['REMOTE_ADDR'];
+
+$mac = $freeside->get_mac_address( array('ip' => $ip, ) );
+
+$response = $freeside->ip_login( array( 
+  'mac' => $mac['mac_address'],
+) );
+
+$error = $response['error'];
+
+if ( $error ) {
+
+  $title ='Login'; include('elements/header.php');
+  include('elements/error.php');	
+  echo "Sorry "+$error;
+
+ // header('Location:index.php?username='. urlencode($mac).
+ //                          '&domain='.   urlencode($domain).
+ //                          '&email='.    urlencode($email).
+ //                          '&error='.    urlencode($error)
+ //       );
+
+}
+else {
+  // sucessful login
+
+  $session_id = $response['session_id'];
+  $mac = $mac['mac_address'];
+
+  error_log("[login] logged into freeside with ip=$ip and mac=$mac, setting cookie");
+
+  setcookie('session_id', $session_id);
+
+  $title ='IP Login';
+
+  if ( $response['custnum'] || $response['svcnum'] ) {
+
+    header("Location:payment_only_payment.php");
+    die();
+
+  }   
+
+} //successfull login
+
+?>
+
+<? include('elements/footer.php'); ?>
\ No newline at end of file
diff --git a/ng_selfservice/payment_only_error.php b/ng_selfservice/payment_only_error.php
new file mode 100644
index 000000000..2ee9f53fa
--- /dev/null
+++ b/ng_selfservice/payment_only_error.php
@@ -0,0 +1,6 @@
+<? $error = $_GET['error']; ?>
+<? $title ='Payment Only Error'; include('elements/header.php'); ?>
+There was in issue processing your payment.
+<P>
+<? include('elements/error.php'); ?>
+<? include('elements/footer.php'); ?>
\ No newline at end of file
diff --git a/ng_selfservice/payment_only_logout.php b/ng_selfservice/payment_only_logout.php
new file mode 100644
index 000000000..e172680cb
--- /dev/null
+++ b/ng_selfservice/payment_only_logout.php
@@ -0,0 +1,35 @@
+<?
+
+require('freeside.class.php');
+$freeside = new FreesideSelfService();
+
+$response = $freeside->ip_logout( array(
+  'session_id' => $_COOKIE['session_id'],
+) );
+
+setcookie('session_id', '', time() - 3600);
+
+$error = $response['error'];
+
+if ( $error ) {
+  error_log("Logout error: $error ");
+}
+
+?>
+
+<!DOCTYPE html>
+<HTML>
+  <HEAD>
+    <TITLE>
+      Logged Out
+    </TITLE>
+    <link href="css/default.css" rel="stylesheet" type="text/css"/>
+    <script type="text/javascript" src="js/jquery.js"></script>
+    <script type="text/javascript" src="js/menu.js"></script>
+  </HEAD>
+  <BODY>
+    <FONT SIZE=5>Logged Out</FONT>
+    <BR><BR>
+    You have been logged out.  
+  </BODY>
+</HTML>
\ No newline at end of file
diff --git a/ng_selfservice/payment_only_payment.php b/ng_selfservice/payment_only_payment.php
new file mode 100644
index 000000000..baed422d1
--- /dev/null
+++ b/ng_selfservice/payment_only_payment.php
@@ -0,0 +1,118 @@
+<? $title ='Make A Payment'; include('elements/header.php'); ?>
+<? $current_menu = 'payment_only_payment.php'; include('elements/payment_only_menu.php'); ?>
+
+<?
