Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SAAS-973: Airtime Billing page - Add support for August promotion plans 

Made WHMCS Airtime group id a constant
Check for CSRF token on promo eligibilty ajax check
This commit is contained in:
drigato 2015-07-30 13:27:32 -04:00
parent bccba2f9d5
commit b2fbb27801
4 changed files with 27 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
airtime_mvc/application/common/Billing.php
View File

@ -1,6 +1,7 @@
<?php <?php
define("AIRTIME_PRO_FREE_TRIAL_PLAN_ID", 34); define("AIRTIME_PRO_FREE_TRIAL_PLAN_ID", 34);
define("WHMCS_AIRTIME_GROUP_ID", 15);
class Billing class Billing
{ {
@ -46,7 +47,7 @@ class Billing
$postfields["action"] = "getproducts"; $postfields["action"] = "getproducts";
$postfields["responsetype"] = "json"; $postfields["responsetype"] = "json";
//gid is the Airtime product group id on whmcs //gid is the Airtime product group id on whmcs
$postfields["gid"] = "15"; $postfields["gid"] = WHMCS_AIRTIME_GROUP_ID;
$query_string = ""; $query_string = "";
foreach ($postfields AS $k=>$v) $query_string .= "$k=".urlencode($v)."&"; foreach ($postfields AS $k=>$v) $query_string .= "$k=".urlencode($v)."&";
@ -356,7 +357,7 @@ class Billing
$postfields["action"] = "getproducts"; $postfields["action"] = "getproducts";
$postfields["responsetype"] = "json"; $postfields["responsetype"] = "json";
//gid is the Airtime product group id on whmcs //gid is the Airtime product group id on whmcs
$postfields["gid"] = "15"; $postfields["gid"] = WHMCS_AIRTIME_GROUP_ID;
$query_string = ""; $query_string = "";
foreach ($postfields AS $k=>$v) $query_string .= "$k=".urlencode($v)."&"; foreach ($postfields AS $k=>$v) $query_string .= "$k=".urlencode($v)."&";

22
airtime_mvc/application/controllers/BillingController.php
View File

@ -31,11 +31,20 @@ class BillingController extends Zend_Controller_Action {
} }
$data = $request->getPost(); $data = $request->getPost();
$eligible = Billing::isClientEligibleForPromo( $current_namespace = new Zend_Session_Namespace('csrf_namespace');
$data["newproductid"], $data["newproductbillingcycle"]); $observed_csrf_token = $this->_getParam('csrf_token');
$expected_csrf_token = $current_namespace->authtoken;
//Set the return JSON value if($observed_csrf_token == $expected_csrf_token) {
$this->_helper->json(array("result"=>$eligible)); $eligible = Billing::isClientEligibleForPromo(
$data["newproductid"], $data["newproductbillingcycle"]);
//Set the return JSON value
$this->_helper->json(array("result"=>$eligible));
} else {
$this->getResponse()->setHttpResponseCode(403);
$this->_helper->json(array("result"=>false, "error"=>"CSRF token did not match."));
}
} }
public function upgradeAction() public function upgradeAction()
@ -47,6 +56,7 @@ class BillingController extends Zend_Controller_Action {
$request = $this->getRequest(); $request = $this->getRequest();
$form = new Application_Form_BillingUpgradeDowngrade(); $form = new Application_Form_BillingUpgradeDowngrade();
if ($request->isPost()) { if ($request->isPost()) {
$formData = $request->getPost(); $formData = $request->getPost();
@ -80,8 +90,8 @@ class BillingController extends Zend_Controller_Action {
//and it freaks out and does the wrong thing if we do it via the API //and it freaks out and does the wrong thing if we do it via the API
//so we have to do avoid that. //so we have to do avoid that.
if (($currentPlanProductId == $formData["newproductid"]) && if (($currentPlanProductId == $formData["newproductid"]) &&
($currentPlanProductBillingCycle == $formData["newproductbillingcycle"])) ($currentPlanProductBillingCycle == $formData["newproductbillingcycle"])
{ ) {
$placeAnUpgradeOrder = false; $placeAnUpgradeOrder = false;
} }

5
airtime_mvc/application/forms/BillingUpgradeDowngrade.php
View File

@ -3,6 +3,11 @@ class Application_Form_BillingUpgradeDowngrade extends Zend_Form
{ {
public function init() public function init()
{ {
$csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
$csrf_element = new Zend_Form_Element_Hidden('csrf');
$csrf_element->setValue($csrf_namespace->authtoken)->setRequired('true')->removeDecorator('HtmlTag')->removeDecorator('Label');
$this->addElement($csrf_element);
$productPrices = array(); $productPrices = array();
$productTypes = array(); $productTypes = array();
list($productPrices, $productTypes) = Billing::getProductPricesAndTypes(); list($productPrices, $productTypes) = Billing::getProductPricesAndTypes();

4
airtime_mvc/application/views/scripts/billing/upgrade.phtml
View File

@ -134,7 +134,7 @@ function promoEligibilityCheck()
var newproductbillingcycle = $("input[type='radio'][name='newproductbillingcycle']:checked").val(); var newproductbillingcycle = $("input[type='radio'][name='newproductbillingcycle']:checked").val();
$.post("/billing/promo-eligibility-check", {"newproductid": newproductid, $.post("/billing/promo-eligibility-check", {"newproductid": newproductid,
"newproductbillingcycle": newproductbillingcycle}) "newproductbillingcycle": newproductbillingcycle, "csrf_token": $("#csrf").attr('value')})
.success(function(data) { .success(function(data) {
if (data.result == true) { if (data.result == true) {
$("#promo-plan-eligible").show(); $("#promo-plan-eligible").show();
@ -306,6 +306,8 @@ echo($currentProduct["name"]);
<h3>Choose a plan:</h3> <h3>Choose a plan:</h3>
<form id="<?php echo $form->getId(); ?>" method="<?php echo $form->getMethod() ?>" action="<?php echo <form id="<?php echo $form->getId(); ?>" method="<?php echo $form->getMethod() ?>" action="<?php echo
$form->getAction()?>" enctype="<?php echo $form->getEncType();?>"> $form->getAction()?>" enctype="<?php echo $form->getEncType();?>">
<?php echo $form->csrf ?>
<div id="plantype"> <div id="plantype">
<?php echo $form->newproductid ?> <?php echo $form->newproductid ?>