config["webui"]['api_ip_auth'];
// recipient email to send the alarm
$email_alarm = EMAIL_ADMIN;
// display debug
$FG_DEBUG = 0;
getpost_ifset(array('key', 'productid', 'createfriend', 'forceid', 'lastname', 'firstname', 'address', 'city', 'state', 'country', 'zipcode', 'phone', 'email', 'fax'));
$list_params = "productid=$productid [createfriend=$createfriend;forceid=$forceid;lastname=$lastname;firstname=$firstname;address=$address;city=$city;state=$state;country=$country;country=$country;zipcode=$zipcode;phone=$phone;email=$email;fax=$fax";
if ($FG_DEBUG > 0) echo ("Request asked: $list_params]");
write_log(LOGFILE_API_ECOMMERCE, "Request asked: $list_params]");
$mail_content = "Request asked: $list_params]";
// Wrapper IP
$ip_remote = getenv('REMOTE_ADDR');
if (!in_array($ip_remote,$IP_AUTH))
{
mail($email_alarm, "ALARM : API (IP_AUTH:$ip_remote) . CODE_ERROR 1", $mail_content);
if ($FG_DEBUG > 0) echo ("[productid=$productid - ip_remote=$ip_remote] CODE_ERROR 1");
write_log(LOGFILE_API_ECOMMERCE, "[productid=$productid] CODE_ERROR 1");
echo("400 Bad Request");
exit();
}
// CHECK KEY
if ($FG_DEBUG > 0) echo "
md5(".md5($security_key).") !== $key";
if (md5($security_key) !== $key || strlen($security_key)==0)
{
mail($email_alarm, "ALARM : API - CODE_ERROR 2", $mail_content);
if ($FG_DEBUG > 0) echo ("[productid=$productid] - CODE_ERROR 2");
write_log(LOGFILE_API_ECOMMERCE, "[productid=$productid] - CODE_ERROR 2");
echo("400 Bad Request");
exit();
}
// CHECK PRODUCTID
if (!is_numeric($productid) || $productid<0)
{
mail($email_alarm, "ALARM : API - CODE_ERROR 3", $mail_content);
if ($FG_DEBUG > 0) echo ("[productid=$productid] - CODE_ERROR 3");
write_log (LOGFILE_API_ECOMMERCE, "[productid=$productid] - CODE_ERROR 3");
echo("400 Bad Request");
exit();
}
// CHECK FORCEID
if (strlen($forceid)>0 && !is_numeric($forceid))
{
mail($email_alarm, "ALARM : API - CODE_ERROR 5 - forceid=[$forceid]", $mail_content);
if ($FG_DEBUG > 0) echo ("[$forceid] - CODE_ERROR 5");
write_log (LOGFILE_API_ECOMMERCE, "[$forceid] - CODE_ERROR 5");
echo("400 Bad Request");
exit();
}
// CHECK LASTNAME ; FIRSTNAME ; ADDRESS ; ....
