| Index: branches/fundraising/deployment/DonationInterface/payflowpro_gateway/payflowpro_gateway.body.php |
| — | — | @@ -56,11 +56,6 @@ |
| 57 | 57 | $wgPayFlowProGatewayCSSVersion, $wgPayflowGatewayPaypalURL, |
| 58 | 58 | $wgPayflowGatewaySalt; |
| 59 | 59 | |
| 60 | | - session_cache_limiter( 'nocache' ); |
| 61 | | - $this->fnPayflowEnsureSession(); |
| 62 | | - $this->setHeaders(); |
| 63 | | - |
| 64 | | - |
| 65 | 60 | $wgOut->addExtensionStyle( |
| 66 | 61 | "{$wgScriptPath}/extensions/DonationInterface/payflowpro_gateway/payflowpro_gateway.css?284" . |
| 67 | 62 | $wgPayFlowProGatewayCSSVersion); |
| — | — | @@ -85,10 +80,15 @@ |
| 86 | 81 | |
| 87 | 82 | $wgOut->addScript( Skin::makeVariablesScript( $scriptVars ) ); |
| 88 | 83 | |
| 89 | | - // establish the edit token to prevent csrf |
| 90 | | - $token = $this->fnPayflowEditToken( $wgPayflowGatewaySalt ); //$wgUser->editToken( 'mrxc877668DwQQ' ); |
| 91 | | - |
| 92 | | - |
| | 84 | + $js = <<<EOT |
| | 85 | +<script type="text/javascript"> |
| | 86 | +jQuery(document).ready(function() { |
| | 87 | + jQuery("div#p-logo a").attr("href","#"); |
| | 88 | +}); |
| | 89 | +</script> |
| | 90 | +EOT; |
| | 91 | + $wgOut->addHeadItem( 'logolinkoverride', $js ); |
| | 92 | + |
| 93 | 93 | // find out if amount was a radio button or textbox, set amount |
| 94 | 94 | if( isset( $_REQUEST['amount'] ) && preg_match( '/^\d+(\.(\d+)?)?$/', $wgRequest->getText( 'amount' ) ) ) { |
| 95 | 95 | $amount = $wgRequest->getText( 'amount' ); |
| — | — | @@ -109,14 +109,32 @@ |
| 110 | 110 | require_once( 'includes/payflowUser.inc' ); |
| 111 | 111 | |
| 112 | 112 | $payflow_data = payflowUser(); |
| | 113 | + |
| | 114 | + // if _cache_ is requested by the user, do not set a session/token; dynamic data will be loaded via ajax |
| | 115 | + if ( $wgRequest->getText( '_cache_', false ) ) { |
| | 116 | + $cache = true; |
| | 117 | + $token = ''; |
| | 118 | + $token_match = false; |
| | 119 | + } else { |
| | 120 | + $cache = false; |
| | 121 | + |
| | 122 | + // make sure we have a session open for tracking a CSRF-prevention token |
| | 123 | + $this->fnPayflowEnsureSession(); |
| | 124 | + |
| | 125 | + // establish the edit token to prevent csrf |
| | 126 | + $token = self::fnPayflowEditToken( $wgPayflowGatewaySalt ); |
| 113 | 127 | |
| | 128 | + // match token |
| | 129 | + $token_check = ( $wgRequest->getText( 'token' ) ) ? $wgRequest->getText( 'token' ) : $token; |
| | 130 | + $token_match = $this->fnPayflowMatchEditToken( $token_check, $wgPayflowGatewaySalt ); |
| | 131 | + } |
| | 132 | + |
| | 133 | + $this->setHeaders(); |
| | 134 | + |
| 114 | 135 | // Populate form data |
| 115 | 136 | $data = $this->fnGetFormData( $amount, $numAttempt, $token, $payflow_data['order_id'] ); |
| 116 | 137 | |
| 117 | | - // Check form for errors and display |
| 118 | | - // match token |
| 119 | | - $token_check = ( $wgRequest->getText( 'token' ) ) ? $wgRequest->getText( 'token' ) : $token; |
| 120 | | - $token_match = $this->fnPayflowMatchEditToken( $token_check, $wgPayflowGatewaySalt ); |
| | 138 | + // dispatch forms/handling |
| 121 | 139 | if( $token_match ) { |
| 122 | 140 | /** |
| 123 | 141 | * handle PayPal redirection |
| — | — | @@ -177,8 +195,10 @@ |
| 178 | 196 | $this->fnPayflowDisplayForm( $data, $this->errors ); |
| 179 | 197 | } |
| 180 | 198 | } else { |
