Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bonus credits, bug fixes #31

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

bonus credits, bug fixes #31

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c8c470e
added client credits for paying with monero
Mar 8, 2018
06ec0c4
Update monero.php
Mar 8, 2018
54dfebc
bonus credits, fixed bugs when underpaying invoice
Mar 8, 2018
6324470
Fixed multiple invoice cookie bug
Mar 8, 2018
9e7f97c
Checked compatibility with WHMCS 8.2, ensured changes wouldn't overwr…
apezio Oct 9, 2024
2a6aff7
Confirmed project compatibility with WHMCS 8.2.
apezio Oct 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 11 additions & 11 deletions modules/gateways/monero.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ function monero_Config(){
'daemon_port' => array('FriendlyName' => 'Wallet RPC Port','Type' => 'text','Default' => '18081','Description' => ''),
'daemon_user' => array('FriendlyName' => 'Wallet RPC Username','Type' => 'text','Default' => '','Description' => ''),
'daemon_pass' => array('FriendlyName' => 'Wallet RPC Password','Type' => 'text','Default' => '','Description' => ''),
'discount_percentage' => array('FriendlyName' => 'Discount Percentage','Type' => 'text','Default' => '0%','Description' => 'Percentage discount for paying with Monero.')
'bonus_percentage' => array('FriendlyName' => 'Bonus Percentage','Type' => 'text','Default' => '5%','Description' => 'Percentage Bonus for paying with Monero. Applied to clients Credit Balance.')
);
}

Expand Down Expand Up @@ -77,7 +77,6 @@ function monero_retrivePriceList($currencies = 'BTC,USD,EUR,CAD,INR,GBP,BRL') {
return $xmr_price;

}

function monero_retriveprice($currency) {
global $currency_symbol;
$xmr_price = monero_retrivePriceList('BTC,USD,EUR,CAD,INR,GBP,BRL');
Expand Down Expand Up @@ -115,6 +114,7 @@ function monero_retriveprice($currency) {
}
}


function monero_changeto($amount, $currency){
$xmr_live_price = monero_retriveprice($currency);
$live_for_storing = $xmr_live_price * 100; //This will remove the decimal so that it can easily be stored as an integer
Expand All @@ -131,8 +131,6 @@ function xmr_to_fiat($amount, $currency){
return $rounded_amount;
}



function monero_link($params){
global $currency_symbol;

Expand All @@ -143,10 +141,12 @@ function monero_link($params){

$invoiceid = $params['invoiceid'];
$amount = $params['amount'];
$discount_setting = $gateway['discount_percentage'];
$discount_percentage = 100 - (preg_replace("/[^0-9]/", "", $discount_setting));
$amount = money_format('%i', $amount * ($discount_percentage / 100));

$bonus_setting = $gateway['bonus_percentage'];
$bonus_percentage = 100 - (preg_replace("/[^0-9]/", "", $bonus_setting));
// $amount = money_format('%i', $amount * ($bonus_percentage / 100));
$currency = $params['currency'];
$client_id = $params['clientdetails']['id'];
$firstname = $params['clientdetails']['firstname'];
$lastname = $params['clientdetails']['lastname'];
$email = $params['clientdetails']['email'];
Expand All @@ -158,7 +158,6 @@ function monero_link($params){
$systemurl = $params['systemurl'];
// Transform Current Currency into Monero
$amount_xmr = monero_changeto($amount, $currency);

$post = array(
'invoice_id' => $invoiceid,
'systemURL' => $systemurl,
Expand All @@ -173,7 +172,8 @@ function monero_link($params){
'address' => $address,
'amount_xmr' => $amount_xmr,
'amount' => $amount,
'currency' => $currency
'currency' => $currency,
'client_id' => $client_id
);
$form = '<form action="' . $systemurl . '/modules/gateways/monero/createinvoice.php" method="POST">';
foreach ($post as $key => $value) {
Expand All @@ -182,8 +182,8 @@ function monero_link($params){
$form .= '<input type="submit" value="' . $params['langpaynow'] . '" />';
$form .= '</form>';
$form .= '<p>'.$amount_xmr. " XMR (". $currency_symbol . $amount . " " . $currency .')</p>';
if ($discount_setting > 0) {
$form .='<p><small>Discount Applied: ' . preg_replace("/[^0-9]/", "", $discount_setting) . '% </small></p>';
if ($bonus_setting > 0) {
$form .='<p><small>Bonus to be applied: ' . preg_replace("/[^0-9]/", "", $bonus_setting) . '% </small></p>';
}
return $form;
}
15 changes: 8 additions & 7 deletions modules/gateways/monero/createinvoice.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,15 @@
$link = $GATEWAY['daemon_host'].":".$GATEWAY['daemon_port']."/json_rpc";


function monero_payment_id(){
if(!isset($_COOKIE['payment_id'])) {
function monero_payment_id($invoice_id){
if(!isset($_COOKIE["payment_id$invoice_id"])) {
$payment_id = bin2hex(openssl_random_pseudo_bytes(8));
setcookie('payment_id', $payment_id, time()+2700);
// create one cookie per invoice_id.
setcookie("payment_id$invoice_id", $payment_id, time()+2700);
} else {
$payment_id = $_COOKIE['payment_id'];
$payment_id = $_COOKIE["payment_id$invoice_id"];
}
return $payment_id;