if (strlen($lastname)>40 || strlen($firstname)>40 || strlen($address)>100 || strlen($city)>40 || strlen($state)>40 || strlen($country)>40 || strlen($zipcode)>40 || strlen($phone)>40 || strlen($email)>60 || strlen($fax)>40)
{
mail($email_alarm, "ALARM : API - CODE_ERROR 6 - [$lastname;$firstname;$address;$city;$state;$country;$zipcode;$phone;$email;$fax]", $mail_content);
if ($FG_DEBUG > 0) echo (
"[$lastname;$firstname;$address;$city;$state;$country;$zipcode;$phone;$email;$fax] - CODE_ERROR 6");
write_log (LOGFILE_API_ECOMMERCE, "[$lastname;$firstname;$address;$city;$state;$country;$zipcode;$phone;$email;$fax] - CODE_ERROR 6");
echo("400 Bad Request");
exit();
}
// CHECK EMAIL FORMAT
if (!ereg($regular[1][0], $email)){
mail($email_alarm, "ALARM : API - CODE_ERROR 7 - email=[$email]", $mail_content);
if ($FG_DEBUG > 0) echo ("[$email] - CODE_ERROR 7");
write_log (LOGFILE_API_ECOMMERCE, "[$email] - CODE_ERROR 7");
echo("400 Bad Request");
exit();
}
if ($FG_DEBUG > 0) echo "
INPUT CHECK CORRECT
";
$DBHandle = DbConnect();
$FG_TABLE_NAME = 'cc_ecommerce_product, cc_templatemail';
$instance_table = new Table($FG_TABLE_NAME, $FG_QUERY_EDITION);
$ec_prod = get_productinfo($DBHandle, $instance_table, $productid, $email_alarm, $mail_content, $logfile);
if ($FG_DEBUG > 0) echo "GET_PRODUCTINFO
";
if ($FG_DEBUG > 0) print_r($ec_prod);
// Create new account
$FG_ADITION_SECOND_ADD_TABLE = "cc_card";
$FG_ADITION_SECOND_ADD_FIELDS = "username, useralias, credit, tariff, id_didgroup, activated, lastname, firstname, email, address, city, state, country, zipcode, phone, userpass, simultaccess, currency, typepaid, creditlimit, language, runservice, enableexpire, uipass, sip_buddy, iax_buddy";
$gen_id = time();
$arr_card_alias = gen_card_with_alias('cc_card', 1);
$cardnum = $arr_card_alias[0];
$useralias = $arr_card_alias[1];
$uipass = MDP_STRING();
// 0 product_name, creationdate, description, expirationdate, enableexpire, expiredays, credit, tariff, id_didgroup, activated, simultaccess,
// 11 currency, typepaid, creditlimit, language, runservice, sip_friend, iax_friend, cc_ecommerce_product.mailtype, fromemail, fromname,
// 21 subject, messagetext, messagehtml
if ($forceid>0){
// FORCE THE INSERT WITH A DEFINED ID
$instance_sub_table = new Table($FG_ADITION_SECOND_ADD_TABLE, 'id, '.$FG_ADITION_SECOND_ADD_FIELDS);
$FG_ADITION_SECOND_ADD_VALUE = "'$forceid', '$cardnum', '$useralias', '".$ec_prod[6]."', '".$ec_prod[7]."', '".$ec_prod[8]."', 't', '$lastname', '$firstname', '$email', '$address', '$city', '$state', '$country', '$zipcode', '$phone', '$cardnum', ".$ec_prod[10].", '".$ec_prod[11]."', '".$ec_prod[12]."', '".$ec_prod[13]."', '".$ec_prod[14]."', ".$ec_prod[15].", 0, '$uipass', ".$ec_prod[16].", ".$ec_prod[17]."";
}else{
// LEAVE THE AUTO INCREMENT FOR THE ID
$instance_sub_table = new Table($FG_ADITION_SECOND_ADD_TABLE, $FG_ADITION_SECOND_ADD_FIELDS);
$FG_ADITION_SECOND_ADD_VALUE = "'$cardnum', '$useralias', '".$ec_prod[6]."', '".$ec_prod[7]."', '".$ec_prod[8]."', 't', '$lastname', '$firstname', '$email', '$address', '$city', '$state', '$country', '$zipcode', '$phone', '$cardnum', ".$ec_prod[10].", '".$ec_prod[11]."', '".$ec_prod[12]."', '".$ec_prod[13]."', '".$ec_prod[14]."', ".$ec_prod[15].", 0, '$uipass', ".$ec_prod[16].", ".$ec_prod[17]."";
}
$result_query = $instance_sub_table -> Add_table ($DBHandle, $FG_ADITION_SECOND_ADD_VALUE, null, null, 'id');
if (!$result_query){
if ($FG_DEBUG > 0) echo "
ALARM : API (Add_table)", "$FG_ADITION_SECOND_ADD_VALUE