summaryrefslogtreecommitdiffstats
path: root/frontend/payments/classes/class.ApiNarocilaController.php
blob: 6a92fb6f56f39e2e432370bc7efeca3ade7e724b (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
<?php


/**
 *
 *  Class ki vsebuje funkcije APIJA za narocila (oddaj narocilo, izvedi placilo...)
 *
 */
use GeoIp2\Database\Reader;

class ApiNarocilaController{
    
    
    private $private_key = 'NLFYb67/[pUE%W-s';	// Kljuc za preverjanje tokena
    
	private $params;	// Parametri v url-ju
    private $data;		// Podatki poslani preko post-a
    
    private $response = array();    // Response, ki ga vrnemo v json formatu
    
    
	function __construct(){		

		// Preberemo poslane podatke
		$this->processCall();	
        

        // Preverimo, ce je klic ok (token)
        if($this->checkToken()){

		    // Izvedemo akcijo
            $this->executeAction();
        }


        // Logiramo response klica
        $SL = new SurveyLog();

        // Napaka pri klicu
        if(isset($this->response['success']) && $this->response['success'] == false){
            $SL->addMessage(SurveyLog::PAYMENT, "NAPAKA pri klicu za plačevanje ".$this->params['action'].": ".$this->response['error']);
        }
        else{
            if(isset($this->data['email']))
                $call_data = ', '.$this->data['email'];
            elseif(isset($this->data['narocilo_id']))
                $call_data = ', '.$this->data['narocilo_id'];
            else
                $call_data = '';

            $SL->addMessage(SurveyLog::PAYMENT, "USPEŠEN KLIC (".$this->params['action'] . $call_data.")");
        }
            
        $SL->write();


        // Vrnemo json objekt responsa
        $this->processReturn();
	}
	
	
	// Preberemo poslane podatke (ce posiljamo preko curl)
	private function processCall(){

        // Metoda - POST, GET, DELETE...
        $this->method = $_SERVER['REQUEST_METHOD'];

        // Get parametri
        $this->params = $_GET;
        
		// Preberemo podatke iz post-a
        $this->data = json_decode(file_get_contents('php://input'), true);

        if(is_null($this->data)){
            $this->data = $_POST;
        }
    }

    private function checkToken(){
        $raw_post_data = '';

        if($this->method == 'POST' && $this->data){
            $raw_post_data = http_build_query($this->data);
        }
        
        // Dobimo request (brez id in token)
        $request_url = ($_SERVER["HTTPS"] == 'on') ? 'https://'.$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"] : 'http://'.$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];

        if(!isset($_SERVER['HTTP_IDENTIFIER']))
            $request_url = preg_replace('/([?&])identifier=[^&]+(&|$)/', '$1', $request_url);

        if(!isset($_SERVER['HTTP_TOKEN']))
            $request_url = preg_replace('/([?&])token=[^&]+(&|$)/', '$1', $request_url);

        if(!isset($_SERVER['HTTP_TOKEN']) || !isset($_SERVER['HTTP_IDENTIFIER']))
            $request_url = substr($request_url, 0, -1);
        
        // Na nasi strani naredimo hmac podatkov z ustreznim private key-em
        $data = $this->method . $request_url . $raw_post_data;
        $token = hash_hmac('sha256', $data, $this->private_key);
                        
        if($this->params['token'] == $token)
            return true;
        else{
            $this->response['error'] = 'Napaka! Napačen token.';
            $this->response['success'] = false;
            
            return false;
        }
    }
    

    // Preveri ce je user ze logiran v 1ko in nastavi globalne spremenljivke in cookie (kopirano iz function.php)
    private function executeAction(){
        global $lang;
        
        if (!isset($this->params['action'])) {
            $this->response['error'] = 'Napaka! Manjkajo parametri!';
            $this->response['success'] = false;
        } 
        else {
            
            // Vedno nastavimo ustrezni jezik (npr. za emaile) ce imamo parameter
            $language = isset($this->data['lang']) ? $this->data['lang'] : 'sl';
            if($language == 'en'){
                include('../../lang/2.php');
            }

            switch ($this->params['action']) {


                // Ustvari novo narocilo
                case 'create_narocilo':
                    $narocilo = new UserNarocila();
                    $this->response = $narocilo->createNarocilo($this->data);

                    break;