}

$monero_daemon = new Monero_rpc($link);
Expand All @@ -34,8 +34,9 @@ function monero_payment_id(){
$currency = stripslashes($_POST['currency']);
$amount_xmr = stripslashes($_POST['amount_xmr']);
$amount = stripslashes($_POST['amount']);
$payment_id = monero_payment_id();
$invoice_id = stripslashes($_POST['invoice_id']);
$client_id = stripslashes($_POST['client_id']);
$payment_id = monero_payment_id($invoice_id);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please improve the security of monero_payment_id function? You will be able to inject potentential and dangerous scripts.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know how to improve it. :(

$array_integrated_address = $monero_daemon->make_integrated_address($payment_id);
$address = $array_integrated_address['integrated_address'];
$uri = "monero:$address?amount=$amount_xmr";
Expand Down Expand Up @@ -127,7 +128,7 @@ className: 'spinner', // The CSS class to assign to the spinner

$.ajax({ url : 'verify.php',
type : 'POST',
data: { 'amount_xmr' : '".$amount_xmr."', 'payment_id' : '".$payment_id."', 'invoice_id' : '".$invoice_id."', 'amount' : '".$amount."', 'hash' : '".$hash."', 'currency' : '".$currency."'},
data: { 'amount_xmr' : '".$amount_xmr."', 'payment_id' : '".$payment_id."', 'invoice_id' : '".$invoice_id."', 'amount' : '".$amount."', 'hash' : '".$hash."', 'currency' : '".$currency."', 'client_id' : '".$client_id."'},
success: function(msg) {
console.log(msg);
$('#message').text(msg);
Expand Down
78 changes: 66 additions & 12 deletions modules/gateways/monero/verify.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,15 +19,15 @@
$amount = $_POST['amount'];
$hash = $_POST['hash'];
$currency = $_POST['currency'];

$client_id = $_POST['client_id'];

$secretKey = $GATEWAY['secretkey'];
$link = $GATEWAY['daemon_host'].":".$GATEWAY['daemon_port']."/json_rpc";

require_once('library.php');


function verify_payment($payment_id, $amount, $amount_xmr, $invoice_id, $fee, $status, $gatewaymodule, $hash, $secretKey, $currency){
function verify_payment($payment_id, $amount, $amount_xmr, $invoice_id, $fee, $status, $gatewaymodule, $hash, $secretKey, $currency, $client_id){
global $currency_symbol;
$monero_daemon = new Monero_rpc($link);
$check_mempool = true;
Expand All @@ -41,6 +41,7 @@ function verify_payment($payment_id, $amount, $amount_xmr, $invoice_id, $fee, $s
}
$message = "Waiting for your payment.";


//payment_id is sometimes empty

// send each monero tx in the mempool to handle_whmcs
Expand All @@ -51,7 +52,7 @@ function verify_payment($payment_id, $amount, $amount_xmr, $invoice_id, $fee, $s
$txn_txid = $transactions["txid"];
$txn_payment_id = $transactions["payment_id"];
if(isset($txn_amt)) {
return handle_whmcs($invoice_id, $amount_xmr, $txn_amt, $txn_txid, $txn_payment_id, $payment_id, $currency, $gatewaymodule);
return handle_whmcs($invoice_id, $amount_xmr, $txn_amt, $txn_txid, $txn_payment_id, $payment_id, $currency, $gatewaymodule, $client_id);
}
}
}
Expand All @@ -62,7 +63,7 @@ function verify_payment($payment_id, $amount, $amount_xmr, $invoice_id, $fee, $s
$txn_txid = $transactions["tx_hash"];
$txn_payment_id = $transactions["payment_id"];
if(isset($txn_amt)) {
return handle_whmcs($invoice_id, $amount_xmr, $txn_amt, $txn_txid, $txn_payment_id, $payment_id, $currency, $gatewaymodule);
return handle_whmcs($invoice_id, $amount_xmr, $txn_amt, $txn_txid, $txn_payment_id, $payment_id, $currency, $gatewaymodule, $client_id);
}
}
} else {
Expand All @@ -71,7 +72,8 @@ function verify_payment($payment_id, $amount, $amount_xmr, $invoice_id, $fee, $s
return $message;
}

function handle_whmcs($invoice_id, $amount_xmr, $txn_amt, $txn_txid, $txn_payment_id, $payment_id, $currency, $gatewaymodule) {
function handle_whmcs($invoice_id, $amount_xmr, $txn_amt, $txn_txid, $txn_payment_id, $payment_id, $currency, $gatewaymodule, $client_id) {
global $currency_symbol;
$amount_atomic_units = $amount_xmr * 1000000000000;