| 181 | | - // there's a token mismatch |
| 182 | | - $this->errors['general']['token-mismatch'] = wfMsg( 'payflowpro_gateway-token-mismatch' ); |
| | 199 | + if ( !$cache ) { |
| | 200 | + // if we're not caching, there's a token mismatch |
| | 201 | + $this->errors['general']['token-mismatch'] = wfMsg( 'payflowpro_gateway-token-mismatch' ); |
| | 202 | + } |
| 183 | 203 | $this->fnPayflowDisplayForm( $data, $this->errors ); |
| 184 | 204 | } |
| 185 | 205 | } |
| — | — | @@ -1047,8 +1067,13 @@ |
| 1048 | 1068 | $tracked_contribution[$key] = null; |
| 1049 | 1069 | } |
| 1050 | 1070 | } |
| 1051 | | - |
| 1052 | | - $db->update( 'contribution_tracking', $tracked_contribution, array( 'id' => $data[ 'contribution_tracking_id' ] )); |
| | 1071 | + |
| | 1072 | + // if contrib tracking id is not already set, we need to insert the data, otherwise update |
| | 1073 | + if ( !$data[ 'contribution_tracking_id' ] ) { |
| | 1074 | + $data[ 'contribution_tracking_id' ] = $this->insertContributionTracking( $tracked_contribution ); |
| | 1075 | + } else { |
| | 1076 | + $db->update( 'contribution_tracking', $tracked_contribution, array( 'id' => $data[ 'contribution_tracking_id' ] )); |
| | 1077 | + } |
| 1053 | 1078 | } |
| 1054 | 1079 | |
| 1055 | 1080 | /** |
| Index: branches/fundraising/deployment/DonationInterface/payflowpro_gateway/forms/Form.php |
| — | — | @@ -634,4 +634,65 @@ |
| 635 | 635 | $form .= '</tr>'; |
| 636 | 636 | return $form; |
| 637 | 637 | } |
| 638 | | -} |
| \ No newline at end of file |
| | 638 | + |
| | 639 | + protected function loadValidateJs() { |
| | 640 | + global $wgOut, $wgScriptPath; |
| | 641 | + $wgOut->addHeadItem( 'validatescript', '<script type="text/javascript" src="' . |
| | 642 | + $wgScriptPath . |
| | 643 | + '/extensions/DonationInterface/payflowpro_gateway/validate_input.js?284"></script>' ); |
| | 644 | + } |
| | 645 | + |
| | 646 | + protected function loadApiJs() { |
| | 647 | + global $wgOut, $wgScriptPath; |
| | 648 | + $wgOut->addHeadItem( 'pfp_api_call', '<script type="text/javascript" src="' . |
| | 649 | + $wgScriptPath . |
| | 650 | + '/extensions/DonationInterface/payflowpro_gateway/pfp_api_controller.js?284"></script>' ); |
| | 651 | + } |
| | 652 | + |
| | 653 | + /** |
| | 654 | + * Generate HTML for <noscript> tags |
| | 655 | + * |
| | 656 | + * For displaying when a user does not have Javascript enabled in their browser. |
| | 657 | + */ |
| | 658 | + protected function getNoScript() { |
| | 659 | + global $wgPayflowGatewayNoScriptRedirect; |
| | 660 | + |
| | 661 | + $form = '<noscript>'; |
| | 662 | + $form .= '<div id="noscript">'; |
| | 663 | + $form .= '<p id="noscript-msg">' . wfMsg( 'payflowpro_gateway-noscript-msg' ) . '</p>'; |
| | 664 | + if ( $wgPayflowGatewayNoScriptRedirect ) { |
| | 665 | + $form .= '<p id="noscript-redirect-msg">' . wfMsg( 'payflowpro_gateway-noscript-redirect-msg' ) . '</p>'; |
| | 666 | + $form .= '<p id="noscript-redirect-link"><a href="' . $wgPayflowGatewayNoScriptRedirect . '">' . $wgPayflowGatewayNoScriptRedirect . '</a></p>'; |
| | 667 | + } |
| | 668 | + $form .= '</div>'; |
| | 669 | + $form .= '</noscript>'; |
| | 670 | + return $form; |
| | 671 | + } |
| | 672 | + |
| | 673 | + /** |
| | 674 | + * Determine the 'no cache' form action |
| | 675 | + * |
| | 676 | + * This mostly exists to ensure that the form does not try to use AJAX to |