                // Posodobi obstoječe narocilo (npr. nastavi nacin placila)
                case 'update_narocilo':
                    $narocilo = new UserNarocila();
                    $this->response = $narocilo->updateNarocilo($this->data);

                    break; 


                // Dobi podatke zadnjega narocila za uporabnika
                case 'get_last_narocilo':

                    $usr_id = 0;

                    // Dobimo user id iz emaila
                    if(isset($this->data['email'])){
                        $sqlU = sisplet_query("SELECT id FROM users WHERE email='".$this->data['email']."'");
                        $rowU = mysqli_fetch_array($sqlU);
                        
                        $usr_id = $rowU['id'];
                    }

                    if($usr_id == '' || $usr_id == 0){
                        $this->response['error'] = 'ERROR! Missing user ID.';
                        $this->response['success'] = false;

                        break;
                    }

                    // Dobimo podatke zadnjega narocila
                    $narocilo = new UserNarocila();
                    $last_narocilo = $narocilo->getLastNarocilo($usr_id);

                    $this->response = $last_narocilo;

                    break;


                // Dobimo pdf predracun (ce ne obstaja ga ustvarimo)
                case 'get_predracun':

                    if(isset($this->data['narocilo_id'])){
                        $cebelica = new UserNarocilaCebelica($this->data['narocilo_id']);
                        $this->response = $cebelica->getNarociloPredracun();
                    }
                    else{
                        $this->response['error'] = 'Napaka! Manjka ID narocila!';
                        $this->response['success'] = false;
                    }

                    break;


                // Dobimo pdf racun
                case 'get_racun':

                    if(isset($this->data['narocilo_id'])){
                        $cebelica = new UserNarocilaCebelica($this->data['narocilo_id']);
                        $this->response = $cebelica->getNarociloRacun();
                    }
                    else{
                        $this->response['error'] = 'Napaka! Manjka ID narocila!';
                        $this->response['success'] = false;
                    }

                    break;


                // Placamo narocilo - aktiviramo uporabniku paket za uporabo, zgeneriramo in vrnemo url do pdf racuna in ga tudi posljemo po mailu
                case 'placaj_narocilo':

                    $narocilo = new UserNarocila();
                    $this->response = $narocilo->payNarocilo($this->data['narocilo_id']);

                    break;


                // Dobimo vse pakete, ki so na voljo
                case 'get_paketi':
                
                    $narocilo = new UserNarocila();

                    $sqlPackages = sisplet_query("SELECT id, name, description FROM user_access_paket");
                    while($row = mysqli_fetch_array($sqlPackages)){

                        $this->response['paketi'][$row['id']] = $row;

                        // Dobimo se ceno za paket za 1, 3 in 12 mesecev
                        if($row['name'] == '2ka' || $row['name'] == '3ka'){

                            // Cene za 1 mesec
                            $cena1 = $narocilo->getPrice($row['name'], 1);
                            foreach($cena1 as $key => $value){
                                $cena1[$key] = str_replace('.', ',', $value);
                            }
                            $this->response['paketi'][$row['id']]['price']['1'] = $cena1;

                            // Cene za 3 mesece
                            $cena3 = $narocilo->getPrice($row['name'], 3);
                            foreach($cena3 as $key => $value){
                                $cena3[$key] = str_replace('.', ',', $value);
                            }
                            $this->response['paketi'][$row['id']]['price']['3'] = $cena3;

                            // Cene za 12 mesecev
                            $cena12 = $narocilo->getPrice($row['name'], 12);
                            foreach($cena12 as $key => $value){
                                $cena12[$key] = str_replace('.', ',', $value);
                            }
                            $this->response['paketi'][$row['id']]['price']['12'] = $cena12;
                        }
                    }

                    break;

                // Poslje maila za povprasevanje za poslovne uporabnike
                case 'send_poslovni_uporabniki':
                    $narocilo = new UserNarocila();
                    $this->response = $narocilo->sendPoslovniUporabniki($this->data);

                    break;

                // Vrne trenutno aktivno narocnino
                case 'get_active_subscription':

                    $usr_id = 0;

                    // Dobimo user id iz emaila
                    if(isset($this->data['email'])){
                        $sqlU = sisplet_query("SELECT id FROM users WHERE email='".$this->data['email']."'");
                        $rowU = mysqli_fetch_array($sqlU);
                        
                        $usr_id = $rowU['id'];
                    }

                    if($usr_id == '' || $usr_id == 0){
                        $this->response['error'] = 'ERROR! Missing user ID.';
                        $this->response['success'] = false;