//check if monero tx already exists in whmcs
Expand All @@ -82,19 +84,57 @@ function handle_whmcs($invoice_id, $amount_xmr, $txn_amt, $txn_txid, $txn_paymen
//check one more time then add the payment if the transaction has not been added.
checkCbTransID($txn_txid);
$fiat_paid = xmr_to_fiat($txn_amt, $currency);
add_payment("AddInvoicePayment", $invoice_id, $txn_txid, $gatewaymodule, $fiat_paid, $txn_amt / 1000000000000, $payment_id, $fee);
add_payment("AddInvoicePayment", $invoice_id, $txn_txid, $gatewaymodule, $fiat_paid, $txn_amt / 1000000000000, $payment_id, $fee, $client_id);
}
// add 2% when doing the comparison in case of price fluctuations?
if ($txn_amt * 1.02 >= $amount_atomic_units) {

// add 3% when doing the comparison in case of price fluctuations?
if ($txn_amt * 1.03 >= $amount_atomic_units) {
// check if invoice has been marked as paid, if not, mark Paid. WHMCS normally wont mark as Paid if the amount isnt at least exactly the invoice due amount, which would stop service deployments due to WHCMS thinking a few cents were missing.
$command = 'GetInvoice';
$postData = array(
'invoiceid' => $invoice_id,
);
$results = localAPI($command, $postData, $adminUsername);
if ($results['status'] == "Unpaid") {
$postData = array(
'action' => "UpdateInvoice",
'invoiceid' => $invoice_id,
'status' => "Paid",
);
$results = localAPI("UpdateInvoice", $postData, $adminUsername);
}
return "Payment has been received.";
} else {
return "Error: Amount " . $txn_amt / 1000000000000 . " XMR too small. Please send full amount or contact customer service. Transaction ID: " . $txn_txid . ". Payment ID: " . $payment_id;

//check invoice balance
$command = 'GetInvoice';
$postData = array(
'invoiceid' => $invoice_id,
);
$results = localAPI($command, $postData, $adminUsername);
$invoice_balance = $results['balance'];
// if invoice balance is below 25 cents mark as paid
if ($invoice_balance <= ".25") {
$postData = array(
'action' => "UpdateInvoice",
'invoiceid' => $invoice_id,
'status' => "Paid",
);
$results = localAPI("UpdateInvoice", $postData, $adminUsername);
return "Payment has been received.";
}
$money_balance = money_format('%i', $invoice_balance);
$xmr_remaining = monero_changeto($money_balance, $currency);

return "Error: We received " . $txn_amt / 1000000000000 . " XMR but the remaining balance is still $currency_symbol$money_balance. Please send the remaining $xmr_remaining XMR. Transaction ID: " . $txn_txid . ". Payment ID: " . $payment_id;
}
}
}


function add_payment($command, $invoice_id, $txn_txid, $gatewaymodule, $fiat_paid, $amount_xmr, $payment_id, $fee) {
function add_payment($command, $invoice_id, $txn_txid, $gatewaymodule, $fiat_paid, $amount_xmr, $payment_id, $fee, $client_id) {
$GATEWAY = getGatewayVariables($gatewaymodule);

$postData = array(
'action' => $command,
'invoiceid' => $invoice_id,
Expand All @@ -105,10 +145,23 @@ function add_payment($command, $invoice_id, $txn_txid, $gatewaymodule, $fiat_pai
'paymentid' => $payment_id,
'fees' => $fee,
);
// Add the invoice payment - either of the next two lines work
// Add the invoice payment - either line below would work
// $results = localAPI($command, $postData, $adminUsername);
addInvoicePayment($invoice_id,$txn_txid,$fiat_paid,$fee,$gatewaymodule);
logTransaction($gatewaymodule, $postData, "Success: ".$message);


$bonus_percent = $GATEWAY['bonus_percentage'];

if ($bonus_percent > 0) {
$command = 'AddCredit';
$postData = array(
'clientid' => $client_id,
'description' => "Bonus Credit for paying with Monero on Invoice #$invoice_id via txid $txn_txid",
'amount' => money_format('%i', $fiat_paid * ($bonus_percent / 100)),
);
$results = localAPI($command, $postData, $adminUsername);
}
}


Expand All @@ -123,5 +176,6 @@ function stop_payment($payment_id, $amount, $invoice_id, $fee, $link){
}
} */

$vefiry = verify_payment($payment_id, $amount, $amount_xmr, $invoice_id, $fee, $status, $gatewaymodule, $hash, $secretKey, $currency);

$vefiry = verify_payment($payment_id, $amount, $amount_xmr, $invoice_id, $fee, $status, $gatewaymodule, $hash, $secretKey, $currency, $client_id);
echo $vefiry;