| | 677 | + * overwrite certain hidden form params that are normally overwitten for |
| | 678 | + * cached versions of the form. |
| | 679 | + * @return string $url The full URL for the form to post to |
| | 680 | + */ |
| | 681 | + protected function getNoCacheAction() { |
| | 682 | + global $wgRequest, $wgTitle; |
| | 683 | + |
| | 684 | + $url = $wgRequest->getFullRequestURL(); |
| | 685 | + $url_parts = wfParseUrl( $url ); |
| | 686 | + $query_array = wfCgiToArray( $url_parts[ 'query' ] ); |
| | 687 | + |
| | 688 | + // ensure that _cache_ does not get set in the URL |
| | 689 | + unset( $query_array[ '_cache_' ]); |
| | 690 | + |
| | 691 | + // make sure no other data that might overwrite posted data makes it into the URL |
| | 692 | + foreach ( $this->form_data as $key => $value ) { |
| | 693 | + unset( $query_array[ $key ] ); |
| | 694 | + } |
| | 695 | + |
| | 696 | + // construct the submission url |
| | 697 | + return wfAppendQuery( $wgTitle->getLocalURL(), $query_array ); |
| | 698 | + } |
| | 699 | +} |
| Index: branches/fundraising/deployment/DonationInterface/payflowpro_gateway/pfp_api_controller.js |
| — | — | @@ -0,0 +1,31 @@ |
| | 2 | +( function( $ ) { |
| | 3 | + $.getDynamicFormElements = function(){ |
| | 4 | + var tracking_data = {"url": escape(window.location), "pageref": escape(document.referrer)}; |
| | 5 | + |
| | 6 | + var processFormElements = function (data, status){ |
| | 7 | + $('input[name=orderid]').val(data['dynamic_form_elements']['orderid']); |
| | 8 | + $('input[name=token]').val(data['dynamic_form_elements']['token']); |
| | 9 | + $('input[name=contribution_tracking_id]').val(data['dynamic_form_elements']['contribution_tracking_id']); |
| | 10 | + $('input[name=utm_source]').val(data['dynamic_form_elements']['tracking_data']['utm_source']); |
| | 11 | + $('input[name=utm_medium]').val(data['dynamic_form_elements']['tracking_data']['utm_medium']); |
| | 12 | + $('input[name=utm_campaign]').val(data['dynamic_form_elements']['tracking_data']['utm_campaign']); |
| | 13 | + $('input[name=referrer]').val(data['dynamic_form_elements']['tracking_data']['referrer']); |
| | 14 | + $('input[name=language]').val(data['dynamic_form_elements']['tracking_data']['language']); |
| | 15 | + }; |
| | 16 | + |
| | 17 | + $.post( wgScriptPath + '/api.php?' + Math.random() , { |
| | 18 | + 'action' : 'pfp', |
| | 19 | + 'dispatch' : 'get_required_dynamic_form_elements', |
| | 20 | + 'format' : 'json', |
| | 21 | + 'tracking_data' : '{"url": "'+escape(window.location)+'", "pageref": "'+escape(document.referrer)+'"}' |
| | 22 | + }, processFormElements, 'json' ); |
| | 23 | + }; |
| | 24 | + |
| | 25 | + return $( this ); |
| | 26 | + |
| | 27 | +} )( jQuery ); |
| | 28 | + |
| | 29 | +// Do not fire the AJAX request if _nocache_ is set or we are not using a single-step form (known by lack of utm_source_id) |
| | 30 | +if( String(window.location).indexOf( '_cache_' ) != -1 && String(window.location).indexOf( 'utm_source_id' ) != -1){ |
| | 31 | + jQuery( document ).ready( jQuery.getDynamicFormElements ); |
| | 32 | +} |
| \ No newline at end of file |
| Property changes on: branches/fundraising/deployment/DonationInterface |
| ___________________________________________________________________ |
| Added: svn:mergeinfo |
| 1 | 33 | Merged /trunk/extensions/DonationInterface:r74968-74989 |