                        break;
                    }

                    // Dobimo ime paketa iz id-ja
                    $sqlPackage = sisplet_query("SELECT name FROM user_access_paket WHERE id='".$this->data['package_id']."'");
                    $rowPackage = mysqli_fetch_array($sqlPackage);

                    $narocilo = new UserNarocila();

                    $discount = $narocilo->getDiscount($usr_id, $rowPackage['name'], $this->data['trajanje']);
                    $price = $narocilo->getPrice($rowPackage['name'], $this->data['trajanje'], $discount);

                    $this->response = $price;

                    break;
                
                // Dokoncaj narocilo ce je placano preko paypala (ko je stranka potrdila placilo v paypalu)
                case 'capture_narocilo_paypal':

                    if(isset($this->data['narocilo_id'])){
                        $paypal = new UserNarocilaPaypal($this->data['narocilo_id']);
                        $this->response = $paypal->paypalCaptureOrder();
                    }
                    else{
                        $this->response['error'] = 'Napaka! Manjka ID narocila!';
                        $this->response['success'] = false;
                    }  

                    break; 
                
                // Preklici narocilo za paypal (ko je stranka preklicala placilo v paypalu)
                case 'cancel_narocilo_paypal':

                    if(isset($this->data['narocilo_id'])){
                        $paypal = new UserNarocilaPaypal($this->data['narocilo_id']);
                        $this->response = $paypal->paypalCancelOrder();
                    }
                    else{
                        $this->response['error'] = 'Napaka! Manjka ID narocila!';
                        $this->response['success'] = false;
                    }  

                    break; 

                // Preveri, ce je podjetje zavezanec iz tujine (eu) in ustrezno preracuna znesek (odbije ddv)
                case 'check_ddv':

                    $podjetje_drzava = isset($this->data['podjetje_drzava']) ? $this->data['podjetje_drzava'] : '';
                    $podjetje_davcna = isset($this->data['podjetje_davcna']) ? $this->data['podjetje_davcna'] : '';
                    $cena = isset($this->data['cena']) ? str_replace(',', '.', $this->data['cena']) : '';

                    if($podjetje_drzava != '' && $cena != ''){
                        
                        // Mora placati ddv - cena ostane ista
                        if(UserNarocila::checkPayDDV($podjetje_davcna, $podjetje_drzava)){
                            $this->response['cena'] = $cena;
                            $this->response['ddv'] = true;
                        }
                        // Ne placa ddv - placa samo osnovo
                        else{
                            $this->response['cena'] = number_format(floatval($cena) / 1.22, 2, '.', '');
                            $this->response['ddv'] = false;
                        }                       

                        $this->response['success'] = true;
                    }
                    else {
                      $this->response['error'] = 'Napaka! Manjkajo zahtevani parametri!';
                    }

                    break;

                      // Dokoncaj narocilo ce je placano preko stripe (ko je stranka potrdila placilo preko sca)
                case 'stripe_checkout_success':

                    if(isset($this->data['narocilo_id'])){
                        $stripe = new UserNarocilaStripe($this->data['narocilo_id']);
                        $this->response = $stripe->stripeCheckoutSuccess();
                    }
                    else{
                        $this->response['error'] = 'Napaka! Manjka ID narocila!';
                        $this->response['success'] = false;
                    }  

                    break; 
                
                // Preklici narocilo za stripe (ko je stranka preklicala placilo preko sca)
                case 'stripe_checkout_cancel':

                    if(isset($this->data['narocilo_id'])){
                        $stripe = new UserNarocilaStripe($this->data['narocilo_id']);
                        $this->response = $stripe->stripeCheckoutCancel();
                    }
                    else{
                        $this->response['error'] = 'Napaka! Manjka ID narocila!';
                        $this->response['success'] = false;
                    }  

                    break;

                case 'get_lokacija':

                  global $site_path;

                  $reader = new Reader($site_path.'admin/survey/modules/mod_geoIP/db/GeoLite2-City.mmdb');
                  $podatki = $reader->city($this->data['ip']);

                  // Vrnemo ime države
                  $this->response['drzava'] =  $podatki->country->name ?? '';

                break;
            }
        }
    }

    // Sprocesiramo return
    private function processReturn(){

        $json = json_encode($this->response, true);
        
        echo $json;
    }

}