+
+if ( isset($_POST['amount']) && $_POST['amount'] ) {
+
+  $payment_results = $freeside->payment_only_process_payment(array(
+    'session_id' => $_COOKIE['session_id'],
+    'payby'      => $_POST['payby'],
+    'amount'     => $_POST['amount'],
+    'paybatch'   => $_POST['paybatch'],
+    //'discount_term' => $discount_term,
+  ));
+
+  if ( $payment_results['error'] ) {
+    $error = $payment_results['error'];
+  } else {
+    $receipt_html = $payment_results['receipt_html'];
+  }
+
+}
+
+#echo print_r($payment_results);
+
+if ( $receipt_html ) { 
+?>
+
+  Your payment was processed successfully.  Thank you.<BR><BR>
+  <? echo $receipt_html; ?>
+
+<? } else {
+
+  $payment_info = $freeside->payment_only_payment_info( array(
+    'session_id' => $_COOKIE['session_id'],
+  ) );
+
+  if ( isset($payment_info['error']) && $payment_info['error'] ) {
+    $error = $payment_info['error'];
+    // possible to just keep on this page
+    header('Location:payment_only_error.php?error='. urlencode($error));
+    die();
+  }
+
+  extract($payment_info);
+
+  $tr_amount_fee = $freeside->payment_only_mason_comp(array(
+      'session_id' => $_COOKIE['session_id'],
+      'comp'       => '/elements/tr-amount_fee.html',
+      'args'       => [ 'amount',  $balance ],
+  ));
+  //$tr_amount_fee = $tr_amount_fee->{'error'} || $tr_amount_fee->{'output'};
+  $tr_amount_fee = $tr_amount_fee['output'];
+
+ ?>
+
+  <? include('elements/error.php'); ?>
+
+  <SCRIPT TYPE="text/javascript">
+
+      function payby_changed(what) {
+        var amount = document.getElementById('amount');
+        var amountdue = document.getElementById('amountdue');
+        var surcharge_cell = document.getElementById('ajax_surcharge_cell');
+        var surcharge_percentage = document.getElementById('surcharge_percentage');
+        var surcharge_flatfee = document.getElementById('surcharge_flatfee');
+        if (what.value == "CHEK") {
+          surcharge_cell.style.display = 'none';
+          amount.value = amountdue.value;
+
+        }
+        else if (what.value == "CARD") {
+        	surcharge_cell.style.display = 'inline';
+        	amount.value = (+amountdue.value + (+amountdue.value * +surcharge_percentage.value) + +surcharge_flatfee.value).toFixed(2);
+        }
+      }
+
+    </SCRIPT>
+
+  <FORM NAME="OneTrueForm" METHOD="POST" ACTION="payment_only_payment.php" onSubmit="document.OneTrueForm.process.disabled=true">
+
+  <TABLE>
+
+  <TR>
+  	<TD ALIGN="right"><B>Payment account</B></TD>
+  	<TD COLSPAN=7>
+  	  <SELECT ID="payby" NAME="payby" onChange="payby_changed(this)">
+<? if ($CARD) { ?>
+         <OPTION VALUE="CARD"><? echo $card_type ?> <? echo $card_mask ?></OPTION>
+<? } ?>
+<? if ($CHEK) { ?>
+         <OPTION VALUE="CHEK"><? echo $check_type ?> <? echo $check_mask ?></OPTION>
+<? } ?> 	  	
+  	  </SELECT>
+  	</TD>
+  </TR>
+  	
+  <TR>
+    <TD ALIGN="right"><B>Amount&nbsp;Due</B></TD>
+    <TD COLSPAN=7>
+      <TABLE><TR><TD>
+        $<? echo sprintf("%.2f", $balance) ?>
+        <INPUT TYPE=hidden NAME="amountdue" ID="amountdue" VALUE="<? echo sprintf("%.2f", $balance) ?>" >
+      </TD></TR></TABLE>
+    </TD>
+  </TR>
+
+  <? echo $tr_amount_fee; ?>
+
+  </TABLE>
+  <BR>
+  <INPUT TYPE="hidden" NAME="paybatch" VALUE="<? echo $paybatch ?>">
+  <INPUT TYPE="submit" NAME="process" VALUE="Process payment"> <!-- onClick="this.disabled=true"> -->
+  </FORM>
+
+<? } ?>
+<? include('elements/menu_footer.php'); ?>
+<? include('elements/footer.php'); ?>
\ No newline at end of file